Explanatory Memorandum to COM(2016)272 - Establishment of 'Eurodac' for the comparison of fingerprints (recast)

Please note

This page contains a limited version of this dossier in the EU Monitor.

dossier COM(2016)272 - Establishment of 'Eurodac' for the comparison of fingerprints (recast).
source COM(2016)272 EN
date 04-05-2016


1. CONTEXTOFTHEPROPOSAL

Reasons for and objectives of the proposal

EURODAC was established by Regulation (EC) No 2725/2000 concerning the establishment of 'Eurodac' for the comparison of fingerprints for the effective application of the Dublin Convention1. A first recast proposal for the amendment of the EURODAC Regulation was adopted by the Council and the European Parliament in June 20132, which enhanced the functioning of EURODAC and laid down conditions for law enforcement access to it under strict conditions for the prevention, detection and investigation of serious crimes and terrorist offences.

Since it was established, EURODAC has sufficiently served the purpose of providing fingerprint evidence to assist determine the Member State responsible for examining an asylum application made in the EU. Its primary objective has always been to serve the implementation of Regulation (EU) No. 604/20133 (hereafter 'the Dublin Regulation') and together these two instruments make up what is commonly referred to as the Dublin system.

When the migration and refugee crisis escalated in 2015, some Member States became overwhelmed with fingerprinting all those who arrived irregularly to the EU at the external borders, and who further transited through the EU en route to their preferred destination. As such, some Member States failed to meet their obligations to take fingerprints under the current EURODAC Regulation. The Communication of the Commission of 13 May 2015, titled 'A European Agenda on Migration'4 noted that "Member States must also implement fully the rules on taking migrants' fingerprints at the borders". This prompted the Commission to bring forward guidance to facilitate systematic fingerprinting, in full respect of fundamental rights, backed up by practical cooperation and exchange of best practices in May 2015.5 In addition to this the Commission also considered the use of other biometric identifiers to be used for EURODAC, such as facial recognition and the collection of digital photos to counter challenges faced by some Member States to take fingerprints for the purposes of EURODAC.

During the same period, those Member States that are not situated at the external borders began to see an increasing need to be able to store and compare information on irregular migrants that were found illegally staying on their territory, particularly where they did not seek asylum. As a consequence, thousands of migrants remain invisible in Europe, including thousands of unaccompanied minors, a situation that facilitates unauthorised secondary and subsequent movements and illegal stay within the EU. It became clear that significant steps had to be taken to tackle irregular migration that occurred within the EU as well as to the EU.

The Commission's proposal establishing an Entry/Exit System to register entry and exit data of third country nationals crossing the external borders of the EU where a short-stay visa has been obtained for entry to the EU, will allow Member States to detect third-country nationals

OJ L 062, 05.03.2002, p. 1.

OJ L 180, 29.6.2013, p.1

OJ L 180, 29.6.2013, p.31

Contents

1.

COM(2015) 240 final, 13.5.2015


Commission Staff Working Document on Implementation of the Eurodac Regulation as regards the

obligation to take fingerprints, COM(2015) 150 final, 27.5.2015.

2

3

4

5

who have been staying illegally although they have entered the EU legally.6 However no such system exists for identifying illegally staying third-country nationals who enter the EU irregularly at the external borders and the current EURODAC system - the ideal database that could host this information - is limited to identifying whether an asylum application has been made in more than one Member State in the EU.

On 6 April 2016, in its Communication "Towards a reform of the Common European Asylum System and enhancing legal avenues to Europe"7 the Commission considered it a priority to bring forward a reform of the Dublin Regulation and establish a sustainable and fair system for determining the Member State responsible for asylum seekers ensuring a high degree of solidarity and a fair sharing of responsibility between Member States by proposing a corrective allocation mechanism. As part of this the Commission considered that EURODAC should be reinforced to reflect changes to the Dublin mechanism and to make sure that it continues to provide the fingerprint evidence it needs to function. It was also considered the EURODAC could contribute to the fight against irregular migration by storing fingerprint data under all categories and allowing comparisons to be made with all stored data for that purpose.

Therefore, this proposal amends the current EURODAC Regulation (EU) No. 603/2013, and extends its scope for the purposes of identifying illegally staying third-country nationals and those who have entered the European Union irregularly at the external borders, with a view to using this information to assist a Member State to re-document a third-country national for return purposes.

Facilitating the identification of illegally staying third-country nationals or stateless persons through the use of biometrics would contribute to improve the effectiveness of the EU return policy, notably in relation to irregular migrants who use deceptive means to avoid their identification and to frustrate re-documentation. The availability of data and information on third-country nationals without any indentification or lawful reason for being in the EU who are fingerprinted in another Member State would accelerate the procedures for the identification and re-documentation of illegally staying third-county nationals apprehended and fingerprinted in another Member State, hence contributing to reduce the length of the necessary return and readmission procedures, including the period during which irregular migrants may be kept in administrative detention awaiting removal, and combat identity fraud. It would allow identifying country of transit of irregular migrants, hence facilitating their readmission in those countries. Furthermore, by providing information on the movements of irregular migrants within the EU, it would allow national authorities to carry out a more accurate individual assessment of the situation of irregular migrants, for instance on the risk that they may abscond, while undertaking return and readmission procedures.

