The Schengen Information System and Border Control Co-operation: A Transparency and Proportionality Evaluation 9004162232, 9789004162235

Table of contents :
Table of Contents......Page 6
Figures......Page 14
Table of Cases......Page 16
Abbreviations......Page 20
Preface......Page 22
Part I: Background to the Research and the Schengen Co-operation......Page 26
1.1 Background......Page 28
1.2 Research Problem......Page 31
1.3 State of Research......Page 34
1.4 Research Challenges......Page 38
1.5.1 Research Method......Page 41
1.5.2 Legal Methods......Page 49
1.5.3 De lege lata and de lege ferenda......Page 60
1.6 Chapter overview......Page 61
2.1 Introduction......Page 64
2.2 Background......Page 65
2.3 Incorporation of Schengen Acquis into eU Law......Page 68
2.4.1 Negotiating Schengen......Page 75
2.4.2 Removal of Internal Border Controls......Page 76
2.4.3 Freedom of Movement of Persons and Immigration Policies......Page 77
2.4.5 Police Co-operation Policies......Page 79
2.4.6 Related Forms of Co-operation and Policies......Page 80
2.4.9 The executive Committee......Page 81
2.5 Schengen after Amsterdam: A Freedom, Security and Justice Paradigm......Page 82
2.6 11 September 2001 Aftermath: Re-emergence of the Security Paradigm......Page 85
2.7 Conclusion......Page 89
Part II: Theoretical Framework......Page 90
3.1 Introduction......Page 92
3.2 Constitutional Protection......Page 94
3.3.1 Un Charter......Page 96
3.3.3 ICCPR......Page 97
3.3.4 ECHR......Page 98
3.4.1 After Amsterdam Treaty......Page 99
3.4.2 The Charter of Fundamental Rights of the european Union......Page 103
3.4.3 The eU Constitution Treaty......Page 105
3.5 Conclusion......Page 107
4.1 Introduction......Page 110
4.2 Main Human Rights Privacy Provisions......Page 111
4.3.1 Gathering or Collection of Personal Information......Page 114
4.3.2 Retention or Storage......Page 118
4.3.3 Purpose of Information......Page 120
4.3.4 Use of Information......Page 121
4.3.5 Individual Access to Information......Page 122
4.3.6 Disclosure of Information......Page 124
4.3.7 Deletion of Information......Page 126
4.3.8 Conclusion......Page 127
4.4.2 Principles in determination of Violation......Page 130
4.5 Conclusion......Page 146
5.1 A Plethora of data Protection Laws......Page 148
5.2.2 Article 8 eCHR......Page 149
5.2.3 Council of europe Convention 1981......Page 150
5.2.5 EU directive 95/46 and Regulation 45/2001......Page 151
5.3 A Brief Comment on national data Protection Laws......Page 153
5.4.1 Development under Council of europe......Page 154
5.4.2 Development under EU Framework......Page 157
5.5 Conclusion......Page 159
6.1 Introduction......Page 160
6.2.1 Definition......Page 162
6.2.2 Data Processing......Page 167
6.3.1 General......Page 169
6.3.2 Individual Access Rights......Page 170
6.3.3 Controllers' Transparency obligations......Page 173
6.3.4 General exceptions and derogations to the Principles......Page 177
6.4.1 General......Page 180
6.4.2 Data Protection Interest Theory......Page 181
6.4.3 Data Protection Interest Catalogue......Page 182
6.4.4 Individual Access Interests......Page 183
6.4.5 Interest in Proportional Control......Page 184
6.4.6 Summary of Principles and Interests......Page 185
6.5 Principles in the Light of Interests......Page 186
6.5.1 Fair and Lawful Principle and Transparency......Page 189
6.5.2 Research Questions......Page 193
6.5.3 Fair and Lawful Principle and Proportionality Interest......Page 194
6.5.4 Research Questions......Page 199
6.6 Conclusion......Page 200
Part III: Information Systems......Page 202
7.2.1 Purpose and Policy Aims......Page 204
7.2.2 Legal Basis......Page 206
7.2.3 Organisational overview......Page 208
7.2.4 Data to be entered in the SIS......Page 214
7.2.5 Access to data......Page 217
7.2.6 Data Protection......Page 219
7.3.2 Legal Basis......Page 227
7.3.3 Organisational overview......Page 229
7.3.4 Functioning of Sirene......Page 230
7.3.5 Data Protection......Page 232
7.4 Conclusion......Page 233
8.2.2 Interference under Article 8 (1)......Page 234
8.2.3 In Accordance with the Law......Page 236
8.2.4 Legitimate Aims......Page 238
8.2.5 Necessary in a democratic Society......Page 239
8.3.1 General......Page 241
8.3.2 Fair and Lawful Principle and Transparency......Page 242
8.3.3 Fair and Lawful Principle and Proportionality Interests......Page 261
8.4.1 Transparency Questions......Page 279
8.4.2 Proportionality Questions......Page 281
8.5 Conclusion......Page 282
9.2.1 Introduction......Page 284
9.2.3 Legal Basis......Page 285
9.2.4 Organisational overview......Page 286
9.2.5 Protection of data......Page 287
9.2.6 Relation between Interpol System and SIS/SIRene......Page 289
9.3.1 Introduction......Page 290
9.3.2 Purpose and Policy Aims......Page 291
9.3.3 Legal Basis......Page 292
9.3.4 Organisational overview......Page 293
9.3.6 Data Protection......Page 298
9.3.7 Relation between eurodac and SIS/SIRENE......Page 303
9.3.8 Conclusion......Page 304
9.4.2 Purpose and Policy Aims......Page 305
9.4.3 Legal Basis......Page 306
9.4.4 Organisational overview......Page 307
9.4.5 Data to be entered......Page 309
9.4.7 Reception of data from and Communication of data to Third States and Third Bodies......Page 310
9.4.8 Data Protection......Page 312
9.4.9 Relation between europol and SIS /SIRene......Page 315
9.5.3 Organisational overview......Page 316
9.5.4 Data Protection......Page 317
9.6.1 Introduction......Page 320
9.6.3 Legal Basis......Page 321
9.6.4 Organisational overview......Page 322
9.6.5 Data Protection......Page 324
9.6.6 Relation between VIS and SIS/SIRENE......Page 325
9.7 A Combined Analysis of Cross-Border Police Systems......Page 326
9.7.1 Purpose......Page 327
9.7.2 Scope......Page 328
9.7.3 Technical Structure......Page 329
9.7.4 Data Recorded......Page 330
9.7.6 Integration of Systems......Page 331
9.7.7 Data Protection......Page 334
9.8 Conclusion......Page 335
Part IV: Border Control Technologies and Policies......Page 338
10.1 Introduction......Page 340
10.2 Identity Control and Its Justification......Page 341
10.3.1 Traditional Control Methods......Page 345
10.3.2 Biometrics......Page 352
10.4.1 Compliance with Article 8 ECHR......Page 373
10.4.2 Compliance with data Protection Principles......Page 376
10.5 Conclusion......Page 384
11.1 Introduction......Page 386
11.2 Categories of Persons Affected by Border Controls......Page 388
11.3.2 Control Points and the Controlled......Page 389
11.3.4 Control and Control Methods......Page 391
11.3.5 Information Systems......Page 398
11.3.6 Individual Protection......Page 399
11.4.2 Control Points and the Controlled......Page 400
11.4.3 Control Authorities......Page 401
11.4.4 Controls and Methods of Control......Page 402
11.4.5 Information Systems......Page 406
11.4.6 Individual Protection......Page 407
11.5.2 Control Points and the Controlled......Page 409
11.5.4 Controls and Methods of Control......Page 410
11.5.5 Information Systems......Page 415
11.6 Answering the Research Question in 6.5.4......Page 417
11.7 Conclusion......Page 418
Part V: Recommendations and Postscript......Page 420
12.2 Evolution of International data Protection Laws......Page 422
12.3 Binding Police and Border Control data Protection Law......Page 424
12.4.1 Introduction......Page 426
12.4.2 Transparency Principles......Page 427
12.4.3 Proportionality Principles......Page 430
12.5 Data Protection as a Human Right......Page 441
12.6 Future Research......Page 443
Postscript......Page 444
Appendix......Page 482
Index......Page 484

Citation preview

Transparency and Proportionality in the Schengen Information System and Border Control Co-operation

The Raoul Wallenberg Institute Human Rights Library Volume 32

Transparency and Proportionality in the Schengen Information System and Border Control Co‑operation by

Stephen Kabera Karanja

Leiden • boston 2008

Printed on acid-free paper.

issn: 1388-3208 isbn: 978 90 04 16223 5 Copyright 2008 by Koninklijke Brill NV, Leiden, The Netherlands. Koninklijke Brill nv incorporates the imprints Brill, Hotei Publishers, idc Publishers, Martinus Nijhoff Publishers and vsp. http://www.brill.nl All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, microfilming, recording or otherwise, without prior written permission from the Publisher. Authorization to photocopy items for internal or personal use is granted by Brill provided that the appropriate fees are paid directly to The Copyright Clearance Center, 222 Rosewood Drive, Suite 910, Danvers, ma 01923, usa. Fees are subject to change. printed in the netherlands.

Table of Contents





Figures

xiii





Table of Cases

xv



Abbreviations

xix



Preface

xxi



Part I: Background to the Research and the Schengen Co-operation

1 1.1 1.2 1.3 1.4 1.5 1.5.1 1.5.2 1.5.3 1.6

Introduction Background Research Problem State of Research Research Challenges Methods Research Method Legal Methods De lege lata and de lege ferenda Chapter Overview



2 An Overview of the Schengen Co-operation 2.1 Introduction 2.2 Background 2.3 Incorporation of Schengen Acquis into EU Law 2.4 Main Features of the Schengen Convention: A Security Paradigm 2.4.1 Negotiating Schengen 2.4.2 Removal of Internal Border Controls 2.4.3 Freedom of Movement of Persons and Immigration Policies 2.4.4 Asylum Matters and Policies 2.4.5 Police Co-operation Policies

1 3 3 6 9 13 16 16 24 35 36 39 39 40 43 50 50 51 52 54 54

vi

Table of Contents



2.4.6 Related Forms of Co-operation and Policies 2.4.7 The Schengen Information System 2.4.8 Data Protection 2.4.9 The Executive Committee 2.5 Schengen after Amsterdam: A Freedom, Security and Justice Paradigm 2.6 11 September 2001 Aftermath: Re-emergence of the Security Paradigm 2.7 Conclusion Part II: Theoretical Framework

55 56 56 56 57 60 64

65



3 Human Rights Law and Schengen 3.1 Introduction 3.2 Constitutional Protection 3.3 International Human Rights Protection 3.3.1 UN Charter 3.3.2 UDHR 3.3.3 ICCPR 3.3.4 ECHR 3.4 EC Human rights Law 3.4.1 After Amsterdam Treaty 3.4.2 The Charter of Fundamental Rights of the European Union 3.4.3 The EU Constitution Treaty 3.5 Conclusion

67 67 69 71 71 72 72 73 74 74 78 80 82



4 International Human Rights Information Privacy 4.1 Introduction 4.2 Main Human Rights Privacy Provisions 4.3 Determination of Interference under Article 8 §1 4.3.1 Gathering or Collection of Personal Information 4.3.2 Retention or Storage 4.3.3 Purpose of Information 4.3.4 Use of Information 4.3.5 Individual Access to Information 4.3.6 Disclosure of Information 4.3.7 Deletion of Information 4.3.8 Conclusion 4.4 Justification for Interference under Article 8 § 2 4.4.1 Introduction 4.4.2 Principles in Determination of Violation 4.5 Conclusion

85 85 86 89 89 93 95 96 97 99 101 102 105 105 105 121

Table of Contents



123 123 124 124 124 125 126 126 128



5 Data Protection Laws and Schengen 5.1 A Plethora of Data Protection Laws 5.2 International Instruments 5.2.1 UN Instruments 5.2.2 Article 8 ECHR 5.2.3 Council of Europe Convention 1981 5.2.4 Council of Europe Recommendation No R (87) 15 5.2.5 EU Directive 95/46 and Regulation 45/2001 5.3 A Brief Comment on National Data Protection Laws 5.4 Search for Binding Instrument on Data Protection in Police Sector? 5.4.1 Development under Council of Europe 5.4.2 Development under EU Framework 5.5 Conclusion



6 Data Protection Principles and Interests 6.1 Introduction 6.2 A Brief Comment on Personal Data 6.2.1 Definition 6.2.2 Data Processing 6.3 Data Protection Principles 6.3.1 General 6.3.2 Individual Access Rights 6.3.3 Controllers’ Transparency Obligations 6.3.4 General Exceptions and Derogations to the Principles 6.4 Data Protection Interests 6.4.1 General 6.4.2 Data Protection Interest Theory 6.4.3 Data Protection Interest Catalogue 6.4.4 Individual Access Interests 6.4.5 Interest in Proportional Control 6.4.6 Summary of Principles and Interests 6.5 Principles in the Light of Interests 6.5.1 Fair and Lawful Principle and Transparency 6.5.2 Research Questions 6.5.3 Fair and Lawful Principle and Proportionality Interest 6.5.4 Research Questions 6.6 Conclusion

135 135 137 137 142 144 144 145 148 152 155 155 156 157 158 159 160 161 164 168 169 174 175

Part III: Information Systems

7 The Schengen Information System and the SIRENE 7.1 Introduction 7.2 The Schengen Information System (SIS)

129 129 132 134

177 179 179 179

vii

viii

Table of Contents



7.2.1 Purpose and Policy Aims 7.2.2 Legal Basis 7.2.3 Organisational Overview 7.2.4 Data to be Entered in the SIS 7.2.5 Access to Data 7.2.6 Data Protection 7.3 SIRENE 7.3.1 Introduction 7.3.2 Legal Basis 7.3.3 Organisational Overview 7.3.4 Functioning of SIRENE 7.3.5 Data Protection 7.3.6 Relation between SIRENE and SIS 7.4 Conclusion

179 181 183 189 192 194 202 202 202 204 205 207 208 208

8



SIS Compliance with Article 8 ECHR and Data Protection Principles 8.1 Introduction 8.2 SIS and Article 8 ECHR 8.2.1 The Principle under Examination 8.2.2 Interference under Article 8 (1) 8.2.3 In Accordance with the Law 8.2.4 Legitimate Aims 8.2.5 Necessary in a Democratic Society 8.2.6 Conclusion 8.3 SIS and Data Protection Principles 8.3.1 General 8.3.2 Fair and Lawful Principle and Transparency 8.3.3 Fair and Lawful Principle and Proportionality Interests 8.4 Answering the Research Questions 8.4.1 Transparency Questions 8.4.2 Proportionality Questions 8.5 Conclusion

209 209 209 209 209 211 213 214 216 216 216 217 236 254 254 256 257



9 A Network of Related Cross-Border Information Systems 9.1 Introduction 9.2 Interpol Criminal Intelligence System (ICIS) 9.2.1 Introduction 9.2.2 Purpose and Policy Aims 9.2.3 Legal Basis 9.2.4 Organisational Overview 9.2.5 Protection of Data 9.2.6 Relation between Interpol System and SIS/SIRENE 9.2.7 Conclusion 9.3 Eurodac

259 259 259 259 260 260 261 262 264 265 265

Table of Contents



9.3.1 Introduction 9.3.2 Purpose and Policy Aims 9.3.3 Legal Basis 9.3.4 Organisational Overview 9.3.5 Access to Data Entered in the Central Database 9.3.6 Data Protection 9.3.7 Relation between Eurodac and SIS/SIRENE 9.3.8 Conclusion 9.4 Europol 9.4.1 Introduction 9.4.2 Purpose and Policy Aims 9.4.3 Legal Basis 9.4.4 Organisational Overview 9.4.5 Data to be Entered 9.4.6 Access to Data 9.4.7 Reception of Data from and Communication of Data to Third States and Third Bodies 9.4.8 Data Protection 9.4.9 Relation between Europol and SIS /SIRENE 9.4.10 Conclusion 9.5 The Custom Information System (CIS) 9.5.1 Purpose and Policy Aims 9.5.2 Legal Basis 9.5.3 Organisational Overview 9.5.4 Data Protection 9.5.5 Relation between CIS and SIS/SIRENE 9.5.6 Conclusion 9.6 Visa Information System 9.6.1 Introduction 9.6.2 Purpose and Policy Aims 9.6.3 Legal Basis 9.6.4 Organisational Overview 9.6.5 Data Protection 9.6.6 Relation between VIS and SIS/SIRENE 9.6.7 Conclusion 9.7 A Combined Analysis of Cross-Border Police Systems 9.7.1 Purpose 9.7.2 Scope 9.7.3 Technical Structure 9.7.4 Data Recorded 9.7.5 Access to Data 9.7.6 Integration of Systems 9.7.7 Data Protection 9.8 Conclusion

265 266 267 268 273 273 278 279 280 280 280 281 282 284 285 285 287 290 291 291 291 291 291 292 295 295 295 295 296 296 297 299 300 301 301 302 303 304 305 306 306 309 310

ix



Table of Contents

Part IV: Border Control Technologies and Policies

10 10.1 10.2 10.3 10.3.1 10.3.2 10.4

313



Border Control and Identification Techniques Introduction Identity Control and Its Justification Control Techniques Traditional Control Methods Biometrics Identification Techniques and Control Compliance with Article 8 ECHR and Data Protection Principles 10.4.1 Compliance with Article 8 ECHR 10.4.2 Compliance with Data Protection Principles 10.5 Conclusion

348 348 351 359



11 11.1 11.2 11.3 11.3.1 11.3.2 11.3.3 11.3.4 11.3.5 11.3.6 11.4 11.4.1 11.4.2 11.4.3 11.4.4 11.4.5 11.4.6 11.5 11.5.1 11.5.2 11.5.3 11.5.4 11.5.5 11.6 11.7

361 361 363 364 364 364 366 366 373 374 375 375 375 376 377 381 382 384 384 384 385 385 390 392 393

Border Control Legal Measures and Policies Introduction Categories of Persons Affected by Border Controls Control Beyond Schengen External Borders Introduction Control Points and the Controlled Control Authorities Control and Control Methods Information Systems Individual Protection Controls at the External Border Introduction Control Points and the Controlled Control Authorities Controls and Methods of Control Information Systems Individual Protection Control Inside Schengen Area Introduction Control Points and the Controlled Control Authorities Controls and Methods of Control Information Systems Answering the Research Question in 6.5.4 Conclusion

315 315 316 320 320 327

Table of Contents

Part V: Recommendations and Postscript

12 Post-11 September Protection of Individuals 12.1 Introduction 12.2 Evolution of International Data Protection Laws 12.3 Binding Police and Border Control Data Protection Law 12.4 New Data Protection Principles 12.4.1 Introduction 12.4.2 Transparency Principles 12.4.3 Proportionality Principles 12.5 Data Protection as a Human Right 12.6 Future Research

395 397 397 397 399 401 401 402 405 416 418





Postscript

419





Appendix

457





index

459

xi

Figures

Figure 1: Internet Sources Evaluation Criteria Figure 2: Determination of Interference under Article 8 § 1 Figure 3: Evaluation Model Figure 4: Technical Aspects and Functioning of SIS Figure 5: Authorities with Responsibility under Norwegian SIS Law Figure 6: Alerts Entered in SIS: 1999 - 2005 Figure 7: Annual Hits 2001 and 2004 Figure 8: Access to Data Entered in SIS: A Comparison Figure 9: Functioning of SIRENE in Austria Figure 10: Article 96 Alerts in the SIS, 1 February 2003 Figure 11: Authorities with Access in Member States Figure 12: Access Right Extremes Figure 13: Functioning of Eurodac Figure 14: Analytical Comparison of the Systems Figure 15: Control Places

Table of Cases

European Court of Human Rights Abdulaziz, Cables and Balkandali v. United Kingdom Judgment of 28 May 1985. Amann v. Switzerland Judgment of 16 February 2000. Barthold v. Germany (1985) 7 EHRR 383. C v. Belgium Judgment of 7 August 1996. Campbell v. United Kingdom (1992) 15 EHRR 137. Casado Coca v. Spain (1994) 18 EHRR 1. Dudgeon v. United Kingdom (1981) 4 EHRR 149. Friedl v. Austria Judgment of 31 January 1995. Funke v. France (1993) 16 EHRR 297. Gaskin v. United Kingdom (1988) 12 EHRR 36. Govell v. United Kingdom Judgment of 14 January 1998. Groppera Radio AG and Others v. Switzerland (1990) 12 EHRR 321. Halford v. United Kingdom (1997) 24 EHRR 523. Handyside v. United Kingdom (1976) 1 EHRR 737. Hertel v. Switzerland (1998) 28 EHRR 534. Huvig v. France (1990) 12 EHRR 528. Iatridis v. Greece Judgment 25 March 1999. Incal v. Turkey (1998) 29 EHRR 449. Klass and Others v. Germany (1993) 18 EHRR 305. Kokkinakis v. Greece (1993) 17 EHRR 397. Kopp v. Switzerland (1998) 27 EHRR 91. Kruslin v. France (1990) 12 EHRR 547. Lambert v. France (1998) EHRR 101. Leander v. Sweden (1987) EHRR 433. Lustig-Prean and Beckett v. United Kingdom Judgment of 27 September 1999. M.G. v. the United Kingdom App. No. 39393/98 Judgment of 24 September 2002. M. S. v. Sweden (1997) EHRR 313. Malone v. United Kingdom (1984) EHRR 182. McMichael v. United Kingdom (1995) 20 EHRR 205. Miailhe v. France (1993) 10 EHRR 332.

xvi

Table of Cases

Moustaquim v. Belgium (1991) 13 EHRR 212. Murray v. United Kingdom (1994) 19 EHRR 193. Nasri v. France (1995) 21 EHRR. Niemitz v. Germany (1992) EHRR 91. Open Door and Dublin Well Woman v. Ireland (1992) 182. P.G. and J. H. v. United Kingdom Judgment of 25.09.2001. Peck v. United Kingdom App. No 44647/98, Judgment on 28 January 2003. Perry v. the United Kingdom App. No. 63737/00 Judgment 17 July 2003. Pine Valley Developments Ltd v Ireland (1992) 14 EHRR 319. Rotaru v. Switzerland App. No. 28341/95 Judgment 4 May 2000. Silver v. United Kingdom (1983) 5 EHRR 347. Sunday Times v. United Kingdom (1979) 2 EHRR 245. Von Hannover v. Germany App. No. 59320/00 Judgment 24 June 2004. X v. Federal Republic of Germany, App. No. 8410/78. Z v. Finland (1997) 25 EHRR 371. European Court of Justice Case 101/01 Criminal Proceedings against Bodil Lindqvist (ECJ Case C-101/01) European Court of Justice, November 6, 2003. Case 11/70 internationale Handelsgesellschaft [1970] ECR 1125. Case 114/76 Bela-Muhle Josef Bergman v. Grows-Farm (the Skimmed-Milk Powder case) [1977] ECR 1211. Case 17/74 Transocean Marine Paint v. Commission [1974] ECR 1063 Case 17/74 Transocean Marine Paint v. Commission [1974] ECR 1063. Case 222/84, Johnston v. Chief Constable of the Royal Ulster Constabulary [1986] ECR 1651. Case 78/74 Deuka v. EVGF [1975] Case 130/75 Prais v. Council [1976] ECR 1589 Hüsyin Gözütok and Klaus Brügge, Judgment of 11 February 2003 in joined cases C187/01a. C-385/01. Opinion [1996] ECR I-1759. Österreichischer Rundfunk et al ECJ (Plenary session), 20 May 2003 joined cases C465/00, C-/138/01 and C-139/01. Stauder v. Ulm [1969] ECR 419. United Kingdom Michael John Durant v. Financial Services Authority [2003] EWCA Civ. 1746, Court of Appeal (Civil Division)), the Court of Appeal (UK). R v. Khan [1996] 3 AER 289.

Table of Cases

Germany The Unification Church of Germany (Vereinigungskirche e.V.), v. the Federal Republic of Germany, Judgment of Higher Administrative Court Rhineland-Palatinate 11A 10349/99. OVG. France, Conseil d’État 18.10.1996 Tribunal administratif de Paris v. Saïd No 9602674/4; 9602675/4/SE. 8.10.1998 Turker v. Prefet de l´Essonne No 983118. 9.6.1999 Mr Mrs Forabosco No 190384. 9.6.1999 Re: Hamssaoui No 198344. United Nations Human Rights Committee Toonen v. Australia, Communication No. 488/1992, U.N. Doc CCPR/C/50/D/488/1992 (1994).

xvii

Abbreviations

ASF

Automatic Search Facility

C.SIS

Central Schengen Information System

CAPPS

Computer Assisted Passenger Pre-Screening Systems

CAPS II

Computer Assisted Passenger Screening

CIS

Customs Information System

C-VIS

Central Visa Information System

DK

Danish Kroner (Danish Crown)

DPC

Data Protection Commission

EAW

European Arrest Warrant

ECHR

European Convention for Human Rights

ECJ

European Court of Justice

ECtHR

European Court of Human Rights

EDPS

European Data Protection Supervisor

EIS

European Information System

ELO

Europol Liaison Officer

EURODAC

European Dactylographic System

xx

Abbreviations

EUROPOL

European Police Office

EUT

European Union Treaty

ICT

Information and Communication Technology (ies)

IDENT

INS Automated Biometric Fingerprint Identification System

ILO

Immigration Liaison Officers

JSA

Joint Supervisory Authority

N.SIS

National Schengen Information System.

