法律人 LawPlayer logo

資料由法律人 LawPlayer整理提供·EU law / curated by LawPlayer from EUR-Lex

Decision

Commission Implementing Decision (EU) 2021/627 of 15 April 2021 laying down rules on keeping and accessing of the logs in the European Travel Information and Authorisation System (ETIAS) pursuant to Regulation (EU) 2018/1240 of the European Parliament and of the Council

CELEX
Implementing Decision (EU) 2021/627
Date of document
Articles
3
Source
EUR-Lex
Article 1Keeping of logs of data processing operations

1.   The logs of all data processing operations within the ETIAS Information System to be kept in accordance with Article 69(1) of Regulation (EU) 2018/1240, which include logs involving access by carriers as provided for in Article 45(7), by border authorities and immigration authorities as provided for in Article 69(3) of Regulation (EU) 2018/1240 and by the central access points as provided for in Article 70(1) of Regulation (EU) 2018/1240, shall be recorded and stored by the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice in the ETIAS Central System.

2.   Each data processing operation within the ETIAS information system shall be recorded as a separate log entry.

The log entry shall have a specific field allowing for the identification of the details relating to the operation performed.

3.   The log entry shall be recorded with the time and date of each data processing operation (‘timestamp’).

4.   Each log entry shall store the unique ID of the authority as well as of the official or staff member accessing, amending or erasing data stored in the ETIAS Central System.

5.   Log entries shall be deleted daily by the ETIAS Central System in accordance with the retention periods provided for in Article 45(7), Article 69(4) and Article 70(4) of Regulation (EU) 2018/1240.

A timestamp shall be used to identify the log entries to be deleted at the end of the relevant retention period for each type of log.

Article 2Access to logs of data processing operations

1.   Access to the logs kept by the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice pursuant to Regulation (EU) 2018/1240 shall be limited to:

(a)

duly authorised administrators of ETIAS of the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice and Data Protection Officer for the purposes referred to in Article 58(2) of Regulation (EU) 2018/1240 and in particular for ensuring compliance with Article 69(4) of that Regulation;

(b)

duly authorised staff and Data Protection Officer of the European Border and Coast Guard Agency, for the purposes laid down in Articles 7(2)(e) and 61 of Regulation (EU) 2018/1240 and ensuring the lawfulness of data processing, data integrity and security;

(c)

duly authorised staff and Data Protection Officers of the ETIAS National Units, for the purposes referred to in Article 57(2).

2.   The European Data Protection Supervisor and the competent national supervisory authorities carrying out the supervisory functions referred to in Articles 66 and 67 of Regulation (EU) 2018/1240 shall have access to the logs on request to eu-LISA or to the ETIAS National Unit(s).

3.   The log entries and the specific fields recorded in the ETIAS Central System, in accordance with Article 1, shall be searchable at least by reference to author, date of access or type of processing operation.

4.   For the purposes of Article 45(5) and (7) of Regulation (EU) 2018/1240, the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice may transmit logs to ETIAS National Units necessary for the resolution of a dispute arising from the application of that Article provided that the following conditions are met:

(a)

the ETIAS National concerned has submitted an explicit reasoned request for such logs to the European Border and Coast Guard Agency as data controller within the meaning of the first sentence of Article 57(1) of that Regulation;

(b)

the European Border and Coast Guard Agency has verified and approved the request.

5.   Logs recording access to the logs carried out pursuant to paragraph 1 shall be traceable at least according to the author or date of access.

6.   Logs recording access to the logs carried out pursuant to paragraph 1 shall be searchable at least by reference to author, date of access or type of processing operation.

Article 3Entry into force

This Decision shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union .

3 articles

Cite this act

Commission Implementing Decision (EU) 2021/627 of 15 April 2021 laying down rules on keeping and accessing of the logs in the European Travel Information and Authorisation System (ETIAS) pursuant to Regulation (EU) 2018/1240 of the European Parliament and of the Council (EUR-Lex). Retrieved via LawPlayer, https://lawplayer.com/eu/act/32021D0627

© European Union, https://eur-lex.europa.eu, 1998-2026. Reuse authorised under Commission Decision 2011/833/EU, provided the source is acknowledged.

EU-EurLex-Reuse-2011-833

本頁資料來源:EUR-Lex·整理提供:法律人 LawPlayer· lawplayer.com