Regulation (EU) 2018/1727 is amended as follows:
(1)
in Article 4(1), the following point is added:
‘(j)
support Member States’ action in combating genocide, crimes against humanity, war crimes and related criminal offences, including by preserving, analysing and storing evidence related to those crimes and related criminal offences and enabling the exchange of such evidence with, or otherwise making it directly available to, competent national authorities and international judicial authorities, in particular the International Criminal Court.’;
(2)
in Article 80, the following paragraph is added:
‘8. By way of derogation from Article 23(6), Eurojust may establish an automated data management and storage facility separate from the case management system referred to in Article 23 for the purposes of processing operational personal data for the performance of the operational function referred to in Article 4(1), point (j) (‘automated data management and storage facility’).
The automated data management and storage facility shall comply with the highest standards of cyber security.
Notwithstanding Article 90 of Regulation (EU) 2018/1725, Eurojust shall consult the EDPS prior to the operation of the automated data management and storage facility. The EDPS shall deliver an opinion within two months of the receipt of a notification from the Data Protection Officer.
The notification from the Data Protection Officer referred to in the third subparagraph shall contain at least the following elements:
(a)
a general description of the processing operations envisaged;
(b)
an assessment of the risks to the rights and freedoms of data subjects;
(c)
the measures envisaged to address the risks referred to in point (b);
(d)
safeguards, security measures and mechanisms to ensure the protection of personal data and to demonstrate compliance with this Regulation, taking into account the rights and legitimate interests of the data subjects and other persons concerned.
The provisions on data protection laid down in this Regulation and in Regulation (EU) 2018/1725 shall apply to the processing of data in the automated data management and storage facility insofar as they do not directly relate to the technical set-up of the case management system. Access rights and time limits for the data stored in the automated data management and storage facility shall be in accordance with the applicable rules on access to the temporary work files in support of which the data are stored, and with the respective time limits, in particular those set out in Article 29 of this Regulation.
The derogation provided for in this paragraph shall apply as long as the case management system composed of temporary work files and of an index remains in place.’;
(3)
Annex II is amended as follows:
(a)
point 1(n) is replaced by the following:
‘(n)
DNA profiles established from the non-coding part of DNA, photographs and fingerprints and, in relation to the crimes and related criminal offences referred to in Article 4(1), point (j), videos and audio recordings.’;
(b)
point 2(f) is replaced by the following:
‘(f)
the description and nature of the offences involving the person concerned, the date on which and location at which the offences were committed, the criminal category of the offences, the progress of the investigations and, in relation to the crimes and related criminal offences referred to in Article 4(1), point (j), information relating to criminal conduct, including audio recordings, videos, satellite images and photographs;’.