PURPOSE: to recast into a single Regulation:

the Regulation on the establishment of the EURODAC system for the comparison of fingerprints with a view to the effective application of the Dublin Regulation and for the requests for comparisons with EURODAC data made by the Member States’ law enforcement authorities and Europol, and the amendment of Regulation (EU) No 1077/2011 establishing an Agency for the operational management of large-scale IT systems within the area of freedom, security and justice.

LEGISLATIVE ACT: Regulation (EU) No 6°3/2013 of the European Parliament and of the Council on the establishment of 'Eurodac' for the comparison of fingerprints for the effective application of Regulation (EU) No 604/2013 establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person and on requests for the comparison with Eurodac data by Member States' law enforcement authorities and Europol for law enforcement purposes, and amending Regulation (EU) No 1077/2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (recast).

CONTENT: the European Parliament and the Council adopted a Regulation designed to recast the “EURODAC” Regulation.

This is the last text to be adopted in the context of the revision of the Community acquis in the area of asylum policy and the setting in place of a Common European Asylum System .

The main points covered by this revision may be summarised as follows:

Objective of EURODAC: as previously, EURODAC shall assist in determining which Member State is to be responsible pursuant to Regulation (EU) No 604/2013 for examining an application for international protection lodged in a Member State by a third-country national or a stateless person. The Regulation also lays down the conditions under which Member States' designated authorities and the European Police Office (Europol) may request the comparison of fingerprint data with those stored in the Central System for law enforcement purposes .

System architecture: the Regulation reiterates the main components of the existing EURODAC system which are:

a computerised central fingerprint database ("Central System") composed of: (i) a Central Unit, (ii) a Business Continuity Plan and System; a communication infrastructure between the Central System and Member States that provides an encrypted virtual network dedicated to Eurodac data each Member State shall have a single National Access Point.

The Agency shall be responsible for the operational management of EURODAC. EURODAC shall be functional 24 hours a day, 7 days a week.

Member States' designated authorities for law enforcement purposes: it is essential in the fight against terrorist offences and other serious criminal offences for the law enforcement authorities to have the fullest and most up-to-date information if they are to perform their tasks. To this end, the data in Eurodac should be available, subject to the strict conditions set out in this Regulation, for comparison by the designated authorities of Member States and the European Police Office (Europol). Member States shall designate the authorities that are authorised to request comparisons with Eurodac data. Designated authorities shall be authorities of the Member States which are responsible for the prevention, detection or investigation of terrorist offences or of other serious criminal offences but shall not include agencies or units exclusively responsible for intelligence relating to national security .

These authorities shall only have access to EURODAC in certain well-defined cases and when there exist good reasons to believe that the suspect of a terrorist or other serious criminal offence has applied for international protection. In any event, EURODAC may only be queried if there is an overriding public security concern, that is, if the act committed by the criminal or terrorist to be identified is so reprehensible that it justifies querying a database that registers persons with a clean criminal record.

Each Member State shall designate a single national authority or a unit of such an authority to act as its verifying authority . The verification authority shall act in complete independence of the designated authorities and ensure that the required conditions for requesting fingerprint comparisons with EURODAC data are respected. Only duly empowered staff of the verifying authority shall be authorised to receive and transmit a request for access to EURODAC.

Tasks devolved to Europol: Europol shall designate a specialised unit with duly empowered Europol officials to act as its verifying authority, which shall act independently of the designated authority when performing its tasks under this Regulation and shall not receive instructions from the designated authority as regards the outcome of the verification. The designated authority shall be an operating unit of Europol which is competent to collect, store, process, analyse and exchange information to support and strengthen action by Member States in preventing, detecting or investigating terrorist offences.

Collection, transmission and comparison of fingerprints: each Member State shall promptly take the fingerprints of all fingers of every applicant for international protection of at least 14 years of age and shall, as soon as possible and no later than 72 hours after the lodging of his or her application for international protection, transmit them to the Central System (this deadline may be extended in certain cases). The text lays down the procedure to be followed for the transmission and analysis of information transmitted to the Central System.

Data collected and the period for which they may be stored: the information recorded includes: (i) fingerprint; (ii) Member State of origin, place and date of asylum application; (iii) date on which the fingerprints were taken…

Each set of data shall be stored in the Central System for ten years from the date on which the fingerprints were taken. Thereafter, they shall be automatically erased from the Central System.

Advance data erasure: data relating to a person who has acquired citizenship of any Member State before expiry of the ten-year period shall be erased from the Central System as soon as the Member State of origin becomes aware that the person concerned has acquired such citizenship.

Comparison of fingerprints in the event of the irregular crossing of an external border of the Union: each Member State shall promptly take the fingerprints of all fingers of every third-country national or stateless person of at least 14 years of age who is apprehended by the competent control authorities in connection with the irregular crossing by land, sea or air of the border of that Member State. With a view to checking whether a third-country national or a stateless person found illegally staying within its territory has previously lodged an application for international protection in another Member State, a Member State may transmit to the Central System any fingerprint data relating to fingerprints which it may have taken of any such a person. Once the results of the comparison of fingerprint data have been transmitted to the Member State of origin, the record of the search shall be kept by the Central System only for the stipulated in the Regulation. Other than for those purposes, no other record of the search may be stored either by Member States or by the Central System .

Marking of data: the Member State of origin which granted international protection to an applicant for international protection whose data were previously recorded in the Central System pursuant to Article 11 shall mark the relevant data. That mark shall be stored in the Central System and the Central System shall inform all Member States of origin of the marking of data by another Member State of origin having produced a hit .

The data of beneficiaries of international protection stored in the Central System and marked shall be made available for comparison for a period of three years after the date on which the data subject was granted international protection. Thereafter, the Central System shall automatically block such data from being transmitted for law enforcement purposes, until their definitive erasure.

Procedure for comparison of fingerprint data for law enforcement purposes in exceptional cases of urgency: new rules have been introduced to make provision for the urgent transmission of data where there is a need to prevent an imminent danger associated with a terrorist offence or other serious criminal offence.

Conditions for access to EURODAC by designated authorities: it is stipulated that the comparison of EURODAC data may only take place if there are reasonable grounds to believe that the comparison would contribute significantly to the prevention or detection of criminal offences or to enquiries in their regard.

Equivalent provisions govern Europol’s access to EURODAC.

Quality of data transmitted: it is also stipulated that Member States shall ensure the transmission of fingerprint data of an appropriate quality for the purpose of comparison by means of the computerised fingerprint recognition system. The fact that it is temporarily or permanently impossible to take and/or to transmit fingerprint data, due to reasons such as insufficient quality of the data for appropriate comparison, technical problems, reasons linked to the protection of health or due to the data subject being unfit or unable to have his or her fingerprints taken owing to circumstances beyond his or her control, shall not adversely affect the examination of or the decision on the application for international protection lodged by that person.

Fingerprints shall be digitally processed by the Member States and transmitted in the data format referred to in Annex I of the Regulation. As far as necessary for the efficient operation of the Central System, the Agency shall establish the technical requirements for transmission of the data format by Member States to the Central System and vice versa.

Protection of personal date for law enforcement purposes: each Member State shall provide that the provisions adopted under national law implementing Framework Decision 2008/977/JHA are also applicable to the processing of personal data by its national authorities for the purposes of law enforcement. The monitoring of the lawfulness of the processing of personal data under this Regulation by the Member States shall be carried out by the designated national supervisory authorities. The European Data Protection Supervisor shall also play a role in this regard.

Provisions also exist for the appropriate protection of data, for their correction or erasure, and for their security before and during their transmission to the Central System.

Prohibition of transfers of data to third countries: personal data obtained by a Member State or Europol pursuant to this Regulation from the Central System shall not be transferred or made available to any third country, international organisation or private entity established in or outside the Union. Personal data which originated in a Member State and are exchanged between Member States following a hit obtained for the purposes of law enforcement shall not be transferred to third countries if there is a serious risk that as a result of such transfer the data subject may be subjected to torture, inhuman and degrading treatment or punishment or any other violation of his or her fundamental rights.

Penalties: Member States shall take the necessary measures to ensure that any processing of data entered in the Central System contrary to the purposes of EURODAC is punishable by penalties, including administrative and/or criminal penalties in accordance with national law, that are effective, proportionate and dissuasive.

Role of the Agency: a series of provisions have been introduced to ensure that Regulation (EU) No 1077/2011 establishing the Agency is brought into line with this revised EURODAC Regulation.

Report, follow-up and evaluation: by 20 July 2018 and every four years thereafter, the Commission shall produce an overall evaluation of EURODAC, examining the results achieved against objectives and the impact on fundamental rights, including whether law enforcement access has led to indirect discrimination against persons covered by this Regulation. The Commission shall transmit the evaluation to the European Parliament and the Council.

ENTRY INTO FORCE: 19.07.2013.

APPLICATION: this Regulation is applicable from 20.07.2015.

Regulation (EC) No 2725/2000 and Regulation (EC) No 407/2002 are repealed with effect from 20.07.2015.

The European Parliament adopted by 502 votes to 126, with 56 abstentions, a legislative resolution on the proposal for a Regulation of the European Parliament and of the Council on the establishment of ‘Eurodac’ for the comparison of fingerprints for the effective application of Regulation (EU) No […/…] establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person and on requests for the comparison with Eurodac data by Member States' law enforcement authorities and Europol for law enforcement purposes, and amending Regulation (EU) No 1077/2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (recast).

Parliament adopted its position at first reading under the ordinary legislative procedure. The amendments adopted in plenary are the result of a compromise negotiated between the European Parliament and the Council. They amend the proposal as follows:

Purpose of Eurodac: Eurodac shall assist in determining which Member State is to be responsible pursuant to Regulation (EU) No …/… (Dublin Regulation, as amended) for examining an application for international protection lodged in a Member State by a third-country national or a stateless person.

The Regulation also lays down the conditions under which Member States' designated authorities and the European Police Office (Europol) may request the comparison of fingerprint data with those stored in the Central System for law enforcement purposes .

Member States’ designated authorities for law enforcement purposes: Member States shall designate the authorities that are authorised to request comparisons with Eurodac data. Designated authorities shall be authorities of the Member States which are responsible for the prevention, detection or investigation of terrorist offences or of other serious criminal offences. Designated authorities shall not include agencies or units exclusively responsible for intelligence relating to national security .

Member States' verifying authorities for law enforcement purposes: each Member State shall designate a single national authority or a unit of such an authority to act as its verifying authority . The verifying authority shall be an authority of the Member State which is responsible for the prevention, detection or investigation of terrorist offences or of other serious criminal offences. The verifying authority shall act independently when performing its tasks. The verifying authority shall not receive any instructions as regards the outcome of the verifications it undertakes. Member States may designate more than one verifying authority to reflect their organisational and administrative structures, in accordance with their constitutional or legal requirements.

The verifying authority shall ensure that the conditions for requesting comparisons of fingerprints with Eurodac data are fulfilled. Only duly empowered staff of the verifying authority shall be authorised to receive and transmit a request for access to Eurodac.

Tasks devolved to Europol: Europol shall designate a specialised unit with duly empowered Europol officials to act as its verifying authority, which shall act independently of the designated authority when performing its tasks and shall not receive instructions from the designated authority as regards the outcome of the verification. The unit shall ensure that the conditions for requesting comparisons of fingerprints with Eurodac data are fulfilled. The designated authority shall be an operating unit of Europol which is competent to collect, store, process, analyse and exchange information to support and strengthen action by Member States in preventing, detecting or investigating terrorist offences or other serious criminal offences falling within Europol's mandate.

Collection, transmission and comparison of fingerprints: each Member State shall promptly take the fingerprints of all fingers of every applicant for international protection of at least 14 years of age and shall, as soon as possible and no later than 72 hours after the lodging of his or her application for international protection, transmit them to the Central System. In the event of serious technical problems, Member States may extend the 72-hour time-limit by a maximum of a further 48 hours in order to carry out their national continuity plans.

Advance data erasure: data relating to a person who has acquired citizenship of any Member State shall be erased from the Central System as soon as the Member State of origin becomes aware that the person concerned has acquired such citizenship. The Central System shall , as soon as possible and no later than after 72 hours , inform all Member States of origin of the erasure of data.

Storage of data: each set of data relating to a third-country national or stateless person shall be stored in the Central System for 18 months from the date on which his or her fingerprints were taken. Upon expiry of that period, the Central System shall automatically erase such data.

