Agency for the management of large-scale IT systems in the area of freedom, security and justice (debate) 
President
The next item is the report by Carlos Coelho, on behalf of the Committee on Civil Liberties, Justice and Home Affairs, on the amended proposal for a regulation of the European Parliament and of the Council on establishing an agency for the operational management of large-scale IT systems in the area of freedom, security and justice - C7-0046/2009 -.
We had expected Commissioner Malmström to be with us, but I understand there is a problem with her incoming flight. She is on her way but she will not be here at the beginning. Commissioner Barnier will stand in so long as is necessary.
Carlos Coelho
Madam President, there are three underlying questions which I would like to highlight at the start of this debate. The first is legislative efficacy. Once more, and on subjects as sensitive as Schengen-related issues, Parliament has managed to come to an agreement at first reading.
We have worked well and quickly. For those who do not believe in codecision, we have once again given a conclusive response. If the decision were still made by unanimity in the Council, it would be adjourned for even longer. I thank the Hungarian Presidency for its efforts and competent performance.
My second point is the strengthening of Schengen. Notwithstanding the differing opinions on some issues, we have achieved broad consensus in this Parliament. This is because, essentially, we want to see Schengen strengthened and we do not condone attempts to weaken the free circulation of people. I thank the shadow rapporteurs for their collaboration and their support.
Thirdly, I would highlight the EU solution. Although initially it had little support in the Council, the creation of this agency corresponds to the preference shown by this Parliament, which has always fought for a European solution to the detriment of the intergovernmental one, which is still prevalent in the First Schengen Information System (SIS I). According to the impact assessment carried out by the Commission, the creation of an agency is without doubt the best solution from an economic, operational and institutional point of view.
I would like to ask Commissioner Barnier to pass on our thanks to Commissioner Malmström for her timely initiative and for her cooperation.
The regulation that we are going to adopt corresponds positively to the concerns of this Parliament. Allow me to emphasise seven points. Firstly, new systems clash with the legislative instrument; much is said about new systems in the area of freedom, security and justice. The regulation clearly ensures that new systems can only be added after they have been created by means of a legal instrument adopted by codecision with the European Parliament.
Secondly, interoperability between systems is rejected. It is expressly guaranteed that there can be no interoperability between the systems managed by the agency, unless this possibility is expressly established in the legal instruments which create each of these systems.
The third point is the location of the agency. Parliament's prerogatives have been respected and the decision has been taken in codecision between Parliament and the Council. The headquarters are to be in Tallinn, the technical site in Strasbourg and the back-up site in Austria. Pressure from Parliament led to our receiving two letters from the French and Estonian Ministers confirming the investment that each of the two countries would make so that the solution arrived at would be the most cost-efficient.
Fourthly, on communication infrastructure we managed to reach a compromise: any possibility of non-authorised access will be prohibited; all data circulating within the network has to be encrypted, and it is guaranteed that the encryption key cannot be transferred to the responsibility of a private company under an outsourcing agreement, exactly the opposite to what currently happens.
We have also regulated the members of the management board and voting rights in such a way as to guarantee that the Member States only participate in systems to which they are linked. The participation of the United Kingdom was safeguarded while Ireland decided not to be bound by this regulation. Finally, Madam President, diverse improvements were introduced with regard to the reinforcement of Parliament's role, the reinforcement of transparency and the improvement of data protection.
Michel Barnier
Madam President, honourable Members, thank you for your understanding. The arrival of Commissioner Malmström's flight was delayed, due to circumstances beyond her control. She has asked me to apologise to you on her behalf. She is currently making her way here to join us, and I will therefore pass your message on to her, Mr Coelho.
I believe she will be here in few moments to take over from me; however, while we wait, I would like to extend very warm thanks, on her behalf, to Mr Coelho, for the constructive approach he showed throughout the negotiations on this proposal involving - I think I can say this - fruitful cooperation between the three institutions. I believe we have thus reached our common objective.
This proposal, as you know better than anyone, is a response to the European Parliament's and the Council's explicit request, made in 2006, when the basic instruments for the second-generation Schengen Information System (SIS II) and the Visa Information System (VIS) were adopted. Based on impact assessments, Eurodac is now also included in the proposal.