A record number of refugee and migrant children arrived in Europe in 2015 and Member States have struggled to get accurate numbers for unaccompanied and separated children, as formal registration procedures in some Member States do not always allow for their identification when they cross borders. The ongoing migration and refugee crisis has raised profound questions about how to safeguard and protect unaccompanied children by Members of the European Parliament, non-governmental organisations, international organisations and

Proposal for a Regulation of the European Parliament and of the Council establishing an Entry/Exit System (EES) to register entry and exit data and refusal of entry data of third country nationals crossing the external borders of the Member States of the European Union and determining the conditions for access to the EES for law enforcement purposes and amending Regulation (EC) No 767/2008 and Regulation (EU) No 1077/2011, COM(2016) 194 final, 6.4.2016 COM(2016) 197 final.

6

7

Member States. Child protection and missing children from a third-country in particular has become an additional concern of the ensuing crisis within the EU.8

Historically, EURODAC has always collected fingerprints of minors from the age of 14 and over, which can allow identification of an unaccompanied minor once an asylum application has been made within the EU. However, given the apparent increase in the smuggling of minors below this age to and within the EU there appears to be a stronger need to collect biometrics for the purposes of EURODAC from a lower age to help with the identification of such persons and to see whether that information can also assist to establish family links or links with a guardian in another Member State.

Many Member States collect biometrics from minors at a younger age than 14 years for visas, passports, biometric residence permits and general immigration control. Thus it is also proposed that the taking of fingerprints of minors for EURODAC should be changed to six years old – the age at which research shows that fingerprint recognition of children can be achieved with a satisfactory level of accuracy.

It will also be necessary to store information on illegally staying third-country nationals and those apprehended entering the EU irregularly at the external border for longer than what is currently permitted. A storage period of 18 months is the maximum permitted under the current Regulation for those apprehended at the external border and no data is retained for those found illegally staying in a Member State. This is because the current EURODAC Regulation is not concerned with storing information on irregular migrants for longer than what it necessary to establish the first country of entry under the Dublin Regulation if an asylum application had been made in a second Member State. Given the extension of the scope of EURODAC for wider migration purposes, it is necessary to retain this data for a longer period so that secondary movements can be adequately monitored within the EU, particularly where an irregular migrant makes all efforts to remain undetected. A period of five years is deemed to be adequate for these purposes, bringing the data retention period in line with other EU databases in the Justice and Home Affairs (JHA) area and the period for which an entry ban can be imposed on an irregular migrant under the Return Directive.9

This proposal also allows for information on the identity of an irregular migrant to be shared with a third-country where it is necessary to share that information for return purposes only. The readmission and re-documentation of irregular third-country nationals to their country of origin entails sharing information on that individual with the authorities of that country when a travel document needs to be secured. Thus, this proposal allows data to be shared on that basis and in line with data protection rules. A strict prohibition is set out for sharing any information on the fact that an asylum application has been made within the EU, which could jeopardise a rejected asylum seeker’s safety and lead to a violation of his or her fundamental rights.

It is also proposed that an additional biometric – a facial image - will also be collected by Member States and stored in the Central System as well as other personal data to reduce the need for additional communication infrastructure between Member States to share information on irregular migrants that have not claimed asylum. The collection of facial images will be the pre-cursor to introducing facial recognition software in the future and will bring EURODAC in line with the other systems such as the Entry/Exit System. Eu-LISA

Committee on Civil Liberties, Justice and Home Affairs, Committee Meeting debate, "Fate of 10,000 missing refugee children", 21.04.2016

OJ L 348, 24.12.2008, p.98

8

9

should first conduct a study on facial recognition software that evaluates its accuracy and reliability prior to this software being added to the Central System.

The Commission’s Communication on Stronger and Smarter Information Systems for Borders and Security10 highlights the need to improve the interoperability of information systems as a long-term objective, as also identified by the European Council and the Council. The Communication proposes to set up an Expert Group on Information Systems and Interoperability to address the legal and technical feasibility of achieving interoperability of the information systems on borders and security. The present proposal is in line with the objectives out in the Communication as it establishes EURODAC in a way that allows for future interoperability with other information systems, where necessary and proportionate. To that end, and with the support of the Expert Group on Information Systems and Interoperability, the Commission will assess the necessity and proportionality of establishing interoperability with the Schengen Information Systems (SIS) and the Visa Information Systems (VIS). In that context, and in line with the Communication, the Commission will also examine if there is a need to revise the legal framework for law enforcement access to EURODAC.

