Страницы: 1 2
необходимо, то по общему согласию определяются другие методы работы.
Каждые два года Европейскому парламенту, Совету, Комиссии и
управляющей инстанции направляется совместный отчет о проведенной
деятельности.
Статья 47
Защита данных на протяжении переходного периода
В случае, если на протяжении переходного периода Комиссия
согласно параграфу 4 статьи 15 делегирует свои обязанности другой
инстанции или другим инстанциям, то она заботится о том, чтобы
Европейский контролер по защите данных имел право и возможность в
полной мере выполнять свою задачу, включая проведение проверок на
месте, и осуществлять любые иные полномочия, которыми он наделен в
соответствии со статьей 47 Регламента (ЕС) N 45/2001 <*>.
--------------------------------
<*> См. выше, примечание к параграфу 1 статьи 45. - Прим. перев.
Глава VII. ОТВЕТСТВЕННОСТЬ И САНКЦИИ
Статья 48
Ответственность
1. Каждое государство-член согласно своему национальному праву
несет ответственность за любой ущерб, причиненный частному лицу в
результате эксплуатации Н. СИС II. То же самое имеет место в случае
причинения ущерба государством-членом, направившим информационный
запрос, если оно включило фактически неточные данные или незаконно
хранило данные.
2. Если иск предъявлен к государству-члену, которое не является
государством-членом, направившим информационный запрос, то последнее
должно возместить по требованию первого суммы, выплаченные в качестве
компенсации, кроме случаев, когда государство-член, предъявляющее
требование о возмещении, использовало данные в противоречии с
настоящим Регламентом.
3. Если несоблюдение государством-членом своих обязанностей на
основании настоящего Регламента наносит ущерб СИС II, то данное
государство-член признается ответственным за подобный ущерб, кроме
случаев, когда управляющая инстанция или другое участвующее в СИС II
государство-член не предприняли разумных мер по предотвращению ущерба
или смягчению его последствий.
Статья 49
Санкции
Государства-члены следят за тем, чтобы любое злоупотребление
данными, включенными в СИС II, или любой обмен дополнительной
информацией, противоречащий настоящему Регламенту, в соответствии с их
национальным правом подлежали санкциям, которые являются эффективными,
соразмерными и обладают предупредительным эффектом.
Глава VIII. ЗАКЛЮЧИТЕЛЬНЫЕ ПОЛОЖЕНИЯ
Статья 50
Контроль и статистический учет
1. Управляющая инстанция следит за тем, чтобы были введены в
действие процедуры контроля за функционированием СИС II с точки зрения
установленных целей, как в плане достигнутых результатов, так и в
плане соотношения "издержки - эффективность", безопасности и качества
службы.
2. В целях технического содержания, подготовки докладов и
статистического учета управляющая инстанция обладает доступом к
необходимой информации относительно проводимых в Центральной СИС II
операций по обработке.
3. Управляющая инстанция ежегодно публикует статистику,
отражающую количество записей по категориям информационных запросов,
количество положительных ответов по категориям информационных запросов
и количество случаев обращения к СИС II в целом и по каждому
государству-члену.
4. Через два года после введения в действие СИС II и каждые два
года впоследствии управляющая инстанция представляет Европейскому
парламенту и Совету доклад о техническом функционировании Центральной
СИС II и связующей инфраструктуры, в том числе об обеспечиваемой ею
безопасности, а также о двусторонних и многосторонних обменах
дополнительной информацией между государствами-членами.
5. Через три года после введения в действие СИС II и каждые
четыре года впоследствии Комиссия представляет доклад, содержащий
общую оценку Центральной СИС II, а также двусторонних и многосторонних
обменов дополнительной информацией между государствами-членами. Эта
общая оценка включает в себя анализ результатов, достигнутых с точки
зрения установленных целей, определяет, сохраняют ли свое значение
основополагающие принципы, подводит итог применению настоящего
Регламента в отношении Центральной СИС II и обеспечиваемой ею
безопасности, и делает отсюда выводы в отношении будущего
функционирования. Комиссия представляет оценочный доклад Европейскому
парламенту и Совету.
6. Государства-члены сообщают управляющей инстанции и Комиссии
информацию, необходимую для составления предусмотренных в параграфах
3, 4 и 5 докладов.
7. Управляющая инстанция предоставляет Комиссии информацию,
необходимую для подготовки предусмотренных в параграфе 5 общих оценок.
8. На протяжении переходного периода до начала исполнения
управляющей инстанцией своих обязанностей подготовка и представление
докладов, предусмотренных в параграфах 3 и 4, возлагается на Комиссию.
Статья 51
Комитет
1. Комиссии оказывает содействие комитет.
2. В случае, если сделана отсылка к настоящему параграфу, то
применяются статьи 5 и 7 Решения 1999/468/ЕС при соблюдении положений
статьи 8 последнего <*>.
--------------------------------
<*> Статья 5 Решения 1999/468/ЕС Совета от 28 июня 1999 г. об
установлении порядка осуществления исполнительных полномочий,
возлагаемых на Комиссию (см. пункт 22 преамбулы), закрепляет
"процедуру регулирования" (франц.: procedure de reglementation). В
рамках данной процедуры Комиссия для принятия любой меры, в принципе,
должна заручиться согласием компетентного комитета в составе
представителей государств-членов (национальных экспертов).
В случае негативного заключения комитета либо отсутствия такого
заключения право принятия или отклонения исполнительной меры переходит
к Совету. Однако если последний не воспользуется таким правом, то
Комиссия получает возможность самостоятельно вынести решение.
Во всех случаях Совет и компетентный комитет постановляют на
основе квалифицированного большинства с использованием метода
"взвешенного голосования".
Статьи 7 и 8 Решения 1999/468/ЕС содержат общие положения о
функционировании комитетов в составе представителей государств-членов.
- Прим. перев.
Срок, предусмотренный в параграфе 6 статьи 5 Решения 1999/468/ЕС,
устанавливается длительностью в три месяца <*>.
--------------------------------
<*> Срок, даваемый Совету на принятие или отклонение
исполнительной меры в случае отказа компетентного комитета одобрить ее
проект (см. предыдущее примечание). - Прим. перев.
3. Комитет осуществляет свои функции со дня вступления в силу
настоящего Регламента.
Статья 52
Изменение положений Шенгенских достижений
1. В сферах, подпадающих под действие Договора, настоящий
Регламент со дня, указанного в параграфе 2 статьи 55, заменяет
положения статей 92 - 119 Шенгенской конвенции, за исключением ее
статьи 102 bis <*>.
--------------------------------
<*> Статья 102 bis Шенгенской конвенции отменена и заменена
другим нормативным актом Европейского сообщества, принятым
одновременно с настоящим Регламентом: "Регламент (ЕС) N 1986/2006
Европейского парламента и Совета от 20 декабря 2006 г. о доступе служб
государств-членов, ответственных за регистрацию транспортных средств,
к Шенгенской информационной системе второго поколения (СИС II)" (JO L
381 du 28.12.2006, p. 1). - Прим. перев.
2. Со дня, указанного в параграфе 2 статьи 55, он также заменяет
следующие положения Шенгенских достижений, претворяющие в жизнь
вышеупомянутые статьи <*>:
--------------------------------
<*> JO L 239 du 22.9.2000, p. 439. - Прим. оригинала.
a) Решение Исполнительного комитета от 14 декабря 1993 г. о
Финансовом регламенте в отношении расходов по установке и
функционированию Шенгенской информационной системы (Ц. СИС)
(Sch/Com-ex (93) 16);
b) Решение Исполнительного комитета от 7 октября 1997 г. о
развитии СИС (Sch/Com-ex (97) 24);
c) Решение Исполнительного комитета от 15 декабря 1997 г. об
изменении Финансового регламента в отношении Ц. СИС (Sch/Com-ex (97)
35);
d) Решение Исполнительного комитета от 21 апреля 1998 г. о Ц. СИС
с 15/18 соединениями (Sch/Com-ex (98) 11);
e) Решение Исполнительного комитета от 28 апреля 1999 г. о
расходах на установку Ц. СИС (Sch/Com-ex (99) 4);
f) Решение Исполнительного комитета от 28 апреля 1999 г. о новой
редакции Руководства СИРЕНА (Sch/Com-ex (99) 5);
g) Декларация Исполнительного комитета от 18 апреля 1996 г. об
определении понятия иностранца (Sch/Com-ex (96) decl. 5);
h) Декларация Исполнительного комитета от 28 апреля 1999 г. о
структуре СИС (Sch/Com-ex (99) decl. 2 rev.);
i) Решение Исполнительного комитета от 7 октября 1997 г. об
участии Норвегии и Исландии в расходах по установке и функционированию
Ц. СИС (Sch/Com-ex (97) 18).
3. В сферах, подпадающих под действие Договора, ссылки на
замененные таким образом статьи Шенгенской конвенции и уместные
положения Шенгенских достижений, которые претворяют в жизнь эти
статьи, понимаются в качестве ссылок на настоящий Регламент.
Статья 53
Отмена
Регламент (ЕС) N 378/2004, Регламент (ЕС) N 871/2004, Решение
2005/451/ПВД, Решение 2005/728/ПВД и Решение 2006/628/ЕС отменяются со
дня, указанного в параграфе 2 статьи 55.
Статья 54
Переходный период и бюджет
1. Информационные запросы переводятся из СИС 1+ в СИС II.
