09 May 2018
A "non-paper" issued by the Bulgarian Presidency of the Council of the EU is seeking Member States' views on a number of issues related to interoperability, including proposals from national authorities for "substantial changes" to the Entry/Exit System which "may lead to significant delay in the start of operation of the system" and "higher complexity and cost for development," but with "no guarantee that they will deliver the desired result/effect."
Support our work: become a Friend of Statewatch from as little as £1/€1 per month.
NOTE from: Presidency to: Delegations: Proposals for Regulations on interoperability - Presidency non-paper (8242/18, 27 April 2018, pdf)
Other issues raised include the role of Frontex in verifying different alerts generated by the 'Multiple Identity Detector' (MID) that the interoperability proposals would introduce; what information should be held in the logs generated by the system and to whom they should be available, considering that intelligence agencies will be using the system; the possibility of automatically adding "red link" and "white link" data from the MID to the Schengen Information System; and the retention period for "red links".
According to the Commission's proposals on interoperability, issued in December, a "white link" is "confirmation that the different biographical identities belong to the same person", while a "red link" is an alert based on the "suspicion that different biographical identities are unlawfully used by the same person".
The "links" will be generated by the Multiple Identity Detector, which would compare data held in the 'Central Identity Repository' - a massive database of biometric and biographical data on non-EU nationals.
The note summarises the process in the Council to date - there have been seven meetings of the Working Party on Data Protection and Information Exchange (DAPIX) as well as a "policy debate" in the Justice and Home Affairs Council in March.
At the DAPIX meeting in mid-April:
"a large number of Member States asked the Presidency to convene an additional meeting in DAPIX format before handing over the file to JHA Counsellors level, to further discuss some outstanding issues."
This meeting was due to be held on 2 May, and the note deals with issues on the agenda for that meeting.
1. EES process and interoperability
The Entry/Exit System will gather biometric and biographical data on all non-EU nationals who do not require a visa to enter the Schengen area for a short stay and will be used to track their movements into and out of the Schengen area, as well as for generating alerts on "overstayers". The Regulation governing the system entered into force in December 2017 and the system is due to come into use in 2020.
In recent meetings of the 'Smart Borders Committee', made up of national representatives who assist the Commission in developing and implementing the system:
"Member States made a number of proposals for substantial changes in relation to interoperability that will impact the EES process in practice, for example the proposal to change EES to reduce the response time of the systems by parallel searches in VIS and EES, or the cashing [sic] of fingerprint identification results.
These suggested changes cannot be achieved through consequential amendments for interoperability purpose. Moreover, such substantial changes made during the development phase of EES may lead to significant delay in the start of operation of the system. At the same time, there is no guarantee that they will deliver the desired result/effect, but it is quite clear that this will lead to higher complexity and additional cost for development." (emphasis added in all quotes)
2. Data retention of red links
"At the Working Group meetings, several delegations asked for a longer data retention period for the red links, while the Commission opposed such proposal. The Presidency has already increased the data retention period by including a new paragraph in Article 23 stipulating that 'where a red link is stored in the MID, the linked data referred to in Article 18(1), (2) and (2a) shall be stored in the CIR for as long as the corresponding data are stored in at least one of the information systems from which the linked data originates'. In effect, this would lead to a data retention period of 10 years, if the data originates from ECRIS. Providing for a fixed period in the legislative act was not chosen as a possible solution because every fixed period should be well-justified in order not to be assessed by the Court of Justice of the European Union as arbitrary and disproportionate. Therefore, the Presidency has suggested linking the retention period with the retention period of the systems from which the data originate."
3. Automated addition of data to a SIS alert in case of a red or white link
"When querying the SIS Central System, users are informed if red or white links exist. However, when querying N.SIS, police officers may not see that information. There are several possible solutions to this issue that were presented by Member States. One of them includes automated copying of data from CIR to the SIS alert. This raises certainly technical, legal and data protection concerns. For instance, not all Member States operate national SIS copies and there are no guarantees that N.SIS can process an increased volume of data. Moreover, this also raises data protection issues connected to the automatic copying of data, as well as the use of data for a different purpose that require appropriate legislative amendments in different acts."
4. Logs
"One proposal is based on the idea that logs of data processing operations from intelligence services are to be regarded as sensitive information that should not be made available to the central level. Another suggestion was for logs to make it possible to establish the justification and the identification of the person who consulted or disclosed personal data, and the identity of the recipients of such personal data at national level."
5. The role of the ETIAS Central Unit
The European Travel Information and Authorisation System (ETIAS) is essentially the EU equivalent of the USA's ESTA (Electronic System for Travel Authorisation). All short-stay visitors to the EU who do not require a visa will be vetted to determine whether they pose a security, migration or health risk. The system was approved on 25 April 2018 and is due to enter into use in 2020.
The Presidency's non-paper states:
"According to the last Presidency compromise text, the ETIAS Central Unit is responsible for the verification of the colour of a link and for fingerprint/ dactyloscopic verification of a hit triggered in different systems during the transitional phase prior to the start of operations of the MID (i.e. dealing with the legacy data). These tasks require significant resources and will have financial impact for Frontex. Some comments were made during the Working Group meetings to provide for the extended involvement of the ETIAS Central Unit for interoperability purpose also after the transitional phase."
Member States are asked, amongst other things: "Which other tasks can you identify for Frontex in relation to interoperability?"
NOTE from: Presidency to: Delegations: Proposals for Regulations on interoperability - Presidency non-paper (8242/18, 27 April 2018, pdf)
Further reading
The legal proposals on interoperability are available here: "Interoperability": Plans to link all Justice & Home Affairs databases into one centralised system(17 December 2017)
European Data Protection Supervisor: interoperability of biometric databases poses fundamental risks and must be widely debated (16 April 2018)
Fundamental Rights Agency: interoperability will give authorities unwarranted access to additional personal data(25 April 2018)
Briefing: The interoperability of Justice and Home Affairs databases(March 2018)
EDPS "Reflection paper" on the interoperability of JHA databases poses fundamental questions (2 December 2017)
EU wastes no time welcoming prospect of Big Brother databases (15 May 2017)
Spotted an error? If you've spotted a problem with this page, just click once to let us know.
Statewatch does not have a corporate view, nor does it seek to create one, the views expressed are those of the author. Statewatch is not responsible for the content of external websites and inclusion of a link does not constitute an endorsement. Registered UK charity number: 1154784. Registered UK company number: 08480724. Registered company name: The Libertarian Research & Education Trust. Registered office: MayDay Rooms, 88 Fleet Street, London EC4Y 1DH. © Statewatch ISSN 1756-851X. Personal usage as private individuals "fair dealing" is allowed. We also welcome links to material on our site. Usage by those working for organisations is allowed only if the organisation holds an appropriate licence from the relevant reprographic rights organisation (eg: Copyright Licensing Agency in the UK) with such usage being subject to the terms and conditions of that licence and to local copyright law.