Home Über uns Sitemap Login Registrieren
Commission Implementing Decision (EU) 2022/2366 of 2 December 2022 on laying down... (32022D2366)
EU - Rechtsakte: 19 Area of freedom, security and justice

COMMISSION IMPLEMENTING DECISION (EU) 2022/2366

of 2 December 2022

on laying down the specifications for a technical solution to facilitate the collection of data by Member States and Europol for the purpose of generating statistics on the access to the VIS data for law enforcement purposes

THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information system (VIS) and the exchange of information between Member States on short-stay visas, long-stay visas and residence permits (VIS Regulation) (1), and in particular Article 50(4) third subparagraph thereof,
Whereas:
(1) Regulation (EC) No 767/2008 establishes the Visa Information System (VIS) for the exchange of data between Member States on applications for short-stay visas, long-stay visas and residence permits, and on the decision taken to annul, revoke or extend the visa.
(2) Regulation (EC) No 767/2008 establishes the conditions of access to the VIS data for the purposes of the prevention, detection or investigation of terrorist offences or of other serious criminal offences. A technical solution should be established and made available to Member States and Europol in order to facilitate the collection of data for the purpose of generating statistics to measure the effectiveness of such access for law enforcement purposes.
(3) It is necessary to lay down the specifications for the development of the technical solution facilitating the collection of certain information and statistics.
(4) The technical solution selected for implementing the VIS should take into consideration the need to have a better integration of already existing and future Union border management systems, as well as the interoperability of those systems. That technical solution should be scalable and enable further evolution in order to be capable, where required, to integrate additional functionalities, to manage bigger number of operations and to store more data. For that reason, the technical solution facilitating the collection of certain information and statistics should be developed on the basis of the technical solution referred to in Article 72(8) of Regulation (EU) 2017/2226 of the European Parliament and of the Council (2) and Article 92(8) of Regulation (EU) 2018/1240 of the European Parliament and of the Council (3) and adapted as appropriate.
(5) In accordance with Regulation (EC) No 767/2008, the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA) should be responsible for the design and the development of the VIS.
(6) The technical solution should comply with the principles of data protection by design and by default. The data for the generation of statistics should be provided in such a way as to ensure a proper anonymisation of the results, while applying effective data minimisation to prevent the risk of inference of information from the data subjects.
(7) Given that Regulation (EU) 2021/1134 of the European Parliament and of the Council (4) builds upon the Schengen
acquis
, in accordance with Article 4 of Protocol No 22 on the Position of Denmark, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, Denmark notified the implementation of Regulation (EU) 2021/1134 in its national law. It is therefore bound by this Decision.
(8) This Decision constitutes a development of the provisions of the Schengen
acquis
in which Ireland does not take part (5). Ireland is therefore not taking part in the adoption of this Decision and is not bound by it or subject to its application.
(9) As regards Iceland and Norway, this Decision constitutes a development of the provisions of the Schengen
acquis
within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the association of those two States with the implementation, application and development of the Schengen
acquis
 (6) which fall within the area referred to in Article 1, point B of Council Decision 1999/437/EC (7).
(10) As regards Switzerland, this Decision constitutes a development of the provisions of the Schengen
acquis
within the meaning of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen
acquis
 (8) which fall within the area referred to in Article 1, point B, of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2008/146/EC (9).
(11) As regards Liechtenstein, this Decision constitutes a development of the provisions of the Schengen
acquis
within the meaning of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen
acquis
 (10) which fall within the area referred to in Article 1, point B, of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2011/350/EU (11).
(12) This Decision constitutes an act building upon, or otherwise relating to, the Schengen
acquis
, within, respectively, the meaning of Article 3(2) of the 2003 Act of Accession, Article 4(2) of the 2005 Act of Accession and Article 4(2) of the 2011 Act of Accession.
(13) The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council (12) and delivered an opinion on 8 June 2022.
(14) The measures provided for in this Decision are in accordance with the opinion of the Smart Borders Committee,
HAS ADOPTED THIS DECISION:

Article 1

Technical solution to facilitate the collection of data for the purpose of generating the statistics

1.   eu-LISA shall develop the technical solution referred to in Article 50(4), third subparagraph, of Regulation (EC) No 767/2008, and adapt it according to the specifications laid out in article 2 of this Decision.
2.   eu-LISA shall make the technical solution available to the central access point(s) referred to in Article 22l of Regulation (EC) No 767/2008 and to the specialised unit of duly empowered Europol officials referred to in Article 22m of that Regulation.
3.   The use of the technical solution by Member States and Europol shall be optional.