The main role of the future agency will be to ensure that these crucial IT systems operate properly 24 hours a day, seven days a week, and that data exchange takes place in full compliance with data security and data protection regulations.
In the future, the purpose of the agency will be to develop other very large-scale IT systems in the area of freedom, security and justice, based on the legislative proposals which have been or which are due to be adopted by the co-legislator. With regard to the compromise proposal, Commissioner Malmström informed me that she was satisfied that Parliament's main amendments had been incorporated into the compromise text.
The Commission wishes however to emphasise and clarify its intention to make a statement, to be included in the Council's minutes, recalling that the principle of the European Union's institutional autonomy opposes the granting of voting rights in the agency to third countries, including associated countries.
As a result, the Commission's acceptance of the co-legislator's compromise is based on the principle that this compromise does not grant voting rights to associated countries or create expectation in that regard.
Mr Coelho, honourable Members, Madam President, that is what I wanted to say on behalf of Commissioner Malmström. Thank you for your understanding.
Marian-Jean Marinescu
Madam President, the operational management of the second-generation Schengen Information System (SIS II), the Visa Information System (VIS), Eurodac and other large-scale information technology systems is crucial to the future of the European area of freedom, security and justice. As a result, setting up a single authority responsible for the operational management of these IT systems is an absolute must.
We are going through a time of budget constraints which must also be reflected in the European agencies' activities. I support the proposal for the agency's strategy to be based on a multiannual staff policy plan and a draft annual work programme, with clear objectives and performance indicators. I regret that the proposal tabled by the Committee on Budgetary Control for the number of members on the management board to be reduced was not accepted. I respect the right of Member States to be involved in the decision-making process at agency level. However, I think that a management board made up of 29 members is a costly, cumbersome structure which does not help operations run more efficiently. I think that the agency's number-one priority must be to clarify the situation with SIS II. An analysis needs to be carried out and a decision made about the programme and the costs involved in completing this system.
Agustín Díaz de Mera García Consuegra
Madam President, I support Mr Coelho's thorough work and I congratulate him on his negotiating capacity, in Parliament and at first reading.
In terms of the need to create a new agency for the operational management of large-scale IT systems, we should remember that the Commission itself has declared that it cannot assume the responsibility for managing large databases, and that creating a merely executive agency would not in any case give Parliament control, because it would still be embedded in the structure of the European Commission.
Considering the important work being entrusted to the new agency and the need for this work to be scrutinised by Parliament, however, the new body should take the form of a European agency with its own legal status.
Its objectives should be clearly defined, these being operational management of the second-generation Schengen Information System (SIS II), the Visa Information System (VIS) and Eurodac. It could also take responsibility for the preparation, development and operational management of other large-scale information systems.
However, it should be noted that this must in all cases be done with the right legal instruments. The agency will not under any circumstances be able to take political decisions, such as creating new information systems or decisions on interoperability with different systems.
The important role that the agency is to play means it must have a reinforced administrative structure that will ensure data integrity and protection, and for this reason it is essential that it incorporate a post of data security manager and an independent data protection body, thereby complying with the legal provisions contained in Article 8 of the Charter of Fundamental Rights.
In conclusion, Mr Coelho, I am very much in agreement with your three initial points, and with the seven points made by Parliament on making a strong commitment to reaching an EU solution and taking a firm stand against any limitation of the Schengen Area.
Sylvie Guillaume
Madam President, I too would like to commend our fellow Member Mr Coelho for the skills which he employed during this negotiation and which have enabled the European Parliament to achieve a number of excellent results.
Our objective, as he said, was to improve the operational effectiveness of data security systems in the area of justice and internal affairs, for the Schengen Information System (SIS), the Visa Information System (VIS) and Eurodac.
I would like to underline several points which the socialists consider to be truly positive steps forward. First of all, it has been guaranteed that the agency's remit will be limited to technical tasks which will not be allowed to exert any form of influence on the actual substance of the data held. Secondly, democratic transparency is to be employed throughout the whole process, allowing the European Parliament not only to be involved in the selection process for the agency's director, but also, and above all, assuring us that, if the agency's remit were to be extended to other systems and if there were an intention to make any of those systems interoperable with current systems, this could only be done through the ordinary legislative procedure. Thirdly, it is forbidden for private operators to undertake system maintenance and have access to security codes and data content and, finally, the European Parliament is participating in choosing the location for the agency's seat.