NCB

National Central Bureaux

NI

National Interface

Kripos

National Criminal Investigations Service (CSIS)

SIRENE

Supplementary Information Request at the National Entries

SIS

Schengen Information System

SIS II

Schengen Information System II

TEC

The Treaty establishing the European Communities

TECS

Europol Computer Systems

TEU

Treaty of European Union

US-VISIT

United States Visitors and Immigrant Status Indicator Technology

VIS

Visa Information System

Preface

This book resulted from a doctorial thesis presented at the Faculty of Law, University of Oslo, in January 2006. The research was an intellectual adventure filled with engaging and challenging moments. It started with the Masters Degree research in which privacy and data protection themes were central. Later, in research on Schengen co-operation, the same issues of privacy and data protection featured prominently. But since the latter was a preliminary study, I decided to undertake an in-depth research on the Schengen co-operation, which culminated in this work. The research was engaging because of many legislative, policy and institutional changes as well as technological advancements that shaped the Schengen co-operation during the research period, which corresponded with the formative years of the cooperation. Also there were tragic and decisive turning points in society such as the terrorist attacks on 11 September 2001 in the US, 11 March 2004 in Madrid and 7 July 2005 in London, which have influenced and shaped the developments in the border control co-operation. At the same time, the complexity and enormity of these changes did cast a shadow of frustration, as sometimes they ensued rapidly and it was at times a daunting task keeping updated and comprehending their significance. This research is mainly an evaluation work of the Schengen Information System and border control co-operation from a transparency and proportionality perspective. It also incorporates a legal descriptive analysis of the co-operation in order to accommodate the changes and developments that cropped up during the writing period. The transparency and proportionality perspectives are developed from human rights and data protection criteria. Transparency is understood as knowledge of and accessibility to legal information as well as openness and accountability. On the other hand, proportionality is a requirement for guidance, balance and justification as well as a need to avoid excessiveness and arbitrariness in border control work. The final findings reveal that the Schengen co-operation suffers from a deficiency of transparency and proportionality. Consequently, measures are proposed to mitigate the deficiency. Even as this study was reaching its conclusion, fundamental legislative changes, closely similar to some of the arguments and recommendations projected in this study, took place. The efficacy of these changes is yet to be discerned. The conclusion of this work, therefore, marks a beginning of new research possibilities in border control co-operation.

xxii

Preface

Although in this adventure I am the main character, it was not in any way an entirely lonely episode as on the way I encountered many compassionate people who extended a helpful hand. To all concerned, I would like to genuinely thank them for their contribution irrespective of the magnitude as all contributions had a role in the fulfilment of this work. At the same time, there are a few people whose engagement was extraordinary and I would like to acknowledge and thank them here for their specific role in this adventure. The usual disclaimer, however, applies as I carry entire responsibility for this work. It was a privilege to have had a generous supportive and empathetic supervisor, Professor Dag Wiese Schartum, Director of the Section of Information Technology and Administrative Systems (SITAS), Faculty of Law, University of Oslo. His contribution was outstanding as he did not limit his input to academic and intellectual aspects only. He extended to me an all-round academic, intellectual, emotional, and material support. Dr. Lee A. Bygrave, Associate Professor at the Faculty of Law, University of Oslo, gave tips and advice on the way. He also read and commented on parts of the manuscript concerning privacy and data protection. Ms. Guro Slettemark, Senior Legal Adviser Norwegian Data Inspectorate (Datatilsynet), was available for discussions and offered selected legal materials and most of all her practical experience and knowledge on Schengen co-operation. As one of the Norwegian representatives to the Schengen Joint Supervisory Authority, her practical experience and knowledge on the co-operation were invaluable. She also read and commented on parts of the manuscript on the Schengen co-operation. Professor Erich Schweighofer, the Faculty of Law, University of Vienna, was instrumental to interviews with Austrian authorities responsible for the Schengen co-operation especially the Schengen Information System. He was also kind enough to arrange and facilitate them as well as my stay in Vienna during the interviews. The Austrian Schengen authorities kindly accepted to be interviewed and provided illuminating information for which I am grateful. Senior Researcher Mr. Jens Petter Berg’s interest in Schengen issues was valuable in our discussions and interactions. Senior Research Fellow Dr. Peter Chukwuma Obutte was a source of inspiration and encouragement in the final stages of this book. Ms. Anne Gunn Berge Bekken, Librarian at the Knut S. Selmer Collections at Norwegian Research Center for Computers and Law (NRCCL) made available the literature I needed from the libraries. She did this with a kind smile, which was refreshing in an academic research environment. SITAS and NRCCL provided an international conducive research environment with researchers from various academic and cultural backgrounds. It is an environment full of a wealth of researchers. It boasts of many resident and short-term researchers as well as guest researchers who come and go all the time. I had the fortune of meeting and interacting with many of them. To all mentioned here, I would like to express my deepest appreciation. Special thanks also go to the administration staff at SITAS and NRCCL for their role in making this a good research environment and Professor Jon Bing in particular, for cultivating the unique international environment during his long-time service as the Director of the NRCCL and for the interest shown in my work. Ms. Julie Wille improved the legibility of this manuscript. She made sure that those missing letters, commas and words were where they were supposed to be. I thank her dearly.

Preface

This kind of research cannot be accomplished without financial support. I was privileged to receive full financial sponsorship and support from the Norwegian Research Council through the SKIKT program and additional support from the University of Oslo through the KTK program and other sources. I would like to sincerely thank them for the support. My acknowledgement too goes to the members of the adjudication committee of my thesis, for the Doctor Juris degree: Professor Charles D. Raab of Edinburgh University, Professor Yve Poullet of the University in Namur and Ms. Karin Bruzelius, Judge of the Supreme Court in Norway. Their critical comments and appraisal are highly valued. Finally, the cast in this escapade cannot be complete without the mention of my dear family: my wife Njeri and daughters Wanjiku and Nyambura. My deepest gratitude to you all for the supportive and encouraging role you played all along. Your moral, emotional and social support and most of all your companionship are highly valued. Stephen Kabera Karanja

xxiii

Part I: Background to the Research and the Schengen Co-operation

1

Introduction

1.1

Background

The introduction of co-operation within the framework of Schengen brought important changes in the police and border control co-operation landscape. Before this, police and border control co-operation was mainly a national affair. The advent of the Schengen cooperation, however, internationalised the co-operation in these sectors. The Schengen Convention enables the Contracting Parties to co-operate in various fields in crime and border control policies such as customs, police, immigration, and judicial and criminal justice co-operation. The aim of the Convention is to facilitate free movement of persons and goods across borders by removal of internal borders and enhancement of external border controls in order to combat illegal immigration and international crime. Charles Raab observes that the changes tend to follow a number of trajectories. He has identified four such trajectories:– “the elimination of internal borders; – the increase in international criminal activity; – a quickening, but frequently intermittent, pace of police co-operation, involving information exchanges; – the development of regulatory mechanisms, including data protection systems to safeguard the security of such exchanges as well as the privacy of individuals whose details are known to the police.” The trajectories seem to flow consecutively from each other. In his examples above, the trajectory of removal of internal borders leads to that of increase of international criminal activity, which in turn leads to police co-operation and exchange of information and finally to regulatory mechanisms. The number of trajectories may not, however, be exhaustive and it is not thought that he intended to restrict them to the four named. For the purposes of this study, Raab’s list of four will be expanded to six, adding two more: – a proliferation of border control information systems , and – enhancing the human rights protection regime.  

Karanja, S. K. (2001a) p. 139. Raab, C. (1995) pp. 257-265.



Chapter 1

Although he alludes to both in his trajectories, for the purpose of this study it is thought that they ought to be independent trajectories. The information system trajectory, though stemming from police co-operation, has its own dimensions - the technological aspect that gives it a different impetus and leads to proliferation of police and border control information systems. This study places the human rights trajectory at the same level as the data protection regulatory trajectory, as border control also raises general human rights issues and arguments for enhancement of human rights protection. Although one cannot discuss any one of the trajectories without touching on the others, the concern of this study is with the information systems and regulatory mechanism trajectories. National borders and border controls, as known today, are a nation-state phenomenon. States control national borders to protect national interests such as national sovereignty, national security, internal order and immigration. In general, border controls are geared toward a general enforcement of national law. The highest manifestation of national sovereignty interest is demonstrated by the refusal of foreign national border control authorities to extend their activities into foreign countries. Cross-border pursuit of criminals by foreign border control agencies has been a main bone of contention in border control co-operation. Cross-border co-operation has therefore been dominated by exchange of information as this does not lead to severe consequences for national sovereignty. Information gathered during border control activities as other activities concerning national security, remained in the control and national domain of the gathering country. Exchange of such information was only possible where bilateral agreements to that effect were in existence. Lack of widespread use of information systems may have hindered intense exchange of information. Exchange of information relied on the existing means of communication. Even as the use of computer and computerised information systems became pervasive, their application remained national in character, as international information systems were non-existent. As such, traditional methods of communication and exchange of information still dominated in cross-border information exchange, although computers and electronic information systems were used to collect and process information at the national level. This meant also that data protection remained a national affair because data laws were national in character. Further, early data protection laws tended to exempt border control activities from the application of data protection laws. Exemption clauses dealing with national security and public order matters were inserted in data protection laws which could mean removing the application of data protection laws in matters of border control. With the introduction of international information systems, however, data protection in cross-border co-operation has gained significance despite the slow developments. The   

Hebenton, B. and Thomas, T. (1995), p. 79. Karanja, S. K. (2001a), Oslo p. 31-38. See Article 9 of Council of Europe Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data within Europe, ETS no.: 108 of 1981, and Article 13 of the Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

Introduction

advent of international information systems such as the Schengen Information System (SIS) was triggered by other developments in cross-border interstate co-operation. Changes in crime pattern and character were a contributory factor. The advancements in transport and communication technologies made international interaction more efficient and effective. People became more mobile and the use of telephone, fax, email and (today) mobile telephone and Internet have simplified doing business across the globe without much physical movement or contact. On the other hand, criminal elements in society take advantage of these technological advancements to carry out and internationalise their illegal activities. The easing of internal border controls in Europe has also had its dimension in these developments. The removal of internal border controls has meant relaxing of control at the internal borders. Consequently, criminals, like other law-abiding members of society, have had a free area to roam without internal border controls. The removal of internal border controls in this sense created a security deficit problem, which required intense cross-border co-operation in order to counteract international crime and illegal immigration. Since successful cross-border co-operation heavily depends on better and more effective information exchange, international information systems have been seen as technical solutions to international crime. The international information systems trajectory has in turn attracted a regulatory trajectory within cross-border co-operation. The Schengen Convention is an example of an international attempt to regulate data protection in border control work. But it has its shortcomings because it relies on national data protection laws where its provisions are silent. Further, the Convention relies on the Council of Europe Convention as a minimum standard. These legislations, however, have their deficiency and it is not clear how far they apply to policing border and national security matters as they contain exemptions and derogations on public and national security. This may complicate data protection as many national laws and international legislation interplay. The application of the EU Directive to Schengen matters is also doubtful by reasons of the exemption in Article 3(2). Further, data protection and human rights are weighed against public interests and national security needs when it comes to border controls. In many cases, it is the former that suffers. This poses the question as to whether the multitude of data protection legislation is adequate in safeguarding privacy and individual rights, and facilitating information flow in a borderless Europe, where international and organised crime as well as illegal immigration are perceived to threaten the social fabric of these societies, markets and states.

   

SIS is presented in Chapter 7 below. NOU 1997:15 Etterforskingsmetoder for bekjempelse av kriminalitet. Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data ETS no. : 108 of 1981. Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data.





Chapter 1

The situation thus calls for a descriptive analysis of the Schengen Information System and border control co-operation, the role of information and communication technologies involved, as well as an explanation, evaluation and interpretation of the data protection laws and their effects on individual protection. The objective of this study is to investigate, describe, evaluate and analyse these concerns. 1.2

Research Problem

The Schengen co-operation objective is the removal of internal border controls in order to facilitate free movement of persons in the Schengen region. To achieve this aim, the Schengen Convention implements a number of compensatory measures, the most important one being the Schengen Information System. The goal of the SIS is to ensure security in the region; that is, to combat crime and control illegal immigration (7.2.). The introduction of these measures has been accompanied by palatable human rights arguments. It has been postulated that the measures are meant to ensure the rights for those entitled to them. Such rights are, for example, free movement, entry and refugee and asylum protection. The United Kingdom government in its White Paper “Fairer, Faster and Firmer – A Modern Approach to Immigration and Asylum” argues that, The fairer and efficient control of immigration is one of the most important tasks for any government. In one way or another, the operation of immigration control affects every citizen of this country. A modern immigration control must recognise the extent of international travel and seek to facilitate legitimate travellers as well as preventing people entering or remaining in the country if they have no right to do so. The key to modernising and streamlining the control is to see the system as a whole. In that way, the control can be operated more effectively to speed the passage of genuine travellers and to target resources on those seeking to evade the control.10

The Schengen police and border control co-operation is built on the same premise of ensuring the rights for those entitled to them, and denying them to those not so entitled. While it is necessary to facilitate the enjoyment of rights to those entitled, that zeal should not lead to a situation where rights are accorded to some and denied to others. Such a scenario can easily lead to “pitting human rights against human rights”. The position taken in this study is that all persons are entitled to human rights. The rights may differ, but each category of persons has its own rights that should be availed to them. For example, while some are entitled to the right to enter, free movement and protection from persecution, those denied these rights are nevertheless entitled to the right of fair treatment. To deny them this right would be to deny them their human rights. Seen from this perspective, the compensatory measures incorporated in the Schengen co-operation may pose a serious threat to the protection of individuals and their rights. The aim of this study is to examine whether there is fairness in the Schengen Information System and border control co-operation. It does this by investigating the transparency and proportionality of the police and border control measures. It tries 10 July 1998, Cm 4018. The Stationery Office p. 2.

Introduction

to answer the question – is the Schengen police and border control co-operation accompanied with adequate human rights safeguards for the individuals involved? In the words of Scott, what we need to find is a balance between two key needs: First, the need of society to protect itself from individuals and groups that might otherwise harm it through crime, fraud, terrorism, and serious irresponsible behaviour; and second, the need for individuals to be protected from an overprotective, domineering, controlling, invasive society.11

In the case of Klass and Others v. Germany, the European Court of Human Rights (ECtHR) stated that, “a law may pose danger of undermining or even destroying democracy on the ground of defending it.” It affirmed that “the Contracting Parties may not, in the name of the struggle against espionage and terrorism, adopt whatever measures they deem appropriate.”12 In the same manner, this study contends that the Schengen Member States should not, in the name of combating crime and controlling illegal immigration, adopt whatever measures they deem appropriate. As the Court further observed, “the Court must be satisfied that, whatever system of surveillance is adopted, there exist adequate and effective guarantees against abuse.”13 In the light of the foregoing, it is the aim of this study to survey and analyse the extent of information exchange, as well as internal and external controls imposed in the Schengen co-operation area.14 The study also examines legal safeguards which exist on the international and EU level (not on the national level) with the aim of suggesting further safeguards, in order to provide adequate human rights and personal data protection. Before discussing the limits required, it is necessary first of all to identify the competing interests in border control. Once identified, it may be possible to see what limits are feasible. The main competing interests in the Schengen co-operation are the need for removal of internal borders on the one hand, and the need to ensure security on the other. The removal of internal borders is justified by ensuring free movement of persons, a desirable goal in the creation of a single internal market and the integration within Europe.15 The dismantling of internal borders, however, has led to a construction of an internal security deficit ideology, based on the idea of a permanent security deficit as a result of the removal of borders.16 It is argued that a Europe without internal borders would become a haven for criminals and illegal immigrants. Terrorists, fugitive bank robbers, international criminals and those trading in illicit substances and illegal immigration could exploit the removal of internal borders to their advantage. Parallel to the internal 11 12 13 14

See Scott, G. G. (1995), p.6. (1983) 18 EHRR 305 § 49. Ibid. See, Part III & IV for a full discussion on information exchange and the controls carried out in the Schengen area. 15 See, Article 8A of the Treaty establishing the European Community, 1957. OJ C 325/33 24 December 2002. 16 Hebenton, B& Thomas, T. (1995), p. 2.





Chapter 1

security deficit has developed the idea of compensatory measures to combat the evils arising from the removal of internal borders. As Klaus-Peter Nanz observes, “in the mid 1980s, the thinking on compensatory measures necessary for the abolition of internal border controls focused on the idea that checks at internal borders had to be shifted to the external borders”.17 Compensatory measures are therefore seen as a sine qua non in the removal of internal borders.18 In other words, the removal of internal borders should not take place until there is an agreement on the compensatory measures. As Hondius has noted, “compensatory measures are the price to be paid for liberalising internal borders”.19 As such, the need for removal of internal borders and the requirement for compensatory measures in order to ensure internal security are legitimated. Both needs, however, seem fundamentally opposed. The dilemma posed by the two competing interests, the removal of internal borders and the need to combat crime and illegal immigration, is clearly demonstrated by the legal political debate that ensued at the advent of the Schengen co-operation. On the one side were the Schengen co-operation optimists who stressed the “obvious” benefits of free movement and crime prevention. It was argued that the Schengen co-operation allows free movement of persons because there are no passport checks at the internal borders. Further, the co-operation creates a better opportunity for combating crime and illegal immigration through police co-operation, exchange of information using the SIS and co-operation in other fields of criminal and judicial justice. These are powerful arguments to counter given the existing fear (real or imagined) among the European population of the increase in crime and illegal immigration. On the opposite side were the Schengen co-operation sceptics. They argued that the Schengen co-operation creates a police state and a “fortress Europe.” Inside, the Schengen area surveillance on society in general will intensify. While on the outside, “fortress Europe” will close doors to asylum seekers and legal immigration from Third countries. In addition, the Schengen co-operation threatens to interfere with individual rights and privacy as personal data are collected, stored and exchanged through information systems such as the SIS without adequate procedural and institutional safeguards. Other criticisms were directed to the lack of democratic control as the European Parliament and the European Court of Justice were left out. These and the fact that the agreement was reached in secret, it was argued would undermine data protection and individual rights.20 This study aims at achieving the following results. 17 Nanz, P. K. (1995), p.33 18 Article 17 of the Schengen Agreement of 1985; ‘In regard to the movement of persons, the Parties shall endeavour to abolish, the controls at the common frontiers and transfer them to their external frontiers. To that end, they shall first endeavour to harmonize, where necessary, the laws and administrative provisions concerning prohibitions and restrictions which form the basis for the controls and to take complementary measures to safeguard security and combat illegal immigration by nationals of States that are not members of the European Communities.’ 19 Hondius, F. W. (1993), p. 154. 20 See Chapter 2.

Introduction

– – – –

1.3

Carry out a descriptive analysis of the Schengen Information System and border control co-operation and, in particular as regards border control information systems (Parts I, III, and IV). Understanding the relationship between data protection and human rights. Data protection as a human right (Parts II and V). The role of data protection and human rights in the Schengen and international police and border control co-operation (Parts III & V). Better understanding and improvement of data protection and human rights and in particular in police and border control co-operation. This leads to recommendations to improve data protection and the human rights situation in police and border control co-operation (Part III and Part V). State of Research

Research on the Schengen co-operation in general is relatively new, spanning a period of two decades since 1985 to the present. This relatively short epoch, however, can be divided into two stages with 1997 as the dividing date line. The research before 1997 can be classified as dealing with the old Schengen before the incorporation into the EU legal system in 1997. The research after 1997 comprises the new Schengen, after the incorporation into the EU legal framework. After 11 September 2001, literature focusing on biometric data and technologies in border control and police co-operation surged and is of interest as it addresses some of the changes taking place in the Schengen co-operation. The literature is reviewed where necessary. Early literature on Schengen was about the formative years of Schengen, especially after 1990. The main characteristic of the literature during this period is the severe criticism levelled against the Schengen Convention for lack of accountability, democratic and judicial control, and the attempt to understand how the Convention will affect various co-operations proposed in the Convention, such as police, immigration and asylum, exchange of personal data and judicial and criminal co-operations. The literature in the later period addressed the transition period after the incorporation. The transition period was expected to take five years, so the period came to an end in May 2004. The main characteristic of the literature from this period is an attempt to understand the post-Amsterdam Schengen and how the incorporation affects the various co-operations. The most important aspect that is not addressed comprehensively in both periods is the status of data protection and human rights. The main works during the two periods can be classified under five headings below. It must be added, however, that the list of literature presented here is not exhaustive. It has been selected to include mainly the literature relevant to this research. For example, reports, opinions, policy papers and studies of various governmental, non-governmental bodies and public bodies involved in the implementation of police and border control co-operation have not been reviewed but they are actively used in the study. Firstly, a collection of articles into single volumes: this is mainly comprised of articles from conferences, symposiums and seminars on Schengen. Here one could identify work edited by authors such as Henry G. Schermers et al. (1993), H. Meijers et al. (1992) Malcolm Anderson and Monica Den Boer (1994) and Malcolm Anderson et al.



10

Chapter 1

(eds). The first work comprises articles on free movement of persons in Europe with two short articles on Schengen Information System, Privacy and Legal Protection. The collection is a result of a conference organised in 1991. The second is concerned with internationalisation of the central chapters of law on aliens, refugees, privacy and the police. The work has one short article on Privacy Aspects of the Convention Applying the Schengen Agreement and another on Schengen and the Rule of Law. The third is a series of articles on policing across national borders. Two of the articles are devoted to data protection and the SIS. The three volumes are among the pioneer works in the area. The articles are critical analyses of various aspects of the Schengen Convention, police cooperation, immigrations, refugees and asylum seekers policies, judicial and criminal cooperation, and the SIS and protection of personal data. The fourth examines the major empirical and theoretical issues associated with the emerging pattern of co-operation, including the harmonization of criminal law and criminal procedures, law enforcement strategies, police organization and discipline, and the politics of immigration and civil liberties. Another book under this category is edited by Monica den Boer (1997), dealing with implementation of Schengen. It touches on general issues and specific issues of implementation of Schengen during the period prior to 1997 such as judicial control and legal harmonization, asylum and immigration, international police cooperation as well as short comments on data protection issues. Another notable work is also edited by Monica den Boer (1998). As the title of this volume “Schengen’s final days?” suggests, the material in the book deals with the transition period just before the incorporation of Schengen into the EU legal framework. The concern then was how the incorporation was to take place and its consequences. Some of the presentations were directed to the issues of incorporation and the negotiation process. Other parts of the book are devoted to issues of security at the external borders and the Schengen Information System and data protection. After 1997, new books under this category emerged. First they attempted to put the incorporation into perspective and to look to the future. Among the first title to appear was the book edited by Monica den Boer et al. (1998) that addressed the post-Amsterdam issues of flexibility and legitimacy. Another book is edited by Clotilde Marinho (2001) and deals with post-Amsterdam issues of asylum, immigration and Schengen. Monica den Boer (2000) also edited a new Schengen theme series of articles on the status of Schengen after incorporation, under the title Schengen Still Going Strong which is a study of Schengen after the incorporation. Cyrille Fijnaut et al. (eds.) (2004) edited a book on Legal Instruments in the Fight of International Terrorism; it addresses the main legal aspects of the fight against international terrorism, namely police and judicial cooperation (including mutual legal assistance, extradition and the role of entities like Europol and Eurojust), financial initiatives (e.g. by the UN Security Council, the FATF and the EU), human rights and rule of law issues (such as trial by military commissions, detention of alleged unlawful combatants and others, state of emergency derogations, due process, the death penalty and privacy). Secondly, single standing articles on data protection: A number of privacy scholars during this early period published articles commenting on the Schengen Convention and data protection. Two articles can serve as examples here: Jos Dumortier (1992) and Peter Blume (1992). Both articles are critical commentaries on data protection in

