by Beatrice FRAGASSO (Free-Group trainee)
On 6 April 2016 the European Commission put forward the Smart Borders Package, a set of measures intended to provide a more effective and modern external border management. One of the proposals consists in the introduction of the Entry/Exit System (EES), a centralized information system based on biometrics that would be interconnected with VIS and focus on third-country nationals.
The creation of the european Entry-Exit system will require the adoption of two draft Regulations, one (COM/2016/0194) setting up the EES and amending Regulation (EC) No 767/2008 and Regulation (EU) No 1077/2011, the other (COM/2016/0196) amending Regulation (EU) 2016/399 (Schengen Borders Code) to embody this new system. The proposals has been accompanied by an Impact assessment.
The introduction of the EES aims at speeding up and reinforcing border check procedures for non-EU nationals travelling to the EU, by improving the quality and efficiency of controls as well as the detection of document and identity fraud. The new texts replace the proposals presented by the European Commission in February 2013 and for which the co-legislators had voiced technical, financial and operational concerns.
The European Parliament defined its negotiating mandate on the latest Commission Proposals on 27 February 2017: the LIBE Committee adopted his reports (on establishing EES and amending 2016/399) and decided to enter into negotiations with the Council on the basis of these mandates.
The rapporteur Agustín Dían De Mera García Consuegra stated before the LIBE Committee (11 May 2017) that progresses have been made during the “trilogue” negotiations and that the good cooperation between delegations will probably allow to come to a political agreement by the end of the summer. Two “political” trilogues as well as nine technical meetings have already taken place and a third political “trilogue” is scheduled for 31 May 2017. Needless to say no public recording is accessible on the debates which took place during these trilateral meetings
Further information on other aspects of the procedure is accessible on the European Parliament Research Service site HERE.
The scope of the Entry-Exit System (EES)
The EES will apply to non-EU nationals crossing the external borders of the Member States of the EU for a short stay (maximum 90 days period in any period of 180 days), both those that require a visa and those that are exempted.
How it will work
The introduction of the EES aims to:
- address border check delays and improve the quality of border checks for third-country nationals;
- ensure systematic and reliable identification of “overstayers”;
- reinforce internal security and the fight against terrorism and serious crime.
The system is intended to register the name, type of travel document, biometrics (four fingerprints and a visual image) and the date and place of entry and exit.
These actions will facilitate the border crossing of bona fide travelers, detect over-stayers and identify undocumented persons in the Schengen area. The system will also record refusals of entry.
Currently, the only possibility for national authorities to calculate the duration of stay of a third-country national in the Schengen area (and to verify their potential overstay), is the stamping of their travel document with the dates of entry and exit. This method is deemed to be slow and error-prone, since the entry/exit stamps may be unreadable or counterfeit. Under the new proposal, the current system of manual stamping of passports would be replaced by registration in a database and most of the data will be automated.
By using self-service systems and e-gates, third country national travelers would have their data verified, their picture or fingerprint taken and a set of questions asked. While using the self-service system, all mandatory checks would be triggered in the security databases (SIS, Interpol Stolen and Lost Travel Documents database). By the time the traveler is guided towards a border control lane, all his information would have reached the border guard, who may ask additional questions before granting the passenger access to the Schengen area.
The automation of the preparatory steps is expected to reduce the workload of border guards. This would mean that that Member States would not have to hire extra border guards to accommodate the growing traveler flows. It is also expected to reduce the long queues before passengers reach the border checkpoint.
The system would be interconnected with the Visa Information System (VIS) database, which would help reduce duplication of data processing, in accordance with the ‘privacy by design’ principle.
The European Parliament position (Libe Committee Debate)
The parliamentary debate showed that in the Commission proposal there are some controversial elements that the LIBE committee tried to address in the draft report approved on 27 February 2017.
The rapporteur Agustín Dían De Mera García Consuegra (EPP, Spain) presented the draft report before the LIBE Committee on 8 December 2016. According to him, establishing an EES will benefit travellers (they will spend less time waiting at borders), as well as border Member States and transit Member States, because of the speeding of the entire process. Border guards would carry on their tasks more easily. The aim of the draft report is to strike a balance between speeding up the process and guaranteeing security, protecting at the same time fundamental rights. In particular, one of the main concerns of the rapporteur is to ensure high standards for data protection: many of the amendments have been tabled in order to protect data in the system with reference to interoperability, data retention period and access to data by law enforcement authorities. According to the Rapporteur his amendments follow the indications given by the European Data Protection Supervisor (EDPS- Giovanni Buttarelli), in order to boost legal certainty in data protection area and to the role of EDPS and National Data Protection Authorities.[i] Another objective highlighted by the rapporteur is to guarantee more technical certainty, in order to know exactly who can access to the system as well as the circumstances of the access (logs). The procedure to follow in case of temporary failure, then, still has to be clarified. The rapporteur then pointed out the necessity to establish high standards for the procedure used to take facial images and fingerprints. Finally, it has been remarked the key-role played by Eu Lisa (here the Agency’s report on the Smart Borders Pilot Project), that will be responsible to manage the system.
