Schengen-informasjonssystemet (SIS): innlegging av meldinger fra Europol
(Forslag) Europaparlaments- og rådsforordning (EU) .../... om endring av forordning (EU) 2018/1862 om opprettelse, drift og bruk av Schengen-informasjonssystem (SIS) i politisamarbeid og rettslig samarbeid i kriminalsaker med hensyn til innlegginger av meldinger fra Europol
(Proposal) Regulation (EU) .../... of the European Parliament and of the Council amending Regulation (EU) 2018/1862 on the establishment, operation and use of the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters as regards the entry of alerts by Europol
Avtalegrunnlag
Schengen-avtalen
Europaparlamentets plenumsbehandling 8.6.2022 (enighet med Rådet)
Bakgrunn
BAKGRUNN (fra Kommisjonens forslag, engelsk utgave)
(1) The Schengen Information System (‘SIS’) constitutes an essential tool for maintaining a high level of security within the area of freedom, security and justice of the Union by supporting operational cooperation between national competent authorities, in particular border guards, the police, customs authorities, immigration authorities, and authorities responsible for the prevention, detection, investigation or prosecution of criminal offences or execution of criminal penalties. Regulation (EU) 2018/1862 of the European Parliament and of the Council constitutes the legal basis for SIS in respect of matters falling within the scope of Chapters 4 and 5 of Title V of Part Three of the Treaty on Functioning of the European Union (TFEU).
(2) Alerts on persons and objects entered in SIS are in real time made available directly to all end-users of the competent national authorities of Member States that use SIS pursuant to Regulation (EU) 2018/1862. SIS alerts contain information about a particular person or object as well as instructions for the authorities on what to do when the person or object has been found.
(3) The European Union Agency for Law Enforcement Cooperation (Europol), established by Regulation (EU) 2016/794 of the European Parliament and of the Council , plays an important role in the use of SIS and in the exchange of supplementary information with Member States on SIS alerts. Nevertheless, according to existing rules, alerts in SIS can only be issued by Member States’ competent authorities.
(4) Given the increasingly global nature of serious crime and terrorism brought about by growing mobility, the information that third countries and international organisations, such as the International Criminal Police Organization and the International Criminal Court, obtain about criminals and terrorists is increasingly relevant for the Union‘s security. Such information should contribute to the comprehensive efforts to ensure internal security in the European Union. Some of this information is only shared with Europol. While Europol holds valuable information received from external partners on serious criminals and terrorists, it cannot issue alerts in SIS. Member States are also not always able to issue alerts in SIS on the basis of such information.
(5) In order to bridge the gap in information sharing on serious crime and terrorism, in particular on foreign terrorist fighters – where the monitoring of their movement is crucial – it is necessary to ensure Europol is able to make this information available directly and in real-time to front-line officers in Member States.
(6) Europol should therefore be authorised to enter alerts in SIS pursuant to Regulation (EU) 2018/1862, in full respect of fundamental rights and data protection rules.
(7) To that end, a specific category of alert should be created in SIS, to be issued exclusively by Europol, in order to inform end-users carrying out a search in SIS that the person concerned is suspected of being involved in a criminal offence in respect of which Europol is competent, and in order for Europol to obtain confirmation that the person who is subject to the alert has been located.
(8) In order to assess whether a concrete case is adequate, relevant and important enough to warrant the entry of an alert in SIS, and in order to confirm the reliability of the source of information and the accuracy of the information on the person concerned, Europol should carry out a detailed individual assessment of each case including further consultations with the third country or international organisation that shared the data on the person concerned, as well as further analysis of the case, in particular by cross checking it against information it already holds in its databases, to confirm the accuracy of the information and complement it with other data on the basis of its own databases. The detailed individual assessment should include the analysis of whether there are sufficient grounds for considering that the person has committed or taken part in, or will commit a criminal offence in respect of which Europol is competent.
(9) Europol should only be able to enter an alert in SIS if the person concerned is not already subject to a SIS alert issued by a Member State. A further precondition for the creation of such an alert should be that Member States do not object to the alert being issued in SIS. Therefore, it is necessary to establish rules on the obligations of Europol prior to entering data in SIS, in particular the obligation to consult the Member States in line with Regulation (EU) 2016/794. It should also be possible for Member States to request the deletion of an alert by Europol, in particular if they obtain new information about the person who is the subject of the alert, if their national security requires so or when it is likely that the alert would represent a risk for official or legal inquiries, investigations or procedures.