Comparison of fingerprint data: with a view to checking whether a third-country national or a stateless person found illegally staying within its territory has previously lodged an application for international protection in another Member State, a Member State may transmit to the Central System any fingerprint data relating to fingerprints which it may have taken of any such third-country national or stateless person of at least 14 years of age, together with the reference number used by that Member State. Once the results of the comparison of fingerprint data have been transmitted to the Member State of origin, the record of the search shall be kept by the Central System only for the purposes stipulated in the Regulation. Other than for those purposes, no other record of the search may be stored either by Member States or by the Central System .

Marking of data: the Member State of origin which granted international protection to an applicant for international protection whose data were previously recorded in the Central System shall mark the relevant data in conformity with the requirements for electronic communication with the Central System. That mark shall be stored in the Central System and the Central System shall inform all Member States of origin of the marking of data by another Member State of origin having produced a hit with data which they transmitted .

The data of beneficiaries of international protection stored in the Central System and marked shall be made available for comparison for a period of three years after the date on which the data subject was granted international protection. Upon the expiry of the period of three years, the Central System shall automatically block such data from being transmitted in the event of a request for comparison for enforcement purposes, until the point of their erasure.

Conditions for access to Eurodac by designated authorities: authorities may submit a reasoned electronic request for the comparison of fingerprint data with the data stored in the Central System within the scope of their powers only if comparisons with the national fingerprint databases, the automated fingerprintining identification systems of all other Member States, and the Visa Information System, in addition to other cumulative conditions, did not lead to the establishment of the identity of the data subject.

It is also stipulated that the comparison may only take place if there are reasonable grounds to consider that the comparison will substantially contribute to the prevention, detection or investigation of any of the criminal offences in question.

Equivalent rules are laid down governing access to Eurodac by Europol.

Procedure for carrying out urgent comparisons for enforcement purposes in exceptional cases: new provisions were introduced to make provision for the urgent transmission of fingerprint data when there is a need to prevent an imminent danger associated with a terrorist offence or other serious criminal offence.

Quality of fingerprint data transmitted: in a recital, it is stipulated that the Member States should ensure the transmission of fingerprint data of an appropriate quality for the purpose of comparison by means of the computerised fingerprint recognition system. All authorities with a right of access to Eurodac should invest in adequate training and in the necessary technological equipment.

The fact that it is temporarily or permanently impossible to take and/or to transmit fingerprint data, due to reasons such as insufficient quality of the data for appropriate comparison, technical problems, reasons linked to the protection of health or due to the data subject being unfit or unable to have his or her fingerprints taken owing to circumstances beyond his or her control, should not adversely affect the examination of or the decision on the application for international protection lodged by that person.

Protection of personal data for law enforcement purposes:

Each Member State shall provide that the provisions adopted under national law implementing Framework Decision 2008/977/JHA are also applicable to the processing of personal data by its national authorities for law enforcement purposes.

The monitoring of the lawfulness of the processing of personal data under this Regulation by the Member States for the purposes laid down in this Regulation shall be carried out by the designated national supervisory authorities. The European Data Protection Supervisor shall also play a role in this context.

Security incidents: Member States shall inform the Agency of security incidents detected on their systems. The Agency shall inform the Member States, Europol and the European Data Protection Supervisor in case of security incidents.

Prohibition of transfers of data to third countries: personal data obtained by a Member State or Europol pursuant to this Regulation from the Central System shall not be transferred or made available to any third country, international organisation or private entity established in or outside the Union. Personal data which originated in a Member State and are exchanged between Member States following a hit shall not be transferred to third countries if there is a serious risk that as a result of such transfer the data subject may be subjected to torture, inhuman and degrading treatment or punishment or any other violation of his or her fundamental rights.

Audit: Member States shall ensure that every year an audit of the processing of personal data for law enforcement purposes is carried out by an independent body, in accordance with Article 33(2), including an analysis of a sample of reasoned electronic requests.

Reports and evaluation: every four years, the Commission shall produce an overall evaluation of Eurodac, examining the results achieved against objectives and the impact on fundamental rights, including whether law enforcement access has led to indirect discrimination against persons covered by this Regulation, and assessing the continuing validity of the underlying rationale and any implications for future operations, and shall make any necessary recommendations. The Commission shall transmit the evaluation to the European Parliament and the Council.

On the basis of Member States’ and Europol’s annual reports and in addition to the overall evaluation report, the Commission shall compile an annual report on law enforcement access to Eurodac and shall transmit it to the European Parliament, the Council and the European Data Protection Supervisor.

Other provisions: provisions were also made in regard to the following:

- the development of a Business Continuity Plan and System taking into account maintenance needs and unforeseen downtime of the system;

- the compilation of quarterly statistics;

- taking into account the best interests of the child when applying this Regulation; and

- the preparation of a leaflet for persons whose fingerprints in order to provide them with information regarding their rights.

The Council was informed about the state of play of two legislative proposals outstanding in relation to the Common European Asylum System (CEAS), namely:

the proposal on the asylum procedures directive ; the present proposal on the Eurodac regulation.

Both files have entered into the final phase of negotiations with the European Parliament.

In the case of the Eurodac regulation, issues that remain to the resolved in the negotiations relate to the modalities of access to Eurodac data by law enforcement authorities.

The Committee on Civil Liberties, Justice and Home Affairs adopted the report by Monica Luisa MACOVEI (EPP, RO) on the amended proposal for a regulation of the European Parliament and of the Council on the establishment of 'EURODAC' for the comparison of fingerprints for the effective application of Regulation (EU) No […/…] (establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person) and to request comparisons with EURODAC data by Member States' law enforcement authorities and Europol for law enforcement purposes and amending Regulation (EU) No 1077/2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (recast).

The parliamentary committee recommends that the European Parliament’s position adopted at first reading under the ordinary legislative procedure should be to amend the Commission’s proposal as follows:

Right of the applicant for international protection to have his or her application processed in due course: Members consider it important that Member States do not put in place practices which would link a possible result in EURODAC to the success of the asylum application since only a final judgment should have a bearing on this. As a result, the fact that the law enforcement authorities of the Member States consult EURODAC s hould not be grounds for slowing down the process of examining the applicant's claim for international protection.

Strict conditions of access: Members consider that access to EURODAC should be very restricted. They therefore ask that access to EURODAC data by EUROPOL should be allowed only in specific cases , under specific circumstances and under strict conditions. Likewise, EURODAC should only be used n cases where there are reasonable grounds for believing that the perpetrator or victim may fall under one of the categories covered by this Regulation.

Erasure of fingerprint data: once the results of the comparison have been transmitted to the Member State of origin, the Central System shall immediately erase the fingerprint data and other data transmitted to it. The Central System shall inform all Member States of origin no later than after 72 hours about the erasure of data.

Quality of fingerprint data transferred: Member States should ensure the transmission of fingerprint data in an appropriate quality for the purpose of comparison by means of the computerised fingerprint recognition system . All authorities with right of access to EURODAC should invest in adequate training and in the necessary technological equipment . The authorities with right of access to EURODAC should inform the Agency of specific difficulties encountered with regard to the quality of data, in order to resolve them.

Impossibility to provide fingerprints: a temporary or permanent impossibility for an applicant for international protection to provide fingerprints ('failure to enrol') should not adversely affect the legal situation of that applicant.

Verifying authorities and “designated” authorities: each Member State shall appoint a single national body to act as its verifying authority which is responsible for the prevention, detection or investigation of terrorist offences and other serious criminal offences. It shall act completely independently of all other authorities and shall not receive instructions from them as regards the outcome of the verification. Likewise, Europol shall appoint a specialised unit with duly empowered Europol officials to act as its verifying authority. It shall also act independently of designated authorities.

Only designated authorities are permitted to consult EURODAC data. The designated authority and the verifying authority may be part of the same organisation if so stipulated under national law, but the verifying authority should have independence within the institutional structure. Designated authorities shall not include agencies or units exclusively responsible for intelligence relating to national security.

Reasoned electronic request for comparison of fingerprint data: designated authorities may submit a reasoned electronic request for the comparison of fingerprint data with those stored in the EURODAC central database within the scope of their powers only if comparisons of national fingerprint databases, of the Automated Fingerprint Databases of other Member States and of the Visa Information System, when possible, return negative results and where the cumulative conditions defined in the report are met.

Searches for fingerprint data in EURODAC should only be authorised in restricted cases , in the context of criminal enquiries under way or where there is a substantiated suspicion that the suspect, perpetrator or victim of a terrorist or other serious criminal offence has applied for international protection. In any event, EURODAC searches should not become an 'automatic' search carried out by the law enforcement authorities.

It is also stipulated that the Commission shall publish an indicative, non-binding model EURODAC request form.

Verification by a trained fingerprint expert: the results of the comparison should be immediately checked in the Member State of origin by a trained fingerprint expert .

Data protection: the record of the search shall be kept by the EURODAC central system and the verifying authorities and Europol for the purpose of permitting the national data protection authorities and the European Data Protection Supervisor to monitor the compliance of data processing with Union data protection rules. Personal data , as well as the record of the search, shall be erased in all national and Europol files after a period of one month , if the data are not required for the purposes of the specific ongoing criminal investigation.

Information of the person concerned on the processing of his/her data: the person concerned should be informed regarding the purpose for which his or her data will be processed within EURODAC, and the use that could be made of them by the enforcement authorities.

Request to erase or correct data: provisions are added to take into account the wish of a person to see their data erased or corrected and the procedures whereby these data could be corrected or erased.

Prohibition of transfer to third countries: personal data obtained by a Member State or Europol and subsequently processed in national databases cannot be communicated or made available to third countries or international organisations or private entities, whether or not they are established in the Union.

Interests of the child: the best interests of the child should be a primary consideration in the fingerprinting procedure.

Audits: the national data protection authority should annually audit the use of EURODAC specifically as a law enforcement tool. The Member States have to present the European Parliament with annual reports. The EDPS should also produce every two years (and not every four, as in the Commission’s proposal) an audit of the activities of personal data processing undertaken by the supervisory agencies. It is, moreover, stipulated that the supervisory agencies, both national and at Union level, should be provided with sufficient financial and human resources to be able adequately to supervise the use of and access to EURODAC data.

Technical provisions: lastly, technical provisions are proposed in regard to:

a compilation of the quarterly (and not monthly) statistics on the effects of the new Regulation; a Business Continuity Plan to be developed taking into account maintenance needs and unforeseen downtime of the system; how data are transmitted in the event of a technical defect in the system; blocking of data relating to an applicant for international protection if that person is granted international protection in a Member State; the publication of a leaflet providing information on their rights to people whose fingerprint data are taken; a requirement for reports (in particular looking at the impact of the future Regulation on the protection of fundamental rights).

The Council was informed of the state of negotiations on the various legislative proposals outstanding in relation to the Common European Asylum System (CEAS), on the basis of a Cypriot Presidency paper.

The situation on the four outstanding files can be described as follows:

negotiations between the Council and the European Parliament on the Dublin Regulation have been finalised and the Council adopted this political agreement without discussion . The new rules will introduce a mechanism for early warning, preparedness and crisis management aimed at evaluating the practical functioning of national asylum systems, assisting Member States in need and preventing asylum crises. As a complement, the Council adopted conclusions (7485/12) in March 2012 on a common framework for genuine and practical solidarity towards Member States facing particular pressures on their asylum systems, including through mixed migration flows. These conclusions are intended to constitute a toolbox for EU-wide solidarity towards those Member States most affected by such pressures and/or encountering problems in their asylum systems; at its meeting on 25 and 26 October 2012 the Council confirmed the political agreement reached on the Reception Conditions Directive which fully reflects the result of negotiations with the European Parliament. Once the Directive is formally adopted, Member States will need to transpose the new provisions into national law within two years; on the Asylum Procedures Directive, further progress has been made in negotiations with the European Parliament with a view to reaching agreement before the end of 2012 . These negotiations are based on a revised proposal for a Directive which was tabled by the Commission on 1 June 2011. On 27 November 2012, the Permanent Representatives Committee (Coreper) adopted a revised compromise package . Negotiations are now in their final phase and agreement is sought before the end of 2012; in June 2012, the Commission tabled its new proposal for a revised Eurodac Regulation which allows law enforcement authorities to access this central EU-wide fingerprint database for the purposes of fighting terrorism and organised crime, subject to strict conditions on data protection. On 10 October 2012, the Permanent Representatives Committee endorsed a negotiating mandate for the informal trilogues on the fourth revised version of the recast of the Eurodac Regulation. The LIBE Committee will vote on 17 December 2012 the negotiating mandate for its rapporteur. After both co-legislators have established their positions, negotiations in informal trilogues can start. The first informal trilogue is scheduled for 18 December 2012 .