Introduction

the Schengen Convention. Jos Dumortier’s article describes the Schengen Information System and how it functions as well as data protection problems that may be anticipated. Peter Blume’s article comments on data protection in the Convention in relation to the Danish data protection law. Another article was written by W. A. Tupman (1995), and deals with cross-national criminal databases. Single articles on Schengen after 1997 dealt with the evaluation and implementation of Schengen, especially with case law on Schengen addressing issues of judicial control. Three such articles are by Elspeth Guild (1999) on adjudication of Schengen and national control in France, Agnes Hurwitz (2000) in Belgium, and Helen Staples (2000) in the Netherlands. Some of the cases reviewed in these articles deal with data protection and have been used in the study. The author of this work has also written an article, S. K. Karanja (2002), on Schengen implementation based on a series of interviews with Schengen authorities in Austria. The article is a critical analysis of data protection under the Schengen regime at the time. It is also used as point of reference in this study. Prior to 11 September, Ann Cavoukian had written a number of articles on biometrics, privacy, human rights and policing. After 11 September, there was an upsurge of interest in biometrics in police and border control co-operation and a number of articles have appeared. Jonathan P. Aus (2003) looks at the political, control and self-determination issues in the use of fingerprints in Eurodac in the article Supranational Governance in an area of freedom, security and justice: Eurodac and the politics of biometric control. Paul de Hert (2005) writes on Biometrics: legal issues and implications, where he gives an analysis of the legal issues with regard to the application of biometrics in Europe. He concludes that although human rights law and data protection law establish a legal framework for the assessment of the legal implication of biometrics, the framework is incomplete. Julian Ashbourn (2005) in his paper the social implications of the wide scale implementation of biometrics and related technologies is concerned with the effects of technology on people’s lives. He focuses not on the immediate implications only but long term societal implications of biometric technologies. Thirdly, books on police co-operation: The Schengen Convention produced a healthy amount of research on police co-operation. Since police co-operation relies heavily on exchange of information, these books also commented on data protection. In depth study on data protection, however, was still lacking. Some works can be mentioned here: Bill Hebenton and Terry Thomas (1995), and Thomas Mathiessen (1996) and (1997). Books on police co-operation continued to appear in post-Amsterdam, but now the concern had shifted to the consequences of incorporation of Schengen into the EU legal framework on police co-operation. A good example here is the book by Frank Arne Sandsund (2001) on international police co-operation and the role of the Schengen Convention. Fourthly, dissertations and theses: A doctoral dissertation was published during the early period by Chantal Joubert and Hans Bevers (1995). It is a comparative interpretation of the Schengen provisions on international police co-operation in the light of European Convention on Human Rights. Unfortunately, it does not deal extensively with data protection. Another doctoral thesis was by Rainer Oberleitner (1998) on Schengen und Europol: Kriminaliätsbekämfung in einem Europa der inneren Sicherheit (Schengen and Europol: Combating crime in A Europe of internal security). The main concern of the

11

12

Chapter 1

thesis is police co-operation, especially within the Europol framework. It also touches on Schengen briefly. The interesting part relevant to this study is a short description of tasks and aims of Europol and the reference to further development and the relations between Europol and the Schengen Agreement as well as Interpol. It omits, however, the main area covered by this study: the Schengen Information System and protection of personal data. This author has not come across any other doctoral thesis on Schengen. Theses on the Master degree level could also be available, but a decision was taken to limit research on doctoral theses only due to their advanced level of research. The lack of a doctoral dissertation on the Schengen Information System commenting and analysing the situation of data protection, prompted the choice of topic. Fifthly, other books on Schengen: A number of general works on the Schengen Convention are also found. They also briefly commented on data protection. These titles deal with different topics on Schengen, but not necessarily the Schengen Information System and data protection, and therefore, although they are important issues, they are not directly related with the concern of this study. Some of the books are Ståle Eskeland (1997) Grunnloven og Schengensamarbeidet (the Constitution (Norwegian) and Schengen Co-operation) and Eric Boe and Fredrick Sejersted (1999) Schengen og grunnloven (Schengen and the Constitution (Norwegian)). Another interesting research work that does not fall in any of the categories above is a case study report on how the Schengen Information System is operating in practice in four Schengen member countries, by Justice (2002). The study is a critical analysis of the Schengen system from a data protection and human rights perspective. Although the work has similarities with the approach adopted in this study, there are important differences. The case study scope is limited to the investigation of the operation of the Schengen Information System. This work, however, adopts a broader perspective of Schengen even though the Schengen Information System is the main object of study. As what affects individual rights is the entire border control mechanisms and regime, to understand what is happening, so as to adopt effective safeguards, one has to see Schengen in its totality. This work also looks beyond the current SIS infrastructure into the future SIS II structure and the anticipated Visa Information System and how these changes will affect data protection. In this sense, this study is more current and up-todate. The aforementioned study will be used, however, as a basis and supporting material for analysis and critique of data protection in the SIS. Research covering both periods reveals a dearth of literature comprehensively dealing with issues of cross-border information systems, data protection and human rights. The study was conceived to address this anomaly and fill the gap by presenting a systematic analysis of the Schengen Information System, human rights and data protection. It also differs from the other researches because it attempts to bridge the two epochs and give a comprehensive picture of the development of Schengen to the present, but limiting itself to matters that were addressed before 30 April 2005. The author has tried to bring the study up-to-date to this point. Any matters that are accomplished after this date may not be reflected in the study. So, from this perspective, one can conclude that this study is a relatively well updated work on the Schengen co-operation. Literature in the first epoch would mostly be out of date with a few exceptions, especially, regarding matters that have not been affected by incorporation. Although the study is mainly

Introduction

concerned with the issues of data protection, it tries to bring under one title a multitude of issues dealt in a scattered manner by literature reviewed above. It therefore attempts to illustrate how the issues are interconnected with data protection and human right questions. In order to achieve this goal, a number of challenges and limitations were encountered and are addressed in the next section. 1.4

Research Challenges

The research on Schengen has been challenging because this is an area that has been evolving and developing constantly. The Schengen legal, technological and policy environment has been in a state of flux. It has therefore been a major challenge to keep track and updated with all the changes. In addition, the descriptive analysis adopted in this study has also meant making a choice between extensive and intensive study. Apart from update and approach challenges that will be addressed shortly in detail, other challenges have been encountered, too. Firstly, the availability of research material in the traditional paper form has been a challenge due to the rapid changes and therefore it would have taken a long time to acquire these materials in paper form. In addition, research on Schengen has been relatively new and therefore not much literature has been written as the state of research above indicates. The development of Internet technology, however, has alleviated the situation and therefore Internet has been heavily relied upon as a source of research material. But the Internet also has it challenges as a source of research material. These challenges are addressed below in 1.5.1.2. Secondly, language has been a challenge because Schengen literature tends to be written in Member States languages and the author does not have knowledge of all Member States languages. Language has therefore influenced the choice of literature used in the study, as addressed below in 1.5.1.3. It was intended to make personal interviews an important research method, but the lack of response to requests for interviews from the Norwegian Schengen authorities meant that it was necessary to downplay this method. These challenges are also addressed below in 1.5.1.4. The update challenges have been on three fronts: legal, policy and technology. The changes on the three fronts are intertwined and will be addressed together. When this research began, a major change had just taken place in Schengen. In 1997, parts of Schengen were incorporated into the European Union legal framework. From the start, focus had to shift from the known intergovernmental Schengen to the new environment where Schengen was governed by two legal regimes: the intergovernmental law, Third Pillar and the European Community law, First Pillar. At the same time, it was decided to leave the Schengen Information System (SIS) under the intergovernmental (Third Pillar) law, although its legal base was clearly dual. The changes brought by the Amsterdam Treaty meant that one had to keep abreast with legal and policy changes in the two legal bases. In addition, the period between 1997 and 2004 was a transition period, when the changes brought about by the Amsterdam Treaty had to be implemented. This period was characterised by adoption of new legal rules and policies, where the Council issued numerous decisions that repealed and replaced the decisions by its predecessor, the Schengen Central Committee, as well as numerous new decisions.

13

14

Chapter 1

Among the main legal changes that also affected policy matters are the amendments to the Schengen Convention.21 The changes affected the SIS, police and border control co-operation policies, especially immigration, and border crossing policies. Other changes were technological, especially the legislation for a new SIS II system to replace the current SIS,22 the proposal for a visa information system23 and introduction of biometrics in travel documents and border control technologies.24 Most of these changes are reflected and incorporated in the study. The major challenge, however, has been to keep abreast with the changes because at first they appear as proposals which one must incorporate in the study at that stage, and later, when the proposals are confirmed, sometimes with amendments, one has to make alterations to reflect the new reality. This exercise has been particularly arduous. Fortunately, the Internet has been handy here. A habit was formed of searching the Internet for new Schengen information weekly, using search engines and visiting Schengen-related websites, especially “Europa – European Union Online”25, “Statewatch”26 and other known web sites. One invaluable aid, however, was the subscription to “Statewatch News Online” weekly e-mail. The e-mail contained the most recent and new developments in the European Union, especially on the Schengen/EU police and border control co-operation. Without the weekly email, it could have been extremely difficult to track and keep abreast, without delays, with the numerous changes in this rapidly evolving area. As stated above, the update of the study incorporates changes prior to 30 April 2005. Very important changes with fundamental consequences to the study, however, occurred when the Commission issued proposals on SIS II legislation. The legislation was issued on 31 May 2005 and is contained in two European Parliament and Council Regulations and a Council Decision.27 These changes repealed and replaced the existing 21 Council Regulation (EC) No 871/2004 of 29 April 2004 concerning the introduction of some new functions for the Schengen Information System, including in the fight against terrorism; and Council Decision 2005/211/JHA of 24 February 2005 concerning the introduction of some new functions for the Schengen Information System, including in the fight against terrorism. 22 Council Decision of 6 December 2001 on the development of the second generation Schengen Information System (SIS II) 2001/886/JHA; and Council Regulation (EC) No 2424/2001 of 6 December 2001 on the development of the second generation Schengen Information System (SIS) II. 23 Proposal for a Regulation of the European Parliament and the Council concerning the Visa Information System (VIS) and the exchange of data between Member States on short stayvisas, COM(2004) 835 final; and Proposal for a Council Decision establishing the Visa Information System (VIS), COM(2004) 99 final. 24 Council Regulation (EC) No 2252/2004 of December 2004 on standards for security features and biometrics in passports and travel documents issued by Member States: and Proposal for a Council Regulation on standards for security features and biometrics in EU citizens’ passports, COM (2004) 116 final. 25 http://europa.eu.int/. 26 http://www.statewatch.org/news/. 27 Proposal for a Regulation of the European Parliament and the Council on the establishment, operation and use of the second generation Schengen Information System (SIS II),

Introduction

legal base of the current SIS. The consequence for this work is that the changes could render it out of date since it is based on the existing SIS law. The changes made, three options were possible. – First, to ignore the changes, leave the study the way it was and add a declaration that the changes included were prior to 30 April. This choice, however, was the least desirable because it lacked honesty and an appreciation of the fact that that the new changes are fundamental and the consequences are profound for the study. – The second option was to go back and update the study chapter by chapter so as to reflect and incorporate the new changes. In view of how arduous such an exercise can be and the desire to bring this work to a conclusion, this option was discarded. – The third option was to make footnote comments about the changes throughout the study and finally write a postscript chapter explaining these changes and how they affect the contents and findings of the study. This option was the most appealing and after discussion with the supervisor, colleagues and other persons this option was adopted. As such, the updates are included in the footnotes where the changes are explained in relation to the issue at hand and a postscript chapter at the end of this study. The choice was found acceptable because the era that is covered in the study is a very important development stage in the Schengen and EU police and border control co-operation. At the same time, there is no other comprehensive work that covers the developments in this period as this study does. As such, the study is not only an important account and analysis of the changes, but it is of historical value. It is also a link between different epochs in the development of Schengen, and as such an indispensable document for anyone who would like to learn the history and past legal developments of Schengen. The postscript chapter connects the study with the future and therefore offers researchers a starting point for future research on Schengen. Changes also occurred in other areas related to Schengen, especially in matters concerning refugees and asylum seekers. The changes were triggered by the Amsterdam Treaty that transferred matters concerning refugees and asylum seekers from the Third Pillar to the First Pillar. As a consequence, instruments previously adopted under the Third Pillar as Conventions, for example, the Eurodac and Dublin Convention, changed to Regulations as they had altered legal bases. This entailed, therefore, incorporating the changes in the study. Another challenge has been the choice between an extensive and an intensive study. Both approaches have their advantages and disadvantages. In this work, it has been decided to carry out an extensive study of the Schengen police and border control co31.5.2005 COM(2005) 236 final 2005/0106 (COD); Proposal for a Council Decision on the establishment, operation and use of the second generation Schengen Information System (SIS II), 31.5.2005 COM(2005) 230 final 2005/0103 (CNS); and Proposal for a Regulation of the European Parliament and the Council regarding access to the second generation Schengen Information System (SIS II) by the services in the Member States responsible for issuing vehicle registration certificates, 31.5.2005 COM(2005) 237 final 2005/0104 (COD).

15

16

Chapter 1

operation. The advantage has been being able to deal, side by side, with many aspects of the co-operation, but the disadvantage is the lack of detailed and deep study of these aspects. That notwithstanding, the work is interesting because it brings together various aspects of the co-operation to create a common picture and understanding. The literature on Schengen tends to deal with distinct aspects of the co-operation in detail. The relationship between these aspects and details has been lacking and this descriptive analysis aims at filling this gap. The choice of an extensive study has also meant remaining on the international and EU levels of the co-operation and not descending to the national level, which is complicated by the application of different national laws and cultures. Personal reasons of lack of knowledge of the EU Member States languages have also dictated the choice for an international and EU approach. Consequently, the study concentrates on the analysis of Schengen police and border control co-operation from an international and EU perspective. National laws, and especially Norwegian laws, are used only for reference and example purposes as there has not been any in-depth study on them. 1.5

Methods

1.5.1

Research Method

1.5.1.1

Introduction

Research for this work began in April 1998; however, the idea to do a doctoral study in the area was triggered after undertaking a preliminary research project on Norwegian border control between October 1996 and March 1998.28 Some of the themes identified in that work have been developed and deepened in this study. The study is also a further development of a theme on regulation of new information technologies started in the author’s Masters Degree thesis.29 The research approach followed is that of identifying, surveying, analysing and evaluating documents on Schengen and cross-border control using data protection and human rights criteria. The documents identified and analysed include, among others, legal texts, policy papers, reports, journal and book texts and speeches. The bibliography, footnotes and table of cases indicate the material heavily relied on. This approach was decided on because research in Schengen issues was relatively new, starting in 1985 and therefore few systematic works on the area existed, especially in the English language. Also, as will be shown later, there exists few traditional research sources such as indexes in the area. Consequently, the study especially the bibliography has been selected with this in mind and is supposed to serve as a starting point for researchers wanting to locate Schengen research sources. As noted above, traditional research methods of locating material through indexes has not been fruitful because of near lack of such indexes. Even where general legal indexes were available, they lacked clear reference to Schengen sources and sometimes came a little later than one would have expected. Of course, the search for sources has been made 28 Karanja, S. K. (2001a), pp1-157. 29 Karanja, S. K. (1995).

Introduction

more effective and less time-consuming by computerisation, but as Jon Bing observes, information systems have no value in themselves. 30 It is the use to which one can put them to that count. Searching for Schengen in the Norwegian library computer databases network BIBSYS only reveals a handful of titles. At the onset of writing this study, the search for the term “Schengen” often returned less than ten items. Today this has risen to more than 83 items.31 Most of the titles, however, deal with aspects of police co-operation, immigration, refugees and asylum seekers, constitutional, SIS, and other issues. There is therefore a dearth of writings on data protection and human rights issues. The lack of availability of direct Schengen sources could also be attributed to the fact that Schengen-related issues have been treated under other major topics such as police co-operation,32 crime and immigration control,33 asylum and refugee policies,34 data protection, human rights and so on. In that case, one has to widen the search criteria to cover these fields. What follows are the research methods used in this study. The chronological order used below, however, does not indicate the importance attributed to any one method over the other. 1.5.1.2

Internet

The Internet has proved to be an invaluable method of research. The almost explosive use of the Internet in recent years has meant that it has become a major medium for fast dissemination of information. Publishing software such as Microsoft Word (for DOC files) and Adobe Acrobat (for PDF files) has transformed Internet publishing, one need not rely any longer on complicated html scripts. Even this has been simplified so that users with limited html knowledge could easily publish. The Internet provides access to countless documents published by different people throughout the world. Internet is not exclusive to experts or the wealthy. Anybody with access to it and with minimum knowledge of use of the Internet can publish. While this is an advantage, it has its weaknesses. Firstly, not all who publish on the Internet are experts in what they write. Some sites portray high professionalism and expertise while others are amateur efforts. As a researcher, one must always bear this in mind. As with any information resource, it is important to evaluate what one finds on the Internet. Unlike most traditional information media (books, magazines, organizational documents), no one has to approve the content before it is made public. It’s the job of a researcher, to evaluate what one locates in order to determine whether it suits ones needs. Four criteria have been employed to evaluate the Internet sources and information located. The four criteria, with questions that guided the choices, are reproduced in 30 Bing, J. (1989). p. 95. 31 Search done on 19 February 2007. 32 Most recent works on police co-operation often feature topics on Schengen police co-operation. 33 The European Journal of Migration and Law has dealt with a wealth of Schengen topics. 34 Although asylum and refugee matters are, to a large extent, treated under the Dublin Convention, some Schengen policies such as the carrier liability, visa and SIS directly affect asylum seekers and refugees.

17

18

Chapter 1

Figure 1 below. The evaluation criteria are a combination of different aspects from two Internet sources. 35 The approach to the problem of authority and authorship was to rely mainly on official sites of organisations and bodies offering expert opinions, writings and publications in the area in question. Information was critically evaluated to determine whether it was clearly biased, and then it was avoided it if it did not serve any useful purpose for the research. Now and then, one came across important personal sites with expert opinions and publications. In that circumstance, the site was evaluated for the qualifications (educational background, past writings and experience and institutional affiliation) of the writer where the work was signed. Where no qualification on the subject matter was indicated, the material was read with caution for information purposes only, without referring to it in the study. Sites that did not portray serious academic approach and lacked objectivity were disregarded altogether. – – – –

Authority o What are credentials of the author or web site? o Educational background o Past writing and experience o Institutional affiliation o Who is the publisher? o Is it possible to verify the contents and get in touch with the author? i.e. is email address provided? o Is the work signed by the author? Currency o Date of publication o Date of revision o Is the source current? Objectivity o Bias o Fact, opinion or propaganda o Is information provided as a public service? Usefulness o Is there a bibliography? o Does it provide new/add to/substantiate information at hand? o Is the material primary or secondary? o Audience o Is the work reviewed or referred? o Able to verify through traditional edited print or electronic sources o Are there errors which may affect accuracy or information?

Figure 1: Internet Sources Evaluation Criteria

35

See Critical Evaluation of Information Sources or But is it Credible? University of Oregon Libraries http://libweb.uoregon.edu/guides/findarticles/credibility.html. See also, Evaluating Web Sites: Criteria and Tools, Olin & Uris libraries, Cornell University http:// www.library.cornell.edu/olinuris/ref/research/webeval.html Last Accessed on 7 June 2005.

Introduction

Another disadvantage with the Internet as a research tool has to do with the currency (timeliness) of information. In the Internet, some information may be old and redundant, and there may be no indication of this. In traditional media, it is easy to determine the newness of the information by looking at the date of publication. On the Internet, most authors do not give the date of their publications. This problem was circumvented by critically evaluating the date of publication. On serious websites, the authors will indicate the date of publication. Web sites also carry a date indicating when a web site was last revised. Another method applied is to compare the source with other information at hand in order to find out whether the information offered is current. On a positive note, however, through Internet research one is able to keep current in a rapidly changing subject area. Without the Internet, it would have been nearly impossible to keep updated with the happenings in a fast developing area such as Schengen. It was always refreshing to open the Internet and get new information of a decision, policy paper or other aspects of Schengen. With that purpose, all the sites were bookmarked and frequent visits to the sites were made perhaps once a fortnight or more often as the case may have necessitated. Subscribing to e-mail updates where a site offered such subscription options to keep abreast with updates on a site of interest was another method for keeping alert. Yet another problem one is faced with is lack of stability and permanence on the Internet. Everything seems to be in a state of flux and web site addresses change frequently without leaving a forwarding link. In other cases, web sites disappear altogether. The approach adopted here is to read the material with the aim of finding its usefulness to this purpose. If it did not contain any useful information, it was discarded. Here again, one had to rely on official sites and not personal ones as most official sites have a habit of giving new addresses upon change. A habit was formed of printing out the material that was of interest and noting the date of access to the material. If it were decided to refer to the material in the study, the site was visited once again and if the material were still on the site, this later ending date was indicated as the date of access. These problems should not overshadow the major advantage of the Internet to a researcher: availability of information. For this research, it was the compelling aspect. Much source material was located through the Internet which otherwise would have been time-and-resource consuming. Some sites and databases need mentioning here as they positively contributed to the research by providing reliable and authoritative information. The order of mention, however, is not based on any criteria of importance. It is rather random in nature. – The Statewatch database served as a good place to frequent in order to keep updated with the goings-on in the EU, such as legislation, decisions, policies, meetings, conferences, etc.36 This resource was mainly used to keep update with what was happening. It served as a springboard for further search for official and primary documents mentioned. – Liv Glasser’s Schengen Selected Bibliography was also a destination regularly visited. She has managed to mitigate the lack of a Schengen index. The bibliography is updated frequently with Schengen-related work and it was important to check there 36 Statewatch http://www.statewatch.org/ Accessed on 12 December 2005.

19

20

Chapter 1

–

occasionally. It appears Norwegian in bias, but with a good deal of English titles and one or two French and German items.37 The bibliography contains books, legislations, articles and Council decisions. Most of the material is primary sources and academic in nature. Two of this author’s articles are included in the bibliography. Then there are the EU databases. The Europa database is good for everything related to European Union, especially official documents, treaties, legislation, decisions, policy papers by all EU institutions, research working papers, communications, etc.38 This database was used extensively for most EU official documents and working papers used in this work.

As regards the research problem, Justice and Home Affairs39 and Justice, Freedom and Security40 were invaluable for source documents such as the Schengen Acquis, Schengen Convention working papers, legislation and regulations. Many primary sources used in the study were taken from here. Human rights case law (HUDOC) database is the source mainly used for the European Court for Human Rights (ECtHR) case law analysed in Chapters 4, 8 and 10 of the study.41 After being with a subject for a number of years, like many other researchers, this author has developed a sense of serendipity. This is the faculty of finding good things that one is not really looking for, apparently by accident.42 Serendipity has not been only in creativity of ideas but also in locating of sources, especially as one searched on the Internet. It required remaining alert to the sudden appearance of relevant and authoritative material. Without being alert, the massive amount of information on the Internet could easily bury those rare sources. Serendipity was also important in finding right and useful search terms. Most of the best source material was discovered through accidental searches. One could also say that the research did benefit from trial and error searching. 1.5.1.3

Literature Choice and Limitations

Two factors have influenced the choice of literature used and analysed in this work: language and relevance. It goes without saying, that most of the literature focused on is written in the two languages this author understands namely English and Norwegian. Due to the similarities in Scandinavian languages, the research has also benefited from selected materials written in Danish and Swedish, although written Swedish is rather 37 Schengen en bibliografi – et utvalg http://www.ub.uib.no/avdeling/edc/schengen.htm, accessed on 12 December 2005. 38 Europa database http://europa.eu, accessed on 06 December 2007. 39 Justice and Home Affairs http://ue.eu.int/cms3_fo/showPage.asp?id=249&lang=en&mode= g, accessed on 12 December 2005. 40 Justice Freedom and Security. http://www.europa.eu/pol/justice/index_en.htm, accessed on 06 December 2007. 41 http://www.echr.coe.int/echr, accessed on 06 December 2007. 42 Hairston, M. C. (1992). p. 41.

Introduction

difficult to understand for a foreigner whose only knowledge of Scandinavian languages is Norwegian and therefore the range of material used in this language is small. But I must admit that for research on a European topic like Schengen knowledge of other principal European languages such as German and French would have been an added advantage. The two are particularly special in Schengen, because Germany and France were among the original Schengen countries and therefore early writings on Schengen are to be found in these languages. The history and practice of Schengen have undoubtedly been richly written about in these languages. English-speaking countries, the United Kingdom and Ireland opted to stay out of the Schengen co-operation43 and therefore interest in Schengen matters may not have been pitched, as if they were part of it. Norway and the rest of the Nordic countries started to actively participate in Schengen affairs in 1996 when they acquired observer status. The interest in Schengen matters in these countries is therefore also recent. That not withstanding, these countries have produced substantial materials in the form of travaux préparatoires during the process of ratification and incorporation of Schengen law at the national level. In the United Kingdom, where incorporation has not taken place, the House of Lords has nevertheless produced useful and insightful reports on Schengen matters during its European Communities Committee hearings. These materials have formed part of the basis of my analysis. Nevertheless, language limitations may have meant omission of rich and interesting materials, especially academic works and national legislation, written in German and French. As for the primary materials, such as Schengen legislation and the Schengen Acquis, most have been translated into English and the Scandinavian languages and were therefore accessible to the writer. Relevance to the problem statement of the study is another criteria actively applied in the selection of material and literature. The general relevance limitation criteria used are the Schengen police and border control co-operation. Although the study primarily deals with the Schengen Acquis, Schengen policies are geared to implement the wider EU border control acquis and policies.44 Consequently, material dealing with police and border control co-operation under the Schengen Acquis45 and EU Acquis are included as relevant. Concern for protection of personal information is given a prominent place in the Schengen Convention. As such, laws and legal literature on data protection are considered relevant. Data protection laws analysed are national laws (espe43 They later opted to join the Schengen Information System aspects of the co-operation. 44 See Chapter 2 where the idea of Schengen as an experiment outside the EU legal framework is discussed. 45 The Schengen Acquis as referred in Article 1 (2) of Council Decision 1999/435/EC of 20 May 1999, OJ 22.9.200; The Schengen Acquis is defined in the Treaty of Amsterdam. See Protocol integrating the Schengen Acquis into the framework of the European Union. The Schengen Acquis includes the Schengen Agreement signed on 14 June 1985; the Schengen Convention signed on 19 June 1990; the accession Protocols and Agreements to the 1985 Agreement and 1990 Convention with Italy, Spain, Portugal, Greece, Austria, Denmark, Finland and Sweden, with related Final Acts and declarations; and the Decisions and declarations adopted by the Executive Committee established by the 1990 Convention, as well as acts adopted for the implementation of the Convention by the organs upon which the Executive Committee has conferred decision making powers.