Государства-члены, давая приоритет информационным запросам в отношении
лиц, заботятся о том, чтобы содержание информационных запросов,
которые переводятся из СИС 1+ в СИС II, как можно скорее и не позднее
трех лет со дня, указанного в параграфе 2 статьи 55, было приведено в
соответствие с положениями настоящего Регламента. На протяжении этого
переходного периода государства-члены могут продолжить применять
статьи 94 и 96 Шенгенской конвенции к содержанию информационных
запросов, которые переведены из СИС 1+ в СИС II, при условии
соблюдения следующих правил:
a) в случае если содержание информационного запроса,
переведенного из СИС 1+ в СИС II, подвергается изменению, дополнению,
исправлению или обновлению, то государства-члены заботятся о том,
чтобы данный информационный запрос соответствовал положениям
настоящего Регламента с момента упомянутого изменения, дополнения,
исправления или обновления;
b) в случае положительного ответа на информационный запрос,
переведенный из СИС 1+ в СИС II, государства-члены немедленно
проверяют его соответствие положениям настоящего Регламента, не
откладывая в то же время выполнение действий, которые требуется
предпринять на основании упомянутого информационного запроса.
2. Со дня, установленного в соответствии с параграфом 2 статьи
55, остатки бюджета, утвержденного согласно статье 119 Шенгенской
конвенции, возмещаются государствам-членам. Подлежащие возврату суммы
рассчитываются исходя из долей государств-членов в соответствии с
Решением Исполнительного комитета от 14 декабря 1993 г. о Финансовом
регламенте в отношении расходов по установке и функционированию
Шенгенской информационной системы.
3. На протяжении переходного периода, предусмотренного в
параграфе 4 статьи 15, под управляющей инстанцией понимается Комиссия.
Статья 55
Вступление в силу, применение и переход к от одной
системы к другой
1. Настоящий Регламент вступает на двадцатый день со дня его
опубликования в Официальном журнале Европейского Союза.
2. Он применяется к участвующим в СИС 1+ государствам-членам со
дней, которые будут установлены Советом, постановляя на основе
единогласия его членов, представляющих правительства участвующих в СИС
1+ государств-членов.
3. Указанные в параграфе 2 дни устанавливаются после того, как:
a) были приняты необходимые меры по применению <*>;
--------------------------------
<*> "Меры по применению" - акты Европейской комиссии, издаваемые
во исполнение настоящего Регламента в целях уточнения и/или дополнения
некоторых его положений. К указанным мерам относятся, в частности,
"Руководство СИРЕНА" (см. статью 7), "технические правила" в отношении
операций с данными СИС II (см. параграф 3 статьи 20), описание "особой
проверки качества" фотографий и отпечатков пальцев, включаемых в СИС
II (см. пункт "a" статьи 22). - Прим. перев.
b) все полностью участвующие в СИС 1+ государства-члены
проинформировали Комиссию о принятии ими технических мер и юридических
положений, необходимых для обработки данных СИС II и обмена
дополнительной информацией;
c) Комиссия объявила об успешном завершении всестороннего теста
СИС II, осуществляемого ею совместно с государствами-членами, а
подготовительные инстанции Совета официально одобрили результаты
предложенного теста и подтвердили, что уровень эффективности СИС II
является, как минимум, эквивалентным уровню, достигнутому СИС 1+;
d) Комиссия приняла необходимые технические меры, чтобы сделать
возможным подключение Центральной СИС II к Н. СИС II соответствующих
государств-членов.
4. Комиссия информирует Европейский парламент о результатах
тестов, проводимых согласно пункту "c" параграфа 3.
5. Любое решение Совета, принимаемое в соответствии с параграфом
2, публикуется в Официальном журнале Европейского Союза.
Настоящий Регламент является обязательным в полном объеме и
подлежит прямому применению в государствах-членах в соответствии с
Договором об учреждении Европейского сообщества.
Совершено в Брюсселе 20 декабря 2006 г.
(Подписи)
REGULATION (EC) No. 1987/2006
OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
ON THE ESTABLISHMENT, OPERATION AND USE OF THE SECOND
GENERATION SCHENGEN INFORMATION SYSTEM
(SIS II)
(Brussels, 20.XII.2006)
The European Parliament and the Council of the European Union,
Having regard to the Treaty establishing the European Community,
and in particular Articles 62 (2) (a), 63 (3) (b) and 66 thereof,
Having regard to the proposal from the Commission,
Acting in accordance with the procedure laid down in Article 251
of the Treaty <*>,
--------------------------------
<*> Opinion of the European Parliament of 25 October 2006 (not
yet published in the Official Journal) and Council Decision of 19
December 2006 (not yet published in the Official Journal).
Whereas:
(1) The Schengen Information System ("SIS") set up pursuant to
the provisions of Title IV of the Convention of 19 June 1990
implementing the Schengen Agreement of 14 June 1985 between the
governments of the States of the Benelux Economic Union, the Federal
Republic of Germany and the French Republic on the gradual abolition
of checks at their common borders <*> (the "Schengen Convention"), and
its development, SIS 1+, constitute an essential tool for the
application of the provisions of the Schengen acquis as integrated
into the framework of the European Union.
--------------------------------
<*> OJ L 239, 22.9.2000, p. 19. Convention as last amended by
Regulation (EC) No. 1160/2005 (OJ L 191, 22.7.2005, p. 18).
(2) The development of the second generation of SIS ("SIS II")
has been entrusted to the Commission pursuant to Council Regulation
(EC) No. 2424/2001 <*> and Council Decision 2001/886/JHA <**> of 6
December 2001 on the development of the second generation Schengen
Information System (SIS II). SIS II will replace SIS as created
pursuant to the Schengen Convention.
--------------------------------
<*> OJ L 328, 13.12.2001, p. 4.
<**> OJ L 328, 13.12.2001, p. 1.
(3) This Regulation constitutes the necessary legislative basis
for governing SIS II in respect of matters falling within the scope of
the Treaty establishing the European Community (the "Treaty"). Council
Decision 2006/000/JHA of... on the establishment, operation and use of
the second generation Schengen Information System (SIS II) <*>
constitutes the necessary legislative basis for governing SIS II in
respect of matters falling within the scope of the Treaty on European
Union.
--------------------------------
<*> OJ L...
(4) The fact that the legislative basis necessary for governing
SIS II consists of separate instruments does not affect the principle
that SIS II constitutes one single information system that should
operate as such. Certain provisions of these instruments should
therefore be identical.
(5) SIS II should constitute a compensatory measure contributing
to maintaining a high level of security within the area of freedom,
security and justice of the European Union by supporting the
implementation of policies linked to the movement of persons that are
part of the Schengen acquis, as integrated into Title IV of Part Three
of the Treaty.
(6) It is necessary to specify the objectives of SIS II, its
technical architecture and financing, to lay down rules concerning its
operation and use and to define responsibilities, the categories of
data to be entered into the system, the purposes for which the data
are to be entered, the criteria for their entry, the authorities
authorised to access the data, the interlinking of alerts and further
rules on data processing and the protection of personal data.
(7) SIS II is to include a central system (Central SIS II) and
national applications. The expenditure involved in the operation of
Central SIS II and related communication infrastructure should be
charged to the general budget of the European Union.
(8) It is necessary to establish a manual setting out the
detailed rules for the exchange of certain supplementary information
concerning the action called for by alerts. National authorities in
each Member State should ensure the exchange of this information.
(9) For a transitional period, the Commission should be
responsible for the operational management of Central SIS II and of
parts of the communication infrastructure. However, in order to ensure
a smooth transition to SIS II, it may delegate some or all of these
responsibilities to two national public sector bodies. In the long
term, and following an impact assessment containing a substantive
analysis of alternatives from a financial, operational and
organisational perspective, and legislative proposals from the
Commission, a management authority with responsibility for these tasks
should be established. The transitional period should last for no more
than five years from the date from which this Regulation applies.
(10) SIS II is to contain alerts for the purpose of refusing
entry or stay. It is necessary to further consider harmonising the
provisions on the grounds for issuing alerts concerning third-country
nationals for the purpose of refusing entry or stay and to clarifying
their use in the framework of asylum, immigration and return policies.
Therefore, the Commission should review, three years after the date
from which this Regulation applies, the provisions on the objectives
of and conditions for issuing alerts for the purpose of refusing entry
or stay.
(11) Alerts for the purpose of refusing entry or stay should not
be kept longer in SIS II than the time required to fulfil the purposes
for which they were supplied. As a general principle, they should be
automatically erased from SIS II after a period of three years. Any
decision to keep an alert for a longer period should be based on a
comprehensive individual assessment. Member States should review these
alerts within this three-year period and keep statistics about the
number of alerts the retention period of which has been extended.
(12) SIS II should permit the processing of biometric data in
order to assist in the reliable identification of the individuals
concerned. In the same perspective SIS II should also allow for the
processing of data concerning individuals whose identity has been
misused in order to avoid inconveniences caused by their
misidentification, subject to suitable safeguards, in particular the
consent of the individual concerned and a strict limitation of the
purposes for which such data can be lawfully processed.
(13) It should be possible for Member States to establish links
between alerts in SIS II. The establishment by a Member State of links
between two or more alerts should have no impact on the action to be
taken, their retention period or the access rights to the alerts.
(14) Data processed in SIS II in application of this Regulation
should not be transferred or made available to third countries or to
international organisations.
