法律人 LawPlayer logo

資料由法律人 LawPlayer整理提供·EU law / curated by LawPlayer from EUR-Lex

Decision

Commission Implementing Decision (EU) 2021/1028 of 21 June 2021 adopting measures for the application of Regulation (EU) 2018/1240 of the European Parliament and of the Council as regards accessing, amending, erasing and advance erasing of data in the ETIAS Central System

CELEX
Implementing Decision (EU) 2021/1028
Date of document
Articles
11
Source
EUR-Lex
Article 1Subject matter

This Decision establishes measures for the application of Regulation (EU) 2018/1240 as regards:

(1)

accessing data in accordance with Articles 22 to 29, Articles 33 to 44 and Articles 47 to 53 of that Regulation;

(2)

amending, erasing and advance erasure of data in accordance with Article 55 of that Regulation.

Article 2Definitions

For the purposes of this Decision, the following definitions apply:

(a)

‘role’ means a set of permissions linked to a specific purpose for processing data in the European Travel Information and Authorisation System (ETIAS);

(b)

‘job profile’ means one or more job functions covering one or more roles;

(c)

‘user’ means a duly authorised staff member of the ETIAS Central Unit, of an ETIAS National Unit, of Europol or of a central access point as well as border or immigration authorities with access credentials assigned with one or more roles or job profiles;

(d)

‘permission’ means a right to perform a data processing operation.

Article 3Authentication scheme and access management

1.   With the exception of access to watchlist entries, which shall be accessed in accordance with Commission Implementing Decision laying down measures for the application of Regulation (EU) 2018/1240 of the European Parliament and of the Council as regards the technical specification of ETIAS watchlist and of the impact assessment tool  ( 11 ) , data stored in the ETIAS Central System shall be accessed, by users from the ETIAS Central Unit, the ETIAS National Units and Europol, through the software referred to in Article 6(2), point (m) of Regulation (EU) 2018/1240 (‘the software’).

2.   When developing the software, eu-LISA shall:

(a)

establish an authentication scheme to log-into the software;

(b)

make available standard permissions, roles and job profiles to the ETIAS Central Unit, ETIAS National Units and Europol.

3.   The software shall provide the ETIAS Central Unit, ETIAS National Units and Europol with the technical means:

(a)

to create new roles and amend or erase existing ones;

(b)

to set-up access credentials enabling the users to carry out data processing operations in accordance with assigned roles;

(c)

to regulate, within their organisations, the assignment and management of standard roles to users.

4.   The roles created or amended by the ETIAS Central Unit, ETIAS National Units and Europol shall only be visible to ETIAS Central Unit, the ETIAS National Unit or to Europol respectively.

5.   The software shall prevent the assignment of incompatible roles to users. It shall ensure that users having several job profiles are able to use only one job profile at a time, and are able to switch between job profiles without having to log out.

6.   The ETIAS Central Unit, ETIAS National Units and Europol shall be responsible for assigning job profiles via the software to users within their organisation. Each job profile, role or permission may be assigned to several users within the same organisation.

7.   Users may use pseudonyms. Those pseudonyms shall be traceable to the users’ official identities at national level or within Europol.

8.   The authentication scheme, and the standard permissions, roles and job profiles referred to in paragraph 2, and the prevention of the assignment of incompatible roles, as referred to in paragraph 4 of this Article, shall be part of the technical specifications provided for in Article 73(3) of Regulation (EU) 2018/1240.

Article 4General software functionalities

1.   The software shall have at least the following functionalities supporting users for the purpose of accessing, amending and erasing data:

(a)

the possibility to use a pre-determined set of filters to customise the display of data for each job profile logged into the software;

(b)

the automatic saving of data added to the application file or draft amendments of data in the application file, where applicable, and logging out of the user after a pre-established period of inactivity;

(c)

the possibility to block access to a hit by another user for a limited period of time, including marking of such blocked hits visible to other users;

(d)

the option to save progress on the processing of an application by the ETIAS Central Unit or ETIAS National Units;

(e)

the option to mark and record, at any time, a possible data inaccuracy or processing in contravention of Regulation (EU) 2018/1240 by the ETIAS Central Unit or the ETIAS National Units;

