Considerations on COM(2016)272 - Establishment of 'Eurodac' for the comparison of fingerprints (recast) - EU monitor

EU monitor
Monday, June 1, 2020
calendar

Considerations on COM(2016)272 - Establishment of 'Eurodac' for the comparison of fingerprints (recast)

Please note

This page contains a limited version of this dossier in the EU Monitor.

 
 
I ^ 603/2013 recital 1 (adapted) |

(1) A number of substantive changes are to be made to Council Regulation (EC) No 2725/2000 of 11 December 2000 concerning the establishment of Eurodac for the comparison of fingerprints for the effective application of the Dublin Convention23 and to Council Regulation (EC) No 407/2002 of 28 February 2002 laying down certain rules to implement Regulation (EC) No 2725/2000 concerning the establishment of 'Eurodac' for the comparison of fingerprints for the effective application of the Dublin Convention24 \E> Regulation (EU) No 603/2013 of the European Parliament and of the Council25 <S1 . In the interests of clarity, those \E> that <S1 Regulations should be recast.

25

OJ L 316, 15.12.2000, p. 1.

OJ L 62, 5.3.2002, p. 1.

Regulation (EU) No 603/2013 of the European Parliament and of the Council of 26 June 2013 on the

establishment of Eurodac for the comparison of fingerprints for the effective application of Regulation

23

24

^ 603/2013 recital 2

(2) A common policy on asylum, including a Common European Asylum System, is a constituent part of the European Union's objective of progressively establishing an area of freedom, security and justice open to those who, forced by circumstances, seek international protection in the Union.

| ^ 603/2013 recital 3 (adapted) |

(3) The European Council of 4 November 2004 adopted The Hague Programme which set the objectives to be implemented in the area of freedom, security and justice in the period 2005 2010. The European Pact on Immigration and Asylum endorsed by the European Council of 15 16 October 2008 called for the completion of the establishment of a Common European Asylum System by creating a single procedure comprising common guarantees and a uniform status for refugees and for persons eligible for subsidiary protection.

| ^ 603/2013 recital 4 (adapted) |

(4) For the purposes of applying Regulation (EU) No […/…] of the European Parliament and of the Council26] of 26 June 2013 establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person27, it is necessary to establish the identity of applicants for international protection and of persons apprehended in connection with the unlawful crossing of the external borders of the Union. It is also desirable, in order effectively to apply Regulation (EU) No […/…], and in particular Articles[..] and [..]) thereof, to allow each Member State to check whether a third-country national or stateless person found illegally staying on its territory has applied for international protection in another Member State.

(EU) No 604/2013 establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person and on requests for the comparison with Eurodac data by Member States' law enforcement authorities and Europol for law enforcement purposes, and amending Regulation (EU) No 1077/2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (OJ L 180, 29.6.2013, p. 1).

Regulation (EU) No 604/2013 of the European Parliament and of the Council of 26 June 2013 establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person (OJ L 180, 29.6.2013, p. 31). See page 31 of this Official Journal.

26

27

^ 603/2013 recital 5 (adapted)

■=> new

(5) Fingerprints ■=> Biometrics ^ constitute an important element in establishing the exact identity of such persons. It is necessary to set up a system for the comparison of their fingerprint ■=> and facial image ^ data.

^ 603/2013 recital 6

■=> new

(6) To that end, it is necessary to set up a system known as Eurodac, consisting of a Central System, which will operate a computerised central database of fingerprint ■=> and facial image ^ data, as well as of the electronic means of transmission between the Member States and the Central System, hereinafter the 'Communication Infrastructure'.

•0- new

(7) For the purposes of applying and implementing Regulation (EU) No. […/…] it is also necessary to ensure that a separate secure communication infrastructure exists, which Member State's competent authorities for asylum can use for the exchange of information on applicants for international protection. This secure electronic means of transmission shall be known as DubliNet and should be managed and operated by eu-LISA.

| ^ 603/2013 recital 7 (adapted) |

(8) The Hague Programme called for the improvement of access to existing data filing systems in the Union. In addition, The Stockholm Programme called for well targeted data collection and a development of information exchange and its tools that is driven by law enforcement needs.

