Category: 1.1 News from the Area of Freedom, Security and Justice

09 July 2024

by Peter van Elsuwege

Since the start of the Hungarian Presidency of the Council of the European Union (EU), the Hungarian Prime Minister Viktor Orbán pursued an active foreign policy. He went to Kyiv for a meeting with Ukrainian President Volodymyr Zelenskyy, made a surprise visit to Russian President Vladimir Putin in Moscow, attended an informal summit of the Organisation of Turkic States hosted by Ilham Aliyev, President of Azerbaijan, and then flew to Beijing for a meeting with Chinese President Xi Jinping.

Orbán’s self-declared ‘peace diplomacy’ illustrates – once more – the challenges surrounding the EU’s external representation. He cannot and does not speak on behalf of the EU even though the use of the Hungarian Council Presidency logo may suggest otherwise. His visits are nothing else than an expression of Hungarian national foreign policy. Also in that capacity, however, his actions are problematic in view of Hungary’s obligations under the EU’s Common Foreign and Security Policy (CFSP).

No role for the Council Presidency

In a reaction to Orbán’s visits, both European Council President Charles Michel and High Representative Josep Borrell stressed that the rotating Council Presidency does not represent the European Union. They are right. Article 15, para. 6 TEU explicitly provides that the external representation of the CFSP is the responsibility of the President of the European Council at the Head of State or Government level and of the High Representative of the Union for Foreign Affairs and Security Policy at Ministerial level. Article 17, para. 1 TEU further clarifies that the European Commission represents the Union for all non-CFSP competences. The rotating Council Presidency only has an internal representative function, in the sense that it represents the Council in its relations with the other EU institutions, but it plays no formal role at the international stage.

This is an important change introduced with the Treaty of Lisbon. In pre-Lisbon times, the task of representing the Union in CFSP matters was explicitly granted to the Presidency. This was introduced in Article J. 5 of the Maastricht Treaty and later incorporated in ex Article 18 TEU. Accordingly, the EU representation at the highest political level was left to the Head or State of Government of the country holding the rotating presidency. This sometimes led to diplomatic controversies. The most notable example was the behaviour of Italian President Silvio Berlusconi after the November 2003 EU-Russia Summit held in Rome under the at that time Italian Presidency. At the post-summit press conference, Berlusconi defended Russia’s attacks on Chechnya and the imprisonment of Mikhail Khodorkovsky, obviously against the official position of the European Union. The institutional revisions introduced with the Treaty of Lisbon aimed to avoid such situations. In order to reinforce the coherence of the EU’s external action, the rotating Council Presidency no longer plays a formal role in the external representation of the Union. Hence, it is crystal clear that Viktor Orbán cannot legally represent the EU on the international stage. His visits to Ukraine, Russia, Azerbaijan and China must, therefore, be seen as expressions of Hungarian rather than EU foreign policy.

Foreign policy and the duty of loyalty

Member States are competent to pursue their own foreign policy. Declarations No. 13 and 14 to the Treaty on European Union explicitly provide that the CFSP provisions cannot affect the Member States’ powers in foreign affairs. However, this does not imply that the Member States have unlimited freedom to do whatever they want. It is standard case law of the Court of Justice that also in the exercise of their national competences, Member States are required to comply with their obligations deriving from EU law (see e.g. Case C-619/18, para. 52). This principle also applies with respect to the CFSP, which is an integral part of the EU legal order. Despite the special rules and procedures applicable in this field, several EU Treaty provisions restrain the Member States’ actions at the international level. Article 28 (2) TEU specifies that CFSP decisions “commit the Member States in the positions they adopt and in the conduct of their activity”. Article 29 TEU further provides that “Member States shall ensure that their national policies conform to the Union positions.” Article 24 (3) TEU further provides that the Member States are under an obligation to “support the Union’s external and security policy actively and unreservedly in a spirit of loyalty and mutual solidarity and shall comply with the Union’s action in this area. The Member States shall work together to enhance and develop their mutual political solidarity. They shall refrain from any action which is contrary to the interests of the Union or likely to impair its effectiveness as a cohesive force in international relations.” A concrete expression of the loyalty obligation can be found in Article 32 TEU, which inter alia provides that “[b]efore undertaking any action on the international scene or entering into any commitment which could affect the Union’s interests, each Member State shall consult the others within the European Council or the Council”.

The CFSP-specific loyalty provisions, which reflect the general duty of sincere cooperation included in Article 4 (3) TEU, reveal the problematic nature of Viktor Orbán’s initiatives. With his visit to Moscow, Orbán opposed the EU’s position on Russia’s war of aggression against Ukraine. This includes the suspension of the remaining political, cultural and scientific cooperation with the Russian authorities. Moreover, Russian President Putin, Foreign Minister Sergei Lavrov and many other Russian government officials are put on the EU’s sanctions list.  Orbán’s participation at the informal meeting of the Organisation of Turkic States was equally problematic. This meeting was also attended by the President of the self-declared ‘Turkish Republic of Northern Cyprus’ (TRNC), Ersin Tatar. The EU only recognises the Republic of Cyprus as a subject of international law and repeatedly expressed its concern about the decision of the Organisation of Turkic States to grant an observer status to the TRNC. According to the minutes of the informal meeting attended by Orbán, the Hungarian Prime Minister did not make any reservations regarding the participation of the TRNC. Finally, it appears that Hungary’s unilateral initiatives had not been announced or discussed within the European Council or the Council. Hence, it is obvious that the surprise visits of the Hungarian Prime Minister – which clearly affect the Union’s interests and common positions – violate both the wording and spirit of the EU’s Common Foreign and Security obligations.