(15) Directive 95/46/EC of the European Parliament and the
Council of 24 October 1995 on the protection of individuals with
regard to the processing of personal data and on the free movement of
such data <*> applies to the processing of personal data carried out
in application of this Regulation. This includes the designation of
the controller and the possibility for Member States to provide for
exemptions and restrictions to some of the rights and obligations
provided for in that Directive including the rights of access and
information of the individual concerned. The principles set out in
Directive 95/46/EC should be supplemented or clarified in this
Regulation, where necessary.
--------------------------------
<*> OJ L 281, 23.11.1995, p. 31.
(16) Regulation (EC) No. 45/2001 of the European Parliament and
of the Council of 18 December 2000 on the protection of individuals
with regard to the processing of personal data by the Community
institutions and bodies and on the free movement of such data <*>, and
in particular the provisions thereof concerning confidentiality and
security of processing, apply to the processing of personal data by
the Community institutions or bodies when carrying out their
responsibilities in the operational management of SIS II. The
principles set out in Regulation (EC) No. 45/2001 should be
supplemented or clarified in this Regulation, where necessary.
--------------------------------
<*> OJ L 8, 12.1.2001, p. 1.
(17) Insofar as confidentiality is concerned, the relevant
provisions of the Staff Regulations of Officials of the European
Communities and the conditions of employment of other servants of the
European Communities should apply to officials or other servants
employed and working in connection with SIS II.
(18) It is appropriate that national supervisory authorities
monitor the lawfulness of the processing of personal data by the
Member States, whilst the European Data Protection Supervisor,
appointed pursuant to Decision 2004/55/EC of the European Parliament
and of the Council of 22 December 2003 appointing the independent
supervisory body provided for in Article 286 of the EC Treaty <*>,
should monitor the activities of the Community institutions and bodies
in relation to the processing of personal data in view of the limited
tasks of the Community institutions and bodies with regard to the data
themselves.
--------------------------------
<*> OJ L 12, 17.1.2004, p. 47.
(19) Both the Member States and the Commission should draw up a
security plan in order to facilitate the implementation of security
obligations and should cooperate with each other in order to address
security issues from a common perspective.
(20) In order to ensure transparency, a report on the technical
functioning of Central SIS II and the communication infrastructure,
including its security, and on the exchange of supplementary
information should be produced every two years by the Commission or,
when it is established, the management authority. An overall
evaluation should be issued by the Commission every four years.
(21) Certain aspects of SIS II, such as technical rules on
entering data, including data required for entering an alert,
updating, deleting and searching data, rules on compatibility and
priority of alerts, links between alerts and the exchange of
supplementary information cannot, owing to their technical nature,
level of detail and need for regular updating, be covered exhaustively
by the provisions of this Regulation. Implementing powers in respect
of those aspects should therefore be delegated to the Commission.
Technical rules on searching alerts should take into account the
smooth operation of national applications. Subject to an impact
assessment by the Commission, it should be decided to what extent the
implementing measures could be the responsibility of the management
authority, once it is set up.
(22) The measures necessary for the implementation of this
Regulation should be adopted in accordance with Council Decision
1999/468/EC of 28 June 1999 laying down the procedures for the
exercise of implementing powers conferred on the Commission <*>.
--------------------------------
<*> OJ L 184, 17.7.1999, p. 23. Decision as amended by Decision
2006/512/EC (OJ L 200, 22.7.2006, p. 11).
(23) It is appropriate to lay down transitional provisions in
respect of alerts issued in SIS 1+ which are to be transferred to SIS
II. Some provisions of the Schengen acquis should continue to apply
for a limited period of time until the Member States have examined the
compatibility of those alerts with the new legal framework. The
compatibility of alerts on persons should be examined as a matter of
priority. Furthermore, any modification, addition, correction or
update of an alert transferred from SIS 1+ to SIS II, as well as any
hit on such an alert, should trigger an immediate examination of its
compatibility with the provisions of this Regulation.
(24) It is necessary to lay down specific provisions regarding
the part of the budget earmarked for operations of SIS which is not
part of the general budget of the European Union.
(25) Since the objectives of the action to be taken, namely the
establishment and regulation of a joint information system, cannot be
sufficiently achieved by the Member States and can therefore, by
reason of the scale and effects of the action, be better achieved at
Community level, the Community may adopt measures in accordance with
the principle of subsidiarity, as set out in Article 5 of the Treaty.
In accordance with the principle of proportionality, as set out in
that Article, this Regulation does not go beyond what is necessary to
achieve those objectives.
(26) This Regulation respects the fundamental rights and observes
the principles recognised in particular by the Charter of Fundamental
Rights of the European Union.
(27) In accordance with Articles 1 and 2 of the Protocol on the
position of Denmark annexed to the Treaty on European Union and the
Treaty establishing the European Community, Denmark does not take part
in the adoption of this Regulation and is not bound by it or subject
to its application. Given that this Regulation builds upon the
Schengen acquis under the provisions of Title IV of Part Three of the
Treaty, Denmark shall, in accordance with Article 5 of the said
Protocol, decide within a period of six months after date of the
adoption of this Regulation whether it will transpose it in its
national law.
(28) This Regulation constitutes a development of provisions of
the Schengen acquis in which the United Kingdom does not take part, in
accordance with Council Decision 2000/365/EC of 29 May 2000 concerning
the request of the United Kingdom of Great Britain and Northern
Ireland to take part in some of the provisions of the Schengen acquis
<*>. The United Kingdom is therefore not taking part in its adoption
and is not bound by it or subject to its application.
--------------------------------
<*> OJ L 131, 1.6.2000, p. 43.
(29) This Regulation constitutes a development of provisions of
the Schengen acquis in which Ireland does not take part, in accordance
with Council Decision 2002/192/EC of 28 February 2002 concerning
Ireland`s request to take part in some of the provisions of the
Schengen acquis <*>. Ireland is therefore not taking part in its
adoption and is not bound by it or subject to its application.
--------------------------------
<*> OJ L 64, 7.3.2002, p. 20.
(30) This Regulation is without prejudice to the arrangements for
the United Kingdom`s and Ireland`s partial participation in the
Schengen acquis as defined in Decision 2000/365/EC and Decision
2002/192/EC respectively.
(31) As regards Iceland and Norway, this Regulation constitutes a
development of provisions of the Schengen acquis within the meaning of
the Agreement concluded by the Council of the European Union and the
Republic of Iceland and the Kingdom of Norway concerning the
association of those two States with the implementation, application
and development of the Schengen acquis <*>, which fall within the area
referred to in Article 1, point G, of Council Decision 1999/437/EC of
17 May 1999 <**> on certain arrangements for the application of that
Agreement.
--------------------------------
<*> OJ L 176, 10.7.1999, p. 36.
<**> OJ L 176, 10.7.1999, p. 31.
(32) An arrangement should be made to allow representatives of
Iceland and Norway to be associated with the work of committees
assisting the Commission in the exercise of its implementing powers.
Such an arrangement has been contemplated in the Exchanges of Letters
between the Council of the European Union and the Republic of Iceland
and the Kingdom of Norway concerning committees which assist the
European Commission in the exercise of its executive powers <*>,
annexed to the abovementioned Agreement.
--------------------------------
<*> OJ L 176, 10.7.1999, p. 53.
(33) As regards Switzerland, this Regulation constitutes a
development of provisions of the Schengen acquis within the meaning of
the Agreement signed between the European Union, the European
Community and the Swiss Confederation concerning the association of
the Swiss Confederation with the implementation, application and
development of the Schengen acquis, which fall within the area
referred to in Article 1, point G, of Decision 1999/437/EC read in
conjunction with Article 4 (1) of Council Decisions 2004/849/EC <*>
and 2004/860/EC <**>.
--------------------------------
<*> Council Decision 2004/849/ECof 25 October 2004 on the
signing, on behalf of the European Union, and on the provisional
application of certain provisions of the Agreement between the
European Union, the European Community and the Swiss Confederation
concerning the Swiss Confederation`s association with the
implementation, application and development of the Schengen acquis (OJ
L 368, 15.12.2004, p. 26).
<**> Council Decision 2004/860/EC of 25 October 2004 on the
signing, on behalf of the European Community, and on the provisional
application of certain provisions of the Agreement between the
European Union, the European Community and the Swiss Confederation,
concerning the Swiss Confederation`s association with the
implementation, application and development of the Schengen acquis (OJ
L 370, 17.12.2004, p. 78).
(34) An arrangement should be made to allow representatives of
Switzerland to be associated with the work of committees assisting the
Commission in the exercise of its implementing powers. Such an
arrangement has been contemplated in the Exchange of Letters between
the Community and Switzerland, annexed to the abovementioned
Agreement.
(35) This Regulation constitutes an act building on the Schengen
acquis or otherwise related to it within the meaning of Article 3 (2)
of the 2003 Act of Accession.
(36) This Regulation should apply to the United Kingdom and
Ireland on dates determined in accordance with the procedures set out
in the relevant instruments concerning the application of the Schengen
acquis to those States,
Have adopted this Regulation:
Chapter I. GENERAL PROVISIONS
Article 1
Establishment and general purpose of SIS II
1. A second generation Schengen Information System ("SIS II") is
hereby established.
2. The purpose of SIS II shall be, in accordance with this
Regulation, to ensure a high level of security within the area of
freedom, security and justice of the European Union, including the
maintenance of public security and public policy and the safeguarding
of security in the territories of the Member States, and to apply the
provisions of Title IV of Part Three of the Treaty relating to the
movement of persons in their territories, using information
communicated via this system.
