法律人 LawPlayer logo

資料由法律人 LawPlayer整理提供·EU law / curated by LawPlayer from EUR-Lex

Regulation

Commission Delegated Regulation (EU) 2021/2223 of 30 September 2021 supplementing Regulation (EU) 2019/817 of the European Parliament and of the Council with detailed rules on the operation of the central repository for reporting and statistics

CELEX
Delegated Regulation (EU) 2021/2223
Date of document
Articles
9
Source
EUR-Lex
Article 1Definitions

For the purposes of this Regulation, the following definitions apply:

(1)

‘statistical data’ means the data, which is anonymised and used solely for the purpose of producing statistical reports pursuant to Regulation (EU) 2017/2226  ( 11 ) , Regulation (EU) 2018/1240  ( 12 ) , Regulation (EU) 2018/1860  ( 13 ) , Regulation (EU) 2018/1861  ( 14 ) , Regulation (EU) 2018/1862  ( 15 ) and Regulation (EU) 2019/816  ( 16 ) of the European Parliament and of the Council;

(2)

‘(statistical) reports’ means an organised collection of statistical data, produced by the central repository in an automated manner according to a set of pre-established rules and stored in the central repository;

(3)

‘customisable reports’ means statistical reports that are extracted on the basis of statistical data contained in the central repository in accordance with specific rules determined ad hoc by a user and stored in the central repository;

(4)

‘critical identity data’ means any of the following data or a combination thereof, from which individuals can be identified:

(a)

name, first name, surname, family name, given names, alias of any person whose data may be stored in any EU information system;

(b)

number of travel document;

(c)

address (street name, house number);

(d)

telephone, IP address;

(e)

email addresses;

(f)

biometric data.

Article 2Information to be contained in the central repository

1.   The data referred to in Article 39(2) of Regulation (EU) 2019/817 shall be made available and stored in the central repository in accordance with this Regulation.

2.   The central repository shall contain statistical data, including reports on system usage for the purposes of monitoring the functioning of the interoperability components referred to in Article 66 of Regulation (EU) 2019/817.

3.   The central repository shall contain technical reports to ensure monitoring by eu-LISA of the development and functioning of the interoperability components in accordance with Article 78(1) of Regulation (EU) 2019/817.

4.   The central repository shall keep a unique reference number enabling to keep trace of the cross-matching of identity files within or between the corresponding EU information systems for statistical purposes. It shall not be possible to use that reference number to retrieve the underlying identity files.

5.   The central repository shall enable the duly authorised staff of the competent authorities referred to in Article 39(2) of Regulation (EU) 2019/817 to obtain the following:

(a)

reports pursuant to Article 63 of Regulation (EU) 2017/2226, containing the following statistics on records kept in the Entry/Exit System:

(i)

customisable reports and statistics on entries and exits, refusals of entry and overstays of third-country nationals;

(ii)

daily statistics on overstayers, third-country nationals who were refused entry, third-country nationals whose authorisation for stay was revoked or extended and third country nationals exempt from the requirement to give fingerprints;

(iii)

customisable reports and statistics on data quality pursuant to Article 38(4) of Regulation (EU) 2017/2226 and regular statistics for ensuring the monitoring by eu-LISA of the development and the functioning of the Entry/Exit System referred to in Article 72(1) of that Regulation;

(b)

reports pursuant to Article 84 of Regulation (EU) 2018/1240, containing the following statistics on the records kept in the European Travel Information and Authorisation System (ETIAS):

(i)

daily statistics on the number and nationality of applicants whose travel authorisation was issued or refused, including the grounds for refusal, and of third-country nationals whose travel authorisation was annulled or revoked;

(ii)

customisable reports and statistics to improve the assessment of security, illegal immigration and high epidemic risks, to enhance the efficiency of border checks, to help the ETIAS Central Unit and the ETIAS National Units process travel authorisation applications and to support evidence-based Union migration policy-making;

(iii)

statistical data concerning the ETIAS watchlist pursuant to Article 92(4) of that Regulation;

(iv)

regular statistics for ensuring the monitoring by eu-LISA of the development and the functioning of the ETIAS Information System pursuant to Article 92(1) of that Regulation;

(c)

reports pursuant to Article 33(2) of Regulation (EU) 2018/1240, containing the following statistics:

(i)

those generated by the Entry/Exit System indicating abnormal rates of overstaying and refusals of entry for a specific group of travellers;

(ii)

those generated by the European Travel Information and Authorisation System pursuant to Article 84 of that Regulation indicating abnormal rates of refusals of travel authorisations due to a security, illegal immigration, or high epidemic risk associated with a specific group of travellers;

(iii)

those generated by the European Travel Information and Authorisation System pursuant to Article 84 of that Regulation and the Entry/Exit System indicating correlations between information collected through the application form and overstaying by travellers or refusals of entry;

(d)

reports pursuant to Article 16 of Regulation (EU) 2018/1860, containing daily, monthly and annual statistics showing the number of records per category of alerts, both for each Member State and in aggregate;

(e)

reports pursuant to Regulation (EU) 2018/1861, containing the following statistics on the records kept in the Schengen Information System:

(i)

daily, monthly and annual statistics showing the number of records per category of alerts, both for each Member State and in aggregate, pursuant to Article 60(3) of that Regulation;

(ii)

annual reports on the number of hits per category of alert, how many times the Schengen Information System was searched and how many times it was accessed for the purpose of entering, updating or deleting an alert, both for each Member State and in aggregate, pursuant to Article 60(3) of Regulation (EU) 2018/1861 and Article 19 of Regulation (EU) 2018/1860;