•0- new

(9) In 2015, the refugee and migration crisis brought to the fore challenges faced by some Member States with taking fingerprints of illegally staying third-country nationals or stateless persons who attempted to avoid the procedures for determining the Member State responsible for examining an application for international protection. The Communication of the Commission of 13 May 2015, titled 'A European Agenda on Migration'28 noted that "Member States must also implement fully the rules on taking migrants' fingerprints at the borders" and further proposed that "The Commission will also explore how more biometric identifiers can be used through the Eurodac system (such as using facial recognition techniques through digital photos)".

COM(2015) 240 final, 13.5.2015

28

(10)     To assist Member States overcome challenges relating to non-compliance with the fingerprinting process, this Regulation also permits the comparison of a facial image without fingerprints as a last resort, where it is impossible to take the fingerprints of the third-country national or stateless person because his or her fingertips are damaged, either intentionally or not, or amputated. Member States should exhaust all attempts to ensure that fingerprints can be taken from the data-subject before a comparison using a facial image only can be carried out where non-compliance based on reasons not relating to the conditions of the individual's fingertips are given. Where facial images are used in combination with fingerprint data, it allows for the reduction of fingerprints registered while enabling the same result in terms of accuracy of the identification.

(11)     The return of third-country nationals who do not have a right to stay in the Union, in accordance with fundamental rights as general principles of Union law as well as international law, including refugee protection and human rights obligations, and in compliance with the provisions of Directive 2008/115/EC29, is an essential part of the comprehensive efforts to address migration and, in particular, to reduce and deter irregular migration. To increase the effectiveness of the Union system to return illegally staying third-country nationals is needed in order to maintain public trust in the Union migration and asylum system, and should go hand in hand with the efforts to protect those in need of protection.

(12)     National authorities in the Member States experience difficulties in identifying illegally staying third-country nationals who use deceptive means to avoid their identification and to frustrate the procedures for re-documentation in view of their return and readmission. It is therefore essential to ensure that information on third-country nationals or stateless persons who are found to be staying illegally in the EU are collected and transmitted to Eurodac and are compared also with those collected and transmitted for the purpose of establishing the identity of applicants for international protection and of third-country nationals apprehended in connection with the unlawful crossing of the external borders of the Union, in order to facilitate their identification and re-documentation and to ensure their return and readmission, and to reduce identity fraud. It should also contribute to reducing the length of the administrative procedures necessary for ensuring return and readmission of illegally staying third-country nationals, including the period during which they may be kept in administrative detention awaiting removal. It should also allow identifying third countries of transit, where the illegally staytng third-country national may be readmitted.

(13)     In its Conclusions of 8 October 2015 on the future of return policy, the Council endorsed the initiative announced by the Commission to explore an extension of the scope and purpose of Eurodac to enable the use of data for return purposes30. Member States should have the necessary tools at their disposal to be able to detect illegal migration to and secondary movements of illegally staying third-country nationals in the Union. Therefore, the data in Eurodac should be available, subject to the conditions set out in this Regulation, for comparison by the designated authorities of the Member States.

29            Directive of the European Parliament and of the Council of 16 December 2008 on common standards and procedures in Member States for returning illegally staying third-country nationals, OJ L 348, 24,12,2008, p. 98.

30            EU Action Plan on return, COM(2015) 453 final.

(14) The Commission’s Communication on Stronger and Smarter Information Systems for Borders and Security31 highlights the need to improve the interoperability of information systems as a long-term objective, as also identified by the European Council and the Council. The Communication proposes to set up an Expert Group on Information Systems and Interoperability to address the legal and technical feasibility of achieving interoperability of the information systems for borders and security. This group should assess the necessity and proportionality of establishing interoperability with the Schengen Information Systems (SIS) and the Visa Information Systems (VIS), and examine if there is a need to revise the legal framework for law enforcement access to EURODAC.

^ 603/2013 recital 8

(15) It is essential in the fight against terrorist offences and other serious criminal offences for the law enforcement authorities to have the fullest and most up-to-date information if they are to perform their tasks. The information contained in Eurodac is necessary for the purposes of the prevention, detection or investigation of terrorist offences as referred to in Council Framework Decision 2002/475/JHA of 13 June 2002 on combating terrorism32 or of other serious criminal offences as referred to in Council Framework Decision 2002/584/JHA of 13 June 2002 on the European arrest warrant and the surrender procedures between Member States33. Therefore, the data in Eurodac should be available, subject to the conditions set out in this Regulation, for comparison by the designated authorities of Member States and the European Police Office (Europol).