Four other agreements and decisions relating to the CEAS have already been adopted. They concern:

1. the Qualification Directive providing for better, clearer and more harmonised standards for identifying persons in need of international protection which was adopted in November 2011;

2. the Long-term Residence Directive adopted in April 2011;

3. the Regulation establishing the European Asylum Support Office (EASO) which started operations in the spring of 2011;

4. the Decision taken in March 2012 establishing common EU resettlement priorities for 2013 and new rules on EU funding for resettlement activities carried out by Member States.

OPINION OF THE EUROPEAN DATA PROTECTION SUPERVISOR

on the amended proposal for a Regulation of the European Parliament and of the Council

on the establishment of ‘EURODAC’ for the comparison of fingerprints

for the effective application of Regulation (EU) No […/…] (recast)

The EDPS regrets that the Commission services did not ask the EDPS to provide informal comments to the Commission before the adoption of the Proposal, according to the agreed procedure in relation to Commission documents relating to the processing of personal data. He considers that the evidence provided until now is not sufficient and up to date to demonstrate the necessity and proportionality of granting access to EURODAC for law enforcement purposes.

In this context the EDPS recommends that the Commission provides a new impact assessment in which all relevant policy options are considered, in which solid evidence and reliable statistics are provided and which includes an assessment in a fundamental rights perspective.

Given that it relates to applicable data protection legislation , the EDPS stresses the need for clarity on how the provisions of the Proposal specifying certain data protection rights and obligations relate to Council Framework Decision 2008/977/JHA , as well as to Council Decision 2009/371/JHA .

To demonstrate that law enforcement access to EURODAC as such is necessary and proportionate, the EDPS recommends:

clarifying that the transfer of EURODAC data to third countries is prohibited also in case of use of EURODAC data for law enforcement purposes; ensuring unequivocally that access by designated authorities to EURODAC data is limited to law enforcement purposes ; submitting the access to EURODAC data for law enforcement purposes to a prior judicial autorisation ; adding the criterion of the ‘ need to prevent an imminent danger associated with serious criminal or terrorist offences ’ as exceptional case justifying the consultation of EURODAC data without prior verification by the verifying authority; adding, for example, as a condition of access, a ‘ substantiated suspicion that the perpetrator of a terrorist or other serious criminal offences has applied for asylum ’; describing, in a recital, the kind of situations justifying a direct access by Europol to the EURODAC Central Unit; ensuring that comparison of fingerprints for law enforcement purposes shall in any case be subject to at least the same safeguards foreseen for Dublin Regulation purposes ; specifying more clearly the rules on retention or deletion of data . providing an access for the EDPS and Europol's supervisory authority to the records kept by the Agency and Europol respectively as well as the obligation to store records also for conducting regular self-auditing of EURODAC.

The Council agreed on a compromise text (doc. 6161/4/12 ) relating to the amendments tabled by the Commission in September 2011 which aim to change the last part of the Schengen Borders Code, i.e. the provisions on the reintroduction of controls at internal borders.

The Council also reached a general approach on amendments to the the Schengen Evaluation Mechanism , the common rules to verify the application of the Schengen acquis.

This compromise text will now form the basis for negotiations with the European Parliament.

The text provides for the possibility of reintroducing controls at internal borders in three cases – two under the heading "Serious threat to public policy or internal security" and one linked to the Schengen evaluation mechanism under the heading "Specific measures in case of serious deficiencies relating to the external border controls":

(i) Serious threat to public policy or internal security : as under the current rules, a member state will be able to unilaterally decide to temporarily reintroduce border controls at internal borders in exceptional circumstances, namely where 'there is a serious threat to public policy or internal security'.

First case: Foreseeable events

– If the threats motivating such re-introduction are foreseeable (e.g. major sporting events, political demonstrations, or high-profile political meetings), the reintroduction of border controls will be limited to 30 days with the possibility of prolonging the period for renewable periods of 30 days not exceeding six months in total. The member state in question must notify the other member states and the Commission not less than four weeks before the planned reintroduction. Shorter periods are possible in specific circumstances.

– The member state will need to provide all relevant information about the scope and duration of the re-introduction, and the reasons for doing so. The Commission can issue an opinion on the notification, which may result in consultations between member states and the Commission.

Second case: Urgent cases

– In urgent cases (e.g. terrorist attack), the re-introduction may be effected immediately. In these cases, the reintroduction of border controls will be limited to 10 days with the possibility of extending that period for renewable periods of 20 days not exceeding two months in total.

(ii) Specific measures in case of serious deficiencies relating to the external border controls

Third case: Persistent serious deficiencies at external borders

– Where an evaluation report under the Schengen evaluation mechanism identifies serious deficiencies in a member state in carrying out external border controls, the Commission may recommend to the member state concerned the deployment of European Border Guard teams in accordance with the Frontex regulation and/or the submission of its strategic plans to remedy the situation.

– Where an evaluation report under the Schengen evaluation mechanism (see a) concludes that a member state was seriously neglecting its obligations putting the overall functioning of the area without internal border controls at risk, and where the Commission finds that after three months this situation persists , the Council may on the basis of a Commission proposal recommend that one or more specific member states reintroduce border controls at all or specific parts of the internal borders . As in the first and second cases described above, the serious deficiency relating to external border controls must constitute a serious threat to public policy or internal security. The reintroduction of border controls in this case will be limited to six months with the possibility of extending that period for renewable periods of six months not exceeding two years in total .

– Such a recommendation can only be adopted as a last resort , and the Council has to take into consideration a number of things, including: whether the reintroduction of border controls is likely to adequately remedy the threat to public policy or internal security; whether the measure is proportionate; and whether there are additional technical or financial support measures, including through Frontex, EASO, Europol etc., that could remedy the situation.

PURPOSE: to establish a single regulation :

regulation on the establishment of "Eurodac" for the comparison of fingerprints for the effective application of the Dublin Convention and to request comparisons with EURODAC data by Member States' law enforcement authorities and Europol for law enforcement purposes, and amendment of Regulation (EU) n° 1077/2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice.

PROPOSED ACT: Regulation of the European Parliament and of the Council.

BACKGROUND: setting out previous Commission proposals :

- December 2008 : EURODAC was established by Regulation (EC) No 2725/2000 concerning the establishment of "Eurodac" for the comparison of fingerprints for the effective application of the Dublin Convention. A recast proposal for the amendment of the EURODAC Regulation was adopted by the Commission in December 2008 (see the summary of the 2008 proposal dated 03/12/2008). This proposal was designed to ensure a more efficient support to the application of the Dublin Regulation and to properly address data protection concerns. It also aligned the IT management framework to that of the SIS II and VIS Regulations by providing for the taking over of the tasks of the operational management for EURODAC by the future Agency for the operational management of large-scale IT systems in the area of freedom, security and justice. The December 2008 proposal also aimed to: (i) repeal the Implementing Regulation and to include its content in the EURODAC Regulation; (ii) take into account developments in the acquis on asylum and technical progress which took place after the adoption of the Regulation in 2000. The European Parliament endorsed the Commission proposal subject to a number of amendments.

- September 2009: the Commission adopted an amended proposal in September 2009 in order to, on the one hand, take into account the resolution of the European Parliament and the results of negotiations in the Council, and, on the other hand, introduce the possibility for Member States' law enforcement authorities and Europol to access the EURODAC central database for the purposes of prevention, detection and investigation of terrorist offences and other serious criminal offences. In particular, that proposal introduced a bridging clause to allow access for law enforcement purposes. The proposal was presented at the same time as the proposal for a Council Decision on requesting comparisons with EURODAC data by Member States' law enforcement authorities and Europol for law enforcement purposes, spelling out the exact modalities of such access. The European Parliament did not issue a legislative resolution on the September 2009 proposals.

- October 2010: with the entry into force of the Treaty on the Functioning of the European Union (TFEU) and the abolition of the pillar system, the proposal for a Council Decision lapsed. However, with a view to progressing on the negotiations on the asylum package and facilitating the conclusion of an agreement on the EURODAC Regulation, the Commission considered it more appropriate in 2010 to withdraw from the EURODAC Regulation those provisions referring to the access for law enforcement purposes and presented a new proposal on 11 October 2010 similar to the 2008 recast of the EURODAC Regulation.

The Commission noted that enabling the swifter adoption of the new EURODAC Regulation would also facilitate the timely set up of the Agency for the operational management of large-scale IT systems from 1 December 2012.

- Towards a new recast proposal : it has since become clear that including law enforcement access for EURODAC is needed as part of a balanced deal on the negotiations of the Common European Asylum System package in order to completing the package by the end of 2012. Accordingly the Commission has decided to present again proposals to permit law enforcement access to EURODAC, but on this occasion merged into a single new EURODAC Regulation as this is now possible since the entry into force of the TFEU and it is better legislative practice to present a single instrument.

Regulation (EU) No 1077/2011 of the European Parliament and the Council establishing a European Agency for the operational management of large-scale information systems in the area of freedom, security and justice provides that the Agency should perform the tasks relating to EURODAC conferred on the Commission as the authority responsible for the operational management of EURODAC in accordance with Regulations (EC) No 2725/2000 and (EC) No 407/2002 as well as certain tasks related to the communication infrastructure, namely, supervision, security and the coordination of relations between the Member States and the provider. The Agency should take up the tasks entrusted to it under this Regulation and the relevant provisions of Regulation (EU) No 1077/2011 should be amended accordingly.

May 2012: the current proposal therefore withdraws the 2010 proposal and replaces it with a new one in order to:

take into account the resolution of the European Parliament and the results of negotiations in the Council; introduce the possibility for Member States' law enforcement authorities and Europol to access the EURODAC central database for the purposes of prevention, detection and investigation of terrorist offences and other serious criminal offences; and introduce the necessary amendments to Regulation (EU) No 1077/2011.

The intention is now to allow consultation of EURODAC by law enforcement authorities for the purpose of prevention, detection and investigation of terrorist offences and other serious criminal offences. This aims at enabling law enforcement authorities to request the comparison of fingerprint data with those stored in the EURODAC central database when they seek to establish the exact identity of or get further information on a person who is suspected of a serious crime or a crime victim. Fingerprint data constitute an important element of establishing the exact identity of a person and it is generally acknowledged as an important source of information for prevention, detection and investigation of terrorist offences and other serious criminal offences. Comparison of fingerprints in possession of Member States' designated law enforcement authorities and Europol with those stored in the EURODAC database will only be possible in case of necessity of such comparison in a specific case under well-defined circumstances .

IMPACT ASSESSMENT: the present amended proposal reinstates all of the provisions proposed in the lapsed draft Council Decision of 2009. In addition, it introduces two technical provisions relating to the asylum provisions. None of these elements is new and all were explored thoroughly in the impact assessments to the previous 2008 and 2009 proposals. Therefore, no new consultation and impact assessment were conducted specifically for the present proposal. However, the impact assessments of 2008 and 2009 are still valid for its purposes.

The relevant Impact Assessment concluded that access of law enforcement authorities to EURODAC is the only timely, accurate, secure and cost-efficient way to identify whether and if so, where data about asylum seekers are available in the Member States. No reasonable efficient alternative to EURODAC exists to establish or verify the exact identity of an asylum seeker that allows law enforcement authorities to obtain the same result.

LEGAL BASIS: Article 78 point (2) (e), Article 87 point (2) (a) and Article 88 point (2) (a) TFEU.

Article 78(2)(e) TFEU is the legal basis concerning criteria and mechanisms for determining which Member State is responsible for considering an application for asylum or subsidiary protection, which is the TFEU Article corresponding to the legal base of the original proposal (Article 63(1)(a) of the Treaty establishing the European Community) ;

Article 87(2)(a) is the legal basis for the elements related to the collation, storage, processing, analysis and exchange of relevant information for law enforcement purposes; and

Article 88(2) (a) is the legal basis for Europol's field of action and tasks including the collection, storage, processing, analysis and exchange of information.

CONTENT : this proposal amends the 2010 amended proposal for a Commission proposal for a Regulation of the European Parliament and of the Council concerning the establishment of 'Eudora' for the comparison of fingerprints for the effective application of Regulation (EC) No […/…] [establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person] – (see the summary of 11/10/2010).

It also amends Regulation (EU) No 1077/2011 of the European Parliament and of the Council establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice.