With regard to this final point, I would like to express my regret that in negotiating the regulations the naming of the seat was subject to such resistance from the Council. Its unilateral statement to the effect that this decision would not set a precedent has no legal value as such. Our institution adhered strictly to the Treaties, according to which Parliament must also give its consent in the naming of seats of European agencies.
In light of this, I would like the Council to at last consider the European Parliament as a full partner, that is to say a co-legislator, in the same capacity as itself. This form of institutional rivalry is also affecting work on the Schengen issue, particularly as regards the revision of the Schengen evaluation mechanism. I would in that regard like us to move our focus to debating the real issues rather than focusing on legal battles.
(Applause)
Sarah Ludford
on behalf of the ALDE Group. - Madam President, Mr Coelho is as usual a safe pair of hands - I am not sure what we would do without him - and he has safely overseen the co-legislation of this regulation.
The Commission has attempted to develop several large-scale systems over the last few years but we know, certainly in the case of SIS II, that there have been serious delays and even some apparent mismanagement. In some of our Member States it is not unknown to have these problems. So it is sensible to concentrate technical know-how in one place. But at the same time, as Mr Coelho said, it is important to ensure on sensitive issues, such as any proposal for system or data interoperability, that Parliament is very much involved in any such decision.
It is also important that this regulation provides for the European Data Protection Supervisor to have the power to obtain from the agency access to all information necessary to his work.
The Commission will shortly propose setting up yet more IT systems, for instance an entry/exit system for Schengen borders and a registered traveller programme. I do not know whether the Commissioner - I know he is standing in for a colleague - is able to tell us whether the Commission is already planning that the agency should be involved in designing those two new databases.
I am very pleased that the UK will be able to participate in the adoption of this regulation and in the management of the agency to a degree that reflects its participation in SIS and in Eurodac. This is perhaps a model for variable geometry in the Schengen evaluation mechanism.
Jan Philipp Albrecht
Madam President, Commissioner Barnier, Mr Coelho, right now we are debating for the last time the framework for the IT agency that is to be created for the European Union. As Parliament we will agree a compromise with the Council that incorporates our key demands. This is partly because we have already had many debates on this, but it is also partly down to the good work carried out by the rapporteur, who I would like to thank both for his work and for such good cooperation. I would like to take this opportunity to assure him of the support of the Group of the Greens/European Free Alliance.
Having said that, however, I should like to emphasise one substantive point regarding the IT agency. The framework planned quite clearly excludes any integration of various databases with personal data. We want to have an efficient and secure technical platform, but we do not want this expanded to include the capture of personal data for any purpose whatsoever. Parliament's vote should sound a note of warning to anyone who has other intentions. We are keeping an eye on this agency and will not tolerate anyone veering off on their own.
Adam Bielan
Madam President, in today's increasingly mobile world, personal data protection is an essential tool in ensuring the safety of citizens and an area of free and unrestricted movement in the European Union. Well-organised and reliable protection will increase activity, which will also contribute to economic and social development.
The plan to create a supervisory agency for all three information systems currently in force appears interesting, as managing large-scale information systems requires a responsible specialist institution. However, it is important to ensure that all Member States are represented on its board. For the data protection system to be effective, individual solutions must be obligatory for all Member States. An important task that the agency must perform is to guarantee the security of the network and data transmission by eliminating the threats that are becoming increasingly widespread. According to the model of the European Data Protection Inspector, the agency should achieve its aims while respecting the fundamental rights of citizens. I hope that this system will allow data to be exchanged more effectively and processed and made available more securely.
Derek Roland Clark
on behalf of the EFD Group. - Madam President, yet another expensive, bureaucratic monster arises by combining VIS, SIS and Eurodac, whether or not any Member State currently participates in these agencies. It is meant to develop Schengen, which itself is under pressure due to the Libyan situation. What is the use of a system to allow free movement which has to be partially suspended because of the free movement it encourages?
