Considerations on COM(2017)793 - Establishing a framework for interoperability between EU information systems (borders and visa)

Please note

This page contains a limited version of this dossier in the EU Monitor.

 
 
table>(1)In its Communication of 6 April 2016 entitled Stronger and Smarter Information Systems for Borders and Security, the Commission underlined the need to improve the Union's data management architecture for border management and security. The Communication initiated a process towards achieving interoperability between EU information systems for security, border and migration management, with the aim to address the structural shortcomings related to those systems that impede the work of national authorities and to ensure that border guards, customs authorities, police officers and judicial authorities have the necessary information at their disposal.
(2)In its Roadmap to enhance information exchange and information management including interoperability solutions in the Justice and Home Affairs area of 6 June 2016, the Council identified various legal, technical and operational challenges in the interoperability of EU information systems and called for the pursuit of solutions.

(3)In its Resolution of 6 July 2016 on the strategic priorities for the Commission Work Programme 2017 (3), the European Parliament called for proposals to improve and develop existing EU information systems, address information gaps and move towards their interoperability, as well as proposals for compulsory information sharing at EU level, accompanied by the necessary data protection safeguards.

(4)In its conclusions of 15 December 2016 the European Council called for work to continue on delivering interoperability of EU information systems and databases.

(5)In its final report of 11 May 2017, the high-level expert group on information systems and interoperability concluded that it was necessary and technically feasible to work towards practical solutions for interoperability and that interoperability could, in principle, both deliver operational gains and be established in compliance with data protection requirements.

(6)In its Communication of 16 May 2017 entitled Seventh progress report towards an effective and genuine Security Union, the Commission set out, in line with its Communication of 6 April 2016 and the findings and recommendations of the high-level expert group on information systems and interoperability, a new approach to the management of data for borders, security and migration whereby all EU information systems for security, border and migration management were to be interoperable, in a manner fully respecting fundamental rights.

(7)In its Conclusions of 9 June 2017 on the way forward to improve information exchange and ensure the interoperability of EU information systems, the Council invited the Commission to pursue the solutions for interoperability proposed by the high-level expert group.

(8)In its conclusions of 23 June 2017 the European Council underlined the need to improve interoperability between databases and invited the Commission to prepare draft legislation on the basis of the proposals made by the high-level expert group on information systems and interoperability as soon as possible.

(9)With a view to improving the effectiveness and efficiency of checks at the external borders, to contributing to prevention and combating illegal immigration and to contributing to a high level of security within the area of freedom, security and justice of the Union, including the maintenance of public security and public policy and safeguarding security in the territories of the Member States, to improving the implementation of the common visa policy, to assisting in the examination of applications for international protection, to contributing to the prevention, detection and investigation of terrorist offences and other serious criminal offences, to facilitating the identificaton of unknown persons who are unable to identify themselves or unidentified human remains in the case of a natural disaster, accident or terrorist attack, in order to maintain public trust in the Union migration and asylum system, Union security measures and Union capabilities to manage the external border, interoperability between EU information systems, namely the Entry/Exit System (EES), the Visa Information System (VIS), the European Travel Information and Authorisation System (ETIAS), Eurodac, the Schengen Information System (SIS), and the European Criminal Records Information System for Third-Country Nationals (ECRIS-TCN) should be established in order for these EU information systems and their data to supplement each other while respecting the fundamental rights of individuals, in particular the right to protection of personal data. To achieve this, a European search portal (ESP), a shared biometric matching service (shared BMS), a common identity repository (CIR) and a multiple-identity detector (MID) should be established as interoperability components.

(10)Interoperability between the EU information systems should allow those systems to supplement each other in order to facilitate the correct identification of persons, including unknown persons who are unable to identify themselves or unidentified human remains, contribute to combating identity fraud, improve and harmonise the data quality requirements of the respective EU information systems, facilitate the technical and operational implementation by Member States of EU information systems, strengthen the data security and data protection safeguards that govern the respective EU information systems, streamline access for the purposes of preventing, detecting or investigating terrorist offences or other serious criminal offences to the EES, VIS, ETIAS and Eurodac, and support the purposes of the EES, VIS, ETIAS, Eurodac, SIS and ECRIS-TCN.