Main amending provisions

Marking of data: references to the "blocking" of data were changed in the 2008 recast to the "marking" of data concerning recognised beneficiaries of international protection. Under the original Regulation, the data of persons granted international protection remained on the EURODAC system but were blocked. As such, the EURODAC system recorded when there were hits concerning the fingerprints of recognised beneficiaries of international protection, but Member States were not informed of these hits. The new proposal was designed to "mark" these data instead of blocking, in order to inform the Member States if there is a hit for a marked data subject. This is to inform Member States if an existing beneficiary of international protection attempts to put in a fresh claim for asylum.

Law enforcement access to Eurodac : several of the amendments to the 2010 proposal are extracted directly from the lapsed September 2009 proposal on law enforcement access to EURODAC. As such, this part has been split into those areas amending the remainder of the proposal and amendments that are largely inspired by the September 2009 proposal, including their article references for ease of comparison.

The elements incorporated from the September 2009 proposal are the following:

Articles 1(2) laying down the condition s – from Article 1 of the September 2009 proposal; Article 5 on designated authorised to access EURODAC data – from Article 3 of the September 2009 proposal, except for clarified title; Article 6 on verifying authorities whose purpose is to ensure that the conditions for requesting comparisons of fingerprints with EURODAC data are fulfilled – from Article 4 of the September 2009 proposal; Article 7 on Europol – from Article 5 of the September 2009 proposal; Chapter VI (Articles 19-22) on the procedure for comparison and data transmission for law enforcement purposes – from Articles 6-9 of the September 2009 proposal; Article 33 on data protection, 34 on data security, 35 on prohibition of data transfers, 36 on logging and transfers – from Articles 10-13 of the September 2009 proposal; Article 39(3) on costs related to the prevention, detection or investigation of any of the criminal offences defined in this Regulation – from Article 14 of the September 2009 proposal; Article 40(8) and (9) on annual reporting on law enforcement access to EURODAC – modified from Article 17(1) and 17(3) of the September 2009 proposal; Article 43 on notifications of designated and verifying authorities – from Article 16 of the September 2009 proposal.

The elements that were neither in the September 2009 proposal nor the 2010 proposal are the following:

Article 2(1) contains further definitions concerning the IT Agency and Europol and the nature of terrorist and criminal offences; Article 2(2) and 2(4) clarify for data protection purposes when Directive 95/46/EC and how Framework Decision 2008/977/JHA apply; Article 29 – the wording on the leaflet has been enhanced to ensure that it is simple and written in a language the applicant can understand; Chapter VIII (Article 38) makes several amendments to Regulation (EU) No 1077/2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice; Article 41 – the words "and Europol" have been included into the article on penalties.

Throughout the recast, the references to the "Management Authority" have been replaced with the "Agency".

Territorial provisions : Title V of the TFEU is not applicable to the United Kingdom and Ireland, unless those two countries decide otherwise, in accordance with the provisions set out in the Protocol on the position of the United Kingdom and Ireland annexed to the TEU and to the TFEU.

The United Kingdom and Ireland are bound by Council Regulation (EC) No 2725/2000 following their notice of their wish to take part in the adoption and application of that Regulation based on the above-mentioned Protocol. The position of these Member States with regard to the current Regulation does not affect their possible participation with regard to the amended Regulation.

Under the Protocol on the position of Denmark, annexed to the TEU and the TFEU, Denmark does not take part in the adoption by the Council of the measures pursuant to Title V of the TFEU (with the exception of "measures determining the third countries whose nationals must be in possession of a visa when crossing the external borders of the Member States, or measures relating to a uniform format for visas"). Therefore, Denmark does not take part in the adoption of this Regulation and is not bound by it or subject to its application. However, given that Denmark applies the current Eurodac Regulation, following an international agreement that it concluded with the EC in 2006, it shall, in accordance with Article 3 of that agreement, notify the Commission of its decision whether or not to implement the content of the amended Regulation.

The scope of association agreements with Iceland, Norway, Switzerland and Liechtenstein as well as the parallel agreement with Denmark does not cover law enforcement access to EURODAC. The current proposal, like the 2009 proposal, notes that the comparison of fingerprint data using EURODAC may only be made after national fingerprint databases and the Automated Fingerprint Databases of other Member States under Council Decision 2008/615/JHA (the Prüm Agreements) return negative results. This rule means that if any Member State has not implemented the above Council Decision and cannot perform a Prüm check, it also may not make a EURODAC check for law enforcement purposes. Similarly, any associated States that have not implemented or do not participate in the Prüm Agreements may not conduct such a EURODAC check.

BUDGETARY IMPLICATIONS: this proposal entails a technical amendment to the EURODAC central system in order to provide for the possibility of carrying out comparisons for law enforcement purposes. A new functionality to search on the basis of a latent is also proposed.

The proposal retains from the 2010 proposal the improvements of the system as regards new, asylum-focused functionalities regarding information on the status of the data subject (which were the outcome of negotiations in the Council). The financial statement attached to this proposal reflects this change and is also valid for the elements concerning the request for comparison with EURODAC data by Member States' law enforcement authorities and by Europol for the purposes of prevention, detection and investigation of terrorist offences and other serious criminal offences – see COM(2009)0344 .

The non-administrative cost estimate of EUR 2,415 million (EUR 2,771 million including administrative / human resources costs) includes costs of 3 years of technical maintenance, and consists of IT-related services, software and hardware and would cover the upgrade and customisation to allow searches for law enforcement purposes and also the changes for the original asylum purpose unrelated to law enforcement access. The amounts of the EURODAC recast proposal adopted on 10 September 2009 have largely been reproduced in the present financial statement and only altered slightly to reflect the staffing costs in the IT Agency. Given the relatively small overall cost, no extra resources and no rectification of the Home Affairs budget will be sought and funding will be found from within existing budget lines, either of the IT Agency or from the Home Affairs budget.

PURPOSE: to establish a single regulation :

regulation on the establishment of "Eurodac" for the comparison of fingerprints for the effective application of the Dublin Convention and to request comparisons with EURODAC data by Member States' law enforcement authorities and Europol for law enforcement purposes, and amendment of Regulation (EU) n° 1077/2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice.

PROPOSED ACT: Regulation of the European Parliament and of the Council.

BACKGROUND: setting out previous Commission proposals :

- December 2008 : EURODAC was established by Regulation (EC) No 2725/2000 concerning the establishment of "Eurodac" for the comparison of fingerprints for the effective application of the Dublin Convention. A recast proposal for the amendment of the EURODAC Regulation was adopted by the Commission in December 2008 (see the summary of the 2008 proposal dated 03/12/2008). This proposal was designed to ensure a more efficient support to the application of the Dublin Regulation and to properly address data protection concerns. It also aligned the IT management framework to that of the SIS II and VIS Regulations by providing for the taking over of the tasks of the operational management for EURODAC by the future Agency for the operational management of large-scale IT systems in the area of freedom, security and justice. The December 2008 proposal also aimed to: (i) repeal the Implementing Regulation and to include its content in the EURODAC Regulation; (ii) take into account developments in the acquis on asylum and technical progress which took place after the adoption of the Regulation in 2000. The European Parliament endorsed the Commission proposal subject to a number of amendments.

- September 2009: the Commission adopted an amended proposal in September 2009 in order to, on the one hand, take into account the resolution of the European Parliament and the results of negotiations in the Council, and, on the other hand, introduce the possibility for Member States' law enforcement authorities and Europol to access the EURODAC central database for the purposes of prevention, detection and investigation of terrorist offences and other serious criminal offences. In particular, that proposal introduced a bridging clause to allow access for law enforcement purposes. The proposal was presented at the same time as the proposal for a Council Decision on requesting comparisons with EURODAC data by Member States' law enforcement authorities and Europol for law enforcement purposes, spelling out the exact modalities of such access. The European Parliament did not issue a legislative resolution on the September 2009 proposals.

- October 2010: with the entry into force of the Treaty on the Functioning of the European Union (TFEU) and the abolition of the pillar system, the proposal for a Council Decision lapsed. However, with a view to progressing on the negotiations on the asylum package and facilitating the conclusion of an agreement on the EURODAC Regulation, the Commission considered it more appropriate in 2010 to withdraw from the EURODAC Regulation those provisions referring to the access for law enforcement purposes and presented a new proposal on 11 October 2010 similar to the 2008 recast of the EURODAC Regulation.

The Commission noted that enabling the swifter adoption of the new EURODAC Regulation would also facilitate the timely set up of the Agency for the operational management of large-scale IT systems from 1 December 2012.

- Towards a new recast proposal : it has since become clear that including law enforcement access for EURODAC is needed as part of a balanced deal on the negotiations of the Common European Asylum System package in order to completing the package by the end of 2012. Accordingly the Commission has decided to present again proposals to permit law enforcement access to EURODAC, but on this occasion merged into a single new EURODAC Regulation as this is now possible since the entry into force of the TFEU and it is better legislative practice to present a single instrument.

Regulation (EU) No 1077/2011 of the European Parliament and the Council establishing a European Agency for the operational management of large-scale information systems in the area of freedom, security and justice provides that the Agency should perform the tasks relating to EURODAC conferred on the Commission as the authority responsible for the operational management of EURODAC in accordance with Regulations (EC) No 2725/2000 and (EC) No 407/2002 as well as certain tasks related to the communication infrastructure, namely, supervision, security and the coordination of relations between the Member States and the provider. The Agency should take up the tasks entrusted to it under this Regulation and the relevant provisions of Regulation (EU) No 1077/2011 should be amended accordingly.

May 2012: the current proposal therefore withdraws the 2010 proposal and replaces it with a new one in order to:

take into account the resolution of the European Parliament and the results of negotiations in the Council; introduce the possibility for Member States' law enforcement authorities and Europol to access the EURODAC central database for the purposes of prevention, detection and investigation of terrorist offences and other serious criminal offences; and introduce the necessary amendments to Regulation (EU) No 1077/2011.

The intention is now to allow consultation of EURODAC by law enforcement authorities for the purpose of prevention, detection and investigation of terrorist offences and other serious criminal offences. This aims at enabling law enforcement authorities to request the comparison of fingerprint data with those stored in the EURODAC central database when they seek to establish the exact identity of or get further information on a person who is suspected of a serious crime or a crime victim. Fingerprint data constitute an important element of establishing the exact identity of a person and it is generally acknowledged as an important source of information for prevention, detection and investigation of terrorist offences and other serious criminal offences. Comparison of fingerprints in possession of Member States' designated law enforcement authorities and Europol with those stored in the EURODAC database will only be possible in case of necessity of such comparison in a specific case under well-defined circumstances .

IMPACT ASSESSMENT: the present amended proposal reinstates all of the provisions proposed in the lapsed draft Council Decision of 2009. In addition, it introduces two technical provisions relating to the asylum provisions. None of these elements is new and all were explored thoroughly in the impact assessments to the previous 2008 and 2009 proposals. Therefore, no new consultation and impact assessment were conducted specifically for the present proposal. However, the impact assessments of 2008 and 2009 are still valid for its purposes.

The relevant Impact Assessment concluded that access of law enforcement authorities to EURODAC is the only timely, accurate, secure and cost-efficient way to identify whether and if so, where data about asylum seekers are available in the Member States. No reasonable efficient alternative to EURODAC exists to establish or verify the exact identity of an asylum seeker that allows law enforcement authorities to obtain the same result.

LEGAL BASIS: Article 78 point (2) (e), Article 87 point (2) (a) and Article 88 point (2) (a) TFEU.

Article 78(2)(e) TFEU is the legal basis concerning criteria and mechanisms for determining which Member State is responsible for considering an application for asylum or subsidiary protection, which is the TFEU Article corresponding to the legal base of the original proposal (Article 63(1)(a) of the Treaty establishing the European Community) ;

Article 87(2)(a) is the legal basis for the elements related to the collation, storage, processing, analysis and exchange of relevant information for law enforcement purposes; and

Article 88(2) (a) is the legal basis for Europol's field of action and tasks including the collection, storage, processing, analysis and exchange of information.

CONTENT : this proposal amends the 2010 amended proposal for a Commission proposal for a Regulation of the European Parliament and of the Council concerning the establishment of 'Eudora' for the comparison of fingerprints for the effective application of Regulation (EC) No […/…] [establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person] – (see the summary of 11/10/2010).

It also amends Regulation (EU) No 1077/2011 of the European Parliament and of the Council establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice.