(10) Europol should keep records of the individual assessment of each case, which should include the grounds for entering the alert, for the purposes of verifying the lawfulness of the data processing, self-monitoring and ensuring proper data integrity and security. In accordance with Regulation (EU) 2016/794, Europol should co-operate with the European Data Protection Supervisor and make these records available upon request, so that they can be used for monitoring processing operations.
(11) It is necessary to establish rules concerning the deletion of alerts entered in SIS by Europol. An alert should be kept only for the time required to achieve the purpose for which it was entered. It is therefore appropriate to set out detailed criteria to determine when the alert should be deleted. An alert entered by Europol in SIS should be deleted in particular if a Member State objects, another alert is entered in SIS by a Member State, or if Europol becomes aware that the information received from the third country or international organisation was incorrect or was communicated to Europol for unlawful purposes, for example if sharing the information on the person was motivated by political reasons.
(12) When entering alerts in SIS, Europol should be bound by the same requirements and obligations applicable to the Member States pursuant to Regulation (EU) 2018/1862 when they enter alerts in SIS. In particular, Europol should comply with common standards, protocols and technical procedures established to ensure the compatibility of its technical interface with Central SIS for the prompt and effective transmission of data. Requirements concerning general data processing rules, proportionality, data quality, data security, reporting and obligations related to collecting statistics applicable to Member States when entering alerts in SIS should apply to Europol as well.
(13) Regulation (EU) 2018/1725 of the European Parliament and of the Council and Regulation (EU) 2016/794 should apply to the processing of personal data by Europol when carrying out its responsibilities under this Regulation. The European Data Protection Supervisor should carry out periodic audits on the data processing of Europol concerning SIS and the exchange of supplementary information.
(14) Since the objectives of this Regulation, namely the establishment and regulation of a specific alert category issued by Europol in SIS in order to exchange information on persons who represent a threat to the internal security of the European Union, cannot be sufficiently achieved by the Member States, but can rather, by reason of their nature be better achieved at Union level, the Union may adopt measures in accordance with the principle of subsidiarity, as set out in Article 5 of the Treaty on European Union (TEU). In accordance with the principle of proportionality, as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve those objectives.
(15) This Regulation respects fundamental rights and observes the principles recognised in particular by the Charter of Fundamental Rights of the European Union. In particular, this Regulation fully respects the protection of personal data in accordance with Article 8 of the Charter of Fundamental Rights of the European Union while seeking to ensure a safe environment for all persons residing on the territory of the Union.
(16) In accordance with Articles 1 and 2 of Protocol No 22 on the Position of Denmark annexed to the TEU and to the TFEU, Denmark is not taking part in the adoption of this Regulation and is not bound by it or subject to its application. Given that this Regulation builds upon the Schengen acquis, Denmark shall, in accordance with Article 4 of that Protocol, decide within a period of six months after the Council has decided on this Regulation whether it will implement it in its national law.
(17) Ireland is taking part in this Regulation in accordance with Article 5(1) of Protocol No 19 annexed to the TEU and to the TFEU and Article 6(2) of Council Decision 2002/192/EC and Council Implementing Decision (EU) 2020/1745 .
(18) As regards Iceland and Norway, this Regulation constitutes a development of provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the latters' association with the implementation, application and development of the Schengen acquis, which fall within the area referred to in Article 1, point (G) of Council Decision 1999/437/EC.
(19) As regards Switzerland, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis, which fall within the area referred to in Article 1, point (G), of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2008/149/JHA.
(20) As regards Liechtenstein, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis, which fall within the area referred to in Article 1, point (G), of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2011/349/EU.
(21) As regards Bulgaria and Romania, this Regulation constitutes an act building upon, or otherwise relating to, the Schengen acquis within the meaning of Article 4(2) of the 2005 Act of Accession and should be read in conjunction with Council Decisions 2010/365/EU and (EU) 2018/934.
(22) As regards Croatia, this Regulation constitutes an act building upon, or otherwise relating to, the Schengen acquis within the meaning of Article 4(2) of the 2011 Act of Accession and should be read in conjunction with Council Decision (EU) 2017/733.