21

22

Chapter 1

cially Norwegian law), CoE Convention and Recommendation 15 (87) on protection of personal data in the police sector (these two have also been directly referred to in the Schengen Convention), the EU Directive and EU Regulation46 and Article 8 of the ECHR. These laws form the legal basis for the protection of personal data in general and in the police and border control sector in particular. Legal literature in the protection of personal data has relevance from a theoretical perspective, especially literature on Norwegian data protection interest theory, which will be discussed later. Human rights laws, the European Convention for Human Rights (ECHR), International Covenant on Civil and Political Rights (ICCPR), and the European Union Charter for Fundamental Rights and human rights legal literature are considered relevant too. They and have been actively used in the analysis as a tool of evaluation. ECtHR case law, especially, Article 8 cases, was also analysed extensively. Cases relevant to protection of personal data and surveillance have been analysed. Cases dealing with immigration, though relevant were not analysed as they have been analysed by other writers. Other non-academic written materials have been regarded as relevant because of their informative value and critical approach to issues relevant to the subject of the study. These are materials by human rights activists, advocates and organisations. They have been selected because of their factual, informative and persuasive value as they are not authoritative. 1.5.1.4 Empirical Studies This study has also benefited from three empirical research works. The first is on the Schengen Information System and other border information systems (Part III). The second is the study of changes in borders and control techniques (Part IV). The third is an analysis of ECtHR Article 8 case law (Part II). The study on SIS and other border control information systems entails interviews and analyses of legal instruments establishing the systems and academic works describing the systems. The interviews were with national officials responsible for the operation and day-to-day running of the SIS and SIRENE (Supplementary Information Request at the National Entries). At first, it was intended to carry out interviews in two Schengen countries: Norway and a second country. Norway was chosen because it is where the author resides and Norwegian law is used as a reference on national law. Attempts to organise interviews with Norwegian SIS authorities failed. After contacting the then Kriminalpolitisentralen (Kripos), they declined because according to them, authorisation was necessary from the Ministry of Justice and Police, which has responsibility for Schengen. A request for an interview, however, was not answered by the Ministry. The second country of choice was Austria. The reason for choosing Austria was both practical and strategic. Practical because Professor Erich Schweighofer of University of

46 Regulation (EC) No 45/2001 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by the Community Institutions and Bodies and on the Free Movement of such Data.

Introduction

Vienna offered to organise the interviews and contact Austrian authorities.47 The strategic reason is that Austria, unlike Norway, commenced the use of SIS in 1997 and therefore it was interesting to learn from their experience. Apart from interviews, there was interest in first hand experience of the use of SIS at the Schengen land external border. Austria was ideal for this as it shares borders with a number of non-Schengen countries: Czech Republic, Slovakia, Hungary, Slovenia, Switzerland and Liechtenstein. The author chose to cross the Austrian borders through Hungary and Slovakia and wrote a report on that experience.48 The interviews were carried out in Vienna between 26 February and 8 March 2001. The persons interviewed were from the Austrian Data Protection Commission (DPC) and the Ministry of the Interior. From the DPC, the deputy data protection commissioner was interviewed, and from the Federal Ministry of Interior, five persons were interviewed in total: the head of the National Schengen Information System (NSIS) and Data Processing Unit, the technical representative to the Schengen Council, a senior officer in the Department of Immigrations, the director of the Austrian SIRENE, the co-ordinator for data protection, law and order and, finally, person responsible for legal, organisation and financial questions in the Data Processing Unit and a national legal representative to the Schengen Council. The interviews were informal and semi-structured. The interviewees were sent a similar list of general questions in advance, to prepare and orient themselves before the interviews (see Appendix). As it was not possible to substantiate the information collected through independent sources, given sometimes the sensitive nature of the system itself, a standard list of questions was used for cross-checking and verification purposes. Consequently, it was easier to substantiate information received during an earlier interview with that of a later one. Another advantage of using general questions was to encourage interaction with the interviewees. The objective was to give them leeway to express themselves freely and in-depth. During the interviews, the general questions were supplemented with more specific oral questions posed by the interviewer. These questions were aimed at eliciting further information, in particular information relevant to the role of the specific department under interview. The general questions covered a range of issues such as Schengen legislation and documentation, functioning of SIS and SIRENE, data quality and security, data modelling, the role of SIS in the Schengen co-operation, the relationship between SIS and other cross-border systems. Following each interview session, the interviewer documented the interview as a written report, from notes taken during the interview. Later, the written reports were sent to the interviewees for verification and comment. In some cases, additional verification questions accompanied the reports. Out of a total of five reports sent, response was received on three documents with clarification and additional comments. In general, the interviewees were informative, open and candid in

47 The author is highly indebted to Professor Erich Schweighofer for the success of the interviews. 48 Karanja, S. K. (2001b).

23

24

Chapter 1

their responses. The findings were published in an article.49 The findings have also been used in the discussion and analysis of the SIS in chapter 7. The study of changes in control techniques and places of control is based on analysis of the Schengen and EU legal instruments, national laws and practices. The method employed is discussed in the chapters dealing with the topics. For the control techniques the method is described in Chapter 10 and for the control places in Chapter 11. Finally, Article 8 ECHR case law is analysed with a view to finding criteria for evaluation of Schengen. The methodology employed was first to locate the case material. Here, Internet sources were relied upon exclusively. The source used is the ECtHR Internet database HUDOC (Human Rights Documents).50 The method employed is commented on fully in 4.1. 1.5.2

Legal Methods

1.5.2.1

Sources of Law

What does the term ‘sources of law’ mean? Ian Brownlie says that the term refers to both formal sources and material sources. The formal sources are those legal procedures and methods for the creation of rules of general application which are legally binding on the addressees. The material sources provide evidence of the existence of rules which, when proved, have the statuses of legally binding rules of general application.51 The difference between the two is not easy to see as Torvund observes.52 If one were to try to explain the difference, however, the best way would be to draw from examples. Formal legal sources would refer to the machinery of law-making. Under municipal law, this would be constitutional law making. Documents that are a result of constitutional law-making would be formal sources; a place where the law can be found. Formal law sources are also authoritative in nature and some are binding in nature. That is, one cannot disregard formal legal sources in legal argumentation. Law texts, case law (court and tribunal decisions), preparatory works (where these are found) and international law (treaties, conventions, covenants and agreement) are formal sources of law. Material sources of law are not law in themselves. They serve as evidence of law and aid in interpretation of law. They are not authoritative but are persuasive. Material sources cannot by themselves be decisive in a case as they are not binding. But they can be given greater weight where the law is not clear. Under these categories fall the writings of publicists, considerations of fairness and general principles of law.

49 Karanja, S. K. (2002). 50 HUDOC (Human Rights Documents) is a powerful user-friendly information system, which provides access to the case-law of the European Court of Human Rights, the European Commission of Human Rights and the Committee of Ministers. The judgments, decisions, resolutions and reports of these bodies are held in a database and can be consulted via a sophisticated search mechanism. 51 Brownlie, I. (1990). p. 1; See also Torvund, O. (1996). p. 210. 52 Torvund, O. ibid.

Introduction

What comprises sources of law is not agreed and different scholars emphasise different aspects.53 Consequently, there may not be an agreed categorisation of legal sources. What is not controversial though is that some sources of law command greater weight and cannot be ignored. These sources are written law (constitutions, statutes, treaties, conventions, etc), preparatory works, judicial decisions54 and unwritten customary law. A practical list of sources, however, can be drawn. For the purpose here, a traditional list of sources will be used that includes the most important sources to enable presentation of a comprehensive picture of Schengen and EU legal sources. The objective is not to present an exhaustive legal discussion of sources of law but to demonstrate the importance of different sources and the role they play or they might play in the future in relation to Schengen law. The categories used here have, therefore, the practical purpose of presenting a picture of sources of law in Schengen law and how that picture may or may not have been affected by the incorporation of the Schengen Acquis into the EU law. The weight a particular source of law may be given by the courts when it comes to the interpretation of Schengen law is also speculated on here. At present, one can only speculate because Court decisions on Schengen law are scarce. Most decisions are found at the national level where national courts have had the opportunity to address the issues. Not all Schengen member countries’ national courts, however, have had the occasion to address such issues. The difference in member states is wide with some member states courts having addressed quite a number of cases and other member states having no cases at all.55 The jurisprudence established by national courts, however, has little value outside the national jurisdiction as no national courts can give instructions to foreign judicial authorities.56 Perhaps a uniform interpretation of Schengen law may start to emerge only when the ECJ and ECtHR start receiving references and appeals from the national courts.57

53 See, Eckhoff, T.(1997). p. 23; Fleischer, C. A. (1995). p. 64-69; Doublet, D. & Bernt, J. F.( 1992). p. 60. 54 Torvund, O. (1996). p. 212 55 The tendency is that the original countries of Schengen, Germany, France and the Benelux countries, have reached decisions in a number of cases involving Schengen issues. This is more because they have been in Schengen for a longer period than other countries. Countries that have recently begun to implement the Schengen, have very few or no cases at all. In this category are all other Schengen countries, but the original Schengen countries. 56 In France, in the case of a Romanian national, Mrs Forabosco, the court criticised the registration practice in Germany where the authorities registered information about persons whose asylum application had been rejected. The French court asserted that such practice contradicts Article 96 of the Schengen Convention. This decision, however, was of importance in the French jurisdiction only because the court could not purport to instruct the German court. 57 The first case on Schengen matters to reach the ECJ is the case of Hüsyin Gözütok and Klaus Brügge, judgment of 11 February 2003 in Joined cases C-187/01a. C-385/01. The Court interpreted the ne bis in idem principle under Article 54 of the Schengen Convention in manner that suggests harmonisation of Contracting Parties national laws.

25

26

Chapter 1

1.5.2.2

The Schengen Legal sources

Schengen as a legal body is of recent origin. The legal origin of the Schengen co-operation is the intergovernmental Schengen Agreement of 1985. The agreement’s aim was the gradual abolition of checks at the common borders of the Schengen Contracting Parties.58 But it is the Schengen Convention of 1990, which completely abolished checks and controls at the internal borders of the Schengen countries59 and transferred them to the external borders60. This Convention is accordingly referred to as the implementing instrument of the Schengen Agreement of 1985. Later, it was necessary to incorporate Schengen into the EU legal system.61 The Treaty of Amsterdam, signed by EU Member States in 1997, accomplished the incorporation. Before the incorporation of Schengen into the EU legal system, however, it was necessary to define the Schengen Acquis. With incorporation into the EU legal system, the Schengen legal body has undergone significant changes. As stated in Article 1 of the Protocol incorporating the Schengen Acquis into the EU, the Schengen co-operation shall be conducted within the institutional and legal framework of the European Union and with respect for the relevant provisions of the Treaty on European Union and of the Treaty establishing the European Community. The import of this Article is that the Schengen Acquis became part of the EU law. The following section identifies the legal sources of Schengen. The aim is to determine de lege lata and de lege ferenda in Schengen law. The Schengen Acquis, the legal documents forming the Schengen body of rules and regulations, is defined in the Schengen Protocol of the Amsterdam Treaty62 as: – The Agreement, signed in Schengen on 14 June 1985, between the Governments of the States of the Benelux Economic Union, the Federal Republic of Germany and the French Republic on the gradual abolition of checks at their common borders. – The Convention, signed in Schengen on 19 June 1990, between the Kingdom of Belgium, the Federal Republic of Germany, the French Republic, the Grand Duchy of Luxembourg and the Kingdom of the Netherlands, implementing the Agreement on the gradual abolition of checks at their common borders, signed in Schengen on 14 June 1985, with the related Final Act and common declarations. – The Accession Protocols and Agreements to the 1985 Agreement and the 1990 Implementation Convention with Italy (signed in Paris on 27 November 1990), Spain and Portugal (signed in Bonn on 25 June 1991), Greece (signed in Madrid on 6 November 1992) Austria (signed in Brussels on 28 April 1995) and Denmark, Finland and Sweden (signed in Luxembourg on 19 December 1996), with related Final Acts and declarations. 58 59 60 61 62

Art. 17 of the Schengen Agreement 1985. Article 2 of the Schengen Convention 1990. The Schengen Convention chapter II, Articles 3-8. See Chapter 2 below. Protocol integrating the Schengen Acquis into the framework of the European Union. B. Protocols annexed to the Treaty on European Union and to the Treaty establishing the European Community.

Introduction

–

Decisions and declarations adopted by the Executive Committee established by the 1990 Implementation Convention, as well as acts adopted for the implementation of the Convention by the organs upon which the Executive Committee has conferred decision-making powers.

The list of documents comprising the Schengen Acquis is long and contains documents covering all aspects of the Schengen Agreement. Some of the documents, however, were classified as “confidential” in whole or part and they could not be released to the public.63 This reduced their effectiveness as sources as they could not be consulted. Some of these documents have now, however, been wholly or partially declassified and can be consulted.64 The Schengen Agreement of 1985 and the Schengen Convention of 1990 form the legal basis of the Schengen co-operation. Article 132 of the Convention empowers the Executive Committee to issue rules and decision in accordance with the provisions of the Convention. These rules and decisions, and where necessary the accompanying handbooks and the like, form the so-called secondary regulations of the Schengen Acquis. In some cases the Central Committee delegated powers to other organs, e.g. the Executive Committee, to make decisions. The acts of these organs also formed part of the secondary regulations. The objective of the secondary regulations is to give effect to the provisions of the Convention and the co-operation. The first years of the Schengen co-operation were the formative stage, and many secondary regulations were formulated and issued then. Today, these form the bulk of the Schengen secondary regulations because those enacted in the latter years did not in any fundamental way, develop new regulations. They either re-enforced the existing regulations or repealed them. The Schengen co-operation has had no tradition of replacing the redundant or repealed rules, such that there were then many regulations that were obsolete. It follows that after Schengen was incorporated into the EU, clean-up work was necessary to sort out the obsolete regulations. A large amount of secondary regulations were developed in areas concerned with external border controls and visa co-operation. The then Executive Committee (now 63 House of Lords – European Communities – 31st Report : According to the report, “under the Schengen system, a decision is classified confidential at the time of its adoption if any one State objects to its publication. One of the earliest decisions of the Executive Committee (deposited in the Library of this House) establishes three grounds on which certain documents must be kept confidential, ‘irrespective of the various national judicial rules’. These are that (i) publication would be ‘counter to the objectives pursued’; (ii) documents contain ‘personalised data or a description of administrative procedures that should not be disclosed’; or (ii) documents include ‘elements pertaining to production procedures or even the security of external relations’. None of these grounds is judicially reviewable. The decision then lists the following documents which must be kept confidential: a number of annexes to the Common Consular Instructions on Visas, the list of countries subject to visa requirements, the Common Manual, the SIRENE manual, and three documents on narcotic drugs relating to external border controls, controlled deliveries and illicit export of drugs. There may be others of which we are not yet aware”. 64 See below chapter 7.

27

28

Chapter 1

Council), among others, issued rules in the form of a handbook in visa control and cooperation matters. Procedural, administrative and budget rules also formed a large part of the secondary regulations issued by the Executive Committee. Upon incorporation into the EU, most of these rules became part of the EU legal body. Countries that join the co-operation later must accept the Schengen Acquis as it is at the time of joining. They do this through accession protocols and agreements (e.g. the agreement between Norway, Iceland and EU countries). Accession Protocols and agreements to the Schengen Agreement and Convention by the countries which have later joined the Schengen co-operation since its inception in 1985, together with related Final Acts and declarations also form part of the Schengen Acquis as stated above. 1.5.2.3

The Schengen and EU Legal Sources

After incorporation of Schengen into EU legal framework, Schengen law has become part and parcel of EU law, the EU legal source henceforth plays a significant role in determining the applicable Schengen law. It is therefore necessary in this section to examine the position of Schengen law under EU legal sources. Since not all Schengen countries are members of EU, however, the effects of incorporation on them will be examined. The discussion in this section also lays foundation for the treatment of the questions of de lege lata and de lege ferenda to be discussed later. The main sources of Schengen law, as discussed above, are the founding Schengen Agreement of 1985 and the Schengen Convention of 1990. The latter is the more important of the two. The Agreement was not incorporated into EU law as it was considered obsolete after the enactment Schengen Convention.65 The Schengen Convention as an international treaty has an international character and creates international obligation to the Contracting Parties upon incorporation to national law. As a source of law, according to Article 38 (1) of the Statutes of the International Court of Justice, it is at the top of the hierarchy of sources. For Norway, Iceland and Denmark, acceptance of the decisions of the EU Council in matters relating to Schengen (Title IV) creates an international obligation which is dealt with from an international law perspective. Consequently, the Schengen Convention as an international law instrument is a very important source of law, even after its incorporation into EU law. Incorporation of the Schengen Acquis into EU law meant that, as regards EU Member States who are members of the Schengen co-operation, Schengen law ceased to be international law proper and becomes part and parcel of the EU law. EU law and not Schengen law, governs the obligations of these Member States. For them, EU law became the source of Schengen law. The founding Treaties66 of the European Community are considered as the primary sources of EU law. They form the basis not only of the 65 See, St prp nr 50 and the House of Lords – European Communities – 31st Report. Supra. 66 The founding Treaties are the three Treaties: The Treaty of the European Coal and Steel Community (ECSC), 1951; the European Economic Community (EEC), 1957; the European Atomic Energy Community (Euratom), 1957; with the various annexes and protocols attached to them, and their later additions and amendments by the Single European Act (SEA), 1987; the Treaty of European Union, (TEU), 1993; and the Amsterdam Treaty, 1997.

Introduction

EU institutions but the powers which can be exercised by those institutions and the procedures under which they must operate. Since the Schengen Acquis was incorporated into the Treaty Establishing the European Community (First Pillar) and the Treaty of European Union (Third Pillar), the two, together with the Amsterdam Treaty, which incorporated the Schengen Acquis into the EU, essentially replaced the Schengen Convention as the Schengen primary sources. From the forgoing discussion, it is evident that the Schengen co-operation is governed by two legal regimes: First, the International regime that applies to Norway, Iceland and Denmark, and second, the EU regime that applies to EU Member States who are Schengen members. The dual legal system may be expected to raise practical problems of interpretation. The three do not accept jurisdiction of the ECJ and consequently their national decisions will be final on the Schengen issues. A difference of interpretation can therefore arise in these countries. Further, it can also arise as regards the EU Member States who are governed by the EU law. Under the Schengen legal system, decisions and rules made by the Executive Committee in accordance with the provisions of the Convention are part of Schengen legal sources. In some cases, the Central Committee delegates decisions-making powers to other organs. Their decisions also form part of the secondary regulations. Upon incorporation into EU law, decisions of the Executive Committee became part of the EU law. The EU Council replaced the Executive Committee and the decisions of the Council became Schengen secondary regulations. The secondary regulations of the EU, as listed in Article 189 of the EC Treaty, which also form part of Schengen law where they touch on matters of Schengen co-operation, are regulations, directives, decisions, opinions and recommendations. The last two, even though mentioned, are not legally binding. These regulations are part of the secondary sources of Schengen law. As noted earlier, the Schengen system had no procedure of replacing repealed and obsolete regulations. Incorporation into EU was an advantage because these regulations were abandoned. Only the current regulations were incorporated into EU system. Preparatory works are important points of reference in interpretation of written law.67 They must, however, be public, readily accessible and informative to be of any use. In the case of Schengen co-operation, where negotiations were secret and still some important documents remained confidential, preparatory works can only play a moderate role as a source of law, if any at all. Where available, they are scanty and not informative due to the secret nature of the negotiations and sensitivity of the contents as they are considered security documents. Further, the Schengen legal system lacked a common judicial institution for interpreting the Schengen provisions. Consequently, preparatory works have not been an important source of law and judicial point of reference. Under the EU law, preparatory works play no significant role either, especially in the interpretation of treaties. As regards the treaties, preparatory works are either not readily accessible or not informative. As regards the EU secondary regulations (regulations and directives), however, they are accessible and informative. But the European Court of Justice has not given significant value to them.68 Even with the incorporation of the 67 Article 32 of Vienna Convention on the Law of Treaties. 68 Arnesen, F. (1992). P. 13.

29

30

Chapter 1

Schengen Acquis into EU law, according to the practice of the ECJ, preparatory works, it seems, will continue to play a moderate role as a source of law as the Court may give these documents little consideration. On the national level, the situation may be different, especially where there is a tradition of generating preparatory works before the incorporation of international treaties into national law. The documents so created can be an important source of Schengen law for the courts at the national level. In Norway (and perhaps Iceland), a number of documents have been generated.69 Most of them deal with the association agreements between Norway and Iceland and the EU member countries of Schengen. In Norway, preparatory works are an important source of law and these documents can be envisaged to play an important role as sources of Schengen law. As regards the national law of the Contracting Parties, the question here is to what extent is national law a source of Schengen law? This question is only important if there is a common international court interpreting the Schengen provisions. Although Schengen law is an international law, upon incorporation into the national legal system, it becomes part of the national law. In this respect, it is an important source of national law. Due to the initial lack of a common international judicial authority, however, the national law has not contributed as a source of law. Before incorporation into EU law, Schengen did not have a common judicial authority which could receive appeals or applications from the national level. The highest court at the national level was the final court. The effect of this is that national decisions had consequences for the national development of Schengen law only. Their experience and wisdom could not be tapped for the benefit of all countries and development of a common interpretation of Schengen law because of lack of a common judicial authority.70 With the European Court of Justice acquiring limited jurisdiction in Schengen co-operation matters, however, national law will have significance in the development of Schengen law as the decisions of ECJ will offer a common interpretation of the law. As noted earlier, the analysis of national law is beyond the scope of this study. With Schengen law as a part of EU law, however, the picture is different. EU law is a separate legal system from the national law of Member States. Nevertheless, the two legal orders are interlocked and mutually dependent on one another. It is not uncommon for the ECJ to seek inspiration and arguments from the national law of Member States to resolve EU issues. This is the case, especially in areas of human rights and rule of law. The Court will not ignore, as a matter of principle, the national practice in these matters. The national decisions provide indirect evidence of the state of the forum on 69 St prp nr 42 (1996-97) Om samtykke til ratifikasjon av samarbeidsavtale av 19 desember 1996 mellom partene I Schengenavtalen og Schengenkonvensjonen, og Island og Norge om avskaffelse av personkontroll på de felles grenser; St prp nr 50 (1998-99) om samtykke til inngåelse av en avtale mellom Rådet for Den europeiske union og Republikken Island og Kongeriket Norge om de sistnevnte statenes tilknytning til gjennomføringen, anvendelsen og videreutviklingen av Schengen-regelverket; Ot prp nr 56 (1998-99) Om lov om Schengen informasjonssystem (SIS) og lov endringer I utlendingsloven og I enkelte andre lover som følge av Schengensamarbeidet. 70 See the comment of the French Court in the case of Mrs Forabosco (see 8.3.2.2.).

Introduction

the question involved. The reason for this being that the EU law had no code of fundamental rights71 and therefore the national practice was important as it enforces national codes or constitutional rights. The earlier development of fundamental principles in the EU system was highly influenced by national practices, which challenged the lack of human rights sensitivity by the former.72 The Schengen Convention does not make reference to human rights at all. Although it makes reference to a dozen international instruments, it does not refer to the European Convention for Human Rights. It follows, therefore, that the national practices on human rights are important in protecting individual rights under the Schengen system. Incorporation into the EU legal system could improve this aspect of Schengen law because the ECJ will complement the lack of human rights concern under the Schengen system.73 In addition, the human rights position in the EU has been strengthened with the adoption of the Charter of Fundamental Rights of European Union.74 International law is also regarded as source of law. Schengen is an agreement in international law75 and creates international obligations for and rights of Contracting Parties. As noted above, it makes reference to a number of international treaties thereby recognising obligations and rights created by them. It aims explicitly to supplement and facilitate them in relation to policing, immigration, customs and judicial co-operation.76 Due to this relationship to international law, it would not be off the mark to suggest that international law plays an important role as a source of law in the Schengen system. The incorporation of the Schengen Acquis into EU law was meant to accomplish what could not be accomplished under the EU system – free movement of persons.77 The legal basis of Schengen is EC law, especially Articles 14 (on internal market) and 18 (on free movement of persons) of the Treaty establishing the European Community. Further, although strictly EU law is not an international law, international law has a place in the EU law. The Council, according to the Treaty of Rome, has power to enter into international agreements on behalf of the Union. Such agreements include, Association agreements under Article 238 Treaty of establishing the EC, cooperation agreements and the European Economic Area (EEA), and of course, now the Schengen co-opera71 This has changed since the adoption of the Charter of Fundamental Rights of the European Union (2000/C 364/01). The legal effect of the Charter, however, is not clear yet. 72 See Craig, Paul & Gráinne de Búrca (1996) p. 283-286, for thorough discussion of fundamental principles. See also Case 11/70 internationale Handelsgesellschaft [1970] ECR 1125. In this case, the Court relied on laws common to most European States. It Stated “that fundamental rights form an integral part of general principles of law, the observation of which it ensures; that in safeguarding those rights, the Court is bound to draw inspiration from constitutional traditions common to Member States”. 73 Under Title IV of the EC Treaty and Title VI of the TEU, the ECJ has jurisdiction to receive references from national courts of Member States. In disposing of the reference issue of human rights that may arise could be addressed also. 74 OJ 2000/C 364/1. 75 Baldwin-Edwards, M. & Hebenton, B. (1994). 76 Ibid. 77 See chapter 2.

