Systèmes d’information européens sécurité-immigration : lorsqu’ “interopérabilité” ne rime effectivement pas avec “interconnexion”

ORIGINAL PUBLISHED ON “EU Immigration and Asylum Law and Policy” BLOG

by Pierre BERTHELET

“Il convient d’exploiter toutes les possibilités offertes par d’éventuelles synergies entre les systèmes d’information nationaux et européens, sur la base de l’interopérabilité”. Ces propos ne datent pas des conclusions du dernier Conseil JAI sur ce thème, celles du 9 juin 2017, mais bien d’une communication de la Commission remontant au mois de mai 2005. La problématique de l’interopérabilité des bases de données JAI est par conséquent tout sauf neuve. Elle revêt néanmoins une acuité particulière à la lumière des efforts axés sur le renforcement de l’efficacité et de l’efficience de la gestion des données dans l’UE. Comme le fait remarquer une étude juridique de mai 2017, le volume des données échangées entre les Etats membres et stockées au sein des systèmes européens d’information s’est accru considérablement depuis les attaques de Paris de 2015.

L’interopérabilité s’insère ainsi dans l’optique d’une rationalisation d’informations désormais abondantes au niveau de l’Union. Elle constitue un chantier majeur de la construction européenne en matière de gestion des systèmes d’information. Plus exactement, l’interopérabilité – et l’interconnexion par ailleurs – peuvent être envisagées sous la forme de poupées russes : l’interconnexion est un élément de la réponse des institutions européennes apportée en matière d’interopérabilité qui, elle-même, constitue un volet de la réforme actuelle ayant trait à la gestion des systèmes européens d’information. Elle est un concept générique qui s’inscrit dans le cadre de travaux interinstitutionnels visant à améliorer les mécanismes d’échange et de traitement de l’information, en toile de fond du développement considérable qu’ont connu ces systèmes cette dernière décennie. Son caractère ambigu tient au fait qu’elle renvoie autant au projet lui-même qu’à l’objectif porté par ce projet. Or, force est de constater que, depuis 2016, le degré d’avancement du chantier entrepris dans le domaine de l’interopérabilité est déjà élevé (1). Quant à l’interconnexion, il s’agit, à la lumière des récents textes l’évoquant, d’un processus loin de recueillir l’assentiment unanime (2).

1. L’interopérabilité des systèmes, un degré d’avancement du projet déjà élevé

Bien qu’évoquée depuis plusieurs années, l’interopérabilité des systèmes est un projet ayant connu un regain d’intérêt récent. Elle correspond à un processus interinstitutionnel  initié il y a quelques mois seulement (a). L’objectif est de rendre la gestion de l’information dans le domaine de la sécurité, des frontières et des flux migratoires davantage performante (b).

a. Un processus interinstitutionnel initié il y a quelques mois seulement

Avant d’entrer de plain-pied dans l’analyse, il importe de préciser les termes employés, à savoir l’interopérabilité d’une part et l’interconnexion d’autre part. Une communication de novembre 2005, consacrée au renforcement de l’efficacité et de l’interopérabilité des bases de données européennes fournit un éclairage à ce sujet. Dans ce texte destiné, déjà à l’époque, à lancer un débat en profondeur sur la forme et l’architecture à long terme des systèmes d’information, la Commission définit la connectivité comme un terme générique renvoyant à la connexion de systèmes aux fins de transfert de données. En France, le Conseil d’État considère, dans une décision du 19 juillet 2010, l’interconnexion «comme l’objet même d’un traitement qui permet d’accéder à, exploiter et de traiter automatiquement les données collectées pour un autre traitement et enregistrées dans le fichier qui en est issu ».

Tirant cette définition d’un document élaboré par l’European Interoperability Framework (qui est la concrétisation du plan d’action eEurope approuvé par le Conseil européen de Séville de 2002, et visant promouvoir les services publics en ligne), l’interopérabilité signifie, selon cette communication de novembre 2005, la « capacité qu’ont les systèmes d’information et les processus opérationnels dont ils constituent le support d’échanger des données et d’assurer le partage des informations et des connaissances ».

Ceci étant dit, les travaux actuels trouvent leur origine dans une communication de la Commission du 6 avril 2016 visant à lancer un débat sur l’existence de lacunes ainsi que de défaillances systémiques au sujet des bases de données JAI. Plus exactement, il s’agit d’œuvrer dans l’amélioration de l’architecture de gestion des données de l’UE concernant le contrôle aux frontières et de la sécurité intérieure. Le périmètre est ainsi réduit à un pan de l’ELSJ, et ce, même si la dimension judiciaire est évoquée ponctuellement à travers le projet d’interconnexion des casiers judiciaires européen. En outre, il est étendu partiellement aux systèmes d’information nationaux, l’objectif étant d’assurer une fluidité de l’information à la fois au niveau horizontal (les systèmes européens) et au niveau vertical (entre les systèmes européens et les systèmes nationaux).

Pour mener à bien cette réflexion, la Commission a réuni le mois suivant sa communication d’avril 2016, un « groupe d’experts de haut niveau sur les systèmes d’information et l’interopérabilité ». Ce groupe d’experts, qui a mené ses travaux conformément aux prescriptions d’une feuille de route sur l’échange d’information et l’interopérabilité, approuvée par le Conseil JAI du 10 juin 2016, a rassemblé des représentants des Etats membres (y compris les pays Schengen non membres de l’UE), ceux des agences européennes (Frontex, eu-LISA, Europol, EASO et FRA), le Coordinateur pour la lutte antiterroriste et le CEPD (et ont été associés aux travaux, le secrétariat général du Conseil et celui de la commission LIBE du Parlement européen au titre d’observateur). L’objectif de ce projet relatif à l’interopérabilité, précise le Conseil, vise à appuyer les investigations opérationnelles, notamment dans le domaine de la lutte antiterroriste, et d’apporter rapidement aux autorités nationales de terrain (garde-frontières, policiers, agents de l’immigration et procureurs notamment) toutes les informations nécessaires en temps et en heure pour mener à bien leurs missions.

Les travaux du groupe ont trouvé un soutien politique fort émanant à la fois du président de la Commission, Jean-Claude Juncker, ainsi que du Conseil européen. Le premier, dans son discours sur l’état de l’Union en septembre 2016, peu avant la tenue du Conseil européen informel de Bratislava, a souligné l’imminence de la présentation par la Commission, du système européen d’information et d’autorisation concernant les voyages (ETIAS). Le second, dans des conclusions de décembre 2016, a appelé « à poursuivre les efforts en matière d’interopérabilité des systèmes d’information et des bases de données » (point 9). Ce groupe à haut niveau a rendu son rapport final le 11 mai 2017, dont le contenu a nourri l’analyse de la Commission dans l’élaboration de son septième rapport publié une semaine plus tard, sur les progrès accomplis dans la mise en place d’une union de la sécurité réelle et effective. Enfin, le Conseil, jugeant l’interopérabilité comme essentielle à la sécurité, a approuvé, le 9 juin 2017, les conclusions précitées dans lesquelles il approuve les solutions dégagées par le groupe d’experts et ce, en vue d’une gestion de l’information davantage performante.

b. Une gestion de l’information se voulant davantage performante

L’importance de l’interopérabilité des systèmes d’information est clairement rappelée par la Commission dans ce septième rapport. En réalité, ce constat est dressé quelques mois plus tôt, dans sa communication d’avril 2016, qui elle-même, fait suite à différentes conclusions du Conseil. Ainsi, concernant le seul SIS II, dans celles d’octobre 2014, le Conseil a envisagé une connexion entre ce système et la base de données « faux documents » d’Interpol (SLTD), de manière à ce que les utilisateurs finaux aient accès simultanément aux deux systèmes lors d’une même recherche. Dans celles approuvées peu avant, en juin 2014, il a invité les États membres utiliser pleinement le SIS II dans le cadre de la lutte contre le terrorisme, invitation répétée au demeurant dans la déclaration commune de Riga, adoptée après les attaques contre le journal Charlie Hebdo. Quant aux conclusions du 20 novembre 2015, approuvées après les attaques du Bataclan et la fuite consécutive de Salah Abdeslam avec l’aide de deux complices venus de Belgique, le Conseil a souligné l’importance d’une consultation systématique du SIS II lors des contrôles frontaliers.