Common Foreign and Security Policy as ‘lex imperfecta’

It is well established that Member States are bound to respect their EU law duty of sincere cooperation when acting on the international stage. A failure to respect this obligation may lead to infringement actions before the Court of Justice, with the cases of Commission vs. Greece and Commission vs. Sweden as textbook examples. The question, of course, is to what extent such actions can also be brought in relation to Member States’ violations of the EU’s Common Foreign and Security Policy. As provided under Article 24 (1) TEU, this policy is subject to ‘specific rules and procedures’ implying – amongst others – a limited jurisdiction for the Court of Justice of the EU. Despite the binding nature of the CFSP provisions, ensuring compliance with those rules is not a straightforward exercise. This is why Advocate General Wahl defined the CFSP as lex imperfecta, i.e. “a law that imposes a duty or prohibits a behaviour but does not provide for any penalty for its infringement”. For instance, infringement proceedings under Articles 258 to 260 TFEU seem to be excluded for simple breaches of CFSP rules. However, as argued by Christophe Hillion, a Member States’ systemic failure to comply with its CFSP obligations may well be regarded as a violation of the general principle of sincere cooperation, enshrined in Article 4 (3) TEU, in the sense that it undermines the attainment of the EU’s external action objectives as defined in Article 21 TEU.

Finally, under Article 24 (3) TEU, the Council and the High Representative are given the responsibility to ensure compliance with the principles of mutual political solidarity and loyalty in the EU’s external and security policy. Article 26 (2) TEU further defines that they “shall ensure the unity, consistency and effectiveness of action by the Union”. Apart from public statements that Viktor Orbán has no mandate to speak on behalf of the EU, a more proactive approach could have been envisaged. One of the key lessons of this episode is that trusting the Council Presidency to an EU country which is subject to the surveillance procedure of Article 7 (1) TEU was not a good idea.

---

SUGGESTED CITATION  van Elsuwege, Peter: How Viktor Orbán Challenges the EU’s Common Foreign and Security Policy, VerfBlog, 2024/7/09, https://verfassungsblog.de/how-viktor-orban-challenges-the-eus-common-foreign-and-security-policy/, DOI: 10.59704/da56a3449b491903.

by Virgilio Dastoli and Emilio De Capitani

President Orban’s initiative to meet with President PUTIN by presenting himself in his capacity as the President of the Council of the European Union is objectionable at least under two perspectives.

The first perspective deals with the fact that according to the Treaty and Article 20 of the Council’s Rules of Procedure, the task of the President of the Council is primarily to organize and supervise “the proper conduct of the debates” as well as to “respect and to enforce the provisions of Annex V concerning the Council’s working methods.” It is thus an internal role within that institution to which is added the duty of dialoguing with the other EU co-legislator the European Parliament.

As such, the President of the Council does not therefore have a role of external representation of the Union, which is instead entrusted to the European Council for aspects of foreign and defense policy (Art. 15 TEU) and to the Commission for other Union policies. According to the Treaty “…The President of the European Council shall, at his level and in that capacity, ensure the external representation of the Union on issues concerning its common foreign and security policy, without prejudice to the powers of the High Representative of the Union for Foreign Affairs and Security Policy.”

These tasks of external representation are provided for in the treaty and reflect the institutional balance that cannot be altered by the institutions themselves. In this respect, European Council President Michel’s statement that Orban violated European law because he acted in the absence of a mandate is, in turn, objectionable, because even in the presence of a mandate the President of the Council is not legitimized by the Treaty itself to play an external political role much less in such a sensitive area as the War in Ukraine where the relevant institutions have already taken the initiatives they deemed appropriate.

By taking such an initiative, President Orban has thus also failed to comply with the principle of loyal cooperation between institutions (Article 13 TEU) and has demonstrated that he is unable to fulfill his neutral role as President of the Council.

It is now up to the other member states and, in particular, to the European Council to which the Treaty has entrusted the task of defining the internal organization of the Council and its Presidencies (Art.236 TFEU) whether to keep him in this function and review, the, at least inappropriate, choice of entrusting the Council Presidency to a Member State under surveillance procedure under Art.7.1 TEU as of 2018.

Possibilities under EU law to establish a platform for the exchange of information between the EU and the Member States to address the problem of abusive or politically motivated Interpol notices against EU citizens

LINK TO THE FULL STUDY

Abstract

This paper, commissioned by the European Parliament’s Policy Department for Citizens’ Rights and Constitutional Affairs at the request of the Committee on Civil Liberties, Justice and Home Affairs, analyses Interpol’s system of Red Notices and the EU-based mechanisms to safeguard citizens against political abuse of Interpol’s system. Recent reforms of Interpol are significant but many problems remain unaddressed. The paper discusses existing and possible platforms, including the European Search Portal, as ways to ensure a more effective enforcement of EU-based legal limits and fundamental rights on a European level.

AUTHOR Rasmus H. Wandall, PhD, Research fellow, University of Lund. Manuscript completed in February 2022 © European Union, 2022

EXECUTIVE SUMMARY

Background

In 2014, the European Parliament issued a resolution with recommendations on the matter (2013/2109(INL)) and since then, it has followed up with debates and further questions, most recently in 2021 concerning the candidacy for the Presidency of Interpol. In 2019, the DROI Committee of the European Parliament published a commissioned study on the misuse of Interpol Red Notices, putting forward a number of recommendations for Interpol reform. Also in 2019, the LIBE Committee and subsequently the European Parliament passed a resolution responding to the Russian Federation’s targeting of Lithuanian judges, prosecutors and investigators, and calling on EU Member States and Interpol to desist from assisting in the targeting (2019/2938(RSP)).

