(Under forberedelse) Kommisjonens gjennomføringsbeslutning om fastsettelse av bestemmelser og oppbevaring og tilgang til loggene i Det europeiske system for innreiseinformasjon og -tillatelse (ETIAS) i henhold til europaparlaments- og rådsforordning (EU) 2018/1240
(In preparation) Commission Implementing Decision laying down rules on keeping and accessing of the logs in the European Travel Information and Authorisation System (ETIAS) pursuant to Regulation (EU) 2018/1240 of the European Parliament and the Council
Utkast til forordning lagt fram av Kommisjonen 19.11.2020 med tilbakemeldingfrist 17.12.2020
BAKGRUNN (fra kommisjonsforordningen, engelsk utgave)
(1) Regulation (EU) 2018/1240 establishes the European Travel Information and Authorisation System (ETIAS), applicable to visa-exempt third-country nationals seeking to enter the territory of the Member States.
(2) The operation of ETIAS requires the development and technical implementation of the ETIAS Information System. The system is to comprise logs recording all data processing operations performed.
(3) It is necessary to lay down rules on the keeping and accessing of logs. Logs should be used solely for verifying compliance with data processing obligations and for ensuring the integrity and security of the operational personal data.
(4) As regards the keeping of logs, it is necessary to specify the location at which they are to be stored, the manner in which they are to be technically recorded, including when they derive from different ETIAS components, as well as the rules applicable to the deletion of the logs after their retention period ends.
(5) As regards accessing logs, it is necessary to specify the competent authoritiesincluding, where appropriate, the persons within such authorities, to which access to the logs should be granted and for the purposes for which they may be accessed. In order to ensure that the competent authorities are able to perform their duties carried out for the purpose of monitoring the admissibility of data processing and of ensuring data security and integrity, the identification of logs should be facilitated through an effective search function.
(6) Logs recording access by duly authorised staff of the national authorities of each Member State and by the duly authorised staff of the Union agencies for the purposes referred to in Article 13(4a) of Regulation (EU) 2018/1240 should be kept in accordance with the requirements laid down in Article 24(2) and (3) of Regulation (EU) 2019/817.
(7) The European Union Agency for the Operational Management of Large-Scale IT systems in the Area of Freedom, Security and Justice ('eu-LISA') is responsible for the design and development phase of the ETIAS Information System. The measures laid down by this Decision should enable eu-LISA to define the design of the physical architecture of ETIAS including its Communication Infrastructure, as well as the technical specifications of the system and to develop ETIAS. eu-LISA should complete those measures by the Technical Specifications and the Interface Control Document of ETIAS.
(8) In accordance with Articles 1 and 2 of Protocol No 22 on the position of Denmark, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, Denmark did not take part in the adoption of Regulation (EU) 2018/1240 and is not bound by it or subject to its application. However, given that Regulation (EU) 2018/1240 builds upon the Schengen acquis, Denmark notified on 21 December 2018, in accordance with Article 4 of that Protocol, its decision to implement Regulation (EU) 2018/1240 in its national law.
(9) This Decision constitutes a development of the provisions of the Schengen acquis in which Ireland does not take part, in accordance with Council Decision 2002/192/EC; Ireland is therefore not taking part in the adoption of this Decision and is not bound by it or subject to its application.
(10) This Decision constitutes a development of the provisions of the Schengen acquis in which the United Kingdom does not take part, in accordance with Council Decision 2000/365/EC; the United Kingdom is therefore not taking part in the adoption of this Decision and is not bound by it or subject to its application.
(11) As regards Iceland and Norway, this Decision constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the latters’ association with the implementation, application and development of the Schengen acquis, which fall within the area referred to in Article 1, point A of Council Decision 1999/437/EC.
(12) As regards Switzerland, this Decision constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis, which fall within the area referred to in Article 1, point A of Council Decision 1999/437/EC, read in conjunction with Article 3 of Council Decision 2008/146/EC.
Justis- og beredskapsdepartementet