(11)The interoperability components should cover the EES, VIS, ETIAS, Eurodac, SIS, and ECRIS-TCN. They should also cover Europol data, but only to the extent of enabling Europol data to be queried simultaneously with those EU information systems.

(12)The interoperability components should process the personal data of persons whose personal data are processed in the underlying EU information systems and by Europol.

(13)The ESP should be established to facilitate technically the fast, seamless, efficient, systematic and controlled access by Member State authorities and Union agencies to the EU information systems, to Europol data and to the International Criminal Police Organization (Interpol) databases, insofar as this is needed to perform their tasks in accordance with their access rights. The ESP should also be established to support the objectives of the EES, VIS, ETIAS, Eurodac, SIS, ECRIS-TCN and Europol data. By enabling all relevant EU information systems, Europol data and the Interpol databases to be queried in parallel, the ESP should act as a single window or ‘message broker’ to search the various central systems and retrieve the necessary information seamlessly and in full respect of the access control and data protection requirements of the underlying systems.

(14)The design of the ESP should ensure that, when querying the Interpol databases, the data used by an ESP user to launch a query is not shared with the owners of Interpol data. The design of the ESP should also ensure that the Interpol databases are only queried in accordance with applicable Union and national law.

(15)The Interpol database of Stolen and Lost Travel Documents (SLTD database) enables authorised entities responsible for preventing, detecting or investigating terrorist offences or other serious criminal offences in Member States, including immigration and border control authorities, to establish the validity of a travel document. ETIAS queries the SLTD database and the Interpol Travel Documents Associated with Notices database (TDAWN database) in the context of assessing whether a person applying for a travel authorisation is likely for instance to migrate irregularly or could pose a threat to security. The ESP should enable queries against the SLTD and TDAWN databases using an individual's identity data or travel document data. Where personal data are transferred from the Union to Interpol through the ESP, the provisions on international transfers in Chapter V of Regulation (EU) 2016/679 of the European Parliament and of the Council (4), or the national provisions transposing Chapter V of Directive (EU) 2016/680 of the European Parliament and of the Council (5) should apply. This should be without prejudice to the specific rules laid down in Council Common Position 2005/69/JHA (6) and Council Decision 2007/533/JHA (7).

(16)The ESP should be developed and configured in such a way that it only allows such queries to be performed using data related to persons or travel documents held in an EU information system, in Europol data or in the Interpol databases.

(17)To ensure the systematic use of the relevant EU information systems, the ESP should be used to query the CIR, the EES, VIS, ETIAS, Eurodac and ECRIS-TCN. However, a national connection to the different EU information systems should remain in order to provide a technical fall back. The ESP should also be used by Union agencies to query Central SIS in accordance with their access rights and in order to perform their tasks. The ESP should be an additional means to query Central SIS, Europol data and the Interpol databases, complementing the existing dedicated interfaces.

(18)Biometric data, such as fingerprints and facial images, are unique and therefore much more reliable than alphanumeric data for the purposes of identifying a person. The shared BMS should be a technical tool to reinforce and facilitate the work of the relevant EU information systems and the other interoperability components. The main purpose of the shared BMS should be to facilitate the identification of an individual who is registered in several databases, by using a single technological component to match that individual's biometric data across different systems, instead of several components. The shared BMS should contribute to security, as well as financial, maintenance and operational benefits. All automated fingerprint identification systems, including those currently used for Eurodac, VIS and SIS, use biometric templates comprised of data derived from a feature extraction of actual biometric samples. The shared BMS should regroup and store all these biometric templates – logically separated according to the information system from which the data originated – in one single location, thereby facilitating cross-system comparisons using biometric templates and enabling economies of scale in developing and maintaining the EU central systems.

(19)The biometric templates stored in the shared BMS should be comprised of data derived from a feature extraction of actual biometric samples and obtained in such a way that reversing the extraction process is not possible. Biometric templates should be obtained from biometric data but it should not be possible to obtain that same biometric data from the biometric templates. As palm print data and DNA profiles are only stored in SIS and cannot be used to perform cross-checks with data present in other information systems, following the principles of necessity and proportionality, the shared BMS should not store DNA profiles or biometric templates obtained from palm print data.