(iii)

at the request of the Commission, additional specific statistical reports, either on a regular or ad hoc basis, on the performance and the use of the Schengen Information System and on the exchange of supplementary information, pursuant to Article 60(5), second subparagraph of Regulation (EU) 2018/1861 and Article 19 of Regulation (EU) 2018/1860;

(iv)

at the request of the European Border and Coast Guard Agency, additional specific statistical reports, either on a regular or ad hoc basis, for the purpose of carrying out risk analyses and vulnerability assessments, pursuant to Article 60(5), third subparagraph of Regulation (EU) 2018/1861 and Article 19 of Regulation (EU) 2018/1860;

(v)

reports and statistics for the purposes of technical maintenance, reporting, data quality reporting and statistics pursuant to Article 60(2) of Regulation (EU) 2018/1861 and Article 19 of Regulation (EU) 2018/1860;

(vi)

reports on data quality issues pursuant to Article 15(4) of Regulation (EU) 2018/1861 and Article 19 of Regulation (EU) 2018/1860.

6.   The technical reports referred to in paragraph 2 shall contain statistics on the usage of the system, availability, incidents, performance capacity, biometric accuracy, data quality and, where applicable, pending transactions.

7.   The business reports produced by the central repository shall be customisable by the user in order to allow the filtering or grouping of the data by means of a reporting tool made available with the central repository.

8.   A catalogue of reports shall be made available. Requests for new reports or changes to existing ones shall follow eu-LISA change management policy.

Article 3Data repository and reporting tool

1.   The central repository shall use a technical solution hosting data extracted from the underlying EU information systems and interoperability components.

2.   The technical solution shall contain a reporting tool configured to create, maintain and execute the reports and customisable reports referred to in Article 2.

3.   The reporting tool shall allow for the generation of business reports and technical reports, and their retrieval by the user.

4.   The reporting tool shall enable the provision of cross-system statistical data and analytical reporting for policy, operational and data quality purposes, where provided for by Union law.

5.   All reports shall be managed within the technical solution. The appropriate security and integrity measures shall be implemented in the technical solution, in order to meet the requirements of the security plan provided for Article 42(3) of Regulation (EU) 2019/817.

6.   The technical solution shall be implemented at eu-LISA’s technical site and at the backup site.

Article 4Data extraction

The central repository shall obtain from the EU information systems read-only copies of the data referred to in Article 39(2) and Article 66(1), (2) and (3) of Regulation (EU) 2019/817 in order to produce the statistics and reports referred to in Articles 39 and 66 of that Regulation. The data shall be obtained on a regular basis and at least daily, by means of one-way extraction.

Article 5Data anonymisation tool

1.   The data extracted from the underlying EU information systems and interoperability components shall be anonymised using a data anonymisation tool. Only anonymised data shall be stored in the central repository.

2.   The data anonymisation tool shall identify critical identity data in the EU information systems and shall anonymise it by means of an automated process before statistical data is stored in the central repository. The anonymisation process shall be irreversible.

Article 6Access

1.   Access to the central repository by duly authorised staff shall be granted and managed in accordance with Article 63 of Regulation (EU) 2017/2226, Article 84 of Regulation (EU) 2018/1240, Article 60 of Regulation (EU) 2018/1861, and Article 16 of Regulation (EU) 2018/1860.

2.   The central repository shall be accessible by the Member States, the Commission and the Union agencies, in accordance with their access rights under Union law, via a secure network connection (TESTA).

3.   Only duly authorised staff of the competent authorities in accordance with Article 39(2) and Article 66(1) to (5) of Regulation (EU) 2019/817 shall be granted access to the tool referred to in Article 3(2) of this Regulation.

4.   Competent authorities shall access the central repository by means of user profiles. eu-LISA shall keep a list of the user profiles. One authority may have several profiles, depending on its access rights.

5.   Access to the central repository shall be logged. The information logged shall contain at least:

(a)

a timestamp;

(b)

authority;

(c)

type of the report concerned.

6.   Logs enabling the identification of users accessing the central repository shall be kept at national level and by the Commission, the European Border and Coast Guard Agency and Europol. eu-LISA shall keep logs of all accessing operations. The logs shall be stored in the central repository for one year, after which they shall be automatically erased.

7.   Any conflicting roles within the central repository shall be identified and access shall be granted in accordance with the following principles:

(a)

‘need-to-know’;

(b)

least privilege access;

(c)

segregation of duties.

8.   Data quality reports issued pursuant to Article 15(4) of Regulation (EU) 2018/1861 shall include a tool for Member States to provide eu-LISA with feedback on the correction of the issues encountered.

Article 7Data processor

For the purpose of anonymising personal data pursuant to Article 5, eu-LISA shall be the data processor within the meaning of Article 3, point (12) of Regulation (EU) 2018/1725.

Article 8Other data protection and security aspects

1.   The data stored in the central repository shall be consulted solely for the purpose of reporting and statistics.

2.   eu-LISA shall implement the necessary security measures to ensure the integrity of data in the central repository. Any changes to the data shall be traceable for auditing purposes.

Article 9Entry into force

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union .

This Regulation shall be binding in its entirety and directly applicable in the Member States in accordance with the Treaties.

9 articles

Cite this act

Commission Delegated Regulation (EU) 2021/2223 of 30 September 2021 supplementing Regulation (EU) 2019/817 of the European Parliament and of the Council with detailed rules on the operation of the central repository for reporting and statistics (EUR-Lex). Retrieved via LawPlayer, https://lawplayer.com/eu/act/32021R2223

© European Union, https://eur-lex.europa.eu, 1998-2026. Reuse authorised under Commission Decision 2011/833/EU, provided the source is acknowledged.

EU-EurLex-Reuse-2011-833

本頁資料來源:EUR-Lex·整理提供:法律人 LawPlayer· lawplayer.com