EU: Fundamental Rights Agency: interoperability will give authorities unwarranted access to additional personal data

Support our work: become a Friend of Statewatch from as little as £1/€1 per month.

EU  
Fundamental Rights Agency: interoperability will give authorities unwarranted access to additional personal data
25.4.18
Follow us: | | Tweet


Interconnecting the EU's policing and migration databases would make "additional data visible to authorities who would otherwise not have access," according to the EU's Fundamental Rights Agency (FRA), despite the Commission's claims that its "interoperability" proposals would make no such changes.

See: Interoperability and fundamental rights implications: Opinion of the European Union Agency for Fundamental Rights (pdf)

According to the FRA (emphasis added):

"The starting point of the proposals is that interoperability does not affect access rights to the data held in the underling [sic] systems. In other words, through interoperability an officer would not be authorised to see more data on an individual than what he or she can currently access. There are, however, some exceptions to this."

Those exceptions include, amongst other things, giving police officers who carry out checks on individuals "for any public security or public reasons reasons (as decided by Member States)" access to "all identity data stored on the individual in the IT systems without flagging which system(s) contain it"; and giving asylum and migration authorities information on "the presence of an applicant in the SIS [Schengen Information System]" when they create or update an entry in the Eurodac system.

FRA: Commission's claims are incorrect

In December 2017, when it proposed two regulations concerning the interoperability of the EU's large-scale databases in the field of justice and home affairs, the European Commission stated:

"Today's proposal does not modify the rights of access – what it does is simplify and streamline the processes to access the data, ensuring that there is more systematic consultation of and checks against the data available and that it is available to authorised users more swiftly and efficiently."

According to the FRA, this is not the case. In its opinion, the agency argues (emphasis added):

"A careful analysis is called for to assess whether or not it can be justified to make these additional data visible to authorities who would otherwise not have access to these in light of the principle of purpose limitation enshrined in Article 8 of the Charter. While this is debatable for some of the cases listed in the MID [Multiple Identity Detector] (see Table 1), the broad access to personal identity data on an individual stored in one of the IT systems suggested in Article 20 entails a high risk that the data may be used for purposes that were not initially envisaged."

The agency also highlights a number of other fundamental rights affected by the proposals but which are given "little visibility" in the Commission's texts: the right to asylum guaranteed in Article 18 of the Charter of Fundamenal Rights; the right to protection in the event of removal, expulsion or extradition (Article 19 of the Charter); the rights of the child (Article 24); and the right to an effective remedy and to a fair trial (Article 47).

Interoperability: long-term implications

Furthermore, the FRA makes clear that there are "possible longer-term implications of interoperability," as the current proposals are supposed to serve as the foundation for future developments.

This includes the potential integration of the national DNA, fingerprint and vehicle registration databases that make up the Prüm system; and the inclusion of data from the forthcoming network of Passenger Information Units that will profile all air passengers leaving, entering or travelling within the EU as part of the Passenger Name Record (PNR) Directive.

Beyond this, the agency raises the possibility of an integrated surveillance system distributed throughout society (emphasis added):

"Although not yet on the table for the EU, in the longer-term, particular as face-recognition technology develops, it is also conceivable that it will be technically possible to match faces recorded on videos taken from surveillance cameras – installed, for example, at the entrance of a shopping mall – against biometric pictures stored in IT systems. In future, authorities may wish to seize this opportunity to combat irregular migration, crime and/or terrorism. This would raise very serious and new necessity and proportionality questions."

A previous FRA report took a broader look at the use of biometrics in EU databases: Under watchful eyes: biometrics, EU IT systems and fundamental rights (pdf)

The European Data Protection Supervisor has also weighed in on the debate on interoperability, arguing in a recent opinion that the Commission's proposals would "change the way in which fundamental legal principles in this area have traditionally been interpreted," something that requires a "wider debate on the future of information exchange in the EU, the governance of interoperable databases and the safeguarding of fundamental rights."

Search our database for more articles and information or subscribe to our mailing list for regular updates from Statewatch News Online.

Our work is only possible with your support.
Become a Friend of Statewatch from as little as £1/€1 per month.

 

Spotted an error? If you've spotted a problem with this page, just click once to let us know.

Report error