^ 603/2013 recital 9

(16) The powers granted to law enforcement authorities to access Eurodac should be without prejudice to the right of an applicant for international protection to have his or her application processed in due course in accordance with the relevant law. Furthermore, any subsequent follow-up after obtaining a hit from Eurodac should also be without prejudice to that right.

| ^ 603/2013 recital 10 (adapted) |

(17) The Commission outlines \E> outlined <S1 in its Communication to the Council and the European Parliament of 24 November 2005 on improved effectiveness, enhanced interoperability and synergies among European databases in the area of Justice and Home Affairs that authorities responsible for internal security could have access to Eurodac in well-defined cases, when there is a substantiated suspicion that the perpetrator of a terrorist or other serious criminal offence has applied for international protection. In that Communication the Commission also found that the proportionality

31

32

COM(2016) 205 final

Council Framework Decision 2002/475/JHA of 13 June 2002 on combating terrorism (OJ L 164,

22.6.2002, p. 3).

Council Framework Decision 2002/584/JHA of 13 June 2002 on the European arrest warrant and the

surrender procedures between Member States (OJ L 190, 18.7.2002, p. 1).

33

principle requires that Eurodac be queried for such purposes only if there is an overriding public security concern, that is, if the act committed by the criminal or terrorist to be identified is so reprehensible that it justifies querying a database that registers persons with a clean criminal record, and it concluded that the threshold for authorities responsible for internal security to query Eurodac must therefore always be significantly higher than the threshold for querying criminal databases.

^ 603/2013 recital 11

(18) Moreover, Europol plays a key role with respect to cooperation between Member States' authorities in the field of cross-border crime investigation in supporting Union-wide crime prevention, analyses and investigation. Consequently, Europol should also have access to Eurodac within the framework of its tasks and in accordance with Council Decision 2009/371/JHA of 6 April 2009 establishing the European Police Office (Europol)34.

^ 603/2013 recital 12

(19) Requests for comparison of Eurodac data by Europol should be allowed only in specific cases, under specific circumstances and under strict conditions.

^ 603/2013 recital 13

■=> new

(20) Since Eurodac was originally established to facilitate the application of the Dublin Convention, access to Eurodac for the purposes of preventing, detecting or investigating terrorist offences or other serious criminal offences constitutes a change of the original purpose of Eurodac, which interferes with the fundamental right to respect for the private life of individuals whose personal data are processed in Eurodac. ■=> In line with the requirements of Article 52(1) of the Charter of Fundamental Rights of the European Union, ^ Aany such interference must be in accordance with the law, which must be formulated with sufficient precision to allow individuals to adjust their conduct and it must protect individuals against arbitrariness and indicate with sufficient clarity the scope of discretion conferred on the competent authorities and the manner of its exercise. Any interference must be necessary in a democratic society to protect a legitimate and proportionate ■=> to genuinely meet an objective of general ^ interest and proportionate to the legitimate objective it aims to achieve.

^ 603/2013 recital 14

(21) Even though the original purpose of the establishment of Eurodac did not require the facility of requesting comparisons of data with the database on the basis of a latent fingerprint, which is the dactyloscopic trace which may be found at a crime scene,

Council Decision 2009/371/JHA of 6 April 2009 establishing the European Police Office (Europol) (OJ L 121, 15.5.2009, p. 37).

34

such a facility is fundamental in the field of police cooperation. The possibility to compare a latent fingerprint with the fingerprint data which is stored in Eurodac in cases where there are reasonable grounds for believing that the perpetrator or victim may fall under one of the categories covered by this Regulation will provide the designated authorities of the Member States with a very valuable tool in preventing, detecting or investigating terrorist offences or other serious criminal offences, when for example the only evidence available at a crime scene are latent fingerprints.

^ 603/2013 recital 15

(22) This Regulation also lays down the conditions under which requests for comparison of fingerprint data with Eurodac data for the purposes of preventing, detecting or investigating terrorist offences or other serious criminal offences should be allowed and the necessary safeguards to ensure the protection of the fundamental right to respect for the private life of individuals whose personal data are processed in Eurodac. The strictness of those conditions reflects the fact that the Eurodac database registers fingerprint data of persons who are not presumed to have committed a terrorist offence or other serious criminal offence.

| ^ 603/2013 recital 16 (adapted) |

(23) With a view to ensuring equal treatment for all applicants and beneficiaries of international protection, as well as in order to ensure consistency with the current Union asylum acquis, in particular with Directive 2011/95/EU of the European Parliament and of the Council of 13 December 2011 on standards for the qualification of third-country nationals or stateless persons as beneficiaries of international protection, for a uniform status for refugees or for persons eligible for subsidiary …etection, and for the content of the protection granted35 and Regulation (EU) No [/…]604/2013, it is appropriate to extend the scope of this Regulation in order to include \E> includes <S1 applicants for subsidiary protection and persons eligible for subsidiary protection \E> in its scope <S1 .