The Parliamentary Assembly of the Council of Europe issued a resolution in 2017 (2161/ 2017) and again in 2019 (2315/2019) both with recommendations for Interpol reform and with recommendations for its Member States. Numerous articles and civil society organisations continue to document abuse and express concern over the exploitation of Interpol and the further need for reform. The leadership of Interpol and the composition of it have attracted considerable attention in this regard.

On the European level, the Court of Justice of the European Union has in recent case-law addressed Member States’ obligations under EU law to limit the use of arrest warrants and extraditions to third countries – also in regard to Red Notices. On this basis, the study analyses recent reform efforts of Interpol with a view to politically motivated Red Notice requests and the possibilities under EU law to establish a platform for the exchange of information between the EU and the Member States to address this problem for EU citizens.

Aim

The aim of the study is to 1) describe Interpol, its organisational setup, its financial foundation, and the practice of the notice system, 2) discuss the recent reforms of Interpol, 3) give an overview of the recent case-law development of the Court of Justice of the European Union, and identify what information is necessary to share for Member States to ensure EU citizens against politically motivated Red Notices, and 4) discuss possible platforms on which EU Member States and the EU may exchange information to address the problem. Finally, the aim is to 5) give recommendations for possible action.

Key findings : The Interpol Organisation

A Red Notice is a request to have a person arrested. It is issued through Interpol’s global notice system. Interpol is governed by its General Assembly made up by its 194 members. The President and the Executive Committee Members are elected. A General Secretariat manages the daily operations. Financially, the largest donors to the Interpol are the European Union, the Interpol Foundation for a Safer World (fully funded by the United Arab Emirates), the United States of America, Canada, and Norway.

The General Secretariat coordinates and manages all Interpol’s activities. National Central Bureaus in member countries operate within domestic authorities and carry out part of Interpol’s work. The National Central Bureaus are managed by staff of the domestic authorities.

Red Notice requests are communicated by the National Central Bureau to the General Secretariat with a view to circulation worldwide. A task force in the General Secretariat reviews the requests prior to circulation. If approved, the notice is circulated and possibly publicised. Diffusion orders to arrest are not formal notices and are sent directly to other members of Interpol.

In 2020, Interpol issued 11,094 Red Notices and had more than 66,000 Red Notices in circulation. There has been a significant increase in numbers of Red Notices and Diffusion Orders since 2010.

Within the General Secretariat, a Secretary granted independence is appointed to support the Interpol Commission of the Control of Files. The commission handles individual complaints and performs both a supervisory and advisory role.

Interpol Rules governing the system of notices

Interpol activities, including the processing of Red Notices, must respect Interpol rules and must be consistent with the laws of the jurisdictions engaged by the acts in question.

Interpol is obliged not to assist or aid members that act in violation of international human rights law, and to respect the principle of neutrality stipulated in art. 3 in its Constitution.

The rule forbids the organisation to undertake any intervention or activity of a political, military, religious or racial character. Furthermore, a Red Notice must concern a serious ordinary-law crime and must pass a specific penalty threshold for the notice to be considered.

The National Central Bureaus and subsequently the General Secretariat’s task force review requests to ensure that all thresholds and rules are respected.

Interpol rules on data protection apply alongside overlapping regional and national data protection rules. In the area of the European Union, the Law Enforcement Directive, EU Fundamental Rights laws, and the case law of the Court of Justice of the European Union apply equally in every Member State. Since 2015, Interpol appointed a Data Protection Officer overseeing and developing data protection practice and organisation of Interpol. Each National Central Bureau equally appoints data protection officers.

Recent reforms of the Interpol Red Notice system

Politically motivated Red Notices allow governments to persecute political and other opponents abroad with significant consequences for those affected.

Despite the rights-based limitation of Interpol’s mandate to communicate Red Notices, the risk of politically motivated Red Notices is real. Moreover, observing that democracies are under pressure and that many countries have developed in an authoritarian direction, there is a strong argument that the risk has increased.

Interpol has carried out significant reforms since 2013. The review of Red Notice requests has been strengthened and a complaint mechanism under the Commission of the Control of Files has been enforced. Interpol has assigned a Data Protection Officer and implemented learning and knowledge sharing programmes to support the legal frameworks and good practices of all parts of the Interpol organisation.

Regardless, a number of legal tools continue to be lacking and there is a substandard transparency in the processing of Red Notices. Furthermore, more fundamental problems remain.

First, considering the increasing number of notices in circulation and considering the current setup, proper legal safeguards cannot be expected to be sufficiently enforced in the near future. Second, decentralised National Central Bureaus under the authority of domestic authorities represent a structural problem that is not sufficiently addressed through Interpol’s knowledge management organisation.

Third, the use of national databases to store and update Red Notices means that Interpol updates are ineffective on a global scale and leave inaccurate notice information in circulation on a significant level.

An EU-based platform for exchanging information

The Court of Justice of the EU has developed rights-based boundaries of its Member States’ use of arrest warrants – both in regard to extradition to Member States and to third countries.

The Council of the EU has subsequently affirmed initiatives to enforce these boundaries. Member States must consider fundamental rights as grounds for refusing arrest warrants and extraditions. Verifying that there is a real risk, the executing authority must find that the person in question is subjected to such real risk considering the specific circumstances of the case. If affirmative, a decision to extradite must be deferred. If the risk cannot be discounted, the authority must reach a decision itself or terminate the proceedings. In making this risk evaluation, information that is “objective, reliable, specific and properly updated” must be relied upon.