I understand there will be a central agency to retain fingerprints and biometric records for five years, including material obtained under SIS - 'information regarding certain categories of persons and property'. So, under the guise of facilitating the free movement of people, we have a resurrection of the Stasi.
Of course, this is intended to lead to EU immigration control. In the case of the UK, many immigrants come from the Commonwealth, a unique voluntary association including every single one of our former colonies. Well, we have our own border controls for that purpose, and the EU does not have the right to interfere.
Hubert Pirker
(DE) Madam President, Commissioner, Mr Coelho, in contrast to the previous speaker, I believe that it is important for us to in fact support the establishment of this agency. I have often been sceptical when it comes to establishing agencies. In this case I am happy to support it. Firstly, I know that Mr Coelho led the negotiations, so I know that the result will be positive. You can rely on that. Secondly, the European Commission's handling of the Schengen Information System has shown that the management of major IT systems cannot be entrusted to the Commission. Thirdly, I consider it sensible that we bring the management of three major information systems - these being the Schengen Information System, the Visa Information System and Eurodac - under one roof. This will undoubtedly have synergy benefits.
It is also important that we state what the agency is to do and what it is not to do; namely, that it is not to make political decisions, but that it is to provide a high standard of management for these three information systems.
Moreover, I believe that training should be provided to ensure that the same high standards apply in all countries in respect of the implementation and use of the systems.
Finally, I should like to reiterate that I hope that this agreement on the agency will start a new debate on how the information systems can be usefully linked together - but only where there is good reason for doing so. I would point out that this would be particularly useful in a crisis situation such as we currently have in North Africa. We know that criminals are exploiting this system to cross borders and apply for asylum here, using the asylum process as a means of slipping in drugs couriers or even terrorists. Allowing Europol to use these systems would have security benefits for Europe's citizens, and I would therefore welcome the start of a discussion along these lines.
Monika Flašíková Beňová
(SK) Madam President, I too would like to thank Mr Coelho, because I believe that bringing the second-generation Schengen Information System (SIS II), the Visa Information System (VIS) and Eurodac together under a single EU agency is the right way to go.
The problem is, however, that some Member States are not involved in the individual systems at all, while others have only a partial involvement. In these circumstances, I would like to ask about the extent to which the regulation before us will be binding on such Member States, and about the powers they will hold in the adoption of the legislation establishing the agency.
Despite the uncertainties, I am convinced that the creation of this agency is desirable. The agency will perform important tasks and should also be responsible for technical measures of a non-legislative nature required by these tasks. These responsibilities should be without prejudice to the legislative duties exclusively within the remit of the Commission. The agency ought to be a purely operational, rather than a political, institution. Its operations and decisions must be consistent with the legal basis adopted by the European Parliament for the three different databases.
Véronique Mathieu
(FR) Madam President, Commissioners, first of all I would like to commend the work of our colleague Mr Coelho on this very difficult issue, for which a high level of technical expertise and a tremendous amount of work and knowledge of the issue were required.
Controlling our common territory and our European borders is one of the most significant issues we must deal with, and technology, more than ever, helps to address this challenge. Over the last few years, we have indeed witnessed an unprecedented increase in European databases and the exchange of personal data. This trend which some are describing as a digital tsunami can certainly be expected to continue in coming years.
The Schengen Information System (SIS), Visa Information System (VIS) and Eurodac are today all essential instruments in ensuring the security of European citizens. Ensuring effective operational management of these databases is therefore a key issue to which it is our responsibility to provide an effective response. This response is of course a very sensitive matter, and Mr Coelho has had to cope with many legal, institutional, budgetary, political and technical hurdles and, in spite of them all, he has managed to draft a balanced text which satisfies all of the parties concerned.
The creation of this agency for the management of large-scale IT systems indeed seems to be the best way of ensuring Member States' internal security. No other institution or existing agency is currently capable of ensuring that these information systems are managed properly. The agency will help to improve the management of existing information systems, provide better synergy between databases and also enable instruments adopted in the future to be integrated.
Where to locate the seat of the agency was one of the very delicate questions which arose on this issue. Estonia and France are the only two countries to have put themselves forward as locations for the seat. France already hosts the Schengen Information System, in Strasbourg, and has been responsible for its operational management and administration since 1995; the country thus has full technical expertise.
