法律人 LawPlayer logo

資料由法律人 LawPlayer整理提供·EU law / curated by LawPlayer from EUR-Lex

Regulation

Commission Delegated Regulation (EU) 2021/2222 of 30 September 2021 supplementing Regulation (EU) 2019/818 of the European Parliament and of the Council with detailed rules on the operation of the central repository for reporting and statistics

CELEX
Delegated Regulation (EU) 2021/2222
Date of document
Articles
9
Source
EUR-Lex
Article 1Definitions

For the purposes of this Regulation, the following definitions apply:

(1)

‘statistical data’ means the data, which is anonymised and used solely for the purpose of producing statistical reports pursuant to Regulation (EU) 2017/2226  ( 11 ) , Regulation (EU) 2018/1240  ( 12 ) , Regulation (EU) 2018/1860  ( 13 ) , Regulation (EU) 2018/1861  ( 14 ) , Regulation (EU) 2018/1862  ( 15 ) and Regulation (EU) 2019/816  ( 16 ) of the European Parliament and of the Council;

(2)

‘(statistical) reports’ means an organised collection of statistical data, produced by the central repository in an automated manner according to a set of pre-established rules and stored in the central repository;

(3)

‘customisable reports’ means statistical reports that are extracted on the basis of statistical data contained in the central repository in accordance with specific rules determined ad hoc by a user and stored in the central repository;

(4)

‘critical identity data’ means any of the following data or a combination thereof, from which individuals can be identified:

(a)

name, first name, surname, family name, given names, alias of any person whose data may be stored in any EU information system;

(b)

number of travel document;

(c)

address (street name, house number);

(d)

telephone, IP address;

(e)

email addresses;

(f)

biometric data.

Article 2Information to be contained in the central repository

1.   The data referred to in Article 39(2) of Regulation (EU) 2019/818 shall be made available and stored in the central repository in accordance with this Regulation.

2.   The central repository shall contain statistical data, including reports on system usage for the purposes of monitoring the functioning of the interoperability components referred to in Article 62 of Regulation (EU) 2019/818.

3.   The central repository shall contain technical reports to ensure monitoring by eu-LISA of the development and functioning of the interoperability components in accordance with Article 74(1) of Regulation (EU) 2019/818.

4.   The central repository shall keep a unique reference number enabling to keep trace of the cross-matching of identity files within or between the corresponding EU information systems for statistical purposes. It shall not be possible to use that reference number to retrieve the underlying identity files.

5.   The central repository shall enable the duly authorised staff of the competent authorities referred to in Article 39(2) of Regulation (EU) 2019/818 to obtain the following:

(a)

reports pursuant to Article 74 of Regulation (EU) 2018/1862, containing the following statistics on records kept in the Schengen Information System:

(i)

daily, monthly and annual statistics showing the number of records per category of alerts, both for each Member State and in aggregate, pursuant to Article 74(3) of that Regulation;

(ii)

annual reports on the number of hits per category of alert, how many times the Schengen Information System was searched and how many times it was accessed for the purpose of entering, updating or deleting an alert, both for each Member State and in aggregate, pursuant to Article 74(3) of that Regulation;

(iii)

at the request of the Commission, additional specific statistical reports, either on a regular or ad hoc basis, on the performance and the use of the Schengen Information System and on the exchange of supplementary information, pursuant to Article 74(6), second subparagraph of that Regulation;

(iv)

At the request of the European Border and Coast Guard Agency, additional specific statistical reports, either on a regular or ad hoc basis, for the purpose of carrying out risk analyses and vulnerability assessments, pursuant to Article 74(6), third subparagraph of that Regulation;

(v)

reports and statistics for the purposes of technical maintenance, reporting, data quality reporting and statistics pursuant to Article 74(2) of that Regulation;

(vi)

data quality reports in accordance with pursuant to Article 15(4) of that Regulation.

(b)

reports pursuant to Article 32 of Regulation (EU) 2019/816, containing the following statistics on the records kept in the European Criminal Records Information System for third-country nationals (ECRIS-TCN) and the ECRIS reference implementation:

(i)

customisable reports and statistics relating to the recording, storage and exchange of information extracted from criminal records through the European Criminal Records Information System for third-country nationals;

(ii)

reports and statistics for the purposes of technical maintenance, data quality reporting and statistics pursuant to Article 32(3) of that Regulation.

6.   The technical reports referred to in paragraph 2 shall contain statistics on the usage of the system, availability, incidents, performance capacity, biometric accuracy, data quality and, where applicable, pending transactions.