In its judgment in C-505/19, the Court extended the restrictions to the Member States’ use of Interpol Red Notices. In a case concerning a ne bis in idem violation and violation of the freedom of movement, the Court of Justice of the EU held that a) the mere possibility of a violation of the ne bis in idem principle is not enough to bar a preliminary arrest of the person in question. Only if it has been established “in a final judicial decision taken in a Contracting State or in a Member State” arrest and extradition are prohibited. The Court also held that it is not unlawful to process data in a Red Notice if the ne bis in idem principle may apply. If, however, it is established that the principle does apply and there are no grounds for a criminal process against the person, there is no longer basis for data processing and the person can legitimately require the Member State to erase the data on the Red Notice.

On all accounts, the Member State must effectively communicate the limitation in a note, thus making sure that the individual is not subjected to future arrests on the same grounds elsewhere.

Both within and outside the European Union, digital and professional network-based platforms are applied to facilitate the exchange of information across borders. Technically, European Union institutions have established digital software platforms to facilitate effective exchange of general and case specific information in the area of justice and security. Schengen Information System II, eEDeS (E-Evidence Digital Exchange System) , and e-Justice are important examples. The European Search Portal that provides a single point of entry to searching in several relevant databases simultaneously provides a strong case for a future platform.

Legally, all Member States may exchange information in their own capacities and can process personal data in Red Notices within the legal framework of the Law Enforcement Directive. To some extent the European Search Portal already provides legal and institutional mandate to some necessary data. However, several specific data needs further legal mandate and institutional framework for EU-institutions and EU Member States to share them.

Furthermore, effective exchange of information in the field of justice and security continue to require support from professional human-based networks. In the European area, the European Judicial Network is sigificant, establishing contact points in each Member State and integrating EU-based digital platforms.

Key recommendations

With regard to modelling an effective review and redress mechanism in Interpol for the future:

The European Parliament should call on the EU Commission to include the production of a forecast analysis and modelling that account for high volume cases and decentralised review & update process in the negotiations with Interpol as an area of collaboration.

With regard to procedural and substantive improvements (in prioritised order):

(1) the European Parliament could call on the EU Commission to include in the legal tools currently under development to support the European Arrest Warrant system, the processing of Red Notice requests. This should include step-by-step guidelines for all EU Member States on how to handle Red Notice requests (deciding on, communicating, updating, erasing, inserting notes).

(2) the European Parliament could call on the EU Commission to include in the negotiations with Interpol an item to have Interpol produce, update and make available procedural and substantive tools on the legal handling – including rights-based boundaries – of Red Notices, ensuring consistent and transparent processing of requests, reviews, challenges, corrections and deletions.

(3) the European Parliament could call on the EU Commission to include in the negotiations with Interpol an item to have Interpol produce yearly statistical data on processing of requests for Red Notices with data on country of request, criminal offence category, review outcome, reasons for denial, and the use of available sanctions against member countries. If this is not achieved, the European Parliament could call on the EU Commission to ensure that statistical data on EU Member States’ handling of requests for Red Notice arrests is developed for all Member States.

(4) based on the statistical data, the European Parliament could call on the EU Commission to include in the negotiations with Interpol an item to have Interpol develop public risk profiles of Red Notice requesting countries. This is necessary to evaluate the risk of abuse associated with the requesting countries and to evaluate the effectiveness of the enforcement mechanisms of Interpol.

(5) the European Parliament could call on the EU Commission to include a mechanism for EU to formulate and monitor the agenda of reform initiatives with regard to Red Notices, in the current negotiations for a collaboration agreement with Interpol.

Recommendations with regard to institutional support of platforms for exchange of necessary information:

Both digital platforms and professional human-based networks to facilitate the information exchange already exist. The most important actions are to support and further develop the proper functioning and synergies of these platforms. The European Search Portal provides an optimal starting point.

 (1)      the European Parliament could call on the EU Commission to further develop the legal and institutional framework of the European Search Portal to include a database on final judicial decisions related to existing Red Notices and prior decisions on arrest and extraditions related to an existing Red Notice, as well as a repository with relevant and updated human rights information on requesting countries.

(2) the European Parliament could call on the EU Commission to take the necessary steps to develop and administrate databases on final judicial decisions related to existing Red Notices, and prior decisions on arrest and extraditions related to an existing Red Notice, as well as a repository with relevant and updated human rights information on requesting countries.

(3) to support access and exchange of data, the European Parliament could call on the EU Commission to involve the European Judicial Network in the design of best practices when connecting to other authorities in Member States and when exchanging information concerning Red Notice warrants.

(4) the European Parliament could call on the EU Commission to establish an office to support the update of relevant data, the administration of the databases, and to coordinate the update and prepare procedural and legal guidelines to ensure fundamental rights of citizens going forward.

LINK TO THE FULL STUDY

STUDY (*) : European Parliament Research Service (EPRS) 16/12/2021

ABSTRACT : As the use of biometrics becomes commonplace in the era of artificial intelligence (AI), this study aims to identify the impact on fundamental rights of current and upcoming developments, and to put forward relevant policy options at European Union (EU) level.

Taking as a starting point the proposal for a regulation of the European Parliament and of the Council laying down harmonised rules on AI, presented by the European Commission in April 2021, the study reviews key controversies surrounding what the proposal addresses through the notions of ‘remote biometric identification’ (which most notably includes live facial recognition), ‘biometric categorisation’ and so-called ’emotion recognition’.