31

32

Chapter 1

tion agreements with Norway and Iceland. In addition, there are agreements entered into by Member States representatives in the Council. Further, general obligations in international law play an important role in the decisions of the Court, for instance, the obligations under the United Nations Declaration for Human Rights and European Convention for Human Rights. Although customary law plays an important role in international law78 and in specific situations in national law, it may not be a very important source of law in the Schengen system. Firstly, the reason for this is that the Schengen co-operation is regulated by written law, the Schengen Convention, and decisions of the Executive Committee. Secondly, the Schengen legal system is relatively new and customary law has not had time to develop yet. Perhaps in the future, when it has had time to develop and evolve, or if one takes Schengen law from purely international perspectives, customary law will play a role as a source of law in some specific relations. Even after incorporation of the Schengen Acquis into EU law, customary law plays no significant role because international custom does not play a vital role in EU law for similar reasons as stated above.79 One cannot, however, overlook the fact that some relationships between EU institutions can be seen as regulated by customary law.80 Courts decisions, especially decisions of the highest courts, are sources of law, and are given great weight. Courts decisions as a source of law, however, have not yet played a significant role in the Schengen legal system because there has not been a common international court with jurisdiction to interpret the Schengen Convention. The Schengen co-operation, having started as an intergovernmental co-operation, did not allocate judicial decision-making to a supranational body. The Executive Committee, which was the overall organ in the Schengen co-operation, had decision-making powers but it is difficult to say if they involve judicial decision-making authority. It concentrated on decision-making aimed at further developing the Schengen legal rules. That notwithstanding, court decisions may be a source of law at the national level, where the national courts of Contracting Parties exercise jurisdiction over Schengen issues, but without an international court to harmonise the national court practices, these decisions can command national significance only. With the incorporation of the Schengen Acquis into EU law, courts decisions became an important source of law of the Schengen system. One advantage of incorporation is that the European Court of Justice acquired judicial control that was lacking in the Schengen system for the EU members of Schengen, with the exception of Denmark. The Court’s decisions play an important role as sources of EU law today as the Court often expresses itself with reference to its earlier decisions. Earlier decisions of the Court, however, are not binding on the Court in later cases. Within the EU, the ECJ provides definitive and authoritative decisions on points of EU law that are followed by the courts of Member States. Even for Norway and Iceland, associates members of Schengen, the decisions of the ECJ will be important, despite the fact that the two are not bound by the jurisdiction of the Court and its decisions. According to the Co-operation Agreement 78 Article 38 (1) (b) of The Statutes of the International Court of Justice. 79 See also Arnesen, F. (1992). P. 13-14. 80 Ibid.

Introduction

between them and EU Member States who are also members of Schengen co-operation, the Joint Organ will endeavour to ensure that there is a common interpretation of Schengen law in these countries.81 The Joint Organ can act as a harmonising institution. Further, due to the weight the decisions of the Court have in the majority of Schengen States, it would be difficult to ignore them. Court decisions will undoubtedly be an important source of Schengen law, especially in the area of human rights, which is not regulated by the Schengen Convention. Although EU law did not have a codified law on fundamental rights, the protection of fundamental rights is one of the basic tenets of EU law.82 Various EU treaties have provisions directly stating that fundamental rights are to be respected.83 Consequently, the Court has relied on these provisions and continues to apply fundamental rights principles developed in its case law over the years. The European Court of Justice (ECJ) recognised the existence of fundamental rights at Community level at an early stage, and has steadily extended them.84 Tribunal decisions may also be regarded as sources of law. The decisions of the Executive Committee, as already pointed out, are secondary regulations, which are important sources of Schengen law. The Joint Supervisory Authority, as established by the Schengen Convention,85 may reach decisions that are not binding on the Contracting Parties. Although the decisions may not be important as a source of law, they may lay down common principles to be followed by Contracting Parties that are vital in development of the law. At the national level, authorities such as the National Supervisory 81 Article 11 of the Co-operation Agreement. 82 See Stauder v. Ulm [1969] ECR 419. Since 1969, the Court has held that fundamental rights are “enshrined in the general principles of Community law and protected by the Court; See also Internationale Handelsgeselle, note 73, supra. 83 TEU – Art. 6(F.2) which commits the EU to respect fundamental rights, as guaranteed by the European Convention for the Protection of Human Rights and Fundamental Freedoms and as they result from the constitutional traditions common to the Member States as general principles of Community law. 2. The Union shall respect fundamental rights, as guaranteed by the European Convention for the Protection of Human Rights and Fundamental Article 11(1)(J.1(1)), fifth indent: to develop and consolidate democracy and the rule of law, and respect for human rights and fundamental freedoms; Art. K.2(1) TEU: 1. The matters referred to in Article K.1 shall be dealt with in compliance with the European Convention for the Protection of Human Rights and Fundamental Freedoms of 4 November 1950, and the Convention relating to the Status of Refugees of 28 July 1951, and having regard to the protection afforded by Member States to persons persecuted on political grounds; Art. 177(1) and (2) (130u) EC Treaty: Community policy in this area shall contribute to the general objective of developing and consolidating democracy and the rule of law, and to that of respecting human rights and fundamental freedoms; SEA in its preamble, refers to the European Convention.: DETERMINED to work together to promote democracy on the basis of the fundamental rights recognised in the constitutions and laws of the Member States, in the Convention for the Protection of Human Rights and Fundamental Freedoms and the European Social Charter, notably freedom, equality and social justice. 84 See Case Internationale Handelsgeselle, note 73, supra. 85 Article 114(1) of the Schengen Convention.

33

34

Chapter 1

Authorities may reach decisions that also may not be crucial as legal sources for courts, but may be significant for other interested persons. At the EU level, the Council will play an important role as the initiator of legislation and other decisions, which are vital sources of law. The Commission has also a range of administrative duties that can be compared with administrative bodies at the national level. The tasks involve making a range of decisions, which are important as sources of law. It can also be mentioned that the EU Council and Parliament play vital role which has importance for the development of the law. The Joint Organ in the co-operation between Norway and Iceland and the EU can be an important source of law for Norway and Iceland. In international law writings of publicists are regarded as evidence of the law. The Statutes of the International Court of Justice include, among the ‘subsidiary means for the determination of rules of law’, the teaching of the most highly qualified publicists of the various nations or in French text, ‘la doctrine’.86 Legal literature under the Schengen legal system is still at the developmental stage, and due to the earlier lack of a common court at the initial stage, legal literature has not played a significant role as evidence of law. The incorporation of the Schengen Acquis into the EU law may change this. Although the ECJ rarely refers to legal writings of publicists as a source of law, it does not always mean that legal theory has no significance as a source of law. A General Advocate, in his arguments to the Court, normally is inspired by the legal writings of publicists. And as Arnesen notes, the judges relatively often are former legal professors themselves.87 Considerations of fairness and general principles of law are also considered as sources of law. International law allows for the sake of justice consideration of other factors that are not part of law. Article 38(2) of the Statutes of the International Court of Justice, permits “the Court to decide a case ex aequo et bono, if the parties agree thereto”. That is, the Court can render judgment based on considerations of fairness, and not on considerations of existing laws only. The practice, both national and international, is that where the law does not give a solution to the issue at hand, the courts may result to considerations of fairness to arrive at a just solution. The term here is used in many senses. It may mean the application of principles of equity, reasonableness, and other legitimate interests, political and moral considerations. In a situation where no common court existed such as in the earlier Schengen system, it was difficult to determine what role considerations of fairness can play. Upon incorporation into EU law, however, the considerations of fairness are important. The ECJ application of general principles of law is in a sense the application of considerations of fairness. “General principles of law are rules reflecting the elementary concepts of law and justice that must be respected within the EU legal system. They allow gaps left by written laws to be filled and questions of the interpretation of existing law to be settled in the fairest way”.88 The principles of law thus far formulated by the Court include 86 See Brownlie, I. (1990) p. 24. 87 Arnesen, F. (1992). p. 17. 88 Borchardt, K. D. (1994) p. 42.

Introduction

principles of fundamental rights,89 proportionality,90 legitimate expectations,91 ne bis in idem (rule against double jeopardy), non-discrimination92 and procedural rights such as the right to a hearing93 and the right to due process.94 1.5.3

De lege lata and de lege ferenda

After going through the sources of law in Schengen and EU law that will be relevant to this study, attention now turns to the question of de lege lata and de lege ferenda. The purpose of legal methods is to establish the valid law. It should enable one with certainty to say what the law is (de lege lata). But what the law is can be an illusive phenomenon. As Torvund points out, the applicable law is not something objectively measurable; it is in fact what is accepted in legal life.95 What may be called de lege lata in any field of law may be established in two ways. Firstly, a conservative assessment of relevant sources of law may assist in determining a minimum core of a principle, which may likely be accepted by judicial bodies as de lege lata. Secondly, explicit or implicit

89 See cases mentioned above note 73, Internationale Handelsgesellschaft and Staunder v. Ulm. 90 See Internationale Handelsgesellschaft “a public authority may not impose obligation on a citizen except to the extent to which they are strictly necessary in the public interest to attain the purpose of the measure”; see also Case 114/76 Bela-Muhle Josef Bergman v. GrowsFarm(the Skimmed-Milk Powder case) [1977] ECR 1211, the Court held that a scheme whereby producers of animal feed were forced to use skimmed milk in their product, in order to reduce a surplus, rather than soya, was unlawful because, inter alia, skimmed milk was three times more expensive than soya: the obligation to purchase the milk, therefore, imposed a disproportionate burden on the animal feed producers. 91 See case 78/74 Deuka v. EVGF [1975] and Commission v. Council[1973]. 92 See Case 20/71 [1972] ECR 345, which illustrates how the principle of Non-discrimination or Equality, applies to discrimination between the sexes. In the Case of Prais v. Council Case 130/75 [1976] ECR 1589, the court went further and held that the principle also covered discrimination on the basis of religion. 93 See Case 17/74 Transocean Marine Paint v. Commission [1974] ECR 1063, where the Court after a survey of administrative law of several the Member States by the Advocate General, recognised “the general rule that a person whose interests are perceptibly affected by a decision taken by a public authority, must be given the opportunity to make his point of view known”. 94 See Case 222/84, Johnston v. Chief Constable of the Royal Ulster Constabulary [1986] ECR 1651, the applicant claimed that she had been subject to sex discrimination by her employer, contrary to Directive 76/207. The Secretary of State issued a certificate certifying that the action was done for the purpose of safeguarding national security and protecting public safety and public order. The Court held that such a provision was contrary to requirement stipulated by the Directive Article 6 which provides that those who consider themselves wronged by discrimination must be able to pursue their claim by judicial process, to challenge the compatibility of this certificate with the Directive. 95 Torvund, O. (1996) p. 208.

35

36

Chapter 1

court or other judicial body decisions to the effect that some principles are now firmly established as law.96 From the foregoing analysis of the Schengen and EU legal sources, it may not be easy to determine the valid law in Schengen because of lack of court and judicial decisions to that effect. The ECJ only acquired jurisdiction over Schengen matters recently and therefore it has not had occasion to address many cases. The ECtHR has also not been able to determine Schengen issues as it takes a long time for cases to meander through and exhaust local remedies before an application can be made to the European Court. But, also as briefly noted, there is a dearth of legal and judicial decisions at the national level of Schengen Member States. Even where the local courts have addressed such issues, the decisions are of national significance only because no foreign court can instruct other foreign courts. The lack of court and judicial decisions does not affect the Schengen field only. The data protection field, which is the interest of this study, equally lacks in court and judicial decisions. The resolution of data protection problems has been left to quasi-judicial bodies, which has led Bygrave to decry, “Where have all judges gone?”97 Fortunately, the legal basis for data protection law can be traced to human rights law. In Europe, Article 8 of the ECHR is regarded as the legal basis for data protection. Since the ECtHR has addressed numerous cases with significance to data protection issues, the case law decisions will be used in an attempt to determine de lege lata in Schengen law.98 On the other hand, through assessment of relevant legal sources, it is possible to determine a minimum core of principles, which are likely to be acceptable by judicial bodies as de lege lata. From this perspective, and because of the near lack of judicial decisions, it will remain difficult to distinguish between de lege lata and de lege ferenda (what the law should be) in the field of Schengen and border control. These difficulties, however, will not limit the analysis, nor will any assumptions be made as to what the law ought to be. The study is therefore, to a large extent a de lege ferenda work. Issues of de lege ferenda will be dealt with fully in the recommendations chapter of this study. It must be added that although this study will be as objective as possible, the presentation here is not value and judgment free. The author’s personal background as an outsider examining the Schengen/EU Schengen Information System and border control co-operation does filter into the assessment. 1.6

Chapter Overview

This study is divided into five parts comprising 12 chapters and a postscript. Part I includes this introduction chapter and Chapter 2. The introduction deals with the problem statement, literature choice and methods. The main question that the study tries to answer is, “Is the Schengen police and border control co-operation accompanied by adequate human rights safeguards for individual protection?” The question is answered by 96 Skogly, S. I. (2000) p. 95. 97 Bygrave, L. A. (2000/01). pp. 113-125; also In Privacy Law & Policy Reporter, 2000, volume 7, pp. 11-14, 33-36. 98 An analysis of Article 8 ECHR is carried out in Chapter 4.

Introduction

examining the fairness of the Schengen police and border control co-operation through investigation into the transparency and proportionality of the police and border control measures employed. The study will also offer recommendations to improve fairness i.e. transparency and proportionality of the measures. In other words, the study is a de lege lata and de lege ferenda research. Chapter 2 presents the Schengen Co-operation over time; its origin, development and future. The point emphasised here is the transformation of Schengen from what the author terms the security paradigm, which concentrates on laying down security compensatory measures with little or no reference to human right concerns, to a freedom, justice and security paradigm which is an attempt to correct the past human rights oversights. Unfortunately, this attempt is frustrated by the events after 11 September 2001, where the security paradigm is threatening to gain dominance once again. Part II deals with the normative and theoretical approach and discusses the most important legislation. The section is divided into four chapters. Chapters 3 and 5 are analysis of the most important legislations in the fields of human rights and data protection. The legislation is dealt with here because of its relevance in police co-operation and the Schengen co-operation as a whole. In addition, the chapters articulate the general legal standards, that in one sense or another are binding for individual states, and which are a basis for evaluating police co-operation. These standards and norms are so central that deviation, even where the law so provides, requires justification. Chapter 4 is on information privacy as found in human rights case decisions. It is an empirical analysis of the European Court for Human Rights decisions, paying particular regard to manifestations of data protection principles and rules in the Courts decisions. This chapter takes the perspective that data protection is “a human right”. Chapter 6 is the core chapter of the study. It is an analysis of the transparency – proportionality theory used for evaluating the Schengen co-operation. It is an analysis of data protection principles and interests. The two are combined together to form a transparency - proportionality evaluation criteria used in the assessment of the data processing in the Schengen area. Part III is an analysis of international police co-operation with emphasis on the Schengen co-operation. Chapters 7 and 9 are a presentation of cross-national border information systems. The legal basis, organisation, technological infrastructure and information infrastructure are analysed. The analysis also portrays the level to which processing of personal information has become a central activity in police co-operation and cross border control. Chapter 8 applies human rights and data protection evaluation criteria developed in Chapters 4 and 6. Its aim is to determine the compliance of SIS with Article 8 of ECHR and data protection rules. In Part IV, which is comprised of Chapters 10 and 11, control techniques and places of control are discussed. Here the description and analysis is carried out of how the information systems discussed in Part III are fed with personal information. This part is a continuation of the study of flow of information presented in Part III. The aim is to illustrate how actions that may seem not related to Schengen are directly linked. For example, control within the Schengen area may seem to bear no relation to Schengen controls, but because personal information processed during such control could end up in the cross-border information systems, the two are interlinked. Chapter 11 deals with individual control and identification techniques. Both traditional and biometrics

37

38

Chapter 1

control and identification are analysed and a human rights and data protection evaluation presented. Part V is the final part comprising Chapter 12 and a postscript. Chapter 12 is devoted to the de lege referenda. Here recommendations drawn from the findings are discussed. The recommendations take the form of changes in law, procedure and institutions in order to provide a clearer and more consistent framework to address the question of effective safeguards. In particular, transparency and proportionality of the systems and data processing should be ensured through more transparency, guidance and strengthening of independent supervision of the systems. The postscript explains the proposed SIS II legislation and its consequences for the contents and findings in this study.

2

An Overview of the Schengen Co-operation

2.1

Introduction

The Schengen co-operation has undergone important changes and developments since its inception in 1985. These developments have considerably changed the border control landscape from one of competence of sovereign states to one that has become the subject for supra-national competence. When new members joined the EU. On 1 May 2004, the membership of Schengen expanded considerably. The EU/Schengen area therefore comprises most of the continent of Europe. Only two Member States, Great Britain and Ireland opted to stay outside the Schengen co-operation. Yet, the co-operation benefited from membership of two non-EU states, Norway and Iceland. In this way, the co-operation seems to have achieved one of its objective of being a model and experiment for the European Member States. Schengen put, in a short period, a functioning system into place, where EU efforts had failed. Second, what began as “an experimental garden” outside the EU legal system became a full-blown co-operation with the incorporation of the Schengen Acquis into the EU legal system. The co-operation, which began as an institution founded under international law, through the Schengen Agreement 1985 and the Schengen Convention 1990, was incorporated into the EU legal system by the Amsterdam Treaty signed on 2 October 1997 and which entered into force on 1 May 1999. The incorporation, as it were, brought the Schengen co-operation back where it belonged, under the EU legal system   



Widgren, J. The development of a Pan-European regime for entry control, on the basis of the Amsterdam Treaty and in the framework of an enlarged European Union. http://migration. uni-konstanz.de/alt/mpf2/mpf2-widgren.html accessed on 20 May 2003. Ten new members Estonia, Latvia, Hungary, Slovenia, Malta, Cyprus, Lithuania, Poland, the Czech Republic and Slovakia joined the EU on 1 May 2004. Two new members Romania and Bulgaria joined the EU on 1 January 2007. EU has, as of January 2007, 27 members. Great Britain and Ireland have joined some parts of the Schengen (those dealing with crossborder law enforcement and criminal co-operation and the Schengen Information System), but preserve their border controls. Under the Amsterdam Treaty, Great Britain and Ireland are allowed to opt in to the whole or some parts of the Schengen Convention. Widgren, supra.

40

Chapter 2

(see below 2.2.). Whether or not Schengen has achieved its main objective of creating an area of free movement is a matter of analysis. This account of the Schengen co-operation will attempt to trace these changes and developments, raising and pointing out issues of individual protections that will be investigated in the following chapters. 2.2

Background

The Schengen co-operation began as an intergovernmental co-operation with the signing of the Schengen Agreement in 1985. The aim of the Agreement was the gradual abolition of controls at the Contracting Parties’ common frontiers, to achieve free movement of goods, services and persons, pending provisions adopted by all European Community Member States. An intergovernmental solution was found viable then due to lack of agreement among European Community Member States on the interpretation of Article 14 (on internal market) and Article 18 (on EU citizenship) of the Treaty establishing the European Community (TEC). Great Britain believed and still maintains that free movement of persons is only for the citizens of the Union and not for third country nationals, even though they may be residents of one of the Member States, and therefore controls at internal borders may stay in place. Other Member States were ready to interpret the provision widely, extending the benefits of free movement to third country nationals who were residents in Member States. At first, only five Member States, Germany, France and the Benelux; the Netherlands, Belgium and Luxembourg were ready to do this. They became the original five members of the Schengen co-operation by signing the 1985 Agreement. Apart from the interpretation problem, numerous difficulties were experienced when it came to agreement on the compensatory measures to be implemented in place of removal of internal border controls. Article 17 of the 1985 Schengen Agreement mirrors this problem. Article 17 provides for the need to implement compensatory measures to safeguard security and combat illegal immigration by nationals of States that are not members of the European Communities. In this regard, the Agreement remained a good intention document for removal of internal border controls and served as a skeleton which was fleshed out by the 1990 Schengen Convention. The Schengen Convention of 1990 is referred to as the implementing instrument of the Schengen Agreement. This Convention contains detailed provisions, which provide  

See Part IV for details. The idea of the Schengen co-operation, however, can be traced back to an earlier treaty signed by the Benelux countries on 1 July 1960. The Benelux treaty abolished internal border controls and shifts them to the external borders of the Benelux territory. It also abolished border control for persons at the internal borders and obliges the member countries to pursue a common policy with regard to the entry of aliens. A common visa that allows persons to circulate freely within the Benelux territory was instituted. Aliens were required to report their presence to the authorities. Another development that may have inspired the Schengen co-operation is a bilateral agreement, known as the Saabrücken Agreement, signed in February 1977 between the German and French governments. It lifted many bilateral frontier controls and strengthened co-operation between their respective customs and police authorities.

An Overview of the Schengen Co-operation

the legal base for implementing the general principles first set out earlier in the 1985 Agreement document. The Convention, in Article 2, implements the removal of internal border controls and in Article 3 transfers control to the external borders. Internal and External borders are defined in Article 1 of the Convention. In order to achieve this, wide- ranging compensatory measures were required. The bigger part of the Convention is devoted to these compensatory measures. The compensatory measures cover matters of asylum (later moved to EU competence by the Dublin Convention), visa and immigration policy, police co-operation, other forms of co-operation, and the exchange of information both outside and inside the Schengen Information System. The Convention of 1990 became an impetus for other countries to join the co-operation. The first country to opt in was Italy, which signed the Convention in November 1990. Later, Portugal and Spain, who had observer status at the meetings leading to the signing of the Convention, became full signatories on 24 June 1991. Greece followed suit when it signed the Convention on 6 November 1992. Austria was the next to become a member of the Schengen co-operation by signing the Convention on 28 April 1995. The other countries to join the co-operation, as a block since the five original members in 1985, were the five Nordic countries: Denmark, Sweden, Finland, Norway and Iceland on 19 December 1996. The latter two, Norway and Iceland, acquired associate status because they were not EU Member States and the Convention was open for signature to EU Member States only. The three EU Member States (Denmark, Sweden and Finland) may have delayed their membership, awaiting the outcome and in solidarity with the applications of Norway and Iceland for membership. In 1994, Denmark, which was the only EU member among the Nordic countries, had attached a precondition for preservation of the Nordic Passport Union enjoyed by all the Nordic countries in its accession application.10 In its application, the Danish government set out the decisive importance that was attached to reaching a negotiated settlement, which would involve the continued existence of the Nordic Passport Union.11 When Sweden and Finland acceded to EU membership, the same year it made the case for preservation of the Nordic Passport Union stronger and more compelling. As Larsen has observed, it would be very awkward to abolish border controls at the European level and, simultaneously, to introduce frontier controls at the internal Nordic borders, these having been open for over 40



These compensatory measures are discussed below under the main features of the Schengen Convention.  Associate membership means that Norway and Iceland, while not being EU members, have accepted the Convention as well as the full Schengen acquis and agreed to all Schengen obligations. According to the agreement signed with the other members, the two non-EU countries will neither have a vote nor a veto in the Schengen Executive Committee. If disagreements occur, the two countries are free to leave Schengen.  Article 140 (1) of the Schengen Convention. 10 Larsen, L. B. (1997), p. 20. 11 Ibid. 19.