Article 2
Scope
1. This Regulation establishes the conditions and procedures for
the entry and processing in SIS II of alerts in respect of
third-country nationals, the exchange of supplementary information and
additional data for the purpose of refusing entry into, or a stay in,
a Member State.
2. This Regulation also lays down provisions on the technical
architecture of SIS II, the responsibilities of the Member States and
of the management authority referred to in Article 15, general data
processing, the rights of the persons concerned and liability.
Article 3
Definitions
For the purposes of this Regulation, the following definitions
shall apply:
(a) "alert" means a set of data entered in SIS II allowing the
competent authorities to identify a person with a view to taking
specific action;
(b) "supplementary information" means information not stored in
SIS II, but connected to SIS II alerts, which is to be exchanged:
(i) in order to allow Member States to consult or inform each
other when entering an alert;
(ii) following a hit, in order to allow the appropriate action to
be taken;
(iii) when the required action cannot be taken;
(iv) when dealing with the quality of SIS II data;
(v) when dealing with the compatibility and priority of alerts;
(vi) when dealing with rights of access;
(c) "additional data" means the data stored in SIS II and
connected with SIS II alerts which are to be immediately available to
the competent authorities where a person in respect of whom data has
been entered in SIS II is located as a result of searches made
therein;
(d) "third-country national" means any individual who is neither:
(i) a citizen of the European Union within the meaning of Article
17 (1) of the Treaty;
nor
(ii) a national of a third country who, under agreements between
the Community and its Member States on the one hand, and these
countries, on the other, enjoys rights of free movement equivalent to
those of citizens of the European Union;
(e) "personal data" means any information relating to an
identified or identifiable natural person ("data subject"); an
identifiable person is one who can be identified, directly or
indirectly;
(f) "processing of personal data" ("processing") means any
operation or set of operations which is performed upon personal data,
whether or not by automatic means, such as collection, recording,
organisation, storage, adaptation or alteration, retrieval,
consultation, use, disclosure by transmission, dissemination or
otherwise making available, alignment or combination, blocking,
erasure or destruction.
Article 4
Technical architecture and ways of operating SIS II
1. SIS II shall be composed of:
(a) a central system ("Central SIS II") composed of:
- a technical support function ("CS-SIS") containing a database,
the "SIS II database";
- a uniform national interface ("NI-SIS");
(b) a national system (the "N.SIS II") in each of the Member
States, consisting of the national data systems which communicate with
Central SIS II. An N.SIS II may contain a data file (a "national
copy"), containing a complete or partial copy of the SIS II database;
(c) a communication infrastructure between CS-SIS and NI-SIS (the
"Communication Infrastructure") that provides an encrypted virtual
network dedicated to SIS II data and the exchange of data between
SIRENE Bureaux as referred to in Article 7 (2).
2. SIS II data shall be entered, updated, deleted and searched
via the various N.SIS II systems. A national copy shall be available
for the purpose of carrying out automated searches in the territory of
each of the Member States using such a copy. It shall not be possible
to search the data files of other Member States` N.SIS II.
3. CS-SIS, which performs technical supervision and
administration functions, shall be located in Strasbourg (France) and
a backup CS-SIS, capable of ensuring all functionalities of the
principal CS-SIS in the event of failure of this system, shall be
located in Sankt Johann im Pongau (Austria).
4. CS-SIS shall provide the services necessary for the entry and
processing of SIS II data, including searches in the SIS II database.
For the Member States which use a national copy, CS-SIS shall:
(a) provide the on-line update of the national copies;
(b) ensure the synchronisation of and consistency between the
national copies and the SIS II database;
(c) provide the operations for initialisation and restoration of
the national copies.
Article 5
Costs
1. The costs of setting up, operating and maintaining Central SIS
II and the Communication Infrastructure shall be borne by the general
budget of the European Union.
2. These costs shall include work done with respect to CS-SIS
that ensures the provision of the services referred to in Article 4
(4).
3. The costs of setting up, operating and maintaining each N.SIS
II shall be borne by the Member State concerned.
Chapter II. RESPONSIBILITIES OF THE MEMBER STATES
Article 6
National systems
Each Member State shall be responsible for setting up, operating
and maintaining its N.SIS II and connecting its N.SIS II to NI-SIS.
Article 7
N.SIS II Office and SIRENE Bureau
1. Each Member State shall designate an authority (the "N.SIS II
Office"), which shall have central responsibility for its N.SIS II.
That authority shall be responsible for the smooth operation and
security of the N.SIS II, shall ensure the access of the competent
authorities to SIS II and shall take the necessary measures to ensure
compliance with the provisions of this Regulation. Each Member State
shall transmit its alerts via its N.SIS II Office.
2. Each Member State shall designate the authority which shall
ensure the exchange of all supplementary information (the "SIRENE
Bureau") in accordance with the provisions of the SIRENE Manual, as
referred to in Article 8.
Those Bureaux shall also coordinate the verification of the
quality of the information entered in the SIS II. For those purposes,
they shall have access to the data processed in SIS II.
3. The Member States shall inform the management authority of
their N.SIS II Office and of their SIRENE Bureau. The management
authority shall publish the list of them together with the list
referred to in Article 31 (8).
Article 8
Exchange of supplementary information
1. Supplementary information shall be exchanged in accordance
with the provisions of the "SIRENE Manual" and using the communication
infrastructure. Should the communication infrastructure be
unavailable, Member States may use other adequately secured technical
means for exchanging supplementary information.
2. Supplementary information shall be used only for the purpose
for which it was transmitted.
3. Requests for supplementary information made by a Member State
shall be answered as soon as possible.
4. Detailed rules for the exchange of supplementary information
shall be adopted in accordance with the procedure referred to in
Article 51 (2) in the form of the SIRENE Manual, without prejudice to
the provisions of the instrument setting up the management authority.
Article 9
Technical compliance
1. To ensure the prompt and effective transmission of data, each
Member State shall observe, when setting up its N.SIS II, the
protocols and technical procedures established to ensure the
compatibility of its N.SIS II with CS-SIS. Those protocols and
technical procedures shall be established in accordance with the
procedure referred to in Article 51 (2), without prejudice to the
provisions of the instrument setting up the management authority.
2. If a Member State uses a national copy it shall ensure, by
means of the services provided by CS-SIS, that data stored in the
national copy are, by means of the automatic updates referred to in
Article 4 (4), identical to and consistent with the SIS II database,
and that a search in its national copy produces a result equivalent to
that of a search in the SIS II database.
Article 10
Security - Member States
1. Each Member State shall, in relation to its N.SIS II, adopt
the necessary measures, including a security plan, in order to:
(a) physically protect data, including by making contingency
plans for the protection of critical infrastructure;
(b) deny unauthorised persons access to data-processing
facilities used for processing personal data (facilities access
control);
(c) prevent the unauthorised reading, copying, modification or
removal of data media (data media control);
(d) prevent the unauthorised input of data and the unauthorised
inspection, modification or deletion of stored personal data (storage
control);
(e) prevent the use of automated data-processing systems by
unauthorised persons using data communication equipment (user
control);
(f) ensure that persons authorised to use an automated
data-processing system have access only to the data covered by their
access authorisation, by means of individual and unique user
identities and confidential access modes only (data access control);
(g) ensure that all authorities with a right of access to SIS II
or to the data processing facilities create profiles describing the
functions and responsibilities of persons who are authorised to
access, enter, update, delete and search the data and make these
profiles available to the national supervisory authorities referred to
in Article 44 (1) without delay upon their request (personnel
profiles);
(h) ensure that it is possible to verify and establish to which
bodies personal data may be transmitted using data communication
equipment (communication control);
(i) ensure that it is subsequently possible to verify and
establish which personal data have been input into automated
data-processing systems, when, by whom and for what purpose the data
were input (input control);
(j) prevent the unauthorised reading, copying, modification or
deletion of personal data during transfers of personal data or during
transportation of data media, in particular by means of appropriate
encryption techniques (transport control);
(k) monitor the effectiveness of the security measures referred
to in this paragraph and take the necessary organisational measures
related to internal monitoring to ensure compliance with this
Regulation (self-auditing).
2. Member States shall take measures equivalent to those referred
to in paragraph 1 as regards security in respect of the exchange of
supplementary information.
Article 11
Confidentiality - Member States
Each Member State shall apply its rules of professional secrecy
or other equivalent duties of confidentiality to all persons and
bodies required to work with SIS II data and supplementary
information, in accordance with its national legislation. This
obligation shall also apply after those people leave office or
employment or after the termination of the activities of those bodies.
Article 12
Keeping of records at national level
1. Member States not using national copies shall ensure that
every access to and all exchanges of personal data within CS-SIS are
recorded in their N.SIS II for the purposes of checking whether or not
a search is lawful, monitoring the lawfulness of data processing,
self-monitoring and ensuring the proper functioning of N.SIS II, data
integrity and security.
2. Member States using national copies shall ensure that every
access to and all exchanges of SIS II data are recorded for the
purposes mentioned in paragraph 1. This does not apply to the
processes referred to in Article 4 (4).
3. The records shall show, in particular, the history of the
alerts, the date and time of the data transmission, the data used to
perform a search, a reference to the data transmitted and the name of
both the competent authority and the person responsible for processing
the data.
4. The records may be used only for the purpose mentioned in
paragraph 1 and 2 and shall be deleted at the earliest one year, and
at the latest three years, after their creation. The records which
include the history of alerts shall be erased one to three years after
deletion of the alerts.