^ 603/2013 recital 17

■=> new

(24) It is also necessary to require the Member States promptly to take and transmit the fingerprint data of every applicant for international protection and of every third-country national or stateless person who is apprehended in connection with the irregular crossing of an external border of a Member State I or is found to be staying illegally in a Member State ^ , if they are at least 14 ■=> six ^ years of age.

35

Directive 2011/95/EU of the European Parliament and of the Council of 13 December 2011 on standards for the qualification of third-country nationals or stateless persons as beneficiaries of international protection, for a uniform status for refugees or for persons eligible for subsidiary protection, and for the content of the protection granted (OJ L 337, 20.12.2011, p. 9).

•0- new

(25)     In view of strengthening the protection of unaccompanied minors who have not applied for international protection and those children who may become separated from their families, it is also necessary to take fingerprints and a facial image for storage in the Central System to help establish the identity of a child and assist a Member State to trace any family or links they may have with another Member State. Establishing family links is a key element in restoring family unity and must be is closely linked to the determination of the best interests of the child and eventually, the determination of a durable solution.

(26)     The best interests of the minor should be a primary consideration for Member States when applying this Regulation. Where the requesting Member State establishes that Eurodac data pertain to a child, these data may only be used for law enforcement purposes by the requesting Member State in accordance with that State's laws applicable to minors and in accordance with the obligation to give primary consideration to the best interests of the child.

^ 603/2013 recital 18 (adapted)

■=> new

(27) It is necessary to lay down precise rules for the transmission of such fingerprint ■=> and facial image ^ data to the Central System, the recording of such fingerprint ■=> and facial image ^ data and of other relevant \E> personal <S1 data in the Central System, their storage, their comparison with other fingerprint ■=> and facial image ^ data, the transmission of the results of such comparison and the marking and erasure of the recorded data. Such rules may be different for, and should be specifically adapted to, the situation of different categories of third-country nationals or stateless persons.

^ 603/2013 recital 19 (adapted)

■=> new

(28) Member States should ensure the transmission of fingerprint ■=> and facial image <^ data of an appropriate quality for the purpose of comparison by means of the computerised fingerprint ■=> and facial ^ recognition system. All authorities with a right of access to Eurodac should invest in adequate training and in the necessary technological equipment. The authorities with a right of access to Eurodac should inform the European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice established by Regulation (EU) No 1077/2011 of the European Parliament and of the Council36 (the 'Agency' \E> 'eu-LISA' O ) of specific difficulties encountered with regard to the quality of data, in order to resolve them.

Regulation (EU) No 1077/2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (OJ L 286, 1.11.2011, p. 1).

36

^ 603/2013 recital 20

■=> new

(29) The fact that it is temporarily or permanently impossible to take and/or to transmit fingerprint ■=> and facial image ^ data, due to reasons such as insufficient quality of the data for appropriate comparison, technical problems, reasons linked to the protection of health or due to the data subject being unfit or unable to have his or her fingerprints ■=> or facial image ^ taken owing to circumstances beyond his or her control, should not adversely affect the examination of or the decision on the application for international protection lodged by that person.

•0- new

(30) Member States should refer to the Commission's Staff Working Document on Implementation of the Eurodac Regulation as regards the obligation to take fingerprints adopted by the Council on 20 July 201537, which sets out a best practice approach to taking fingerprints of irregular third-country nationals. Where a Member State's national law allows for the taking of fingerprints by force or coercion as a last resort, those measures must fully respect the EU Charter of Fundamental Rights. Third-country nationals who are deemed to be vulnerable persons and minors should not be coerced into giving their fingerprints or facial image, except in duly justified circumstances that are permitted under national law.

