BETA

Activities of Cecilia WIKSTRÖM related to 2017/0352(COD)

Shadow reports (1)

REPORT on the amended proposal for a regulation of the European Parliament and of the Council on establishing a framework for interoperability between EU information systems (police and judicial cooperation, asylum and migration) and amending Regulation (EU) 2018/XX [the Eurodac Regulation], Regulation (EU) 2018/XX [the Regulation on SIS in the field of law enforcement], Regulation (EU) 2018/XX [the ECRIS-TCN Regulation] and Regulation (EU) 2018/XX [the eu-LISA Regulation] PDF (1 MB) DOC (218 KB)
2016/11/22
Committee: LIBE
Dossiers: 2017/0352(COD)
Documents: PDF(1 MB) DOC(218 KB)

Amendments (57)

Amendment 213 #
Proposal for a regulation
Recital 12 a (new)
(12a) Children and vulnerable persons merit specific protection with regard to their personal data, as they may be less aware of the risks, consequences and safeguards concerned and their rights in relation to the processing of personal data. The interoperability components should pay particular attention to the protection of children and ensure that their rights and integrity are being fully respected.
2018/07/24
Committee: LIBE
Amendment 258 #
Proposal for a regulation
Recital 27
(27) In order to ensure the correct identification of a person, Member State authorities competent for preventing and combating irregular migration and competent authorities within the meaning of Article 3(7) of Directive 2016/680 should be allowed to query the common identity repository (CIR) with the biometric data of that person taken during an identity check. Such query should be carried out in principle in the presence of the person, solely where a Member State police authority was unable to identify a person on the basis of a travel document or with the identity data provided by that person following rules and procedures provided for in national law or where there are doubts as to the authenticity of the travel document or the identity of its holder or where the person is unable or refuses to cooperate, or where there are reasonable grounds to believe that the person is not telling the truth about his or her identity. Such query should not be allowed against minors under the age of 12 years old.
2018/07/24
Committee: LIBE
Amendment 259 #
Proposal for a regulation
Recital 27 a (new)
(27a) In order to identify unknown persons who are not able to identify themselves or unidentified human remains, in the event of a disaster or an accident, Member States should be allowed to query the CIR with the biometric data of those persons.
2018/07/24
Committee: LIBE
Amendment 321 #
Proposal for a regulation
Recital 55
(55) To support the purposes of statistics and reporting, it is necessary to grant access to authorised staff of the competent authorities, institutions and bodies identified in this Regulation and the integration of the existing national systems and infrastructures with those components to consult certain data related to certain interoperability components without enabling individual identification.
2018/07/24
Committee: LIBE
Amendment 328 #
Proposal for a regulation
Recital 57 a (new)
(57a) It would be appropriate that, during the development phase of the interoperability components, the Commission assess the necessity of further harmonisation of national systems and infrastructures of Member States at external borders. Those recommendations should also include an impact assessment and an assessment on their cost for the EU budget.
2018/07/24
Committee: LIBE
Amendment 344 #
Proposal for a regulation
Article 1 – paragraph 1
1. This Regulation, together with [Regulation 2018/xx on interoperability borders and visa], establishes a framework to ensure the interoperability between the Entry/Exit System (EES), the Visa Information System (VIS), [the European Travel Information and Authorisation System (ETIAS)], Eurodac, the Schengen Information System (SIS), and [the European Criminal Records Information System for third-country nationals (ECRIS-TCN)] in order for those systems and data contained in those systems to supplement each other.
2018/07/24
Committee: LIBE
Amendment 377 #
Proposal for a regulation
Article 2 – paragraph 2 – point c a (new)
(ca) improving judicial cooperation in the areas of freedom, security and justice;
2018/07/24
Committee: LIBE
Amendment 383 #
Proposal for a regulation
Article 2 – paragraph 2 – point e a (new)
(ea) contribute to the prevention, detection and investigation of terrorist offences or of other serious criminal offences.
2018/07/24
Committee: LIBE
Amendment 416 #
Proposal for a regulation
Article 5 – title
5 Non-discrimination and fundamental rights
2018/07/24
Committee: LIBE
Amendment 418 #
Proposal for a regulation
Article 5 – paragraph 1
The protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union (the ‘Charter’) and Article 16(1) of the Treaty on the Functioning of the European Union (TFEU) provide that everyone has the right to the protection of personal data concerning him or her. Processing of personal data for the purposes of this Regulation by any user shall not result in discrimination against persons on any grounds such as sex, colour, social, racial or ethnic origin, religion or belief, disability, age or sexual orientation. It shall fully respect human dignity and integritypolitical or any other opinion, membership of a national minority, property, birth, genetic features, language, disability, age or sexual orientation. It shall fully respect human dignity and integrity and fundamental rights, including the right to respect for one’s private life and to the protection of personal data. Particular attention shall be paid to children, the elderly and persons with a disability. The best interests of the child shall be a primary consideration.
