法律人 LawPlayer logo

資料由法律人 LawPlayer整理提供·EU law / curated by LawPlayer from EUR-Lex

Regulation

Commission Delegated Regulation (EU) 2021/2103 of 19 August 2021 laying down detailed rules on the operation of the web portal, pursuant to Article 49(6) of Regulation (EU) 2019/818 of the European Parliament and of the Council

CELEX
Delegated Regulation (EU) 2021/2103
Date of document
Articles
9
Source
EUR-Lex
Article 1Domain and access

1.   The web portal shall use the ‘.europa.eu’ domain name of the European Union.

2.   The description of the web portal shall be made available for indexing by major public search engines.

3.   The web portal shall be publicly available, in addition to the Member States’ official languages, in at least the following languages: Russian, Arabic, Japanese, Chinese, Albanian, Bosnian, Macedonian, Hindi, and Turkish.

4.   The web portal shall contain the information referred to in Articles 47 and 48 of Regulation (EU) 2019/818 and a search tool for the retrieval of the contact details of the competent authority of the Member State responsible for the creation of a red or white link following the manual verification of different identities. The web portal may also contain other necessary information facilitating the exercise of rights referred to in Articles 47 and 48 of Regulation (EU) 2019/818.

5.   The web portal shall be in compliance with the rules, guidelines and information of the Europa Web Guide of European Commission, including the guidelines on accessibility.

6.   The web portal shall prevent the contact information of the authorities to be made available for search engines and other automatic tools for collection of contact information.

Article 2Stakeholders and responsibilities

1.   eu-LISA shall develop the web portal and ensure its technical management, as referred to in Article 49(5) of Regulation (EU) 2019/818, including the hosting, operation and maintenance of the web portal.

2.   The Commission shall provide eu-LISA with the content of the web portal referred to in Article 1(4), as well as with any necessary corrections or updates.

3.   Member States shall provide in a timely manner the contact details of authorities competent to examine and reply to any request referred to in Articles 47 and 48 of Regulation (EU) 2019/818 to eu-LISA, to allow the regular upload and update of the web portal content as referred to in Article 49(4) of Regulation (EU) 2019/818.

4.   Member States shall provide eu-LISA with a single point of contact responsible for review and maintenance purposes.

5.   eu-LISA shall review the provided contact details requesting all Member States to review the available information in order to update possible changes or additions. The review shall be carried out at least once a year.

6.   In relation to the processing of data in the web portal Member State authorities shall be controllers in accordance with Article 4, point (7) of Regulation (EU) 2016/679 or Article 3, point (8) of Directive (EU) 2016/680.

7.   In relation to the processing of personal data in the web portal, eu-LISA shall be the data processor within the meaning of Article 3, point (12) of Regulation (EU) 2018/1725.

Article 3User Interface

1.   The web portal shall include a search tool to allow users to input the reference of the authority responsible for the manual verification of the different identities referred to in Article 34(d) of Regulation (EU) 2019/818, in order to retrieve the contact information of that authority.

2.   Upon verification of the validity and completeness of the input data, the web portal shall retrieve the contact details of that authority in accordance with Article 49(3) of Regulation (EU) 2019/818.

3.   The web portal shall enable the user to open a request for information using template email through a web form in order to facilitate communication with the authority responsible for the manual verification of different identities. The template shall include a field for the single identification number referred to in Article 34(c) of Regulation (EU) 2019/818, to allow that authority to retrieve the appropriate link details and corresponding records.

4.   The template email shall contain a standardised request for further information, which shall be available in the languages referred to in Article 1(3). The template email is set out in the Annex. The template email shall also provide an option on the language(s) to be used for a reply, which shall contain at least two languages to be chosen by each Member State. The language of the template email may be chosen by the user.

5.   Following the submission of the filled template email through the web form, an automated acknowledgement email shall be sent to the user, containing the contact details of the authority responsible to follow up this request and enabling the person to exercise the rights pursuant to Article 48(1) of Regulation (EU) 2019/818.

Article 4Content management

1.   The web portal shall ensure a separation between the site pages containing information to the general public and the search tool and the site pages allowing the user to retrieve the contact information of the authority responsible for the manual verification of different identities.

2.   To allow the management of the content by eu-LISA, the web portal shall contain an administration interface which shall be secured. All access to this interface and the changes performed shall be logged in accordance with Article 7.

3.   The administration interface shall provide rights to eu-LISA to add, modify or remove content of the web portal. In no circumstance shall this interface allow eu-LISA to access data related to the third-country nationals that are stored in the EU information systems.

