fundamental rights Human Rights interoperability tech Third countries third country nationals

Another Nail in the Coffin of Third-Country Nationals’ Privacy? – EU Immigration and Asylum Law and Policy

Another Nail in the Coffin of Third-Country Nationals’ Privacy? – EU Immigration and Asylum Law and Policy

By Dr. Niovi Vavoula, Lecturer at Queen Mary, University of London


Because the past few many years, legal students and practitioners have been progressively acquainted with a collection of abbreviations: SIS II, VIS, Eurodac, EES, ETIAS, ECRIS-TCN and the idea of interoperability has arisen prominently within the EU agenda. Behind the abbreviations lies an elaborated and sophisticated authorized framework of Europe-wide databases, whereby hundreds of thousands of private knowledge collected by totally different teams of third-country nationals are stored and further processed for quite a lot of purposes. For the sake of convenience and to tell the next evaluation, find right here a table summarizing the important thing characteristics of each system.

This table is illustrative of the totally different logics and goals underpinning each database, but in addition of an array of widespread characteristics.

  1. First, their scope ratione personae is primarily totally different categories of third-country nationals, with EU residents private knowledge only processed in an incremental manner (by the regulation enforcement department of the SIS II; by the VIS, as regards sponsors or relations of visa candidates, or sooner or later ECRIS-TCN in relation to twin nationals); 
  2. Second, those databases course of a variety of private knowledge, together with biometrics (pictures and fingerprints, apart from the ETIAS), which constitute a particular category of private knowledge underneath Article 9 of the Common Knowledge Safety Regulation; 
  3. Third, regulation enforcement authorities and Europol are allowed to have entry to the data, either underneath particular circumstances (VIS, Eurodac, EES, ETIAS) or due to the regulation enforcement (security) mandate (SIS II and ECRIS-TCN); 
  4. Fourth, private knowledge are retained for a big time period; 
  5. Fifth, databases are multi-purpose, dynamic and versatile in nature, as evidenced by the growing goals hooked up to each system. These purposes vary from modernising immigration management to (disturbingly) regulation enforcement, thus blurring the boundaries between immigration and legal regulation. 

Crucially, databases are compartmentalised; although in the future all third-country nationals might be successfully captured by a minimum of one database, the info pots are separate from one another. It will quickly change; the ultimate step in the direction of an EU ‘Huge Brother’ is the interconnection of the totally different ‘knowledge pots’ underneath the umbrella time period of interoperability. Towards this background, this blog publish goals at critically evaluating this necessary legal improvement from a privateness and knowledge safety standpoint.

2.Compartmentalisation Is Lifeless: Lengthy Reside Interoperability

The story behind the emergence of interoperability has been discussed intimately elsewhere. For the needs of the present submit, it suffices to recall that the interoperability debates first began in the aftermath of 9/11. Then, in its 2005 Communication, the Commission outlined interoperability because the ‘means of IT methods and of the enterprise processes they help to change knowledge and to enable the sharing of data and information’. Particulars on the legal facet of interoperability have been spared, as the idea was decreased to a technical matter. Because the Paris assaults of November 13, 2015, the connection of the ‘knowledge jars’ has gained recent impetus. A High Degree Skilled Group on Info Methods and Interoperability was arrange and gave the inexperienced mild for implementing this initiative. Within the meantime, interoperability was already foreseen within the proposals for the EES, recast Eurodac (nonetheless beneath negotiations) and ETIAS, thus pre-empting its insertion by way of the again door with out an evaluation on its necessity. Following speedy and slightly restricted negotiations, Laws (EU) 2019/817 and 2019/818 have been revealed within the Official Journal on the 22nd Might 2019.

Interoperability is known as info techniques ‘talking to one another’ and as an evolutionary software that may enable further uses by means of the aggregation of knowledge from totally different sources. Its four fundamental elements are: 

  1. The ESP (European Search Portal) will enable competent authorities to simultaneous question the underlying techniques and the mixed outcomes will probably be displayed on one single display.  Despite the fact that the display will indicate through which databases the knowledge is held, entry rights will remain unaltered and can proceed following the principles of every database. 
  2. The Biometric Matching Service (BMS) will generate and store templates from all biometric knowledge recorded within the underlying methods, thus effectively turning into a brand new database that compiles biometrics from the SIS II, VIS, Eurodac, EES and ECRIS-TCN and that may substitute separate searches within the other databases. 
  3. The Widespread id repository (CIR) on the core of interoperability which can retailer a person file for every individual registered in the methods, containing both biometric and biographical knowledge as well as a reference indicating the system from which the info have been retrieved. CIR’s primary aims are to facilitate id checks of third-country nationals, help in the detection of people with multiple identities and streamline regulation enforcement entry. With respect to regulation enforcement, a two-step process is foreseen whereby regulation enforcement authorities will first seek the advice of all databases to verify whether data on an individual exist in any of the databases with out obtaining prior authorisation by a verifying authority. Within the event of a ‘hit,” the second step is to acquire access to each particular person system that accommodates the matching knowledge via the process prescribed within the authorized basis of every database. 
  4. Finally, the A number of Id Detector (MID) will use the alphanumeric knowledge saved within the CIR and the SIS II to detect multiple identities; it can create hyperlinks between similar knowledge to point whether the person is lawfully registered in multiple methods or whether id fraud is suspected.