Following the conclusions of the European Council of December 2003, which gave priority to new Member States for hosting new agencies, Estonia also wanted to welcome the seat of this future agency. I believe that a very good compromise has been reached: a sort of distribution of missions - and I will conclude here Madam President - has been achieved by transferring the seat of the agency to Tallinn. Tasks relating to governance, strategy and programme design will be carried out there, while system development and operation will take place in Strasbourg. This cost-effectiveness ratio is very well balanced, and this compromise solution in no way undermines the centralised management of IT systems.
Ioan Enciu
(RO) Madam President, I too would like to begin by commending the exceptional efforts of Carlos Coelho who, once again, has shown the outstanding expertise he has in this area.
I would like to make two comments about setting up this new agency, which I also feel is very beneficial. First of all, in the current climate where cyber attacks have started to pose a danger of paramount global importance, we must ensure that the security of the databases administered by this agency is underpinned by the highest standards. Secondly, for the time being at least, the new agency, if it were to operate, would be unable to do part of its job as the second-generation Schengen Information System (SIS II) is still a long way from being operational. This is why I am taking this opportunity to ask the Commission and the Commissioner to keep to their commitment to complete SIS II by the deadline.
Petru Constantin Luhan
(RO) Madam President, it makes natural sense to suggest setting up this agency as the Commission must not be responsible for managing these large-scale IT systems, precisely so that total transparency is ensured and any conflict of interest eliminated. Just think about the scope of this system comprising three parts - the second-generation Schengen Information System (SIS II), the Visa Information System (VIS) and Eurodac - which need a single, well-structured agency to look after them, due to their considerable importance and the interconnecting links between them.
I think that fragmented, disjointed administration would put these systems out of kilter with each other, which could have a devastating impact on the protection of personal data, on visa-related information and on asylum applications. Therefore, I wholeheartedly support the creation of this specific agency for the operational management of large-scale IT systems, as a measure to protect security and integrity in the European Union.
Indrek Tarand
Madam President, I was not intending to waste the plenary's time, but I was provoked by Mr Clark who said that another bureaucratic monster like the Stasi will be created.
I would like to remind Mr Clark that the future home of the IT agency, or whatever we call it, is Tallinn, which is not the place where the Stasi was invented. Indeed, on the contrary another 'S' word, Skype, was invented by Estonian boys and girls some years ago. Beyond that Estonia was the first country to be under real cyber-attacks in the modern age and we survived. I believe Schengen, with the free movement of European people, will survive with us as well.
Andreas Mölzer
(DE) Madam President, as we know, better cooperation and various IT systems are supposed to compensate for the removal of internal borders. So far, the only example of such a project - the Schengen Information System (SIS II) - is noteworthy only for its skyrocketing costs and repeated delays. As far as I am concerned, it is doubtful whether there is even any point in having our own IT agency. In theory, it will link together the visa databases and the digital information on asylum seekers and criminals more effectively than has been done in the past. The scale of such an IT project is made evident by the fact that the Schengen Information System (SIS) was originally designed to handle 15 million records and is now required to handle 100 million - not least because of national differences. If data cannot be coordinated within one system without problems (in other words, within SIS and SIS II), it is critical that we ask how a separate IT agency is suddenly supposed to be able to link together all the vastly different systems. It seems to me to be a very difficult task.
Miroslav Mikolášik
(SK) Madam President, it has been apparent for some time that an agency needs to be set up to manage the sprawling IT systems in the area of freedom, security and justice. This will be another step on the way towards the smoother processing and use of information within the European Union. Obviously, the agency must meet the highest EU standards of data protection in its operations, and Member States which are not part of the system should be denied access to the information. As for the agency's seat, I absolutely agree with the choice of a single centralised location, as this is the least costly solution and will make it easier for the agency's various units to work together.
Finally, I would like to say how pleased I am that the European Parliament has had an opportunity to make a major, direct contribution to the establishment of this agency, and I congratulate Mr Coelho.
Cecilia Malmström
Member of the Commission. - Madam President, forgive me for arriving late, my plane departed very late, but I know you were in the capable hands of Commissioner Barnier. Let me thank you and the rapporteur for the debate, and let me quickly answer a few of the questions.