Main amending provisions

Marking of data: references to the "blocking" of data were changed in the 2008 recast to the "marking" of data concerning recognised beneficiaries of international protection. Under the original Regulation, the data of persons granted international protection remained on the EURODAC system but were blocked. As such, the EURODAC system recorded when there were hits concerning the fingerprints of recognised beneficiaries of international protection, but Member States were not informed of these hits. The new proposal was designed to "mark" these data instead of blocking, in order to inform the Member States if there is a hit for a marked data subject. This is to inform Member States if an existing beneficiary of international protection attempts to put in a fresh claim for asylum.

Law enforcement access to Eurodac : several of the amendments to the 2010 proposal are extracted directly from the lapsed September 2009 proposal on law enforcement access to EURODAC. As such, this part has been split into those areas amending the remainder of the proposal and amendments that are largely inspired by the September 2009 proposal, including their article references for ease of comparison.

The elements incorporated from the September 2009 proposal are the following:

Articles 1(2) laying down the condition s – from Article 1 of the September 2009 proposal; Article 5 on designated authorised to access EURODAC data – from Article 3 of the September 2009 proposal, except for clarified title; Article 6 on verifying authorities whose purpose is to ensure that the conditions for requesting comparisons of fingerprints with EURODAC data are fulfilled – from Article 4 of the September 2009 proposal; Article 7 on Europol – from Article 5 of the September 2009 proposal; Chapter VI (Articles 19-22) on the procedure for comparison and data transmission for law enforcement purposes – from Articles 6-9 of the September 2009 proposal; Article 33 on data protection, 34 on data security, 35 on prohibition of data transfers, 36 on logging and transfers – from Articles 10-13 of the September 2009 proposal; Article 39(3) on costs related to the prevention, detection or investigation of any of the criminal offences defined in this Regulation – from Article 14 of the September 2009 proposal; Article 40(8) and (9) on annual reporting on law enforcement access to EURODAC – modified from Article 17(1) and 17(3) of the September 2009 proposal; Article 43 on notifications of designated and verifying authorities – from Article 16 of the September 2009 proposal.

The elements that were neither in the September 2009 proposal nor the 2010 proposal are the following:

Article 2(1) contains further definitions concerning the IT Agency and Europol and the nature of terrorist and criminal offences; Article 2(2) and 2(4) clarify for data protection purposes when Directive 95/46/EC and how Framework Decision 2008/977/JHA apply; Article 29 – the wording on the leaflet has been enhanced to ensure that it is simple and written in a language the applicant can understand; Chapter VIII (Article 38) makes several amendments to Regulation (EU) No 1077/2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice; Article 41 – the words "and Europol" have been included into the article on penalties.

Throughout the recast, the references to the "Management Authority" have been replaced with the "Agency".

Territorial provisions : Title V of the TFEU is not applicable to the United Kingdom and Ireland, unless those two countries decide otherwise, in accordance with the provisions set out in the Protocol on the position of the United Kingdom and Ireland annexed to the TEU and to the TFEU.

The United Kingdom and Ireland are bound by Council Regulation (EC) No 2725/2000 following their notice of their wish to take part in the adoption and application of that Regulation based on the above-mentioned Protocol. The position of these Member States with regard to the current Regulation does not affect their possible participation with regard to the amended Regulation.

Under the Protocol on the position of Denmark, annexed to the TEU and the TFEU, Denmark does not take part in the adoption by the Council of the measures pursuant to Title V of the TFEU (with the exception of "measures determining the third countries whose nationals must be in possession of a visa when crossing the external borders of the Member States, or measures relating to a uniform format for visas"). Therefore, Denmark does not take part in the adoption of this Regulation and is not bound by it or subject to its application. However, given that Denmark applies the current Eurodac Regulation, following an international agreement that it concluded with the EC in 2006, it shall, in accordance with Article 3 of that agreement, notify the Commission of its decision whether or not to implement the content of the amended Regulation.

The scope of association agreements with Iceland, Norway, Switzerland and Liechtenstein as well as the parallel agreement with Denmark does not cover law enforcement access to EURODAC. The current proposal, like the 2009 proposal, notes that the comparison of fingerprint data using EURODAC may only be made after national fingerprint databases and the Automated Fingerprint Databases of other Member States under Council Decision 2008/615/JHA (the Prüm Agreements) return negative results. This rule means that if any Member State has not implemented the above Council Decision and cannot perform a Prüm check, it also may not make a EURODAC check for law enforcement purposes. Similarly, any associated States that have not implemented or do not participate in the Prüm Agreements may not conduct such a EURODAC check.

BUDGETARY IMPLICATIONS: this proposal entails a technical amendment to the EURODAC central system in order to provide for the possibility of carrying out comparisons for law enforcement purposes. A new functionality to search on the basis of a latent is also proposed.

The proposal retains from the 2010 proposal the improvements of the system as regards new, asylum-focused functionalities regarding information on the status of the data subject (which were the outcome of negotiations in the Council). The financial statement attached to this proposal reflects this change and is also valid for the elements concerning the request for comparison with EURODAC data by Member States' law enforcement authorities and by Europol for the purposes of prevention, detection and investigation of terrorist offences and other serious criminal offences – see COM(2009)0344 .

The non-administrative cost estimate of EUR 2,415 million (EUR 2,771 million including administrative / human resources costs) includes costs of 3 years of technical maintenance, and consists of IT-related services, software and hardware and would cover the upgrade and customisation to allow searches for law enforcement purposes and also the changes for the original asylum purpose unrelated to law enforcement access. The amounts of the EURODAC recast proposal adopted on 10 September 2009 have largely been reproduced in the present financial statement and only altered slightly to reflect the staffing costs in the IT Agency. Given the relatively small overall cost, no extra resources and no rectification of the Home Affairs budget will be sought and funding will be found from within existing budget lines, either of the IT Agency or from the Home Affairs budget.

The Council took note, on the basis of a presidency paper (doc. 8595/12 ) , of the state-of-play of negotiations on the various outstanding legislative proposals concerning the Common European Asylum System (CEAS).

In keeping with the commitment to strengthen the CEAS by the end of 2012, the Council instructed its preparatory bodies to continue work on the various proposals.

The situation on the four outstanding files can be described as follows:

· Reception Conditions Directive : negotiations between the Council and the European Parliament are expected to start soon. A revised proposal was tabled by the Commission on 1 June 2011.

· Asylum Procedures Directive : progress has been made, in particular regarding access to the procedure, applicants with special procedural needs and the applicability of accelerated procedures. Discussions in the Council preparatory bodies are continuing on other key elements such as guarantees for unaccompanied minors, subsequent applications and the right to an effective remedy. A revised proposal for the directive was tabled by the Commission on 1 June 2011.

· Eurodac Regulation : discussions are on hold pending a revised Commission proposal. Member States have requested additional provisions that would allow law enforcement authorities to access this central EU-wide fingerprint database, subject to strict conditions on data protection, for the purposes of fighting terrorism and organised crime.

· Dublin Regulation (procedures for determining the Member State responsible for examining an application for international protection): negotiations between the Council and the European Parliament are expected to start soon. The Council has introduced a mechanism for early warning, preparedness and crisis management . This mechanism is aimed at evaluating the practical functioning of national asylum systems, assisting Member States in need and preventing asylum crises. It will concentrate on enabling the adoption of measures to prevent asylum crises from developing rather than addressing the consequences of such crises once they had occurred.

Furthermore, in March 2012 the Council adopted conclusions on a common framework for genuine and practical solidarity with Member States facing particular pressures on their asylum systems, including through mixed migration flows. These conclusions are intended to constitute a toolbox for EU-wide solidarity with those Member States most affected by such pressures and/or encountering problems in their asylum systems. They aim to complement the implementation of the mechanism envisaged for early warning, preparedness and crisis management in the amended Dublin Regulation.

It should be noted that four other agreements and decisions related to the CEAS have already been adopted. They concern:

· the Qualification Directive providing for better, clearer and more harmonised standards for identifying persons in need of international protection which was adopted in November 2011 and entered into force in January 2012;

· the Long Term Residence Directive adopted in April 2011;

· the creation of the European Asylum Support Office (EASO) which started operations in spring 2011;

· the decision taken in March 2012 establishing common EU resettlement priorities for 2013 as well as new rules on EU funding for resettlement activities carried out by Member States.

As regards the overall context, it should be remembered that the European Council confirmed in its conclusions in June 2011 that negotiations on the various elements of the CEAS should be concluded by 2012.

The Council looked, on the basis of a presidency paper , at the state-of-play of negotiations on the various legislative proposals concerning the Common European Asylum System (CEAS).

Ministers instructed the Council preparatory bodies to continue their work to reach an agreement at Council level and with the European Parliament as soon as possible.

The situation on the various files can be described as follows:

The qualification directive providing for better, clearer and more harmonised standards for identifying persons in need of international protection was adopted in November 2011 and entered into force in January 2012. The asylum procedures and reception conditions directives : revised proposals were tabled by the Commission on 1 June 2011. Significant progress has been made on the two instruments, in particular on the reception conditions directives where negotiations with the European Parliament are expected to start soon. The main outstanding issues here concern the grounds for detention and access to labour market for asylum applicants . The Dublin II regulation establishes the procedures for determining the member state responsible for examining an application for international protection. Further progress has been made on almost all aspects, in particular concerning a proposal to introduce a mechanism for early warning, preparedness and crisis management. The Eurodac regulation: discussions on amendments to the rules regulating this fingerprint database are on hold pending a revised Commission proposal. Member states have requested additional provisions which would allow their law enforcement authorities to access the Eurodac central database under strict conditions on data protection for the purposes of fighting terrorism and organised crime.

Two other agreements related to the CEAS have been achieved so far. They concern the long term residence directive and the creation of the European Asylum Support Office (EASO) which started operations in spring 2011.

In addition, the Council took a decision without discussion which establishes common EU resettlement priorities for 2013 as well as new rules on EU funding for resettlement activities carried out by member states.

Opinion of the European Data Protection Supervisor on the Amended proposal for a Regulation of the European Parliament and of the Council on the establishment of ‘Eurodac’ for the comparison of fingerprints for the effective application of Regulation (EC) No (…/…) (establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person).

On 11 October 2010, the European Commission adopted an Amended proposal for a Regulation of the European Parliament and of the Council on the establishment of ‘Eurodac’ for the comparison of fingerprints for the effective application of the future Regulation establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person.

Focus of the opinion of the EDPS : the EDPS has already contributed several opinions in this area, as mentioned above. The purpose of the present opinion is to recommend improvements to the proposal; these recommendations are either based on new developments or on recommendations previously made and not yet taken on board, in situations where the EDPS finds that his arguments have not been met adequately or that these recommendations are supported by new arguments. The present opinion will focus on the following points:

the withdrawal of the provisions related to law enforcement access to Eurodac, the position of the individual whose fingerprints are not usable, information of the data subject, use of best available techniques as a way to implement ‘Privacy by Design’, consequences of subcontracting (a part of) the development or management of the system to a third party.

Main conclusions : the EDPS welcomes the fact that the possibility to give law enforcement an access to Eurodac has been left out of the current proposal.

The collection and further processing of fingerprints occupy a central place in the Eurodac system. The EDPS emphasizes that the processing of biometric data such as fingerprints poses specific challenges and creates risks which have to be addressed. In particular, the EDPS underlines the problem of so-called ‘failure to enrol’- the situation in which a person finds him/herself if for some reason, their fingerprints are not usable. Failure to enrol on its own should not lead to a denial of rights for asylum seeker.

The EDPS recommends adding to Article 6a of the proposal a provision along the following line: ‘Temporary or permanent impossibility to provide usable fingerprints shall not adversely affect the legal situation of the individual. In any case, it can not represent sufficient grounds to refuse to examine or to reject an asylum application’.

The EDPS notes that effective implementation of the right to information is crucial for the proper functioning of Eurodac, so as to ensure that information is provided in a way that enables the asylum seeker to fully understand his situation, as well as the extent of the rights, including the procedural steps he/she can take as follow-up to the administrative decisions taken in his/her case. The EDPS suggests that the wording of Article 24 of the Proposal should be reformulated to clarify the rights to be given to the asylum applicant.

The EDPS recommends amending Article 4(1) of the Proposal, using the expression ‘Best Available Techniques’ instead of ‘Best Available Technologies’. Best Available Techniques include both the technology used and the way in which the installation is designed, built, maintained and operated.

The EDPS recommends as regards on the issue of subcontracting a part of the Commission tasks to another organisation or entity (such as a private company) that safeguards should be put in place to ensure that the applicability of Regulation (EC) No 45/2001, including the data protection supervision by the EDPS remains entirely unaffected by the subcontracting of activities. Furthermore, additional safeguards of a more technical nature should also be adopted.