Article 2

Specifications of the technical solution to facilitate the collection of data for the purpose of generating the statistics

1.   Where the technical solution referred to in Article 50(4) of Regulation (EC) No 767/2008 is used, each Member State and Europol shall be responsible for its deployment.
2.   The Member States and Europol shall be responsible for their technical and operational management of the technical solution.
3.   The technical solution shall only allow access to its data to authorised users.
4.   The technical solution shall allow the collection of the following data for each request for access to data stored in the VIS:
(a) designated authority, central access point and operating unit initiating the request referred to in Article 22l(5) of Regulation (EC) No 767/2008, and Europol if initiating the request as referred to in Article 22r of that Regulation;
(b) the exact purpose of the consultation, including the type of terrorist offence or other serious criminal offence, as defined in Article 4, points (22) and (23), of the Regulation (EC) No 767/2008, that led to the consultation, by selecting a value from a code table;
(c) reasonable grounds given for the substantiated suspicion that the suspect, perpetrator or victim is covered by Regulation (EC) No 767/2008;
(d) the number of requests to access the VIS for law enforcement purposes and to access the data on children below 14 years of age;
(e) the number and type of cases in which the urgency procedures referred to in Article 22n(2) of Regulation (EC) No 767/2008 were used, including those cases where the urgency was not accepted by the
ex post
verification carried out by the central access point;
(f) the number and type of cases, which have ended in successful identifications.
5.   In order to facilitate the collection of data, where the urgency procedure provided for in Article 22n(2) of Regulation (EC) No 767/2008 is used, the cases associated with that procedure referred to in paragraph 4, point (e), of this Article shall be marked.
6.   The information listed in paragraph 4 of this Article shall be stored locally, by the central access point(s) or Europol and shall be used to support the generation of statistics referred to in Article 50(4) of Regulation (EC) No 767/2008.

Article 3

Entry into force and applicability

This Decision shall enter into force on the twentieth day following that of its publication in the
Official Journal of the European Union
, with the exception of the following provisions which shall apply from the date of the start of operations of the VIS pursuant to Article 11 of Regulation (EU) 2021/1134:
(a) Article 1 in so far as it relates to Regulation (EC) No 767/2008;
(b) Article 2 in so far as it relates to Regulation (EC) No 767/2008.
Done at Brussels, 2 December 2022.
For the Commission
The President
Ursula VON DER LEYEN
(1)  
OJ L 218, 13.8.2008, p. 60
.
(2)  Regulation (EU) 2017/2226 of the European Parliament and of the Council of 30 November 2017 establishing an Entry/Exit System (EES) to register entry and exit data and refusal of entry data of third-country nationals crossing the external borders of the Member States and determining the conditions for access to the EES for law enforcement purposes, and amending the Convention implementing the Schengen Agreement and Regulations (EC) No 767/2008 and (EU) No 1077/2011 (
OJ L 327, 9.12.2017, p. 20
).
(3)  Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (
OJ L 236, 19.9.2018, p. 1
).
(4)  Regulation (EU) 2021/1134 of the European Parliament and of the Council of 7 July 2021 amending Regulations (EC) No 767/2008, (EC) No 810/2009, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1860, (EU) 2018/1861, (EU) 2019/817 and (EU) 2019/1896 of the European Parliament and of the Council and repealing Council Decisions 2004/512/EC and 2008/633/JHA, for the purpose of reforming the Visa Information System (
OJ L 248, 13.7.2021, p. 11
).
(5)  This Decision falls outside the scope of the measures provided for in Council Decision 2002/192/EC of 28 February 2002 concerning Ireland’s request to take part in some of the provisions of the Schengen
acquis
(
OJ L 64, 7.3.2002, p. 20
).
(6)  
OJ L 176, 10.7.1999, p. 36
.
(7)  Council Decision 1999/437/EC of 17 May 1999 on certain arrangements for the application of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the association of those two States with the implementation, application and development of the Schengen
acquis
(
OJ L 176, 10.7.1999, p. 31
).
(8)  
OJ L 53, 27.2.2008, p. 52
.
(9)  Council Decision 2008/146/EC of 28 January 2008 on the conclusion, on behalf of the European Community, of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen
acquis
(
OJ L 53, 27.2.2008, p. 1
).
(10)  
OJ L 160, 18.6.2011, p. 21
.
(11)  Council Decision 2011/350/EU of 7 March 2011 on the conclusion, on behalf of the European Union, of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen
acquis
, relating to the abolition of checks at internal borders and movement of persons (
OJ L 160, 18.6.2011, p. 19
).
(12)  Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (
OJ L 295, 21.11.2018, p. 39
).
Markierungen
Leseansicht