5. Records may be kept longer if they are required for monitoring
procedures that are already under way.
6. The competent national authorities in charge of checking
whether or not searches are lawful, monitoring the lawfulness of data
processing, self-monitoring and ensuring the proper functioning of
N.SIS II, data integrity and security, shall have access, within the
limits of their competence and at their request, to these records for
the purpose of fulfilling their duties.
Article 13
Self-monitoring
Member States shall ensure that each authority entitled to access
SIS II data takes the measures necessary to comply with this
Regulation and cooperates, where necessary, with the national
supervisory authority.
Article 14
Staff training
Before being authorised to process data stored in SIS II, the
staff of the authorities having a right to access SIS II shall receive
appropriate training about data-security and data-protection rules and
shall be informed of any relevant criminal offences and penalties.
Chapter III. RESPONSIBILITIES OF THE MANAGEMENT AUTHORITY
Article 15
Operational management
1. After a transitional period, a management authority (the
"Management Authority"), funded from the general budget of the
European Union, shall be responsible for the operational management of
Central SIS II. The Management Authority shall ensure, in cooperation
with the Member States, that at all times the best available
technology, subject to a cost-benefit analysis, is used for Central
SIS II.
2. The Management Authority shall also be responsible for the
following tasks relating to the Communication Infrastructure:
(a) supervision;
(b) security;
(c) the coordination of relations between the Member States and
the provider.
3. The Commission shall be responsible for all other tasks
relating to the Communication Infrastructure, in particular:
(a) tasks relating to implementation of the budget;
(b) acquisition and renewal;
(c) contractual matters.
4. During a transitional period before the Management Authority
takes up its responsibilities, the Commission shall be responsible for
the operational management of Central SIS II. The Commission may
delegate that task and tasks relating to implementation of the budget,
in accordance with the Council Regulation (EC, Euratom) No. 1605/2002
of 25 June 2002 on the Financial Regulation applicable to the general
budget of the European Communities <*>, to national public-sector
bodies, in two different countries.
--------------------------------
<*> OJ L 248, 16.9.2002, p. 1.
5. Each national public-sector body referred to in paragraph 4
shall meet the following selection criteria:
(a) it must demonstrate that it has lengthy experience in
operating a large-scale information system with the functionalities
referred to in Article 4 (4);
(b) it must have considerable expertise in the service and
security requirements of an information system with functionalities
comparable to those referred to in Article 4 (4);
(c) it must have sufficient and experienced staff with the
appropriate professional expertise and linguistic skills to work in an
international cooperation environment such as that required by SIS II;
(d) it must have a secure and custom-built facility
infrastructure able, in particular, to back-up and guarantee the
continuous functioning of large-scale IT systems;
and
(e) its administrative environment must allow it to implement its
tasks properly and avoid any conflict of interests.
6. Prior to any delegation as referred to in paragraph 4 and at
regular intervals thereafter, the Commission shall inform the European
Parliament and the Council of the terms of the delegation, its precise
scope, and the bodies to which tasks are delegated.
7. Where the Commission delegates its responsibility during the
transitional period pursuant to paragraph 4, it shall ensure that this
delegation fully respects the limits set by the institutional system
laid out in the Treaty. It shall ensure, in particular, that this
delegation does not adversely affect any effective control mechanism
under Community law, whether of the Court of Justice, the Court of
Auditors or the European Data Protection Supervisor.
8. Operational management of Central SIS II shall consist of all
the tasks necessary to keep Central SIS II functioning 24 hours a day,
7 days a week in accordance with this Regulation, in particular the
maintenance work and technical developments necessary for the smooth
running of the system.
Article 16
Security
1. The Management Authority, in relation to Central SIS II, and
the Commission, in relation to the Communication Infrastructure, shall
adopt the necessary measures, including a security plan, in order to:
(a) physically protect data, including by making contingency
plans for the protection of critical infrastructure;
(b) deny unauthorised persons access to data-processing
facilities used for processing personal data (facilities access
control);
(c) prevent the unauthorised reading, copying, modification or
removal of data media (data media control);
(d) prevent the unauthorised input of data and the unauthorised
inspection, modification or deletion of stored personal data (storage
control);
(e) prevent the use of automated data-processing systems by
unauthorised persons using data communication equipment (user
control);
(f) ensure that persons authorised to use an automated
data-processing system have access only to the data covered by their
access authorisation by means of individual and unique user identities
and confidential access modes only (data access control);
(g) create profiles describing the functions and responsibilities
of persons who are authorised to access the data or the data
processing facilities and make these profiles available to the
European Data Protection Supervisor referred to in Article 45 without
delay upon its request (personnel profiles);
(h) ensure that it is possible to verify and establish to which
bodies personal data may be transmitted using data communication
equipment (communication control);
(i) ensure that it is subsequently possible to verify and
establish which personal data have been input into automated
data-processing systems, when and by whom the data were input (input
control);
(j) prevent the unauthorised reading, copying, modification or
deletion of personal data during transfers of personal data or during
transportation of data media in particular by means of appropriate
encryption techniques (transport control);
(k) monitor the effectiveness of the security measures referred
to in this paragraph and take the necessary organisational measures
related to internal monitoring to ensure compliance with this
Regulation (self-auditing).
2. The Management Authority shall take measures equivalent to
those referred to in paragraph 1 as regards security in respect of the
exchange of supplementary information through the Communication
Infrastructure.
Article 17
Confidentiality - Management Authority
1. Without prejudice to Article 17 of the Staff Regulations of
Officials of the European Communities, the Management Authority shall
apply appropriate rules of professional secrecy or other equivalent
duties of confidentiality of a comparable standard to those provided
in Article 11 of this Regulation to all its staff required to work
with SIS II data. This obligation shall also apply after those people
leave office or employment or after the termination of their
activities.
2. The Management Authority shall take measures equivalent to
those referred to in paragraph 1 as regards confidentiality in respect
of the exchange of supplementary information through the Communication
Infrastructure.
Article 18
Keeping of records at central level
1. The Management Authority shall ensure that every access to and
all exchanges of personal data within CS-SIS are recorded for the
purposes mentioned in Article 12 (1) and (2).
2. The records shall show, in particular, the history of the
alerts, the date and time of the data transmitted, the data used to
perform searches, the reference to the data transmitted and the name
of the competent authority responsible for processing the data.
3. The records may only be used for the purpose mentioned in
paragraph 1 and shall be deleted at the earliest one year, and at the
latest three years, after their creation. The records which include
the history of alerts shall be erased one to three years after
deletion of the alerts.
4. Records may be kept longer if they are required for monitoring
procedures that are already under way.
5. The competent authorities in charge of checking whether a
search is lawful, monitoring the lawfulness of data processing,
self-monitoring and ensuring the proper functioning of CS-SIS, data
integrity and security, shall have access, within the limits of their
competence and at their request, to those records for the purpose of
fulfilling their tasks.
Article 19
Information campaign
The Commission shall, in cooperation with the national
supervisory authorities and the European Data Protection Supervisor,
accompany the start of the operation of SIS II with an information
campaign informing the public about the objectives, the data stored,
the authorities having access and the rights of persons. After its
establishment, the Management Authority, in cooperation with the
national supervisory authorities and the European Data Protection
Supervisor, shall repeat such campaigns regularly. Member States
shall, in cooperation with their national supervisory authorities,
devise and implement the necessary policies to inform their citizens
about SIS II generally.
Chapter IV. ALERTS ISSUED IN RESPECT OF THIRD-COUNTRY
NATIONALS FOR THE PURPOSE OF REFUSING ENTRY AND STAY
Article 20
Categories of data
1. Without prejudice to Article 8 (1) or the provisions of this
Regulation providing for the storage of additional data, SIS II shall
contain only those categories of data which are supplied by each of
the Member States, as required for the purposes laid down in Article
24.
2. The information on persons in relation to whom an alert has
been issued shall be no more than the following:
(a) surname(s) and forename(s), name(s) at birth and previously
used names and any aliases, which may be entered separately;
(b) any specific, objective, physical characteristics not subject
to change;
(c) place and date of birth;
(d) sex;
(e) photographs;
(f) fingerprints;
(g) nationality(ies);
(h) whether the person concerned is armed, violent or has
escaped;
(i) reason for the alert;
(j) authority issuing the alert;
(k) a reference to the decision giving rise to the alert;
(l) action to be taken;
(m) link(s) to other alerts issued in SIS II in accordance with
Article 37.
3. The technical rules necessary for entering, updating, deleting
and searching the data referred to in paragraph 2 shall be established
in accordance with the procedure referred to in Article 51 (2),
without prejudice to the provisions of the instrument setting up the
Management Authority.
4. The technical rules necessary for searching the data referred
to in paragraph 2 shall be similar for searches in CS-SIS, in national
copies and in technical copies, as referred to in Article 31 (2).
Article 21
Proportionality
Before issuing an alert, Member States shall determine whether
the case is adequate, relevant and important enough to warrant entry
of the alert in SIS II.
Article 22
Specific rules for photographs and fingerprints
The use of photographs and fingerprints as referred to in Article
20 (2) (e) and (f) shall be subject to the following provisions:
(a) photographs and fingerprints shall only be entered following
a special quality check to ascertain the fulfilment of a minimum data
quality standard. The specification of the special quality check shall
be established in accordance with the procedure referred to in Article
51 (2), without prejudice to the provisions of the instrument setting
up the Management Authority;
(b) photographs and fingerprints shall only be used to confirm
the identity of a third-country national who has been located as a
result of an alphanumeric search made in SIS II;
(c) as soon as this becomes technically possible, fingerprints
may also be used to identify a third-country national on the basis of
his biometric identifier. Before this functionality is implemented in
SIS II, the Commission shall present a report on the availability and
readiness of the required technology, on which the European Parliament
shall be consulted.