Ministers continued work on the establishment of a Common European Asylum System (CEAS) on the basis of a discussion paper which presents the state of play in relation to the discussions regarding a package of six legislative proposals which EU Member States have committed to adopt by 2012.

It relates to the following proposals:

the proposal for the extension of the Long-Term Residents Directive to beneficiaries of international protection ; the recast of the ‘Qualification’ Directive ; this proposal for the recast of the EURODAC Regulation; the recast of the ‘Dublin’ Regulation ; the establishment of a European Asylum Support Office (EASO) ; the amendment of Decision No 573/2007/EC establishing the European Refugee Fund for the period 2008 to 2013 by removing funding for certain Community actions and altering the limit for funding such actions (already adopted).

As regards the EURODAC Regulation, all Member States that took the floor v oiced their disappointment that the provision for law enforcement access to the Eurodac data had been omitted from the latest Commission proposal .

The paper which served as a basis for the discussion between the Member States recalled, in particular, that on 11 October 2010, the Commission had submitted a new amended proposal on which Parliament will be called to draw up a new first reading position.

Delegations recalled that the discussions regarding the technical changes to the EURODAC Regulation had already reached an advanced stage in the Council and the Parliament on the basis of the previous proposals and that these results had been taken into account by the Commission in the drafting of the new amended proposal. The main difference between it and the previous amended proposal, dating from September 2009, is that the new text does not contain the provisions referring to the access to the EURODAC system for law enforcement purposes. The Commission explains this omission by stating that it would facilitate an agreement on the four priority proposals identified by the Presidency and would thus contribute to the timely establishment of the CEAS, that it would allow for a swift implementation of the necessary technical adaptations to the existing Eurodac System and that it would facilitate the timely set up of the new IT Agency which should also be responsible for the management of Eurodac. A large number of delegations have already voiced their disappointment at the absence of provision for law enforcement access in the new proposal during recent meetings within the Council, and have reiterated their request to the Commission to come forward very soon with proposals that would allow for such access.

In the course of the debate, the Commission indicated that it was ready to reconsider the question of law enforcement access in the context of the EURODAC Regulation.

This proposal seeks to put forward an amended proposal for a Regulation of the European Parliament and of the Council on the recast of the EURODAC system for the comparison of fingerprint for the effective application of the so-called “Dublin Regulation”.

Background : in December 2008, the Commission adopted a proposal to recast Regulation (EC) No 2725/2000 which was designed to ensure a more efficient support to the application of the Dublin Regulation and to properly address data protection concerns. It also aligned the IT management framework to that of the SIS II and VIS Regulations by providing for the taking over of the tasks of the operational management for EURODAC by the future Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (i.e. the IT Agency). For further details of the content of the initial proposal, please refer to the summary dated 03/12/2008.

The European parliament was consulted on this proposal and the Commission presented, in September 2009, a first amended proposal in order, on the one hand, take into account the resolution of the European Parliament and the results of negotiations in the Council, and, on the other hand, introduce the possibility for Member States' law enforcement authorities and Europol to access the EURODAC central database for the purposes of prevention, detection and investigation of terrorist offences and other serious criminal offences. In particular, that proposal introduced a bridging clause to allow access for law enforcement purposes as well as the necessary accompanying provisions. It was presented at the same time as the proposal for a Council Decision on requesting comparisons with EURODAC data by Member States' law enforcement authorities and Europol for law enforcement purposes, spelling out the exact modalities of such access.

The European Parliament did not issue a legislative resolution on either the first amended proposal for the recast of the EURODAC Regulation or on the proposal for a Council Decision outlined above. With the entry into force of the Treaty on the Functioning of the European Union (TFEU) and the abolition of the pillar system, the proposal for a Council Decision lapsed and therefore needed to be replaced with a new proposal to take account of the new framework of the TFEU.

However, with a view to progressing on the negotiations on the asylum package and facilitating the conclusion of an agreement on the EURODAC Regulation, the Commission considers it more appropriate at this stage to withdraw from the EURODAC Regulation those provisions referring to the access for law enforcement purposes . Enabling the swifter adoption of the new EURODAC Regulation will also facilitate the timely set up of the IT Agency which will also be responsible for the management of EURODAC.

As a result, the Commission is presenting a second amended proposal on which Parliament is to be consulted.

LEGAL BASE: Article 78 point (2)(e) of the Treaty on the Functioning of the European Union (TFEU) which is the TFEU provision that corresponds with the legal base of the initial proposal (Art 63, point 1) under the Treaty establishing the European Community..

CONTENT: the amended proposal amends the original amended proposal of the proposal for the recast of the EURODAC Regulation.

While the present amended proposal introduces two technical provisions, its main purpose is to amend the previous proposal (i.e. from September 2009) by deleting from it the option of access for law enforcement purposes.

Territorial measures: Title V of the TFEU is not applicable in the UK or in Ireland, unless these two countries decide otherwise, in accordance with the provisions of the Protocol on the position of the UK and Ireland annexed to the Treaty on the European Union (TEU) and the TFEU. The UK and Ireland are bound by Council Regulation (EC) No 2725/2000 following their notice of their wish to take part in the adoption and application of that Regulation. The position of these Member States with regard to the current Regulation does not affect their possible participation with regard to the amended Regulation.

On the other hand, Denmark is not participating in the adoption of this Regulation and is therefore neither bound by it nor subject to its application. This country, however, is required to notify the Commission of its decision whether or not to implement the content of the amended Regulation, given that it already applies the Dublin Regulation.

FINANCIAL IMPACT: this proposal has important savings on the budgetary planning compared to the previous proposal, which provided for the possibility to carry out comparisons for law enforcement purposes. This proposal retains from the 2009 proposal the improvements of the system as regards new, asylum-focused functionalities regarding information on the status of the data subject (which were the outcome of negotiations in the Council) and, at the same time, deletes the functionality of law enforcement searches.

The cost estimate of EUR 230 000 replaces the EUR 2 415 000 asked for in the 2009 proposal.

The cost estimate of EUR 230.000 consists of IT-related services, software and hardware and would cover the customisations required to the EURODAC central system.

Ministers discussed the state-of-play regarding the establishment of a Common European Asylum System (CEAS). The CEAS includes a package of six legislative proposals which EU member states have undertaken to adopt by 2012.

The basis for the discussion was a presidency report that gave an overview of the debate after an informal meeting of the Justice and Home Affairs Ministers on 15 and 16 July and a ministerial conference on 13 and 14 September 2010 in Brussels.

Member states highlighted a number of issues of particular concern to them including the need to combine a high level of protection with efficient and effective asylum systems, solidarity and changes to the Dublin II system. The current text of the Dublin II regulation states that the member states through which an asylum seeker first entered the territory of the EU are responsible for dealing with that person's request for asylum.

Malta , Greece and Cyprus, for example, repeated their call for solidarity and support from the European Commission and other member states to help them cope with the large number of asylum requests with which they are confronted. The Dublin II regulation should, in their opinion, be reformed.

Other member states, including Germany and Austria, maintained that the proper functioning of the Dublin II regulation was at the heart of any possible future Common European Asylum System. These countries and others, like the UK, also stressed the importance for more cooperation with third countries on issues such as readmission agreements and border controls. They also stressed that they were ready to provide practical support and cooperation in order to help those member states struggling with a greater burden to implement existing legislation . The European Asylum Support Office (EASO), which is expected to be operational early in 2011, is expected to play an important role in this respect.

In the context of this debate, the Commission also informed the Council of its recent missions to Greece where it discussed with Greek political leaders the reform of their asylum system. Greece has recently adopted a national action plan on asylum reform and migration management in response to significant increases in the number of illegal immigrants and asylum seekers. Member states confirmed their readiness to assist in the implementation of the plan.

OPINION OF THE EUROPEAN DATA PROTECTION SUPERVISOR

on the amended proposal for a Regulation of the European Parliament and of the Council concerning the establishment of ‘Eurodac’ for the comparison of fingerprints for the effective application of Regulation (EC) No (…/…) (establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person), and on the proposal for a Council Decision on requesting comparisons with Eurodac data by Member States’ law enforcement authorities and Europol for law enforcement purposes

The EDPS has serious doubts whether these proposals are legitimate and whether legislative instruments should be adopted on the basis of these proposals. These doubts are based on the considerations in this opinion which can be summarised as follows.

Necessity and proportionality : the EDPS wishes to emphasize that a better exchange of information is an essential policy goal for the European Union. Governments need appropriate instruments to guarantee the security of the citizen, but within our European society they have to fully respect the citizen's fundamental rights. It is the task of the EU-legislator to ensure this balance. Measures to combat terrorist offences and other serious offences can be a legitimate ground to allow processing of personal data, provided that the necessity of the intrusion is supported by clear and undeniable elements, and the proportionality of the processing is demonstrated . This is all the more required since the proposals concern a vulnerable group in need of higher protection because they flee from persecution. Their precarious position has to be taken into account in the assessment of the necessity and proportionality of the proposed action. The EDPS also points at the risk of stigmatisation.

Legitimacy: the EDPS recommends assessing the legitimacy of the proposals in a wider context, notably:

the tendency of granting law enforcement access to personal data of individuals that are not suspected of any crime and that have been collected for other purposes; the need for a case-by-case assessment of every proposal of this kind and for a coherent, comprehensive and future-oriented vision, preferably related to the Stockholm-programme; the need to first implement and evaluate the application of other new EU instruments that permit consultation by one Member State of fingerprints and other law enforcement data held by another Member State; the urgency of the proposal, in relation to the changing legal and policy environment.

European Convention on Human Rights (ECHR): in relation to the compatibility of the proposals with Article 8 ECHR, the EDPS questions the change of purpose of the system. To recall, Article 1(2) of the proposed Regulation now extends the purpose of the Eurodac system and adds the purpose of the prevention, detection and investigation of terrorist offences and other serious criminal offences, under the conditions set out in the proposals. The EDPS underlines that just stating the change of purpose in a legislative proposal does not constitute such a change. Moreover, a legislative change does not in itself lead to a different assessment of whether the proposals are necessary in a democratic society, proportionate and otherwise acceptable, notably in view of the rules on purpose limitation in Directive 95/46/EC.

The EDPS emphasises that the necessity should be proven by the demonstration of substantial evidence of a link between asylum applicants and terrorism and/or serious crime. This is not done in the proposals.

Lastly, the EDPS welcomes the fact that he is consulted and recommends that reference to this consultation be made in the recitals of the proposal, in a similar way as in a number of other legislative texts on which the EDPS has been consulted, in accordance with Regulation (EC) No 45/2001.

He also makes a few comments on the substantive texts of the proposals.

At its sitting on 7 May 2009, the European Parliament adopted, subject to a number of amendments, a legislative resolution endorsing the Commission’s recast proposal of the EURODAC system.

The Commission now presents a draft amended regulation in order to take into account the European Parliament’s amendments at first reading and the results of negotiations in the Council. It also introduces the possibility for Member States' law enforcement authorities and Europol to access the EURODAC central database for the purposes of prevention, detection and investigation of terrorist offences and other serious criminal offences.

Objectives of the new proposed measure : in case a person suspected to have committed an act of terrorism or a serious crime has been previously registered as an asylum seeker but is not in any other database or is only registered with alphanumerical data (which might be incorrect, for example if that person has given a wrong identity or used forged documents), the only information available to identify him/her might be the biometric information contained in EURODAC. The intention is now to allow consultation of EURODAC by law enforcement authorities for the purpose of prevention, detection and investigation of terrorist offences and other serious criminal offences. In order to do this it is necessary to amend the EURODAC Regulation to include explicitly this additional purpose.

The amended proposal also introduces a series of measures including a bridging clause to permit this access for law enforcement purposes by providing a link between a third pillar instrument (Council Decision No […/…]JHA [EURODAC law enforcement Decision] ) and the present first pillar Regulation. Other amendments include: (i) the designation of authorities which are allowed to access EURODAC for a law enforcement purpose and the guarantee that they will also comply with the provisions on responsibility for data use and data security; (ii) the introduction of an obligation to collect statistics on the number of law enforcement searches and the number of hits these produced; (iii) a technical amendment to the EURODAC central system, ie. a new functionality to search on the basis of a so-called latent (a latent print is the chance reproduction of the friction ridges deposited on the surface of an item) in order to better facilitate the purposes of law enforcement access; (iv) a provision to ensures that upon taking his or her fingerprints, the data subject is also informed about the possibility of his or her data be accessed for law enforcement purposes; (v) the provision of an overall evaluation of the EURODAC Regulation so as to include the mechanism of access for law enforcement purposes.