(f)

enabling communication and information exchange between users from the ETIAS Central Unit, the ETIAS National Units and Europol;

(g)

automatically deleting temporary notes referred to in Article 5(1), point (f) of this Decision at the time of completion of the manual processing by the ETIAS Central Unit and ETIAS National Units;

(h)

preventing temporary notes referred to in Article 5(1), point (f) of this Decision from being visible to users other than those of the same Unit or Europol;

(i)

allowing the ETIAS Central Unit to process Europol requests referred to in Article 5(1), point (m) of this Decision;

(j)

the possibility to facilitate the retrieval of data when requested by data subjects, including templates for responding to the data subject with, where relevant, an overview of the changes made to the data, a selection of the personal data, or justifications referred to in Article 64(3) and (4) of Regulation (EU) 2018/1240;

(k)

where a travel authorisation is amended on the basis of a request from an authorisation holder in accordance with Article 64 of Regulation (EU) 2018/1240, enabling users to notify a travel authorisation holder that an amended travel authorisation has been issued.

2.   eu-LISA shall describe the details of the general software functionalities in the technical specifications referred to in Article 73(3) of Regulation (EU) 2018/1240.

Article 5Specific software functionalities

1.   The software shall have at least the following specific functionalities supporting users when they access data in accordance with Chapters III, IV and VI of Regulation (EU) 2018/1240:

(a)

a functionality displaying application files based on the time remaining until the next step of the manual processing, as the default display, as well as other filters, available for customising the display per user, for displaying the application files:

(i)

time of entry to the manual processing phase;

(ii)

any necessary consultation requests and the time remaining until the deadline for providing opinions expires (sorted by default with those consultation requests for which least time remains until the deadline);

(iii)

the next step of the manual processing to be performed by an ETIAS National Unit consulted or responsible for the application;

(iv)

the type of hit or background question triggering the manual processing;

(v)

the type of application (that is to say humanitarian grounds or international obligations, or normal);

(vi)

applications marked for special attention or ad hoc handling;

(vii)

for the ETIAS National Unit of the Member State responsible, the type of opinion received from consulted ETIAS National Units or Europol, including whether or not received within the deadline;

(b)

a functionality to calculate and clearly display the time remaining, as well as warnings on deadlines for the manual processing of applications, including when the ETIAS National Units or Europol are consulted;

(c)

a functionality providing the ETIAS Central Unit, ETIAS National Units and Europol with a management dashboard giving an overview of the state of play of manual processing related operations;

(d)

a functionality providing the option to mark an application for specific attention or ad hoc handling;

(e)

a functionality providing the option to request a notification of the decision taken by the ETIAS National Unit of the Member State responsible regarding an application on which an ETIAS National Unit was consulted;

(f)

a functionality enabling the ETIAS Central Unit and ETIAS National Units to add or delete temporary notes on the application file;

(g)

functionalities supporting ETIAS National Units in manually processing applications pursuant to Article 26 and Article 28 of Regulation (EU) 2018/1240, as follows:

(i)

for hits referred to in Article 26(3) of Regulation (EU) 2018/1240, a functionality making automatically available a file for extraction with the following data from the application file: ‘surname (family name)’, ‘first name(s) (given name(s))’, ‘surname at birth’, ‘date of birth’, ‘place of birth’, ‘current nationality’, ‘country of birth’, ‘the type, number and country of issue of the travel document’, enabling retrieving the record, file or alert having triggered the hit in the queried EU information systems and where additional information related to the hit in an EU information system referred to in that Article is stored in a national system or a database, to consult that national system or a database supporting the assessment of the risks identified in that paragraph;

(ii)

for hits referred to in Article 26(4) of Regulation (EU) 2018/1240, a functionality making automatically available a file for extraction with the following data from the application file: answers provided by the applicant under Article 17(4) and (6) of that Regulation, ‘surname (family name)’, ‘first name(s) (given name(s))’, ‘surname at birth’, ‘date of birth’, ‘place of birth’, ‘current nationality’, ‘country of birth’, ‘the type, number and country of issue of the travel document’, enabling retrieval in the relevant national systems or databases information related to the hit and supporting the assessment of the risks identified in that paragraph;