Identifying gaps in the proposed approaches to all these issues, the study puts them in the context of broader regulatory discussions. More generally, the study stresses that the scope of the current legal approach to biometric data in EU law, centred on the use of such data for identification purposes, leaves out numerous current and expected developments that are not centred on the identification of individuals, but nevertheless have a serious impact on their fundamental rights and democracy.

EXECUTIVE SUMMARY

This study explores biometrics in the era of artificial intelligence (AI), focusing on the connections between person identification, human rights and ethical principles. As such, it covers a subject of the greatest political and societal prominence. Among the many controversies in this area, certainly one of the most salient is the discussion surrounding facial recognition, and more specifically about the potential risks stemming from the use of live facial recognition technology in public spaces. The potentially negative impact of the widespread use of such technology has indeed mobilised a strong response from parts of civil society in Europe and globally.

From a policy and legislative viewpoint, in the European Union (EU) this discussion is currently being framed in terms of regulating possible uses of remote biometric identification. Live facial recognition technology uses facial templates that allow for the unique identification of individuals, and thus constitute – due to such capability for ‘unique identification’ – biometric data for the purposes of applicable EU data protection law.

For many years, the exploration of possible normative frameworks to accompany and duly channel the advent of AI has primarily turned around ethical considerations and principles. In 2020, however, the European Commission started openly and decidedly moving towards the adoption of a new legal framework for AI as main priority in this regard. For this purpose, the European Commission notably published in April 2021 a proposal for a regulation of the European Parliament and of the Council laying down harmonised rules on AI (COM(2021) 206 final) (hereafter also ‘the proposed AI act’ or ‘the proposed AIA’).

The proposal puts forward rules that apply to a variety of AI systems. Demonstrating the importance of biometric technologies, three types of AI systems, explicitly defined in the proposal and subject to specific rules, are in fact defined in the very text of the proposal on the basis of their connection with biometric data: these are ‘remote biometric identification systems’, ’emotion recognition systems’ and ‘biometric categorisation systems’:

• remote biometric identification systems are defined as AI systems used ‘for the purpose of identifying natural persons at a distance through the comparison of a person’s biometric data with the biometric data contained in a reference database, and without prior knowledge of the user of the AI system whether the person will be present and can be identified’;
• emotion recognition systems are defined as AI systems used ‘for the purpose of identifying or inferring emotions or intentions of natural persons on the basis of their biometric data’, and
• biometric categorisation systems are defined as AI systems used ‘for the purpose of assigning natural persons to specific categories, such as sex, age, hair colour, eye colour, tattoos, ethnic origin or sexual or political orientation, on the basis of their biometric data’.

These notions are however not yet fully consolidated at EU level, and thus one of the objectives of the study is to unpack their rationale, scope and possible limitations.

The proposed regulation defines ‘biometric data’ as ‘personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data’ (COM(2021) 206 final 42). This definition of biometric data is exactly the same as the one featured in the main instruments of EU data protection law, where the processing of biometric data for the purpose of uniquely identifying a natural person is regarded as constituting the processing of a special category of data that deserves the most stringent level of protection.

Scope and structure of the study

This study has been prepared on the basis of desk research. The focus of the study is the EU framework, although due consideration has also been given to international developments when relevant. The study first provides an overview of current trends in biometrics and AI, including technological considerations and information about notable uses, as well as specific information in relation to remote biometric identification, emotion recognition and biometric categorisation. Second, it presents the regulatory framework, illustrating that ongoing developments in the area of biometrics and AI do not occur in a legal vacuum, but amid pre-existing legal provisions and overarching EU fundamental rights obligations. Third, it reviews current policy discussions, in particular in the EU and as embodied by the European Commission’s proposal for a regulation on AI, and then puts forward policy options.

Biometrics and AI

Biometric data are increasingly used in a great variety of contexts. At EU level, the processing of biometric data has been actively encouraged and directly supported over the past years in the context of EU-level large-scale information technology (IT) systems in the area of freedom, security and justice (AFSJ). These systems, initially set up by the EU for asylum and migration management but increasingly also serving internal security, almost systematically rely on the massive collection of biometric data.

The review of ongoing technological and societal developments at the crossroads of biometrics and AI shows that, although identification is a crucial notion for biometrics, there are many developments aimed not primarily at identification but at the categorisation of individuals, assigning them to different categories, for instance on the basis of age or gender. It is however not always clear how the processing occurring for the purposes of categorisation is linked to identification, or to what extent such practices can always be separated.

Most notably, it is sometimes unclear, first, whether the data processed for categorisation purposes concern an identified or identifiable person at all, and whether such data should thus be regarded as personal data for the purposes of EU law. Second, it is sometimes unclear whether the data at stake – which often relate to the body – constitute or not biometric data, which requires taking into account whether the data allow for the identification of the individual (even if they are processed for the purpose of categorisation). Complicating the situation further, sometimes the categorisation of individuals is in practice a step taken towards their identification.

Regulatory framework

There is currently no European legislation relating exclusively to biometrics. The most directly relevant specific rules of EU law are to be found in EU data protection law. In addition, the whole existing EU fundamental rights architecture is fully applicable to the use of biometric technologies.

A review of this architecture and of the most relevant rules on biometrics and on automated decision-making in EU data protection law, as well as of the most important case law in this area emanating from the Court of Justice of the EU (CJEU) and the European Court of Human Rights (ECtHR), shows that ongoing technological developments are taking place amid – and possibly also somehow despite – existing rights and principles, which might thus possibly need to be reinforced, clarified, or at least fine-tuned.