4.   The content management solution shall provide a staging system where all changes can be prepared, viewed and pushed to the online system for publication at a given time point. The staging shall also have tools to ease management of the content and preview the result of changes.

Article 5Security considerations

1.   The web portal shall be designed and implemented to ensure the confidentiality, integrity and availability of the services and to ensure non-repudiation of transactions, by applying at minimum the following application security principles:

(a)

defense in depth (layered security mechanisms);

(b)

positive security model (defines what is allowed and rejects everything else);

(c)

fail securely (handles errors securely);

(d)

run with least privilege;

(e)

keep security simple (avoid complex architectures when a simpler approach would be faster and simpler);

(f)

detect and prevent intrusions (logging and managing all security relevant information) by applying proactive controls on the protection of the web portal information and Member State contact details from cyber-attacks and information leakage;

(g)

do not trust infrastructure (the application needs to authenticate and authorise every action from surrounding systems);

(h)

do not trust services (all external systems shall not be trusted);

(i)

establish secure defaults (software and operating systems environments must be hardened according to best practices and industry standards).

2.   The web portal shall also be designed and implemented to ensure the availability and integrity of logs recorded.

3.   For security and data protection purposes, the web portal shall include a notice informing the users of the rules governing the usage of the web portal and of the consequences of providing incorrect information. The notice shall include an acceptance form of the rules governing the usage of the web portal that the user shall be required to submit before being allowed to use the web portal.

The technical and organisational implementation of the web portal shall be compliant with the security plan, the business continuity plan and a disaster recovery plan referred to in Article 42(3) of Regulation (EU) 2019/818.

Article 6Data protection and rights of the data subject

1.   The web portal shall be compliant with data protection rules of Regulation (EU) 2016/679, Regulation (EU) 2018/1725 and Directive (EU) 2016/680.

2.   The web portal shall include a privacy notice. It should be accessible via a dedicated link. The notice shall also be accessible from every page of the web portal. It shall be provided for in a clear and comprehensive way.

Article 7Logs

1.   Without prejudice to the written records referred to in Article 48(10) of Regulation (EU) 2019/818, all access to the web portal shall be recorded in a log containing the following information:

(a)

IP address of the system used by the requester;

(b)

date and time of the request;

(c)

technical information on the environment used for the request such as type of device, version of the operating system, model and version of the browser.

2.   The information logged shall be used only for statistical purposes as well as to monitor the use of the web portal in order to prevent any misuse.

3.   In case of access to the administration interface of the web portal, the following data shall be logged in addition to the data referred to in paragraph 1:

(a)

identification of the user accessing the administration interface;

(b)

actions performed on the web portal (add, modify or delete content).

4.   Additional anonymous technical information may be logged during the use of the web portal in order to optimise its usage and performance as long as it does not contain personal data.

5.   The information logged in accordance with paragraphs 1 and 3 shall be kept for a maximum of two years.

6.   eu-LISA shall keep logs of all data processing operations in the web portal.

7.   eu-LISA, the Member State authorities and Union agencies shall each define the list of staff duly authorised to access the data processing operations logs of the web portal.

Article 8Entry into force

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union .

Schedules & Appendices

ANNEX

ANNEX

Request for information template email

The template for the email is the following:

TO: < authority responsible for the manual verification of different identities and retrieved by the portal >

FROM: < user email address >

SUBJECT: Request for information concerning multi-identity detector [ red link/white link ]: < single identification number >

Mail_Body:

Dear Madam, dear Sir,

I was informed in writing, via a form I received, about the existence of possible discrepancies in the personal information regarding myself.

These possible discrepancies in my identity information have led to the creation of a case file with reference < single identification number >.

I would like to request all further information concerning this case by < date to be calculated by portal > in < language

( 1 ) >to this email address .

( 1 )   Drop down menu with linguistic options to be decided by each Member State.

9 articles

Cite this act

Commission Delegated Regulation (EU) 2021/2103 of 19 August 2021 laying down detailed rules on the operation of the web portal, pursuant to Article 49(6) of Regulation (EU) 2019/818 of the European Parliament and of the Council (EUR-Lex). Retrieved via LawPlayer, https://lawplayer.com/eu/act/32021R2103

© European Union, https://eur-lex.europa.eu, 1998-2026. Reuse authorised under Commission Decision 2011/833/EU, provided the source is acknowledged.

EU-EurLex-Reuse-2011-833

本頁資料來源:EUR-Lex·整理提供:法律人 LawPlayer· lawplayer.com