I think Baroness Ludford asked whether the agency would cover any other IT systems. The agency will initially take over operational management of VIS and Eurodac. SIS II will also be taken over as soon as it is operational, i.e. in the first quarter of 2013. In the communication that the Commission made a few weeks ago, we also referred to the European entry/exit system and a registered travel programme. We also announced that we would conduct further consultations in the coming weeks, and this is what we will do, together with the Parliament and with the Council, regarding the communication on smart borders.
The plan is to entrust these systems, once they are in place, to the IT agency, working on the basis of the relevant instruments. I can assure Mr Albrecht that no other system will be put in place without a specific legal act, and that interoperability will not be introduced without the consent of the two co-legislators.
With regard to Mr Enciu's question on security, all safeguards are in place both from a legal and logistical point of view; I can reassure him of that. We have achieved something very worthwhile with this compromise between the three institutions. I am looking forward to this new agency becoming operational and starting work.
Carlos Coelho
Madam President, I too would like to welcome Commissioner Malmström. Before she arrived, I had occasion to remark that it is again proven that codecision is a powerful instrument, because if we still had the old system and this decision did not have codecision but was adopted unanimously by the Council, we would probably not have a decision because we would still be at a stalemate in the Council, awaiting a unanimous vote that we would never be able to attain.
I would like to say that I agree with the points made by Mr Marinescu. In fact, I would also have liked a management board with fewer members, but in these Schengen-related matters, which are based on mutual trust, it is very important that all Member States participate, and that is the only reason we have accepted a very large management board. However, it does not in fact make sense that all of our European agencies should have such large management boards.
Mrs Flašíková Beňová and Mr Mikolášik raised the question of Member State participation. The truth is that the United Kingdom decided to participate in this regulation and Ireland decided to remain outside, but what we have ensured is, first of all, that the chair of this agency can only be from a Member State that participates in all the systems managed by the agency. In other words, those Member States that participate partially are not eligible to hold the chair. Secondly, and I will end here Madam President, only Member States that participate in each of the areas have access to the information. I therefore believe that those concerns are being protected.
To end, Madam President, I would like to thank all of my fellow Members for their kind words. I think we have all been up to this challenge, and Parliament and the Council, with the help of the Commission, have demonstrated once more that we have managed to arrive at a first reading with great success in record time.
President
The debate is closed.
The vote will take place on Tuesday, 5 July 2011.
Written statements (Rule 149)
Salvatore Iacolino
Mr Coelho's report has obtained my approval in this Chamber insofar as I am convinced of the need to establish an agency for the operational management of large-scale IT systems in the area of freedom, security and justice. As the Commission itself had already stated in 2009, the management of systems such as SIS II, VIS and Eurodac, which are so complex and at the same time so crucial within the EU, cannot continue on the same temporary basis that has characterised them until today. Temporary management by the Commission cannot ensure the technical and operational capacity that, by contrast, the creation of an appropriate agency will allow. An agency will carry out its work on a continuous and constant basis, its principal duties being: the adoption of security measures, reporting and publishing, monitoring and organising specific training. I therefore fully agree with what has been decided in the report and have complete confidence that this is a further step towards ensuring that Europe remains on course to establish an integrated network for the development of security and democracy.
Kristiina Ojuland
in writing. - It has taken more than two years from the Commission's proposal to the first reading in the Parliament. The establishment of the EU IT agency is a long-awaited step towards ensuring streamlined operational management of large-scale European Union IT systems, namely SIS II, VIS and Eurodac.
However, from a long-term perspective, the agency ought also to become a centre of competence responsible for developing additional large-scale IT systems, should it be required to do so in the future and if the Parliament and the Council so decide. I am pleased that a compromise has been reached between Estonia and France to locate the seat of the agency in Tallinn, Estonia. This decision is in line with the European Council conclusions of 13 December 2003, which gave priority to the Member States that acceded to in 2004 and 2007 in the distribution of the seats of new EU offices and agencies. The agency is expected to begin work at the beginning of 2012. I therefore hope that the Parliament and the Council can adopt the regulation at first reading so that the agency can become operational on schedule.
