Smart borders: Member States seek to make law enforcement access compatible with data retention ruling

EU Member States are coming closer to defining their position on giving law enforcement authorities access to information that will be stored in the proposed Entry/Exit System, using arguments based on the Court of Justice's ruling annulling the Data Retention Directive.

The Commission published the "smart borders package" in February 2013, and since then Member States have continually reasserted the need for law enforcement authorities to have access to data stored within the proposed Entry/Exit System (EES). The package also proposed a Registered Traveller Programme and amendments to the Schengen Borders Code. Neither the Council nor the Parliament has yet reached a position with which to begin negotiations.

The EES is intended to help detect people who have stayed longer within the Schengen area than their visas permit. Under current proposals the authorities would collect biometric and other data from all non-EU nationals entering the Schengen area.

As the proposals stand the biometric data collected will include 10 fingerprints, a provision that appears to be in place specifically to benefit law enforcement authorities.

The European Data Protection Supervisor noted last July that the collection of "two or four" fingerprints "would in any case be sufficient for verification purposes," whereas 10 fingerprints "would only be needed if this pursues a different purpose, i.e. the identification of traces in a law enforcement purpose." [1]

This is precisely the intention of the majority of Member States, who wish to see law enforcement access to the system permitted from the start of its operations. The proposal as published foresees a two-year wait before this option is evaluated.

The Court of Justice's (CJEU) ruling on the Data Retention Directive called into question the mass retention of personal data, but a June note from the Italian Presidency proposes a way for the EES to meet the judgment's requirements.

The CJEU declared the Directive invalid because:

"[T]he wide-ranging and particularly serious interference of the directive with the fundamental rights at issue is not sufficiently circumscribed to ensure that that interference is actually limited to what is necessary." [2]

A June note from the Italian Presidency recognises the need to "take into account" the judgment and argues that using the EES for:

"[T]he purpose of prevention, detection and investigation of terrorist offences or of other serious criminal offences would constitute a tool to fight terrorism and serious crime and therefore genuinely pursues an objective of general interest to the EU.

"However, in the light of the judgement, any access for law enforcement purposes to the EES should be made possible only in so far as is strictly necessary and with the necessary safeguards in relation to the protection of personal data." [3]

The note goes on:

"[T]he draft Regulation should lay down clear and precise rules governing the scope and application of the measure in question and impose minimum safeguards so that the persons whose data have been retained have sufficient guarantees for the effective protection of their personal data against the risk of abuse and against any unlawful access and use of that data."

It does not address paragraph 59 of the judgment, which says that:

"[W]hilst seeking to contribute to the fight against serious crime, Directive 2006/24 does not require any relationship between the data whose retention is provided for and a threat to public security and, in particular, it is not restricted to a retention in relation (i) to data pertaining to a particular time period and/or a particular geographical zone and/or a circle of particular persons likely to be involved, in one way or another, in a serious crime, or (ii) to persons who could, for other reasons, contribute, by the retention of their data, to the prevention, detection of prosecution of serious offences." [4]

In a similar vein, a recent study for the Parliament's Greens/EFA group examining the impact of the data retention judgement on other EU databases and data-gathering schemes argued that:

"[T]he taking of all 10 fingerprints happens usually in cases where persons are suspected of a crime… Treating third country travellers like suspected persons certainly has a discriminatory effect and it is questionable whether this can be properly justified in light of Article 7 and 8 [of the Charter of Fundamental Rights]... the stigmatizing effect of having taken all ten fingerprints needs to be duly evaluated." [5]

This point also goes unaddressed by the Presidency's note.

Assuming that legislation is agreed, the majority of Member States are in favour of providing law enforcement access to the EES from the start of operations. The details of national authorities' opinions remain largely unknown, although Statewatch has obtained documents drafted by the French and Estonian authorities.

In July 2013 the Lithuanian Presidency issued a questionnaire seeking Member States' opinions on law enforcement use of data contained in national entry/exit systems. The responses are contained in an October 2013 document, but the Council has censored the vast majority of the content.

According to the summary:

"The replies provide solid evidence that access to national entry and exit systems (NEES) is an effective tool to prevent, detect, investigate, and prosecute criminal offences, especially in such areas as facilitated illegal immigration, trafficking in human beings, terrorism, drug smuggling, money laundering, smuggling of excise goods or trafficking in stolen vehicles." [6]

The questionnaire sought examples of cases that "had strong resonance in society," recalling the approach suggested in 2011 by some Member States seeking to justify the Data Retention Directive:

"[T]he necessity to store such data could not be argued on the basis of statistical data… the gravity of the offences investigated thanks to traffic data, rather than the mere number of cases in which traffic data were used should receive due attention. Quantitative analysis should be complemented with qualitative assessment." [7]

Some of the issues raised in the Presidency's note were due to be discussed at a July meeting of the Working Party on Frontiers, [8] but minutes have not yet been published

Further reading


[1] European Data Protection Supervisor, 'Opinion on the Proposals for a Regulation establishing an Entry/Exit System (EES) and a Regulation establishing a Registered Traveller Programme (RTP)', 18 July 2013
[2] Court of Justice of the European Union, 'The Court of Justice declares the Data Retention Directive to be invalid', press release, 8 April 2014
[3] Presidency, 'Access for law enforcement purposes', 10720/14, 12 June 2014
[4] Court of Justice of the European Union, 'Judgment of the Court (Grand Chamber) In Joined Cases C-293/12 and C-59-4/12', 8 April 2014
[5] Franziska Boehm and Mark D. Cole, 'Data Retention after the Judgement of the Court of Justice of the European Union', 30 June 2014
[6] Presidency, 'Access for law enforcement purposes: Summary of the replies to the questionnaire', 13680/13, 10 October 2013
[7] Working Party on Data Protection and Information Exchange, 'Summary of discussions', 10806/11, 30 May 2011
[8] General Secretariat of the Council, 'Working Party on Frontiers/Mixed Committee', provisional agenda, CM 3546/14, 9 July 2014

Support our work by making a one-off or regular donation to help us continue to monitor the state and civil liberties in Europe.

Search our database for more articles and information or subscribe to our mailing list for regular updates from Statewatch News Online.

We welcome contributions to News Online and comments on this website. Please feel free to get in touch.

Home | News Online | Journal | Observatories | Analyses | Database | SEMDOC | About Statewatch

© Statewatch ISSN 1756-851X. Personal usage as private individuals/"fair dealing" is allowed. We also welcome links to material on our site. Usage by those working for organisations is allowed only if the organisation holds an appropriate licence from the relevant reprographic rights organisation (eg: Copyright Licensing Agency in the UK) with such usage being subject to the terms and conditions of that licence and to local copyright law.