(20)Biometric data constitute sensitive personal data. This Regulation should lay down the basis and the safeguards for processing such data for the purpose of uniquely identifying the persons concerned.

(21)The EES, VIS, ETIAS, Eurodac and ECRIS-TCN require accurate identification of the persons whose personal data are stored in them. The CIR should therefore facilitate the correct identification of persons registered in those systems.

(22)Personal data stored in those EU information systems may relate to the same persons but under different or incomplete identities. Member States dispose of efficient ways to identify their citizens or registered permanent residents in their territory. The interoperability between EU information systems should contribute to the correct identification of persons present in those systems. The CIR should store the personal data that are necessary to enable the more accurate identification of the individuals whose data are stored in those systems, including their identity data, travel document data and biometric data, regardless of the system in which the data were originally collected. Only the personal data strictly necessary to perform an accurate identity check should be stored in the CIR. The personal data recorded in the CIR should be kept for no longer than is strictly necessary for the purposes of the underlying systems and should be automatically deleted when the data are deleted from the underlying systems in accordance with their logical separation.

(23)A new processing operation consisting of the storage of such data in the CIR instead of the storage in each of the separate systems is necessary to increase the accuracy of identification through the automated comparison and matching of the data. The fact that identity data, travel document data and biometric data are stored in the CIR should not hinder in any way the processing of data for the purposes of the EES, VIS, ETIAS, Eurodac or ECRIS-TCN, as the CIR should be a new shared component of those underlying systems.

(24)It is therefore necessary to create an individual file in the CIR for each person registered in the EES, VIS, ETIAS, Eurodac or ECRIS-TCN, to achieve the purpose of correct identification of persons within the Schengen area and to support the MID for the dual purpose of facilitating identity checks for bona fide travellers and combating identity fraud. The individual file should store all the identity information linked to a person in a single place and make it accessible to duly authorised end-users.

(25)The CIR should thus facilitate and streamline access by authorities responsible for preventing, detecting or investigating terrorist offences or other serious criminal offences to the EU information systems that are not established exclusively for purposes of prevention, detection or investigation of serious crime.

(26)The CIR should provide for a shared container for identity data, travel document data and biometric data of persons registered in the EES, VIS, ETIAS, Eurodac and the ECRIS-TCN. It should be part of the technical architecture of these systems and serve as the shared component between them for storing and querying the identity data, travel document data and biometric data they process.

(27)All records in the CIR should be logically separated by automatically tagging each record with the name of the underlying system owning that record. The access controls of the CIR should use these tags to determine whether to allow access to the record.

(28)Where a Member State police authority is unable to identify a person due to the lack of a travel document or another credible document proving that person's identity, or where there are doubts about the identity data provided by that person or as to the authenticity of the travel document or the identity of its holder, or where the person is unable or refuses to cooperate, that police authority should be able to query the CIR in order to identify the person. For those purposes, police authorities should capture fingerprints using live-scan fingerprinting techniques, provided that the procedure was initiated in the presence of that person. Such queries of the CIR should not be permitted for the purposes of identifying minors under the age of 12 years old, unless in the best interests of the child.

(29)Where the biometric data of a person cannot be used or if a query with that data fails, the query should be carried out with identity data of the person in combination with travel document data. Where the query indicates that data on that person are stored in the CIR, Member State authorities should have access to the CIR to consult the identity data and travel document data of that person, without the CIR providing any indication as to which EU information system the data belong.

(30)Member States should adopt national legislative measures designating the authorities competent to perform identity checks using the CIR and laying down the procedures, conditions and criteria for such checks, which should follow the principle of proportionality. In particular, the power to collect biometric data during an identity check of a person present before a staff member of those authorities should be provided for by national law.

