EU: European Data Protection Supervisor: interoperability of biometric databases poses fundamental risks and must be widely debated
16 April 2018
Support our work: become a Friend of Statewatch from as little as £1/€1 per month.
EU
European Data Protection Supervisor: interoperability of biometric databases poses fundamental risks and must be widely debated
16.4.18
Follow us: 
| 
| Tweet
In an opinion published today the European Data Protection Supervisor (EDPS) warns that the European Commission's proposals to interconnect the EU's large-scale biometric databases would "change the way in which fundamental legal principles in this area have traditionally been interpreted," and calls for a "wider debate on the future of information exchange in the EU, the governance of interoperable databases and the safeguarding of fundamental rights."
See: EDPS calls for wider debate on the future of information sharing in the EU (press release, pdf) and: Opinion 4/2018 on the Proposals for two Regulations establishing a framework for interoperability between EU large-scale information systems(pdf)
In December 2017 the European Commission published proposals for two Regulations that would enable the 'interoperability' of existing and future large-scale databases - the Schengen Information System (SIS), Eurodac, the Visa Information System (VIS), the Entry/Exit System (EES), the European Travel Information and Authorisation System (ETIAS) and the European Criminal Records System for Third-Country Nationals (ECRIS-TCN) - which provoked an EDPS reflection paper raising fundamental questions over the plans.
The EDPS opinion published today analyses those proposals in detail and raises a series of concerns that, according to the EDPS, create the need for "a wider debate on this issue before considering further steps in the implementation of the Commission's proposals on interoperability."
One of the key issues highlighted in the opinion concerns the use of existing data for new purposes through the creation of a Centralised Identity Register (CIR), which "will store data about all third country nationals that have crossed or are considering crossing the EU borders (with a few exceptions), i.e. millions of people... [the EDPS] notes that the Proposals provide for the possibility to use the systems more extensively, i.e. beyond the specific purposes for which they have been established. In particular, the data stored in the different systems will be gathered in order to combat identity fraud but also to facilitate and allow identity checks within Member States' territory" (emphasis added).
With regard to combating identity fraud, the EDPS notes that the Commission's proposal "neither explains nor estimates the scale of the problem nor provides for cases of identity fraud competent authorities have been confronted with. Without further indications on the existence of identity fraud, it is difficult to ensure that the measure proposed is appropriate and proportionate."
A warning is also offered over the possibility of using the CIR to facilitate identity checks - the purposes of "combating irregular migration and contributing to a high level of security" listed in the proposal are, according to the EDPS, "too broad" and do not fulfil the need for strictly defined and restricted objectives, something that Court of Justice case law has set out as a basic requirement for any legislation impinging upon individual rights.
Furthermore, the conditions under which authorities would be given access to the CIR for carrying out identity checks need to be "further defined" and "should only be allowed where access for the same purpose to similar national databases (e.g. register of nationals/residents) exist and under equivalent conditions... Otherwise, the Proposals would clearly seem to establish a presumption that third country nationals constitute by definition a security threat," warns the EDPS (emphasis added).
Other key recommendations concern the use of the ECRIS-TCN, access to data for law enforcement purposes and privacy by design and default. A host of specific recommendations on particular articles of the proposals are also provided. Whether they will be taken into account by the legislators - who as with so many other proposals concerning justice and home affairs hope to turn them into law as soon as possible - remains to be seen.
See: EDPS calls for wider debate on the future of information sharing in the EU (press release, pdf) and: Opinion 4/2018 on the Proposals for two Regulations establishing a framework for interoperability between EU large-scale information systems(pdf)
Search our database for more articles and information or subscribe to our mailing list for regular updates from Statewatch News Online.
Our work is only possible with your support.
Become a Friend of Statewatch from as little as £1/€1 per month.
Spotted an error? If you've spotted a problem with this page, just click once to let us know.