Article 23
Requirement for an alert to be entered
1. An alert may not be entered without the data referred to in
Article 20 (2) (a), (d), (k) and (l).
2. When available, all other data listed in Article 20 (2) shall
also be entered.
Article 24
Conditions for issuing alerts on refusal
of entry or stay
1. Data on third-country nationals in respect of whom an alert
has been issued for the purposes of refusing entry or stay shall be
entered on the basis of a national alert resulting from a decision
taken by the competent administrative authorities or courts in
accordance with the rules of procedure laid down by national law taken
on the basis of an individual assessment. Appeals against these
decisions shall lie in accordance with national legislation.
2. An alert shall be entered where the decision referred to in
paragraph 1 is based on a threat to public policy or public security
or to national security which the presence of the third-country
national in question in the territory of a Member State may pose. This
situation shall arise in particular in the case of:
(a) a third-country national who has been convicted in a Member
State of an offence carrying a penalty involving deprivation of
liberty of at least one year;
(b) a third-country national in respect of whom there are serious
grounds for believing that he has committed a serious criminal offence
or in respect of whom there are clear indications of an intention to
commit such an offence in the territory of a Member State.
3. An alert may also be entered when the decision referred to in
paragraph 1 is based on the fact that the third-country national has
been subject to a measure involving expulsion, refusal of entry or
removal which has not been rescinded or suspended, that includes or is
accompanied by a prohibition on entry or, where applicable, a
prohibition on residence, based on a failure to comply with national
regulations on the entry or residence of third-country nationals.
4. This Article shall not apply in respect of the persons
referred to in Article 26.
5. The Commission shall review the application of this Article
three years after the date referred to in Article 55 (2). On the basis
of that review, the Commission shall, using its right of initiative in
accordance with the Treaty, make the necessary proposals to modify the
provisions of this Article to achieve a greater level of harmonisation
of the criteria for entering alerts.
Article 25
Conditions for entering alerts on third-country
nationals who are beneficiaries of the right
of free movement within the Community
1. An alert concerning a third-country national who is a
beneficiary of the right of free movement within the Community, within
the meaning of Directive 2004/38/EC of the European Parliament and of
the Council of 29 April 2004 on the right of citizens of the Union and
their family members to move and reside freely within the territory of
the Member States <*> shall be in conformity with the rules adopted in
implementation of that Directive.
--------------------------------
<*> OJ L 158, 30.4.2004, p. 77.
2. Where there is a hit on an alert pursuant to Article 24
concerning a third-country national who is a beneficiary of the right
of free movement within the Community, the Member State executing the
alert shall consult immediately the issuing Member State, through its
SIRENE Bureau and in accordance with the provisions of the SIRENE
Manual, in order to decide without delay on the action to be taken.
Article 26
Conditions for issuing alerts on third-country nationals
subject to a restrictive measure taken in accordance
with Article 15 of the Treaty on European Union
1. Without prejudice to Article 25, alerts relating to
third-country nationals who are the subject of a restrictive measure
intended to prevent entry into or transit through the territory of
Member States, taken in accordance with Article 15 of the Treaty on
European Union, including measures implementing a travel ban issued by
the Security Council of the United Nations, shall, insofar as
data-quality requirements are satisfied, be entered in SIS II for the
purpose of refusing entry or stay.
2. Article 23 shall not apply in respect of alerts entered on the
basis of paragraph 1 of this Article.
3. The Member State responsible for entering, updating and
deleting these alerts on behalf of all Member States shall be
designated at the moment of the adoption of the relevant measure taken
in accordance with Article 15 of the Treaty on European Union.
Article 27
Authorities having a right to access alerts
1. Access to data entered in SIS II and the right to search such
data directly or in a copy of SIS II data shall be reserved
exclusively to the authorities responsible for the identification of
third-country nationals for the purposes of:
(a) border control, in accordance with Regulation (EC) No.
562/2006 of the European Parliament and the Council of 15 March 2006
establishing a Community Code on the rules governing the movement of
persons across borders (Schengen Borders Code) <*>;
--------------------------------
<*> OJ L 105, 13.4.2006, p. 1.
(b) other police and customs checks carried out within the Member
State concerned, and the coordination of such checks by designated
authorities.
2. However, the right to access data entered in SIS II and the
right to search such data directly may also be exercised by national
judicial authorities, including those responsible for the initiation
of public prosecutions in criminal proceedings and for judicial
inquiries prior to charge, in the performance of their tasks, as
provided for in national legislation, and by their coordinating
authorities.
3. In addition, the right to access data entered in SIS II and
the data concerning documents relating to persons entered in
accordance with Article 38 (2) (d) and (e) of Decision 2006/000/JHA
and the right to search such data directly may be exercised by the
authorities responsible for issuing visas, the central authorities
responsible for examining visa applications and the authorities
responsible for issuing residence permits and for the administration
of legislation relating to third-country nationals in the context of
the application of the Community acquis relating to the movement of
persons. Access to data by these authorities shall be governed by the
law of each Member State.
4. The authorities referred to in this Article shall be included
in the list referred to in Article 31 (8).
Article 28
Scope of access
Users may only access data which they require for the performance
of their tasks.
Article 29
Retention period of alerts
1. Alerts entered in SIS II pursuant to this Regulation shall be
kept only for the time required to achieve the purposes for which they
were entered.
2. A Member State issuing an alert shall, within three years of
its entry in SIS II, review the need to keep it.
3. Each Member State shall, where appropriate, set shorter review
periods in accordance with its national law.
4. Within the review period, a Member State issuing an alert may,
following a comprehensive individual assessment, which shall be
recorded, decide to keep the alert longer, should this prove necessary
for the purposes for which the alert was issued. In such a case,
paragraph 2 shall apply also to the extension. Any extension of an
alert shall be communicated to CS-SIS.
5. Alerts shall automatically be erased after the review period
referred to in paragraph 2 except where the Member State issuing the
alert has communicated the extension of the alert to CS-SIS pursuant
to paragraph 4. CS-SIS shall automatically inform the Member States of
the scheduled deletion of data from the system four months in advance.
6. Member States shall keep statistics about the number of alerts
the retention period of which has been extended in accordance with
paragraph 4.
Article 30
Acquisition of citizenship and alerts
Alerts issued in respect of a person who has acquired citizenship
of any State whose nationals are beneficiaries of the right of free
movement within the Community shall be erased as soon as the Member
State which issued the alert becomes aware, or is informed pursuant to
Article 34, that the person in question has acquired such citizenship.
Chapter V. GENERAL DATA-PROCESSING RULES
Article 31
Processing of SIS II data
1. The Member States may process the data referred to in Article
20 for the purposes of refusing entry into or a stay in their
territories.
2. Data may only be copied for technical purposes, provided that
such copying is necessary in order for the authorities referred to in
Article 27 to carry out a direct search. The provisions of this
Regulation shall apply to such copies. Alerts issued by one Member
State may not be copied from its N.SIS II into other national data
files.
3. Technical copies, as referred to in paragraph 2, which lead to
off-line databases may be retained for a period not exceeding 48
hours. That period may be extended in an emergency until the emergency
comes to an end.
Notwithstanding the first subparagraph, technical copies which
lead to off-line databases to be used by visa issuing authorities
shall no longer be permitted one year after the authority in question
has been connected successfully to the Communication Infrastructure
for the Visa Information System to be provided for in a future
Regulation concerning the Visa Information System (VIS) and the
exchange of data between Member States on short stay visas except for
copies made to be used only in an emergency following the
unavailability of the network for more than 24 hours.
Member States shall keep an up-to-date inventory of such copies,
make this inventory available to their national supervisory authority
and ensure that the provisions of this Regulation, in particular those
of Article 10, are applied in respect of such copies.
4. Access to data shall only be authorised within the limits of
the competence of the national authorities referred to in Article 27
and to duly authorised staff.
5. Data may not be used for administrative purposes. By way of
derogation, data entered in accordance with this Regulation may be
used in accordance with the laws of each Member State by the
authorities referred to in Article 27 (3) in the performance of their
duties.
6. Data entered in accordance with Article 24 of this Regulation
and data concerning documents relating to persons entered under
Article 38 (2) (d) and (e) of Decision 2006/000/JHA may be used in
accordance with the laws of each Member State for the purposes
referred to in Article 27 (3) of this Regulation.
7. Any use of data which does not comply with paragraphs 1 to 6
shall be considered as misuse under the national law of each Member
State.
8. Each Member State shall send to the Management Authority a
list of its competent authorities authorised to search directly the
data contained in SIS II pursuant to this Regulation as well as any
changes to the list. That list shall specify, for each authority,
which data it may search and for what purposes. The Management
Authority shall ensure the annual publication of the list in the
Official Journal of the European Union.
9. Insofar as Community law does not lay down specific
provisions, the law of each Member State shall apply to data entered
in its N.SIS II.
Article 32
SIS II data and national files
1. Article 31 (2) shall not prejudice the right of a Member State
to keep in its national files SIS II data in connection with which
action has been taken on its territory. Such data shall be kept in
national files for a maximum period of three years, except if specific
provisions of national law provide for a longer retention period.