(31)This Regulation should also introduce a new possibility for streamlined access to data beyond the identity data or travel document data present in the EES, VIS, ETIAS or Eurodac by Member State designated authorities responsible for preventing, detecting or investigating terrorist offences or other serious criminal offences and Europol. Such data may be necessary for the prevention, detection or investigation of terrorist offences or other serious criminal offences in a specific case where there are reasonable grounds to believe that consulting them will contribute to the prevention, detection or investigation of the terrorist offences or other serious criminal offences, in particular where there is a suspicion that the suspect, perpetrator or victim of a terrorist offence or other serious criminal offence is a person whose data are stored in the EES, VIS, ETIAS or Eurodac.

(32)Full access to data contained in the EES, VIS, ETIAS or Eurodac that is necessary for the purposes of preventing, detecting or investigating terrorist offences or other serious criminal offences, beyond access to identity data or travel document data held in the CIR, should continue to be governed by the applicable legal instruments. The designated authorities responsible for preventing, detecting or investigating terrorist offences or other serious criminal offences and Europol do not know in advance which of the EU information systems contains data of the persons they need to inquire upon. This results in delays and inefficiencies. The end-user authorised by the designated authority should therefore be allowed to see in which of those EU information systems the data corresponding to the result of a query are recorded. The system concerned would thus be flagged following the automated verification of the presence of a match in the system (a so-called match-flag functionality).

(33)In this context, a reply from the CIR should not be interpreted or used as a ground or reason to draw conclusions on or undertake measures in respect of a person, but should be used only for the purpose of submitting an access request to the underlying EU information systems, subject to the conditions and procedures laid down in the respective legal instruments governing such access. Any such access request should be subject to Chapter VII of this Regulation and as applicable, Regulation (EU) 2016/679, Directive (EU) 2016/680 or Regulation (EU) 2018/1725 of the European Parliament and of the Council (8).

(34)As a general rule, where a match-flag indicates that the data are recorded in the EES, VIS, ETIAS or Eurodac, the designated authorities or Europol should request full access to at least one of the EU information systems concerned. Where exceptionally such full access is not requested, for example because designated authorities or Europol have already obtained the data by other means, or obtaining the data is no longer permitted under national law, the justification for not requesting access should be recorded.

(35)The logs of the queries of the CIR should indicate the purpose of the queries. Where such a query was performed using the two-step data consultation approach, the logs should include a reference to the national file of the investigation or case, thereby indicating that the query was launched for the purposes of preventing, detecting or investigating terrorist offences or other serious criminal offences.

(36)The query of the CIR by the designated authorities and Europol in order to obtain a match-flag type of response indicating that the data are recorded in the EES, VIS, ETIAS or Eurodac requires automated processing of personal data. A match-flag should not reveal personal data of the concerned individual other than an indication that some of his or her data are stored in one of the systems. No adverse decision for the individual concerned should be made by the authorised end-user solely on the basis of the simple occurrence of a match-flag. Access by the end-user to a match-flag will therefore constitute a very limited interference with the right to protection of personal data of the individual concerned, while allowing the designated authorities and Europol to request access to personal data more effectively.

(37)The MID should be established to support the functioning of the CIR and to support the objectives of the EES, VIS, ETIAS, Eurodac, SIS and ECRIS-TCN. In order to be effective in fulfilling their respective objectives, all of these EU information systems require the accurate identification of the persons whose personal data are stored in them.

(38)To better attain the objectives of EU information systems, the authorities using those systems should be able to conduct sufficiently reliable verifications of the identities of the persons whose data are stored in different systems. The set of identity data or travel document data stored in a given individual system may be incorrect, incomplete or fraudulent, and there is currently no way of detecting incorrect, incomplete or fraudulent identity data or travel document data by way of comparison with data stored in another system. To remedy this situation, it is necessary to have a technical instrument at Union level allowing accurate identification of persons for these purposes.

(39)The MID should create and store links between data in the different EU information systems in order to detect multiple identities, with the dual purpose of facilitating identity checks for bona fide travellers and combating identity fraud. The MID should only contain links between data on individuals present in more than one EU information system. The linked data should be strictly limited to the data necessary to verify that a person is recorded in a justified or unjustified manner under different identities in different systems, or to clarify that two persons having similar identity data may not be the same person. Data processing through the ESP and the shared BMS in order to link individual files across different systems should be kept to an absolute minimum and therefore limited to multiple-identity detection, to be conducted at the time new data are added in one of the systems which has data stored in the CIR or added in SIS. The MID should include safeguards against potential discrimination and unfavourable decisions for persons with multiple lawful identities.