2018/07/24
Committee: LIBE
Amendment 429 #
Proposal for a regulation
Article 6 – paragraph 1
1. A European search portal (ESP) is established for the purposes of ensuring that Member State authorities and EU bodies have fast, seamless, efficient, systematic and controlled access to the EU information systems, the Europol data and the Interpol databases that they need to perform their tasks in accordance with their access rights and of supporting the objectives of the EES, the VIS, [the ETIAS], Eurodac, the SIS, [the ECRIS- TCN system] and the Europol data, while fully respecting the principles of necessity and proportionality.
2018/07/24
Committee: LIBE
Amendment 464 #
6. The reply to the user of the ESP shall be unique and shall contain all the data to which the user has access under Union law. Where necessary, the reply provided by the ESP shall indicate to which information system or database the data belongs.
2018/07/24
Committee: LIBE
Amendment 469 #
Proposal for a regulation
Article 10 – paragraph 1 – point a
(a) the Member State authority or EU bodies and the individual user of the ESP, including the ESP profile used as referred to in Article 8;
2018/07/23
Committee: LIBE
Amendment 474 #
Proposal for a regulation
Article 10 – paragraph 1 a (new)
1a. Each Member State and EU body shall keep logs of queries of the authority and the staff duly authorised to use the ESP.
2018/07/23
Committee: LIBE
Amendment 478 #
Proposal for a regulation
Article 10 – paragraph 2
2. The logs may be used only for data protection monitoring, including checking the admissibility of a query and the lawfulness of data processing, and for ensuring datafor self- monitoring, and for ensuring the proper functioning and the data integrity and security pursuant to Article 42. Those logs shall be protected by appropriate measures against unauthorised access and erased onetwo years after their creation, unless they are required for monitoring procedures that have already begun.
2018/07/23
Committee: LIBE
Amendment 482 #
Proposal for a regulation
Article 11 – paragraph 1
1. Where it is technically impossible to use the ESP to query one or several EU information systems referred to in Article 9(1) or the CIR, because of a failure of the ESP, the users of the ESP shall immediately be notified by eu-LISA.
2018/07/23
Committee: LIBE
Amendment 485 #
Proposal for a regulation
Article 11 – paragraph 2
2. Where it is technically impossible to use the ESP to query one or several EU information systems referred to in Article 9(1) or the CIR, because of a failure of the national infrastructure in a Member State, that Member State's competent authority shall immediately notify eu-LISA and the Commission.
2018/07/23
Committee: LIBE
Amendment 486 #
Proposal for a regulation
Article 11 – paragraph 2 a (new)
2a. Where it is technically impossible to use the ESP to query one or several EU information systems referred to in Article 9(1) or the CIR, because of a failure of the infrastructure of an EU body, that EU body shall immediately notify eu-LISA and the Commission.
2018/07/23
Committee: LIBE
Amendment 493 #
Proposal for a regulation
Article 12 – paragraph 1
1. A shared biometric matching service (shared BMS) storing biometric templates and enabling querying with biometric data across several EU information systems is established for the purposes of supporting the CIR and the multiple-identity detector and the objectives of the EES, the VIS, Eurodac, the SIS and [the ECRIS-TCN system], while fully respecting the principles of necessity and proportionality.
2018/07/23
Committee: LIBE
Amendment 506 #
Proposal for a regulation
Article 13 – paragraph 1 – point d
(d) the data referred to in Article 20(3)(w) and (x) of the Regulation on SIS in the field of law enforcement;deleted
2018/07/23
Committee: LIBE
Amendment 532 #
Proposal for a regulation
Article 16 – paragraph 2
2. The logs may be used only for data protection monitoring, including checking the admissibility of a query and the lawfulness of data processing, and for ensuring data security pursuant to Article 42. Those logs shall be protected by appropriate measures against unauthorised access and erased onetwo years after their creation, unless they are required for monitoring procedures that have already begun. The logs referred to in paragraph 1(a) shall be erased once the data is erased.
