By FERN BOWLES (Free Group Trainee)
On February 23 the LIBE Committee has organized a interparliamentary meeting focused on the Smart Borders Package (see “EU Compass” factsheet here). The meeting served as a forum for the exchange of views between European and national parliamentarians, as well as the Commission and European agency representatives, in an aim to debate the possible future alternatives at technological and legal level of the “smart border package”. According to the Commissioner for Migration, Home Affairs and Citizenship, Dimitris Avramopoulos this “new start” is justified to overcome various “technical, political and cost related issues” raised by the initial Commission proposal. In October 2014, the first stage of the new Commission analysis was completed with the delivery of the Technical Study (see the executive summary ) and Costs Study. The “Pilot” will be completed during 2015 and a new legislative package could then be submitted in 2016.
The context
At the moment, manual checks are performed by border force personnel at the external frontiers where they are required to check non-EU citizens’ travel documents. The Smart Borders project plans to create a pan-Schengen automated database to be able to store information of third country nationals (TCN) electronically. Thorough an entry-exit system (EES) TCNs would be required to undergo a biometric identification check upon arrival to the EU, while the registered travellers programme (RTP) will pre-vet non-EU citizens before their travel, in order to speed up border crossing.
The justification for increased checks on non-EU citizens with the Entry-Exit System (EES) was initially to fight terrorist’ travel but it is argued that the real reason is to prevent the phenomenon of ‘overstayers’ (TCN that stay in the EU longer than they are permitted), which according to the Commission is one of the biggest issues of irregular migration within the EU. The European Commission’s original proposal (2013) for a Regulation on the Smart Borders Package will however be revised and revealed at the beginning of 2016.
The main issues that were raised during the debate…
During the Interparliamenty debate, the S&D’s Tanja Fajon (dossier rapporteur), underlined the need to be weary of the potential indiscriminate mass collection of data. With data protection a ‘buzz’ word in European policy at the moment and it’s legislative revision also under development, the Smart Borders package is facing scrutiny from many areas. The plan to collect, store, and process mass data on non-EU citizens has caused much debate particularly concerning the baseline for data-retention.
According to the DG Home representative Mr Rob Rozenburg, drawing upon the conclusions of the October 2014 technical study, the data retention period should be up to 6 months for the EES with a up to 5 years for overstayers, and up to 5 years after the expiry date of the RTP status of TCN. He highlighted that deleting non-EU traveller information after 6 months was potentially too short, considering that at present border guards can manually check passports for VISA stamps for up to 10 years (depending on the validity of the passport).
In the background …the CJEU 2014 “Data Retention” ruling
There are further cost repercussions explained by the need for a larger and more powerful database server needed for more information held a large amount of time. Although the period for the retention of data would be one area where the Commission announced that it will rethink and potentially revise it’s current position, it should do this taking into full account the CJEU’s 8 of March 2014 ruling on the Data Retention Directive. The latter has established strong safeguards and criteria to be fulfilled by the EU legislator, one of them being the strict compliance with the principles of necessity and proportionality according to which already, the six month period for data retention has been pointed out as excessive.
Does the Smart Borders Package comply with the principle of Necessity, subsidiarity and proportionality.?
The Smart Borders Package aims to manage the flow of persons over the Schengen borders in a centralised manner. The principle of subsidiarity is notably called into question, with a shift from national border controls to that of a European centralised control as traveller identification moves from one based on national territory to individual identity[1]; a ‘country-centric’ to a ‘person-centric’ approach.
Giovanni Buttarelli, the new European Data Protection Supervisor, reiterated points that have already expressed in various opinions adopted by the EDPS since the beginning of the development of the Smart Borders proposal.[2] Buttarelli emphasised that the respect for fundamental rights such as the right to private and family life (Art.7 European Charter and Art. 8 ECHR), and the protection of personal data (Art. 8 European Charter) is paramount, and that any use of personal data should be proportionate, necessary and justifiable. He called therefore for a clear clarification from the European Commission of the objectives of the Smart Borders package in order to ensure that any interference with these fundamental rights does not go against previous ECtHR and CJEU rulings[3]; that is to say that the fact of tampering with fundamental rights, as laid down in the Charter, is only considered necessary when it is proportionate to clearly specified objectives put forward by the public authority in question.[4]
This is relevant to the collection, processing, and storing of data as well as it’s use for law enforcement purposes.
