Legal provisions of COM(2009)344 - Requesting comparisons with EURODAC data by Member States' law enforcement authorities and Europol for law enforcement purposes - Main contents
Please note
This page contains a limited version of this dossier in the EU Monitor.
dossier | COM(2009)344 - Requesting comparisons with EURODAC data by Member States' law enforcement authorities and Europol for law enforcement ... |
---|---|
document | COM(2009)344 |
date | July 8, 2009 |
Contents
- CHAPTER I - GENERAL PROVISIONS
- Article 1 - Subject matter and scope
- Article 2 - Definitions
- Article 3 - Designated authorities
- Article 4 - Verifying authorities
- Article 5 - Europol
- CHAPTER II - PROCEDURE FOR COMPARISON AND DATA TRANSMISSION
- Article 6 - Procedure for comparison of fingerprint data with EURODAC data
- Article 7 - Conditions for access to EURODAC data by designated authorities
- Article 8 - Conditions for access to EURODAC data by Europol
- Article 9 - Communication between the verifying authorities and the National Access Points
- CHAPTER III - PERSONAL DATA PROTECTION
- Article 10 - Protection of personal data
- Article 11 - Data security
- Article 12 - Prohibition of transfers of data to third countries or to international bodies or to private parties
- Article 13 - Logging and documentation
- TITLE IV - FINAL PROVISIONS
- Article 14 - Costs
- Article 15 - Penalties
- Article 16 - Notification of designated authorities and verifying authorities
- Article 17 - Monitoring and evaluation
- Article 18 - Entry into force and date of application
CHAPTER I - GENERAL PROVISIONS
Article 1 - Subject matter and scope
Article 2 - Definitions
(a) EURODAC means the database as established by Regulation (EC) No […/…] [new EURODAC];
(b) Europol means the European Police Office as established by Council Decision […/…./JHA];
(c) EURODAC data means all fingerprint data stored in the central database in accordance with Article 9 and Article 14(2) of [new EURODAC];
(d) terrorist offences means the offences under national law which correspond or are equivalent to the offences referred to in Articles 1 to 4 of Council Framework Decision 2002/475/JHA;
(e) serious criminal offences means the forms of crime which correspond or are equivalent to those referred to in Article 2(2) of Framework Decision 2002/584/JHA if they are punishable by a custodial sentence or a detention order for a maximum period of at least three years under national law;
(f) fingerprint data means the data relating to fingerprints of all or at least the index fingers, and if those are missing, the prints of all other fingers of a person, or a latent;
(g) National Access Point is the designated national system which communicates with the Central System as referred to in Article 4(2) of the [new EURODAC];
(h) Management Authority means the entity responsible for the operational management of EURODAC referred to in Article 5 of the [new EURODAC].
2. The definitions in Regulation (EC) No […/…] [new EURODAC] shall also apply.
Article 3 - Designated authorities
2. Every Member State shall keep a list of the designated authorities.
3. At national level, each Member State shall keep a list of the operating units within the designated authorities that are authorised to request comparisons with EURODAC data through the National Access Point.
Article 4 - Verifying authorities
2. The verifying authority shall ensure that the conditions for requesting comparisons of fingerprints with EURODAC data are fulfilled.
3. Only the verifying authority shall be authorised to forward requests for comparison of fingerprints to the National Access Point which communicates with the Central System.
Article 5 - Europol
2. EUROPOL shall designate an operating unit that is authorised to request comparisons with EURODAC data through its designated National Access Point.
CHAPTER II - PROCEDURE FOR COMPARISON AND DATA TRANSMISSION
Article 6 - Procedure for comparison of fingerprint data with EURODAC data
2. Where all the conditions for requesting a comparison are fulfilled, the verifying authority shall transmit the request for comparison to the National Access Point which will process it to the EURODAC Central System for the purpose of comparison with all the EURODAC data.
3. In exceptional cases of urgency, the verifying authority may transmit the fingerprint data to the National Access Point for comparison immediately upon receipt of a request by a designated authority and only verify ex-post whether all the conditions of Article 7 or Article 8 are fulfilled, including whether an exceptional case of urgency actually existed. The ex-post verification shall take place without undue delay after the processing of the request.
4. Where the ex-post verification determines that the access was not justified, the information communicated from EURODAC shall be destroyed by all authorities which have accessed it and they shall inform the verifying authority of such destruction.
Article 7 - Conditions for access to EURODAC data by designated authorities
(a) the comparison is necessary for the purpose of the prevention, detection or investigation of terrorist offences or other serious criminal offences;
(b) the comparison is necessary in a specific case;
(c) there are reasonable grounds to consider that such comparison with EURODAC data will substantially contribute to the prevention, detection or investigation of any of the criminal offences in question.
2. Requests for comparison with EURODAC data shall be limited to searching with fingerprint data.
Article 8 - Conditions for access to EURODAC data by Europol
2. Requests for comparison with EURODAC data shall be limited to comparisons of fingerprint data.
3. Processing of information obtained by Europol from comparison with EURODAC shall be subject to the authorisation of the Member State of origin. Such authorisation shall be obtained via the Europol national unit of that Member State.
Article 9 - Communication between the verifying authorities and the National Access Points
2. Fingerprints shall be digitally processed by the Member State and transmitted in the data format referred to in Annex I to the Regulation (EC) No […/…] [new EURODAC] , in order to ensure that the comparison can be carried out by means of the computerised fingerprint recognition system.