^ 603/2013 recital 21 (adapted)

■=> new

(31) Hits obtained from Eurodac should be verified by a trained fingerprint expert in order to ensure the accurate determination of responsibility under Regulation (EU) No 604/2013 ■=> ; the exact identification of the third-country national or stateless person ^ and the exact identification of the criminal suspect or victim of crime whose data might be stored in Eurodac. ■=> Hits obtained from Eurodac based on facial images should also be verified where there is doubt that the result relates to the same person. <^

^ 603/2013 recital 22 (adapted)

■=> new

(32) Third-country nationals or stateless persons who have requested international protection in one Member State may have the option of ■=> try to ^ requesting international protection in another Member State for many years to come. Therefore, the maximum period during which fingerprint ■=> and facial image ^ data should be kept by the Central System should be of considerable length. Given that most third-country nationals or stateless persons who have stayed in the Union for several years will have obtained a settled status or even citizenship of a Member State after that

37           COM(2015) 150 final, 27.5.2015

period, a period of ten years should be considered a reasonable period for the storage of fingerprint ■=> and facial image ^ data.

•0- new

(33) In view of successfully preventing and monitoring unauthorised movements of third-country nationals or stateless persons who have no right to stay in the Union, and of taking the necessary measures for successfully enforcing effective return and readmission to third countries in accordance with Directive 2008/115/EC38 and the right to protection of personal data, a period of five years should be considered a necessary period for the storage of fingerprint and facial data.

^ 603/2013 recital 23

■=> new

(34) The storage period should be shorter in certain special situations where there is no need to keep fingerprint ■=> and facial ^ data ■=> and all other personal data ^ for that length of time. Fingerprint ■=> and facial image ^ data ■=> and all other personal data belonging to a third-country national ^ should be erased immediately once third-country nationals or stateless persons obtain citizenship of a Member State.

^ 603/2013 recital 24

■=> new

(35) It is appropriate to store data relating to those data subjects whose fingerprints ■=> and facial images ^ were initially recorded in Eurodac upon lodging their applications for international protection and who have been granted international protection in a Member State in order to allow data recorded upon lodging an application for international protection to be compared against them.

| ^ 603/2013 recital 25 (adapted) |

(36) The Agency \E> eu-LISA O has been entrusted with the Commission's tasks relating to the operational management of Eurodac in accordance with this Regulation and with certain tasks relating to the Communication Infrastructure as from the date on which the Agency \E> eu-LISA O took up its responsibilities on 1 December 2012. The Agency should take up the tasks entrusted to it under this Regulation, and the relevant provisions of Regulation (EU) No 1077/2011 should be amended accordingly. In addition, Europol should have observer status at the meetings of the Management Board of the Agency \E> eu-LISA O when a question in relation to the application of this Regulation concerning access for consultation of Eurodac by designated authorities of Member States and by Europol for the purposes of the prevention, detection or investigation of terrorist offences or of other serious criminal offences is

OJ L 348, 24.12.2008, p.98

38

on the agenda. Europol should be able to appoint a representative to the Eurodac Advisory Group of ⌦ eu-LISA ⌫ the Agency.

^ 603/2013 recital 26

The Staff Regulations of Officials of the European Union (Staff Regulations of Officials) and the Conditions of Employment of Other Servants of the European Union ('Conditions of Employment'), laid down in Regulation (EEC, Euratom, ECSC) No 259/68 of the Council39 (together referred to as the Staff Regulations) should apply to all staff working in the Agency on matters pertaining to this Regulation.

| ^ 603/2013 recital 27 (adapted) |

(37) It is necessary to lay down clearly the respective responsibilities of the Commission and \S> eu-LISA <S1 the Agency, in respect of the Central System and the Communication Infrastructure, and of the Member States, as regards data processing, data security, access to, and correction of, recorded data.

^ 603/2013 recital 28

(38) It is necessary to designate the competent authorities of the Member States as well as the National Access Point through which the requests for comparison with Eurodac data are made and to keep a list of the operating units within the designated authorities that are authorised to request such comparison for the specific purposes of the prevention, detection or investigation of terrorist offences or of other serious criminal offences.

^ 603/2013 recital 29

(39) Requests for comparison with data stored in the Central System should be made by the operating units within the designated authorities to the National Access Point, through the verifying authority, and should be reasoned. The operating units within the designated authorities that are authorised to request comparisons with Eurodac data should not act as a verifying authority. The verifying authorities should act independently of the designated authorities and should be responsible for ensuring, in an independent manner, strict compliance with the conditions for access as established in this Regulation. The verifying authorities should then forward the request, without forwarding the reasons for it, for comparison through the National Access Point to the Central System following verification that all conditions for access are fulfilled. In exceptional cases of urgency where early access is necessary to respond to a specific and actual threat related to terrorist offences or other serious criminal offences, the verifying authority should process the request immediately and only carry out the verification afterwards.