The S&D “shadow rapporteur” Tanja Fajon (Slovenia) stated that she’s not convinced by the argument put forward by the Commission to justify the link between crime and border management. The purpose of the proposal is the border management, not the law enforcement and the proposal should clarify the way in which data will be processed in these two different situations. The difference between people who’s travelling legally and people who’s violating rules should be remarked, in order to guarantee fundamental rights. She criticized the retention period as disproportionate.
Mrs Fajon, then, pointed out that it’s necessary to better inform travellers about how the smart border system will change the current situation and which impact the regulation will have on their rights to enter and exit. People need to be aware about their rights and duties and about the consequences of possible infringments. Finally, she stated that some measures risk to be unpractical in some Member States (as for example Slovenia) whose borders with non-Schegen countries are always busy, especially during summer.
The ECR “shadow rapporteur” Jussi Halla-Aho (Finland) stated that ECR supports an Entry/Exit System and that probably it was needed even before the abolition of internal controls. His group finds that law enforcement authorities should have a sufficient access to the database for a sufficient period of time. The amendments tabled by the rapporteur are well considered and balanced and ECR appreciate that the rapporteur has tried to make the instrument coherent with the existing tools, for example Eurodac: Regulations have to be harmonised and they have to work one with the others.
According to the ALDE shadow rapporteur Angelika Mlinar (Austria) the amendments improve the Commission proposal. But there are still some problematic issues to address, concerning the protection of fundamental rights and in particular the disproportionate and unjustified retention period that is equally applied to all the scope of the regulation. In addiction, the former 2013 proposal had one single purpose (speeding up border management procedures), while the current proposal has also an unjustified law enforcement purpose. Her political group presented amendments in order to:
– Limit and optimise the collection of biometrical data.
– Limit the law enforcement access to what is strictly necessary, ensuring safeguards.
– Reduce the data retention period.
Also the Greens’ shadow rapporteur Jan Philipp Albrecht (Germany) highlighted that the most controversial points are the long data retention period and the possibility for law enforcement authorities to access these data for other purposes. The risk is that the EES will create a huge (and very expensive) database with a long retention period that won’t be effective for the purpose of smart border management. Finally, the shadow rapporteur pointed out that data protection in EES should meet the same high standards in the data protection package recently adopted (and which should be transposed at national level for May 2018).
Where we are…
The LIBE Committee adopted the report establishing EES and the report amending 2016/399 on 27 February 2017 and the modifications proposed by the committee echo the parliamentary debate. Data should be stored for only two years, and not the five years proposed by Commission. MEPs also want to ensure that the text is in line with the provisions of the General Data Protection Regulation, for example by allowing the data subject the right to access his or her own data.
MEPs found that the purposes of data processing in the new system should also be clarified. Migration handling should be the first purpose and law enforcement an additional one. The two should be treated separately, as the conditions for the use and storage of the data are not the same.
The Council Position
According to a preparatory document of the Council (leaked by Statewatch, file 6572/17), it emerges that the most controversial issues concern the territorial scope of the EES (an issue linked to the question of the access to VIS for those Member States which do not yet fully apply the Schengen acquis but for which the verification in accordance with the applicable Schengen evaluation procedures has already been successfully completed) and the calculation of the duration of the short-stay.
A Guidance on these sensitive issues was then obtained at COREPER level on 1 February 2017. Concerning the territorial scope of application, COREPER gave clear guidance on the need to include into it all Member States that, while not applying the Schengen Acquis in full, meet nonetheless the cumulative conditions listed in Art. 60 of the draft EES Regulation (i.e.: have successfully completed the verification in accordance with applicable Schengen evaluation procedures, (ii) have put into effect the provisions of the Schengen acquis relating to SIS and (iii) to the VIS).
If these conditions are met, the Member State concerned can deploy the EES, with the consequences that such deployment implies, including with reference to the calculation of the duration of stay in its territory. As a consequence, the automated calculator set out in Art. 10 of the EES draft Regulation will be a common one, covering the stays in any Member State operating the EES. According to the internal Council document, some delegations still oppose this solution on legal and practical grounds, notably because of its implications for other legal instruments and for the current practice in particular in the area of visa policy. However, the Presidency considers that the policy guidance given by Coreper, supported by a clear majority, should be followed.