2. Article 31 (2) shall not prejudice the right of a Member State
to keep in its national files data contained in a particular alert
issued in SIS II by that Member State.
Article 33
Information in the event of non-execution of an alert
If a requested action cannot be performed, the requested Member
State shall immediately inform the Member State issuing the alert.
Article 34
Quality of the data processed in SIS II
1. A Member State issuing an alert shall be responsible for
ensuring that the data are accurate, up-to-date and entered in SIS II
lawfully.
2. Only the Member State issuing an alert shall be authorised to
modify, add to, correct, update or delete data which it has entered.
3. If a Member State other than that which issued an alert has
evidence suggesting that an item of data is factually incorrect or has
been unlawfully stored, it shall, through the exchange of
supplementary information, inform the Member State that issued the
alert thereof at the earliest opportunity and not later than ten days
after the said evidence has come to its attention. The Member State
that issued the alert shall check the communication and, if necessary,
correct or delete the item in question without delay.
4. If the Member States are unable to reach agreement within two
months, the Member State which did not issue the alert shall submit
the matter to the European Data Protection Supervisor, who shall,
jointly with the national supervisory authorities concerned, act as
mediator.
5. The Member States shall exchange supplementary information if
a person complains that he is not the person wanted by an alert. If
the outcome of the check is that there are in fact two different
persons the complainant shall be informed of the provisions of Article
36.
6. Where a person is already the subject of an alert in SIS II, a
Member State which enters a further alert shall reach agreement on the
entry of the alert with the Member State which entered the first
alert. The agreement shall be reached on the basis of the exchange of
supplementary information.
Article 35
Distinguishing between persons with similar
characteristics
Where it becomes apparent, when a new alert is entered, that
there is already a person in SIS II with the same identity description
element, the following procedure shall be followed:
(a) the SIRENE Bureau shall contact the requesting authority to
clarify whether or not the alert is on the same person;
(b) if the cross-check reveals that the subject of the new alert
and the person already in SIS II are indeed one and the same, the
SIRENE Bureau shall apply the procedure for entering multiple alerts
as referred to in Article 34 (6). If the outcome of the check is that
there are in fact two different persons, the SIRENE Bureau shall
approve the request for entering the second alert by adding the
necessary elements to avoid any misidentification.
Article 36
Additional data for the purpose of dealing
with misused identity
1. Where confusion may arise between the person actually intended
as the subject of an alert and a person whose identity has been
misused, the Member State which entered the alert shall, subject to
that person`s explicit consent, add data relating to the latter to the
alert in order to avoid the negative consequences of
misidentification.
2. Data relating to a person whose identity has been misused
shall be used only for the following purposes:
(a) to allow the competent authority to distinguish the person
whose identity has been misused from the person actually intended as
the subject of the alert;
(b) to allow the person whose identity has been misused to prove
his identity and to establish that his identity has been misused.
3. For the purpose of this Article, no more than the following
personal data may be entered and further processed in SIS II:
(a) surname(s) and forename(s), name(s) at birth and previously
used names and any aliases possibly entered separately;
(b) any specific objective and physical characteristic not
subject to change;
(c) place and date of birth;
(d) sex;
(e) photographs;
(f) fingerprints;
(g) nationality(ies);
(h) number(s) of identity paper(s) and date of issue.
4. The technical rules necessary for entering and further
processing the data referred to in paragraph 3 shall be established in
accordance with the procedure referred to in Article 51 (2), without
prejudice to the provisions of the instrument setting up the
Management Authority.
5. The data referred to in paragraph 3 shall be erased at the
same time as the corresponding alert or earlier if the person so
requests.
6. Only the authorities having a right of access to the
corresponding alert may access the data referred to in paragraph 3.
They may do so for the sole purpose of avoiding misidentification.
Article 37
Links between alerts
1. A Member State may create a link between alerts it enters in
SIS II. The effect of such a link shall be to establish a relationship
between two or more alerts.
2. The creation of a link shall not affect the specific action to
be taken on the basis of each linked alert or the retention period of
each of the linked alerts.
3. The creation of a link shall not affect the rights of access
provided for in this Regulation. Authorities with no right of access
to certain categories of alert shall not be able to see the link to an
alert to which they do not have access.
4. A Member State shall create a link between alerts only when
there is a clear operational need.
5. Links may be created by a Member State in accordance with its
national legislation provided that the principles outlined in the
present Article are respected.
6. Where a Member State considers that the creation by another
Member State of a link between alerts is incompatible with its
national law or international obligations, it may take the necessary
measures to ensure that there can be no access to the link from its
national territory or by its authorities located outside its
territory.
7. The technical rules for linking alerts shall be adopted in
accordance with the procedure referred to in Article 51 (2), without
prejudice to the provisions of the instrument setting up the
Management Authority.
Article 38
Purpose and retention period of supplementary
information
1. Member States shall keep a reference to the decisions giving
rise to an alert at the SIRENE Bureau to support the exchange of
supplementary information.
2. Personal data held in files by the SIRENE Bureau as a result
of information exchanged, shall be kept only for such time as may be
required to achieve the purposes for which they were supplied. They
shall in any event be deleted at the latest one year after the related
alert has been deleted from SIS II.
3. Paragraph 2 shall not prejudice the right of a Member State to
keep in national files data relating to a particular alert which that
Member State has issued or to an alert in connection with which action
has been taken on its territory. The period for which such data may be
held in such files shall be governed by national law.
Article 39
Transfer of personal data to third parties
Data processed in SIS II pursuant to this Regulation shall not be
transferred or made available to third countries or to international
organisations.
Chapter VI. DATA PROTECTION
Article 40
Processing of sensitive categories of data
Processing of the categories of data listed in Article 8 (1) of
Directive 95/46/EC shall be prohibited.
Article 41
Right of access, correction of inaccurate data
and deletion of unlawfully stored data
1. The right of persons to have access to data relating to them
entered in SIS II in accordance with this Regulation shall be
exercised in accordance with the law of the Member State before which
they invoke that right.
2. If national law so provides, the national supervisory
authority shall decide whether information is to be communicated and
by what procedures.
3. A Member State other than that which has issued an alert may
communicate information concerning such data only if it first gives
the Member State issuing the alert an opportunity to state its
position. This shall be done through the exchange of supplementary
information.
4. Information shall not be communicated to the data subject if
this is indispensable for the performance of a lawful task in
connection with an alert or for the protection of the rights and
freedoms of third parties.
5. Any person has the right to have factually inaccurate data
relating to him corrected or unlawfully stored data relating to him
deleted.
6. The individual concerned shall be informed as soon as possible
and in any event not later than 60 days from the date on which he
applies for access or sooner, if national law so provides.
7. The individual shall be informed about the follow-up given to
the exercise of his rights of correction and deletion as soon as
possible and in any event not later than three months from the date on
which he applies for correction or deletion or sooner, if national law
so provides.
Article 42
Right of information
1. Third-country nationals who are the subject of an alert issued
in accordance with this Regulation shall be informed in accordance
with Articles 10 and 11 of Directive 95/46/EC. This information shall
be provided in writing, together with a copy of or a reference to the
national decision giving rise to the alert, as referred to in Article
24 (1).
2. This information shall not be provided:
(a) where
(i) the personal data have not been obtained from the
third-country national in question;
and
(ii) the provision of the information proves impossible or would
involve a disproportionate effort;
(b) where the third country national in question already has the
information;
(c) where national law allows for the right of information to be
restricted, in particular in order to safeguard national security,
defence, public security and the prevention, investigation, detection
and prosecution of criminal offences.
Article 43
Remedies
1. Any person may bring an action before the courts or the
authority competent under the law of any Member State to access,
correct, delete or obtain information or to obtain compensation in
connection with an alert relating to him.
2. The Member States undertake mutually to enforce final
decisions handed down by the courts or authorities referred to in
paragraph 1, without prejudice to the provisions of Article 48.
3. The rules on remedies provided for in this Article shall be
evaluated by the Commission by 17 January 2009.
Article 44
Supervision of N.SIS II
1. The authority or authorities designated in each Member State
and endowed with the powers referred to in Article 28 of Directive
95/46/EC (the "National Supervisory Authority") shall monitor
independently the lawfulness of the processing of SIS II personal data
on their territory and its transmission from that territory, and the
exchange and further processing of supplementary information.
2. The National Supervisory Authority shall ensure that an audit
of the data processing operations in its N.SIS II is carried out in
accordance with international auditing standards at least every four
years.
3. Member States shall ensure that their National Supervisory
Authority has sufficient resources to fulfil the tasks entrusted to it
under this Regulation.
Article 45
Supervision of the Management Authority
1. The European Data Protection Supervisor shall check that the
personal data processing activities of the Management Authority are
carried out in accordance with this Regulation. The duties and powers
referred to in Articles 46 and 47 of Regulation (EC) No. 45/2001 shall
apply accordingly.
2. The European Data Protection Supervisor shall ensure that an
audit of the Management Authority`s personal data processing
activities is carried out in accordance with international auditing
standards at least every four years. A report of such audit shall be
sent to the European Parliament, the Council, the Management
Authority, the Commission and the National Supervisory Authorities.
The Management Authority shall be given an opportunity to make
comments before the report is adopted.
Article 46
Cooperation between National Supervisory Authorities
and the European Data Protection Supervisor
1. The National Supervisory Authorities and the European Data
Protection Supervisor, each acting within the scope of its respective
competences, shall cooperate actively in the framework of their
responsibilities and shall ensure coordinated supervision of SIS II.