41

42

Chapter 2

years.12 Norway and Iceland finally were able to negotiate an accession agreement13 with the Schengen States that led to the signing of the Convention by the five in 1996. Later in 1997, when the Schengen co-operation was incorporated into the EU legal system, a new accession agreement was renegotiated according to the terms of the Amsterdam Treaty and signed on 27 April 1999. The two countries retained their associate membership and can, according to the terms of the agreement, participate in decision-making in the Mixed Committee outside the EU Council.14 The expansion of the EU to countries of Eastern Europe brought in new members to the Schengen co-operation. New EU Member States are expected to accede to the Schengen Acquis as a whole without the benefit of opting out, according to the Amsterdam Treaty. Two non-EU and not applicants to join the EU, Switzerland15 and Liechtenstein16 applied to be associated with the Schengen Acquis and the Dublin Convention. The Schengen Convention came into effect on 26 March 1995, ten years after it was signed.17 The five original members and two new ones, Spain and Portugal were the first to implement the Convention. Preparation for further implementation by the other members have been arduous because member countries had to adopt a common visa 12 Ibid. p. 20. 13 Samarbeidsavtale mellom Kongeriket Belgia, Forbundsrepublikken Tyskland, Republikken Frankrike, Storhertugdømet Luxembourg, Kongeriket Nederland, Republikken Italia, Kongeriket Spania, Republikken Portugal, Republikken Hellas, Republikken Østerrike, Kongeriket Danmark, Republikken Finland, Kongeriket Sverige, som er parter i Schengenavtalen og Schengen-konvensjonen, og Republikken Island og Kongeriket Norge om avskaffelse av personkontroll på de felles grenser. 1996. 14 Council Decision of 17 May 1999 on certain arrangements for the application of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the association of those two States with the implementation, application and development of the Schengen acquis (1999/437/EC) – preamble 3. 15 Council Decision 14637/01 on Switzerland’s possible association with the Schengen acquis and the Dublin Convention after the model of Iceland and Norway; At a meeting of 9 April 2001, the European Commission agreed that negotiations should be opened with Switzerland so that it could join the Schengen agreement; On 11 July 2002, the first round of negotiations between delegations of the EU and Switzerland took place. 16 Council Decision 10024/02 Request by Liechtenstein to be “associated with the Schengen acquis and the Dublin Convention, at the same time as Switzerland”. 17 The implementation of the Schengen Convention was immediately hit by setbacks when France unilaterally decided to maintain land border checks beyond the agreed deadline. France, faced by a refusal by its partners to extend the running-in period for dropping landborder controls by six months, unilaterally used a safeguard clause, allowing it to delay or suspend the dropping of border controls for national security reasons. The Schengen Convention allows the reintroduction of passport checks when public order or national security is at stake and the application for a limited period of national controls “appropriate to the situation”. France also cited problems of input to the Schengen Information System computer, increased illegal immigration and increased seizures in northern France of drugs coming from the Netherlands. Nevertheless these were temporary drawbacks that have not jeopardised or held the implementation of the Schengen back.

An Overview of the Schengen Co-operation

policy, provide for police and judicial co-operation, and link up with the Schengen Information System. Another condition is effective controls of the external borders. Italy and Austria, having joined the Schengen co-operation as earlier as 1990 and 1995 respectively, were not able to implement the Convention before 26 October 1997 and 1 December 1997 respectively. The other Contracting Parties, in particular Germany, insisted that the two must control their external border effectively before they commenced implementing the Convention. Germany was worried that the two were not able to fulfill these conditions. Greece also started to implement the Convention on 8 December 1996. The Nordic countries started implementation on 25 March 2001, having established their National Schengen Information Systems. The above description of the development of Schengen portrays it as a success story, but at what cost? As Boer has argued, Schengen did not suffer from the “paper Tiger” effects of the EU, “The Schengen was less democratic (the European Parliament played no role, except from that of monitoring). It was also less bureaucratic (as it did not have as many decision making layers and rigid procedures). Further the Schengen provisions were really implemented, which allowed for the more practical involvement of practitioners.”18 But the success of Schengen had its Achilles heel. It attracted severe criticism directed to the secret nature of the Schengen process, its undemocratic nature and lack of transparency, parliamentary and judicial control. These shortcomings reflected poorly on the protection of individual rights and data protection. The daunting challenge ahead for Schengen, even as it was incorporated in the EU legal framework, is to salvage its dented image and acquire a democratic and human rights orientation. This study now turns to and looks into detail at these issues by analysing the legal basis of Schengen and its relation to EU law, the main features of the Schengen Convention and Schengen after Amsterdam. The metaphor of paradigms is used here to illustrate the two phases of Schengen co-operation. The first phase is the intergovernmental Schengen, which was plagued by security concerns to the detriment of human rights, democracy and transparency. This phase is referred to as the “Security Paradigm” (see 2.3). The second phase of the Schengen co-operation is Schengen after Amsterdam, which is concerned with addressing the lack of human rights, democracy and transparency in Schengen and is called the “Freedom, Security and Justice” paradigm (see 2.5). But after 11 September 2001, the security paradigm seems to re-emerge albeit in a different form. Schengen, in the aftermath of the USA 11 September 2001, Madrid 11 March 2004 and most recently London 7 July 2005 terrorist attacks, is the subject of the re-emerging security paradigm. 2.3

Incorporation of Schengen Acquis into EU Law

It was during the 6th Intergovernmental Conference ICG meeting in Amsterdam in 1997 that a decision was taken to incorporate the Schengen Acquis into the EU legal system. The decision affirmed the temporary nature of Schengen, the strong link between Schengen and EU law, and reflected the debate on the undemocratic nature of Schengen that had been ongoing since its inception. 18 Boer, M. (1997). p. 148.

43

44

Chapter 2

From the beginning of the Schengen co-operation, the Contracting Parties were aware that the Schengen co-operation was only a laboratory where some Member States of the EU, eager to achieve free movement of persons and which proved illusive under the EU legal and political structures, could experiment on removal of internal borders. The incorporation is therefore a natural result of their experiment.19 In addition, it was necessary to incorporate Schengen into the framework of the European Union for two reasons. First, there is a similarity of objectives between Schengen and EU polices on free movement of persons. As Boer noted, “there are several legal, functional and institutional links between Schengen and the Treaty on European Union (TEU) that allow us to view the absorption of Schengen into the TEU as a viable option.”20 And secondly, “there is a perceived need for more open democratic and accountable decision making within the Schengen area.”21 The legal basis for the Schengen co-operation is deeply rooted in the EU legal system. The immediate legal basis of the Schengen co-operation is the two founding agreements: the Schengen Agreement of 1985 and the Schengen Convention of 1990. Its legal basis, however, is traceable back into the EU legal framework instruments (European Communities Treaties). As pointed out above, the Schengen co-operation became necessary as a way to implement free movement, which had stalled under the EU framework. As such, the Schengen co-operation was envisaged from the beginning as a temporary alternative which, when time was ripe, would be absorbed back into the EU framework. This happened through the Amsterdam Treaty of 1997. A number of provisions can be singled out as the most important in laying the legal basis of the Schengen co-operation. Under the Schengen legal instruments, Article 17 of the Schengen Agreement is important. The article sets out the purpose of the Agreement and it states, In regard to the movement of persons, the Parties shall endeavour to abolish the controls at the common frontiers and transfer them to their external frontiers. To that end, they shall first endeavour to harmonise, where necessary, the laws and administrative provisions concerning prohibitions and restrictions which form the basis for the controls and to take complementary measures to safeguard security and combat illegal immigration by nationals of States that are not members of the European Communities.

Article 17 highlights the three important elements in creating the Schengen co-operation: – Abolishing of the controls in the common frontiers and transferring them to the external frontiers. – The need to harmonise the laws and administrative provisions on border control. 19 Ibid. 20 Boer, M. (1997), p. 149-50. 21 House of Lords – European Communities – 31st Report. Session 1997-98 Publications on the Internet European Communities Committee Reports. http://www.parliament.the-stationery-office.co.uk/pa/ld199798/idselect/ldeu…/8072801.ht accessed on 27 April 2003.

An Overview of the Schengen Co-operation

–

The need to implement compensatory measures to safeguard security and combat illegal immigration.

In the Agreement document, these elements remained framework guidelines that were accomplished in the implementing agreement of the Schengen Convention. The whole of the Schengen Convention document is devoted to the implementation of these three elements. Some provisions, however, can be underlined. Article 2 (1) of the Convention abolishes internal borders and states that “internal borders may be crossed at any point without any checks on persons being carried out”. This article launches the free movement area where no checks are carried out on persons crossing internal borders. Article 4(1) transfers controls to the external borders. It requires that passengers on flights from Third States who board internal flights will first be subject, upon arrival, to personal and hand baggage checks in the airport of arrival of their external flight. Passengers on internal flights, who board flights bound for Third States, will first be subject, on departure, to personal and hand baggage checks in the airport of departure of their external flight. This article acts to enhance control at the external borders. It provides for rigorous checks for both entering and exiting passengers at the external borders. Rigorous checks for outgoing passengers are a new measure in some Schengen countries as it was not practised before.22 Articles 14 and 18 of the EC Treaty form the legal basis for removal of internal borders and free movement of persons under the EU framework on which the Schengen co-operation is based. Article 14 (2) defines the internal market and states that “it shall comprise an area without internal frontiers in which the free movement of goods, persons, services and capital is ensured in accordance with the provisions of the Treaty.” Article 14 (1) is the freedom of movement clause and states that “Every citizen of the Union shall have the right to move and reside freely within the territory of the Member States, subject to the limitations and conditions laid down in this Treaty and by the measures adopted to give it effect.” This is the clause that caused contention among the EU Member States and led to the creation of the Schengen co-operation. Article 134 of the Convention links the Schengen to the EU legal framework. It requires that the provisions of the Convention shall apply only insofar as they are compatible with Community law. In this way, the EU law acquires precedence over Schengen Convention provisions. Thus, an equivalent Community provision that comes into force would replace the Schengen clause. For instance, when the EU Asylum Convention (Dublin Convention) entered into force on 1 September 1997, it immediately replaced Schengen provisions on asylum. This is also in line with Article 100c (7) of the EC Treaty, which states that “provisions of the Conventions in force between the Member States governing areas covered by this Article shall remain in force until their contents have been replaced by directives or measures adopted pursuant to this Article”. This means that there can be no incompatibility between Schengen and European Union provisions, on the contrary, Schengen and European Union policy share continuity and common logic, especially as Article 142 of the Convention requires the text to be adapt22 For example, in Norway exit checks were never practiced. They only became a reality after Norway became a member of the Schengen co-operation.

45

46

Chapter 2

ed to changes in Community law intended to create an area without internal frontiers.23 Similarly, Article 140 (1) provides that only Member States of the EU may become Party to the Convention. Again this article links Schengen membership to EU and its legal framework. Even Norway and Iceland,24 who are non-EU members, have to accept the decisions of the EU Council or risk dissolution of the associate agreement, as indicated earlier. The incorporation of the Schengen Acquis into the EU legal system means the Schengen Acquis became part and parcel of EU law and the latter became the most important legal basis of the Schengen co-operation. The purpose of Schengen, to abolish internal checks and controls and to remove internal borders in order to facilitate free movement of persons and goods, is similar to the aims of Articles 14 and 18 of the Treaty establishing the European Communities. Article 14 deals with internal market and the four freedoms: service, capital, goods and persons, and Article 18 with Citizenship and free movement. It is also instructive that the Schengen preamble makes reference to an internal market as established by the Treaty establishing the European Communities. It is also significant that Article 134 of the Schengen Convention makes it clear that the provisions of the Convention shall apply only insofar as they are compatible with Community law, putting Community law before Schengen law. Further, according to Article 140(1) of the Convention, Schengen membership is open to Member States of the European Communities. It was seen as necessary to incorporate Schengen into the EU legal framework in order to accommodate criticism levelled against Schengen. Criticism came from many quarters. For instance the European Parliament, in contrast to the positive appraisal by the EC Commission, spoke against the Schengen Convention, arguing that the negotiations were lacking in transparency and the compensatory measures are exaggerated.25 Similar criticism came from the opinion of the Dutch Council of State who felt that there were shortcomings concerning the matter of adequate international and national supervision. They observed that international supervision, which was vested in the Executive Committee, could have been exercised by the Court of Justice of the European Communities as was the case for other agreements concluded outside the EC framework. The Schengen Convention also gave no guarantees about supervision in respect of national law.26 Criticism was especially focused on the Schengen Executive Committee. It was argued that, the intergovernmental Executive Committee is not a Court and operates completely outside the constraints of domestic or supranational law. It is empowered to adopt measures, largely in private, in areas having direct impact on individual rights and freedoms, but no provisions were made for systematic parliamentary scrutiny of executive measures prior to their 23 House of Lords – European Communities Committee 31st Reports, supra. 24 Although non-EU countries, Norway and Iceland are members of Schengen co-operation, they are associate members and not full members. It follows that only Member States of EU can become full members. 25 Schattenberg, B. (1993), p. 51. 26 Opinion of the Dutch Council of State. Poptel InfoSource – Statewatch bacdoc February=1992 http://www.poptel.org.uk/.

An Overview of the Schengen Co-operation

adoption. And although complaints could be brought before national courts, there was no mechanism for obtaining rulings on the interpretation and application of Convention provisions.27

From the foregoing, incorporation into EU structures was seen as a cure for the lack of transparency, democratic accountability and judicial control in the Schengen co-operation. Incorporation aimed at strengthening the role of the EU institutions in areas of the Schengen co-operation. “The Council of Justice and Home Affairs Ministers replaced the Executive Committee; the Commission and the European Parliament have a formal role in shaping policy; and the European Court of Justice exercises some degree of judicial control.”28 The extent of democratic accountability and judicial control should not, however, be overstated as the powers of the European Parliament and the Court are limited and judicial and democratic control is equally restricted. The European Parliament has largely consultative role. National Parliaments may express their views collectively, through the Conference of European Affairs Committees (COSAC), on any legislative proposals or initiatives relating to the establishment of an area of freedom, security and justice. Opinions expressed by the European Parliament and any contribution COSAC chooses to make binds neither the Council nor national Parliaments. As for the Court of Justice, there are significant limitations to its jurisdiction and it does not, in any event, extend to “measures or decisions relating to the maintenance of law and order and safeguarding of internal security.29

The incorporation of the Schengen Acquis into EU structures was not a simple matter of transferring the former into the latter. It is a complex process.30 According to Article 2 of the Schengen Protocol, the legal basis for each of the provisions of the Schengen Acquis was to be determined. This entailed two steps. First, it involved determining what in Schengen Acquis was to be incorporated, as not all the documents are relevant. Some provisions of the Acquis were redundant and did not require a legal base in the EU Treaties. A provision was not allocated to a legal base if; – it were no longer operative, – it had been replaced by provisions of Community law or other acts applicable to all Member States, – it remained an area of exclusive national competence, – it were not intended to have legal effects.31 27 28 29 30

31

House of Lords – European Communities – 31st Report, supra. Ibid.; See also below 2.5. Ibid.; See also below 2.5. Council Decision (1999/436/EC) determining, in conformity with the relevant provisions of the Treaty establishing the European Community and the Treaty on European Union, the legal basis for each of the provisions or decisions which constitutes the Schengen acquis, OJ L 176/17 10 July 1999. Document No: 7233/1/98, SCHENGEN 14 REV 1, Annex B.

47

48

Chapter 2

Second, it involved identifying into which Pillar (First Pillar or Third Pillar) the provisions were to be incorporated. The Schengen Protocol envisaged that some parts of the Schengen Acquis were to be integrated into the EC Treaty (First Pillar) and some into the revised Title VI of the EU Treaty on police and judicial co-operation in criminal matters (the Third Pillar). At Amsterdam, Member States agreed that Community procedures (i.e. First Pillar procedures) should apply to free movement issues, but not to the “flanking” or “compensatory” security measures which were still to be governed by intergovernmental procedures (i.e. Third Pillar procedures). The allocation into one Pillar and not the other had its consequences as each Pillar specifies its own procedural and institutional arrangements. Thus, procedural and institutional arrangements differ, according to the allocation to one Pillar or the other.32 An approach of “flexible incorporation” has been adopted in relation to Schengen, with some provisions being incorporated into the First Pillar and others into the Third.33 At Amsterdam, Member States agreed to transfer competence concerning visas, asylum, immigration and other policies related to the free movement of persons to the Community. Some of these matters were previously dealt with in Title VI of the EU Treaty, the Third Pillar. The principal focus of Title VI now is police and judicial cooperation in criminal matters.34 It was important to allocate the Schengen Acquis to a legal base in the EC Treaty or EU Treaty because, incorporating concrete measures illustrated the extent of the Community’s competence under the new Title IV of the EC Treaty on the one hand, and the areas reserved to Member States within the framework established in Title VI EU Treaty on the other.35 Not all the provisions of the Schengen Acquis fell neatly under the categorical division between the First and Third Pillar. First, according to the Schengen Protocol, the Council, acting unanimously, was to determine the legal base for each of the provisions or decisions which constitute the Schengen Acquis.36 Where no such unanimous agreement was reached, the provisions or decisions, which constituted the Schengen Acquis, were regarded as acts based on Title VI.37 In this respect, the allocation of the Schengen Information System was problematic. The discussion varied between a dual basis in the First and Third Pillars, a single legal basis probably in the Third Pillar, or the SIS being maintained as a separate agency.38 The issue was temporarily resolved, however, in the General Affairs Council on 26-27 April 1999 and the last meeting of the Schengen 32 Allocation to First Pillar means that the Community procedures apply. The decisions are taken by voting on qualified majority. And with allocation into the Third Pillar, the intergovernmental procedure applies and decisions are made by unanimity. 33 House of Lords – European Communities – 31st Report, supra. 34 Article 29 of the EU Treaty. 35 House of Lords – European Communities – 31st Report, supra. 36 Article 2 (1) para. 2 of the Schengen Protocol, Amsterdam Treaty. 37 The consequences for individual protection as a result of the arbitrary allocation cannot be minimised. Provisions which could well be handled in the First Pillar will find their way to the Third Pillar, which still will be under intergovernmental procedures and without adequate parliamentary and judicial control. 38 See House of Lords – European Communities – 7th Report, 2 March 1999.

An Overview of the Schengen Co-operation

Executive Committee on 27-28 April 1999. The General Affairs Council agreed that the Third Pillar “fall back”, provided for in Article 2 (1) of the Schengen Protocol was to apply. Consequently, the legal base for Articles 92-119 of the Schengen Convention was placed in the TEU until such time as agreement can be reached.39 Second, some provisions of the Acquis could not be allocated to a single Pillar, as their contents tend to fall in both Pillars. In such cases, the Council either split the Acquis into both Pillars40 where that was possible, or allocated the Acquis a dual legal basis under both Pillars.41 Third, some provisions were allocated to a broad legal basis, making it difficult to ascertain clearly which procedure was to apply to each element of the Schengen Acquis.42 Fourth, some provisions were allocated to an inappropriate legal base.43 In conclusion, as the Schengen Acquis touches on fundamental rights and freedoms of individuals, such difficulties raised by the allocation may continue to have serious procedural problems with consequences for effective individual protection unless legal certainty and openness in the matters of incorporation are provided. Perhaps the aboli39 See Statewatch March – April 1999 (Vol. 9 N0. 2) p. 22; The proposed SIS II legislation has on 31 May 2005 allocated the SIS a dual legal base with immigration law aspects coming under first pillar and criminal law aspects under the third pillar. 40 See House of Lords – European Communities – 31st Report. Supra. “For example, under Article 27(1) penalties must be imposed on any persons assisting the entry of aliens contrary to the laws of any one of the Schengen States. This provision has been allocated to a legal base in the EC Treaty, since the crossing of external borders is to be governed by Community law. By contrast, Article 27(2) and (3) which concern the notification and prosecution of unlawful activities under Article 27(1) are allocated to the TEU. In the Schengen system, the three paragraphs of Article 27 are complementary, each serving to reinforce the others. Such incorporation diminishes legal and procedural coherence by applying two different sets of rules in the First and Third Pillars. Moreover, the effective enforcement of the penalties required under Community law will depend, at least in part, on action taken under the third Pillar.” 41 For example, Articles 126-128, on the protection of personal data other than that stored in the SIS, have been allocated two legal bases, one in the EC Treaty and the other in the TEU. Justification for this is because Schengen covers both First and Third Pillar matters. 42 Most of the Schengen provisions on visas are allocated to the new Article 62(2)(b) of the EC Treaty, which provides for the adoption of rules on short-term visas. The Commission has an exclusive right of initiative and there is a qualified majority voting for some, but not all, measures based on Article 62(2)(b). The allocation does not make clear which procedures will apply to each element of the Schengen Acquis. 43 Most of the Schengen provisions which have been allocated to a legal base in the EC Treaty come within Title IV, but there are a few exceptions, such as Article 75 of the Convention on the movement of persons carrying narcotic drugs intended for medical treatment, which has been allocated to Article 95 (formerly Article 100a) of the EC Treaty, Article 76 of the Convention allocated to Article 95 of EC Treaty and the third and fourth paragraphs of Article 76 on notification of measures taken to monitor the legal trade in narcotic drugs are allocated to Article 152 (formerly 129) of the EC Treaty which concerns public health and Articles 126-128 of the Convention on the protection of personal data not held in the SIS are allocated Article 95 of the EC Treaty; See House of Lords – European Communities – 31st Report, supra.

49

50

Chapter 2

tion of the pillar system by the EU Constitution Treaty can provide the required certainty.44 But the ratification of the EU Constitution Treaty looks doubtful with its rejection by French and Dutch referenda respectively. Meanwhile the SIS II proposed legislation could provide the certainty and openness required when it enters into force. 2.4

Main Features of the Schengen Convention: A Security Paradigm

2.4.1

Negotiating Schengen

As observed elsewhere, the Schengen Convention was modelled on an unstable security paradigm that largely disregarded the basic tenets of a democratic society, namely transparency, accountability, human rights and rule of law.45 First of all, as the analysis of the main features of the Schengen Convention below will demonstrate, although Schengen was meant to facilitate free movement, the national security concerns rather than free movement interests take the upper hand. In a Convention containing 142 articles, only a small portion of the articles are concerned with free movement. Most of the Convention Articles are devoted to security in the form of compensatory measures. Articles 9-27 deal with control of immigration, issuance of visas and residence permits. Articles 28-38 are concerned with asylum, especially the responsibility for the processing of applications for asylum. Asylum matters, however, were removed from the Schengen with the coming into force of the Dublin Convention as explained above. Articles 39-91 are concerned with police co-operation, security and judicial co-operation in criminal matters. Finally, Articles 92-119 deal with the SIS, whose main objective is to enhance national security and control of immigration. Protection of personal data is also given prominence in articles on the SIS above and Articles 126-130 that deal with protection of personal data for information exchanged outside the SIS under police co-operation and asylum matters. Even the treatment of data protection, however, is not adequate as it was also affected by the enormous emphasis given to national security interests. Safeguards for the protection of personal data, as explained below, are not adequate and reference to human rights instruments was lacking. The reason security concerns took greater focus than human rights and free movement issues may not be difficult to understand. Firstly, the negotiations for the Schengen Convention were done in secrecy46 and therefore lacked transparency. Public and external scrutiny by EU and national institutions such as the EU and national Parliaments was lacking. The EU Commission was only involved as an observer and there was a lack of involvement of civil society bodies. The negotiating parties were mainly persons associated with security and law and order, whose single interest may have been to safeguard internal security of the Contracting Parties at the expense of other interests such as free 44 Article 6 of the Treaty establishing a Constitution for Europe CONV 850/03. 45 Karanja, S. K. (2000), p. 215. 46 A number of documents were stamped confidential, making them out of the reach of the public and other interested parties: the SIRENE manual, the Common manual and the Common Consular Instructions.

An Overview of the Schengen Co-operation

movement, human rights and data protection.47 The international climate then also favoured a security-oriented approach. Cross-border and organised crimes were seen to be on the increase and becoming international. 2.4.2

Removal of Internal Border Controls

As under the Schengen Convention the removal of internal border controls does not entail the removal of internal borders, the physical borders have remained in place, perhaps to underline the fact that each country still retains its national character. This point is also reflected in the Convention where national laws, practises and interests of Member States play a significant role and are safeguarded. What disappears are the controls and checks that were carried out at these internal borders, as no controls or checks occur at the internal border crossing points any more. Some of the controls that occurred at the internal borders, some have been dislocated internally, others have been moved to the external borders or transferred to the countries of origin and third countries outside Schengen.48 This means that controls take place within the territories of individual Schengen States, or more usually in the case of travellers subject to passport or visa checks, at the external frontiers of the Schengen area and third countries and countries of origin.49 For a citizen of a Schengen State, this means that when crossing internal borders, no passport or identity controls and checks are carried out. Such a person does not need to show any identity papers. This does not, however, exempt the person from carrying necessary identification documents because the same may be demanded inside the territory. The same applies to foreign nationals crossing internal borders on threemonth visitors’ and tourists’ visas; they must have identification documents with them although these are not required for crossing internal borders. Article 45 of the Schengen Convention applies to both citizens of Schengen States and foreign nationals and requires all to produce proof of identity and fill out a declaration form when staying in any commercially rented accommodation, such as hotels or camping sites.50 The removal of internal border controls means free circulation of persons in the Schengen area. It implies that illegal immigrants and criminals will also circulate freely. The fear that this may be the case has led to the introduction of compensatory measures to counter this undesirable effect of removal of internal border controls. Since within the Schengen area, it is not possible to control illegal crossing of internal borders, enhancement of external border controls and internal controls monitoring of foreign nationals and society in general is the only way to counter these dangers.51

47 Karanja, S. K. (2000), p. 216. 48 See Chapter 11 below . 49 House of Lords European Communities Committee 31st Report 1997. Internet version accessed on 28 April 2003. 50 See Part IV for detailed discussion of internal controls. 51 De Jong, D. C. (1993), p. 184.