OJ L 56, 4.3.1968, p. 1.

39

^ 603/2013 recital 30

(40) The designated authority and the verifying authority may be part of the same organisation, if permitted under national law, but the verifying authority should act independently when performing its tasks under this Regulation.

^ 603/2013 recital 31

(41) For the purposes of protection of personal data, and to exclude systematic comparisons which should be forbidden, the processing of Eurodac data should only take place in specific cases and when it is necessary for the purposes of preventing, detecting or investigating terrorist offences or other serious criminal offences. A specific case exists in particular when the request for comparison is connected to a specific and concrete situation or to a specific and concrete danger associated with a terrorist offence or other serious criminal offence, or to specific persons in respect of whom there are serious grounds for believing that they will commit or have committed any such offence. A specific case also exists when the request for comparison is connected to a person who is the victim of a terrorist offence or other serious criminal offence. The designated authorities and Europol should thus only request a comparison with Eurodac when they have reasonable grounds to believe that such a comparison will provide information that will substantially assist them in preventing, detecting or investigating a terrorist offence or other serious criminal offence.

^ 603/2013 recital 32

(42) In addition, access should be allowed only on condition that comparisons with the national fingerprint databases of the Member State and with the automated fingerprinting identification systems of all other Member States under Council Decision 2008/615/JHA of 23 June 2008 on the stepping up of cross-border cooperation, particularly in combating terrorism and cross-border crime40 did not lead to the establishment of the identity of the data subject. That condition requires the requesting Member State to conduct comparisons with the automated fingerprinting identification systems of all other Member States under Decision 2008/615/JHA which are technically available, unless that Member State can justify that there are reasonable grounds to believe that it would not lead to the establishment of the identity of the data subject. Such reasonable grounds exist in particular where the specific case does not present any operational or investigative link to a given Member State. That condition requires prior legal and technical implementation of Decision 2008/615/JHA by the requesting Member State in the area of fingerprint data, as it should not be permitted to conduct a Eurodac check for law enforcement purposes where those above steps have not been first taken.

Council Decision 2008/615/JHA of 23 June 2008 on the stepping up of cross-border cooperation, particularly in combating terrorism and cross-border crime (OJ L 210, 6.8.2008, p. 1).

40

^ 603/2013 recital 33

(43) Prior to searching Eurodac, designated authorities should also, provided that the conditions for a comparison are met, consult the Visa Information System under Council Decision 2008/633/JHA of 23 June 2008 concerning access for consultation of the Visa Information System (VIS) by designated authorities of Member States and by Europol for the purposes of the prevention, detection and investigation of terrorist offences and of other serious criminal offences41.

^ 603/2013 recital 34

(44) For the purpose of efficient comparison and exchange of personal data, Member States should fully implement and make use of the existing international agreements as well as of Union law concerning the exchange of personal data already in force, in particular of Decision 2008/615/JHA.

^ 603/2013 recital 35

The best interests of the child should be a primary consideration for Member States when applying this Regulation. Where the requesting Member State establishes that Eurodac data pertain to a minor, these data may only be used for law enforcement purposes by the requesting Member State in accordance with that State's laws applicable to minors and in accordance with the obligation to give primary consideration to the best interests of the child.

^ 603/2013 recital 36

(45) While the non-contractual liability of the Union in connection with the operation of the Eurodac system will be governed by the relevant provisions of the Treaty on the Functioning of the European Union (TFEU), it is necessary to lay down specific rules for the non-contractual liability of the Member States in connection with the operation of the system.

^ 603/2013 recital 37 (adapted)

■=> new

(46) Since the objective of this Regulation, namely the creation of a system for the comparison of fingerprint ■=> and facial image ^ data to assist the implementation of Union asylum \E> and migration O policy, cannot, by its very nature, be sufficiently achieved by the Member States and can therefore be better achieved at Union level, the Union may adopt measures in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union (TEU). In accordance with the

Council Decision 2008/633/JHA of 23 June 2008 concerning access for consultation of the Visa Information System (VIS) by designated authorities of Member States and by Europol for the purposes of the prevention, detection and investigation of terrorist offences and of other serious criminal offences (OJ L 218, 13.8.2008, p. 129).

41

principle of proportionality, as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve that objective.