This proposal continues to allow law enforcement access to the Central System and will now permit law enforcement authorities and EUROPOL to have access to all the stored information in the system and to conduct searches based on a facial image in the future.

Consistency with other Union policies

This proposal is closely linked and complements other Union policies, namely:

(a) The Common European Asylum System by ensuring the effective implementation of the Dublin Regulation by using fingerprint evidence to assist to determine the Member State responsible for examining an asylum application.

(b) An effective EU return policy so as to contribute to and enhance the EU system to return irregular migrants. This is essential for maintaining public trust in the EU's asylum system and support for helping persons in need of international protection. Increasing the rate of return of irregular migrants needs to go hand in hand with the EU's renewed efforts to protect those in need.

(c) Internal security as was underlined in the European Agenda on Security11, to prevent, detect, investigate and prosecute serious crimes and terrorism offences by enabling law enforcement authorities and Europol to process personal data of persons suspected to be involved in acts of terrorism or serious crimes.

(d) European Border and Coast Guard Teams as regards the possibility to take and transmit fingerprint and facial image data of asylum applicants and irregular migrants to EURODAC on behalf of a Member State for the effective management of external border control.

(e) Data Protection insofar as this proposal must ensure the protection of fundamental rights to respect for the private life of individuals whose personal data are processed in EURODAC.

2.

COM(2016) 205 final COM(2015) 185 final


10

11

2. LEGAL BASIS, SUBSIDIARITY AND PROPORTIONALITY

Legal basis

The present recast proposal uses Article 78(2)(e) of the Treaty on the Functioning of the European Union (TFEU) as legal base concerning criteria and mechanisms for determining which Member State is responsible for considering an application for asylum or subsidiary protection, which is the TFEU Article corresponding to the legal base of the original proposal (Article 63(1)(a) of the Treaty establishing the European Community). In addition, it uses Article 79(2)(c) as the legal base concerning the elements of indentifying an irregular third-country national or stateless person as regards illegal immigration and unauthorised residence, including removal and repatriation of persons residing without authorisation, Article 87(2)(a) as the legal base concerning the elements related to the collation, storage, processing, analysis and exchange of relevant information for law enforcement purposes; and Article 88(2)(a) as the legal base concerning Europol's field of action and tasks including the collection, storage, processing, analysis and exchange of information.

Variable Geometry

The United Kingdom and Ireland are bound by Regulation (EU) No. 603/2013 following their notification of their wish to take part in the adoption and application of that Regulation based on the above-mentioned Protocol.

In accordance with Protocol 21 on the position of the United Kingdom and Ireland, those Member States may decide to take part in the adoption of this proposal. They also have this option after adoption of the proposal.

Under the Protocol on the position of Denmark, annexed to the TEU and the TFEU, Denmark does not take part in the adoption by the Council of the measures pursuant to Title V of the TFEU (with the exception of 'measures determining the third countries whose nationals must be in possession of a visa when crossing the external borders of the Member States, or measures relating to a uniform format for visas'). Therefore, Denmark does not take part in the adoption of this Regulation and is not bound by it nor subject to its application. However, given that Denmark applies the current Eurodac Regulation, following an international agreement12 that it concluded with the EU in 2006, it shall, in accordance with Article 3 of that agreement, notify the Commission of its decision whether or not to implement the content of the amended Regulation.

• Impact of the proposal on non-EU Member States associated to the Dublin system

In parallel to the association of several non-EU Member States to the Schengen acquis, the Community concluded, or is in the process of doing so, several agreements associating these countries also to the Dublin/EURODAC acquis:

– the agreement associating Iceland and Norway, concluded in 200113;

– the agreement associating Switzerland, concluded on 28 February 200814;

Agreement between the European Community and the Kingdom of Denmark on the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in Denmark or any other Member State of the European Union and “Eurodac” for the comparison of fingerprints for the effective application of the Dublin Convention (OJ L 66, 8.3.2006). Agreement between the European Community and the Republic of Iceland and the Kingdom of Norway concerning the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in a Member State or in Iceland or Norway (OJ L 93, 3.4.2001, p. 40).

12

13

– the protocol associating Liechtenstein, concluded on 18 June 201115.

In order to create rights and obligations between Denmark – which as explained above has been associated to the Dublin/EURODAC acquis via an international agreement – and the associated countries mentioned above, two other instruments have been concluded between the Community and the associated countries.16

In accordance with the three above-cited agreements, the associated countries shall accept the Dublin/EURODAC acquis and its development without exception. They do not take part in the adoption of any acts amending or building upon the Dublin acquis (including therefore this proposal) but have to notify to the Commission within a given time-frame of their decision whether or not to accept the content of that act, once approved by the Council and the European Parliament. In case Norway, Iceland, Switzerland or Liechtenstein do not accept an act amending or building upon the Dublin/EURODAC acquis, the 'guillotine' clause is applied and the respective agreements will be terminated, unless the Joint/Mixed Committee established by the agreements decides otherwise by unanimity.