MS Bilateral agreements with third Countries
Another outstanding issue is whether the bilateral visa waiver agreements will be compatible with the EES (Art 54). At the trilogue meeting that took place on 29 September 2016 (file 12571/16), the Chair presented a drafting proposal by the Presidency that would set up a procedure which allows to keep those agreements into force while making the EES work. The Commission rejected the proposal because the proposal would comprehend only a few agreements, excluding those which provide for a stay less than 90 days, creating more problems than it was deemed to solve.
Secondly, the proposal would have been cumbersome both for Member States and third country nationals concerned and had the practical consequence of extending the effects of bilateral agreements to Member States that were not party to them. On the contrary, Member States showed a general support to the Presidency solution.
Access by national Law enforcement authorities
EES would be used by the same authorities that already use VIS: consular posts and border control. Moreover, it would allow law enforcement authorities as well as Europol to perform restricted queries in the database for criminal identification and intelligence to prevent serious crime and terrorism.
The conditions to grant access to the EES to law enforcement authorities (Chapter IV of the proposal) are one of the most controversial point of the proposal. According to the preparatory document of the Council (file 6572/17), some delegations have expressed the wish to further simplify it [the access to the EES by law enforcement authorities] in order to facilitate investigations in cases of serious crimes and terrorist offences. However, recent deliberations have shown a good degree of support for the Presidency compromise proposal, in which, upon request of a majority of delegations, the conditions for access have been softened to the maximum extent compatible to the current legal framework and case-law.
The European Parliament expressed major concerns with reference to Chapter IV and the Council in a document dated 22 may 2017 (file 9415/17) proposed a compromise.
In particular, the Council position would be maintained on:
(a) the reference to ‘designated authorities’ rather than ‘law enforcement authorities’;
(b) the possibility to access the EES even when the search in national databases results in a hit;
(c) the possibility to proceed to access the EES once the Prum search is launched; and
(d) the possibility to also check against refusal of entry records.
On the other hand, some amendments proposed by the European Parliament would be broadly accepted (some with amendments). These suggestions are in particular:
(a) limiting the urgency procedure to cases where there is an ‘imminent danger’ related to a terrorist offence or other serious criminal offence and requiring the ex post verification to take place within two working days.
(b) providing that there must be reasonable grounds to consider that consulting the EES will (rather than may) contribute to the detection, investigation or prevention of a terrorist/other serious criminal offence. Actually, it should be noted that ‘reasonable grounds’ would still be enough and certainty is not required. Moreover, a substantiated suspicion that the person falls within the scope of the EES would still be sufficient to fulfil this requirement.
Transfer of data to third countries and international organisations (Article 38) and to Member States not bound by, or not operating the EES (Article 38a)
The European Parliament opposes the possibility to transfer information to third countries and international organisations for the purpose of returns, unless there is a decision by the Commission regarding the adequate protection of personal data in that third country or a binding readmission agreement.
In particular, the European Parliament opposes the possibility to transfer such information on the basis of an arrangement similar to readmission agreements, arguing that these are not binding and do not contain the necessary data protection safeguards. The European Parliament also insists on the provision of guarantees by the third country concerned to use the data only for the purposes for which it is transferred, and that such transfers should only be possible once the return decision is final, and subject to the consent of the Member State that entered the data.
The EP also maintains its position against the transfer of information to third countries or to Member States not operating, or bound by, the EES, in cases of immediate threat of terrorist or other serious criminal offences (Article 38(4a) and Article 38a).
Reassurances have been provided that the relevant data protection legislation must still be respected (General Data Protection Regulation in case of returns/readmission and Data Protection Directive in case of terrorism/serious criminal offences), but this has not convinced the European Parliament.
Another concern raised by the European Parliament regards the fact that the conditions required to access the EES by national authorities (set out in Chapter IV) are not all reproduced for the transfer of such data to third countries, international organisations and Member States not operating the EES or to which the EES does not apply.
Data Retention (Article 31)
The European Parliament in its position reduces the data retention period from five years to:
– four years for third-country nationals who overstay;
– two years for third country nationals who respect the period of authorised stay.
According to a document dated 22 May 2017 (file 9415/17), the Council is still managing to find a compromise.
[i] In its opinion 06/2016 of 21 September 2016, the European Data Protection Supervisor (EDPS) recognizes the need for coherent and effective information systems for borders and security. However, the EDPS underlines the significant and potentially intrusive nature of the proposed processing of personal data under the EES, which must therefore be considered under both Articles 7 and 8 of the EU Charter of Fundamental Rights.
According to EDPS opinion, necessity and proportionality of the EES scheme are to be assessed globally, taking into consideration the already existing large-scale IT systems in the EU.
The EDPS, then, notes that EES data will be processed for two different purposes, on the one hand for border management and facilitation purposes and on the other hand for law enforcement purposes. The EDPS strongly recommends clearly introducing the difference between these objectives, as these purposes entail a different impact on the rights to privacy and data protection.