(40)This Regulation provides for new data processing operations aimed at identifying the persons concerned correctly. This constitutes an interference with their fundamental rights as protected by Articles 7 and 8 of the Charter of Fundamental Rights of the European Union. Since the effective implementation of the EU information systems is dependent upon correct identification of the individuals concerned, such interference is justified by the same objectives for which each of those systems have been established, the effective management of the Union's borders, the internal security of the Union and the effective implementation of the Union's asylum and visa policies.

(41)The ESP and the shared BMS should compare data on persons in the CIR and SIS when new records are created or uploaded by a national authority or a Union agency. Such comparison should be automated. The CIR and SIS should use the shared BMS to detect possible links on the basis of biometric data. The CIR and SIS should use the ESP to detect possible links on the basis of alphanumeric data. The CIR and SIS should be able to identify the same or similar data on a person stored across several systems. Where such is the case, a link indicating that it is the same person should be established. The CIR and SIS should be configured in such a way that small transliteration or spelling mistakes are detected in such a way as not to create any unjustified hindrance to the person concerned.

(42)The national authority or Union agency that recorded the data in the respective EU information system should confirm or change the links. This national authority or Union agency should have access to the data stored in the CIR or SIS and in the MID for the purpose of a manual verification of different identities.

(43)A manual verification of different identities should be ensured by the authority creating or updating the data that triggered a match resulting in a link with data stored in another EU information system. The authority responsible for the manual verification of different identities should assess whether there are multiple identities referring to the same person in a justified or unjustified manner. Such an assessment should be performed where possible in the presence of the person concerned and where necessary by requesting additional clarifications or information. The assessment should be performed without delay, in line with legal requirements for the accuracy of information under Union and national law. At the borders especially, the movement of the persons involved will be restricted for the duration of the verification, which should therefore not last indefinitely. The existence of a yellow link in the MID should not constitute in itself a ground for refusal of entry and any decision on authorising or refusing entry should be taken exclusively on the basis of the applicable provisions of Regulation (EU) 2016/399 of the European Parliament and of the Council (9).

(44)For links obtained through SIS related to alerts in respect of persons wanted for arrest for surrender or extradition purposes, on missing or vulnerable persons, on persons sought to assist with a judicial procedure or on persons for discreet checks, inquiry checks or specific checks, the authority responsible for the manual verification of different identities should be the SIRENE Bureau of the Member State that created the alert. These categories of SIS alerts are sensitive and should not necessarily be shared with the authorities creating or updating data that are linked to them in one of the other EU information systems. The creation of a link with SIS data should be without prejudice to the actions to be taken in accordance with Regulations (EU) 2018/1860 (10), (EU) 2018/1861 (11) and (EU) 2018/1862 (12) of the European Parliament and of the Council.

(45)The creation of such links requires transparency towards the individuals affected. In order to facilitate the implementation of the necessary safeguards in accordance with applicable Union data protection rules, individuals who are subject to a red link or a white link following manual verification of different identities should be informed in writing without prejudice to limitations to protect security and public order, prevent crime and guarantee that national investigations are not jeopardised. Those individuals should receive a single identification number allowing them to identify the authority to which they should address themselves to exercise their rights.

(46)Where a yellow link is created, the authority responsible for the manual verification of different identities should have access to the MID. Where a red link exists, Member State authorities and Union agencies having access to at least one EU information system included in the CIR or to SIS should have access to the MID. A red link should indicate that a person is using different identities in an unjustified manner or that a person is using somebody else's identity.

(47)Where a white or green link exists between data from two EU information systems, Member State authorities and Union agencies should have access to the MID where the authority or agency concerned has access to both information systems. Such access should be granted for the sole purpose of allowing that authority or agency to detect potential cases where data have been linked incorrectly or processed in the MID, CIR and SIS in breach of this Regulation and of taking action to correct the situation and update or delete the link.