À cette fin, la Commission, en se référant à certains de ces textes ainsi qu’à la déclaration commune sur les attentats terroristes du 22 mars 2016 à Bruxelles préconisant de renforcer l’interopérabilité, a présenté dans sa communication d’avril 2016, dans laquelle elle identifie un ensemble d’incohérences et de dysfonctionnements, parmi lesquelles, des fonctionnalités non optimales des systèmes européens d’information et un problème de la qualité des données auquel s’ajoute des lacunes dans l’architecture de l’UE en matière de gestion des données liée notamment à l’absence pure et simple d’une série de systèmes d’information. Quant à ceux existants, leur fonctionnement doit être amélioré. C’est le cas du SIS II, dont Europol n’a pas encore fait pleinement usage, alors même que l’agence dispose d’un droit d’accès à celui-ci. En outre, certains systèmes existent partiellement, mais ils ne sont pas encore pleinement opérationnels. C’est le cas des systèmes nationaux mis en place dans le cadre des décisions dites « de Prüm » et pour lesquelles plusieurs États membres ne remplissent toujours pas leurs engagements. Le paysage européen des systèmes d’information se caractérise donc par une multiplicité de dispositifs, des niveaux d’achèvement différents et des modes de fonctionnement distincts. Il en résulte une mosaïque complexe, car ces systèmes sont soumis à des régimes juridiques variables, rendant l’ensemble difficilement intelligible.

Cette superposition de systèmes conduit à une architecture européenne fragmentée au sujet de la gestion des données. Chacun système fonctionne en silo, faisant que les informations contenues sont peu interconnectées. Ce compartimentage des données a des conséquences problématiques concrètes. Ainsi, l’auteur de l’attaque terroriste de Berlin de décembre 2016, Anis Amri, a eu recours à pas moins de quatorze identités différentes. Ces fausses identités ont permis à ce ressortissant tunisien de se déplacer aisément en Allemagne, puis de prendre la fuite hors du pays avant d’être abattu à Milan. Or, comme le fait observer le quatrième rapport de la Commission sur la sécurité, ses déplacements auraient pu être détectés si les systèmes employés étaient dotés d’une fonctionnalité permettant une recherche simultanée dans plusieurs d’entre eux, au moyen d’identificateurs biométriques.

L’interopérabilité apparaît dès lors comme une réponse aux défis sécuritaires, en particulier terroristes, pour lesquels le recours aux systèmes d’information est un élément indispensable de la réponse à fournir.

La réforme de la gestion de l’information est effectuée au moyen d’une approche horizontale, via les travaux du groupe d’experts de haut niveau. Elle s’effectue aussi de manière sectorielle, à travers l’adoption de textes instituant des systèmes d’information (ou modifiant ceux existants).

En premier lieu, des systèmes sont en projet ou en cours de réalisation. Peuvent être mentionnés la proposition présentée en janvier 2016, étendant aux ressortissants de pays tiers le Système européen d’information sur les casiers judiciaires (ECRIS-TCN), la proposition révisée établissant le système d’entrée/sortie (EES) et présentée en avril 2016 (en parallèle à une modification du règlement de mars 2016 relatif au Code Frontières Schengen), la proposition de règlement instituant l’ETIAS présentée quant à elle en novembre 2016, ou le système d’index européen des registres de la police (EPRIS) dont l’ébauche correspondrait au projet auquel la France prend part et dénommé ADEP (Automated Data Exchange Process).

En deuxième lieu, d’autre systèmes existent, mais ils doivent être réformés. Il s’agit en particulier d’Eurodac (une proposition de règlement, présentée en mai 2016, permettant notamment de stocker l’image faciale, est en cours de discussion entre le Conseil et le Parlement européen), et du SIS II (un paquet législatif, présenté en décembre 2016, composé de quatre propositions de règlement est également en cours de discussion, prévoyant l’obligation pour les États membres d’émettre des alertes concernant des personnes liées à des infractions terroristes).

Or, le processus de refonte opéré des différents systèmes (et la création de ceux n’existant pas encore) est pensé dans la perspective de l’interopérabilité et même de l’interconnexion. Par exemple, concernant le SIS II, une disposition de la proposition de règlement créant l’ETIAS, prévoit que l’unité centrale ETIAS puisse opérer des recherches dans le SIS II. De prime abord, l’interconnexion des systèmes est, au vu de cet exemple, effective, ou du moins, en voie de l’être. Or, ce n’est pas cas en réalité et il s’agit plutôt de l’exception qui confirme la règle.

2. L’interconnexion des systèmes, un projet suscitant peu l’enthousiasme institutionnel

L’interconnexion est une option visant à atteindre le stade de l’interopérabilité des systèmes d’information. Cependant, il s’agit d’une option parmi d’autres (a), et qui ne reçoit qu’un accueil institutionnel pour le moins prudent (b).

a. L’interconnexion, une option parmi d’autres

L’interconnexion, au sens défini ci-dessus, apparaît seulement comme une option parmi celles avancées par la Commission dans sa communication d’avril 2016. Plus exactement, le texte en présente quatre aux fins de parvenir à une situation d’interopérabilité : l’interface de recherche unique, le service partagé de mise en correspondance de données biométriques, le répertoire commun de données d’identité et enfin l’interconnexion des systèmes d’information proprement dite.

Dans le premier cas, l’interface de recherche unique, il s’agit de permettre à une autorité nationale d’interroger plusieurs systèmes d’information de manière simultanée. Ce système, qui existe en France avec l’application COVADIS (Contrôle et vérification automatiques des documents sécurisés), permet au service interrogeant d’obtenir sur un seul écran les résultats des requêtes, ceci dans le respect des droits d’accès propre à ce service. Cette hypothèse de l’interface unique a, au demeurant, reçu l’assentiment des ministres français et allemand dans le cadre de leur « initiative sur la sécurité intérieure en Europe » du 23 août 2016.

Le service partagé de mise en correspondance de données biométriques vise, quant à lui, à proposer au service utilisateur, une interrogation des systèmes à partir des identifiants biométriques. Pour l’heure, chaque système européen dispose de son propre dispositif d’identification. L’objectif est, au moyen de ce service partagé, d’effectuer des recherches dans les différents systèmes d’information et de mettre en évidence les coïncidences, par exemple sous forme de hit/no hit, entre ces données.

Le troisième cas a trait à l’établissement d’un répertoire commun de données d’identité en tant que module central dans lequel figure un portefeuille de données (nom, prénom, date et lieu de naissance par exemple). Ces données constituent un socle commun à tous les systèmes, les autres données étant, quant à elles, stockées au sein de modules spécifiques à chacun d’eux. Comme le précise le rapport du Sénat du 29 mars 2017 consacré à l’espace Schengen, la proposition de règlement créant l’ETIAS envisage ce dispositif, du moins entre ce système et l’EES.

Enfin, la dernière option a trait précisément à l’interconnexion des systèmes d’information. L’avantage est de permettre la consultation automatique des données figurant dans un système, par l’intermédiaire d’un autre système. L’interconnexion, ajoute ce rapport du Sénat, présente l’intérêt d’assurer un contrôle croisé automatique des données, limitant ainsi le volume d’informations circulant au sein des réseaux. À cet égard, la proposition de règlement relatif à l’EES envisage une interconnexion avec le VIS. Cette option est évoquée, mais elle va être, dans une large mesure du moins, délaissée.

b. L’interconnexion, une option en grande partie délaissée

Sans pour autant être totalement écartée (en particulier dans la proposition de règlement relatif à l’EES), l’interconnexion ne rencontre pas un franc succès et c’est le moins que l’on puisse dire. D’abord, elle n’a pas l’assentiment du groupe d’experts de haut niveau. Dans leur rapport intermédiaire, remis en décembre 2016, celui-ci avait considéré l’interconnectivité des systèmes comme une solution ponctuelle. Le rapport final consacre ce point de vue en rejetant l’idée d’une généralisation de l’interconnexion et il privilégie trois solutions qui font écho aux autres options avancées par la Commission, à savoir un portail de recherche européen, un service partagé de mise en correspondance de données biométriques et un répertoire commun de données d’identité. Plus exactement, l’interface de recherche unique est préférée à l’interconnexion, ce qui va dans le sens de la position du Conseil qui, dans sa feuille de route sur l’échange d’informations, s’était déclaré pour cette solution de l’interface unique. Reste que si cette dernière avait les faveurs du Conseil et ce, au regard des autres options, les experts ont, pour leur part, conservé l’idée d’un répertoire commun de données et la mise en correspondance de données biométriques comme des pistes exploitables à court terme, et non à moyen et long termes comme le suggérait la feuille de route.