Impact on fundamental rights

AI-enabled biometric technologies pose significant risks to numerous fundamental rights, but also to democracy itself. In this sense, for instance, the pervasive tracking of individuals in public spaces constitutes not only a major interference with their rights to respect for private life and to the protection of personal data, but can also impact negatively on their rights to freedom of expression, and to freedom of assembly and association, altering the way in which certain individuals and groups are able to exercise social and political protest. The deployment of facial recognition technologies during peaceful assemblies can discourage individuals from attending them, limiting the potential of participatory democracy. Bias and discrimination are a well-documented issue in this field, and can be the result of a variety of factors.

Different uses of biometric technologies can have different specific types of impact on fundamental rights. The deployment of remote biometric identification in public spaces, in this sense, is particularly problematic as it potentially concerns the processing of individuals’ data – without their cooperation or knowledge, on a massive scale.

Regulatory trends and discussions

There is an ongoing – even if not fully systematic – shift from the discussion of ethical frameworks for AI to the regulation of AI systems by law. It appears nevertheless clear to many actors that an improved framework is needed to guarantee the fairness, transparency and accountability of AI systems, an objective that can be pursued by enhancing representation at various levels of decision-making.

Developments in the United States (US) are numerous and illustrate a variety of approaches, most notably targeting facial recognition. In Europe, the Council of Europe has been particularly active in this area and is currently working on a possible new legal framework at its level for the development, design and application of AI, based on recognised Council of Europe standards in the field of human rights, democracy and the rule of law. In 2021, there was registered a European citizens’ initiative named ‘Civil society initiative for a ban on biometric mass surveillance practices’, calling for strict regulation of the use of biometric technologies in order to avoid undue interference with fundamental rights.

The European Commission published its proposal for a regulation of the European Parliament and of the Council laying down harmonised rules on AI (COM(2021) 206 final) on 21 April 2021. The proposal is based on Articles 16 and 114 of the TFEU, on personal data protection and the internal market, respectively. The proposed AI regulation prohibits the use of some AI systems (listed in the proposed Article 5), and qualifies other AI systems as ‘high-risk’, detailing the rules applicable to such ‘high-risk’ systems.

The area of biometric identification and categorisation of natural persons is in principle ‘high risk’, but under this heading (heading 1), only a concrete group of AI systems are mentioned: ‘AI systems intended to be used for the ‘real-time’ and ‘post’ remote biometric identification of natural persons’. There is, however, no reference to biometric categorisation being recognised as ‘high risk’. Potentially, it is possible to imagine there might exist AI systems that involve the processing of biometric data in all other areas listed as ‘high risk’.

The AI regulation proposed by the European Commission foresees, as a general principle, ‘the prohibition of the use of ‘real-time’ remote biometric identification systems in publicly accessible spaces for the purpose of law enforcement‘. Nevertheless, such real-time remote biometric identification systems can be used as far as such use is strictly necessary for certain objectives and under certain conditions.

The proposed AI regulation explicitly excludes from its scope of application AI systems that are components of existing and upcoming EU-wide large-scale IT systems, if the systems were placed on the market or put into service during the first year of application of the regulation, or before that date. This rule would, however, not be applicable if the legal acts establishing such EU-wide large-scale IT systems would lead ‘to a significant change in the design or intended purpose of the AI system or AI systems concerned’ (proposed Article 83(1) AIA). The proposed text notes, despite the proposed regulation not being applicable as such to the systems mentioned, that the requirements that it lays down must ‘be taken into account, where applicable’ in the evaluation of these large-scale IT systems as provided for in those respective acts (idem), but it is unclear what such ‘taking into account’ would imply.

Policy options

In light of the findings of the study, the following policy options are put forward:

Delimit better the regulation of biometrics and biometric data: the proposed AIA reproduces the definition of ‘biometric data’ present in EU data protection law since 2016. The interpretation of the definition is not completely clear, and there are significant uncertainties as to how to apply EU data protection rules to biometric data. The definition, in any case, does not appear to cover all the problematic practices that are often framed in the literature and even by policy-makers as related to biometrics. It is thus important to shed further light on the scope and relevance of the definition, but also to think critically about the impact of conditioning some other notions put forward in the AIA (such as ‘biometric categorisation’ or ’emotion recognition’) to the processing of biometric data defined in such a way.

Improve the future qualification of new AI systems as high-risk: it is necessary to envisage a faster, clearer and accessible path to qualifying additional AI systems as high-risk systems in the future. Civil society organisations could be given a role to raise the alarm of major risks, especially insofar as the affected persons would potentially be in vulnerable positions.

Explicitly ban certain uses of live facial recognition: the proposed AI regulation fails to prohibit real-time remote biometric identification in public spaces for law enforcement purposes, despite conceding that it triggers even more risks than ‘high-risk’ AI systems. The regulation should at least formally and effectively ban the persistent tracking of individuals in public spaces by means of remote biometric identification, as it has major consequences for fundamental rights and democracy.

Regulate ‘post’ remote biometric identification in the same manner as ‘real-time’ remote biometric identification: the proposed AI regulation fails to address properly the risks connected with the retroactive identification, using facial recognition, of individuals whose images have been recorded while they were in public spaces. In practice, the risk of persistent tracking and its associated adverse impact on fundamental rights and democracy are, however, at least equivalent to the risk associated with ‘real-time’ remote biometric identification. ‘Post’ remote biometric identification of natural persons recorded while in public spaces should be subject to the same rules as the ‘real-time’ equivalent.

Establish at EU level the necessary safeguards for real-time remote biometric identification: the proposed AI regulation leaves it up to the Member States to define, by law the exact conditions for the use of in principle prohibited but actually permitted real-time remote biometric identification in public spaces for law enforcement purposes. The only detailed condition is the need for prior authorisation granted by a judicial authority or by an independent administrative authority. Substantive safeguards for the prohibited but exceptionally permitted uses of real-time remote biometric identification, if any, must be specified at EU level in the future AIA itself, as opposed to being left to the discretion of the Member States.