The scope of the above-cited association agreements with Iceland, Norway, Switzerland and Liechtenstein as well as the parallel agreement with Denmark does not cover law enforcement access to EURODAC. Consequently, once this Recast Regulation is adopted it will be necessary to ensure that complementary agreements with those Associated States that wish to participate have been signed and concluded.

The current proposal, stipulates that the comparison of fingerprint data using EURODAC may only be made after national fingerprint databases and the Automated Fingerpirnt Databases of other Member States under Council Decision 2008/615/JHA (the Prüm Agreements) return negative results. This rule means that if any Member State has not implemented the above Council Decision and cannot perform a Prüm check, it also may not make a EURODAC check for law enforcement purposes. Similarly, any associated States that have not implemented or do not participate in the Prüm Agreements may not conduct such a EURODAC check.

Subsidiarity

The proposed initiative constitutes a further development of the Dublin Regulation and EU migration policy and in order to ensure that common rules on for the taking of fingerprints and facial image data for irregular third-country nationals for the purposes of EURODAC are applied in the same way in all the Member States. It creates an instrument providing to the European Union information on how many third country nationals enter the EU irregularly and claim asylum, which is indispensable for sustainable and evidence based policy making in

14 Agreement between the European Community and the Swiss Confederation concerning the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in a Member State or in Switzerland (OJ L 53, 27.2.2008, p.

5).

15 Protocol between the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Community and the Swiss Confederation concerning the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in a Member State or in Switzerland (OJ L 160 18.6.2011 p. 39)

16 Protocol between the European Community, the Swiss Confederation and the Principality of Liechtenstein to the Agreement between the European Community and the Swiss Confederation concerning the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in a Member State or in Switzerland (2006/0257 CNS, concluded on 24.10.2008, publication in OJ pending) and Protocol to the Agreement between the Community, Republic of Iceland and the Kingdom of Norway concerning the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in a Member State, Iceland and Norway (OJ L 93, 3.4.2001).

the field of migration and visa. It also grants access for law enforcement authorities to EURODAC, which is a timely, accurate, secure and cost-efficient way to identify irregular third-country nationals who are suspects (or victims) of terrorism or of a serious crime.

This proposal will also assist Member States to identify illegally staying third-country nationals and those who have entered the European Union irregularly at the external borders, with a view to using this information to assist a Member State to re-document a third-country national for return purposes.

Due to the transnational nature of the problems related to asylum and refugee protection, the EU is well placed to propose solutions in the framework of the Common European Asylum System (CEAS) to the issues described above as problems regarding the EURODAC Regulation.

An amendment of the EURODAC Regulation is also required in order to add an additional purpose thereto, namely allow access for the purpose to control illegal migration to and secondary movements of irregular migrants within the EU. This objective cannot be sufficiently achieved by the Member States alone.

Proportionality

Article 5 of the Treaty on the European Union states that action by the Union shall not go beyond what is necessary to achieve the objectives of the Treaty. The form chosen for this EU action must enable the proposal to achieve its objective and be implemented as effectively as possible.

The proposal which conception is driven by the privacy by design principles is proportionate in terms of the right to protection of personal data in that it does not require the collection and storage of more data for a longer period than is absolutely necessary to allow the system to function and meet its objectives. In addition, all the safeguards and mechanisms required for the effective protection of the fundamental rights of travellers particularly the protection of their private life and personal data will be foreseen and implemented.

No further processes or harmonisation will be necessary at EU level to make the system work; thus the envisaged measure is proportionate in that it does not go beyond what is necessary in terms of action at EU level to meet the defined objectives.

Choice of the instrument

The proposed recast will also take the form of a Regulation. The present proposal will build on and enhance an existing centralised system through which Member States cooperate with each other, something which requires a common architecture and operating rules. Moreover, it lays down rules on access to the system including for the purpose of law enforcement which are uniform for all Member States. As a consequence, only a Regulation can be chosen as a legal instrument.

3. CONSULTATIONS WITH INTERESTED PARTIES

In preparation of this proposal, the Commission has relied upon the discussions that have been regularly taking place in the European Council and in the Council of Ministers, as well as in the European Parliament on the measures needed to address the migratory crisis and in particular on the reform of the Dublin Regulation, which EURODAC is intrinsically attached to. The Commission has also reflected on the needs of Member States that became apparent during the refugee and migration crisis.

