Commission Delegated Regulation (EU) 2021/2104 of 19 August 2021 laying down detailed rules on the operation of the web portal, pursuant to Article 49(6) of Regulation (EU) 2019/817 of the European Parliament and of the Council
Commission Delegated Regulation (EU) 2021/2104of 19 August 2021laying down detailed rules on the operation of the web portal, pursuant to Article 49(6) of Regulation (EU) 2019/817 of the European Parliament and of the CouncilTHE EUROPEAN COMMISSION,Having regard to the Treaty on the Functioning of the European Union,Having regard to Regulation (EU) 2019/817 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of borders and visa and amending Regulations (EC) No 767/2008, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1726 and (EU) 2018/1861 of the European Parliament and of the Council and Council Decisions 2004/512/EC and 2008/633/JHAOJ L 135, 22.5.2019, p. 27., and in particular Article 49(6) thereof,Whereas:(1)Regulation (EU) 2019/817, together with Regulation (EU) 2019/818 of the European Parliament and of the CouncilRegulation (EU) 2019/818 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of police and judicial cooperation, asylum and migration and amending Regulations (EU) 2018/1726, (EU) 2018/1862 and (EU) 2019/816 (OJ L 135, 22.5.2019, p. 85). establishes a framework to ensure interoperability between the EU information systems in the field of borders, visa, police and judicial cooperation, asylum and migration.(2)That framework includes a number of interoperability components which involve the processing of significant amounts of sensitive personal data. It is important that persons whose data are processed through those components can effectively exercise their rights as data subjects as required under Regulation (EU) 2016/679Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1)., Directive (EU) 2016/680Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA (OJ L 119, 4.5.2016, p. 89). and Regulation (EU) 2018/1725Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39). of the European Parliament and of the Council.(3)In order to facilitate the exercise of the right to information, access to, rectification, erasure or restriction of processing of personal data a web portal is established by Regulation (EU) 2019/817.(4)This web portal should enable persons whose data are processed in the multi-identity detector and who have been informed of the presence of a red or white link to retrieve the information of the competent authority of the Member State responsible for the manual verification of different identities.(5)For the purpose of facilitating the communication between the portal user and the competent authority of the Member State responsible for the manual verification of different identities, the web portal should include a template email available in the languages established in this Regulation. It should also provide an option on the language(s) to be used for a reply.(6)In order to clarify respective responsibilities concerning the web portal, this Regulation should specify the responsibilities of the European Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice ("eu-LISA"), the Commission and the Member States concerning the web portal.(7)For the purpose of secure and smooth operation of this web portal, this Regulation should establish rules concerning the security of information in the web portal. In addition, access to the web portal should be logged in order to prevent any misuse.(8)Given that Regulation (EU) 2019/817 builds upon the Schengen acquis, in accordance with Article 4 of Protocol No 22 on the Position of Denmark, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, Denmark notified the implementation of Regulation (EU) 2019/817 in its national law. It is therefore bound by this Regulation.(9)This Regulation constitutes a development of the provisions of the Schengen acquis in which Ireland does not take partThis Regulation falls outside the scope of the measures provided for in Council Decision 2002/192/EC of 28 February 2002 concerning Ireland’s request to take part in some of the provisions of the Schengen acquis (OJ L 64, 7.3.2002, p. 20).. Ireland is therefore not taking part in the adoption of this Regulation and is not bound by it or subject to its application.(10)As regards Iceland and Norway, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the association of those two States with the implementation, application and development of the Schengen acquisOJ L 176, 10.7.1999, p. 36., which fall within the area referred to in Article 1, point A of Council Decision 1999/437/ECCouncil Decision 1999/437/EC of 17 May 1999 on certain arrangements for the application of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the association of those two States with the implementation, application and development of the Schengen acquis (OJ L 176, 10.7.1999, p. 31)..(11)As regards Switzerland, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquisOJ L 53, 27.2.2008, p. 52., which fall within the area referred to in Article 1, point A of Decision 1999/437/EC, read in conjunction with Article 3 of Council Decision 2008/146/ECCouncil Decision 2008/146/EC of 28 January 2008 on the conclusion, on behalf of the European Community, of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis (OJ L 53, 27.2.2008, p. 1)..(12)As regards Liechtenstein, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquisOJ L 160, 18.6.2011, p. 21. which fall within the area referred to in Article 1, point A of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2011/350/EUCouncil Decision 2011/350/EU of 7 March 2011 on the conclusion, on behalf of the European Union, of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis, relating to the abolition of checks at internal borders and movement of persons (OJ L 160, 18.6.2011, p. 19)..(13)As regards Cyprus, Bulgaria and Romania and Croatia, this Regulation constitutes an act building upon, or otherwise relating to, the Schengen acquis within, respectively, the meaning of Article 3(1) of the 2003 Act of Accession, Article 4(1) of the 2005 Act of Accession and Article 4(1) of the 2011 Act of Accession.(14)The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 and delivered an opinion on 31 March 2021,HAS ADOPTED THIS REGULATION: