PURPOSE: to recast into a single Regulation:
LEGISLATIVE ACT: Regulation (EU) No 6°3/2013 of the European Parliament and of the Council on the establishment of 'Eurodac' for the comparison of fingerprints for the effective application of Regulation (EU) No 604/2013 establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person and on requests for the comparison with Eurodac data by Member States' law enforcement authorities and Europol for law enforcement purposes, and amending Regulation (EU) No 1077/2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (recast).
CONTENT: the European Parliament and the Council adopted a Regulation designed to recast the “EURODAC” Regulation.
This is the last text to be adopted in the context of the revision of the Community acquis in the area of asylum policy and the setting in place of a Common European Asylum System.
The main points covered by this revision may be summarised as follows:
Objective of EURODAC: as previously, EURODAC shall assist in determining which Member State is to be responsible pursuant to Regulation (EU) No 604/2013 for examining an application for international protection lodged in a Member State by a third-country national or a stateless person. The Regulation also lays down the conditions under which Member States' designated authorities and the European Police Office (Europol) may request the comparison of fingerprint data with those stored in the Central System for law enforcement purposes.
System architecture: the Regulation reiterates the main components of the existing EURODAC system which are:
The Agency shall be responsible for the operational management of EURODAC. EURODAC shall be functional 24 hours a day, 7 days a week.
Member States' designated authorities for law enforcement purposes: it is essential in the fight against terrorist offences and other serious criminal offences for the law enforcement authorities to have the fullest and most up-to-date information if they are to perform their tasks. To this end, the data in Eurodac should be available, subject to the strict conditions set out in this Regulation, for comparison by the designated authorities of Member States and the European Police Office (Europol). Member States shall designate the authorities that are authorised to request comparisons with Eurodac data. Designated authorities shall be authorities of the Member States which are responsible for the prevention, detection or investigation of terrorist offences or of other serious criminal offences but shall not include agencies or units exclusively responsible for intelligence relating to national security.
These authorities shall only have access to EURODAC in certain well-defined cases and when there exist good reasons to believe that the suspect of a terrorist or other serious criminal offence has applied for international protection. In any event, EURODAC may only be queried if there is an overriding public security concern, that is, if the act committed by the criminal or terrorist to be identified is so reprehensible that it justifies querying a database that registers persons with a clean criminal record.
Each Member State shall designate a single national authority or a unit of such an authority to act as its verifying authority. The verification authority shall act in complete independence of the designated authorities and ensure that the required conditions for requesting fingerprint comparisons with EURODAC data are respected. Only duly empowered staff of the verifying authority shall be authorised to receive and transmit a request for access to EURODAC.
Tasks devolved to Europol: Europol shall designate a specialised unit with duly empowered Europol officials to act as its verifying authority, which shall act independently of the designated authority when performing its tasks under this Regulation and shall not receive instructions from the designated authority as regards the outcome of the verification. The designated authority shall be an operating unit of Europol which is competent to collect, store, process, analyse and exchange information to support and strengthen action by Member States in preventing, detecting or investigating terrorist offences.
Collection, transmission and comparison of fingerprints: each Member State shall promptly take the fingerprints of all fingers of every applicant for international protection of at least 14 years of age and shall, as soon as possible and no later than 72 hours after the lodging of his or her application for international protection, transmit them to the Central System (this deadline may be extended in certain cases). The text lays down the procedure to be followed for the transmission and analysis of information transmitted to the Central System.
Data collected and the period for which they may be stored: the information recorded includes: (i) fingerprint; (ii) Member State of origin, place and date of asylum application; (iii) date on which the fingerprints were taken…
Each set of data shall be stored in the Central System for ten years from the date on which the fingerprints were taken. Thereafter, they shall be automatically erased from the Central System.
Advance data erasure: data relating to a person who has acquired citizenship of any Member State before expiry of the ten-year period shall be erased from the Central System as soon as the Member State of origin becomes aware that the person concerned has acquired such citizenship.