Concerning the notion of overstayers, and that their data will potentially be stored for a 5 year period, Mr Buttarelli pointed out the hazy objective of the EES, pointing out that Frontex figures on overstayers revealed that most of the latter required VISAs to enter the EU, therefore the VIS system could be used to identify them. Would it therefore be indeed proportional to set up another parallel system that envisages holding a parallel set of data on these individuals?
The debate was also focused on the type of data that will be shared through the future EU network (such as fingerprint, facial image and alphanumerical data). According to the Commission representative Mr Rozenburg who was referring to a technical study, the use of facial imagery with the combination of a limited number of finger prints would be sufficient for the Smart Border proposal; nevertheless this option is costlier than recording finger prints alone. A Pilot project has already been launched by eu-LISA and it is intended to produce real data which will make it easier to choose the exact method to be used later.
Between the possible options, the integration of the future EES/RTP system with the existing Visa Information System (VIS) has been debated even though, according to the Commission the technical study showed that the best option available would be to primarily set-up a separate EES-RTP system and gradually integrate it over time with VIS.
Costs: According to figures recently presented in the European Parliament Civil liberties (LIBE) Committee the 2015 Frontex budget has risen 16% from €97 million to €114 million[5], with €31 million set aside for Joint Operations & Pilot Projects at Sea Borders. However it has also been acknowledged before the MEPs that the controversial “Smart Borders” package will require some €1 billion to implement a centralised database in order to manage and monitor the flow of third country nationals (TCN) at the external Schengen borders.
For some MEPs the question remains whether investing nearly 9 times more on biometric and technologically ‘smart’ borders will be more beneficial than investing in saving lives at the borders as it is required by the EU Charter of fundamental rights (which, in principle specifies the right to life and to asylum …). It is not then surprising that some scholars have considered that the current EU Commission external border policy undermines fundamental rights to asylum and protection[6] by investing in new technological initiatives even before having fully exploited the current mechanisms such as SIS II and VIS (now managed by the EU–Large scale Information technology Systems Agency “LISA”).
Access to Law Enforcement :As expected the creation of a new integrated borders system has been considered a useful tool also for Law Enforcement Authorities (LEA) even though it would lead to increased implementation costs (see the previous experience with the SIS II project). However turning a border policy tool to an internal security one runs the risk of raising potential problems, not only due to the different legal basis in the treaties but also because according to some MEPs it would require a consistent and common EU approach which is still far from being agreed (even the Schengen system is still a collection of “national” alerts and lacks a European approach to this operational mechanism). Many representatives of national parliaments that attended the LIBE Inter-parliamentary debate were more inclined to already integrate this security dimension allowing police access to the smart border data for LE purposes.
This desire has also been advocated within the Council since 2013 with ‘a large majority’ of national Government delegations supporting LEA[7] to all EES data for the purpose of the investigation of terrorist offences and other serious criminal offences.
There are still unresolved debates over LEA on the Commission’s side as well. The EU executive has raised concerns since the beginning over the grounds for LEA, pointing out the lack of evidence to prove the necessity for police access, and suggesting that Member State delegations should provide information on their experience with police access to information for VIS.[8]
Commissioneer Avramopolous categorically underlined during the reunion last week that “the Commission has not yet taken such a decision” on LEA and that they were still contemplating all of the implications.
In the meantime at national level…
There are currently thirteen members states who run similar entry-exit systems, and who allow access to data for LE purposes[9]. Nonetheless, the question concerning the need for basic parameters with regards to accessing information and the justification for this should be established in line with the data protection framework.
The LISA “Pilot Project” :The revision of the Smart Package proposal will also use the results of a Pilot Study that is being carried out this year under the remit of the European Agency eu-LISA[10], in order to test the operational feasibility of the proposal.
Mr Krum Garkov, eu-LISA’s Director, stated that he hoped to get the results of the pilot study by the end of 2015. With 12 Member States participating in the pilot phase, covering 17 different border crossing points, Mr Garkov assured the parliamentarians that the study would be carried out with the necessary data protection safeguards, abiding by national data protection legislation. He ensured the close cooperation with numerous stakeholders including the European Fundamental Rights Agency, and that both stakeholder involvement and the project’s transparency were vital for the success of the pilot phase.