Need for the European Parliament to be newly consulted at first reading : since the European Parliament issued its report on the recast proposal in first reading on 7 May 2009, it is understood that it should have the possibility of issuing a new report in first reading on the current proposal. The reconsultation only concerns new measures.

Modifications introduced following the European Parliament resolution : overall, the Commission considers that the amendments are for the most part acceptable or partly acceptable, with some exceptions.

Amendments partly accepted are as follows :

the amendment which aims to split the deadline for taking and sending fingerprints in two parts, is not acceptable, since such an approach could create practical difficulties for Member States. However, it is accepted to extend the deadline for transmission to 72 hours (in conformity with the EP proposal of 48 hours plus 24 hours); the first part of the amendment adding a new reference to the reference number used when searching a transaction on a third country national or stateless person found illegally present in a Member State is accepted.

Amendments which cannot be accepted concern those which :

suggest that persons who obtained long term residence status in accordance with Council Directive 2003/109/EC concerning the status of third-country nationals who are long-term residents (Long-term Residence Directive) be erased from EURODAC: the Long-term Residence Directive explicitly excludes from its scope of application the applicants and beneficiaries of international protection: for this reason it is not possible to accept those amendments; concern the competences of the Management Authority: the amendment is not accepted since the purpose of the Article is not to determine the scope of the IT Agency, but to clarify that the Management Authority referred to in the present Regulation is the same as the one referred to in the SIS II and VIS Regulations; propose to add a reference to some additional articles of Council Directive 2004/83/EC on minimum standards for the qualification and status of third country nationals or stateless persons as refugees or as persons who otherwise need international protection and the content of the protection granted in Article 16 (2) of the present proposal, is not considered necessary, as those situations are already covered in the current drafting; aim to introduce the obligation to inform the European Data Protection Supervisor (EDPS) of each 'false hit'. This is deemed superfluous; aim to introduce a provision prohibiting the transfer of data to authorities of third countries. The Regulation in force is already clear that such data cannot be accessed by third countries. Therefore this amendment is not accepted; aim to introduce an obligation for Member States to notify changes in their list of authorities within a maximum of 30 days after the change took effect. This is regarded as an unnecessary burden and the deadline proposed as unrealistic.

Modifications introduced following the outcome of negotiations in the Council : among the amendments stemming from the interinstitutional agreement on this text, one can note the following:

a new Article providing information to Member States on the status of the data subject. It foresees that Member States are also informed if a given person, whose data is stored in the database, was transferred following a take charge procedure, or if he or she left the territory of the Member States, either voluntarily or as the result of a return decision or removal order. amendments introduced in the article concerning the storage of data aim to clearly spell out which third country nationals or stateless persons have to be fingerprinted and at what point in time. The introduced change will help harmonising practices between Member States and ensure that as soon as a person is allowed entry on the territory of the Member States, his/her fingerprints need to be taken and sent to the EURODAC database.

BUDGETARY IMPLICATIONS: the present proposal entails a technical amendment to the EURODAC central system in order to provide for the possibility to carry out comparisons for law enforcement purposes. The cost estimate of EUR 2 415 million includes costs of 3 years of technical maintenance, and consists of IT-related services, software and hardware and would cover the upgrade and customisation to allow searches for law enforcement purposes and also the changes for the original asylum purpose unrelated to law enforcement access.

At its sitting on 7 May 2009, the European Parliament adopted, subject to a number of amendments, a legislative resolution endorsing the Commission’s recast proposal of the EURODAC system.

The Commission now presents a draft amended regulation in order to take into account the European Parliament’s amendments at first reading and the results of negotiations in the Council. It also introduces the possibility for Member States' law enforcement authorities and Europol to access the EURODAC central database for the purposes of prevention, detection and investigation of terrorist offences and other serious criminal offences.

Objectives of the new proposed measure : in case a person suspected to have committed an act of terrorism or a serious crime has been previously registered as an asylum seeker but is not in any other database or is only registered with alphanumerical data (which might be incorrect, for example if that person has given a wrong identity or used forged documents), the only information available to identify him/her might be the biometric information contained in EURODAC. The intention is now to allow consultation of EURODAC by law enforcement authorities for the purpose of prevention, detection and investigation of terrorist offences and other serious criminal offences. In order to do this it is necessary to amend the EURODAC Regulation to include explicitly this additional purpose.

The amended proposal also introduces a series of measures including a bridging clause to permit this access for law enforcement purposes by providing a link between a third pillar instrument (Council Decision No […/…]JHA [EURODAC law enforcement Decision] ) and the present first pillar Regulation. Other amendments include: (i) the designation of authorities which are allowed to access EURODAC for a law enforcement purpose and the guarantee that they will also comply with the provisions on responsibility for data use and data security; (ii) the introduction of an obligation to collect statistics on the number of law enforcement searches and the number of hits these produced; (iii) a technical amendment to the EURODAC central system, ie. a new functionality to search on the basis of a so-called latent (a latent print is the chance reproduction of the friction ridges deposited on the surface of an item) in order to better facilitate the purposes of law enforcement access; (iv) a provision to ensures that upon taking his or her fingerprints, the data subject is also informed about the possibility of his or her data be accessed for law enforcement purposes; (v) the provision of an overall evaluation of the EURODAC Regulation so as to include the mechanism of access for law enforcement purposes.

Need for the European Parliament to be newly consulted at first reading : since the European Parliament issued its report on the recast proposal in first reading on 7 May 2009, it is understood that it should have the possibility of issuing a new report in first reading on the current proposal. The reconsultation only concerns new measures.

Modifications introduced following the European Parliament resolution : overall, the Commission considers that the amendments are for the most part acceptable or partly acceptable, with some exceptions.

Amendments partly accepted are as follows :

the amendment which aims to split the deadline for taking and sending fingerprints in two parts, is not acceptable, since such an approach could create practical difficulties for Member States. However, it is accepted to extend the deadline for transmission to 72 hours (in conformity with the EP proposal of 48 hours plus 24 hours); the first part of the amendment adding a new reference to the reference number used when searching a transaction on a third country national or stateless person found illegally present in a Member State is accepted.

Amendments which cannot be accepted concern those which :

suggest that persons who obtained long term residence status in accordance with Council Directive 2003/109/EC concerning the status of third-country nationals who are long-term residents (Long-term Residence Directive) be erased from EURODAC: the Long-term Residence Directive explicitly excludes from its scope of application the applicants and beneficiaries of international protection: for this reason it is not possible to accept those amendments; concern the competences of the Management Authority: the amendment is not accepted since the purpose of the Article is not to determine the scope of the IT Agency, but to clarify that the Management Authority referred to in the present Regulation is the same as the one referred to in the SIS II and VIS Regulations; propose to add a reference to some additional articles of Council Directive 2004/83/EC on minimum standards for the qualification and status of third country nationals or stateless persons as refugees or as persons who otherwise need international protection and the content of the protection granted in Article 16 (2) of the present proposal, is not considered necessary, as those situations are already covered in the current drafting; aim to introduce the obligation to inform the European Data Protection Supervisor (EDPS) of each 'false hit'. This is deemed superfluous; aim to introduce a provision prohibiting the transfer of data to authorities of third countries. The Regulation in force is already clear that such data cannot be accessed by third countries. Therefore this amendment is not accepted; aim to introduce an obligation for Member States to notify changes in their list of authorities within a maximum of 30 days after the change took effect. This is regarded as an unnecessary burden and the deadline proposed as unrealistic.

Modifications introduced following the outcome of negotiations in the Council : among the amendments stemming from the interinstitutional agreement on this text, one can note the following:

a new Article providing information to Member States on the status of the data subject. It foresees that Member States are also informed if a given person, whose data is stored in the database, was transferred following a take charge procedure, or if he or she left the territory of the Member States, either voluntarily or as the result of a return decision or removal order. amendments introduced in the article concerning the storage of data aim to clearly spell out which third country nationals or stateless persons have to be fingerprinted and at what point in time. The introduced change will help harmonising practices between Member States and ensure that as soon as a person is allowed entry on the territory of the Member States, his/her fingerprints need to be taken and sent to the EURODAC database.

BUDGETARY IMPLICATIONS: the present proposal entails a technical amendment to the EURODAC central system in order to provide for the possibility to carry out comparisons for law enforcement purposes. The cost estimate of EUR 2 415 million includes costs of 3 years of technical maintenance, and consists of IT-related services, software and hardware and would cover the upgrade and customisation to allow searches for law enforcement purposes and also the changes for the original asylum purpose unrelated to law enforcement access.

In public deliberation, the Council held a policy debate on the state of negotiations regarding five legislative acts concerning asylum. The Council welcomed the progress already made and instructed its preparatory bodies to continue the examining the proposals taking account of the European Parliament’s opinion, delivered on 7 May, as well as the views expressed by delegations in the discussion.

The five proposals involve amendments to the so called "Dublin" regulation , the EURODAC regulation , and the reception conditions directive as well as a proposal for the establishment of a European asylum support office and a related amendment of the European refugee fund.

These measures stem from the commitments undertaken in the European Pact on Immigration and Asylum adopted by the European Council in October 2008, with the purpose to complete the Common European Asylum System provided for in the Hague Programme.

Over the last few months, the Council preparatory bodies have carried out intensive discussions on the five proposals. A first reading of the text has been completed in all cases.

On 7 May, the European Parliament adopted legislative resolutions setting out amendments to the Commission proposals under the Council-Parliament codecision procedure. Examination of these amendments is now underway.

The European Parliament adopted, by 445 votes to 76 with 8 abstentions a legislative resolution amending, under the first reading of codecision procedure, the proposal for a regulation of the European Parliament and of the Council concerning the establishment of 'Eurodac' for the comparison of fingerprints for the effective application of Regulation (EC) No […/…] [establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person] (recast).

The main amendments are as follows:

Operational management by the Management Authority : Parliament clarified that the Management Authority must be competent for EURODAC, as well as SIS II and VIS. It added that the setting-up of the Management Authority and the interoperability of the several databases for which it has competence shall be without prejudice to the separate and discrete operation of those databases.

Statistics: these must include the number of hits for persons granted international protection.

Collection, transmission and comparison of fingerprint data : Parliament felt that the deadline of 48 hours was too short for taking and transmitting the fingerprint data to the Central System. A deadline of 48 hours for taking the fingerprints and a deadline of 24 hours for transmitting the fingerprint data is inserted into the text. Parliament added that By way of exception, in cases when the fingerprints are seriously, but only temporarily, damaged and cannot provide suitable fingerprint data or in cases when there is a need to enforce a quarantine period because of severe contagious disease, the period of 48 hours for taking the fingerprints of applicants for international protection, may be extended up to a maximum of 3 weeks. Member States may also extend the period of 48 hours in well-founded and proven cases of force majeure for as long as those circumstances persist. The period of 24 hours for transmitting the required data shall apply accordingly.

Advance data erasure : data relating to a person who has acquired citizenship of any Member State or has been issued a long-term residence permit by a Member State in accordance with Directive 2003/109/EC before expiry of the relevant period shall be erased from the Central System.

Carrying out comparisons : in the interests of data protection the European Data Protection Supervisor should also be informed of inaccurate identifications.

Joint supervisory authority : the provision of data recorded in the EURODAC system to the authorities of any unauthorised third country, especially to the state of origin of the persons covered by the present Regulation, could trigger severe consequences for the family members of the persons covered by the EURODAC Regulation. Accordingly Parliament provided that all the authorities that participate in the EURODAC system shall prevent the access to or the transfer of data recorded in EURODAC to the authorities of any unauthorised third country, especially to the State of origin of the persons covered by this Regulation.

It also added that the Management Authority shall lay down a common set of requirements to be fulfilled by persons in order to be granted authorisation to access EURODAC.

Rights of the data subject : Members noted that the obligation to provide information in an age-appropriate manner should apply to all categories of persons subject to the EURODAC procedure who are minors and not only to applicants for international protection.

Supervision by the European Data Protection Supervisor : the European Data Protection Supervisor may request any information from the Management Authority considered necessary to carry out the functions entrusted to it under that Regulation.

Transitional period: during the transitional period, references in the Regulation to the Management Authority shall be construed as references to the Commission.

The Committee on Civil Liberties, Justice and Home Affairs adopted the report drawn up by Nicolae Vlad POPA (EPP-ED, RO) amending, under the first reading of codecision procedure, the proposal for a regulation of the European Parliament and of the Council concerning the establishment of 'Eurodac' for the comparison of fingerprints for the effective application of Regulation (EC) No […/…] [establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person] (recast).