(48)The European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA) should establish automated data quality control mechanisms and common data quality indicators. eu-LISA should be responsible for developing a central monitoring capacity for data quality and for producing regular data analysis reports to improve the control of the implementation by Member States of EU information systems. The common data quality indicators should include minimum quality standards for storing data in the EU information systems or interoperability components. The goal of such data quality standards should be for the EU information systems and interoperability components to identify automatically apparently incorrect or inconsistent data submissions, so that the originating Member State is able to verify the data and carry out any necessary remedial action.

(49)The Commission should evaluate eu-LISA's quality reports and should issue recommendations to Member States where appropriate. Member States should be responsible for preparing an action plan describing actions to remedy any deficiencies in data quality and should report on its progress regularly.

(50)The universal message format (UMF) should serve as a standard for structured, cross-border information exchange between information systems, authorities or organisations in the field of Justice and Home Affairs. The UMF should define a common vocabulary and logical structures for commonly exchanged information with the objective to facilitate interoperability by enabling the creation and reading of the contents of exchanges in a consistent and semantically equivalent manner.

(51)The implementation of the UMF standard may be considered in VIS, SIS and in any other existing or new cross-border information exchange models and information systems in the area of Justice and Home Affairs developed by Member States.

(52)A central repository for reporting and statistics (CRRS) should be established to generate cross-system statistical data and analytical reporting for policy, operational and data quality purposes in accordance with the applicable legal instruments. eu-LISA should establish, implement and host the CRRS in its technical sites. It should contain anonymised statistical data from the EU information systems, the CIR, the MID and the shared BMS. The data contained in the CRRS should not enable the identification of individuals. eu-LISA should render the data anonymous in an automated manner and should record such anonymised data in the CRRS. The process for rendering the data anonymous should be automated and no direct access by eu-LISA staff should be granted to any personal data stored in the EU information systems or in the interoperability components.

(53)Regulation (EU) 2016/679 applies to the processing of personal data for the purpose of interoperability under this Regulation by national authorities unless such processing is carried out by the designated authorities or central access points of the Member States for the purposes of the prevention, detection or investigation of terrorist offences or of other serious criminal offences.

(54)Where the processing of personal data by the Member States for the purpose of interoperability under this Regulation is carried out by the competent authorities for the purposes of the prevention, detection or investigation of terrorist offences or of other serious criminal offences, Directive (EU) 2016/680 applies.

(55)Regulation (EU) 2016/679, Regulation (EU) 2018/1725 or, where relevant, Directive (EU) 2016/680 apply to any transfer of personal data to third countries or international organisations carried out under this Regulation. Without prejudice to the grounds for transfer pursuant to Chapter V of Regulation (EU) 2016/679 or, where relevant, Directive (EU) 2016/680, any judgment of a court or tribunal and any decision of an administrative authority of a third country requiring a controller or processor to transfer or disclose personal data should only be recognised or enforceable in any manner if based on an international agreement in force between the requesting third country and the Union or a Member State.

(56)The specific provisions on data protection of Regulations (EU) 2017/2226 (13), (EC) No 767/2008 (14), (EU) 2018/1240 (15) of the European Parliament and of the Council and Regulation (EU) 2018/1861 apply to the processing of personal data in the systems governed by those Regulations.

(57)Regulation (EU) 2018/1725 applies to the processing of personal data by eu-LISA and other institutions and bodies of the Union when carrying out their responsibilities under this Regulation, without prejudice to Regulation (EU) 2016/794 of the European Parliament and of the Council (16), which applies to the processing of personal data by Europol.

(58)The supervisory authorities referred to in Regulation (EU) 2016/679 or Directive (EU) 2016/680 should monitor the lawfulness of the processing of personal data by the Member States. The European Data Protection Supervisor should monitor the activities of the Union institutions and bodies in relation to the processing of personal data. The European Data Protection Supervisor and the supervisory authorities should cooperate with each other in the monitoring of the processing of personal data by interoperability components. For the European Data Protection Supervisor to fulfil the tasks entrusted to it under this Regulation, sufficient resources, including both human and financial resources, are required.