Comparison of fingerprints in the event of the irregular crossing of an external border of the Union: each Member State shall promptly take the fingerprints of all fingers of every third-country national or stateless person of at least 14 years of age who is apprehended by the competent control authorities in connection with the irregular crossing by land, sea or air of the border of that Member State. With a view to checking whether a third-country national or a stateless person found illegally staying within its territory has previously lodged an application for international protection in another Member State, a Member State may transmit to the Central System any fingerprint data relating to fingerprints which it may have taken of any such a person. Once the results of the comparison of fingerprint data have been transmitted to the Member State of origin, the record of the search shall be kept by the Central System only for the stipulated in the Regulation. Other than for those purposes, no other record of the search may be stored either by Member States or by the Central System.
Marking of data: the Member State of origin which granted international protection to an applicant for international protection whose data were previously recorded in the Central System pursuant to Article 11 shall mark the relevant data. That mark shall be stored in the Central System and the Central System shall inform all Member States of origin of the marking of data by another Member State of origin having produced a hit.
The data of beneficiaries of international protection stored in the Central System and marked shall be made available for comparison for a period of three years after the date on which the data subject was granted international protection. Thereafter, the Central System shall automatically block such data from being transmitted for law enforcement purposes, until their definitive erasure.
Procedure for comparison of fingerprint data for law enforcement purposes in exceptional cases of urgency: new rules have been introduced to make provision for the urgent transmission of data where there is a need to prevent an imminent danger associated with a terrorist offence or other serious criminal offence.
Conditions for access to EURODAC by designated authorities: it is stipulated that the comparison of EURODAC data may only take place if there are reasonable grounds to believe that the comparison would contribute significantly to the prevention or detection of criminal offences or to enquiries in their regard.
Equivalent provisions govern Europol’s access to EURODAC.
Quality of data transmitted: it is also stipulated that Member States shall ensure the transmission of fingerprint data of an appropriate quality for the purpose of comparison by means of the computerised fingerprint recognition system. The fact that it is temporarily or permanently impossible to take and/or to transmit fingerprint data, due to reasons such as insufficient quality of the data for appropriate comparison, technical problems, reasons linked to the protection of health or due to the data subject being unfit or unable to have his or her fingerprints taken owing to circumstances beyond his or her control, shall not adversely affect the examination of or the decision on the application for international protection lodged by that person.
Fingerprints shall be digitally processed by the Member States and transmitted in the data format referred to in Annex I of the Regulation. As far as necessary for the efficient operation of the Central System, the Agency shall establish the technical requirements for transmission of the data format by Member States to the Central System and vice versa.
Protection of personal date for law enforcement purposes: each Member State shall provide that the provisions adopted under national law implementing Framework Decision 2008/977/JHA are also applicable to the processing of personal data by its national authorities for the purposes of law enforcement. The monitoring of the lawfulness of the processing of personal data under this Regulation by the Member States shall be carried out by the designated national supervisory authorities. The European Data Protection Supervisor shall also play a role in this regard.
Provisions also exist for the appropriate protection of data, for their correction or erasure, and for their security before and during their transmission to the Central System.
Prohibition of transfers of data to third countries: personal data obtained by a Member State or Europol pursuant to this Regulation from the Central System shall not be transferred or made available to any third country, international organisation or private entity established in or outside the Union. Personal data which originated in a Member State and are exchanged between Member States following a hit obtained for the purposes of law enforcement shall not be transferred to third countries if there is a serious risk that as a result of such transfer the data subject may be subjected to torture, inhuman and degrading treatment or punishment or any other violation of his or her fundamental rights.
Penalties: Member States shall take the necessary measures to ensure that any processing of data entered in the Central System contrary to the purposes of EURODAC is punishable by penalties, including administrative and/or criminal penalties in accordance with national law, that are effective, proportionate and dissuasive.
Role of the Agency: a series of provisions have been introduced to ensure that Regulation (EU) No 1077/2011 establishing the Agency is brought into line with this revised EURODAC Regulation.
Report, follow-up and evaluation: by 20 July 2018 and every four years thereafter, the Commission shall produce an overall evaluation of EURODAC, examining the results achieved against objectives and the impact on fundamental rights, including whether law enforcement access has led to indirect discrimination against persons covered by this Regulation. The Commission shall transmit the evaluation to the European Parliament and the Council.
ENTRY INTO FORCE: 19.07.2013.
APPLICATION: this Regulation is applicable from 20.07.2015.
Regulation (EC) No 2725/2000 and Regulation (EC) No 407/2002 are repealed with effect from 20.07.2015.