Doctoral Researcher, University of Luxembourg
‘A single, overarching EU information system with multiple purposes would […] constitute a gross and illegitimate restriction of individuals’ right to privacy and data protection’.
European Commission Communication, 2010
Seven years after the above Communication was published, the Commission proposed, in December 2017, two Regulations on establishing a framework for Interoperability between EU information systems, which was adopted in May 2019. Under the Interoperability Regulations all currently operating and recently adopted (not yet established) EU large-scale information systems are supposed to be interconnected by 2020.
What has triggered the Commission’s ‘Copernican Revolution’, compared to the view expressed in the 2010 Communication? Certainly, the terrorist attacks in European cities, the so-called ‘migration crisis’ and the rise of populism across Europe contributed to this change of standpoint: The pressure on the Commission, mainly from the Council, to put forward legislative proposals to close the remaining information gaps between information systems was decisive.
That was also one of the reasons why the Interoperability Regulations were adopted in a relatively short period of time and without major amendments, leaving doubt on whether the legislator had been aware of the consequences that such an interconnected system would bring. The political pressure from the Member States, the desire to adopt the proposals before the 2019 European Elections and the opportunity to demonstrate that ‘action was taken’ to protect the external borders, were clear incentives to push the adoption of the two Regulations.
The Interoperability system is supposed to only hold personal data of Third Country Nationals (TCNs) whereas personal data of EU citizens shall be excluded from storage (See Groenendijk’s blog in this Forum). Would this in turn mean that the illegitimate restriction of individuals’ right to privacy and data protection could be justifiable when dealing with data of non-EU citizens, as those individuals might pose a threat to the Union’s internal security? In particular, the aftermath of the ‘migration crisis’ in 2015 set the focus of such narrative on individuals who came to the EU Member States to seek international protection.
Law Enforcement Access to Personal Data of Asylum Seekers
The instrumentalization of irregular migrants and of persons seeking international protection in the EU as threat to the Union’s internal security led to the use of AFSJ databases that had initially been established for asylum or visa purposes also for the prevention and investigation of terrorism and other forms of serious crime. Hence, the legal bases of those databases that store personal data of individuals applying for visas or asylum were revised in order to grant access by law enforcement authorities.
Personal data of asylum seekers are mainly held in Eurodac. This system stores fingerprints and reference numbers of persons seeking international protection in the EU, to assist in determining the Member State responsible for processing an asylum application. Eurodac is operational since 2003, albeit under a revised legal framework. The recast Eurodac Regulation, which was adopted in 2013 (after four proposals) established the basis for national law enforcement authorities as well as for Europol to request access to the system for the prevention, detection and investigation of terrorist offences and other serious criminal offences. At the moment, law enforcement access to Eurodac requires a prior check in relevant national databases as well as in the Visa Information System (VIS).
The proliferation of EU databases that is taking place since 2015 also includes the (ongoing) revision of Eurodac. Besides expanding the scope of the database, the 2016-Eurodac proposal foresees adding new categories of data subjects to be stored in the system, including data of every TCN of at least six years of age who is found staying illegally within EU territory. The proposal is an indicator for Eurodac’s change of purpose into a system that is supposed to be used for wider immigration purposes, including the return of irregular migrants. The revision might be seen as codifying a general suspicion against asylum seekers.
It comes as no surprise that Eurodac will be searchable via the interoperability components by competent (law enforcement) authorities. The safeguard of checking national databases and the VIS prior to granting law enforcement access to Eurodac was abandoned. As Carrera’s blog points out, via the interoperable components, national police authorities will, during random identity checks, be able to see in which database(s) a person has been registered. Hence, a police officer could check the Interoperability system during stop and search measures in order to check whether a person is stored in Eurodac (i.e. applied for asylum or stayed in the EU irregularly) and draw unjustified conclusions about that person.
Despite all this, the statistics show that law enforcement authorities barely use the access possibilities granted to them regarding Eurodac. Consequently, necessity and proportionality of such access rights are not attained.
Understanding of the System and their Rights
Because of their reliability and the ability to uniquely identify a natural person, biometrics (such as fingerprints and facial images) will be an essential means in the interoperable system to cross-match personal data. The increased use of biometric data is supposed to improve the accurateness of searches. On the one hand, reliable results could benefit the work of competent authorities, while helping persons in need of international protection to proof their identity.