51

52

Chapter 2

2.4.3

Freedom of Movement of Persons and Immigration Policies

Freedom of movement of persons has been a contentious subject in the history of the European Union. While the other forms of freedom envisaged under Article 14 of the EC Treaty, free movement of capital, services and goods had been achieved, free movement of persons remained a problem. Free movement of persons in the EU began with labour, but gradually evolved to cover self-employed people, students, pensioners and EU citizens in general.52 The only categories that were not represented were foreign residents staying in the EU and foreign nationals entering the EU. The novelty of the Schengen Convention is to extend the concept of free movement to these groups. While the citizens of Schengen States, or EU citizens,53 have almost unrestricted freedom of movement, in that they can circulate freely without hindrance, that of foreign nationals is restricted. According to the Schengen Convention, freedom of movement in the Schengen area is restricted to a period of three months for all non-EU nationals. In addition, for foreign nationals, conditions for entry are stringent and they have to undergo thorough checks which include not only conditions governing entry, residence, work and exit, but also checks to detect and prevent threats to the national security and the public policy of the Contracting Parties.54 Further, apart from being required to be in possession of travel documents and visas, foreign nationals may be required to produce documents demonstrating “the purpose and the conditions of the planned visit” and proving that they have “adequate means of support” both for their stay and their return journey.55 In reality, freedom of movement for foreign nationals may be more restricted than perceived at first sight. Although there is a minimum threshold, conditions for entry common to all the Schengen States that oblige refusal to enter for any person who does not meet them, the Contracting Parties are not similarly obliged to admit those who do fulfill the conditions. This is the import of Article 5(1) that provides that aliens who satisfy the entry conditions “may” be admitted and Article 5(2) those who fail to satisfy the entry conditions in any one of the Contracting Parties “must” be refused entry. The fulfillment of the conditions is not a guarantee for entry, while failure to fulfill the conditions for all Contracting Parties amounts to automatic refusal to enter. An exception does, however, exist that allows a Contracting Party to admit a foreign national who has failed to fulfill entry conditions on humanitarian reasons, on grounds of national

52 Simone, V. (1997). Report of High Level Panel on the Free movement of Persons. 53 The Schengen Convention does not distinguish between Schengen States citizens and EU citizens. In its definition section in Article 1, the Convention, defines an alien as any person other than a national of a Member State of the European Communities. By implication, this means that citizens of the EU are not aliens and have the same rights as citizens of Schengen States. This also amplifies the fact that Schengen law is subservient to EU law which has already granted EU citizens the freedom of movement. 54 Article 6(2) (a) of the Schengen Convention. 55 Article 5(1) (c) of the Schengen Convention.

An Overview of the Schengen Co-operation

interest or because of international obligations.56 But such admittance applies only to the admitting country therefore the person so admitted cannot travel to other Schengen countries. Contracting Parties, however, are not ready to invoke the exemption in favour of persons affected. The reason could be that it is not easy to restrict the person in the territory of the admitting Member State. Although the consequences of being caught in other Member States’ territory could act as a deterrent from travelling out of the authorising Member State territory. Stringent visa policy and rules in the Schengen Convention further restrict freedom of movement for foreign nationals even though the Schengen Convention harmonises visa policy in Articles 9-18. The rules introduce a uniform visa for the entire territory of the Contracting Parties. The visa is issued for purposes of visits, which do not exceed the duration of three months. Harmonisation of visa policy also entails creating lists of countries whose nationals may enter the Schengen area without the requirement of a visa, and those that require a visa to enter. These are what were called positive and negative visa lists, respectively. Foreign nationals who require an entry visa because they come from a country on the negative list, have their freedom restricted. At first a negative list of 129 countries was agreed on. Later, a revised common visa list was adopted in March 2001 under the new EU visa policy after the incorporation of Schengen into the EU legal framework.57 It contains 132 countries whose nationals will require a visa to enter the Schengen/EU area. Other measures that may restrict freedom of movement of foreign nationals are the restrictions put on passenger carries such as carrier liability (Article 26) and penalties imposed on those assisting unlawful entry [Article 27(1)].58 Despite these restrictions on free movement the question that arises is, are there adequate safeguards in cases where one’s rights are infringed? As rules affect mainly persons, while in their countries of origin, are there clear procedures provided in case their rights are infringed? For instance, where a person applies for a visa and then the application is turned down, are there clear avenues for the person to complain or appeal?59 These issues are examined in detail in Chapter 11.

56 Article 5(2) of the Convention; See also a similar provision in Article 25(1) on issuing residence permits. 57 Council Regulation (EC) No 539/2001 of 15 March listing the third countries whose nationals must be in possession of visa when crossing the external borders and whose nationals are exempt from that requirement. 58 These issues are covered in detail in Chapter 11 below. 59 Kenyan case: Two young men who were brothers applied for a visa to the Netherlands and the visa application was rejected. As a result their names were entered in the Schengen Information System as persons to be refused entry in the Schengen area. Later, their school arranged for an educational trip to France and when the school applied for visa for the students, the rest of the students were granted visas but the two were refused on the basis of the entry in the SIS. Their father, who was outraged with the refusal, sought to bring an action against the embassy, but to his frustration he realised that there were no national avenues to present his case.

53

54

Chapter 2

2.4.4

Asylum Matters and Policies

Although asylum seekers are not in principle required to possess a visa in order to enter the Schengen area, conditions for acceptance of application for asylum are made stringent. The Schengen Convention introduced rules for responsibility for the processing of application for asylum in Articles 28-38. Application for asylum is considered on a ‘one-chance’ basis only. Consequently only one Contracting Party may consider application for asylum. The decision by one Contracting Party on an asylum application directed to it is binding on all the other Schengen States. If the country that has responsibility rejects the application, then no second application can be made to another member country. The Schengen Convention asylum rules are similar and based on the EU Asylum (Dublin) Convention of 15 June 1990 (now Regulation) which replaced the Schengen provisions.60 The asylum rules incorporated in the Schengen and the Dublin Regulation seems tilted to make it difficult for a person whose application has been rejected to stay in the EU/Schengen area. The rules apply common criteria such as the “one country rule”, where only one country can handle an application for asylum, and the “first country rule”, where only the country that an asylum seeker enters first, is the country to process the application. But there is a lack of common rules to safeguard the interests and rights of the asylum seekers. This is left to individual countries’ rules. The one country rule seems geared towards preventing an asylum seeker the right to stay or re-enter the EU/Schengen area once the asylum application has been rejected by one country. At the same time, the first country rule appears to deny an applicant the opportunity to present an asylum application to the country most likely to grant him or her favourable consideration. The objective of the Eurodac fingerprints system is to catch those who try to cheat under the Dublin Regulation through presenting more than one or multiple applications in different countries.61 It also serves the purpose of denying applicants a second chance of stay in the EU/Schengen area. 2.4.5

Police Co-operation Policies

The Schengen Convention has strengthened police co-operation among participatory countries. Considerations behind this are the need to prevent and combat international and organised crime. Traditionally, police powers ended at the national borders. Due to considerations of national sovereignty, police from one country were not allowed to extend their activities into the neighbouring country. Bilateral agreements could, however, be entered to allow the neighbouring police to assist their counterpart where criminals 60 A protocol agreed on in Bonn on 26 April 1994, provides that the Schengen rules on asylum will no longer apply upon the entry into force of the Dublin Convention in the determining the State responsible for examining applications for asylum lodged in one of the Member States of the EU. See also Article 142 of the Schengen Convention that provides for replacement or amendment of the Convention in the light of the conclusion between EC Member States of Conventions with a view of an area without internal frontiers. 61 See 9.3. below.

An Overview of the Schengen Co-operation

crossed borders or investigations extended to the neighbouring state.62 The Schengen Convention has changed this, and Contracting Parties’ police authorities can pursue culprits into the neighbouring country. Article 39 of the Convention establishes a general requirement for police co-operation. It provides that police authorities in the Schengen area may, within the limits of their respective national legal systems, provide their foreign counterparts with all kinds of assistance requested for the purpose of preventing and detecting criminal offences. Three main forms of police co-operation can be identified in the Schengen Convention: – exchange of information, – hot pursuit and – discreet surveillance. The exchange of information is among the oldest and most common form of police cooperation. It is preferred because it does not involve severe consequences for national sovereignty the way hot pursuit and discreet surveillance may. Police authorities in the Schengen area may request information as provided for in Article 39. They may also, on their own initiative, exchange information without formal request for assistance if this may help prevent future crime and offences against or threats to public security (Article 46). This is the task liaison officers seconded to police authorities in other Schengen States or third countries, under the framework of bilateral or multilateral agreements, are expected to perform (Article 47). The Schengen Information System is another form of exchange of information that enhances police co-operation. Discreet observation (Article 40) and hot pursuit (Article 41) are operational forms of police co-operation and are a Schengen novelty in the way they are practised.63 They challenge the concept of national sovereignty, which has been used earlier to restrict police co-operation to matters of exchange of information because they enable officers from one Schengen State to continue their operations into another Schengen State. In urgent cases, this is allowed without obtaining prior authorisation. Police co-operation is also extended to operational co-operation connected with deliveries of drugs (Article 73) to enable police and custom authorities to follow a drug trail to its final destination. Article 99 of the Convention allows for discreet surveillance by police. 2.4.6

Related Forms of Co-operation and Policies

The Schengen Convention also introduces tighter co-operation in other areas other than police and immigration. Judicial and criminal justice co-operation is also strengthened. This includes co-operation in areas of mutual assistance in criminal matters (Articles 48-53), extradition (Articles 59-66), and the transfer of the enforcement of criminal judgements (Article 67-69). The Schengen Convention in these areas builds on existing international co-operation. The Schengen Convention also provides safeguards against 62 Karanja, S. K. (2001a), pp. 31-33. 63 Nordic Police Co-operation also provides for hot pursuit, but it is not formal as in the Schengen and therefore depends on mutual assistance of the neighbouring police authorities.

55

56

Chapter 2

prosecution for the same offence in more than one Schengen State, the so-called non bis in idem principle (Articles 54-58). It envisages harmonisation of national laws on some aspects of drug policy relating to illegal trafficking, seizure and confiscation of assets derived from such traffic, and controlled deliveries of drugs (Articles 70-76) and minimum rules on the purchase, possession, sale and surrender of firearms and ammunition (Article 77-91). These forms of co-operation are not dealt with in this study. 2.4.7

The Schengen Information System64

The Schengen Information System (Articles 92-101), another novelty of the Schengen Convention, is a computerised database for registering data on wanted and unwanted persons and objects [Article 94(2)] (see 7 below). It enables the Schengen Contracting Parties to exchange data for the purposes of control on crime and illegal immigration (Article 93).65 The SIS is the most important compensatory measure in the Schengen Convention. It plays an important role in the implementation of the other compensatory measures on external border control, visa and entry policies, police and judicial co-operation in criminal matters. It is, however, one that has raised controversy as regards individual protection (see Chapter 8). 2.4.8

Data Protection

Inclusion of data protection provisions in the Schengen Convention is another novelty. It was the first time that a binding international Convention addressed data protection in these sectors. As such, data protection in the Schengen co-operation was an improvement on data protection in police and border control work, which was previously poorly regulated. Data protection provisions in the Schengen Convention, however, cannot be said to offer adequate safeguards. A full discussion and analysis of data protection in the Schengen Convention and especially SIS, is carried out in Chapters 7 and 8. The main features of data protection in the Schengen Convention include: – Provisions that incorporate some of data protection principles such as the principle of purpose, data quality, sensitivity and individual participation. – Provisions on supervision, both at national and joint levels. The provisions also call for establishment of national supervisory bodies and a joint supervisory body. – Provisions that call for legislation on data protection which provides for a minimum level of protection similar to that offered by the CoE Convention. 2.4.9

The Executive Committee

The Schengen Convention had set up an Executive Committee whose task is to ensure the correct implementation of the Convention (Article 131). But after the incorporation 64 The current SIS is to be replaced with SIS II. The proposed SIS II legislation has repealed Article 92-119 of the Schengen Convention which is the current legal basis of the SIS. 65 See detailed description of the Schengen Information System in Chapter 7.

An Overview of the Schengen Co-operation

of Schengen into the EU legal framework, the Executive Committee was replaced by the Council of the European Union (the Council). Consequently, from the date of entry of the Treaty of Amsterdam, the Council substituted itself for the Executive Committee.66 2.5

Schengen after Amsterdam: A Freedom, Security and Justice Paradigm

Schengen co-operation after the Amsterdam Treaty can only be understood and analysed from an EU legal and institutional perspective. The aim of incorporation is to make it possible to attain the goal of free movement of individuals, enshrined in the EC treaties, under a system that will not only guarantee people democratic control, but also offer them effective legal remedies if their rights are infringed. The Schengen Convention and the Dublin Regulation of Asylum have direct impact on fundamental rights but make no mention of the texts guaranteeing human rights. To this end, the Treaty of Amsterdam establishes an area of freedom, security and justice67 through introduction of a new title (Title IV) headed “Visa, Asylum, immigration and other policies related to free movement of persons” into the TEC. Police and judicial co-operation in criminal matters remain under the Third Pillar in the TEU. In addition, the Treaty of Amsterdam added new objectives of preventing and combating racism and xenophobia to the third pillar. This is Title VI of the EU Treaty. Incorporation of the Schengen area into the EU means that the Member States that are signatories to Schengen now conduct “closer co-operation” on abolition of internal borders within the institutional and legal framework of the European Union. As from 1 May 1999, when the Amsterdam Treaty entered into force, the Council of the European Union took over the place of the Executive Committee established by the Schengen 66 Article 2, Protocol annexed to the Treaty on European Union and the Treaty establishing the European Community. 67 1) ‘An area of freedom’ not only ensures the free movement of persons, according to the Schengen model, but also protects fundamental rights and combats all forms of discrimination. Similarly, respect for private life and, in particular, the protection of personal data, must be guaranteed. As regards asylum and immigration, most of the instruments adopted in the past were not binding. Since these areas are now covered by the EC Treaty, Community instruments can be adopted and genuine European policy defined. 2) ‘An area of security’ includes combating crime, in particular terrorism, trade in human beings, crime against children, drug trafficking, arms trafficking, corruption and fraud. A special action plan on crime was adopted in June 1997 at the Amsterdam European Council; another action plan against drugs was to be implemented in the period 2000-2004. The central role of Europol is emphasised, as an essential instrument for increased co-operation between the Member States, particularly at the operational level. 3) ‘An area of justice’, despite differences between the Member States, the Union’s objective is to guarantee European citizens equal access to justice and to promote co-operation between the judicial authorities. On civil matters, judicial co-operation should be aimed at simplifying the environment of European citizens. On criminal matters, it should strengthen the co-ordination of prosecution and provide a common sense of justice by defining minimum common rules for criminal acts, procedures and penalties. Emphasis is also placed on the specific case of cross-border disputes.

57

58

Chapter 2

Convention. The common rules established by the Schengen Convention are incorporated either into Title IV of the TEC or into Title VI of the EU Treaty. For the provisions whose legal basis has not been established yet, they are regarded as acts based on Title VI until the Council acting unanimously, has determined their legal basis.68 Incorporation also enhanced individual protection. It guaranteed democratic control and judicial control by giving citizens channels for appealing to the courts if their rights are violated. Appeal may be made to the European Court of Justice or national courts depending on the area concerned. That is, if the appeal concerns matters falling in Title IV or Title VI. Limitation on judicial control, however, still exists especially in matters involving exercise of national powers on internal security and maintenance and enforcement of law and order. Title IV of the TEC is a creation of the Treaty of Amsterdam. It deals with matters concerning free movement of persons, checks at external borders, asylum, immigration and protection for the rights of nationals of non-member states and judicial co-operation in civil matters. Prior to the Amsterdam Treaty, these areas were dealt with under the intergovernmental procedures under Title VI of the TEU (the Third Pillar). By transferring these matters to the competence of the Community under the First Pillar, the role of the EC institutions was enhanced. The Council, which played no role before, took over from the main decision making body the Schengen Executive Committee. The role of the Commission was also strengthened. Before, the Commission participated in Schengen deliberations as an observer, now it takes the role of initiating proposals to the Council. The European Parliament played no significant role in Schengen matters either. After Amsterdam, it has a consultative role. Over the first five years, after the new treaty came into force, the Council took decisions unanimously on proposals put forward by the Commission or a Member State. But the Council was required to consult the European Parliament before taking any decision.69 After that period, the Council takes decisions only on proposals from the Commission.70 The Commission is here granted the role of the sole initiator of proposals and no longer shares that task with Member States. The Commission, however, has to consider any request by a Member State for a proposal to be put before the Council.71 After consulting the European Parliament, the Council decides by unanimous vote to apply the co-decision procedure and qualified majority voting when adopting measures under Title IV, and to modify the clauses relating to the Court of Justice.72 After Amsterdam, the Court of Justice acquired jurisdiction over matters falling in Title IV. The Court does not, however, have jurisdiction on measures or decisions taken to abolish all checks on individuals (both EU citizens and non-EU nationals) when

68 69 70 71 72

See the discussion in 2.3 above. Article 67(1) of the TEC. Article 67(2) paragraph 1 of the TEC. Ibid. Article 67(2) paragraph 2 of the TEC.

An Overview of the Schengen Co-operation

they cross the internal borders.73 The exception is unfortunate because the Court, on such important measures or decisions which may adversely affect the rights of individuals, cannot review the powers of the Contracting Parties. Under Title IV TEC [Article 68(1)], if a national court of final appeal requires a decision by the Court of Justice in order to be able to give its judgement, it may ask the Court to rule on a question concerning the interpretation of the title or on the validity and interpretation of acts by the Community institutions that are based on it. Similarly, the Council, the Commission, or a Member State can ask the Court to rule on a question regarding the interpretation of the new title or of acts adopted on the basis of it.74 The matters falling under Title VI of the TEU after the Amsterdam Treaty concern police and judicial co-operation in criminal matters.75 The objective is to prevent and combat racism and xenophobia, terrorism, trafficking in persons and offences against children, drug trafficking, arms trafficking, and corruption and fraud.76 The above aims are achieved, – through closer co-operation between police forces, customs authorities and other competent authorities in the Member States, both directly and through Europol. – through closer co-operation between judicial and other competent authorities of the Member States, both directly and through Europol. – through approximation, where necessary, of rules on criminal matters in the Member States. The Amsterdam Treaty also spells out the objective of this Title VI more precisely and made closer co-operation necessary to be able to combat crime, which goes beyond national borders. The intergovernmental nature of this title did not change, but the roles of EU institutions were expanded. The Council of the European Union remains the key player in the decision-making process and may use joint positions, framework decisions, other decisions, and conventions to achieve the above objectives.77 The Commission is fully involved in the discussions in the areas covered by Title VI and its powers of initiative have been extended to cover all fields.78 The European Parliament has a consultative role. The Council is to consult the Parliament before adopting a framework decision or decision or establishing a convention. The Presidency and the Commission are to regularly inform the Parliament of discussions in the areas covered by this Title. Finally, the Parliament may ask questions of the Council or make recommendations to it. Each year, it shall hold a debate on the progress made in the areas covered by this title.79

73 74 75 76 77 78 79

Article 68(2) of the TEC. Article 68(3) of the TEC. Article 29 of the TEU. Ibid. Article 34(a-d) of the TEU. Article 36(2) of the TEU. Article 39 of the TEU.

59

60

Chapter 2

The Amsterdam treaty recognised the jurisdiction of the Court of Justice over matters in Title VI.80 The jurisdiction involves giving preliminary rulings on the validity and interpretation of framework decisions, as well as decisions on the interpretation of conventions and on the validity and interpretation of the measures implementing them.81 In addition, as regards preliminary rulings, the Member States are required to make individual declarations accepting the jurisdiction of the Court of Justice and stating which national court or tribunal is empowered to request the Court of Justice for a ruling.82 It follows that the jurisdiction of the Court of Justice is limited because such preliminary rulings will apply to those Member States, which have made a declaration accepting the jurisdiction of the Court.83 Under Article 35(5) of the TEU, the Court of Justice has no jurisdiction on matters involving maintenance and enforcement of law and order. The Court of Justice cannot review the validity or proportionality of operations carried out by the police or other law enforcement services of a Member States or the exercise of the responsibilities incumbent upon Member States with regard to the maintenance of law and order and the safeguarding of internal security. Again, this limitation of the jurisdiction of the Court is unfortunate because it is precisely in the exercise of powers on maintenance and enforcement of law and order that individual rights are most likely to be adversely affected. The jurisdiction of the Court is further limited on matters involving annulment under Article 35(6) of the TEU because an action of annulment can only be brought before the Court by Member States or the Commission. Private individuals and public interest groups cannot bring such an action, even in a situation where it involves infringement of a rule of law affecting the application of the Treaty. 2.6

11 September 2001 Aftermath: Re-emergence of the Security Paradigm

If the incorporation of Schengen into the EU framework seemed to improve individual protection, the events after 11 September 2001, can only be described as acting in the opposite direction. The freedoms and rights that had so far been achieved were suddenly under attack by governments aided by an acquiescing public. The USA, which was hit by 11 September attacks of terrorism, set things in motion by “immediately making public safety and national security its highest priority, quickly passing sweeping anti-terrorism legislation that dramatically expanded police and surveillance powers. In addition, new controls on physical movement and identity verification were imposed at border crossing and airports. The possibility of introducing compulsory identity cards and biometrics controls returned to the public debate.”84 80 81 82 83

Article 35 of the TEU. Article 35 (1) of TEU. Article 35(2) & (3) of the TEU. United Kingdom, Ireland, France and Denmark do no accept the jurisdiction of ECJ on third Pillar matters. These countries are therefore restricted to making submissions and observations in cases brought by others. Other countries like Spain permits only the highest courts to make a reference to the ECJ. 84 Cavoukian, A. (May 2003).

An Overview of the Schengen Co-operation

In the USA, laws such as the Uniting and Strengthening America by Providing Appropriate Tools to Intercept and Obstruct Terrorism Act (USA Patriot Act) were passed by the Congress on 26 October 2001. This was signed into law the next day by President Bush. It broadly expanded the powers of United States federal law enforcement agencies to investigate cases involving foreign intelligence and international terrorism.85 On 25 November 2002, the Homeland Security Act (HSA) was signed by President Bush. The consequence was to create a new Cabinet-level Department of Homeland Security (DHS) that consolidated 22 agencies into one department. These agencies included inter alia the Coast Guard, Customs Services, Secret Service, New Bureaus of Border Security and Citizenship and Immigration, and the Federal Emergency Management Agency. One of the Department’s main roles is to access, receive and analyse information collected from sources including intelligence agencies, law enforcement, and the private sector in order to identify and assess terrorist threats. It is also to produce “watch lists” which contain names of persons suspected of some involvement in terrorism, though not wanted for arrest.86 This is a clear licence to carry out data mining for information that will be used to create “watch lists” and profiles whose working is dubious as these target innocent people. Another measure introduced under the Department of Homeland Security is the United States Visitors and Immigrant Status Indicator Technology (US-VISIT) program, which is the entry-exit tracking system that collects digital photograph and fingerprint scan biometrics from those individuals travelling on a visa to the United States, then runs watch list checks on the data collected.87 As Koslowski observes, the US-VISIT Program will become more relevant to US-EU relations as states that are not in the US Visa Waiver Program join the EU and in the event that other EU Member States are unable to remain in the program and be required to be enrolled in US-VISIT, photographed and provide fingerprint scans upon entry into the US.88 Other additions to the list of anti-terrorist measures were the United States Transportation Security Administration (TSA) and Domestic Security and Enhancement Act. The TSA is a profiling system that uses a network of “supercomputers” intended to instantly assess every passenger’s background to identify potential ties to terrorism. The Draft Domestic Security and Enhancement Act, dubbed the Patriot Act II, provided for non-citizens’ deportation even if they had not committed any immigration violations, for the Freedom of Information Act to be amended so that the public would be restricted from obtaining the identification of detainees, and for DNA samples to be

85 Ibid. 86 Ibid.; See also Center for Democracy and Technology, The New Homeland Security Department – Challenge, Potential and Risk – Privacy Guidelines, Careful Oversight Required, www.cdt.org/security/homelandsecuritydept/021210cdt.shtml Accessed on 7 January 2005. 87 Koslowski, R. (2004). International Cooperation on Electronic Advance Passenger Information Transfer and Passport Biometrics. Paper prepared for presentation at the International Studies Association meeting, Montreal March 17-20. http://tecn.rutgers.edu/cgcg/Papers/ Koslowski%20-%20ISA%202004%20passports%206.pdf Accessed on 8 February 2005. 88 Ibid.; See also 10.4.2.2 below.