2. They shall, each acting within the scope of its respective
competences, exchange relevant information, assist each other in
carrying out audits and inspections, examine difficulties of
interpretation or application of this Regulation, study problems with
the exercise of independent supervision or in the exercise of the
rights of data subjects, draw up harmonised proposals for joint
solutions to any problems and promote awareness of data protection
rights, as necessary.
3. The National Supervisory Authorities and the European Data
Protection Supervisor shall meet for that purpose at least twice a
year. The costs and servicing of these meetings shall be for the
account of the European Data Protection Supervisor. Rules of procedure
shall be adopted at the first meeting. Further working methods shall
be developed jointly as necessary. A joint report of activities shall
be sent to the European Parliament, the Council, the Commission and
the Management Authority every two years.
Article 47
Data protection during the transitional period
Where the Commission delegates its responsibilities during the
transitional period to another body or bodies, pursuant to Article 15
(4), it shall ensure that the European Data Protection Supervisor has
the right and is able to fully exercise his tasks, including carrying
out on-the-spot checks, and to exercise any other powers conferred on
him by Article 47 of Regulation (EC) No. 45/2001.
Chapter VII. LIABILITY AND PENALTIES
Article 48
Liability
1. Each Member State shall be liable in accordance with its
national law for any damage caused to a person through the use of
N.SIS II. This shall also apply to damage caused by the Member State
which issued the alert, where the latter entered factually inaccurate
data or stored data unlawfully.
2. If the Member State against which an action is brought is not
the Member State issuing the alert, the latter shall be required to
reimburse, on request, the sums paid out as compensation unless the
use of the data by the Member State requesting reimbursement infringes
this Regulation.
3. If any failure of a Member State to comply with its
obligations under this Regulation causes damage to SIS II, that Member
State shall be held liable for such damage, unless and insofar as the
Management Authority or another Member State participating in SIS II
failed to take reasonable steps to prevent the damage from occurring
or to minimise its impact.
Article 49
Penalties
Member States shall ensure that any misuse of data entered in SIS
II or any exchange of supplementary information contrary to this
Regulation is subject to effective, proportionate and dissuasive
penalties in accordance with national law.
Chapter VIII. FINAL PROVISIONS
Article 50
Monitoring and statistics
1. The Management Authority shall ensure that procedures are in
place to monitor the functioning of SIS II against objectives relating
to output, cost-effectiveness, security and quality of service.
2. For the purposes of technical maintenance, reporting and
statistics, the Management Authority shall have access to the
necessary information relating to the processing operations performed
in Central SIS II.
3. Each year the Management Authority shall publish statistics
showing the number of records per category of alert, the number of
hits per category of alert and how many times SIS II was accessed, in
total and for each Member State.
4. Two years after SIS II is brought into operation and every two
years thereafter, the Management Authority shall submit to the
European Parliament and the Council a report on the technical
functioning of Central SIS II and the Communication Infrastructure,
including the security thereof and the bilateral and multilateral
exchange of supplementary information between Member States.
5. Three years after SIS II is brought into operation and every
four years thereafter, the Commission shall produce an overall
evaluation of Central SIS II and the bilateral and multilateral
exchange of supplementary information between Member States. This
overall evaluation shall include an examination of results achieved
against objectives and an assessment of the continuing validity of the
underlying rationale, the application of this Regulation in respect of
Central SIS II, the security of Central SIS II and any implications
for future operations. The Commission shall transmit the evaluation to
the European Parliament and the Council.
6. Member States shall provide the Management Authority and the
Commission with the information necessary to draft the reports
referred to in paragraphs 3, 4 and 5.
7. The Management Authority shall provide the Commission with the
information necessary to produce the overall evaluations referred to
in paragraph 5.
8. During a transitional period before the Management Authority
takes up its responsibilities, the Commission shall be responsible for
producing and submitting the reports referred to in paragraphs 3 and
4.
Article 51
Committee
1. The Commission shall be assisted by a Committee.
2. Where reference is made to this paragraph, Articles 5 and 7 of
Decision 1999/468/EC shall apply, having regard to the provisions of
Article 8 thereof.
The period provided for in Article 5 (6) of Decision 1999/468/EC
shall be three months.
3. The Committee shall exercise its function from the date of
entry into force of this Regulation.
Article 52
Amendment of the provisions of the Schengen Acquis
1. For the purposes of matters falling within the scope of the
Treaty, this Regulation shall replace, on the date referred to in
Article 55 (2), the provisions of Articles 92 to 119 of the Schengen
Convention, with the exception of Article 102 A thereof.
2. It shall also replace, on the date referred to in Article 55
(2), the following provisions of the Schengen acquis implementing
those articles <*>:
--------------------------------
<*> OJ L 239, 22.9.2000, p. 439.
(a) Decision of the Executive Committee of 14 December 1993 on
the Financial Regulation on the costs of installing and operating the
Schengen Information System (C.SIS) (SCH/Com-ex (93) 16);
(b) Decision of the Executive Committee of 7 October 1997 on the
development of the SIS (SCH/Com-ex (97) 24);
(c) Decision of the Executive Committee of 15 December 1997
amending the Financial Regulation on C.SIS (SCH/Com-ex (97) 35);
(d) Decision of the Executive Committee of 21 April 1998 on C.SIS
with 15/18 connections (SCH/Com-ex (98) 11);
(e) Decision of the Executive Committee of 28 April 1999 on C.SIS
installation expenditure (SCH/Com-ex (99) 4);
(f) Decision of the Executive Committee of 28 April 1999 on
updating the SIRENE Manual (SCH/Com-ex (99) 5);
(g) Declaration of the Executive Committee of 18 April 1996
defining the concept of alien (SCH/Com-ex (96) decl. 5);
(h) Declaration of the Executive Committee of 28 April 1999 on
the structure of SIS (SCH/Com-ex (99) decl. 2 rev.);
(i) Decision of the Executive Committee of 7 October 1997 on
contributions from Norway and Iceland to the costs of installing and
operating of the C.SIS (SCH/Com-ex (97) 18).
3. For the purposes of matters falling within the scope of the
Treaty, references to the replaced Articles of the Schengen Convention
and relevant provisions of the Schengen acquis implementing those
Articles shall be construed as references to this Regulation.
Article 53
Repeal
Regulation (EC) No. 378/2004, Regulation (EC) No. 871/2004,
Decision 2005/451/JHA, Decision 2005/728/JHA and Decision 2006/628/EC
are repealed on the date referred to in Article 55 (2).
Article 54
Transitional period and budget
1. Alerts shall be transferred from SIS 1+ to SIS II. The Member
States shall ensure, giving priority to alerts on persons, that the
contents of the alerts that are transferred from SIS 1+ to SIS II
satisfy the provisions of this Regulation as soon as possible and
within three years after the date referred to in Article 55 (2) at the
latest. During this transitional period, the Member States may
continue to apply the provisions of Articles 94 and 96 of the Schengen
Convention to the contents of the alerts that are transferred from SIS
1+ to SIS II, subject to the following rules:
(a) in the event of a modification of, an addition to, or a
correction or update of the content of an alert transferred from SIS
1+ to SIS II, the Member States shall ensure that the alert satisfies
the provisions of this Regulation as from the time of that
modification, addition, correction or update;
(b) in the event of a hit on an alert transferred from SIS 1+ to
SIS II, the Member States shall examine the compatibility of that
alert with the provisions of this Regulation immediately, but without
delaying the action to be taken on the basis of that alert.
2. The remainder of the budget at the date set in accordance with
Article 55 (2), which has been approved in accordance with the
provisions of Article 119 of the Schengen Convention, shall be paid
back to the Member States. The amounts to be repaid shall be
calculated on the basis of the contributions from the Member States as
laid down in the Decision of the Executive Committee of 14 December
1993 on the financial regulation on the costs of installing and
operating the Schengen Information System.
3. During the transitional period referred to in Article 15 (4),
references in this Regulation to the Management Authority shall be
construed as a reference to the Commission.
Article 55
Entry into force, applicability and migration
1. This Regulation shall enter into force on the twentieth day
following that of its publication in the Official Journal of the
European Union.
2. It shall apply to the Member States participating in SIS 1+
from dates to be fixed by the Council, acting by the unanimity of its
Members representing the governments of the Member States
participating in SIS 1+.
3. The dates referred to in paragraph 2 shall be fixed after:
(a) the necessary implementing measures have been adopted;
(b) all Member States fully participating in SIS 1+ have notified
the Commission that they have made the necessary technical and legal
arrangements to process SIS II data and exchange supplementary
information;
(c) the Commission has declared the successful completion of a
comprehensive test of SIS II, which shall be conducted by the
Commission together with the Member States, and the preparatory bodies
of the Council have validated the proposed test result and confirmed
that the level of performance of SIS II is at least equivalent to that
achieved with SIS 1+;
(d) the Commission has made the necessary technical arrangements
for allowing Central SIS II to be connected to the N.SIS II of the
Member States concerned.
4. The Commission shall inform the European Parliament of the
results of the tests carried out in accordance with paragraph 3 (c).
5. Any Decision of the Council taken in accordance with paragraph
2 shall be published in the Official Journal of the European Union.
This Regulation shall be binding in its entirety and directly
applicable in the Member States in accordance with the Treaty
establishing the European Community.
Done at Brussels, 20 December 2006.Страницы: 1 2 |