Ensuite, l’interconnexion ne trouve pas non plus un écho favorable auprès de la Commission. Celle-ci fait sienne, à cet égard, les recommandations figurant dans le rapport du groupe d’expert, en se bornant à préciser que des réunions tripartites Conseil-Parlement-Commission au niveau technique devraient avoir lieu en automne 2017, en vue de dégager une vision commune avant la fin de l’année 2017, ceci afin de parvenir à cet objectif d’interopérabilité des systèmes à l’horizon de l’année 2020. La Commission reprend donc à son compte les options retenues par le groupe à haut niveau, en se bornant à fixer cette date-butoir, étant entendu par ailleurs que celle-ci correspond à l’échéance à laquelle l’EES devrait être opérationnel. À cette fin, une proposition législative sur l’interopérabilité devrait être présentée, en parallèle à une proposition de révision du VIS, à une proposition sur l’ECRIS, ainsi qu’à une autre visant à renforcer le mandat de l’agence européenne eu­LISA.

Au final, concernant les systèmes d’information européens sécurité-immigration, l’interopérabilité ne rime pas avec l’interconnexion. Cette lapalissade reflète parfaitement la volonté des institutions européennes préférant à la centralisation, la synergie ainsi que l’avaient souligné en leur temps, la déclaration de mars 2004 sur la lutte contre le terrorisme, le programme de La Haye et la déclaration du Conseil de juillet 2005 suite aux attentats de Londres. La voie choisie par ces institutions est bien résumée par le Commissaire à la sécurité, Sir Julian King, qui avait déclaré le 29 mai 2017 dans une allocution devant les députés de la commission LIBE, « ce que l’on ne propose pas, c’est une base de données gigantesque où tout serait interconnecté ».

Legislative Tracker : an interinstitutional agreement on the new EU “Entry-Exit” system is approaching …

by Beatrice FRAGASSO (Free-Group trainee)

On 6 April 2016 the European Commission put forward the Smart Borders Package, a set of measures intended to provide a more effective and modern external border management. One of the proposals consists in the introduction of the Entry/Exit System (EES), a centralized information system based on biometrics that would be interconnected with VIS and focus on third-country nationals.

The creation of the european Entry-Exit system will require the adoption of  two draft Regulations, one (COM/2016/0194) setting up the EES and amending Regulation (EC) No 767/2008 and Regulation (EU) No 1077/2011, the other (COM/2016/0196) amending Regulation (EU) 2016/399 (Schengen Borders Code) to embody this new system. The proposals has been accompanied by an Impact assessment.

The introduction of the EES aims at speeding up and reinforcing border check procedures for non-EU nationals travelling to the EU, by improving the quality and efficiency of controls as well as the detection of document and identity fraud.  The new texts replace the proposals presented by the European Commission in February 2013 and for which the co-legislators had voiced technical, financial and operational concerns.

The European Parliament defined its negotiating mandate on the latest Commission Proposals  on 27 February 2017: the LIBE Committee adopted his reports (on establishing EES and amending 2016/399) and decided to enter into negotiations with the Council on the basis of these mandates.

The rapporteur Agustín Dían De Mera García Consuegra stated before the LIBE Committee (11 May 2017) that progresses have been made during the “trilogue” negotiations and that the good cooperation between delegations will probably allow to come to a political agreement by the end of the summer. Two “political” trilogues as well as nine technical meetings have already taken place and a third political “trilogue” is scheduled for 31 May 2017. Needless to say no public recording is accessible on the debates which took place during these trilateral meetings

Further information on other aspects of the procedure is accessible on the European Parliament Research Service site HERE.

The scope of the Entry-Exit System (EES)

The EES will apply to non-EU nationals crossing the external borders of the Member States of the EU for a short stay (maximum 90 days period in any period of 180 days), both those that require a visa and those that are exempted.

How it will work

The introduction of the EES aims to:

  1. address border check delays and improve the quality of border checks for third-country nationals;
  2. ensure systematic and reliable identification of “overstayers”;
  3. reinforce internal security and the fight against terrorism and serious crime.

The system is intended to register the name, type of travel document, biometrics (four fingerprints and a visual image) and the date and place of entry and exit.

These actions will facilitate the border crossing of bona fide travelers, detect over-stayers and identify undocumented persons in the Schengen area. The system will also record refusals of entry.

Currently, the only possibility for national authorities to calculate the duration of stay of a third-country national in the Schengen area (and to verify their potential overstay), is the stamping of their travel document with the dates of entry and exit. This method is deemed to be slow and error-prone, since the entry/exit stamps may be unreadable or counterfeit. Under the new proposal, the current system of manual stamping of passports would be replaced by registration in a database and most of the data will be automated.

By using self-service systems and e-gates, third country national travelers would have their data verified, their picture or fingerprint taken and a set of questions asked. While using the self-service system, all mandatory checks would be triggered in the security databases (SIS, Interpol Stolen and Lost Travel Documents database). By the time the traveler is guided towards a border control lane, all his information would have reached the border guard, who may ask additional questions before granting the passenger access to the Schengen area.

The automation of the preparatory steps is expected to reduce the workload of border guards. This would mean that that Member States would not have to hire extra border guards to accommodate the growing traveler flows. It is also expected to reduce the long queues before passengers reach the border checkpoint.

Interoperability

The system would be interconnected with the Visa Information System (VIS) database, which would help reduce duplication of data processing, in accordance with the ‘privacy by design’ principle.

The European Parliament position (Libe Committee Debate)

The parliamentary debate showed that in the Commission proposal there are some controversial elements that the LIBE committee tried to address in the draft report approved on 27 February 2017.

The rapporteur Agustín Dían De Mera García Consuegra (EPP, Spain) presented the draft report before the LIBE Committee on 8 December 2016. According to him, establishing an EES will benefit travellers (they will spend less time waiting at borders), as well as border Member States and transit Member States, because of the speeding of the entire process. Border guards would carry on their tasks more easily. The aim of the draft report is to strike a balance between speeding up the process and guaranteeing security, protecting at the same time fundamental rights. In particular, one of the main concerns of the rapporteur is to ensure high standards for data protection: many of the amendments have been tabled in order to protect data in the system with reference to interoperability, data retention period and access to data by law enforcement authorities. According to the Rapporteur his amendments follow the indications given by the European Data Protection Supervisor (EDPS- Giovanni Buttarelli), in order to boost legal certainty in data protection area and to the role of EDPS and National Data Protection Authorities.[i] Another objective highlighted by the rapporteur is to guarantee more technical certainty, in order to know exactly who can access to the system as well as the circumstances of the access (logs). The procedure to follow in case of temporary failure, then, still has to be clarified. The rapporteur then pointed out the necessity to establish high standards for the procedure used to take facial images and fingerprints. Finally, it has been remarked the key-role played by Eu Lisa (here the Agency’s report on the Smart Borders Pilot Project), that will be responsible to manage the system.

The S&D “shadow rapporteur” Tanja Fajon (Slovenia) stated that she’s not convinced by the argument put forward by the Commission to justify the link between crime and border management. The purpose of the proposal is the border management, not the law enforcement and the proposal should clarify the way in which data will be processed in these two different situations. The difference between people who’s travelling legally and people who’s violating rules should be remarked, in order to guarantee fundamental rights. She criticized the retention period as disproportionate.

Mrs Fajon, then, pointed out that it’s necessary to better inform travellers about how the smart border system will change the current situation and which impact the regulation will have on their rights to enter and exit. People need to be aware about their rights and duties and about the consequences of possible infringments.  Finally, she stated that some measures risk to be unpractical in some Member States (as for example Slovenia) whose borders with non-Schegen countries are always busy, especially during summer.

The ECR “shadow rapporteur” Jussi Halla-Aho (Finland) stated that ECR supports an Entry/Exit System and that probably it was needed even before the abolition of internal controls. His group finds that law enforcement authorities should have a sufficient access to the database for a sufficient period of time. The amendments tabled by the rapporteur are well considered and balanced and ECR appreciate that the rapporteur has tried to make the instrument coherent with the existing tools, for example Eurodac: Regulations have to be harmonised and they have to work one with the others.

According to the ALDE shadow rapporteur Angelika Mlinar (Austria) the amendments improve the Commission proposal. But there are still some problematic issues to address, concerning the protection of fundamental rights and in particular the disproportionate and unjustified retention period that is equally applied to all the scope of the regulation. In addiction, the former 2013 proposal had one single purpose (speeding up border management procedures), while the current proposal has also an unjustified law enforcement purpose. Her political group presented amendments in order to:

– Limit and optimise the collection of biometrical data.
– Limit the law enforcement access to what is strictly necessary, ensuring safeguards.
– Reduce the data retention period.

Also the Greens’ shadow rapporteur Jan Philipp Albrecht (Germany) highlighted that the most controversial points are the long data retention period and the possibility for law enforcement authorities to access these data for other purposes. The risk is that the EES will create a huge (and very expensive) database with a long retention period that won’t be effective for the purpose of smart border management. Finally, the shadow rapporteur pointed out that data protection in EES should meet the same high standards in the data protection package recently adopted (and which should be transposed at national level for May 2018).