^ 603/2013 recital 38 (adapted)

■=> new

(47) [Directive [2016/…/…] of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data42] applies to the processing of personal data by the Member States carried out in application of this Regulation unless such processing is carried out by the designated or verifying \E> competent <S1 authorities of the Member States for the purposes of the prevention, \E> investigation, O detection or investigation I prosecution ^ of terrorist offences or of other serious criminal offences ■=> including the safeguarding against and the prevention of threats to public security ^ .

^ 603/2013 recital 39 (adapted)

■=> new

(48) \E> The national provisions adopted pursuant to Directive [2016/… /EU] of the European Parliament and of the Council [of … 2016] on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data apply to <S1 Tthe processing of personal data by the \E> competent <S1 authorities of the Member States for the purposes of the prevention, \E> investigation, O detection or investigation ■=> prosecution ^ of terrorist offences or of other serious criminal offences pursuant to this Regulation should be subject to a standard of protection of personal data under their national law which complies with Council Framework Decision 2008/977/JHA of 27 November 2008 on the protection of personal data processed in the framework of police and judicial co operation in criminal matters43.

^ 603/2013 recital 40 (adapted)

■=> new

(49) The principles ■=> rules ^ set out in Regulation Directive [2016/…/..] 95/46/EC regarding the protection of the rights and freedoms of individuals, notably their right to \E> the protection of personal data concerning them O privacy, with regard to the processing of personal data should be ■=> specified in respect of the responsibility for the processing of the data, of safeguarding the rights of data subjects and of the supervision of data protection ^ supplemented or clarified, in particular as far as certain sectors are concerned.

Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (OJ L 281, 23.11.1995, p. 31). OJ L 350, 30.12.2008, p. 60.

42

43

^ 603/2013 recital 41

■=> new

(50) Transfers of personal data obtained by a Member State or Europol pursuant to this Regulation from the Central System to any third country or international organisation or private entity established in or outside the Union should be prohibited, in order to ensure the right to asylum and to safeguard applicants for international protection from having their data disclosed to a third country. This implies that Member States should not transfer information obtained from the Central System concerning: ■=> the name(s); date of birth; nationality; ^ the Member State(s) of origin ■=> or Member State of allocation; the details of the identity or travel document; ^ ; the place and date of application for international protection; the reference number used by the Member State of origin; the date on which the fingerprints were taken as well as the date on which the Member State(s) transmitted the data to Eurodac; the operator user ID; and any information relating to any transfer of the data subject under [Regulation (EU) No 604/2013]. That prohibition should be without prejudice to the right of Member States to transfer such data to third countries to which [Regulation (EU) No 604/2013] applies [■=> in accordance with Regulation (EU) No […/2016]respectively with the national rules adopted pursuant to Directive [2016/…/EU] <=■], in order to ensure that Member States have the possibility of cooperating with such third countries for the purposes of this Regulation.

•0- new

(51) In individual cases, information obtained from the Central System may be shared with a third-country in order to assist with the identification of a third-country national in relation to his/her return. Sharing of any personal data must be subject to strict conditions. Where such information is shared, no information shall be disclosed to a third-country relating to the fact that an application for international protection has been made by a third-country national where the country the individual is being readmitted to, is also the individual's country of origin or another third-country where they will be readmitted. Any transfer of data to a third-country for the identification of a third-country national must be in accordance with the provisions of Chapter V of Regulation (EU) No. […2016].

^ 603/2013 recital 42

(52) National supervisory authorities should monitor the lawfulness of the processing of personal data by the Member States, and the supervisory authority set up by Decision 2009/371/JHA should monitor the lawfulness of data processing activities performed by Europol.

^ 603/2013 recital 43

(53) Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of

personal data by the Community institutions and bodies and on the free movement of such data44, and in particular Articles 21 and 22 thereof concerning confidentiality and security of processing, applies to the processing of personal data by Union institutions, bodies, offices and agencies carried out in application of this Regulation. However, certain points should be clarified in respect of the responsibility for the processing of data and of the supervision of data protection, bearing in mind that data protection is a key factor in the successful operation of Eurodac and that data security, high technical quality and lawfulness of consultations are essential to ensure the smooth and proper functioning of Eurodac as well as to facilitate the application of [Regulation (EU) No 604/2013].

^ 603/2013 recital 44 (adapted)

■=> new

(54) The data subject should be informed ■=> in particular ^ of the purpose for which his or her data will be processed within Eurodac, including a description of the aims of Regulation (EU) […/…] No 604/2013, and of the use to which law enforcement authorities may put his or her data.

