25 April 2018
Support our work: become a Friend of Statewatch from as little as £1/€1 per month.
Fundamental Rights Agency: interoperability will give authorities unwarranted access to additional personal data
Follow us: | | Tweet
According to the FRA (emphasis added):
"The starting point of the proposals is that interoperability does not affect access rights to the data held in the underling [sic] systems. In other words, through interoperability an officer would not be authorised to see more data on an individual than what he or she can currently access. There are, however, some exceptions to this."
Those exceptions include, amongst other things, giving police officers who carry out checks on individuals "for any public security or public reasons reasons (as decided by Member States)" access to "all identity data stored on the individual in the IT systems without flagging which system(s) contain it"; and giving asylum and migration authorities information on "the presence of an applicant in the SIS [Schengen Information System]" when they create or update an entry in the Eurodac system.
FRA: Commission's claims are incorrect
"Today's proposal does not modify the rights of access what it does is simplify and streamline the processes to access the data, ensuring that there is more systematic consultation of and checks against the data available and that it is available to authorised users more swiftly and efficiently."
According to the FRA, this is not the case. In its opinion, the agency argues (emphasis added):
"A careful analysis is called for to assess whether or not it can be justified to make these additional data visible to authorities who would otherwise not have access to these in light of the principle of purpose limitation enshrined in Article 8 of the Charter. While this is debatable for some of the cases listed in the MID [Multiple Identity Detector] (see Table 1), the broad access to personal identity data on an individual stored in one of the IT systems suggested in Article 20 entails a high risk that the data may be used for purposes that were not initially envisaged."
The agency also highlights a number of other fundamental rights affected by the proposals but which are given "little visibility" in the Commission's texts: the right to asylum guaranteed in Article 18 of the Charter of Fundamenal Rights; the right to protection in the event of removal, expulsion or extradition (Article 19 of the Charter); the rights of the child (Article 24); and the right to an effective remedy and to a fair trial (Article 47).
Interoperability: long-term implications
Furthermore, the FRA makes clear that there are "possible longer-term implications of interoperability," as the current proposals are supposed to serve as the foundation for future developments.
This includes the potential integration of the national DNA, fingerprint and vehicle registration databases that make up the Prüm system; and the inclusion of data from the forthcoming network of Passenger Information Units that will profile all air passengers leaving, entering or travelling within the EU as part of the Passenger Name Record (PNR) Directive.
Beyond this, the agency raises the possibility of an integrated surveillance system distributed throughout society (emphasis added):
"Although not yet on the table for the EU, in the longer-term, particular as face-recognition technology develops, it is also conceivable that it will be technically possible to match faces recorded on videos taken from surveillance cameras installed, for example, at the entrance of a shopping mall against biometric pictures stored in IT systems. In future, authorities may wish to seize this opportunity to combat irregular migration, crime and/or terrorism. This would raise very serious and new necessity and proportionality questions."
A previous FRA report took a broader look at the use of biometrics in EU databases: Under watchful eyes: biometrics, EU IT systems and fundamental rights (pdf)
The European Data Protection Supervisor has also weighed in on the debate on interoperability, arguing in a recent opinion that the Commission's proposals would "change the way in which fundamental legal principles in this area have traditionally been interpreted," something that requires a "wider debate on the future of information exchange in the EU, the governance of interoperable databases and the safeguarding of fundamental rights."
Spotted an error? If you've spotted a problem with this page, just click once to let us know.
Statewatch does not have a corporate view, nor does it seek to create one, the views expressed are those of the author. Statewatch is not responsible for the content of external websites and inclusion of a link does not constitute an endorsement. Registered UK charity number: 1154784. Registered UK company number: 08480724. Registered company name: The Libertarian Research & Education Trust. Registered office: MayDay Rooms, 88 Fleet Street, London EC4Y 1DH. © Statewatch ISSN 1756-851X. Personal usage as private individuals "fair dealing" is allowed. We also welcome links to material on our site. Usage by those working for organisations is allowed only if the organisation holds an appropriate licence from the relevant reprographic rights organisation (eg: Copyright Licensing Agency in the UK) with such usage being subject to the terms and conditions of that licence and to local copyright law.