Where we are…

The LIBE Committee adopted the report establishing EES and the report amending 2016/399 on 27 February 2017 and the modifications proposed by the committee echo the parliamentary debate. Data should be stored for only two years, and not the five years proposed by Commission. MEPs also want to ensure that the text is in line with the provisions of the General Data Protection Regulation, for example by allowing the data subject the right to access his or her own data.

MEPs found that the purposes of data processing in the new system should also be clarified. Migration handling should be the first purpose and law enforcement an additional one. The two should be treated separately, as the conditions for the use and storage of the data are not the same.

The Council Position

According to a preparatory document of the Council (leaked by Statewatch, file 6572/17), it emerges that the most controversial issues concern the territorial scope of the EES (an issue linked to the question of the access to VIS for those Member States which do not yet fully apply the Schengen acquis but for which the verification in accordance with the applicable Schengen evaluation procedures has already been successfully completed) and the calculation of the duration of the short-stay.

A Guidance on these sensitive issues was then obtained at COREPER level on 1 February 2017. Concerning the territorial scope of application, COREPER gave clear guidance on the need to include into it all Member States that, while not applying the Schengen Acquis in full, meet nonetheless the cumulative conditions listed in Art. 60 of the draft EES Regulation (i.e.: have successfully completed the verification in accordance with applicable Schengen evaluation procedures, (ii) have put into effect the provisions of the Schengen acquis relating to SIS and (iii) to the VIS).

If these conditions are met, the Member State concerned can deploy the EES, with the consequences that such deployment implies, including with reference to the calculation of the duration of stay in its territory.  As a consequence, the automated calculator set out in Art. 10 of the EES draft Regulation will be a common one, covering the stays in any Member State operating the EES. According to the internal Council document, some delegations still oppose this solution on legal and practical grounds, notably because of its implications for other legal instruments and for the current practice in particular in the area of visa policy. However, the Presidency considers that the policy guidance given by Coreper, supported by a clear majority, should be followed.

MS Bilateral agreements with third Countries 

Another outstanding issue is whether the bilateral visa waiver agreements will be compatible with the EES (Art 54). At the trilogue meeting that took place on 29 September 2016 (file 12571/16), the Chair presented a drafting proposal by the Presidency that would set up a procedure which allows to keep those agreements into force while making the EES work. The Commission rejected the proposal because the proposal would comprehend only a few agreements, excluding those which provide for a stay less than 90 days, creating more problems than it was deemed to solve.

Secondly, the proposal would have been cumbersome both for Member States and third country nationals concerned and had the practical consequence of extending the effects of bilateral agreements to Member States that were not party to them. On the contrary, Member States showed a general support to the Presidency solution.

Access by national Law enforcement authorities

EES would be used by the same authorities that already use VIS: consular posts and border control. Moreover, it would allow law enforcement authorities as well as Europol to perform restricted queries in the database for criminal identification and intelligence to prevent serious crime and terrorism.

The conditions to grant access to the EES to law enforcement authorities (Chapter IV of the proposal) are one of the most controversial point of the proposal. According to the preparatory document of the Council (file 6572/17), some delegations have expressed the wish to further simplify it [the access to the EES by law enforcement authorities] in order to facilitate investigations in cases of serious crimes and terrorist offences. However, recent deliberations have shown a good degree of support for the Presidency compromise proposal, in which, upon request of a majority of delegations, the conditions for access have been softened to the maximum extent compatible to the current legal framework and case-law.

The European Parliament expressed major concerns with reference to Chapter IV and the Council in a document dated 22 may 2017 (file 9415/17) proposed a compromise.

In particular, the Council position would be maintained on:

(a) the reference to ‘designated authorities’ rather than ‘law enforcement authorities’;
(b) the possibility to access the EES even when the search in national databases results in a hit;
(c) the possibility to proceed to access the EES once the Prum search is launched; and
(d) the possibility to also check against refusal of entry records.

On the other hand, some amendments proposed by the European Parliament would be broadly accepted (some with amendments). These suggestions are in particular:

(a) limiting the urgency procedure to cases where there is an ‘imminent danger’ related to a terrorist offence or other serious criminal offence and requiring the ex post verification to take place within two working days.
(b) providing that there must be reasonable grounds to consider that consulting the EES will (rather than may) contribute to the detection, investigation or prevention of a terrorist/other serious criminal offence. Actually, it should be noted that ‘reasonable grounds’ would still be enough and certainty is not required. Moreover, a substantiated suspicion that the person falls within the scope of the EES would still be sufficient to fulfil this requirement.

Transfer of data to third countries and international organisations (Article 38) and to Member States not bound by, or not operating the EES (Article 38a)

The European Parliament opposes the possibility to transfer information to third countries and international organisations for the purpose of returns, unless there is a decision by the Commission regarding the adequate protection of personal data in that third country or a binding readmission agreement.

In particular, the European Parliament opposes the possibility to transfer such information on the basis of an arrangement similar to readmission agreements, arguing that these are not binding and do not contain the necessary data protection safeguards. The European Parliament also insists on the provision of guarantees by the third country concerned to use the data only for the purposes for which it is transferred, and that such transfers should only be possible once the return decision is final, and subject to the consent of the Member State that entered the data.

The EP also maintains its position against the transfer of information to third countries or to Member States not operating, or bound by, the EES, in cases of immediate threat of terrorist or other serious criminal offences (Article 38(4a) and Article 38a).

Reassurances have been provided that the relevant data protection legislation must still be respected (General Data Protection Regulation in case of returns/readmission and Data Protection Directive in case of terrorism/serious criminal offences), but this has not convinced the European Parliament.

Another concern raised by the European Parliament regards the fact that the conditions required to access the EES by national authorities (set out in Chapter IV) are not all reproduced for the transfer of such data to third countries, international organisations and Member States not operating the EES or to which the EES does not apply.

Data Retention (Article 31)

The European Parliament in its position reduces the data retention period from five years to:
– four years for third-country nationals who overstay;
– two years for third country nationals who respect the period of authorised stay.

According to a document dated 22 May 2017 (file 9415/17), the Council is still managing to find a compromise.

NOTE

[i] In its opinion 06/2016 of 21 September 2016, the European Data Protection Supervisor (EDPS) recognizes the need for coherent and effective information systems for borders and security. However, the EDPS underlines the significant and potentially intrusive nature of the proposed processing of personal data under the EES, which must therefore be considered under both Articles 7 and 8 of the EU Charter of Fundamental Rights.

According to EDPS opinion, necessity and proportionality of the EES scheme are to be assessed globally, taking into consideration the already existing large-scale IT systems in the EU.

The EDPS, then, notes that EES data will be processed for two different purposes, on the one hand for border management and facilitation purposes and on the other hand for law enforcement purposes. The EDPS strongly recommends clearly introducing the difference between these objectives, as these purposes entail a different impact on the rights to privacy and data protection.

 

The Meijers Committee on the “Money Laundering Directive”

ORIGINAL COMMENT PUBLISHED ON 12 MAY 2017 (*)

The Meijers Committee would like to comment on the European Commission’s proposal for a Directive on countering money laundering by criminal law.1

1. The Meijers Committee wishes to express its support for the idea of reviewing existing EU instruments in order to clarify obligations and achieve more coherence in the criminalisation of money laundering. However, the Meijers Committee considers that some elements of the Commission’s proposal deserve reconsideration in light of the principle of proportionality (article 5(4) TEU) and the ideas about criminalisation at EU level that the European Commission, the Council and the Parliament have expounded.2

The Meijers Committee holds that safeguards for suspects and defendants should be improved in the directive, inter alia because such harmonisation is important to enhance the effectiveness of cooperation between Member States.

2. The Meijers Committee deplores the fact that the Commission has not made an impact assessment of this proposal. The Commission reasons that the Directive mainly incorporates existing international obligations. Yet criminalisation of this behaviour at EU level, with its particular legal order, is more far-reaching than most existing international obligations. Moreover, as will be shown below, the proposal does go further than existing international obligations in some important aspects and it concerns a sensitive topic. Therefore, an impact assessment is necessary.

3. In the Commission’s proposal, the definition of criminal activity from which the property is derived (the ‘predicate offences’) has a wide scope. Whereas the Commission explains the necessity of the proposal mainly from the viewpoint of countering (financing of) terrorism, this is in reality only a small part of the proposal. Besides the list of EU-criminal offences, the proposal deals with ‘all offences as defined in the national law of the Member States, which are punishable by deprivation of liberty or a detention order for a maximum of more than one year or, as regards Member States that have a minimum threshold for offences in their legal system, all offences punishable by deprivation of liberty or a detention order for a minimum of more than six months’ (article 2(1 )(v)).

This may include possession of a small amount of property from a minor theft.