2018/07/23
Committee: LIBE
Amendment 538 #
Proposal for a regulation
Article 17 – paragraph 1
1. A common identity repository (CIR), creating an individual file for each person that is recorded in the EES, the VIS, [the ETIAS], Eurodac or [the ECRIS-TCN system] containing the data referred to in Article 18, is established for the purpose of facilitating and assisting the correct identification of persons registered in the EES, the VIS, [the ETIAS], the Eurodac and [the ECRIS-TCN system], of supporting the functioning of the multiple- identity detector and of facilitating and streamlining access by law enforcement authorities to non-law enforcement information systems at EU level, where necessary for the prevention, investigation, detection or prosecution of serious crime, while fully respecting the principles of necessity and proportionality.
2018/07/23
Committee: LIBE
Amendment 539 #
Proposal for a regulation
Article 17 – paragraph 3 a (new)
3a. Where it is technically impossible to query the CIR for the purpose of identifying a person pursuant Article 20, for the detection of multiple identities pursuant Article 21 or for law enforcement purposes pursuant Article 22, because of a failure of the CIR, the users of the CIR shall be immediately notified by eu-LISA.
2018/07/23
Committee: LIBE
Amendment 553 #
Proposal for a regulation
Article 20 – paragraph 1 – subparagraph 1
Where a Member State police authority has been so empowered by national legislative measures as referred to in paragraph 2, it may, solely for the purpose of identifying a person, query the CIR with the biometric data of that person taken during an identity check. Such query may be carried out in principle in the presence of the person, solely where a Member State police authority was unable to identify a person on the basis of a travel document or with the identity data provided by that person following rules and procedures provided for in national law or where there are doubts as to the authenticity of the travel document or the identity of its holder or where the person is unable or refuse to cooperate, or where there are reasonable grounds to believe that the person is not telling the truth about his or her identity. Such query shall not be allowed against minors under the age of 12 years old.
2018/07/23
Committee: LIBE
Amendment 559 #
Proposal for a regulation
Article 20 – paragraph 1 a (new)
1a. Where a Member State police authority has been so empowered by national legislative measures as referred to in paragraph 2, it may, solely for the purpose of identifying unknown persons who are not able to identify themselves or unidentified human remains, in the event of a disaster or an accident query the CIR with the biometric data of those persons.
2018/07/23
Committee: LIBE
Amendment 588 #
Proposal for a regulation
Article 24 – paragraph 4 – subparagraph 1 – point a
(a) the national file referencreference to the national investigation or case;
2018/07/23
Committee: LIBE
Amendment 591 #
Proposal for a regulation
Article 24 – paragraph 4 – subparagraph 1 – point e
(e) the name of the authorityindividual and unique user identifiers of both the competent authority and the person consulting the CIR;
2018/07/23
Committee: LIBE
Amendment 592 #
Proposal for a regulation
Article 24 – paragraph 5 a (new)
5a. Europol shall keep logs of queries of the staff duly authorised to use the CIR pursuant to Article 22.
2018/07/23
Committee: LIBE
Amendment 593 #
Proposal for a regulation
Article 24 – paragraph 6
6. The logs referred to in paragraphs 1, 5 and 5a may be used only for data protection monitoring, including checking the admissibility of a request and the lawfulness of data processing, and for ensuring datafor self- monitoring, and for ensuring the proper functioning and the data integrity and security pursuant to Article 42. They shall be protected by appropriate measures against unauthorised access and erased onetwo years after their creation, unless they are required for monitoring procedures that have already begun.
2018/07/23
Committee: LIBE
Amendment 594 #
Proposal for a regulation
Article 24 – paragraph 7 a (new)
7a. The competent national authorities in charge of checking whether or not access is lawful, monitoring the lawfulness of data processing, self- monitoring and ensuring the proper functioning, data integrity and security, shall have access, within the limits of their competence and at their request, to these logs for the purpose of fulfilling their duties.
2018/07/23
Committee: LIBE
Amendment 595 #
Proposal for a regulation
Article 24 – paragraph 7 b (new)
7b. For the purposes of self- monitoring and ensuring the proper functioning of the CIR, data integrity and security, the EU-Lisa shall have access, within the limits of its competence, to those logs.
2018/07/23
Committee: LIBE
Amendment 596 #
Proposal for a regulation
Article 24 – paragraph 7 c (new)
7c. The European Data Protection Supervisor shall have access, within the limits of its competence and at its request, to those logs for the purpose of fulfilling its tasks.
2018/07/23
Committee: LIBE
Amendment 600 #
Proposal for a regulation
Article 25 – paragraph 1
1. A multiple-identity detector (MID) creating and storing links between data in the EU information systems included in the common identity repository (CIR) and the SIS and as a consequence detecting multiple identities, with the dual purpose of facilitating identity checks and combating identity fraud, is established for the purpose of supporting the functioning of the CIR and the objectives of the EES, the VIS, the ETIAS], Eurodac, the SIS and [the ECRIS-TCN system], while fully respecting the principles of necessity and proportionality.