After all is taken into account, including the pilot study that will be underway by the end of this month, the European Commission will have to ensure that the revised proposal will thoroughly cover whether the management of TCN data, particularly for the use by enforcement authorities “genuinely satifies” fundamental rights obligations and ensures that any “interference is actually limited to what is strictly necessary”[11].
The Smart Borders Package, when dealing with sensitive TCN information, should make sure that all the necessary safeguards are met and that there is no risk for the abuse of passenger data, and that the data is under strict protection and security.
The project should therefore be verified in light of the CJEU ruling of the 8th April 2014 which stipulated that EU legislature should specifically define all it’s objectives within any EU legislation.
Conclusion
It has appeared from the interparliamentary debate that the relevancy of the smart borders package has increased in light of recent security issues that have occurred within Europe and from European citizens themselves. However, it was not self evident that the registration of third country nationals entering/staying on the EU territory will necessarily have significant ramifications to reducing security threats within Europe as most of the terrorists attacks have been done by either European citizens or third country nationals that were already present within the EU area so that a presence and cooperation between police forces would had been much more effective in finding the “needles” than increasing the “haystack” of ordinary citizens personal data.
NOTES
[1] CEPS. (2013). Local and Regional Authorities and the EU’s External Borders. p. 42 http://cor.europa.eu/en/documentation/studies/Documents/LRAs_and_EU_external_borders/LRAs_and_EU_external_borders.pdf
[2] Opinion of the European Data Protection Supervisor on the Proposals for a Regulation establishing an Entry/Exit System (EES) and a Regulation establishing a Registered Traveller Programme (RTP) (2013) https://secure.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2013/13-07-18_Smart_borders_EN.pdf
[3] Cf. Case Law of the European Court of Human Rights concerning the Protection of Personal Data (2013) http://www.coe.int/t/dghl/standardsetting/dataprotection/TPD_documents/DP%202013%20Case%20Law_Eng%20(final).pdf and the Data Protection Ruling by the Court of Justice of the European Union (8th April 2014) http://curia.europa.eu/jcms/upload/docs/application/pdf/2014-04/cp140054en.pdf
[4] Ibid. p.6
[5] Frontex. (2015). Budget 2015. Available: http://frontex.europa.eu/assets/About_Frontex/Governance_documents/Budget/Budget_2015.pdf.
[6] Hayes, B & Vermeulen, M. (2012). The EU’s New Border Surveillance Initatives. Heinrich Böll Foundation. pp 1- 83.http://www.boell.de/en/content/borderline-eus-new-border-surveillance-initiatives
[7] Statewatch. (October 2013). EU: Member States reassert support for law enforcement access to proposed new Entry/Exit System. Available: http://database.statewatch.org/article.asp?aid=32784. See also summary of replies to the questionnaire on Access for law enforcement purposes (10 October 2013) http://www.statewatch.org/news/2014/sep/eu-council-2013-10-10-13680-ees-lea-questionnaire.pdf
[8] Council of the European Union, Summary of discussions, Working Party on Frontiers/Mixed Committee (24th July 2014) http://www.statewatch.org/news/2014/sep/eu-council-2014-07-28-12034-frontiers-wp-op-smart-borders-jpo-us-borders.pdf
[9] Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL establishing an Entry/Exit System (EES) to register entry and exit data of third country nationals crossing the external borders of the Member States of the European Union (28th February 2013) p.2 http://ec.europa.eu/dgs/home-affairs/doc_centre/borders/docs/1_en_act_part1_v12.pdf
[10] eu-LISA and EC signed the Delegation Agreement on Smart Borders Pilot (16/01/2015) http://www.eulisa.europa.eu/Newsroom/PressRelease/Pages/Delegation-Agreement-on-Smart-Borders-Pilot.aspx
[11] CJEU Judgment in Joined Cases C-293/12 and C-594/12 Press and Information Digital Rights Ireland and Seitlinger and Others (2014) p.2 http://curia.europa.eu/jcms/upload/docs/application/pdf/2014-04/cp140054en.pdf
European Area of Freedom Security & Justice 