As the German delegation proposed, ‘a mandatory criminalisation of money laundering without any limitation to serious crimes could be disproportional’.3 Especially in purely national cases, which will be affected by the directive as well, having such a wide definition of the predicate offence may lead to unjustified outcomes. According to the Meijers Committee, this element of the proposal could be improved by including a requirement that Member States are only obliged to criminalise money laundering with regard to ‘particularly serious criminal activity’, which could include serious criminal activity with a cross-border element.

4. The Meijers Committee finds it questionable whether it is necessary and proportionate to oblige EU Member States to criminalise ‘self-laundering’ (article 3(3)), even though it should be welcomed that this offence only applies to conversion, transfer, concealment and disguise, and not to acquisition, possession or use. The Commission does not convincingly state why an EU-wide obligation to criminalise this behaviour, which is only optional in other instruments such as the Warsaw Convention, should be necessary to achieve the objective of the directive.

In many EU Member States, self-laundering is not criminalised because it is thought to lead to violations of the right not to be tried or punished twice for the same offence.4 The directive’s explanatory memorandum does refer to the ne bis in idem principle laid down in article 50 of the Charter of Fundamental Rights; however, this only applies to persons who have been finally acquitted or convicted and not to cases in which simultaneous prosecution takes place. Thus, the directive still leaves a gap in the protection for the defendant. Moreover, confiscation of the proceeds is already possible (see Directive 2014/42).

An option could be to limit the obligation to criminalise self-laundering to actions (of conversion, transfer, concealment and disguise) that cause further damage to the integrity of the financial system, in addition to the damage already caused by the predicate offence.

Another option could be to oblige states to limit the criminalisation of self-laundering (with regard to conversion, transfer, concealment or disguise) to situations where a person cannot be held criminally responsible for the predicate offence.

5. Even when there is no self-laundering involved, in some countries the prosecution of behaviour such as acquisition, possession or use of the property, when there is also a prosecution of the predicate offence, leads to problems of double jeopardy. As explained in par. 4, these problems cannot simply be solved by referring to article 50 of the Charter. It is exactly issues like these that, according to the Meijers Committee, necessitate an impact assessment of the proposal.

6. The Meijers Committee recommends putting in place more safeguards in relation to article 3(1), as these obligations potentially cover a wide range of conduct. There is a risk that states could use the money laundering offence as a ‘catch-all’ offence that also covers conduct which is not (or only very remotely) related to the rationale of protecting the integrity of the financial system. The Meijers Committee considers that this rationale of protecting the integrity of the financial system should be at the heart of the Directive, because that is what makes money laundering a serious crime and distinguishes it from other forms of assistance or encouragement of criminal conduct.

The latter forms should not be the subject of EU criminal law regulation, because the EU’s competences in article 83(1) TFEU are limited to particularly serious crime with a cross-border dimension.

This element could be improved by requiring that the conduct in article 3(1) – under a, b and c (not only under a) – is carried out with the purpose of concealing or disguising the illicit origin of the property. Also, the proposal would be improved if the offence definition would require that the conduct is suitable for concealing or disguising the illicit origin of the property. 7.

The Meijers Committee recommends amending article 3(2)(b), which states that it shall not be necessary to establish other circumstances relating to the criminal activity. If requirements with regard to establishing the predicate offence are too loose, Member States’ criminal law systems may focus on prosecuting for money laundering in order to evade the problems they may have in prosecuting the predicate offences. The wording proposed by the Council Presidency could provide a solution to this: ‘a conviction for the offences, referred to in paragraph 1 is possible where it is established that the property has been derived from a criminal activity, without it being necessary to establish all the factual elements relating to such activity’.5

(*) The Council has in the meantime agreed a new version of the text : see document 9280/17 on May 22, 2017 (however not directly accessible to the public)

NOTES

1 21 December 2016, COM(2016) 826 final.
2 Council Conclusions on model provisions, guiding the Council’s criminal law deliberations, 2979th JHA Council meeting, 30 November 2009; European Parliament, Resolution ‘An EU approach to criminal law’, 22 May 2012 (2010/2310(INI)); European Commission Communication ‘Towards an EU Criminal Policy: Ensuring the effective implementation of EU policies through criminal law’, 20 September 2011, (COM(2011)0573).
3 Council of the EU, Comments by delegations on the proposal for a Directive of the European Parliament and of the Council on countering money laundering by criminal law, 10 February 2017, 2016/0414 (COD), 15782/16, 6050/17.
4 Council of the EU, Comments by delegations on the proposal for a Directive of the European Parliament and of the Council on countering money laundering by criminal law, 10 February 2017, 2016/0414 (COD), 6050/17.
5 Examination of the proposal for a Directive of the European Parliament and of the Council on countering money laundering by criminal law, 9 February 2017, 2016/0414 (COD), 5443/17.

According to the CJEU the free trade agreement with Singapore cannot, in its current form, be concluded by the EU alone

The full text of the opinion is published on the CURIA website

(CJEU Press and Information)  Opinion 2/15 : The provisions of the agreement relating to non-direct foreign investment and those relating to dispute settlement between investors and States do not fall within the exclusive competence of the EU, so that the agreement cannot, as it stands, be concluded without the participation of the Member States

On 20 September 2013, the EU and Singapore initialled the text of a free trade agreement. The agreement is one of the first ‘new generation’ bilateral free trade agreements, that is to say, a trade agreement which contains, in addition to the classical provisions on the reduction of customs duties and of non-tariff barriers in the field of trade in goods and services, provisions on various matters related to trade, such as intellectual property protection, investment, public procurement, competition and sustainable development.

The Commission submitted a request to the Court of Justice for an opinion to determine whether the EU has exclusive competence enabling it to sign and conclude the envisaged agreement by itself. The Commission and the Parliament contend that that is the case. The Council and the governments of all the Member States which submitted observations to the Court1 assert that the EU cannot conclude the agreement by itself because certain parts of the agreement fall within a competence shared between the EU and the Member States, or even within the exclusive competence of the Member States.

In today’s opinion, the Court, after making it clear that the opinion relates only to the issue of whether the EU has exclusive competence and not to whether the content of the agreement is compatible with EU law, holds that the free trade agreement with Singapore cannot, in its current form, be concluded by the EU alone, because some of the provisions envisaged fall within competences shared between the EU and the Member States. It follows that the free trade agreement with Singapore can, as it stands, be concluded only by the EU and the Member States acting together.

In particular, the Court declares that the EU has exclusive competence so far as concerns the parts of the agreement relating to the following matters:

  • access to the EU market and the Singapore market so far as concerns goods and services (including all transport services)2 and in the fields of public procurement and of energy generation from sustainable non-fossil sources;
  • the provisions concerning protection of direct foreign investments of Singapore nationals in the EU (and vice versa);
  • the provisions concerning intellectual property rights;
  • the provisions designed to combat anti-competitive activity and to lay down a framework for concentrations, monopolies and subsidies;
  • the provisions concerning sustainable development (the Court finds that the objective of sustainable development now forms an integral part of the common commercial policy of the EU and that the envisaged agreement is intended to make liberalisation of trade between the EU and Singapore subject to the condition that the parties comply with their international obligations concerning social protection of workers and environmental protection);
  • the rules relating to exchange of information and to obligations governing notification, verification, cooperation, mediation, transparency and dispute settlement between the parties, unless those rules relate to the field of non-direct foreign investment (see below).

Ultimately, it is in respect of only two aspects of the agreement that, according to the Court, the EU is not endowed with exclusive competence, namely the field of non-direct foreign investment (‘portfolio’ investments made without any intention to influence the management and control of an undertaking) and the regime governing dispute settlement between investors and States.

In order for the EU to have exclusive competence in the field of non-direct foreign investment, conclusion of the agreement would have to be capable of affecting EU acts or altering their scope. As that is not the case, the Court concludes that the EU does not have exclusive competence. It has, on the other hand, a competence shared with the Member States.

That conclusion also extends to the rules relating to exchange of information, and to the obligations governing notification, verification, cooperation, mediation, transparency and dispute settlement, as regards non-direct foreign investment (see above). The regime governing dispute settlement between investors and States also falls within a competence shared between the EU and the Member States. Such a regime, which removes disputes from the jurisdiction of the courts of the Member States, cannot be established without the Member States consent.

It follows that the free trade agreement can, as it stands, only be concluded by the EU and the Member States jointly.

NOTES

1 Written observations were lodged by all the Member States with the exception of Belgium, Croatia, Estonia and Sweden. Belgium nevertheless appeared at the hearing and made oral observations.

2 Whether it be maritime transport, rail transport or road transport, the Court holds that the commitments contained in the envisaged agreement that relate to transport services may affect EU regulations or alter their scope, so that, in accordance with Article 3(2) TFEU, the European Union has exclusive competence to approve those commitments.