2018/07/23
Committee: LIBE
Amendment 673 #
Proposal for a regulation
Article 36 – paragraph 2 a (new)
2a. Each EU body shall keep logs of queries of the authority and the staff duly authorised to use the MID.
2018/07/23
Committee: LIBE
Amendment 674 #
Proposal for a regulation
Article 36 – paragraph 3
3. The logs may be used only for data protection monitoring, including checking the admissibility of a request and the lawfulness of data processing, and for ensuring datafor self- monitoring, and for ensuring the proper functioning and the data integrity and security pursuant to Article 42. The logs shall be protected by appropriate measures against unauthorised access and erased onetwo years after their creation, unless they are required for monitoring procedures that have already begun. The logs related to the history of the identity confirmation file shall be erased once the data in the identity confirmation file is erased.
2018/07/23
Committee: LIBE
Amendment 721 #
Proposal for a regulation
Article 44 – paragraph 3
3. Without prejudice to the notification and communication of a personal data breach pursuant to Article 33 of Regulation (EU) 2016/679, Article 30 of Directive (EU) 2016/680, or both, Member States shall notify the Commission, eu- LISA, the national supervisory authorities and the European Data Protection Supervisor of security incidents. In the event of a security incident in relation to the central infrastructure of the interoperability components, eu-LISA shall notify the Commission and the European Data Protection Supervisor.
2018/07/23
Committee: LIBE
Amendment 727 #
Proposal for a regulation
Article 44 – paragraph 5 a (new)
5a. The European Commission shall carry out annual evaluations to ensure that Member States are in full compliance with the obligations under each respective IT-systems. The concrete findings of the evaluations shall be communicated to the European Parliament and the Council, and in case of a breach, appropriate measures shall be taken thereafter.
2018/07/23
Committee: LIBE
Amendment 735 #
Proposal for a regulation
Article 46 – paragraph 1
1. Without prejudice to the right of information referred to in Articles 11 and 12 of Regulation (EC) 45/2001 and Articles 13 and 14 of Regulation (EU) 2016/679, persons whose data are stored in the shared biometric matching service, the common identity repository or the multiple-identity detector shall be informed by the authority collecting their data, at the time their data are collected, about the processing of personal data for the purposes of this Regulation, including about identity and contact details of the respective data controllers, and about the procedures for exercising their rights of access, rectification and erasure, as well as about the contact details of the European Data Protection Supervisor and of the national supervisory authority of the Member State responsible for the collection of the data. Persons whose data is stored should also be informed of retention periods, automated decision- making and the fact that personal data is not transferred or made available to third countries, international organisations of private parties, with the exception of transfers to Interpol.
2018/07/23
Committee: LIBE
Amendment 755 #
Proposal for a regulation
Article 47 – paragraph 2
2. The Member State responsible for the manual verification of different identities as referred to in Article 29 or the Member State to which the request has been made shall reply to such requests within 45 days ofout undue delay and no longer than 45 days within the receipt of the request.
2018/07/23
Committee: LIBE
Amendment 763 #
Proposal for a regulation
Article 47 – paragraph 4
4. Where, following an examination, it is found that the data stored in the multiple-identity detector (MID) are factually inaccurate or have been recorded unlawfully, the Member State responsible or, where applicable, the Member State to which the request has been made shall correct or delete these data. The Member State shall send a written confirmation to the data subject.
2018/07/23
Committee: LIBE
Amendment 766 #
Proposal for a regulation
Article 47 – paragraph 4 a (new)
4a. Any person shall have the right to lodge a complaint and the right to a legal remedy in the Member State which refused the right of access to or the right of correction or deletion of data relating to him or her, in accordance with national or Union law;
2018/07/23
Committee: LIBE
Amendment 778 #
Proposal for a regulation
Article 48 – paragraph 1
Personal data stored in or accessed by the interoperability components shall not be transferred or made available to any third country, to any international organisation or to any private party. Any breach to this shall be considered a serious security incident and shall be immediately reported and addressed in accordance with Article 44.
2018/07/23
Committee: LIBE
Amendment 786 #
Proposal for a regulation
Article 49 – paragraph 1 a (new)
1 a. Each Member State shall ensure that the supervisory authority or authorities designated pursuant to Article 51 of Regulation (EU)2016/679 and Article 41 of Directive (EU) 2016/680 shall monitor the lawfulness of the processing of personal data under this Regulation
2018/07/23
Committee: LIBE
Amendment 793 #
Proposal for a regulation
Article 50 – paragraph 1 a (new)
The European Commission, the European Parliament and Member States shall ensure that the European Data Protection Supervisor has sufficient resources to fulfil the tasks entrusted to it under this Regulation.