(iii)

for hits referred to in Article 26(5) of Regulation (EU) 2018/1240, a functionality making automatically available a file for extraction with the following data from the application file: ‘surname (family name)’, ‘first name(s) (given name(s))’, ‘surname at birth’, ‘date of birth’, ‘place of birth’, ‘current nationality’, ‘country of birth’, ‘type, number and country of issue of the travel document’ and ‘the national identifier’ of the watchlist entry, enabling retrieval in the relevant national systems or databases information related to the hit and supporting the assessment of the risk identified in that paragraph;

(iv)

for hits referred to in Article 26(6) of Regulation (EU) 2018/1240, a functionality making automatically available a file for extraction with the following data from the application file ‘surname (family name)’, ‘first name(s) (given name(s))’, ‘surname at birth’, ‘date of birth’, ‘place of birth’, ‘current nationality’, ‘country of birth’ and ‘type, number and country of issue of the travel document’ enabling retrieval in the relevant national systems or databases information related to the hit and supporting the assessment of the risks identified in that paragraph;

(v)

a functionality enabling users from the ETIAS National Units to upload the result of the assessment of the risks referred to in the second subparagraph of Article 26(7) of Regulation (EU) 2018/1240;

(h)

a functionality enabling the extraction of the relevant data required for national appeal procedures, where such procedures have been initiated and recording in the ETIAS Central System that an appeal procedure was initiated, accompanied with the corresponding national appeal reference numbers and the outcome of that procedure;

(i)

a functionality enabling the extraction of the additional information or documentation referred to in Article 27(2) and (8) of Regulation (EU) 2018/1240 and the uploading and storing of translations of that documentation in the application file;

(j)

a functionality enabling follow up on the outcome of national appeals pursuant to Article 37(3), Article 40(3) and Article 41(7) of Regulation (EU) 2018/1240, including amendment or erasure of data in the ETIAS Central System, or where relevant issue of a new travel authorisation;

(k)

a functionality to assign application files and limit or enable their visibility to specific users within the same ETIAS National Unit or within the ETIAS Central Unit, in order to enable coordination among users;

(l)

a functionality enabling Europol to extract data transmitted to it by the ETIAS Central Unit as referred to in Article 29(2) of Regulation (EU) 2018/1240;

(m)

a functionality enabling the ETIAS Central Unit to have access to the ETIAS Central System to process Europol requests for consultation of data stored in the ETIAS Central System, without viewing the search parameters of the Europol request or the search results, and to notify Europol of the transmission of the data pursuant to Article 53 of Regulation (EU) 2018/1240;

(n)

a functionality enabling Europol to extract a file containing the data resulting from the request for consultation referred to in point (m);

(o)

a functionality to assign consultation requests to specific users within Europol;

(p)

a functionality enabling users from the ETIAS Central Unit or from the ETIAS National Units to work on different hits simultaneously within the same application file and to coordinate for the consolidation of an opinion in cases where more than one hit is identified for that Unit on one application file;

(q)

a functionality ensuring that only one user, within the ETIAS Central Unit or an ETIAS National Unit, can work on the same hit, at the same time, in an application file;

(r)

a functionality enabling the manual retrieval of an issued travel authorisation for the purposes of annulment and revocation.

2.   The functionality referred to in point (q) shall enable users to see hits on which it is not possible to work at a given time. Users with appropriate access credentials shall be able to view the content of the hit at all times.

3.   eu-LISA shall describe the details of the specific software functionalities referred to in paragraph 1, the format of the data in the extracted files referred to in paragraph 1, points (g), (l), (m) and (n) of this Article and the technical approach for keeping of records of all data processing operations referred to in Article 26(7) of Regulation (EU) 2018/1240 in the technical specifications provided for in Article 73(3) of that Regulation.

Article 6Accessing, amending, erasing and advance erasure for the purposes of Article 55 of Regulation (EU) 2018/1240

1.   For the purposes of Article 55 of Regulation (EU) 2018/1240, the software shall allow the ETIAS Central Unit or the ETIAS National Units to search the data stored in the ETIAS Central system. The following search fields shall be available:

(a)

surname (family name);

(b)

first name(s) (given name(s));

(c)

type and travel document number and the three letter code of the issuing country of the travel document;

(d)

application number;

(e)

nationality or nationalities;

(f)

date of birth;

(g)

sex;

(h)

period of time.