NOTE: A Member State, the European Parliament, the Council or the Commission may obtain the opinion of the Court of Justice as to whether an agreement envisaged is compatible with the Treaties or as to competence to conclude that agreement. Where the opinion of the Court is adverse, the agreement envisaged may not enter into force unless it is amended or the Treaties are revised.

Unofficial document for media use, not binding on the Court of Justice.

 

Worth reading : the final report by the EU High Level Expert Group on Information Systems and Interoperability (HLEG),

NB: The full version (PDF)  of the Report is accessible HERE

On May 8th the (EU) High Level Expert Group on Information Systems and Interoperability (HLEG) which was set up in June 2016 following the Commission Communication on “Stronger and Smarter Information Systems for Borders and Security ” has published its long awaited 56 long pages Report on Information Systems and Interoperability.

Members of the HLEG were the EU Members States (+ Norway, Switzerland and Liechtenstein), the EU Agencies (Fundamental Rights Agency, FRONTEX, European Asylum Support Office, Europol and the EU-LISA “Large Information Support Agency”) as well as the representatives of the Commission and the European Data Protection Supervisor (EDPS) and the Anti-Terrorism Coordinator (an High Council General Secretariat Official designated by the European Council).

Three Statements, respectively of the EU Fundamental Rights Agency, of the European Data Protection Supervisor and of the EU Counter-Terrorism Coordinator (CTC),  are attached. The first two can be considered as a sort of partially dissenting Opinions while the CTC  statement is quite obviously in full support of the recommendations set out by the report as it embodies for the first time at EU level the “Availability Principle” which was set up already in 2004 by the European Council. According to that principle if a Member State (or the EU) has a security related information which can be useful to another Member State it has to make it available to the authority of another Member State. It looks as a common sense principle which goes hand in hand with the principle of sincere cooperation between EU Member States and between them and the EU Institutions.

The little detail is that when information is collected for security purposes national and European legislation set very strict criteria to avoid the possible abuses by public EU and National Law enforcement authorities. This is the core of Data Protection legislation and of the art. 6, 7 and 8 of the EU Charter of Fundamental Rights which prevent the EU and its Member States from becoming a sort of Big Brother “State of surveillance”. Moreover, at least until now these principles have guided the post-Lisbon European Court of Justice jurisprudence in this domain and it is quite appalling that no reference is made in this report to the Luxembourg Court Rulings notably dealing with “profiling” and “data retention”(“Digital Rights”, “Schrems”, “TELE 2-Watson”…).

Needless to say to implement all the HLWG recommendations several legislative measures will be needed as well as the definition of a legally EU Security Strategy which should be adopted under the responsibility of the EU co-legislators. Without a strong legally founded EU security strategy not only the European Parliament will continue to be out of the game but also the control of the Court of Justice on the necessity and  proportionality of the existing and planned EU legislative measures will be weakened.  Overall this HLWG report is mainly focused on security related objectives and the references to fundamental rights and data protection are given more as “excusatio non petita” than as a clearly explained reasoning (see the Fundamental Rights Agency Statement). On the Content of the  perceived “threats” to be countered with this new approach it has to be seen if some of them (such as the mixing irregular migration with terrorism)  are not imaginary and, by the countrary, real ones are not taken in account.

At least this report is now public. It will be naive to consider it as purely “technical” : it is highly political and will justify several EU legislative measures. It will be worthless for the European Parliament to wake up when the formal legislative proposals will be submitted. If it has an alternative vision it has to show it NOW and not waiting when the Report will be quite likely “endorsed” by the Council and the European Council.

Emilio De Capitani

TEXT OF THE REPORT (NB  Figures have not been currently imported, sorry.)

——- Continue reading

Think of the children: the ECJ clarifies the status of non-EU parents of EU citizen children living in their own Member State

ORIGINAL PUBLISHED ON EU LAW ANALYSIS

Professor Steve Peers

What immigration rights do non-EU citizens have under EU law? There are three main areas of EU law that address this issue: EU immigration and asylum law; EU treaties with non-EU countries; and EU free movement law. The latter area of law is focussed on EU citizens’ right to move between Member States, and so only covers non-EU citizens if they are family members of EU citizens who have moved to another Member State. Those rules also apply by analogy where an EU citizen with a non-EU family member has moved to another Member State, then moved back to that citizen’s home Member State. (These are known as Surinder Singh cases: see this discussion of the ECJ’s most recent ruling on such cases, from 2014).

But what if an EU citizen has a non-EU family member, but has never moved to another Member State? Such cases fall outside the scope of EU free movement law. They will therefore in principle fall solely within the scope of national law, unless either EU immigration and asylum law or EU treaties with non-EU countries apply (they usually will not). But in a limited number of cases, there is a fourth category of EU law which might apply to them: EU citizenship law.

This principle was first set out in the 2011 judgment in Ruiz Zambrano, which concerned Belgian children living in Belgium with two non-EU parents. The ECJ ruled that expelling the non-EU parents would in effect would result in the departure of the children from the EU, thereby risking the ‘genuine enjoyment of the substance’ of those children’s EU citizenship rights.

Subsequent ECJ case law (discussed here) made clear that this principle is apparently restricted to the non-EU parents of EU citizen children living in their home State. Cases very similar to Zambrano – two non-EU parents of an EU child – are rare, because Member States now rarely, if ever, confer nationality upon children simply because they are born on the territory. However, there are rather more cases where: a) a home-State EU citizen marries a non-EU citizen, b) their child gets home-State citizenship because one of her parents is a home-State citizen; and c) the parents’ relationship ends.

In those cases, Ruiz Zambrano still potentially applies, as long as the non-EU parent is the ‘primary carer’ for the home-State EU citizen child. In that case, removing this parent to a non-EU country would in effect force the EU citizen child to leave the EU as well.  But when exactly does the ‘primary carer’ test apply? The ECJ clarified this issue in today’s important judgment in Chavez-Vilchez and others.

Judgment

Chavez-Vilchez and others concerned a number of non-EU parents of Dutch children in the Netherlands, who sought to argue that they were primary carers of those children, and so entitled to residence in accordance with the Ruiz Zambrano judgment. The Dutch government argued that they could not automatically be considered primary carers if it was possible for the other parent, ie the Dutch citizen, to take care of the children:

…the mere fact that a third-country national parent undertakes the day-to–day care of the child and is the person on whom that child is in fact dependent, legally, financially or emotionally, even in part, does not permit the automatic conclusion that a child who is a Union citizen would be compelled to leave the territory of the European Union if a right of residence were refused to that third-country national. The presence, in the territory of the Member State of which that child is a national or in the territory of the Union, as a whole, of the other parent, who is himself a Union citizen and is capable of caring for the child, is, according to the Netherlands Government, a significant factor in that assessment (para 66)

While the Court of Justice agreed that the non-EU parents could not automatically be considered as primary carers where the home state EU citizen child was dependent upon them, the Court’s approach was more open. It began by restating prior case law: the key issue was ‘who has custody of the child and whether that child is legally, financially or emotionally dependent on the third-country national parent’ (para 68). It then reiterated, following Zambrano, that dependency was particularly significant (para 69). Then it added new detail on how to assess dependency:

…it is important to determine, in each case at issue in the main proceedings, which parent is the primary carer of the child and whether there is in fact a relationship of dependency between the child and the third-country national parent. As part of that assessment, the competent authorities must take account of the right to respect for family life, as stated in Article 7 of the Charter of Fundamental Rights of the European Union, that article requiring to be read in conjunction with the obligation to take into consideration the best interests of the child, recognised in Article 24(2) of that charter (para 70).

For the purposes of such an assessment, the fact that the other parent, a Union citizen, is actually able and willing to assume sole responsibility for the primary day-to-day care of the child is a relevant factor, but it is not in itself a sufficient ground for a conclusion that there is not, between the third-country national parent and the child, such a relationship of dependency that the child would be compelled to leave the territory of the European Union if a right of residence were refused to that third-country national. In reaching such a conclusion, account must be taken, in the best interests of the child concerned, of all the specific circumstances, including the age of the child, the child’s physical and emotional development, the extent of his emotional ties both to the Union citizen parent and to the third-country national parent, and the risks which separation from the latter might entail for that child’s equilibrium. (para 71; emphases added)

The Court went on to answer questions from the national court about the burden of proof in Zambrano cases, which were connected with the substantive test to be applied. The Dutch government had argued:

…the burden of proof of the existence of a right of residence under Article 20 TFEU lies on the applicants in the main proceedings. It is for them to demonstrate that, because of objective impediments that prevent the Union citizen parent from actually caring for the child, the child is dependent on the third-country national parent to such an extent that the consequence of refusing to grant that third-country national a right of residence would be that the child would be obliged, in practice, to leave the territory of the European Union (para 74).

