2017/0145(COD) - 09/10/2017 - European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice

European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice

2017/0145(COD) - 09/10/2017

Document attached to the procedure

Opinion of the European Data Protection Supervisor on the proposal for a Regulation on the eu-LISA.

As a reminder, the eu-LISA proposal is part of a wider process aimed at improving the management of external borders and strengthening internal security in the European Union to meet specific security challenges.

This Proposal aims mainly to entrust eu-LISA with:

the operational management of the existing and future large-scale IT systems in the area of freedom, security and justice;
developing some aspects of the interoperability of these systems;
carrying out research activities and pilot projects;
developing, managing and hosting a common IT system for a group of Member States opting on a voluntary basis for a centralised solution in implementing technical aspects of the EU legislation on decentralised systems in the area of freedom, security and justice.

The EDPS was consulted informally before the publication of the eu-LISA Proposal and he provided informal comments to the Commission, which were taken into account only partially.

In its capacity as eu-LISA's supervisory authority, the EDPS:

recommends that the eu-LISA Proposal is accompanied by a detailed impact assessment of the right to privacy and the right to data protection which are enshrined in the Charter of Fundamental Rights of the EU ;
recalled that there is currently no legal framework for the interoperability of EU large scale IT systems. Therefore eu-LISA could develop the implementing actions only if such legal framework is adopted. The EDPS proposes to delete current references related to interoperability in the eu-LISA Proposal;
has concerns regarding the possibility that eu-LISA could develop and host a common centralised solution for large scale IT systems which are in principle decentralised. The EDPS proposes to delete the provision allowing the change of the architecture of the system on a basis of the delegation agreement between eu-LISA and group of Member States.

In addition to the main concerns identified above, the recommendations of the EDPS relate to the following aspects of the eu-LISA Proposal: (i) statistics generated by the system; (ii) internal monitoring; (iii) Information Security Risk Management; (iv) roles of the EDPS and the Data Protection Officer.

Log in