2018/07/23
Committee: LIBE
Amendment 819 #
Proposal for a regulation
Article 54 – paragraph 1 – point g a (new)
(g a) fully complying with the rules of each IT-system to ensure the security and integrity of personal data;
2018/07/23
Committee: LIBE
Amendment 820 #
Proposal for a regulation
Article 54 – paragraph 1 – point h a (new)
(h a) reporting any security incidents involving personal data to the Commission, eu-LISA, the national supervisory authorities and the European Data Protection Supervisor
2018/07/23
Committee: LIBE
Amendment 824 #
Proposal for a regulation
Article 55 a (new)
Article 55 a Penalties Member States shall lay down the rules on penalties applicable to infringements of this Regulation and shall take all measures necessary to ensure that they are implemented. The penalties provided for shall be effective, proportionate and dissuasive.
2018/07/23
Committee: LIBE
Amendment 901 #
Proposal for a regulation
Article 66 – paragraph 1 a (new)
Member States and EU bodies shall organise for their staff authorised to process data from the interoperability components, appropriate training programme about data security, data quality, data protection rules and the procedures of the data processing.
2018/07/23
Committee: LIBE
Amendment 902 #
Proposal for a regulation
Article 66 – paragraph 1 b (new)
Common training courses about data security, data quality, data protection rules and the procedures of the data processing shall be organised at EU level at least once a year to enhance cooperation and exchange of best practices between staff of Member States and EU bodies authorised to process data from the interoperability components.
2018/07/23
Committee: LIBE
Amendment 904 #
Proposal for a regulation
Article 68 – paragraph 1
1. eu-LISA shall ensure that procedures are in place to monitor the development of the interoperability components and the integration of the existing national infrastructures and the connection to the national uniform interface in light of objectives relating to planning and costs and to monitor the functioning of the interoperability components in light of objectives relating to the technical output, cost-effectiveness, security and quality of service.
2018/07/23
Committee: LIBE
Amendment 907 #
Proposal for a regulation
Article 68 – paragraph 2 a (new)
2 a. Six months after the start of the operations of each interoperability component, eu-LISA shall submit a report to the European Parliament and the Council on the state of play of the connection of Member States to the communication infrastructure of the ESP and the CIR and the integration of the existing national systems and infrastructures with the ESP, shared BMS, MID and the CIR.
2018/07/23
Committee: LIBE
Amendment 908 #
Proposal for a regulation
Article 68 – paragraph 2 b (new)
2 b. During the development phase of the interoperability components, the Commission shall evaluate the necessity of further harmonisation of national systems and infrastructures of Member States at external borders. The Commission shall transmit the evaluation report to the European Parliament and the Council. These evaluation reports shall include recommandations, an impact assessment and an assessment on their cost for the EU budget.
2018/07/23
Committee: LIBE
Amendment 912 #
Proposal for a regulation
Article 68 – paragraph 4
4. FourTwo years after the start of operations of each interoperability component and every four years thereafter, eu-LISA shall submit to the European Parliament, the Council and the Commission a report on the connection of Member States to the communication infrastructure of the ESP and the CIR and the integration of the existing national systems and infrastructures with the ESP, shared BMS, MID and the CIR, as well as on the technical functioning of the interoperability components, including the security thereof.
2018/07/23
Committee: LIBE
Amendment 914 #
Proposal for a regulation
Article 68 – paragraph 5 – subparagraph 1 – introductory part
In addition, one year after each report from eu-LISAeach year, the Commission shall produce an overall evaluation of the components, including:
2018/07/23
Committee: LIBE
Amendment 916 #
Proposal for a regulation
Article 68 – paragraph 5 – subparagraph 1 – point b
(b) an examination of the results achieved against objectives and the impact on fundamental rights, particularly the use of CIR with biometric data taken during an identity check;
2018/07/23
Committee: LIBE
Amendment 918 #
Proposal for a regulation
Article 68 – paragraph 5 – subparagraph 1 – point d a (new)
(d a) an assessment of the security of the connection of Member States to the communication infrastructure of the ESP and the CIR and the security of the integration of the existing national systems and infrastructures with the ESP, shared BMS, MID and the CIR.
2018/07/23
Committee: LIBE
Amendment 926 #
Proposal for a regulation
Article 68 – paragraph 8 a (new)
8 a. While respecting the provisions of national law on the publication of sensitive information, each Member State shall prepare annual reports containing information and statistics on the access to data stored in the common identity repository for identification pursuant to Article 20.
2018/07/23
Committee: LIBE