2.   In order to facilitate the retrieval of the application file, the software shall allow users to search by providing data corresponding to the search fields referred to in paragraph 1, point (c) or (d) of this Article.

3.   If data referred to in paragraph 1, points (c) or (d), are not available, the software shall allow users to search by providing data corresponding to the search fields referred to in paragraph 1, points (a), (b), (e), (f), (g) and (h). The software shall allow users to search where data corresponding to one of the search fields (b), (e), (g) is missing. Providing data corresponding to search field (h) shall be optional.

4.   The following rules shall apply to searches performed in accordance with paragraph 2:

(a)

the search fields referred to in paragraph 1, points (c) and (d) shall be searched in exact mode;

(b)

all other search fields referred to in paragraph 1 shall be searched in inexact mode.

5.   The application file shall be displayed, together with any linked application files, and in accordance with the permissions and roles defined for users.

6.   For the purposes of erasure of application files pursuant to Article 55(5) of Regulation (EU) 2018/1240, a functionality of the software shall enable users of the ETIAS National Units to perform searches and retrieve several application files at once. The software shall allow authorities referred to in Article 55(5) of that Regulation to make available for the use by the ETIAS National Units structured information containing the search fields referred to in paragraph 1 of this Article. Paragraphs 2 and 3 of this Article shall apply mutatis mutandis to those searches.

7.   Before any changes pursuant to Article 55 of Regulation (EU) 2018/1240 are recorded in the ETIAS Central System, the software shall request the user to confirm the amendment or erasure by entering their user credentials.

Article 7Access to data by Europol

1.   Requests for access by Europol pursuant to Article 53 of Regulation (EU) 2018/1240, shall be submitted through the software.

2.   Europol shall complete a form with the data referred to in Article 52(2) and (3) of Regulation (EU) 2018/1240, in accordance with Article 53 of that Regulation. Europol shall specify which data, if any, may be searched in inexact mode.

3.   The specialised unit of Europol responsible for prior verification of requests, referred to in Article 53(3) of Regulation (EU) 2018/1240, shall include in the request its assessment as to whether the request fulfils all the conditions in paragraph 2 of that Article. It shall be technically impossible to submit the request to the ETIAS Central Unit if the assessment is not included.

4.   The ETIAS Central System shall automatically prevent access to data referred to in Article 17(2), point (h) of Regulation (EU) 2018/1240. The ETIAS Central System shall also automatically prevent access to data referred to in Article 17(2), point (i) and Article 17(4), points (a), (b) and (c) of Regulation (EU) 2018/1240 if the specialised unit of Europol has not indicated that relevant justifications required pursuant to Article 53(1) of that Regulation have been provided and verified. The specialised unit of Europol shall indicate in the request that the necessary verifications have been done.

Article 8Access to data by central access points

1.   The central access points shall search the ETIAS Central System with the data listed in Article 52(2) and (3) of Regulation (EU) 2018/1240 via the European search portal established pursuant to Article 6 of Regulation (EU) 2019/817. Data listed in Article 52(2) and (3) of Regulation (EU) 2018/1240 may be searched in inexact mode.

2.   Until the European search portal is operational for use by central access points, searches shall be performed directly via the ETIAS Central System.

3.   Where a request is received from an operating unit of the designated authorities, the central access point shall verify and confirm that the conditions in Article 52(1) of Regulation (EU) 2018/1240 are fulfilled.

4.   Where applicable, the central access point shall verify and confirm whether access to the data listed in Article 17(2), point (i) and Article 17(4), points (a), (b) and (c) of Regulation (EU) 2018/1240 is justified, in accordance with Article 51 of that Regulation.

5.   Where the central access point accesses the ETIAS Central System, the ETIAS Central System shall automatically prevent access to data listed in Article 17(2), point (h) of Regulation (EU) 2018/1240.

The ETIAS Central System shall only retrieve the data listed in Article 17(2), point (i) and Article 17(4), points (a), (b) and (c) of Regulation (EU) 2018/1240 where the central access point has confirmed that access to those data is justified pursuant to paragraph 4 of this Article.