The main amendments are as follows:

Operational management by the Management Authority : the committee clarified that the Management Authority must be competent for EURODAC, as well as SIS II and VIS. It added that the setting-up of the Management Authority and the interoperability of the several databases for which it has competence shall be without prejudice to the separate and discrete operation of those databases.

Statistics : these must include the number of hits for persons granted international protection.

Collection, transmission and comparison of fingerprint data : the report stated that although it is of the utmost importance to introduce a specific deadline for the transmission of the fingerprint data, the deadline of 48 hours seems to be too short for taking and transmitting the fingerprint data to the Central System. A deadline of 48 hours for taking the fingerprints and a deadline of 24 hours for transmitting the fingerprint data is more appropriate while still tackling the problem of late transmission of fingerprints by Member States. By way of exception, in cases when the fingerprints are seriously, but only temporarily, damaged and cannot provide suitable fingerprint data or in cases when there is a need to enforce a quarantine period because of severe contagious disease, the period of 48 hours for taking the fingerprints of applicants for international protection, may be extended up to a maximum of 3 weeks. Member States may also extend the period of 48 hours in well-founded and proven cases of force majeure for as long as those circumstances persist. The period of 24 hours for transmitting the required data shall apply accordingly.

There are similar provisions for taking the fingerprints of the third-country national or stateless person.

Advance data erasure : data relating to a person who has acquired citizenship of any Member State or has been issued a long-term residence permit by a Member State in accordance with Directive 2003/109/EC before expiry of the relevant period shall be erased from the Central System.

Transmission : since data are only transmitted electronically, references to paper form or other means of data support have been deleted in the Commission proposal. Accordingly, the electronic transmission of data should be obligatory.

Carrying out comparisons : in the interests of data protection the European Data Protection Supervisor should also be informed of inaccurate identifications.

Joint supervisory authority : the committee noted that the provision of data recorded in the EURODAC system to the authorities of any unauthorised third country, especially to the state of origin of the persons covered by the present Regulation, could trigger severe consequences for the family members of the persons covered by the EURODAC Regulation. Accordingly it provided that all the authorities that participate in the EURODAC system shall prevent the access to or the transfer of data recorded in EURODAC to the authorities of any unauthorised third country, especially to the State of origin of the persons covered by this Regulation.

It also added that the Management Authority shall lay down a common set of requirements to be fulfilled by persons in order to be granted authorisation to access EURODAC.

Changes to the list of authorities: an explicit deadline is needed, in which changes made to the list of the authorities, that have access to data recorded in the Central System, are communicated to the Commission and the Management Authority. The committee inserted 30 days.

Rights of the data subject : the report noted that it should be clarified that the data subject should be informed about the content and not only the existence of the right of access to data and the rights to correction or erasure of data as well as, separately, on the procedural steps he/she may take. The addition of the contact details of the relevant authorities takes account of the fact that the data controller is primarily responsible for ensuring the application of the rights of the data subject. Reference is made to the provisions regarding supervision by the National Supervisory Authorities.

Furthermore, Members noted that the obligation to provide information in an age-appropriate manner should apply to all categories of persons subject to the EURODAC procedure who are minors and not only to applicants for international protection.

Supervision by the European Data Protection Supervisor : the European Data Protection Supervisor may request any information from the Management Authority considered necessary to carry out the functions entrusted to it under that Regulation.

Transitional period : during the transitional period, references in the Regulation to the Management Authority shall be construed as references to the Commission.

OPINION OF THE EUROPEAN DATA PROTECTION SUPERVISOR on the proposal for a Regulation of the European Parliament and of the Council concerning the recast of the ‘Eurodac” Regulation.

The proposal for a Regulation of the European Parliament and of the Council concerning the establishment of ‘Eurodac’ for the comparison of fingerprints for the effective application of Regulation (EC) No […/…] (establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person) was sent by the Commission to the EDPS for consultation on 3 December 2008. This consultation should be explicitly mentioned in the preamble of the Regulation.

It is recalled that the EDPS has contributed to this proposal at an earlier stage, and many of the points he raised informally have been taken into account in the final text of the Commission's Proposal.

His main conclusion may be summarised as follows :

the EDPS supports the proposal and welcomes the supervision model proposed as well as the role and tasks he has been entrusted with in the new system. The model envisaged reflects the current practice which proved efficient; the EDPS notes that the proposal strives to consistency with other legal instruments governing the establishment and/or use of other large-scale IT systems; he welcomes considerable attention devoted in the proposal to the respect of fundamental rights, and in particular the protection of personal data. As also mentioned in the opinion on the revision of the Dublin Regulation, the EDPS considers this approach as an essential prerequisite to the improvement of the asylum procedures in the European Union.

The EDPS draws attention to the following points:

the need to ensure full consistency between the EURODAC and Dublin Regulations; the need for a better coordination and harmonization at EU level of the procedures for fingerprinting whether they concern asylum seekers or any other persons subject to the Eurodac procedure. He draws special attention to the question of the age limits for fingerprinting, and in particular the difficulties occurring in several Member States to determine the age of young asylum seekers; the need for clarification of the provisions regarding the rights of the data subjects, and in particular he underlines that the national data controllers are primarily responsible to ensure the application of these rights.

PURPOSE: recast of Council Regulation (EC) No 2725/2000/EC for the establishment of 'EURODAC' ("EURODAC Regulation").

PROPOSED ACT: Regulation of the European Parliament and of the Council.

CONTENT: as announced in the Policy Plan on Asylum, this proposal is part of a first package of proposals which aim to ensure a higher degree of harmonisation and better standards of protection for the Common European Asylum System (CEAS). It is adopted at the same time as the recast of the Dublin Regulation and the Reception Conditions Directive. EURODAC, a Community-wide information technology system, was created to facilitate the application of the Dublin Convention. The Convention was replaced by a Community law instrument Council Regulation (EC) No 343/2003 establishing the criteria and mechanisms for determining the Member State responsible for examining an asylum application lodged in one of the Member States by a third-country national ("the Dublin Regulation"). EURODAC allows Member States to determine whether an asylum applicant or a foreign national illegally present in a Member State has previously applied for asylum in another Member State . Among other criteria, the Dublin Regulation allocates responsibility for the assessment of an asylum claim on the basis of which Member State allowed the applicant to the territory of the Member States. EURODAC allows Member States to verify whether the asylum-seeker was previously apprehended when crossing irregularly the border of a Member State coming from a third country.

The EURODAC Regulation lays down strictly defined and harmonised rules regarding the storage, comparison and erasure of fingerprints, while it also provides for data protection and data security safeguards.

It provides for the implementation of a Central Unit (CU) managed by the European Commission containing an Automated Fingerprint Identification System (AFIS). Fingerprints taken by Member States are sent to this system which indicates whether the same fingerprints are already stored in the database and if this is the case, which Member State sent them in.

In addition to fingerprints, the central database also keeps record of the place and date of the application for asylum, the Member State which entered the data and its reference number, the gender of the applicant, the date on which the fingerprints were taken and when they were transmitted to the CU. These data are collected for any asylum applicant and any third country national or stateless person apprehended in connection with the irregular crossing of an external border at least 14 years of age. The data can be kept for up to 10 years and up to 2 years respectively, unless the individual obtains the citizenship of one of the Member States, receives a residence permit or leaves the territory of the Member States (at which point the data is erased).

In its evaluation report, the Commission acknowledged that the Regulation is applied in a generally satisfactory way, but identified certain issues related to the efficiency of the current legislative provisions which have to be tackled in order to improve EURODAC's support of the Dublin Regulation. These include the continuing late transmission of fingerprints by a number of Member States; inefficient management of data deletions; unclear specification of national authorities having access to EURODAC, which hinders the monitoring role of the Commission and the European Data Protection Supervisor (EDPS); and the fact that that some persons already granted asylum in a Member State nevertheless apply again in another.

Regarding the more efficient use of the EURODAC database , the proposal aims to:

establish rules to ensure truly prompt transmission of fingerprints to the Central Unit of EURODAC in order to ensure that the Member State responsible under the Dublin Regulation for examining the application is correctly identified; update and clarify definitions of the different stages of management of the database, also in line with the objective to house all large-scale IT systems under Title IV of the TEC in one location under one management and running on the same platform (enabling to improve productivity and reduce operational costs); to unblock data on recognised refugees and to make them searchable by national asylum authorities, in order to avoid a situation where recognised refugee in one Member State applies for protection in another Member State .

Regarding data protection concerns , the proposal aims to:

establish technical rules to ensure that Member States delete data which is no longer necessary for the purpose for which were collected and to ensure that Commission can better monitor the respect of the data protection principles; clarify the provisions ensuring effective monitoring by the Commission and the European Data Protection Supervisor (EDPS) of access to data in EURODAC by national authorities.

Since it has not been used, the Commission proposes to abolish the committee provided for by the Regulation.

PURPOSE: recast of Council Regulation (EC) No 2725/2000/EC for the establishment of 'EURODAC' ("EURODAC Regulation").

PROPOSED ACT: Regulation of the European Parliament and of the Council.

CONTENT: as announced in the Policy Plan on Asylum, this proposal is part of a first package of proposals which aim to ensure a higher degree of harmonisation and better standards of protection for the Common European Asylum System (CEAS). It is adopted at the same time as the recast of the Dublin Regulation and the Reception Conditions Directive. EURODAC, a Community-wide information technology system, was created to facilitate the application of the Dublin Convention. The Convention was replaced by a Community law instrument Council Regulation (EC) No 343/2003 establishing the criteria and mechanisms for determining the Member State responsible for examining an asylum application lodged in one of the Member States by a third-country national ("the Dublin Regulation"). EURODAC allows Member States to determine whether an asylum applicant or a foreign national illegally present in a Member State has previously applied for asylum in another Member State . Among other criteria, the Dublin Regulation allocates responsibility for the assessment of an asylum claim on the basis of which Member State allowed the applicant to the territory of the Member States. EURODAC allows Member States to verify whether the asylum-seeker was previously apprehended when crossing irregularly the border of a Member State coming from a third country.

The EURODAC Regulation lays down strictly defined and harmonised rules regarding the storage, comparison and erasure of fingerprints, while it also provides for data protection and data security safeguards.

It provides for the implementation of a Central Unit (CU) managed by the European Commission containing an Automated Fingerprint Identification System (AFIS). Fingerprints taken by Member States are sent to this system which indicates whether the same fingerprints are already stored in the database and if this is the case, which Member State sent them in.

In addition to fingerprints, the central database also keeps record of the place and date of the application for asylum, the Member State which entered the data and its reference number, the gender of the applicant, the date on which the fingerprints were taken and when they were transmitted to the CU. These data are collected for any asylum applicant and any third country national or stateless person apprehended in connection with the irregular crossing of an external border at least 14 years of age. The data can be kept for up to 10 years and up to 2 years respectively, unless the individual obtains the citizenship of one of the Member States, receives a residence permit or leaves the territory of the Member States (at which point the data is erased).

In its evaluation report, the Commission acknowledged that the Regulation is applied in a generally satisfactory way, but identified certain issues related to the efficiency of the current legislative provisions which have to be tackled in order to improve EURODAC's support of the Dublin Regulation. These include the continuing late transmission of fingerprints by a number of Member States; inefficient management of data deletions; unclear specification of national authorities having access to EURODAC, which hinders the monitoring role of the Commission and the European Data Protection Supervisor (EDPS); and the fact that that some persons already granted asylum in a Member State nevertheless apply again in another.

Regarding the more efficient use of the EURODAC database , the proposal aims to:

establish rules to ensure truly prompt transmission of fingerprints to the Central Unit of EURODAC in order to ensure that the Member State responsible under the Dublin Regulation for examining the application is correctly identified; update and clarify definitions of the different stages of management of the database, also in line with the objective to house all large-scale IT systems under Title IV of the TEC in one location under one management and running on the same platform (enabling to improve productivity and reduce operational costs); to unblock data on recognised refugees and to make them searchable by national asylum authorities, in order to avoid a situation where recognised refugee in one Member State applies for protection in another Member State .

Regarding data protection concerns , the proposal aims to:

establish technical rules to ensure that Member States delete data which is no longer necessary for the purpose for which were collected and to ensure that Commission can better monitor the respect of the data protection principles; clarify the provisions ensuring effective monitoring by the Commission and the European Data Protection Supervisor (EDPS) of access to data in EURODAC by national authorities.

Since it has not been used, the Commission proposes to abolish the committee provided for by the Regulation.