Ban AI systems assigning to categories that constitute sensitive data based on biometric data: the proposed AI regulation gives a definition of ‘biometric categorisation system’ that is unclear and conceptually problematic, most notably to the extent that it seems to endorse the idea that it is possible – scientifically, ethically and legally – to use AI systems to assign natural persons to a sexual or a political orientation. If a reference to the use of similar AI systems persists in the draft, it should be phrased clearly as a prohibition.

Clarify the regulation of ’emotion recognition’: the status of ’emotion recognition’ in the proposal for a regulation on AI is not entirely clear. The proposed definition of emotion recognition seems to imply that emotions and intentions of individuals can be inferred from biometric data. This would only possibly make sense if biometric data are understood in a broad sense, not limited to data concerned with the unique identification of individuals. In addition, the list of high-risk systems in Annex III includes various references to systems used ‘to detect the emotional state of a natural person’, without clarifying if these would correspond to what is defined as ’emotion recognition’ systems or would potentially be something else.

Increase transparency towards individuals as a necessary means to guarantee rights and remedies: the proposed AI regulation privileges imposing obligations on actors other than the users of AI systems, who are only subject to a limited number of provisions. The use of extremely high-risk systems in particular should be conditioned to additional obligations imposed on users towards individuals, notably in terms of transparency both prior to the use and during the use. Transparency is crucial for the exercise of rights and the effectiveness of remedies. Limitations to transparency should be compensated with measures that guarantee the accountability of such limitations.

Do not allow for special exemptions to general rules for EU large-scale databases: the use of biometrics and AI in EU large-scale IT systems is massive, raising serious risks for fundamental rights. The fact that the European Commission’s proposal for a regulation on AI deliberately leaves out of its scope of application certain AI systems to be used in the AFSJ is of great concern. It is essential that large-scale IT systems in the AFSJ comply fully with the highest standards of EU law.

LINK TO THE FULL STUDY LINK TO THE ANNEX

(*) This study has been written by Professor Gloria González Fuster and Michalina Nadolna Peeters of the Law, Science, Technology and Society (LSTS) Research Group at Vrije Universiteit Brussel (VUB) at the request of the Panel for the Future of Science and Technology (STOA) and managed by the Scientific Foresight Unit, within the Directorate-General for Parliamentary Research Services (EPRS) of the Secretariat of the European Parliament.

by Emilio DE CAPITANI

On Wednesday 15th following Council and Commission statements a Plenary debate is foreseen on a  Legislative proposal by the European Commission for a “COUNCIL DECISION on provisional emergency measures for the benefit of Latvia, Lithuania and Poland” (2021/0401(CNS) COM(2021) 752). The proposal has been referred to the Civil Liberties Committee (LIBE) and the legal basis is the art.78.3 of the TFEU according to which: «In the event of one or more Member States being confronted by an emergency situation characterized by a sudden inflow of nationals of third countries, the Council, on a proposal from the Commission, may adopt provisional measures for the benefit of the Member State(s) concerned.”

1. On the choice of art. 78.3 as legal basis 

The first point to be evaluated by the EP is if the chosen legal basis is appropriate and justified bearing in mind that the so called “sudden inflow of third Country nationals” started five months ago and has substantially decreased in the recent weeks (also because of the EU diplomatic and political pressure exerted on Belarusian authorities). Are still today Poland Lithuania, and Latvia in an emergency situation? This is apparently no more the case even for the Members of the  European Commission who some days ago didn’t qualify it as a migration crisis, declared that the situation was easing, and even that the influx of migrants to Minsk “has more or less stopped totally.”

If so, the chosen legal basis of art.78.3 which under exceptional  circumstances unsettles on a temporary basis the institutional balance and the principle of “separation of powers” in the EU is no more appropriate. Choosing art.78.3 should remain the Ultima Ratio and the EP should continue playing fully his Constitutional responsibilities and a co-decisive role in a domain where the EU intervention is deemed to give specific expression fundamental rights such as the right to asylum or the non-refoulement obligation. Furthermore excluding the European Parliament by maintaining the current art.78.3 legal basis will also be extremely prejudicial to the EP credibility also because the draft Decision intend to amend even if on a temporary basis some pieces of EU legislation hardly negotiated and adopted by the EP.

Under these circumstances it could be wise for the EP to decide on the position to be taken if maintaining or not art.78.3 as a legal basis only after having verified on the ground and with the EU Member States concerned what is the current state of things.

• Can an “Hybrid war” justify the violation of fundamental rights ?

For the EU and its Member States this may look as a rhetorical question but in the case of the Belarus crisis is not. As recently  stated by several ONGs, “while the people in the middle of the crisis are being used as parties in the conflict between the EU and Belarus which has a security dimension, the people themselves are not a security threat, and should neither be referred to nor be treated by either side as though they were a weapon.” Migrants not being themselves a security threat it is important that , at least the EU and Its Member States respect the EU and international law according to which everyone seeking asylum at the borders, irrespective of the manner of their arrival, has the right to make an asylum application. As a consequence access to asylum in Poland, Lithuania and Latvia should be restored both in law and in practice.

The state of emergency declared by the EU Member States blocking  the arrival of civilian and vulnerable people may become an overreaction as it is preventing people from reaching the EU’s territory. Seeking asylum is a fundamental right and non-refoulement is a non-derogable principle that must be observed even in times of emergency.