In particular, the Council Conclusions of the European Council of 25-26 June 2015, called for the reinforcement of the management of the Union’s external borders to better contain the growing flows of illegal migration.17 At a further meeting of Heads of State or Government in October 2015, the European Council concluded that Member States needed to step up implementation of the Return Directive and ensure that all those arriving at the hotspots would be identified, registered and fingerprinted and at the same time ensure relocation and returns.18 In March 2016, the European Council further reiterated that work will also be taken forward on the future architecture of the EU's migration policy, including the Dublin

Regulation.19

The Commission has also informally consulted the European Data Protection Advisor on the new elements of this proposal that are subject to the new legal framework on Data Protection.

Fundamental rights

The proposed Regulation has an impact on fundamental rights, notably on right to human dignity (Article 1 of the Charter of Fundamental Rights of the EU); the prohibition of slavery and forced labour (Article 5 of the Charter); right to liberty and security (Article 6 of the Charter), respect for private and family life (Article 7 of the Charter), the protection of personal data (Article 8 of the Charter), right to asylum (Article 18 of the Charter) and protection in the event of removal, expulsion or extradition (Article 19 of the Charter), the right to non-discrimination (Article 21 of the Charter), the rights of the child (Article 24 of the Charter) and the right to an effective remedy (Article 47 of the Charter).

The prohibition of slavery and forced labour as well as the right to liberty and security are positively affected by the implementation of EURODAC. A better and more accurate identification (through the use of biometrics) of third-country nationals crossing the external border of the EU supports the detection of identity fraud, human being trafficking (particularly in the case of minors) and cross border criminality and thus contributes to the fight against trafficking and smuggling in human beings. It also contributes to improving the security of the citizens anyone present in the EU area on the EU territory.

The proposal also positively contributes to the protection of the rights of the child and to the respect of the right to respect for family life. Many applicants for international protection and third-country nationals arriving irregularly to the European Union travel with families and in many cases very young children. Being able to identify these children with the help of fingerprints and facial images will help identify children in cases where they are separated from their families by allowing a Member State to follow up a line of inquiry where a fingerprint match indicates that they were present in another Member State. It would also strengthen the protection of unaccompanied minors who do not always formally seek international protection and who abscond from care institutions or child social services under which their care has been assigned.

The obligation to take fingerprints shall be implemented in full respect of the right to human dignity and of the rights of the child. The proposal reaffirms the obligation upon Member States to ensure that the procedure for taking fingerprints and a facial image shall be determined and applied in accordance with the national practice of the Member State concerned and in accordance with the safeguards laid down in the Charter of Fundamental

EUCO 22/15, 26.06.2015 EUCO 26/15, 15.10.2015 EUCO 12/16, 18.03.2016

17

18

19

Rights of the European Union, in the Convention for the Protection of Human Rights and Fundamental Freedoms and in the United Nations Convention on the Rights of the Child. Penalties attached to the failure to comply with the obligation to comply with the fingerprinting process shall be in accordance with the principle of proportionality. In particular, the proposal explicitly states that detention should only be used in this context as a means of last resort if necessary to determine or verify a third-country national's identity. As regards children, the taking of fingerprints from minors, particularly young children, should be carried out in a child-sensitive and child-friendly manner. Relevant provisions also ensure that a child is not subject to any administrative sanctions where there is a justified reason for not submitting their fingerprints or a facial image and that the authorities of a Member State must ensure that where they suspect that there may be child protection issues following a refusal to submit fingerprints or where a child may have damaged fingertips or hands, they should refer the child to the national child protection authorities.

The implementation of the proposal shall be without prejudice to the rights of applicant for and beneficiaries of international protection, in particular as regards the prohibition in the event of removal, expulsion and extradition, including in the context of transfers of personal data to third countries.

As stipulated by Article 52 i of the Charter, any limitation to the right to the protection of personal data must be appropriate for attaining the objective pursued and not going beyond what is necessary to achieve it. Article 8 i of the European Convention of Human Rights also recognises that interference by a public authority with a person’s right to privacy may be justified as necessary in the interest of national security, public safety or the prevention of crime, as it is the case in the current proposal. The proposal provides for access to EURODAC for the prevention, detection or investigation of terrorist offences or other serious criminal offences for the purposes of identification of third country nationals crossing the external borders and for the purpose of accessing data on their travel history. Safeguards as regards personal data also include the right of access to or the right of correction or deletion of data. The limitation of the retention period of data referred to above in chapter 1 of this explanatory memorandum also contributes to the respect for personal data as a fundamental right.

The proposal provides for access to EURODAC for the prevention, detection or investigation of terrorist offences or other serious criminal offences for the purposes of identification of third country nationals crossing the external borders and for the purpose of accessing data on their movements within the EU. Moreover, designated law enforcement authorities may only request access to EURODAC data if there are reasonable grounds to consider that such access will substantially contribute to the prevention, detection or investigation of the criminal offence in question. Such requests are verified by a designated law enforcement authority in order to check whether the strict conditions for requesting access to the EES for law enforcement purposes are fulfilled.