(23) Concerning Cyprus, this Regulation constitutes an act building upon, or otherwise relating to, the Schengen acquis within the meaning of Article 3(2) of the 2003 Act of Accession [to add eventual Council Decision].
(24) The European Data Protection Supervisor was consulted, in accordance with Article 41(2) of Regulation (EU) 2018/1725 of the European Parliament and the Council.
(25) Regulation (EU) No 2018/1862 should therefore be amended accordingly,
(1) The Schengen Information System (‘SIS’) constitutes an essential tool for maintaining a high level of security within the area of freedom, security and justice of the Union by supporting operational cooperation between national competent authorities, in particular border guards, the police, customs authorities, immigration authorities, and authorities responsible for the prevention, detection, investigation or prosecution of criminal offences or execution of criminal penalties. Regulation (EU) 2018/1862 of the European Parliament and of the Council constitutes the legal basis for SIS in respect of matters falling within the scope of Chapters 4 and 5 of Title V of Part Three of the Treaty on Functioning of the European Union (TFEU).
(2) Alerts on persons and objects entered in SIS are in real time made available directly to all end-users of the competent national authorities of Member States that use SIS pursuant to Regulation (EU) 2018/1862. SIS alerts contain information about a particular person or object as well as instructions for the authorities on what to do when the person or object has been found.
(3) The European Union Agency for Law Enforcement Cooperation (Europol), established by Regulation (EU) 2016/794 of the European Parliament and of the Council , plays an important role in the use of SIS and in the exchange of supplementary information with Member States on SIS alerts. Nevertheless, according to existing rules, alerts in SIS can only be issued by Member States’ competent authorities.
(4) Given the increasingly global nature of serious crime and terrorism brought about by growing mobility, the information that third countries and international organisations, such as the International Criminal Police Organization and the International Criminal Court, obtain about criminals and terrorists is increasingly relevant for the Union‘s security. Such information should contribute to the comprehensive efforts to ensure internal security in the European Union. Some of this information is only shared with Europol. While Europol holds valuable information received from external partners on serious criminals and terrorists, it cannot issue alerts in SIS. Member States are also not always able to issue alerts in SIS on the basis of such information.
(5) In order to bridge the gap in information sharing on serious crime and terrorism, in particular on foreign terrorist fighters – where the monitoring of their movement is crucial – it is necessary to ensure Europol is able to make this information available directly and in real-time to front-line officers in Member States.
(6) Europol should therefore be authorised to enter alerts in SIS pursuant to Regulation (EU) 2018/1862, in full respect of fundamental rights and data protection rules.
(7) To that end, a specific category of alert should be created in SIS, to be issued exclusively by Europol, in order to inform end-users carrying out a search in SIS that the person concerned is suspected of being involved in a criminal offence in respect of which Europol is competent, and in order for Europol to obtain confirmation that the person who is subject to the alert has been located.
(8) In order to assess whether a concrete case is adequate, relevant and important enough to warrant the entry of an alert in SIS, and in order to confirm the reliability of the source of information and the accuracy of the information on the person concerned, Europol should carry out a detailed individual assessment of each case including further consultations with the third country or international organisation that shared the data on the person concerned, as well as further analysis of the case, in particular by cross checking it against information it already holds in its databases, to confirm the accuracy of the information and complement it with other data on the basis of its own databases. The detailed individual assessment should include the analysis of whether there are sufficient grounds for considering that the person has committed or taken part in, or will commit a criminal offence in respect of which Europol is competent.
(9) Europol should only be able to enter an alert in SIS if the person concerned is not already subject to a SIS alert issued by a Member State. A further precondition for the creation of such an alert should be that Member States do not object to the alert being issued in SIS. Therefore, it is necessary to establish rules on the obligations of Europol prior to entering data in SIS, in particular the obligation to consult the Member States in line with Regulation (EU) 2016/794. It should also be possible for Member States to request the deletion of an alert by Europol, in particular if they obtain new information about the person who is the subject of the alert, if their national security requires so or when it is likely that the alert would represent a risk for official or legal inquiries, investigations or procedures.
(10) Europol should keep records of the individual assessment of each case, which should include the grounds for entering the alert, for the purposes of verifying the lawfulness of the data processing, self-monitoring and ensuring proper data integrity and security. In accordance with Regulation (EU) 2016/794, Europol should co-operate with the European Data Protection Supervisor and make these records available upon request, so that they can be used for monitoring processing operations.