^ 603/2013 recital 45

(55) It is appropriate that national supervisory authorities monitor the lawfulness of the processing of personal data by the Member States, whilst the European Data Protection Supervisor, as referred to in Regulation (EC) No 45/2001, should monitor the activities of the Union institutions, bodies, offices and agencies in relation to the processing of personal data carried out in application of this Regulation.

•0- new

(56) The European Data Protection Supervisor was consulted in accordance with Article 28(2) of Regulation (EC) No 45/2001 and delivered an opinion on […]

^ 603/2013 recital 46

(57) Member States, the European Parliament, the Council and the Commission should ensure that the national and European supervisory authorities are able to supervise the use of and access to Eurodac data adequately.

^ 603/2013 recital 47 (adapted)

(58) It is appropriate to monitor and evaluate the performance of Eurodac at regular intervals, including in terms of whether law enforcement access has led to indirect

Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data (OJ L 8, 12.1.2001, p. 1).

44

discrimination against applicants for international protection, as raised in the Commission's evaluation of the compliance of this Regulation with the Charter of Fundamental Rights of the European Union ('the Charter'). The Agency ⌦ eu-LISA ⌫ should submit an annual report on the activities of the Central System to the European Parliament and to the Council.

^ 603/2013 recital 48

■=> new

(59) Member States should provide for a system of effective, proportionate and dissuasive penalties to sanction the ■=> unlawful ^ processing of data entered in the Central System contrary to the purpose of Eurodac.

^ 603/2013 recital 49

(60) It is necessary that Member States be informed of the status of particular asylum procedures, with a view to facilitating the adequate application of Regulation (EU) No 604/2013.

^ 603/2013 recital 50

(61) This Regulation respects the fundamental rights and observes the principles recognised in particular by the Charter. In particular, this Regulation seeks to ensure full respect for the protection of personal data and for the right to seek international protection, and to promote the application of Articles 8 and 18 of the Charter. This Regulation should therefore be applied accordingly.

^ 603/2013 recital 51

(62) In accordance with Articles 1 and 2 of Protocol No 22 on the position of Denmark, annexed to the TEU and to the TFEU, Denmark is not taking part in the adoption of this Regulation and is not bound by it or subject to its application.

| ^ 603/2013 recital 52 (adapted) |

In accordance with Article 3 of Protocol No 21 on the position of the United Kingdom and Ireland in respect of the Area of Freedom, Security and Justice, annexed to the TEU and to the TFEU, the United Kingdom has notified its wish to take part in the adoption and application of this Regulation.

^ 603/2013 recital 53 (adapted)

In accordance with Article 1 and 2 of Protocol No 21 on the position of the United Kingdom and Ireland in respect of the Area of Freedom, Security and Justice, annexed to the TEU and

to the TFEU, and without prejudice to Article 4 of that Protocol, Ireland is not taking part i the adoption of this Regulation and is not bound by it or subject to its application.

•0- new

(63)     [In accordance with Article 3 of Protocol No 21 on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, those Member States have notified their wish to take part in the adoption and application of this Regulation] OR

(64)     [In accordance with Articles 1 and 2 of Protocol No 21 on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, and without prejudice to Article 4 of that Protocol, those Member States are not taking part in the adoption of this Regulation and are not bound by it or subject to its application.] OR

(65)     [In accordance with Articles 1 and 2 of Protocol No 21 on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, and without prejudice to Article 4 of that Protocol, the United Kingdom is not taking part in the adoption of this Regulation and is not bound by it or subject to its application.

(66)     In accordance with Article 3 of Protocol No 21 on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, Ireland has notified (, by letter of ...,) its wish to take part in the adoption and application of this Regulation.] OR

(67)     [In accordance with Article 3 of Protocol No 21 on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, the United Kingdom has notified (, by letter of ...,) its wish to take part in the adoption and application of this Regulation.

(68)     In accordance with Articles 1 and 2 of Protocol No 21 on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, and without prejudice to Article 4 of that Protocol, Ireland is not taking part in the adoption of this Regulation and is not bound by it or subject to its application.]

^ 603/2013 recital 54 (adapted)

(69) It is appropriate to restrict the territorial scope of this Regulation so as to align it on the territorial scope of Regulation (EU) No […/…] 604/2013,

^ 603/2013 (adapted)