Furthermore, the proposal also lays down strict data security measures to ensure the security of personal data processed and establishes supervision of the processing activities by independent public data protection authorities and documentation of all searches conducted. The proposal also states that the processing of all personal data carried out by law enforcement authorities in EURODAC once they have been extracted is subject to the new data protection Directive for the processing of personal data for the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties that repeals Council Framework Decision 2008/977/JHA. The proposal establishes strict access

rules to EURODAC and the necessary safeguards. It also foresees the individuals' rights of access, correction, deletion and redresses in particular the right to a judicial remedy and the supervision of processing operations by public independent authorities. Therefore, the proposal fully complies with the Charter of Fundamental Rights of the European Union, in particular as regards the right to the protection of personal data, and is also in line with Article 16 TFEU which guarantees everyone the right to protection of personal data concerning them.

4. BUDGETARY IMPLICATIONS

The present proposal entails a technical amendment to the EURODAC central system in order to provide for the possibility to carry out comparisons for all three categories of data and for storage of all three categories of data. Further functionalities such as the storage of biographical data alongside side a facial image will require more amendments to the Central System

The financial statement attached to this proposal reflects this change.

The cost estimate of 29.872 million EUR includes costs for the technical upgrade and increased storage and throughput of the Central System. It also consists of IT-related services, software and hardware and would cover the upgrade and customisation to allow searches for all categories of data covering both asylum and irregular migration purposes. It also reflects the additional staffing costs required by eu-LISA.

5. OTHERELEMENTS • Detailed explanation of the specific provisions of the proposal

- Extending the scope of EURODAC for return purposes (Article 1(1)(b)): The scope of the new EURODAC Regulation has been extended to include the possibility for Member States to store and search data belonging to third-country nationals or stateless persons who are not applicants for international protection so that they can be identified for return and readmission purposes. A new legal base, Article 79(2)(c) has been added for these purposes. Thus EURODAC becomes a database for wider immigration purposes and no longer only exists to ensure the effective implementation of the Dublin III Regulation, although this function will still be an important aspect of it. At present EURODAC only compares fingerprint data taken from irregular migrants and applicants for international protection against asylum data because it is an asylum database. Comparisons are not made between fingerprint data taken from irregular migrants at the external borders and fingerprint data taken from third-country nationals found illegally staying on the territory of a Member State.

Extending the scope of EURODAC will allow the competent immigration authorities of a Member State to transmit and compare data on those illegally staying third-country nationals who do not claim asylum and who may move around the European Union undetected. The information obtained in a hit result may then assist competent Member State authorities in their task of identifying illegally staying third-country nationals on their territory for return purposes. It may also provide precious elements of evidence for re-documentation and readmission purposes.

- Ensuring the primacy of the Dublin procedure (Articles 15 i and 16 (5)): a provision has been included to ensure that where a fingerprint hit indicates that an asylum application has been made in the European Union, the Member State that conducted the search should ensure that the Dublin procedure is followed as a matter of course and not a return procedure for the individual concerned. This is to guarantee that where multiple hits are retrieved from the Central System relating to the same individual, the Member State that consulted EURODAC

is left in no doubt about the correct procedure to follow and so that no applicant for international protection is returned to their country of origin or to a third-country in breach of the principle of non-refoulement. Thus the notion of a “hierarchy of hits” has been introduced to allow for this.

- Obligation to take fingerprints and facial images (Article 2): the proposal specifies a clear obligation for Member States to take and transmit fingerprints and a facial image of all three categories of persons and makes sure that Member States impose these obligations on applicants of international protection and third-country nationals or stateless persons so that they are aware. The obligation to take fingerprints has always existed and was communicated to the data-subject via information in the form of a leaflet under Article 29(1)(d) of Regulation (EU) No. 603/2013. This Article also permits Member States to introduce sanctions, in accordance with their national law, for those individuals who refuse to provide a facial imagine or comply with the fingerprinting procedure, following, where relevant, the Commission Staff Working Document on the implementation of the Eurodac Regulation as that sets out a best practice approach for Member States to follow to obtain fingerprints.20 However, new provisions have been laid down to ensure that the taking of fingerprints and a facial image from minors, particularly young children, should be carried out in a child-sensitive and child-friendly manner. These provisions also ensure that a minor is not subject to any administrative sanctions if they do not submit their fingerprints or a facial image, where there is good reason for not submitting them and that the authorities of a Member State must ensure that where they suspect that there may be child protection issues following a refusal to submit fingerprints or a facial image or where a child may have damaged fingertips or hands, they should refer the child to the national child protection authorities.