7.   The business reports produced by the central repository shall be customisable by the user in order to allow the filtering or grouping of the data by means of a reporting tool made available with the central repository.

8.   A catalogue of reports shall be made available. Requests for new reports or changes to existing ones shall follow eu-LISA change management policy.

Article 3Data repository and reporting tool

1.   The central repository shall use a technical solution hosting data extracted from the underlying EU information systems and interoperability components.

2.   The technical solution shall contain a reporting tool configured to create, maintain and execute the reports and customisable reports referred to in Article 2.

3.   The reporting tool shall allow for the generation of business reports and technical reports, and their retrieval by the user.

4.   The reporting tool shall enable the provision of cross-system statistical data and analytical reporting for policy, operational and data quality purposes, where provided for by Union law.

5.   All reports shall be managed within the technical solution. The appropriate security and integrity measures shall be implemented in the technical solution, in order to meet the requirements of the security plan provided for Article 42(3) of Regulation (EU) 2019/818.

6.   The technical solution shall be implemented at eu-LISA’s technical site and at the backup site.

Article 4Data extraction

The central repository shall obtain, from the EU information systems, read-only copies of the data referred to in Article 39(2) and Article 62(1), (2) and (3) of Regulation (EU) 2019/818, in order to produce the statistics and reports referred to in Articles 39 and 62 of that Regulation. The data shall be obtained on a regular basis and at least daily, by means of one-way extraction.

Article 5Data anonymisation tool

1.   The data extracted from the underlying EU information systems and interoperability components shall be anonymised using a data anonymisation tool. Only anonymised data shall be stored in the central repository.

2.   The data anonymisation tool shall identify critical identity data in the EU information systems and shall anonymise it by means of an automated process before statistical data is stored in the central repository. The anonymisation process shall be irreversible.

Article 6Access

1.   Access to the central repository by duly authorised staff shall be granted and managed in accordance with Article 74 of Regulation (EU) 2018/1862 and Article 32 of Regulation (EU) 2019/816.

2.   The central repository shall be accessible by the Member States, the Commission and the Union agencies, in accordance with their access rights under Union law, via a secure network connection (TESTA).

3.   Only duly authorised staff of the competent authorities in accordance with Article 39(2) and Article 62(1) to (5) of Regulation (EU) 2019/818 shall be granted access to the tool referred to in Article 3(2) of this Regulation.

4.   Competent authorities shall access the central repository by means of user profiles. eu-LISA shall keep a list of the user profiles. One authority may have several profiles, depending on its access rights.

5.   Access to the central repository shall be logged. The information logged shall contain at least:

(a)

a timestamp;

(b)

authority;

(c)

type of the report concerned.

6.   Logs enabling the identification of users accessing the central repository shall be kept at national level and by the Commission, the European Border and Coast Guard Agency and Europol. eu-LISA shall keep logs of all accessing operations. The logs shall be stored in the central repository for one year, after which they shall be automatically erased.

7.   Any conflicting roles within the central repository shall be identified and access shall be granted in accordance with the following principles:

(a)

‘need-to-know’;

(b)

least privilege access;

(c)

segregation of duties.

8.   Data quality reports issued pursuant to Article 15(4) of Regulation (EU) 2018/1862 shall include a tool for Member States to provide eu-LISA with feedback on the correction of the issues encountered.

Article 7Data processor

For the purpose of anonymising personal data pursuant to Article 5, eu-LISA shall be the data processor within the meaning of Article 3, point (12) of Regulation (EU) 2018/1725.

Article 8Other data protection and security aspects

1.   The data stored in the central repository shall be consulted solely for the purpose of reporting and statistics.

2.   eu-LISA shall implement the necessary security measures to ensure the integrity of data in the central repository. Any changes to the data shall be traceable for auditing purposes.

Article 9Entry into force

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union .

This Regulation shall be binding in its entirety and directly applicable in the Member States in accordance with the Treaties.

9 articles

Cite this act

Commission Delegated Regulation (EU) 2021/2222 of 30 September 2021 supplementing Regulation (EU) 2019/818 of the European Parliament and of the Council with detailed rules on the operation of the central repository for reporting and statistics (EUR-Lex). Retrieved via LawPlayer, https://lawplayer.com/eu/act/32021R2222

© European Union, https://eur-lex.europa.eu, 1998-2026. Reuse authorised under Commission Decision 2011/833/EU, provided the source is acknowledged.

EU-EurLex-Reuse-2011-833

本頁資料來源:EUR-Lex·整理提供:法律人 LawPlayer· lawplayer.com