FantasticSearch

1. In relation to the processing of data in the shared BMS, the Member State authorities that are controllers for Eurodac, SIS and ECRIS-TCN respectively, shall be controllers in accordance with point (7) of Article 4 of Regulation (EU) 2016/679 or point (8) of Article 3 of Directive (EU) 2016/680 in relation to the biometric templates obtained from the data referred to in Article 13 of this Regulation that they enter into the underlying systems and shall have responsibility for the processing of the biometric templates in the shared BMS.

2. In relation to the processing of data in the CIR, the Member State authorities that are controllers for Eurodac and ECRIS-TCN respectively, shall be controllers in accordance with point (7) of Article 4 of Regulation (EU) 2016/679 or point (8) of Article 3 of Directive (EU) 2016/680 in relation to data referred to in Article 18 of this Regulation that they enter into the underlying systems and shall have responsibility for the processing of those personal data in the CIR.

3. In relation to the processing of data in the MID:

(a) the European Border and Coast Guard Agency shall be a data controller within the meaning of point (8) of Article 3 of Regulation (EU) 2018/1725 in relation to the processing of personal data by the ETIAS Central Unit;

(b) the Member State authorities adding or modifying the data in the identity confirmation file shall be controllers in accordance with point (7) of Article 4 of Regulation (EU) 2016/679 or point (8) of Article 3 of Directive (EU) 2016/680 and shall have responsibility for the processing of the personal data in the MID.

4. For the purposes of data protection monitoring, including checking the admissibility of a query and the lawfulness of data processing, the data controllers shall have access to the logs referred to in Articles 10, 16, 24 and 36 for self-monitoring as referred to in Article 44.