3.From a ‘Panopticon’ to a ‘Pangnosticon’ in Violation of Privateness? 

With interoperability because the ‘cherry on prime’ of a multi-layered cake of databases, the panorama of data processing via centralised databases can be ceaselessly changed. Whereas interoperability won’t frustrate present limits on entry rights of national authorities, using private knowledge can be hooked up to new functions, which are not to be found within the respective authorized instruments. For example, Eurodac knowledge might be used to detect individuals with multiple identities despite the fact that Eurodac’s mandate doesn’t specify such use. Moreover, a particularly worrisome change includes Article 20 of the Laws on interoperability, in accordance with which a Member State police authority is authorised to query the CIR with the biometric knowledge of a person taken during an id examine for the only function of identifying that individual. This perform of the CIR was not supported by the prevailing legal framework and the addition of specific circumstances beneath which police authorities are authorised for identification checks within the adopted textual content doesn’t compensate for the shortage of readability. The proposals stipulated that underneath Article 20 the identification of the individual must contribute to stopping and combating irregular migration or contributing to a excessive degree of safety. Because the EDPS has appropriately identified these goals are unduly obscure and do not explain whether or not these police checks will take place underneath immigration management or regulation enforcement procedures. Id checks by police authorities might gasoline discriminatory practices which may proceed to identification checks to third-country nationals on the spot solely on the idea of in depth profiling, rendering their status on the territory notably precarious.

In reality, interoperability negates the relevance of the purpose limitation precept by primarily enabling databases to be used for nearly any function as long as this isn’t incompatible with the unique function for which the info have been initially collected. The multiple reconfigurations of the techniques over time denote that the edge for such ‘incompatibility’ is unreachable and the bounds of these methods are far from being reached. The fact that the CIR will embrace each personal knowledge collected and further processed for conventional regulation enforcement functions (ECRIS-TCN) and personal knowledge of immigration nature that can be used for the identification of people in a number of fora might be the deathblow for the purpose limitation principle and privateness as the important thing worth behind knowledge protection regulation. Interoperability should not be seen as a approach of altering the character and functions of present databases, in other phrases interoperability shouldn’t develop into the top in itself. Compartmentalisation, which was heralded as a approach of making certain the safety of privacy and personal knowledge protection, has grow to be a problematic function, allowing for ‘blind spots’ that hinder the work of national authorities. This logic does not correspond to the normal understanding of migration control, however quite exemplifies and validates a rising understanding of databases for third-country nationals as ‘security methods’ and interoperability primarily reconceptualises all centralised databases as quasi-intelligence tools.

Maybe the elephant in the room as regards the operationalisation of interoperability includes the masked establishing of latest databases —the BMS, the CIR and the MID- based mostly on combining knowledge from totally different sources (albeit the latter won’t hold private knowledge). The flamboyant wording that’s used (‘element’ and ‘repository’) shouldn’t distract from the damaging actuality of large catalogues of third-country nationals at EU degree who are both administratively or criminally linked to the EU over a big time period. The aggregation of knowledge via databases signifies a brand new information-processing paradigm of mass and indiscriminate surveillance. By combining info from totally different methods, authorities are empowered to draw more exact conclusions on the personal lives of individuals, and knowledge subjects might be unable to foresee how their collected info can be used. As Bunyan has famous, it isn’t far-fetched to characterise interoperability as a decisive step in the direction of a single EU info system on the service of an EU Massive Brother. 

One might argue that the BMS doesn’t process private knowledge as it merely stored templates of biometrics. Whilst this is an space that deserves additional consideration, it has also been convincingly argued that templates represent private knowledge. Importantly, the case of the CIR particularly reminds Foucault’s ‘panopticon’, whereby home authorities shall be capable of see all totally different groups of third-country nationals via a digital catalogue for overseas inhabitants with an administrative or legal regulation link to the EU. Repetitive references in EU documents to ‘blind spots’ that must be coated so that everyone might be seen matches nicely with the analogy. Shifting beyond, it is hereby argued that interoperability will enable home authorities to know third-country nationals better, by assembling data from the totally different methods and mix the totally different personal knowledge to create richer profiles relating to their movement and administrative or felony procedures that they’ve undergone. The ‘pan-opticon’ (coming from the ancient Greek ‘πάν’ (all) + ‘οπτικόν’ (of sight)) is thus progressively changed by the ‘pan-gnosticon’ (‘πάν’ (all) + ‘γνωστικόν’ (of data), an emerging know-it-all surveillance system, whereby authorities would be capable of achieve complete consciousness of the identities of the individuals, with the last word purpose of preventing, deterring, controlling, or in additional impartial phrases ‘managing’ individuals. 