Although the ECJ accepted that the burden of proof lay upon the non-EU parent (para 75), it also ruled that national authorities ‘must ensure that the application of national legislation on the burden of proof’ in such cases ‘does not undermine the effectiveness’ of EU citizenship rights (para 76). This meant that the authorities had to make ‘the necessary inquiries’ to find out where the EU citizen parent lived, ‘whether that parent is, or is not, actually able and willing to assume sole responsibility for the primary day-to-day care of the child’ and whether the EU citizen child was dependent upon the non-EU parent (para 77).

In effect, the Court ruled that while the non-EU citizen must make a prima facie case, national authorities share some of the burden to investigate some aspects of the case. Again, the substantive test applicable is less stringent than urged by the Dutch government.

Comments

Today’s judgment clarified a number of issues relating to Zambrano cases, following on from last year’s judgments in CS and Rendón Marín (discussed here) which clarified when non-EU Zambrano parents could be expelled for public policy reasons. While the 2016 judgments referred to the child’s best interests, age, situation and dependency (referring to case law of the European Court of Human Rights), today’s judgment also refers to ‘physical and emotional development’, ‘emotional ties’ to both parents, and the effect of separation on the child. All of these are factors relating to the child, not to the non-EU parent; but all of them nevertheless concern the child’s links with that parent.

The Dutch government’s desired focus on the capability of the EU citizen parent takes a back seat to the child’s best interests, as further elaborated by the Court. This will protect more non-EU parents, but in a differential way. Oddly, the Court’s case law does not take express account of situations of joint custody, or the more general argument that the child’s best interest will usually be to maintain strong relationships with bothparents (assuming they are not negligent or abusive).

Could it also be argued that the requirement of always seeking to identify a ‘primary carer’ is problematic from the point of view of gender equality?  Due to the division of labour relating to child care in practice, the Court’s rulings would classify more non-EU mothers than non-EU fathers as ‘Zambrano carers’; but the expulsion of those fathers will only increase the childcare demands on the EU citizen mother who remains, as well as disrupt the child’s right to maintain a relationship with his father. Of course, the presence of the parent who looks after a child day-to-day is essential; but children love the parent who kicks the ball as well as the parent who cooks the meal.

The procedural aspects of the Court’s judgment are interesting, but raise further questions: is there a right to appeal, to a decision within a reasonable time, to a lawyer, to legal aid? In last year’s judgments, the Court of Justice referred to concepts from EU free movement law and its relevant case law when discussing the substantive test for expelling Zambrano carers; but it made no such cross-references today. The long-term immigration status of the parent is also an open question, although Zambrano noted that there should be access to employment to make the residence rights of the parent effective.

Finally, a Brexit point: the draft EU position for negotiating acquired rights does not appear to cover Zambrano carers. From a technical point of view, this is logical because the case law concerns (from the UK’s perspective) non-EU parents of UK citizens who have not moved within the EU. So no free movement rights have been acquired; we are rather talking of EU citizenship rights which will necessarily be lost when the UK ceases to be a Member State, since citizenship of the EU is defined as deriving from the nationality of a Member State. But from a human point of view, any deterioration in legal status could damage or even shatter the family lives of the children concerned. Zambrano carers should therefore be protected ideally in the Brexit talks, or failing that by the UK unilaterally.

See also further reading on UK Zambrano case law by Charlotte O’Brien and Desmond Rutledge

Legislative Tracker : the European Travel Information and Authorisation System (ETIAS)

by Beatrice FRAGASSO (Free-Group Trainee)

The European Commission, on 16 November 2016, has put forward a proposal (COM(2016) 731, 16.11.2016, 2016/0357(COD)) establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulation (EU) (EU) 2016/399 (the ‘Schengen Borders Code’), (EU) 2016/794 and (EU) 2016/1624.

This proposal is being negotiated as part of the Smart Border Package and aims to ensure a high level of internal security and free movement of persons in the Schengen area. The Commission didn’t conduct an impact assessment but published a feasibility study on ETIAS, conducted between June and October 2016.

The system designed by the proposal would require also visa-exempt travellers to undergo a risk assessment with respect to security, irregular migration and public health risks prior to their arrival at the Schengen borders. This assessment would be carried out by means of cross- checking applicant’s data submitted through ETIAS system against other EU information systems, a dedicated ETIAS watch list and screening rules. This process will result in granting or denying an automated authorization for entering the EU.

Further information from the European Parliament Research Service are available HERE

The current situation
Currently, both visa-obliged and visa-exempt travelers are subject to border controls when entering the Schengen area. According to Regulation (EU) 2016/399, both categories of travelers need to comply with the conditions for short-term stay, which include not being a threat to public order and security, holding valid travel documents, justifying the purpose and conditions of the intended stay, not being the subject of any alert in the SIS for the purpose of refusing entry, and having sufficient means of subsistence.

For visa holders the compliance with this conditions is assessed at the time on the request for a visa  and relevant data are stored in visa information system (VIS) which can be consulted by law enforcement authorities for the purposes of combatting serious crime and terrorism.

However, no such advance information can be currently obtained for visa-exempt nationals arriving at the Schengen external borders. This means that border guards need to decide on allowing or refusing access to the Schengen area without prior knowledge regarding any security, migration or public-health risks associated with visa exempt travelers.

This is particularly true for visa-exempt travelers arriving by land, as the only source of information about them is their travel document presented at the time of crossing the EU external border.

The situation is different for passengers arriving by air as Council Directive 2004/82/EC obliges carriers to communicate all passenger data, known as ‘advance passenger information’ (API), including name, date of birth, passport number and nationality at the time of the check-in for inbound flights to the EU. Another Directive (EU) 2016/681 on the use of passenger name record data (the ‘PNR Directive’) collect 19 types of personal data already at the time of the flight reservation and obliges airlines to hand over to EU MS authorities their passengers’ data linked with the travel reservation (which includes travel dates, travel itinerary, ticket information, frequent flyer data,  contact details, baggage information, credit card and general remarks stored in the Airline files).

For visa-exempt passengers arriving on foot or by car, bus or train, no such comparable advance information is available prior to their arrival.

The changes the proposal would bring

Schengen Border Checks
Prior to arriving in the Schengen area, all carriers will verify if visa-exempt third-country nationals have a valid ETIAS travel authorization, without which boarding will not be authorized. A valid ETIAS travel authorization, should be obtained in advance of arrival at a Schengen border crossing point, and this will be a precondition for entering the Schengen area. However, border guards at the external Schengen borders will still take the final decision to grant or refuse entry according to the Schengen Borders Code.

Online application
As it is currently the case for visa-exempt travelers to Canada “ETA”,  USA “ESTA”  and Australia “ETA” who have to ask for a travel authorization also travelers wanting enter the Schengen area will have to fill in an online application by providing their biographical and passport data, contact details, information on intended travel, and answers to background questions relating to public health risks, criminal records, presence in war zones and previous refusals of entry or an order to leave the territory of a Member State.

At the same time, an application fee of €5, which will go to the EU budget, will be mandatory for all applicants above the age of 18 before their application can be processed.

Processing of applications
The automated processing will be carried out by the central system, which will be in charge of checking data provided by applicants against security databases, such as the VIS, Europol data, the SIS, Eurodac, the  Interpol SLTD database , the European Criminal Records Information System (ECRIS) and the planned future EU “Entry-Exit” system (currently negotiated between the EP and the Council). Personal Data will also be screened against a ETIAS “watch list” (where people suspected to have committed, or be likely to commit a criminal offence will be listed by the EU MS) and against specific risk indicators (irregular migration, security or public- health risks) which will be defined in consultation with an ETIAS screening board.

In the case of a positive hit after the automatic processing, that personal application will be further assessed manually by operators in the ETIAS central unit and in the national units.
In case no risks has been detected a positive response, in a form of a travel authorisation valid for five years (or until the expiry of the passport) will be delivered. In the case of a refusal, a justification will be given and applicants will have the right to appeal.

Authorisation will be revoked or annulled when the conditions for its issuance are no longer met, particularly when it is believed that it was fraudulently obtained or when a new alert for refusal of entry is created in the SIS.

Etias structure
ETIAS will consist of an information system, a central unit and national units.

The information system will be designed for processing applications and will be interoperable with other security databases that ETIAS will be connected. The new system will be managed by the European Agency for the operational management of large-scale information systems in the area of freedom, security and justice (eu-LISA).