(11) It is necessary to establish rules concerning the deletion of alerts entered in SIS by Europol. An alert should be kept only for the time required to achieve the purpose for which it was entered. It is therefore appropriate to set out detailed criteria to determine when the alert should be deleted. An alert entered by Europol in SIS should be deleted in particular if a Member State objects, another alert is entered in SIS by a Member State, or if Europol becomes aware that the information received from the third country or international organisation was incorrect or was communicated to Europol for unlawful purposes, for example if sharing the information on the person was motivated by political reasons.
(12) When entering alerts in SIS, Europol should be bound by the same requirements and obligations applicable to the Member States pursuant to Regulation (EU) 2018/1862 when they enter alerts in SIS. In particular, Europol should comply with common standards, protocols and technical procedures established to ensure the compatibility of its technical interface with Central SIS for the prompt and effective transmission of data. Requirements concerning general data processing rules, proportionality, data quality, data security, reporting and obligations related to collecting statistics applicable to Member States when entering alerts in SIS should apply to Europol as well.
(13) Regulation (EU) 2018/1725 of the European Parliament and of the Council and Regulation (EU) 2016/794 should apply to the processing of personal data by Europol when carrying out its responsibilities under this Regulation. The European Data Protection Supervisor should carry out periodic audits on the data processing of Europol concerning SIS and the exchange of supplementary information.
(14) Since the objectives of this Regulation, namely the establishment and regulation of a specific alert category issued by Europol in SIS in order to exchange information on persons who represent a threat to the internal security of the European Union, cannot be sufficiently achieved by the Member States, but can rather, by reason of their nature be better achieved at Union level, the Union may adopt measures in accordance with the principle of subsidiarity, as set out in Article 5 of the Treaty on European Union (TEU). In accordance with the principle of proportionality, as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve those objectives.
(15) This Regulation respects fundamental rights and observes the principles recognised in particular by the Charter of Fundamental Rights of the European Union. In particular, this Regulation fully respects the protection of personal data in accordance with Article 8 of the Charter of Fundamental Rights of the European Union while seeking to ensure a safe environment for all persons residing on the territory of the Union.
(16) In accordance with Articles 1 and 2 of Protocol No 22 on the Position of Denmark annexed to the TEU and to the TFEU, Denmark is not taking part in the adoption of this Regulation and is not bound by it or subject to its application. Given that this Regulation builds upon the Schengen acquis, Denmark shall, in accordance with Article 4 of that Protocol, decide within a period of six months after the Council has decided on this Regulation whether it will implement it in its national law.
(17) Ireland is taking part in this Regulation in accordance with Article 5(1) of Protocol No 19 annexed to the TEU and to the TFEU and Article 6(2) of Council Decision 2002/192/EC and Council Implementing Decision (EU) 2020/1745 .
(18) As regards Iceland and Norway, this Regulation constitutes a development of provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the latters' association with the implementation, application and development of the Schengen acquis, which fall within the area referred to in Article 1, point (G) of Council Decision 1999/437/EC.
(19) As regards Switzerland, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis, which fall within the area referred to in Article 1, point (G), of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2008/149/JHA.
(20) As regards Liechtenstein, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis, which fall within the area referred to in Article 1, point (G), of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2011/349/EU.
(21) As regards Bulgaria and Romania, this Regulation constitutes an act building upon, or otherwise relating to, the Schengen acquis within the meaning of Article 4(2) of the 2005 Act of Accession and should be read in conjunction with Council Decisions 2010/365/EU and (EU) 2018/934.
(22) As regards Croatia, this Regulation constitutes an act building upon, or otherwise relating to, the Schengen acquis within the meaning of Article 4(2) of the 2011 Act of Accession and should be read in conjunction with Council Decision (EU) 2017/733.
(23) Concerning Cyprus, this Regulation constitutes an act building upon, or otherwise relating to, the Schengen acquis within the meaning of Article 3(2) of the 2003 Act of Accession [to add eventual Council Decision].
(24) The European Data Protection Supervisor was consulted, in accordance with Article 41(2) of Regulation (EU) 2018/1725 of the European Parliament and the Council.
(25) Regulation (EU) No 2018/1862 should therefore be amended accordingly,
Avtalegrunnlag
Schengen-avtalen