The Committee on Civil Liberties, Justice and Home Affairs adopted the report by Agustín DÍAZ DE MERA GARCÍA CONSUEGRA (EPP, ES) on the proposal for a regulation of the European Parliament and of the Council establishing an Entry/Exit System (EES) to register entry and exit data and refusal of entry data of third country nationals crossing the external borders of the Member States of the European Union and determining the conditions for access to the EES for law enforcement purposes and amending Regulation (EC) No 767/2008 and Regulation (EU) No 1077/2011.
The committee recommended that the European Parliament’s position adopted at first reading, following the ordinary legislative procedure, should amend the Commission proposal as follows:
Subject matter: the amended text stipulated that the proposed Regulation establishes an 'Entry/Exit System' (EES) for the recording and storage of information on the date, time and place of entry and exit of third country nationals crossing the external borders of the Member States, for the calculation of the duration of their authorised stay, and for the generation of alerts to Member States when authorised periods for stay have expired as well as for the recording of the date, time and place of refusal of entry of third country nationals whose entry for a short stay {or on the basis of a touring visa} has been refused as well as the authority of the Member State which refused the entry and the reasons for refusal.
Scope: for the purposes of the prevention, detection and investigation of terrorist offences or of other serious criminal offences, this Regulation also lays down in its Chapter IV the conditions and limitations under which Member States' designated law enforcement authorities and the European Police Office (Europol) may obtain access for consultation of the EES.
Definitions: Members proposed to clarify the following terms:
- “designated law enforcement authorities” shall mean the authorities responsible for the prevention, detection or investigation of terrorist offences or of other serious criminal offences designated by the Member States;
- “touring visa” shall mean an authorisation issued by a Member State with a view to an intended stay in the territory of two or more Member States for a duration of 12 months in any 15 month period, provided that the applicant does not stay for more than 90 days in any 180 day period in the territory of the same Member State.
Purpose of the EES: the amended text stated that in order to facilitate border crossing for third-country nationals who frequently travel and have been pre-vetted, Member States may establish national facilitation programmes and connect them to the EES. The EES shall enable the national competent authorities to have access to information on previous short stays or refusals of entry for the purposes of the examination of applications for access to national facilitation programmes and the adoption of decisions.
Interoperability between the EES and the VIS and Europol: the idea of strengthened interoperability is outlined in a recital. Members also stipulated that access to the EES as a tool for the purpose of identifying an unknown suspect, perpetrator or suspected victim of a terrorist offence or other serious criminal offence shall be allowed where certain conditions are met and the consultation, as a matter of priority, of the data stored in the databases that are technically and legally accessible by Europol has not made it possible to verify the identity of the person concerned. Since fingerprint data of visa-holding third-country nationals are only stored in the VIS, a request for consultation of the VIS on the same data subject may be submitted in parallel to a request for consultation of the EES.
Development and operational management: according to the text, eu-LISA shall play an important role in the development and maintenance of the EES. It shall be the controller responsible for the security of the web service, for the security of the personal data it contains and the process to extract the personal data from the central system into the web service.
By developing and implementing the Central System, the National Uniform Interfaces, the Secure Communication Channel between the EES Central System and the VIS Central System, and the secure and encrypted Communication Infrastructure, eu-LISA shall:
- perform a risk assessment as part of the development of the EES;
- follow the principles of privacy by design and by default during the entire lifecycle of the system development;
- update the risk assessment for the VIS to take into account the new connection with the EES and follow up by implementing any additional security measures highlighted by the updated risk assessment.
Personal data for visa holders: the border authority shall create an individual file of the third country national subject to a visa requirement to cross the external borders by entering the following data:
- type and number of the travel document or documents and three letter code of the issuing country of the travel document or documents;
- the facial image with sufficient image resolution and quality to be used in automated biometric matching, where possible extracted electronically from the eMRTD or the VIS, and where this is not possible, taken live.
Where a visa holding third country national benefits from the national facilitation programme of a Member State, the Member State concerned may insert a notification in the individual file of that third country national specifying the national facilitation programme concerned.
According to Members, knowing whether a person has been pre-vetted and accepted to a national facilitation programme in one of the Member States would be a valuable piece of information to border guards.
Biometrics: the amended text stated that border guards shall, when capturing biometric data for the EES, fully respect human dignity, in particular in the event of difficulties encountered in the capturing of facial images or the taking of fingerprints.
Retention period for data storage: Members proposed that each entry/exit record or refusal of entry record linked to an individual file shall be stored in the EES Central System for two years (as opposed to the Commission’s five years) following the date of the exit record or of the refusal of entry record, as applicable.
Data protection: the report stressed that data retrieved from the EES may be kept in national files only where necessary in an individual case, in accordance with the purpose of the EES and relevant Union law, in particular on data protection, and for no longer than necessary in that individual case. A Member State may keep the alphanumeric data which that Member State entered into the EES, in accordance with the purposes of the EES in its national entry exit system in full respect of Union Law.
Reporting: the report noted that every quarter, eu-LISA shall publish statistics on the EES showing in particular the number, nationality, age, gender, duration of stay and border crossing point of entry of over stayers, of third country nationals who were refused entry, including the grounds for refusal, and of third country nationals whose stays were revoked or extended as well as the number of third country nationals exempt from the requirement to give fingerprints.
Lastly, Members suggested enhancing rules on reporting back to the Parliament and the Council during and after the development of the EES, including an obligatory update on budgetary and cost developments, to ensure full parliamentary scrutiny and oversight of the process and to minimise the risk of cost overruns and delays.