The central unit will be part of Frontex (the European Border and Coast Guard Agency) and will ensure that the data stored in the application files and the data recorded in ETIAS are correct and up to date. Where necessary, it will also verify travel authorisation applications whenever there are doubts regarding the identity of an applicant in cases where the latter’s data produced a match (a ‘hit’) against the stored data during automated processing.
The national units will be responsible for making the risk assessment and deciding on travel authorisation for applications rejected by the automated application process. They will also issue opinions when consulted by other national units, and act as a national access point for requests for access to the ETIAS data for law enforcement purposes related to terrorist and other serious criminal offences.

The role of Europol
Europol will be involved in ETIAS in several ways.
Firstly, Europol’s data related to criminal offences, convictions or potential threats will be compared to those provided by applicants for an ETIAS authorization.
Secondly, Europol will help define ETIAS screening rules by participating in the ETIAS screening board and managing the ETIAS watch list.
Thirdly, Europol will be consulted by the ETIAS national units in case of a match with Europol data during the ETIAS automated processing.
And finally, Europol will be able to consult personal data in the ETIAS central system for the prevention, detection or investigation of terrorist offences or other serious criminal offences (as provided by its mandate).

The Council’s position
In a  document om March 17, 2017 authored  by the Maltese Presidency of the Council of the EU and covering also the other legislative pending measures connected to ETIAS, a number of compromises are suggested: The Presidency identified other key issues that needed to be clarified and decided upon before revised text proposals could be submitted to delegations. The Presidency therefore prepared a discussion paper on which delegations were invited to comment. The issues outlined by the Presidency related to the division of competences between Frontex and the Member States, the definition of ‘responsible Member State’ as regards the decision to grant a travel authorisation, and the duration of a travel authorization […] With respect to the definition of the ‘responsible Member State’, delegations were divided into two groups, one in favour of the Member State of first entry, as proposed by the Commission, while the other stressed the key role played by the Member State at the origin of an alert triggering a “hit”. The following issues are the “object of extensive debates”:

“– the scope of the regulation;
– the ETIAS watchlist and the screening rules;
– the access to the ETIAS data;
– the interoperability of ETIAS with other systems and databases.”

More recently the Council Presidency has also submitted some possible compromise proposals to the other delegations (docs 8579/17 and 8584/17) and it is more than likely that the EP will be under pressure to launch the negotiations for a first reading agreement on this subject.

The European Parliament position (Libe Committee Debate)
On the EP side works are still at an initial phase (SEE OEIL DOSSIER HERE). The LIBE Committee has been informed for the first time by a Commission representative (Belinda Pyke) on 22 March 2017. It has been stressed that the purpose of the proposal is to improve internal security and border management and that policy visa liberalization is essential in the system. This proposal will contribute to the security of the Schengen area because as any risks will be identified prior to departure. Due to the political pressure of the European Council and the  very tight deadlines the Commission did not have the time to conduct an impact assessment although it would have been desirable; however, the Commission published a detailed study on the subject. The Commission representative made reference to the comparable systems in  Australia, Canada and USA and declared that the ETIAS system will take stock of the experience of these countries by overcoming their weaknesses and mirroring the strengths of these systems.
Firstly, request authorization will be easy and cheap. Applicants will receive rapidly (within 12 hours) a positive feedback and those without authorization will save travel costs. The ETIAS system provides an automatic control: such control will allow to verify that the criminal record is clean. These checks will take place on the basis of SIS, Interpol, ECRIS, Eurodac.
The ETIAS central unit will compare the data in the database and the identity of the applicant and the rest of the operations will be managed by the national units.
The decision of the unit will be delivered within 72 hours, unless it will be necessary to gather special information (in this case it will be possible an extension to a two-week maximum).
ETIAS will be financially self-sustaining, thanks to the tax that will be paid by applicants. It is estimated that the costs for developing it will amount to €212.1 million, while the average annual operations costs, to be covered by the revenue from fees, will be €85 million.
The data will be protected from abuse and the information may be given to law enforcement only in the case of very serious crimes (this possibility also exist for Eurodac).

The EP rapporteur Kinga Gal (PPE – Hungary) was not present at the debate, but a colleague read her statement. The rapporteur argues that the text is of great importance and it will cover three categories of passengers
1) European Citizens or persons enjoying the right of free movement under Union law
2) Third-country nationals under visa obligation
3) Third-country nationals without visa obligation
From now until 2020 the countries without visa obligation will increase. For third-country nationals without visa obligation it’s difficult to gather information; it’s therefore necessary to create an information system well established in legal terms, so as not to put excessive burdens for Member States.

The debate that followed, however, showed controversial elements in the proposal, criticized by MEPs.
Firstly, almost all the MEPs who spoke remarked the necessity of an impact assessment, finding it unacceptable yet another lack of it. An issue of such importance can not be studied without taking into account an impact assessment: the urgency can not justify such a lack.

Birgit Sippel (S&D – Germany), for instance, affirmed that she’s tired to listen to the Commission affirming that it’s necessary to adopt better legislation and that impact assessments are not conducted anymore because of urgency. EU needs to regulate well, not in a hurry: this rush to legislate, then, does not make sense if the execution by the Member States is so slow. She also remarked that one of the problems in this proposal is that the form requires a bit of everything and there is the risk that if an applicant forgets a small offense did at 15 years old he cannot enter.

The shadow rapporteur Gérard Deprez (ALDE – Belgium) wondered what professional criteria will be provided for ETIAS units and how it will be possible to apply Article 7 of the Schengen Code, because compulsory systematic checks for everybody (as provided in that Article) would have a significant impact on traffic at the border. Deprez considered that the term of 72 hours is reasonable whereas he considers excessive the term of validity of five years, because in the course of five years many things can change in a person’s life. Also foreign experiences in fact suggest different solutions: in US visa is valid for one year and in Australia for two years. Also with regard to rates, Deprez is at odds with the proposal: 5 euro is a low price if compared to the prices of US (14 euro) and Australia (20 euro). According to Deprez, then, in the request the applicant should indicate the member state where he would like to go. The proposal, in addiction, should define a better balancing of criminal convictions. For example, prison sentences of less than one year should not be an obstacle to the granting of authorization.

It may also emerge a serious problem for air traffic. It is estimated that for a plane carrying 300 people controls may last from four hours and a half to seven hours and a half. The controls are certainly a necessary corollary for visa liberalization, but the parliament should find more efficient solutions.

On behalf of DG HOME of the European Commission Mrs Belinda Pike replied that the validity of five years would be reasonable. Of course it is noted that in the case in which the person commits an offense such information is immediately acquired in the system. Contrary to what Deprez stated, then, the cost is not too low, but it’s instead sufficient to ensure the smart management of borders. It is a fee that will cover the costs and ensures a small gain. In the US half of the fee (therefore, 7 euros) is invested in the tourism sector. Do not pay anything on the other hand would be a huge burden on the EU budget.

Belinda Pike finally stressed that the screening does not immediately lead to the rejection of the request, but simply involves manual handling of the request.

Marie – Christine Vergiat (GUE/NGL – France) and Bodil Valero (Greens/EFA – Sweden) highlighted that visas are returned, albeit with a different name (authorization). According to Marie – Christine Vergiat, then, this proposal does not promote cooperation between member states, it is repressive and attacks the fundamental rights, like others in this area of “smart” borders. Security and immigration are matters to be addressed in different texts, because adhere to different problems. The fact that some people should be identified through a profiling system also raises an ethical problem.

Bodil Valero remarked the privacy-issue. People will also provide information on education and health and Greens/Efa group would like to receive explanations about what is the reason for these provisions: perhaps the Commission’s intention is to gather information that cannot be collected in other ways. Furthermore, the 5-year period envisaged for data stocking is too long. She underlined that also the EDPS (European Data Protection Supervisor) has taken a fairly critical position on some of the elements of the proposal.
In his opinion, in fact, the EDPS states, among other things, that the establishment of ETIAS would have a significant impact on the right to the protection of personal data, since various kinds of data, collected initially for very different purposes, will become accessible to a broader range of public authorities (i.e. immigration authorities, border guards, law enforcement authorities, etc). For this reason, the EDPS considers that there is a need for conducting an assessment of the impact that the Proposal will entail on the right to privacy and the right to data protection enshrined in the Charter of Fundamental Rights of the EU, which will take stock of all existing EU-level measures for migration and security objectives.

Last but not least, during a TRAN (transport and tourism) committee on Wednesday 22 March, different speakers representing the tourist sector expressed concerns about the costs generated by the ETIAS in the tourism sector. However, the TRAN Committee decided not to give an opinion to LIBE.

NEXT STEPS

As soon as the two co-legislators will have defined their position a trilogue  could be launched which can bring to an agreement on first reading. As things currently stay an agreement will probably go hand in hand with the other “ENTRY/EXIT” legislative proposal.