(59)The European Data Protection Supervisor was consulted in accordance with Article 28(2) of Regulation (EC) No 45/2001 of the European Parliament and of the Council (17) and delivered an opinion on 16 April 2018 (18).

(60)The Article 29 Data Protection Working Party provided an opinion on 11 April 2018.

(61)Both the Member States and eu-LISA should maintain security plans in order to facilitate the implementation of security obligations and should cooperate with each other in order to address security issues. eu-LISA should also make sure there is a continuous use of the latest technological developments to ensure data integrity in the context of the development, design and management of the interoperability components. eu-LISA's obligations in this respect should include adopting the measures necessary to prevent access by unauthorised persons, such as staff of external service providers, to personal data processed through the interoperability components. When awarding contracts for the provision of services, the Member States and eu-LISA should consider all measures necessary to secure compliance with laws or regulations relating to the protection of personal data and to the privacy of individuals or to safeguard essential security interests, pursuant to Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council (19) and applicable international conventions. eu-LISA should apply the principles of privacy by design and by default during the development of the interoperability components.

(62)The implementation of the interoperability components provided for in this Regulation will have an impact on the way checks are carried out at border crossing points. The impact will result from the combined application of the existing rules of Regulation (EU) 2016/399 and the rules on interoperability provided for in this Regulation.

(63)As a consequence of this combined application of the rules, the ESP should constitute the main access point for the compulsory systematic consultation of databases in respect of persons at border crossing points provided for by Regulation (EU) 2016/399. In addition, the identity data or travel document data that have led to the classification of a link in the MID as a red link should be taken into account by border guards for the purposes of assessing whether or not the person fulfils the conditions of entry defined in Regulation (EU) 2016/399. However, the presence of a red link should not in itself constitute a ground for refusal of entry and the existing grounds for refusal of entry listed in Regulation (EU) 2016/399 should therefore not be amended.

(64)It would be appropriate to update the Practical Handbook for Border Guards to make these clarifications explicit.

(65)Should a query of the MID through the ESP result in a yellow link or detect a red link, the border guard should consult the CIR or SIS or both in order to assess the information on the person being checked, to manually verify his or her identity data and to adapt the colour of the link if required.

(66)To support the purposes of statistics and reporting, it is necessary to grant access to authorised staff of the competent authorities, Union institutions and agencies referred to in this Regulation to consult certain data related to certain interoperability components without enabling the identification of individuals.

(67)In order to allow Member State authorities and Union agencies to adapt to the new requirements on the use of the ESP, it is necessary to provide for a transitional period. Similarly, in order to allow for a coherent and optimal functioning of the MID, transitional measures should be established for the start of its operations.

(68)Since the objective of this Regulation, namely, the establishment of a framework for interoperability between EU information systems, cannot be sufficiently achieved by the Member States but can rather, by reason of the scale and effects of the action, be better achieved at Union level, the Union may adopt measures in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union (TEU). In accordance with the principle of proportionality, as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve that objective.

(69)The remaining amount in the budget earmarked for smart borders in Regulation (EU) No 515/2014 of the European Parliament and of the Council (20) should be reallocated to this Regulation pursuant to Article 5(5)(b) of Regulation (EU) No 515/2014, to cover the costs of the development of the interoperability components.

(70)In order to supplement certain detailed technical aspects of this Regulation, the power to adopt acts in accordance with Article 290 of the Treaty on the Functioning of the European Union (TFEU) should be delegated to the Commission in respect of:

extending the transitional period for the use of the ESP;

extending the transitional period for multiple-identity detection carried out by the ETIAS Central Unit;

the procedures for determining the cases where identity data can be considered as the same or similar;

the rules on the operation of the CRRS, including specific safeguards for processing of personal data and the security rules applicable to the repository; and

detailed rules on the operation of the web portal.

It is of particular importance that the Commission carry out appropriate consultations during its preparatory work, including at expert level, and that those consultations be conducted in accordance with the principles laid down in the Interinstitutional Agreement of 13 April 2016 on Better Law-Making (21). In particular, to ensure equal participation in the preparation of delegated acts, the European Parliament and the Council receive all documents at the same time as Member State' experts, and their experts systematically have access to meetings of Commission expert groups dealing with the preparation of delegated acts.

