EU Data protection working party criticise proposals on VIS (Visa Information System)
The EU's Article 29 Data Protection Working Party has issued a critical report on the proposed Regulation on the Visa Information System (VIS). The report opens by saying:
"The project of setting up a central database and a system of exchange of information concerning short-stay visas raises important questions for fundamental rights and freedoms of individuals and in particular their right to privacy.
It will lead to a massive collection and processing of personal and biometric data, their storage in a centralised database and to large scale exchanges of information concerning a huge number of persons."
It notes that the VIS central database is intended to deal with 20 million visa applications a year resulting in 70 million set of fingerprint data within five year (an estimated 30% will be frequent visitors).
Fingerprinting for visas will be compulsory and:
"links will be established with other applications possibly submitted by the same individual and already recorded in the VIS as well as with the data of individuals travelling in a group and with people providing accommodation in the EU countries requiring the visas.."
The issue of the data being used for other purposes is of great concern:
"the use of the system for multiple purposes is related to the objective of achieving enhanced interoperability between European databases and creating synergies between, namely, SIS II, VIS and Eurodac."
The legal basis of the proposal is questioned, in particular whether the obligation to provide data requires a specific, detailed legal instrument or whether the legal power to collect personal data, in compliance with Article 6 of the 1995 Directive, can be provided by an amendment to the Common Consular Instructions (issued to EU member states embassies abroad).
Proportionality and purpose
The question of "purpose(s) of the processing is paramount". In order to be lawful:
"personal data must be collected only for specified, explicit and legitimate purposes, may not be further processed in a way that is incompatible with those purposes, must be adequate, relevant and not excessive in relation to the purposes for which they are collected and further processed." (emphasis in original)
The Working Party is thus particularly concerned about what "would appear to refer to other purposes" (letters a-f in Article 1 para 2 of the VIS proposal). Specifically where:
"the reference to threats to internal security is concerned, this seems to be a broad, cross-sectoral purpose, which is already pursued by the many tools available for police cooperation - including the SIS and must be referred to only in the light of the main purpose of the VIS - which is and must remain that of improving the common visa policy, and therefore may only be deployed insofar as it is compatible with the said policy.
facilitate checks at external border and within the territory; assist in the identification and return of illegal immigrants; facilitate the application of Regulation (EC) No. 343/2003; these purposes would not appear to be in line with the first requirement set forth in Article 8 of the ECHR, as they are not included in the measures that may be adopted by having regard to the legal basis underlying the proposal."
and this extends to:
purpose of examination of applications, Article 13;
purposes of consultation between authorities, Article 14;
purposes of reporting and statistics, Article 15; and
purposes of identification, Article 16 and 17).
The Working Party says that:
"This multiplicity of purposes should be reconsidered in order to meet specific requirements that should not be in contradiction with the essence of the purpose limitation principle."
and concludes that:
"In the light of Article 6 of the Directive, the purposes of the data processing involved should be closely defined and limited to the need for improving the common visa policy, and that the wording of the proposal should be amended accordingly. The purpose of the processing would be in line with the legal bases used by the Commission to put forward its proposal, namely Article 62.2.b, ii and Article 66 TEC."
Applicant's nationality at birth - should be deleted
The Working Party says that the:
"the applicants nationality at birth (in addition to the current one) as requested in Article 6 is of no relevance to the implementation of the common visa policy and may actually give rise to unlawful discrimination between applicants that are nationals of the same third country. The Working Party therefore requests its deletion from Article 6."
Linking to other applications
The draft in Letter d. of the proposal refers to: "links to other applications". This:
"requires legal regulations to specify its scope and the attending safeguards. In particular, interlinking of information might allow users to access information to which they are not entitled. There should be safeguards in place to ensure that the interlinking does not change the existing access rights to the different categories of data in the VIS."
