Proposal for Regulation on Visa Information System
Proposal for Regulation of the European Parliament and of the Council concerning the Visa Information System (VIS) and the exchange of data between Member States on short stay-visas
This regulation will enter into force from on the twentieth day following that of its publication in the Official Journal of the European Union.
Official Journal of the European Union, C 052 of 2 March 2005.
The Visa Information System (hereinafter the “VIS”) has been established by Council Decision 2004/512/EC of 8 June 2004 establishing the Visa Information System (VIS), however, its operation requires further implementing measures at EC as well as national level. Draft Proposal for Regulation of the European Parliament and of the Council concerning the Visa Information System (VIS) and the exchange of data between Member States on short stay-visas adopted by the European Commission (hereinafter the “Draft Regulation”), after its approval in co-decision procedure by qualified majority voting, shall be the key one of such measures.
One of the main aims of establishing the VIS is to prevent visa applicants from repeated applying for visa to other consulates after having been rejected in one Member State. This Draft Regulation is to define the purpose, the functionalities and responsibilities for the VIS, to entrust the European Commission with the power to set up and maintain the VIS and to establish the procedures and conditions for the exchange of data between Member States on short-stay visa applications. The whole system for exchange of visa data shall consist of the VIS, the National Interface in each Member State and the connecting communication infrastructure.
The VIS will enable authorised national authorities to enter and update visa data and to consult these data electronically. The VIS shall include several categories of data such as alphanumeric data on the applicant and on his/her visas, a photograph and fingerprint data. Upon receipt of a visa application, respective visa authority in the Member State shall create the application file containing application number, identification of the visa authority to which the application has been filed and various personal data on applicant and person issuing an invitation or liable to pay the costs of living during the stay of the applicant. These personal data shall include,inter alia, name and surname, sex, date and place of birth, nationality.
The application file shall be a part of the VIS and may be stored in the VIS for five years as from expiry date of the visa or as from the date of creation of the application file if a visa application has been refused. However, application files shall be deleted from the VIS immediately on condition that this applicant acquired citizenship of any Member State. Each Member State and the European Commission are obliged to keep records of all data processing operations within the VIS and these records may only be used for monitoring whether data protection was ensured when processing data in question. These records can be kept in the VIS only for the period not exceeding one year after the above 5-year retention period has expired.
This Draft Regulation further ensures personal data protection, requiring each Member State to designate the authority to be considered as controller for the purposes of personal data protection. The data shall be processed by the VIS on behalf of the Member States. All individuals, data of whom are contained in the VIS shall have the right of information on the identity of the controller, purpose for which data are processed and the recipients of the data. Furthermore, these individuals shall have the right to access their data contained in the VIS, the right of correction and the right of deletion of data (in the case that they have been recorded unlawfully) in the VIS relating to them.
In case of unlawful processing operation or any action incompatible with this Draft Regulation the Member State shall be held liable and provide compensation to entities who suffered damage as a consequence of such breach. This is not applicable where the Member State proves that it is not responsible for the event giving rise to the damage.
Whole system shall be implemented by the European Commission and the Member States in two phases. Firstly, functionalities for processing alphanumeric data and the photographs shall be implemented by 31 December 2006 at the latest. Secondly, functionalities for processing biometric data shall be implemented by 31 December 2007 at the latest.
It must be noted that this Draft Regulation shall be binding and applicable to the Member States except Denmark, the United Kingdom and Ireland, however, the new Member States (which acceded on 1 May 2004) shall be subject to this Draft Regulation only on the basis of further Council decision foreseen by the Act of Accession. In addition to that, applicability of this Draft Regulation is extended also to Iceland, Norway and Switzerland.
In February 2005, the Justice and Home Affairs Council already reached broad agreement over this Draft Proposal.