(71)In order to ensure uniform conditions for the implementation of this Regulation, implementing powers should be conferred on the Commission to determine the dates from which the ESP, the shared BMS, the CIR, the MID and the CRRS are to start operations.

(72)Implementing powers should also be conferred on the Commission relating to the adoption of detailed rules on: the technical details of the ESP user profiles; the specifications of the technical solution allowing the EU information systems, Europol data and Interpol databases to be queried through the ESP and the format of the ESP's replies; the technical rules for creating links in the MID between data from different EU information systems; the content and presentation of the form to be used to inform the data subject when a red link is created; the performance requirements and performance monitoring of the shared BMS; automated data quality control mechanisms, procedures and indicators; the development of the UMF standard; the cooperation procedure to be used in the case of a security incident; and the specifications of the technical solution for Member States to manage users access requests. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council (22).

(73)As the interoperability components will involve the processing of significant amounts of sensitive personal data, it is important that persons whose data are processed through those components can effectively exercise their rights as data subjects as required under Regulation (EU) 2016/679, Directive (EU) 2016/680 and Regulation (EU) 2018/1725. The data subjects should be provided with a web portal that facilitates their exercise of their rights of access to, rectification, erasure and restriction of processing of their personal data. eu-LISA should establish and manage such a web portal.

(74)One of the core principles of data protection is data minimisation: under Article 5(1)(c) of Regulation (EU) 2016/679, the processing of personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. For this reason, the interoperability components should not provide for the storage of any new personal data, with the exception of the links which will be stored in the MID and which are the minimum necessary for the purposes of this Regulation.

(75)This Regulation should contain clear provisions on liability and the right to compensation for unlawful processing of personal data and for any other act incompatible with it. Such provisions should be without prejudice to the right to compensation from, and liability of the controller or processor under Regulation (EU) 2016/679, Directive (EU) 2016/680 and Regulation (EU) 2018/1725. eu-LISA should be responsible for any damage it causes in its capacity as a data processor where it has not complied with the obligations specifically imposed on it by this Regulation, or where it has acted outside or contrary to lawful instructions of the Member State which is the data controller.

(76)This Regulation is without prejudice to the application of Directive 2004/38/EC of the European Parliament and of the Council (23).

(77)In accordance with Articles 1 and 2 of Protocol No 22 on the position of Denmark, annexed to the TEU and to the TFEU, Denmark is not taking part in the adoption of this Regulation and is not bound by it or subject to its application. Given that this Regulation builds upon the Schengen acquis, Denmark shall, in accordance with Article 4 of that Protocol, decide within a period of six months after the Council has decided on this Regulation whether it will implement it in its national law.

(78)This Regulation constitutes a development of the provisions of the Schengen acquis in which the United Kingdom does not take part, in accordance with Council Decision 2000/365/EC (24); the United Kingdom is therefore not taking part in the adoption of this Regulation and is not bound by it or subject to its application.

(79)This Regulation constitutes a development of the provisions of the Schengen acquis in which Ireland does not take part, in accordance with Council Decision 2002/192/EC (25); Ireland is therefore not taking part in the adoption of this Regulation and is not bound by it or subject to its application.

(80)As regards Iceland and Norway, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the latters' association with the implementation, application and development of the Schengen acquis (26) which fall within the area referred to in Article 1, points A, B, C and G of Council Decision 1999/437/EC (27).

(81)As regards Switzerland, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis (28) which fall within the area referred to in Article 1, points A, B, C and G of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2008/146/EC (29).

(82)As regards Liechtenstein, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis (30) which fall within the area referred to in Article 1, points A, B, C and G of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2011/350/EU (31).

(83)This Regulation respects the fundamental rights and observes the principles recognised in particular by the Charter of Fundamental Rights of the European Union and should be applied in accordance with those rights and principles.

(84)In order to have this Regulation fit into the existing legal framework, Regulations (EC) No 767/2008, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1726 and (EU) 2018/1861, and Council Decisions 2004/512/EC (32) and 2008/633/JHA (33) should be amended accordingly,