Datalagring: tekniske ordninger
Kommisjonens gjennomføringsbeslutning (EU) 2023/1802 av 20. september 2023 om fastsettelse av tekniske ordninger for datalagring
Commission Implementing Decision (EU) 2023/1802 of 20 September 2023 laying down the technical arrangements for data retention
Avtalegrunnlag
Schengen-avtalen
Kommisjonsbeslutning publisert i EU-tidende 21.9.2023
Bakgrunn
BAKGRUNN (fra kommisjonsbeslutningen)
(1) Regulation (EU) 2018/1240 establishes the European Travel Information and Authorisation System (‘ETIAS’) applicable to visa-exempt third-country nationals seeking to enter the territory of the Member States.
(2) The purpose of this Decision is to lay down the technical specifications for the implementation of the conditions of data retention provided for in Article 24(6), point (c)(ii) and Article 54(1), point (b), of Regulation (EU) 2018/1240, to enable automated verifications relying on the European Search Portal (‘ESP’).
(3) Pursuant to Articles 24(6) and 54(1) of Regulation (EU) 2018/1240, the ETIAS Central System should periodically and automatically verify that the conditions for the retention of application files are fulfilled.
(4) In order to fulfil this obligation, the ETIAS Central System should adhere to the retention period of the application file, this being five years from the last decision to refuse, annul or revoke the travel authorisation.
(5) In the case all the data giving rise to the decision to refuse, annul or revoke a travel authorisation is deleted prior to the expiry of the five-year retention period, the ETIAS Central System should automatically delete the application file within three days. For this reason, and in order to limit the amount of processing, the system should verify daily the compliance with data retention rules. In addition, in the case where a record should be deleted, it should be done within three days.
(6) Given that Regulation (EU) 2018/1240 builds upon the Schengen acquis, in accordance with Article 4 of Protocol No 22 on the position of Denmark, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, Denmark notified the implementation of Regulation (EU) 2018/1240 in its national law. Denmark is therefore bound by this Decision.
(7) This Decision constitutes a development of the provisions of the Schengen acquis in which Ireland does not take part. This Decision falls outside the scope of the measures provided for in Council Decision 2002/192/EC. Ireland is therefore not taking part in the adoption of this Decision and is not bound by it or subject to its application.
(8) As regards Iceland and Norway, this Decision constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the association of those two States with the implementation, application and development of the Schengen acquis, which fall within the area referred to in Article 1, point A of Council Decision 1999/437/EC.
(9) As regards Switzerland, this Decision constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis, which fall within the area referred to in Article 1, point A of Decision 1999/437/EC, read in conjunction with Article 3 of Council Decision 2008/146/EC.
(10) As regards Liechtenstein, this Decision constitutes a development of the provisions of the Schengen acquis within the meaning of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis which fall within the area referred to in Article 1, point A of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2011/350/EU.
(11) As regards Cyprus, Bulgaria and Romania, this Decision constitutes an act building upon, or otherwise relating to, the Schengen acquis within, respectively, the meaning of Article 3(1) of the 2003 Act of Accession and Article 4(1) of the 2005 Act of Accession
(12) The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council and delivered an opinion on 9 September 2022.
(13) The measures provided for in this Decision are in accordance with the opinion of the Smart Borders Committee,
(1) Regulation (EU) 2018/1240 establishes the European Travel Information and Authorisation System (‘ETIAS’) applicable to visa-exempt third-country nationals seeking to enter the territory of the Member States.
(2) The purpose of this Decision is to lay down the technical specifications for the implementation of the conditions of data retention provided for in Article 24(6), point (c)(ii) and Article 54(1), point (b), of Regulation (EU) 2018/1240, to enable automated verifications relying on the European Search Portal (‘ESP’).
(3) Pursuant to Articles 24(6) and 54(1) of Regulation (EU) 2018/1240, the ETIAS Central System should periodically and automatically verify that the conditions for the retention of application files are fulfilled.
(4) In order to fulfil this obligation, the ETIAS Central System should adhere to the retention period of the application file, this being five years from the last decision to refuse, annul or revoke the travel authorisation.
(5) In the case all the data giving rise to the decision to refuse, annul or revoke a travel authorisation is deleted prior to the expiry of the five-year retention period, the ETIAS Central System should automatically delete the application file within three days. For this reason, and in order to limit the amount of processing, the system should verify daily the compliance with data retention rules. In addition, in the case where a record should be deleted, it should be done within three days.
(6) Given that Regulation (EU) 2018/1240 builds upon the Schengen acquis, in accordance with Article 4 of Protocol No 22 on the position of Denmark, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, Denmark notified the implementation of Regulation (EU) 2018/1240 in its national law. Denmark is therefore bound by this Decision.
(7) This Decision constitutes a development of the provisions of the Schengen acquis in which Ireland does not take part. This Decision falls outside the scope of the measures provided for in Council Decision 2002/192/EC. Ireland is therefore not taking part in the adoption of this Decision and is not bound by it or subject to its application.
(8) As regards Iceland and Norway, this Decision constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the association of those two States with the implementation, application and development of the Schengen acquis, which fall within the area referred to in Article 1, point A of Council Decision 1999/437/EC.
(9) As regards Switzerland, this Decision constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis, which fall within the area referred to in Article 1, point A of Decision 1999/437/EC, read in conjunction with Article 3 of Council Decision 2008/146/EC.
(10) As regards Liechtenstein, this Decision constitutes a development of the provisions of the Schengen acquis within the meaning of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis which fall within the area referred to in Article 1, point A of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2011/350/EU.
(11) As regards Cyprus, Bulgaria and Romania, this Decision constitutes an act building upon, or otherwise relating to, the Schengen acquis within, respectively, the meaning of Article 3(1) of the 2003 Act of Accession and Article 4(1) of the 2005 Act of Accession
(12) The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council and delivered an opinion on 9 September 2022.
(13) The measures provided for in this Decision are in accordance with the opinion of the Smart Borders Committee,
Avtalegrunnlag
Schengen-avtalen