Specific problems with biometrics
Due to the sensitivity of the biometric data the Working Party asks:
what studies of the scale and seriousness of these phenomena revealed compelling reasons of public safety or public order that would justify such an approach, and whether alternative approaches that did not involve such risks had been or could be studied.
and the principle of proportionality :
"inevitably, therefore, begs the question of the fundamental legitimacy of collecting these data and does not only concern the processing procedures (modes of access, storage period etc.)
"attention should also be drawn to the possible expansion of the access scope to include entities other than those that had been envisaged initially."
Data being used that are incompatible with the original purpose
"There have to be particularly rigorous checks if these biometric data are to be stored in a centralised database, as this would substantially increase the risk of the data being used in a manner that was disproportionate to or incompatible with the original purpose for which they were collected."
Moreover, reliability problems might arise:
"Reliability problems might arise from the creation of such a large database, both in terms of accesses and in terms of false-positive and/or false-negative findings with potentially harmful consequences for the persons concerned."
Use of data by other authorities
The report is particularly concerned about the use of data by authorities "other than those competent for the issuing of visas" (p15):
"its use should be limited to the essential purposes inherent in the common visa policy.."
"Other purposes" are, it is noted, related to public security which are pursued by other information systems (eg: SIS).
The Working Party is particularly concerned about the Council Conclusions of 7 March 2005 whereby:
"access, for the purpose of consultation, should be guaranteed to Member States authorities responsible for internal security in the course of their duties in relation to the prevention, detection and investigation of criminal offences, including terrorist acts and threats.
Said access is to be allowed via an ad-hoc proposal based on Title VI of the TEU, which the Commission is required to submit with a view to its adoption within the same time frame as of the Regulation on the VIS.
The purposes of data processing within the VIS should be, as stated before, the implementation of the visa policy. Access to VIS data should therefore be envisaged, as a matter of principle, only by public authorities in charge of implementing such policy, and the technical specifications should be designed accordingly to serve that purpose and to allow access to those authorities....
Access by other authorities could only be legitimate on an ad hoc basis, in specific circumstances and subject to appropriate safeguards. Any rule allowing systematic or routine access would clearly go beyond what may be considered as a necessary measure in a democratic society and would not be deemed lawful.
Accordingly, the technical specifications for accessing the data in the VIS system should be designed in order to exclude such routine access by other authorities and for other purposes. Even less should the system be technically shaped to allow certain types of access that would only be useful for those other purposes." (emphasis added)
The "interoperability" of VIS and SIS II
Equally the Working Party is concerned at the planned "interoperability" between SIS II, VIS and Eurodac (or the creation of "synergies" in Brussels-speak):
"It must be quite clear that the basic concept of the legitimate and proportionate collection of data from an individual and further processing of such data for a precise, legitimate, purpose (i.e. issuing a Schengen visa) should not leave room to the concept of a data base that can be shared by different authorities to pursue different purposes.
Interoperability should never lead to a situation where an authority, not entitled to access or use certain data, can obtain this data via another information system."
Finally, because of the complexity of VIS, the lack of information, and the "synergies", the Working Party says that the implementation of the Regulation should not be the subject of the comitology procedure (which is largely hidden from public view and debate) but should be the subject of primary legislation:
"There are several sensitive issues that should not be decided upon exclusively by means of a comitology procedure in the light of their impact of fundamental rights including the protection of personal data as well as in the absence of the clarification requested.
Therefore, the ultimate decision on all issues liable to impact on fundamental rights and personal data protection should be left to an instrument of primary legislation, which can better ensure careful assessment of the proportionality of the measures in question."
1. Regulation on VIS, Working Party report no 110, 23 June 2005
2. WP 96 (11.8.04)
3. Statewatch report: VIS unworkable
4. Statewatch report: 1984
Statewatch News online | Join Statewatch news e-mail list | Download a free sample issue of Statewatch bulletin
Statewatch does not have a corporate view, nor does it seek to create one, the views expressed are those of the author. Statewatch is not responsible for the content of external websites and inclusion of a link does not constitute an endorsement.