On the other hand, asylum seekers may be very reluctant to provide their fingerprints due to negative connotations or past experiences with authorities in autocratic states. Moreover, the sharing of personal data in an interoperable system and between various authorities generates concerns regarding the quality of the data that are being inserted into the underlying databases. While for travellers, the consequences of false matches might be negligible, the incorrect identification of asylum seekers may affect the outcome of their application for international protection.
Article 5 of the Interoperability Regulations is a non-discrimination clause, which applies horizontally and prohibits the processing of personal data that results in discrimination. That provision makes specific reference to persons in need of international protection. However, whether asylum seekers are actually aware of their rights is doubtful, as may be observed in the low number of access requests submitted with regard to EU databases. Hence, compared to criminal databases (such as the Schengen Information System, SIS), access requests to the VIS and Eurodac remain low. In addition, there is no information available on the actual replies that were provided to individuals requesting access to their personal data.
While understanding the interoperable system is already challenging for experts working in the field of EU databases, one can only imagine the difficulties that asylum seekers would experience trying to understand the interconnected regime of databases, how to exercise their rights, or what negative consequences they might face when submitting incorrect information. Moreover, data protection or privacy might not be the primary concern of individuals coming from war areas, or countries where those rights were either non-existing or not respected.
This might lead to a situation where the increased connectivity of EU databases will allow more authorities to have access to the system, while those whose data are stored in the databases might be less and less capable of understanding and exercising their data subject rights.
Comment: Why we should care about the Privacy of Asylum Seekers
Interoperability pursues a ‘complete information awareness approach’ concerning (so far) TCNs crossing the external borders of the Schengen Area, by connecting all existing and anticipated EU information systems. Certain data that were previously stored separately in databases that had been established for different purposes and with different access conditions shall be retained centrally in an interconnected system, which will provide streamlined law enforcement access.
With regard to personal data of asylum seekers, the sharing of information about them in an interoperable system and between various authorities generates concerns regarding the traceability of the initial input source. This will make it more difficult for those individuals to claim their fundamental rights. Hence, the intertwinedness of processing operations in the interoperable system carried out by different authorities and on different levels could impact access to justice of individuals in already vulnerable conditions.
Furthermore, the multitude of authorities and Agencies having access to the EU databases makes it difficult for individuals to know who is responsible for processing their personal data and whom to contact in case of doubts concerning the correctness of their data. In addition, different data protection regimes apply to the processing of personal data carried out by EU Agencies such as Europol, Frontex/Eurojust/EASO. This may cause gaps regarding the protection of personal data where the EU Agencies exchange information among each other, or with national authorities. The latter apply yet another data protection framework.
Interoperability will diminish some important safeguards for access authorization, for instance, by abandoning the cascading system of checking national systems prior to requesting access to the EU databases. Such prior checks are an important requirement, in particular, for granting law enforcement access to Eurodac. At the time of its establishment, Eurodac’s primary purpose was the support of the Dublin System. However, over time, access for law enforcement authorities was first granted, then proposed to be expanded to additional categories of data and finally streamlined under the Interoperability Regulations.
So why should we care? It seems as if there is an increasing convergence between migration and criminal law, between law enforcement authorities and those with border guard functions. The re-framing of asylum seekers and refugees as ‘suspects’ or quasi-criminals is contrary to the obligation not to criminalise people seeking international protection in light of Article 31 of the 1951 Geneva Convention.
During random identity checks, national police officers could, without any prior access verification, query the interoperable system and receive a reply that would indicate in which underlying database(s) a person’s information are stored. In a nutshell, Interoperability will transform the underlying databases from search databases into investigative systems that allow ad hoc searches of anyone who looks suspicious. Ultimately, stop and search measures carried out by national police to identify individuals in the interoperable system could not only target TCNs, but anyone in the EU who corresponds to the notion of an ‘irregular migrant’.
Eventually it won’t require much of an effort to expand the interoperable system and connect it with further databases that hold, for instance, financial data, PNR data or data from social media accounts. This is why we should care.