- Storing the personal data of the data-subject (Articles 12, 13 and 14): EURODAC has always functioned with fingerprints only and previously no other personal data of the data-subject was stored apart from the gender of the individual. The new proposal now permits the storage of personal data of the data-subject such as the name(s), age, date of birth, nationality, and identity documents, as well as a facial image. The storage of personal data will allow immigration and asylum authorities to easily identify an individual, without the need to request this information directly from another Member State. Personal data of the individual can be retrieved from the Central System on a hit or no hit basis only. This is to safeguard the right of access to this data, thus where there is no fingerprint or facial image match the personal data cannot be obtained.

For the purposes of the Dublin Regulation, new information is required to be updated in EURODAC relating to the Member State that becomes responsible for examining an asylum application following allocation of an applicant to another Member State. This will then make clear which Member State is responsible under the recast Dublin Regulation, if an applicant absconds or claims asylum in another Member State following an allocation procedure and a fingerprint hit.

- Biometric identifiers (Articles 2, 15, and 16): The current EURODAC Regulation allows for the comparison of fingerprint data only. In 2015, the European Agenda on Migration suggested the possibility to add other biometric identifiers to EURODAC in order to mitigate some of the challenges Member States were facing with damaged fingertips and non-compliance with the fingerprint process.21 This proposal inserts a requirement for Member

20 SWD(2015) 150 final

21

Communication from The Commission to The European Parliament, The Council, The European Economic And Social Committee And The Committee Of The Regions A European Agenda On Migration, COM(2015) 240 final, 13.5.2015, pp13-14.

States to take a facial image of the data-subject for transmission to the Central System and includes provisions to make a comparison of fingerprint and facial image data together and facial images separately under defined conditions. The insertion of facial images into the Central System now will prime the system for searches to be made with facial recognition software in the future.

Member States will continue to take the fingerprints of all ten fingers as plain and rolled impressions and this will now apply to individuals who are found illegally staying in a Member State because the same set of fingerprints will be needed for all three categories to be compared accurately.

- Comparison and transmission of all categories of all data (Articles 15 and 16): whereas under Regulation (EU) No. 603/2013, only two fingerprint categories were stored and data could only be searched against fingerprint data of applicants for international protection, the fingerprint and facial image data of all three categories of data will now be stored and compared against each other. This will allow the immigration authorities in a Member State to ascertain whether an illegally staying third-country national in a Member State has claimed asylum, or has entered the EU illegally at the external border. In the same vein it will allow a Member State to check whether someone apprehended crossing the external border irregularly was ever illegally staying in another Member State. Widening the scope of searches allows a pattern of irregular and secondary movements to be followed throughout the European Union, and can lead to establishing the identity of the individual concerned in the absence of valid identity documents.

- Lowering the age of taking fingerprints to 6 years old (Articles 10, 13 and 14): the age for taking fingerprints has always historically been 14 years of age. The study conducted by the Commission's Joint Research Centre, on 'Fingerprint Recognition for children'22 indicates that fingerprints taken from children age six and above can be used in automated matching scenarios such as EURODAC when sufficient care is taken to acquire good quality images.

Indeed many Member States take the fingerprints of children at a lower age than six for national purposes, such as issuing a passport or a biometric residence permit.

Many applicants for international protection and third-country nationals arriving irregularly to the European Union travel with families and in many cases very young children. Being able to identify these children with the help of fingerprints and facial images will help identify children in cases where they are separated from their families by allowing a Member State to follow up a line of inquiry where a fingerprint match indicates that they were present in another Member State. It would also strengthen the protection of unaccompanied minors who do not always formally seek international protection and who abscond from care institutions or child social services under which their care has been assigned. Under the current legal and technical framework their identity cannot be established. Thus the EURODAC system could be used to register children from third-countries where they are found undocumented within the EU to help keep track of them and prevent them from ending up in scenarios of exploitation.

- Data retention (Article 17): the data retention period of applicants for international protection remains the same at 10 years. This is to ensure that Member States can track secondary movements within the European Union following a grant of international protection status where the individual concerned is not authorised to reside in another Member State. Given that the recast Dublin Regulation will include in its scope beneficiaries

(Report EUR 26193 EN; ISBN 978-92-79-33390-3)

22

of international protection, this data can now be used to transfer back refugees or persons granted subsidiary protection status to the Member State that granted them such protection.

Fingerprint data for illegally staying third-country nationals who do not claim asylum will be retained for five years. This is because EURODAC is no longer a database for asylum applicants only and retaining this data for longer is necessary to ensure that illegal immigration and secondary movements within and to the EU can be sufficiently monitored. This storage period is aligned with the maximum period for placing an entry ban on an individual for migration purposes as set out in Article 11 of the Returns Directive 2008/115/EC, the data retention period for storing information on a visa (Article 23 of the Visa Regulation), and the proposed data retention period for storing data in the Entry/Exit System (Article 31 of the EES).

- Advanced data erasure (Article 18): advanced data erasure remains the same for applicants for international protection and irregular third-country nationals or stateless persons who are granted citizenship. Data belonging to these individuals that is stored in the central system will be deleted in advance if citizenship of a Member State is obtained because they no longer fall within the scope of EURODAC.

