T
he EDPS, Peter Hustinx, has been considering the
implications of the Commission’s Communication on improved
effectiveness, enhanced interoperability and synergies among
European databases in the area of Justice and Home Affairs.
The Communication was published in November and covers, in
general, three European databases:
- The planned Visa Information System (VIS) intended to be
a system for the exchange of visa data between Member States and
thus primarily an instrument to support the common visa policy. It
will also facilitate checks at the external borders and within the
Member States, assisting the exchange of data between Member States
on applications and on the decisions in respect of those
applications;
- The Schengen Information System (SIS) – the system that
currently enables competent authorities to obtain information
regarding certain categories of persons and property in relation to
the free movement of people and police cooperation. SIS II will
replace the current intergovernmental Schengen Information System
with EU legislation and enable the enlargement of the Schengen area
to the new Member States; and
- EURODAC – which stores the fingerprints of anyone over the age
of 14 who applies for asylum in the EU (except Denmark, for the
time being), in Norway and in Iceland. It was created in the
context of the development of an asylum policy common to all the
Member States of the European Union.
The Commission’s Communication tackles the technical issues
involved in the interoperability and synergies among these systems
and goes on to show how these systems could, in addition to their
existing roles, more effectively underpin the policies linked to
the free movement of persons and contribute to the fight against
terrorism and organised crime.
The Communication also looks into the possibility of taking
forward other initiatives, for example the establishment of a
system for monitoring entry and exit movements and a system making
it easier for frequent travellers to cross external borders, or the
creation of a European criminal Automated Fingerprints
Identification System (AFIS).
But according to the EDPS, there are a few data protection
concerns with the proposals.
The EDPS is concerned, firstly, that the term ‘interoperability’
is not properly defined in the Communication. He finds that the
term is used in the context of both the “common use of large scale
IT systems, but also with regard to possibilities of accessing or
exchanging data, or even of merging databases”.
This is regrettable, says Hustinx, as different types of
interoperability require different safeguards. The problem is acute
since the Commission plans to create new objectives for the systems
that will go beyond their original purposes and impact upon data
protection in new ways.
"The Commission argues that interoperability is a technical
rather than a legal or political concept,” he says. “This is
confusing and only serves to avoid fundamental issues.
Interoperable systems increase the risks for citizens, if such
systems allow for new access to their personal data. It is
essential to examine this more carefully and not hide it as a
technicality".
The EDPS is also concerned at the proposed use of biometric
data, such as fingerprints – or perhaps even DNA – as a unique
identification key. The accuracy of biometrics is overestimated in
this respect and it will facilitate unwarranted interconnection of
databases, he says.
Hustinx underlines that he needs to be consulted on any
legislative proposals that may stem from the Communication. He also
makes some specific observations, such as welcoming the
Commission's analysis that there shall be a much higher threshold
for access when internal security authorities query databases in
other domains than when they query criminal databases.