CHAPTER III - PERSONAL DATA PROTECTION
Article 10 - Protection of personal data
2. The processing of personal data by Europol pursuant to this Decision shall be in accordance with the [Europol] Decision […/…/JHA] and the rules adopted in implementation thereof and shall be supervised by the independent joint supervisory body established by Article 34 of that Decision.
3. Personal data obtained pursuant to this Decision from EURODAC shall only be processed for the purposes of the prevention, detection and investigation of terrorist offences or of other serious criminal offences.
4. Personal data obtained by a Member State or Europol pursuant to this Decision from EURODAC shall be erased in national and Europol files after a period of one month, if the data are not required for a specific ongoing criminal investigation by that Member State, or Europol.
5. The monitoring of the lawfulness of the processing of personal data under this Decision by the Member States, including their transmission to and from EURODAC shall be carried out by the national competent authorities designated pursuant to Framework Decision 2008/977/JHA.
Article 11 - Data security
2. Each Member State shall, in relation to its national system, adopt the necessary measures, including a security plan, in order to:
(a) physically protect data, including by making contingency plans for the protection of critical infrastructure;
(b) deny unauthorised persons access to national installations in which the Member State carries out operations in accordance with the purpose of EURODAC (checks at entrance to the installation);
(c) prevent the unauthorised reading, copying, modification or removal of data media (data media control);
(d) prevent the unauthorised input of data and the unauthorised inspection, modification or deletion of stored personal data (storage control);
(e) prevent the unauthorised processing of data in EURODAC and any unauthorised modification or deletion of data processed in EURODAC (control of data processing);
(f) ensure that persons authorised to access EURODAC have access only to the data covered by their access authorisation, by means of individual and unique user identities and confidential access modes only (data access control);
(g) ensure that all authorities with a right to request comparisons with data held in EURODAC create profiles describing the functions and responsibilities of persons who are authorised to access, enter, update, delete and search the data and make these profiles available to the National Supervisory Authorities designated under Article 25 of the Framework Decision 2008/977/JHA without delay at their request (personnel profiles);
(h) ensure that it is possible to verify and establish to which bodies personal data may be transmitted using data communication equipment (communication control);
(i) ensure that it is possible to verify and establish what data have been processed in EURODAC, when, by whom and for what purpose (control of data recording);
(j) prevent the unauthorised reading, copying, modification or deletion of personal data during the transmission of personal data to or from EURODAC or during the transport of data media, in particular by means of appropriate encryption techniques (transport control);
(k) monitor the effectiveness of the security measures referred to in this paragraph and take the necessary organisational measures related to internal monitoring to ensure compliance with this Decision (self-auditing).
Article 12 - Prohibition of transfers of data to third countries or to international bodies or to private parties
Article 13 - Logging and documentation
2. The log or documentation shall show in all cases:
(a) the exact purpose of the request for comparison, including the concerned form of a terrorist offence or other serious criminal offence and for Europol, the exact purpose of the request for comparison;
(b) the respective national file reference;
(c) the date and exact time of the request for comparison by the National Access Point to the EURODAC Central System;
(d) the name of the authority having requested access for comparison, and the person responsible who has made the request and processed the data;
(e) where applicable the use of the urgent procedure referred to in Article 6(3) and the decision taken with regard to the ex-post verification;
(f) the data used for comparison;
(g) according to national rules or the rules of the Europol Decision the identifying mark of the official who carried out the search and of the official who ordered the search or supply.
3. Such logs or documentation shall be used only for the data protection monitoring of the lawfulness of data processing as well as to ensure data security. Only logs containing non-personal data may be used for the monitoring and evaluation referred to in Article 17. The competent national supervisory authorities responsible for checking the admissibility of the request and monitoring the lawfulness of the data processing and data integrity and security, shall have access to these logs at their request for the purpose of fulfilling their duties.
TITLE IV - FINAL PROVISIONS
Article 14 - Costs
Article 15 - Penalties
Article 16 - Notification of designated authorities and verifying authorities
2. By [three months after the date of entry into force of this Decision] at the latest each Member State shall notify the Commission and the General Secretariat of the Council of its verifying authority and shall notify without delay any amendment thereto.
3. By [t hree months after the date of entry into force of this Decision] at the latest Europol shall notify the Commission and the General Secretariat of the Council of its verifying authority and the National Access Point which it has designated and shall notify without delay any amendment thereto.
4. The Commission shall publish information referred to in paragraphs 1, 2 and 3 in the Official Journal of the European Union on an annual basis.
Article 17 - Monitoring and evaluation
2. Three years after the entry into force of this Decision and every four years thereafter, the Commission shall produce an overall evaluation of this Decision. This evaluation should include an examination of the results achieved against objectives and an assessment of the continuing validity of the underlying rationale, and shall make any necessary recommendations. The Commission shall submit the evaluation report to the European Parliament and the Council.
3. The Management Authority, Member States and Europol shall provide the Commission the information necessary to draft the evaluation reports referred to in paragraph 2. This information shall not jeopardise working methods nor include information that reveals sources, staff members or investigations of the designated authorities.
Article 18 - Entry into force and date of application
2. This Decision shall apply from the date referred to in Article 33(2) of Regulation […] [new EURODAC] .