The use of force, conducting push-backs, prohibiting asylum applications from being lodged through limiting effective access to the procedure via geographical restrictions on where claims can be lodged, are practices incompatible with international and EU law.

As denounced by Human Rights Watch these clear violations of the law by Belarus could not justify a similar behavior by the EU Member States on the other side of the border.

This is notably the case of Poland whose Parliament has decided that migrants can be « pushed back » to the Border and that their asylum requests can be ignored.

Morevoer the fact that the ECHR has adopted not less than 47 Interim Measures in conformity with art.39 of the ECHR to block several refoulements (now  called “push backs”) as it is the silence of the European Commission (so called “Guardian of the Treaties”) on the same facts.

• How EU Solidarity may be decisive to overcome the Belarus crisis ?

Unfortunately migratory and Asylum Crisis are not new in the EU History. Since the fall of the Berlin Wall and the adoption of the Treaties of Maastricht and Amsterdam the EU has played a growing role in helping its member states in moment of emergency and crisis. Already in 2001 an EU Directive (still into force) has been adopted to face situations where a mass influx of people could push under pressure the Member States Asylum services. In these cases a temporary humanitarian protection may be granted for the time necessary to examine the request for asylum,  and a relocation mechanism is foreseen to share the burden with the other EU Member States. This very notion of EU solidarity is now mirrored in art. 80 of the TFEU and has been the background of the relocations measures adopted in 2015 to help Italy and Greece which were under the pressure of the migrants escaping the Syrian War.

Quite surprisingly the European Commission has not yet foreseen a similar initiative to support Lithuania, Latvia and Poland by relocating in other EU countries, (even on a voluntary basis) the migrants stranded at the Belarus Border.

For the time being the solidarity  has been of financial nature and €360 million have been allocated to these Member States under the Border Management and Visa Instrument (BMVI) for this financial period, and a  further top-up of around €200 million (that will be available for 2021 and 2022) has been granted to support them in managing the inflow of some thousands Third Country Nationals. These financial initiatives should be more than welcome but as in all the other cases of EU financing should be conditioned to the full respect of fundamental rights and of the Rule of Law (as required by the “Common Provisions” Regulation and the Regulation on Budgetary conditionality).

4 On the content of the Commission draft Decision

By choosing the art. 78.3 as legal basis the European Commission had the opportunity on the basis of the CJEU jurisprudence to submit (even if only on a temporary basis) the long awaited revision of the Dublin Regulation (which still after Lisbon ignores the notion of Solidarity in art. 80 of the TFEU) or could have proposed the humanitarian visa at EU level (as repeatedly required by the EP) or even the establishment of humanitarian corridors not to speak of the decriminalization at EU level of ONG intervening for humanitarian reasons.  

Quite the reverse the main derogations proposed by the European Commission have been to some essential EU Directives already adopted in co-decision by the European Parliament such as:

-the Asylum Procedures Directive (Article 6(1) of, Articles 25(6) point (b), Article 31(8) and 43(1) point (b) Article 43(2) Article 46(5) and (6) (see art.2 of the Commission Proposal)

– the Asylum “Reception” Directive 2013/33/EU Article 17 and 18 (see art.3 of the Commission Proposal)

– the “Return” Directive 2008/115/EC. (see art.4 of the Commission Proposal)

The proposed derogations are highly questionable because almost all the measure presented as an expression of the principle of Solidarity are de facto at the expenses of the Migrants fundamental rights. Moreover they create a blurred space which threatens the principles of legal certainty and of the Rule of Law not to speak of the EU mission of placing “…the individual at the heart of its activities, ..” (EU Charter Preamble).

As a result of this proposal fundamental rights could be threatened without relieving the pressure on the EU Member States involved.

It is then not surprising that most of the measures proposed have already been severely criticized by and civil society representatives and legal scholars such as the Meijers Committee, which in its comments on December 14^th, criticized:

• The broad possibilities to apply an accelerated border procedure without consideration of personal circumstances other than particular health issues; Short time limits may make it impossible for the applicant to substantiate his asylum application and for the authorities to conduct an appropriate examination of the application. The obligation to follow an accelerated procedure in these situations may lead the determining authority to refrain from a rigorous examination of the application. The ECtHR has held that the speed of the procedure cannot undermine the effectiveness of the procedural guarantees which aims to protect the applicant against arbitrary refoulement. The CJEU has also recognised in its case law that short time limits may impede the effective exercise of EU procedural rights, such as the right to be heard.

• The excessively lengthy period granted to Member States for registering an asylum application and granting access to their territory, likely to result in large scale  de facto detention at the external borders. Although the asylum border procedure does not necessarily entail detention, applicants subject to the asylum border procedure are not authorised to enter the Member State’s territory. This will in all probability lead to a considerable increase in the use of detention of applicants for international protection.

• Withholding automatic suspensive effect of appeals in the ‘emergency migration and asylum management procedure’; and the lowering of reception conditions to the basic minimum, which is not further defined in the proposal, and risks not being able to address the particular needs of asylum seekers as a vulnerable group in need of special protection. It is of importance to note that the ECtHR has held that in view of the importance of Article 3 of the Convention and the irreversible nature of the damage which may result if the risk of torture or ill-treatment materialises in cases in which a State Party decides to remove an alien to a country where there are substantial grounds for believing that he or she faces a risk of that nature Article 13 requires that the person concerned should have access to a remedy with automatic suspensive effect.

Not surprisingly the Meijers Committee ask the Commission to withdraw its Proposal and it is now up to the EP to decide if endorsing the same request by reserving the right to challenge the text before the Court in case of adoption by the Council.