Is interoperability between EU databases contrary to EU Data Protection Law?

Interoperability is a kind of connection between the information systems to exchange data and to share them by contributing together to establish a central database of third country nationals. It is being used to make European Union information systems more efficient by providing the technical processes that help Europe information systems to function in an appropriate way. With the help of this tool, the authorities can accelerate access to the information in the process of mission to manage migration problems and to prevent terrorism and criminal activities.

As the main part of this tool, there is a common identy repository(CIP) that contains an individual file for each person recorded in at least one of the following systems: EES(Entry/Exit System), VIS(Visa Information System), ETIAS(European Travel Information and Authorization System), Eurodac and ECRIS-TCN(European Criminal Records Information System).The personal files reach the data recorded in the storage of different EU-IT systems about third-country nationals who have passed or in some cases who are considering passing the European borders. The obtained data might be biographical data or biometric data which are very sensitive.

It is not deniable the necessity of having and sharing information to manage migration problems from one point and to prevent terrorism and criminal activities from the another point.However, during the process of using data, the probability of the violation of the fundamental right to data protection should not be ignored.

Interoperability has not only technical steps but also political approaches(i.e. border checks, asylum and immigration, police cooperation and now also judicial cooperation in criminal matters). The decision of the EU legislator to make large-scale IT systems interoperable would not only permanently and profoundly affect their structure and their way of operating, but would also change the way legal principles have been interpreted in this area so far and would as such mark a ‘point of no return’ .

The combating irregular migration and the providing security which are mentioned in the articles of regulation have a wide portrait. According to this regulation,member states shall adopt a national law to define them. Nevertheless, it should be emphasised on the fact that the Court of Justice of the European Union (‘CJEU’) in its Digital Rights Ireland ruling held that the Directive 2006/24 couldn’t ‘lay down any objective criterion by which to determine the limits of the access of the competent national authorities to the data and their subsequent use for the purposes of prevention, detection or criminal prosecutions concerning offences’ by simply referring ‘in a general manner to serious crime, as defined by each Member State in its national law.’

The access authority to set the identification of a third country national with the aim of security shall be allowed with the similar or same method to domestic databases. In any other way, there would be a presumption of a security threat for third country nationals.

The protection of the fundamental rights and the rights to privacy and data protection that mentioned in the European Union Charter of fundamental rights is not only applied for european nationals, the member states have to consult to the Charter for individuals whether or not they are a EU citizen, a third country national, a migrant or an asylum seeker.

The interoperability system establishes a centralised database that contains data about all the third-country nationals as well as biometric-sensible data. Because the pool of this IT system has an extended scale, the possibility of any kind of data breach heavily affects a very large number of individuals. In the case of passing such information ever to the wrong hands, the database could become a dangerous tool against fundamental rights. To build strong legal and technical safeguards, consequently, is needful. Being watchful is also essential as regards the purposes of the database as well as its conditions and modalities of use.

Regarding the criteria of impact assessment for the regulation, its essential principle is to combat identity fraud. Taking measures against identity fraud is a legitimate objective of public interest. However, the abovementioned solution – the establishment of a database with information about millions of third-country nationals – appears very intrusive in terms of the fundamental rights to privacy and data protection.

According to the General Data Protection Regulation(GDPR), personal data may only be collected for specified, explicit and legitimate purposes and must not be further processed in a manner that is incompatible with those purposes. The person concerned should be able to foresee the purpose why their data will be processed. On the contrary, since the scope of the regulation is very broad, the regulation appears to be against this article of the GDPR. Again for this reason, the regulation blur the boundaries between migration and the fight against crime and terrorism to a certain extent.

It is irrefutable that law enforcement authorities need to benefit from the useful tools to identify as quick as possible the perpetrators of terrorism activities and other serious crimes. However, in the case of promoting access to non-law enforcement databases for legal authorities, the interoperability might cause some situations that are not close to the fundamental right perspective. Routine access could be also turning point for violation of the principle of purpose limitation.

As reformed in complete compliance with fundamental rights, Interoperability could be practical instrument tool to address legitimate needs of competent authorities taking advantage of large scale information systems.

Related posts

The Death of Alexei Navalny: Symbol of Oppression?

On February 16th, Alexei Navalny, the Kremlin’s number one enemy, died in the Arctic penal colony while serving a 19-year sentence for…

The right to an effective remedy before an impartial judge: civil society on hostile ground

Since 2019, students at Polytechnique (Saclay) have been in revolt against energy giant Total. The company has long wanted to set up…

Gang violence: how do we get Haiti out of the crisis?

Haiti, “the pearl of the Antilles”, has hadto contend with extreme political instability for several years now. Its capital, Port-au-Prince, is in…
Subscribe to our newsletter!

Subscribe to get the latest information about our struggle to promote human rights.