In a collection of judgments, the EU Courtroom of Justice has placed necessary limits to Member States’ surveillance powers. In Opinion 1/15, in regards to the transfer of PNR knowledge from the EU to Canada, the Grand Chamber found that such transfer wouldn’t quantity to a system of unlawful generalised surveillance, provided that the private scope involved merely these travellers from the EU to Canada. Conversely, in Digital Rights Ireland and Tele2, the Grand Chamber was adamant in proscribing mass surveillance, because it concerned ‘virtually the whole EU inhabitants’. It is hereby argued that while each database on its own might not qualify as establishing generalised and indiscriminate surveillance of motion following Opinion 1/15 as a result of it includes solely a fraction of third-country nationals, the CIR as a new database combining supplies from the underlying methods ticks all of the packing containers to be thought-about as illegal mass surveillance of motion. 

One other key change caused by interoperability includes regulation enforcement access to third-country nationals’ knowledge. Access is at present subject to tailored circumstances of entry and verification by a verifying authority. In Digital Rights Ireland and Tele2, the CJEU made clear that such access ought to be subject to strict circumstances and prior verification that those circumstances have been met by a verifying authority, both a judicial or unbiased administrative one. Interoperability won’t only retain the problematic modalities of access to the respective techniques (for instance see my chapter on this volume), but will further progressively lead to routine entry. As famous by the EDPS, a ‘hit’ is critical because it reveals parts of a person’s private life, as an example that they’re visa free travellers or asylum seekers, and, subsequently, this first step of checking whether there’s private knowledge in any of the underlying methods also needs to take place after fulfilling the precise circumstances of access prescribed in the authorized basis of every database. Importantly, it is arduous to consider that upon discovering that a database holds info on an individual, the verifying authority making certain the circumstances for entry have been met won’t permit such entry. In different phrases, not only the independence and objectivity, but in addition the very existence of a verifying authority could also be biased by the two-step strategy. Arguably, this new perform might allow nationwide authorities to interact in ‘fishing expeditions’. Subsequently, extra prosecutions and/or convictions of third-country nationals might happen, merely because a pool of data exists, since no equivalent EU-wide catalogue of data on EU citizens exists. This will additional maintain a divide between the EU residents and the foreigner and raise critical non-discrimination considerations.

As well as, the operationalisation of interoperability raises additional considerations as regards individual rights (rights of data as regards the processing of the private knowledge, right of access, rectification and deletion). In view of the processing of private knowledge in a multiplicity of context, the best to info may be all of the harder to be exercised. Finally, as Evelien Brouwer eloquently factors out in her contribution to the blog, it have to be recalled that the private knowledge stored have been lengthy struggling when it comes to quality, together with fingerprints. Nevertheless, if the private knowledge saved aren’t of enough quality, any aggregation of this knowledge by means of interoperability might have result in incorrect processing, with vital repercussions for non-EU nationals, notably within the case of the MID. 


First, interoperability is far more than a buzz word and a panacea for security and migration considerations; it has turn into the ‘Trojan Horse’ in the direction of the silent disappearance of the boundaries between regulation enforcement and immigration control and the novel intensification of surveillance of all cellular non-EU nationals. With that step completed, it won’t come as a shock if PNR knowledge and even nationwide id playing cards or passports of EU nationals will even make their approach into interoperable centralised databases, so as to ‘rectify’ the imbalance between the remedy of third-country nationals and EU citizens when it comes to surveillance of motion by means of personal knowledge processing. Secondly, interoperability is the newest nail within the coffin of third-country nationals’ privacy; databases have progressively proliferated and their features expanded with out having been litigated when it comes to elementary rights compliance before the European Courts. In an period where strategic litigation seems to be the best way forward, is it potential for centralised databases to seek out their means into courts, or will we now have to attend till knowledge surveillance hits our personal door?


(perform(d, s, id)
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s); = id;
js.src = “//connect.facebook.internet/en_US/sdk.js#xfbml=1&version=v2.6”;
fjs.parentNode.insertBefore(js, fjs);
(doc, ‘script’, ‘facebook-jssdk’));