In exceptional cases, by way of derogation from paragraph 3 of this Article, the central access points shall be able to indicate that the request concerns a case of urgency and shall be able to process the request from an operating unit of the designated authorities immediately. The verifications and confirmations provided for in paragraphs 3 and 4 of this Article shall be conducted ex post , in accordance with Article 51(4) of Regulation (EU) 2018/1240.

Article 9Access to data by border authorities at the external borders

1.   Border authorities shall access the ETIAS Central System to consult the data required for the performance of their duties.

Border authorities shall have access to search the ETIAS Central System, with the following data of the machine-readable zone of the travel document:

(a)

surname (family name); first name or names (given names);

(b)

date of birth; sex; nationality or nationalities;

(c)

the type and number of the travel document and the three letter code of the issuing country of the travel document;

(d)

the date of expiry of the validity of the travel document.

All data listed in the second subparagraph shall be used to initiate the search. The data listed in point (a) may be searched in inexact mode while the other data shall be searched in exact mode.

2.   Searches performed with the data listed in paragraph 1 of this Article shall return the data referred to in Article 47(2), points (a) to (d), of Regulation (EU) 2018/1240.

3.   In accordance with Article 47(4) of Regulation (EU) 2018/1240, border authorities shall be able to access the ETIAS Central System to consult additional information that has been added to the application file in accordance with Article 39(1), point (e) or Article 44(6), point (f) of that Regulation. For this purpose border authorities shall have access, via the European search portal, to search the ETIAS Central System using the data listed in paragraph 1, second subparagraph of this Article.

Until the European search portal is operational for use by border authorities, those searches shall be carried out directly in the ETIAS Central System.

4.   Searches performed in accordance with paragraph 3 of this Article shall return the data referred to in Article 39(1), point (e) or Article 44(6), point (f) of Regulation (EU) 2018/1240.

Article 10Access to data by immigration authorities

1.   Immigration authorities shall have access via the European Search Portal to search the ETIAS Central System for checking or verifying if the conditions for entry to or stay on the territory of the Member States are fulfilled and for taking appropriate measures relating thereto. Pursuant to Article 49(1) of Regulation (EU) 2018/1240, immigration authorities shall have access to search the ETIAS Central System with the data listed in Article 17(2), points (a) to (e) of that Regulation.

Any combination of the data listed in Article 17(2), points (a) to (e) of Regulation (EU) 2018/1240 may be used as long as data referred to in Article 17(2), point (a) of that Regulation are used. Those searches may be performed in inexact mode.

Until the European search portal is operational for use by immigration authorities, those searches shall be carried out directly in the ETIAS Central System.

2.   Searches performed in accordance with paragraph 1 of this Article shall return the data referred to in Article 49(3) of Regulation (EU) 2018/1240.

3.   Immigration authorities shall also have access to the ETIAS Central System for the purpose of return, under the conditions laid down in Article 65(3) of Regulation (EU) 2018/1240.

Immigration authorities shall have access to search the ETIAS Central System with the data referred to in paragraph 1 of this Article.

Any combination of the data referred to in paragraph 1 of this Article may be used as long as data referred to in Article 17(2), point (a) of Regulation (EU) 2018/1240 are used.

4.   Searches performed in accordance with paragraphs 1 and 3 of this Article shall return the data referred to in the third subparagraph of Article 65(3) of Regulation (EU) 2018/1240. Data referred to in Article 17(2), point (k) of that Regulation shall only be returned if ‘date of birth’ was used in the search.

Article 11Entry into force

This Decision shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union .

11 articles

Cite this act

Commission Implementing Decision (EU) 2021/1028 of 21 June 2021 adopting measures for the application of Regulation (EU) 2018/1240 of the European Parliament and of the Council as regards accessing, amending, erasing and advance erasing of data in the ETIAS Central System (EUR-Lex). Retrieved via LawPlayer, https://lawplayer.com/eu/act/32021D1028

© European Union, https://eur-lex.europa.eu, 1998-2026. Reuse authorised under Commission Decision 2011/833/EU, provided the source is acknowledged.

EU-EurLex-Reuse-2011-833

本頁資料來源:EUR-Lex·整理提供:法律人 LawPlayer· lawplayer.com