Data will no longer be deleted in advance for illegally staying third-country nationals or stateless persons who were granted a residence document or left the territory of the European Union. It is necessary to retain this data in case at some point a residence document, which normally confers limited leave, is no longer valid and the individual overstays, or the illegally staying third-country national who had returned to a third country may attempt to re-enter the EU in an irregular manner again.

- Marking of data for illegally staying third-country nationals (Article 19 i and (5)): Currently under the EURODAC Regulation, the data of illegally staying third-country nationals who do not lodge an application for asylum within the European Union is erased in advance once a residence document is obtained. The proposal introduces changes to allow for this data to be marked instead of erased in advance, so that when a Member State conducts a search in EURODAC, which results in a marked hit from the Central system, it can ascertain immediately that the illegally staying third-country national has been given a residence document by another Member State. It may then be possible, under Article 6 i of the Return Directive to pass back the individual to the Member State that issued the residence document.

Data for applicants for international protection is blocked for law enforcement purposes after three years; however, the data of illegally staying third-country nationals, who do not apply for international protection and who have been granted a temporary residence document, will not be blocked for law enforcement purposes. This is to ensure that where a residence document expires before the five-year data retention period lapses, the data is still searchable. Data belonging to asylum applicants will continue to be treated differently in this respect because asylum applicants are more likely to obtain a renewal of their residence permit as a beneficiary of international protection or a long-term residence permit.

-Sharing information obtained from EURODAC with third-countries (Article 38): sharing information with a third country, international organisation or private entity is strictly prohibited under the current Regulation. Extending the scope of EURODAC to assist a Member State to use EURODAC data for identifying and re-documenting an illegally staying third-country national for return and readmission purposes will necessarily entail sharing that data in some circumstances, with a third country - for the legitimate and sole purposes of return. Thus a specific provision to allowing sharing data with third countries for return purposes has been included, that sets out very strict conditions under which this data can be shared. It also strictly forbids the EURODAC database to be accessed by a third country,

which is not a party to the Dublin Regulation, or to allow a Member State to check data on behalf of a third country. By adding this provision on sharing data with third countries, EURODAC is aligned with other databases such as the VIS and the Entry/Exit System that also contain similar provisions for sharing information for return purposes.

- Access for law enforcement authorities and EUROPOL(Article 20 (3)): minor amendments have been made to the provisions for law enforcement access to make sure that all three categories of data stored in the Central System can be compared against when a law enforcement search is carried out and to allow in the future, a search based on a facial image.

-Allowing European Border and Coast Guards and EASO Member State experts to take fingerprints (Article 10 i and 13 i: the proposal permits, at the discretion of a Member State, the European Border [and Coast] Guard Agency and Member State's asylum experts that are deployed to a Member State under the auspices of EASO, to take and transmit fingerprints to EURODAC on behalf of a Member State. The proposal limits these functions to areas where both Agencies' mandates permit them do this (i.e. at the external border for those entering illegally and for asylum applicants).

- Statistics (Article 9): to allow for more transparency of EURODAC data, amendments have been made to the type of statistics that are published and the frequency of publication by eu-LISA. New provisions have been included to allow for statistical data obtained from EURODAC to be shared with the relevant Justice and Home Affairs Agencies for analysis and research purposes. Statistics produced by eu-LISA for these purposes should not report any names, individual date of births, or any personal data that would individually identify a data-subject. Amendments have also been introduced to allow the Commission to request ad-hoc statistics from eu-LISA on request.

- Architecture and operational management of the Central System (Article 4 and 5): changes have been made to the communication infrastructure to allow for the Central System to make use of the Eurodomain, which will bring significant economies of scale. The operational management of DubliNet as an existing separate communication infrastructure for the purposes of the Dublin Regulation has also been incorporated under the system architecture and will ensure that both its financial and operational management is transferred to eu-LISA, who currently is only responsible for its operational management via a separate Memorandum of Understanding with the Commission (DG HOME).

- Providing information on false hits (Article 26(6)): Member States will now be required to inform only eu-LISA of the fact that a false hit was received by the Central System and give eu-LISA information relating to that hit so that they can unlink the false hit records from the database. In the future eu-LISA will compile statistics on the number of reported false hits so that the Commission will no longer need to be informed directly of a false hit.

- Using real personal data for testing (Article 5(1)): When it has come to testing the EURODAC Central System, eu-LISA has been restricted to using dummy data for the test environment and to test new technologies, which has failed to yield good test results because of the data used. The proposal allows for the use of real personal data when testing the Central System for diagnostics and repair, as well as the use of new technologies and techniques, subject to stringent conditions and on the basis that the data is anonymised for the testing purposes and cannot be used for individual identification.

^ 603/2013 (adapted)