61

62

Chapter 2

collected from anyone suspected of being a terrorist even if that person had not committed a crime.89 While these developments were unfolding in the USA, the rest of the world was not dormant and terrorist laws were being enacted in different jurisdictions. Canada introduced an Anti-terrorism Act, Bill C-36 on 15 October 2001 and it became law on 18 December 2001. It amended the Anti-terrorism Act, the federal Access to information Act, the Privacy Act, and the Personal Information Protection and Electronic Documents Act to remove information from the operation of these statutes if the Attorney General of Canada should issue a secrecy order prohibiting the disclosure of information because it may harm international relations, national defence or security.90 On 13 November 2001, the United Kingdom introduced the Anti-Terrorism, Crime and Security Act which became law on 15 December 2001. Within a short period after 11 September major countries in the world had passed measures to deal with terrorism. The characteristics of these measures were to restrict freedoms and rights enjoyed there before. The EU, for its part was not left behind and within a short time it also passed a number of instruments with far-reaching consequences to freedoms and rights enjoyed by European Citizens. Statewatch observes that, in post September 11, there has been at the EU level (as well as the national level) an avalanche of new measures, new practices, new databases and new ad hoc unaccountable groups most of which have very little with countering terrorism but rather concern crime, the targeting of refugees, asylum seekers, the resident migrant population and protests and protestors, the creation of “EU-USA axis” for co-operation on border controls, immigration, extradition and other legal co-operation.91

Among the first measures to appear on the EU’s menu of restrictive measures were the Framework Decision on Combating Terrorism and the European Arrest Warrant at EU Council 6-7 December 2001. Although these measures were in the pipeline and not altogether new, the timing is what was important. The events of 11 September gave a new impetus to these initiatives. The Framework Decision on Combating Terrorism tended to broaden the concept of terrorism to cover protests and “urban violence”, therefore restricting freedoms of assembly and movement. The Framework Decision is binding and must be incorporated into national law across the EU and new Member States. The European Arrest Warrant raised constitutional issues for some Member States as regards possible extradition of their own nationals, and several states were opposed to

89 Cavoukian, A. (May 2003). 90 Ibid. 91 Bunyan, T. The war on freedom and democracy: An analysis of the effects on civil liberties and democratic culture in the EU. http://www.statewatch.org/news/2002/sep/analysis13. htm

An Overview of the Schengen Co-operation

the weakening of the dual criminality requirement.92 It did away with almost all of the checks and balances of the existing extradition procedure. Earlier, the extra-ordinary European Council of September 2001, which came immediately in the aftermath of the terrorist attacks on the USA, had invited Member States to strengthen controls at external borders and strengthen surveillance measures provided for in the Schengen Convention.93 The Council advocated vigilance when issuing identity documents and resident permits, recommended more systematic checking of identity documents for fraud, asked for more input to the Schengen Information System (SIS) from Member States, asked for consular co-operation and stepped-up information exchanges between Member States regarding visas.94 This set in motion events that were to lead to incorporation and use of biometrics in travel documents.95 The extra-ordinary Council also defined “terrorist group” as a structured group of persons, acting in concert to commit terrorist acts, regardless of its composition or the level of development of its structure. The Council also drew up a list of terrorist groups.96 The EU had its version of 11 September terrorist attacks in Madrid on 11 March 2004, which unleashed a swift response from the EU. The response was to review and reinforce counter-terrorist measures. Statewatch has identified and grouped together at least 57 such measures and found 27 had little or nothing to do with tackling terrorism. According to Statewatch, they deal with crime in general and surveillance. It adds that “it is hard to avoid the conclusion that the EU plans on the table are trying to exploit the recent tragedy to push through controversial and unwarranted measures.”97 Some of the measures that have been introduced may have far-reaching consequences for social and political control and surveillance in society. Such measures involve the logging of all telecommunications (emails, phone-calls, mobile-calls, faxes and internet usage), tracking of air travel in and out of and within the EU (effectively an EU version of the USA’s controversial Passenger Name Record PNR,98 Transportation Security 92 Statewatch Analysis no 1. The Conclusions of Justice and Home Affairs Council on 20 September 2001 and their implications to civil liberties. 93 Ibid. 94 See European Council 2001; Koslowski, R. (2004) supra. 95 See 9.4.2.1 below. 96 The list in the annex to the common position is drawn up on the basis of investigations carried out by the competent judicial and police authorities in the Member States; it may be added to and revised every six months, so as to keep it up to date. The list includes ETA (Basque Fatherland and Liberty), the IRA (Irish Republican Army), GRAPO (the First of October anti-Fascist Resistance Group), the terrorist wing of HAMAS, Palestinian Islamic Jihad and other revolutionary activist groups, as well as the names of individuals belonging to such groups. Osama bin Laden and individuals and groups associated with him do not feature on the list, as they are already listed in Council Common Position of 26 February 2001 concerning additional restrictive measures against the Taliban and amending Common Position 96/746/CFSP. 97 Statewatch ”Scoreboard” on post-Madrid counter-terrorism plans. 98 PNR data are created each time a passenger books a flight and are stored in the airlines reservation systems. The US Customs Service also requests PNR data from European based airlines.

63

64

Chapter 2

Administration’s Computer-Assisted Passenger Pre-Screening System CAPPs II99 and US-VISIT plans), and the fingerprinting of nearly everyone in the EU by the introduction of biometric passports and ID cards for citizens and the same for resident third country nationals. 11 September was a turning point as far as security worldwide was concerned, but not as regards the protection of persons. It is only after a couple of years that it is now dawning on the public that security cannot exist without protection of persons. The question to ask and answer is: do the measures being proposed go far enough to ensure adequate protection? 2.7

Conclusion

The Schengen accomplishment is phenomenal. It has established a large area of free movement involving a large number of people which is expanded further as new Member States join the EU. The challenge of striking a balance between security, legal immigration and individual protection especially for refugees and asylum seekers, however, still remains a pressing issue. The transfer of matters on immigration and crossing of internal borders to the First Pillar and Community law has strengthened the protection of individuals and institutional protection because EU law now applies in these matters. But leaving a portion of the Schengen Acquis, police, criminal and judicial co-operation under the Third Pillar with its weak legal and institutional protection, will continue to undermine individual protection and creation of a freedom, security and justice area. The new terrorist threats seem to complicate matters and the balance may become more elusive. In the following chapters, the adequacy of the existing safeguards will be examined. Finally, the question will be posed and answered as to whether the time is ripe for a post 11 September personal data protection regime which incorporates new safeguards that will meet the challenges of protection of individual rights in the new era.

99 CAPPS II conducts automated risk assessment of all airline passengers using PNR data together with commercially available databases and intelligence.

Part II: Theoretical Framework

3

Human Rights Law and Schengen

3.1

Introduction

The idea of human rights has deep historical roots, and not exclusively in the Western world. But its origins and justification are still controversial today. The formulation of human rights in documents such as the Bill of Rights and the Déclaration des droits de l’homme et du citoyen, however, are very much the product of both the Enlightenment and the rise of industrial society. Human rights are concerned with the protection of the individual from the intrusive nature of the state. This connection of human rights and the state links the origin of human rights to the rise of nation states. The need for nation states to maintain peace and order may have occasioned harm to individuals and human rights development aimed at protecting the individual from such harm. After World War II, human rights have also been viewed as an instrument of protection from ‘rogue’ states and authoritarian regimes such as Nazi Germany, Apartheid South Africa and military juntas. Even today, human rights have retained this character of protecting the individual from the state, although harm to an individual can be occasioned by other individuals or private bodies. With the intrusive nature of information and com-





 

Berting, J. (1990), p. 20; See also Heard, A. (1997). Human Rights: Chimeras in Sheep’s Clothing? “Human rights are a product of a philosophical debate that has raged for over two thousand years within the European societies and their colonial descendants” http://www. sfu.ca/~aheard/intro.html. Last accessed on 11 December 2007. See, Gewirth, A. (1998) pp 93+; Donnelly, J. (1991); Jacobsen, M (1997). On the Universality of Human rights, Thematic introduction to the workshop on Human Rights and Asian Values at the University of Copenhagen, 15-16 May 1997, http://nias.ku.dk/nytt/issues/97/2/michael/ body.html. Ibid. A rogue state, in the most general sense, is a state that abides neither by international law nor international standards of proper governance and behaviour: See http://psychcentral. com/psypsych/Rogue_nations.

68

Chapter 3

munication technologies, the state ceases to be the sole human rights violation culprit. Individuals and private organizations have been drawn into the picture. Articulation of human rights in international instruments such as the United Nation Declaration of Human Rights, 1948, is a recent development. As Hendriks and Nowak have noted, the experiences of the Second World War resulted in an important impulse to formulate and give legal protection to the inherent rights of human being, on both a national and an international level. The tragic developments caused by the rise of totalitarian regimes in Europe left no doubt that the departure from democracy not only leads to a continuous destruction of the rule of law and human rights, but also endangers international peace and security.

The assumption with a human rights approach is that there exist universal principles of human rights acceptable to all cultures. It is these universal principles that will be used to evaluate the legal limits in the Schengen co-operation. The term universal principles is used here in the perspective used by Dworkin (1977) to signify some general abstract principles that are based on a common social morality. At the same time, one is aware of the dangers of such a position. The risk here would be to ignore the opposing theory of cultural relativism of human rights and the general controversy of the origins and justification of human rights. Relativism may be understood from two levels. The first perception claims that a state or society can only be bound by its own standards, that it is free to treat individuals and groups as it pleases.  In other words, relativism is the negation of the essence of universal human rights. The second perception recognises that, cultural differences among the international community do exist. In the words of Michael Jacobsen, ethnic and cultural identities demand to be respected as social-political units in their own right. Nevertheless, such recognition does not imply a negation of universalism of human rights.10 The intention here, however, is not to go into these controversies, because they have been adequately discussed elsewhere.11 In addition, evaluation work requires one to be aware of these controversies but at the same time to turn a blind eye on them so as to be able to find criteria for evaluation. This is what is done here, it is accepted that there are universal principles of human rights as outlined in most human rights legislations that allow evaluation of the happenings in the Schengen area. 

Data protection laws attempt to cure this anomaly by being applicable to both public and private organs. Whether they succeed or not is not within the scope of the discussion here.  Hendriks, A. and Nowak, M. (1993), p.243.  Preamble to the UN Universal Declaration of Human Rights: The General Assembly proclaims this Universal Declaration of Human Rights as a common standard of achievement for all peoples and all nations, (…).  Dworkin, R. (1977) Taking Rights Seriously, London, Duckworth: “Rights as a scheme of abstract and concrete principles, derived from the ‘community’s moral tradition’ and which can provide a coherent justification for judgment.” pp. (81-83, 90-94, 116-26).  An-Na’im, A. (1998). 10 Jacobsen, M. (1997), supra. 11 See note 23 op. cit.

Human Rights Law and Schengen

At the same time, cultural relativism is rejected as long as it is used to negate the essence of universal human rights in order to justify violation of individual and groups rights. As noted above and Abdullahi An-Na’im emphasises, “the essence of human rights is to protect individuals and groups against the excesses of their own state or society on the basis of internationally agreed standards that apply equally to all societies.”12 The universal principles of human rights are found in national constitutions, laws and international human rights instruments. On the international level, the most important instruments are; the United Nations Declaration of Human Rights, the United Nations Covenant on Civil and Political Rights, the United Nations Covenant on Economic, Social and Cultural Rights and on the regional level, the European Convention for the Protection of Human Rights and Fundamental Freedoms. Other regional instruments exist but they are of little significance here because the scope of the Schengen co-operation is limited to the European continent. But they are important to the extent that they confirm the universality of human rights. Before the enactment of the Charter of Fundamental Rights of the European Union,13 the general principles of human rights as established and practiced by the European Court of Justice were the most important point of reference though not codified into law.14 The EU Charter is now an even more significant point of reference, especially after its incorporation into the EU Constitution Treaty.15 This chapter presents the main human rights legislations, focusing on their universality and relevance to the Schengen co-operation, the ultimate aim being to identify the most relevant instrument for evaluation of the Schengen police co-operation and border control policies. As such, it lays the basis for a thorough analysis of the main human rights methodology as found in the European Court for Human Rights case law which follows in the next chapter. The presentation traces human rights ideals and protection as found in the national constitutions and the main international human rights instruments. Emphasis is placed mainly on provisions relevant to the scope of this work, especially matters touching on police and border control co-operation. 3.2

Constitutional Protection

Constitutions set out the norms that govern the distribution of political powers in society and the ways in which, and purpose for which these powers are to be exercised.16 In addition, modern constitutions incorporate individual protection against the acts of State authorities and other individuals, the basic rights which citizens have against the State.17 It is this second aspect of the constitution that is of interest in here. The significance of entrenching individual protection in the constitution stems from the fact that 12 13 14 15 16 17

An-Na’im, A. (1997), supra. OJ 2000/C 364/01. See 1.5.1.7 above. CONV 850/03. Jones, H. W. (1980), p. 14. Youngs, R. (1998), p. 1.

69

70

Chapter 3

the constitution is regarded as a superior source of law in a national legal system. As the highest legal source, any other legal provisions that are inconsistent with constitutional provisions are invalid. In other words, the constitution is lex superior (superior law) as regards other laws.18 Other laws must conform to the provisions of the constitution to be valid law. From the foregoing, the superiority of the constitution over other laws works in favour of incorporating individual protection in the constitution because other laws (statute law) must be in concordance with the constitution. If individual protection is not guaranteed under the constitution, then by implication statute law could come into force that may repeal or undermine existing individual protection in older statutes. This is the case in Great Britain, which does not have a written constitution and individual protection provisions are spread in a number of statutes. New statutes could be enacted that would repeal for instance statutory principles containing human rights in the Magna Carta and the Bill of Rights of 1689. This actually happened when Article IX of the Bill of Rights 1689 was amended by §13 of the Defamation Act, 1996.19 Modern constitutions have embedded individual rights in their provisions. In America, the Bill of Rights was incorporated in the Constitution of United States of 1787. In France, principles of individual rights were also incorporated into the Declaration of the Rights of Man and of the Citizen. Another important and recent example of entrenchment of human rights into a constitution is the German Constitution. Its present form is the Basic Law, which came into form in 1948, in respect of West Germany. Since the unification of Germany in 1990, the Basic Law was extended to cover the whole of the country, with few amendments.20 The Norwegian Constitution of 1814 did not mention human rights directly, however human rights ideas were influential in its formulation.21 As important as it is, constitutional entrenchment of human rights has its shortcomings. A constitution is national in character and a reflection of social, cultural, political and legal values of the society in which it is made. Constitutional human rights guarantees are therefore values, which that society holds to be important and they differ from country to country. In most constitutions, these guarantees are not expressed as human rights but rather as fundamental rights and freedoms. The term “fundamental rights” indicates the basic character of the rights. It represents the concept of the Grundnorm, the basic norm in the light of which every other norm must be reviewed.22 Entrenching of fundamental rights in a constitution, therefore, implies that no law can be enacted that undermines fundamental rights. Amending the constitution, however, can change fundamental rights.

18 19 20 21 22

See also Andenæs, J. (1998), p. 10. Youngs, R. (1998), p. 89. Ibid. p. 4. Andenæs, Johs. Supra p. 43: See also Helst, P. & Stordrange, B. (1998), p. 373. Betten, L. & Grief, N. (1998), p. 14.

Human Rights Law and Schengen

On the other hand the term “human rights” reflects more the idea of inalienable rights of human beings, with which no State can interfere.23 This is in line with the wordings of the American Declaration of Independence, “we hold these truths to be self-evident, that all men are created equal, and that they are endowed by their Creator with certain unalienable rights (…).” The same theme of unalienable rights is found in the French Declaration of the Rights of Man and of the Citizen of 1789. Article 1 of the Declaration reads “All people shall have equal rights upon birth and ever after”. International human rights instruments represent human rights as universal, and do not use the term unalienable. The term “universal” means that human rights apply to all people. The preamble of the United Nation Universal Declaration of Human Rights states that it is meant to be “(...) a common standard of achievement for all peoples and all nations hence giving it a universal applicability and character. The wording of Universal Declaration in Article 1 “All human beings (…)” and other articles of the Declaration e.g. Article 3 “Everyone (…)” imply the universal character of human rights. The Declaration in Article 30 prohibits any State, group or person from undermining the rights and freedoms set in the Declaration. This is a prohibition of the use of any of the provisions of the declaration to restrict the rights and freedoms guaranteed in the declaration. In a way, this article represents the unalienable character of human rights. The insertion of this article reflects the fear at the time of negotiation on the Declaration of resurgence of Nazism and that States, groups and individuals in society could easily undermine the rights and freedoms protected in the Declaration not withstanding constitutional guarantees. The need, therefore, to present human rights as international and universal was pressing, in order to remove them from the restrictions of the doctrine of national sovereignty and make them a concern of the international community. 3.3

International Human Rights Protection

3.3.1

UN Charter

The United Nations Charter lays the legal basis for UN international instruments on protection of human rights. It also provides the impetus for further improvement in the protection of human rights.24 The UN Members, in the Charter’s preamble “reaffirm faith in fundamental human rights (…)”. In Article 1(3), it is stated that the purpose of the UN is inter alia … to promote and encourage respect of human rights and fundamental freedoms for all without distinction as to race, sex, language, or religion. Article 55 is of particular significance because it recognises respect for and observance of human rights and fundamental rights as a prerequisite for peace in the world and among nations. Article 56 enhances the significance of Article 55 by requesting all Members to pledge themselves to take joint and separate action in co-operation with the UN for the achievement of the purposes set out in Article 55.

23 Ibid. 24 Brownlie, I. (1990), p. 569.

71

72

Chapter 3

3.3.2

UDHR

The United Nations Universal Declaration of Human Rights is the first attempt to categorise international human rights and freedoms. Its importance as a legal source for international human rights law is disputed because of its non-binding nature.25 The Declaration has to a great extent, however, had extensive effect on national law in many member countries, as tribunals have expressly invoked it. It also has immense indirect legal effect and has rightly been regarded as a part of the ‘law of the United Nations’.26 In addition, it has played a significant role as an aid to interpretation of human rights issues. The European Court of Justice has invoked it as an aid to interpretation of the European Convention of Human Rights,27 and the International Court in relation to the detention of hostages ‘in conditions of hardship’.28 For the purposes of this study, the Universal Declaration is an important legal source of refugee law. Article 14 of the Declaration guarantees the right to asylum, and states that “Everyone has the right to seek and enjoy in other countries asylum from persecution”. This right suffers, however, from one weakness due to the non-binding nature of the Declaration. States are not obliged to grant asylum, as “to grant asylum to a refugee falls within the sovereign discretion of a state and flows directly from territorial supremacy.”29 The binding Geneva Convention on Refugees 1951 was intended to elaborate on Article 14 of the Declaration especially by providing for asylum seekers entry into a foreign country in order to seek asylum. The non-refoulement clause, Article 33, prohibits the return of a refugee to a country where he/she would be persecuted once asylum has been granted. Other articles in the UDHR relevant for this study are Article 13 on freedom of movement and Article 12 on privacy. Both articles have been elaborated in the binding ICCPR30 and other regional human rights instruments such as the ECHR.31 3.3.3

ICCPR

The International Covenant on Civil and Political Rights, 1966 and the International Covenant on Economic, Social and Cultural Rights, 1966 elaborate on the provisions in UDHR. It is the ICCPR, however, that will be the concern here because it incorporates the rights that are relevant to this enquiry. In a nutshell, the ICCPR defines and circum-

25 Sieghart, P. supra p. 53: But most legal commentators now view UDHR as customary international law. 26 Brownlie, I. supra. p. 571. 27 Golder case, ILR 57, 201 at 216-17. See also Ibid. p. 571. 28 Case concerning United States Diplomatic and Consular Staff in Tehran, ICJ Reports (1980), 3 at 42 (para. 91); See also Ibid. p. 571. 29 Brandl, U. (1997), p. 203. 30 Article 12 & 17 of the ICCPR. 31 Article 8 ECHR and Article 2 of the Protocol No. 4 of the ECHR.

Human Rights Law and Schengen

scribes, in the first 27 Articles, in greater detail the civil and political rights set out in the UDHR. The ICCPR is binding and therefore of great value as a legal source. Article 2 calls on State parties to respect and to ensure to all individuals within their territories the rights recognised in the Covenant. The implication here is that although the Covenant leaves it to the State parties concerned to choose their method of implementation in their territories, the implementation does not depend solely on constitutional or legislative enactment, which in themselves, are often not sufficient.32 The State parties are obliged to undertake specific activities to enable individuals to enjoy their rights. For example, it is not enough for a State party to point to the fact that it has enacted legislation prohibiting racial discrimination but does nothing to punish instances of racial discrimination. The Covenant also establishes a Human Rights Committee (HRC) with competence in three areas. First, the HRC has been given power to receive and comment on reports submitted by the State Parties on the measures they have adopted to comply with their obligations under the Covenant. Second, it has power to investigate complaints by State Parties of failures by other State Parties to fulfil their obligation under the Covenant. Third, the Optional Protocol to the Covenant gives the HRC power to investigate complaints from individuals who allege to be victims of violations of the provisions of the Covenant. This last aspect of the HRC is significant both as a legal source and interpretation of the Covenant. The importance of the decisions of the Committee are watered down, however, because they are not binding to the State Parties as there is no public determination of the issues on a judicial or quasi-judicial basis.33 But the decisions are highly influential, and do lead to states amending and enacting laws or behaving in line with the decision.34 3.3.4

ECHR

The European Convention on Human Rights and Fundamental Freedoms (ECHR) is the most significant international human rights legal source in Europe. It did not, however, develop in isolation, as it was highly influenced by the UDHR as stated in the preamble. An initiative of the Council of Europe, the ECHR was signed by Member States in 1950 and entered into force in 1953. Twelve protocols, which add to the category of rights and freedoms, have since been appended to the Convention. Due to the work of the European Human Rights Commission (which has been abolished) and the European Court of Human Rights, the Convention has had immense influence on decisions of national courts and the policy of the national legislatures. These institutions have developed a substantial and extensive jurisprudence in the interpretations and application of the Convention’s provisions that have led many countries to change their legislation to be in line with the decisions.35 For example, the De Becker case (1963) 32 See 3.2. above. 33 Brownlie, I. supra p. 573. 34 Toonen v. Australia, Communication No. 488/1992, U.N. Doc CCPR/C/50/D/488/1992 (1994). 35 Sieghart, P. supra p. 27.

73

74

Chapter 3

resulted in a change in Belgian legislation. In this respect, the Court is unquestionably the world’s most powerful international human body.36 The Convention, in its first 18 Articles, provides for civil and political rights and freedoms to be enjoyed by those residing in a Member State. Article 1 states the obligation of the Member States in absolute and immediate terms, requiring them to “secure to everyone within their jurisdiction, the rights and freedoms defined in the Convention. This Article emphasises the universal nature of human rights by the use of the term “everyone”. The Convention thus protects not only the rights of citizens, but also those of aliens, stateless persons and persons lacking legal capacity, such as children or the severely disabled.37 Article 17 prohibits any State, group or person any right to engage in any activity or perform any act aimed at the destruction of any of the rights and freedoms set forth in the Convention. Similarly, as in Article 30 of the UDHR, this Article signifies the unalienable nature of human rights. Article 15 permits measures derogating from the obligations under the Convention ‘in time of war or other public emergency threatening the life of the nation’. Other limitations on the individual enjoyment of the rights are incorporated in specific provisions such as in Articles 8 (private and family life, home and correspondence), Article 9 (freedom of thought, conscience and religion), Article 10 (freedom of expression) and Article 11 (freedom of peaceful assembly and association). But derogation is not allowed under the provisions in Article 2 (right to life, except in respect of deaths resulting from lawful act of war), Article 3 (torture and inhuman punishment), Article 4(1) (slavery and servitude) and Article 7 (no retrospective punishment). This theme of derogation and limitations is important because it marks the weakness of international human rights protection and is the subject of analysis in the next chapter. 3.4

EC Human Rights Law

3.4.1

After the Amsterdam Treaty

Neither of the earlier treaties, Treaty of Paris and the Treaty of Rome, contained any allusion to the protection of fundamental human rights. Despite this absence of any reference in the original constituent Treaties to the protection of fundamental human rights, the European Court of Justice began in the late 1960s to affirm that respect for such rights was part of the legal heritage of the community.38 The EU’s commitment to respect human rights was explicitly indicated for the first time in an EC Treaty in the Maastricht Treaty. Article F.2 of the Maastricht Treaty imposed an obligation on the Union to, respect fundamental rights as guaranteed by the European Convention for the Protection of Human Rights and Fundamental Freedoms signed in Rome on 4 November 1950 and as they

36 Tomkins, A. (1997), p. 2. 37 Gomien, D. (1991), p. 14. 38 Alston, P. & Weiler. J. H. H. (1999).

Human Rights Law and Schengen

result from the constitutional traditions common to the Member States as general principles of Community law.

Even this explicit reference did not, however, put questions regarding the protection of fundamental rights and human rights in the EU to rest. Article F (2) did not include the jurisdiction of the Court of Justice and this meant that the Court could not rely on this Article as a binding source of the protection of fundamental rights and human rights in the European Community.39 It meant that the uncertainty regarding protection of human rights in the EC was to continue until the Amsterdam Treaty put it to rest in 1997. The Amsterdam Treaty strengthened EU human rights law provisions and made them more explicit in the European Union Treaty. The Treaty does this in four main ways. Firstly, it states in Article 6 (1) (ex Article F) TEU for the first time that, The Union is founded on the principles of liberty, democracy, respect for human rights and fundamental freedoms, and the rule of law, principles that are common to the Member States.

Secondly, it makes respect for the principles in Article 6 (1) a condition, which other European States wishing to apply for membership in the Union must meet. Article 49 (ex Article O) TEU states that, Any European State which respects the principle set out in Article 6 (1) may apply to become a member of the Union. (…).

That means that any State applying for EU membership has to be scrutinized as to its respect for the principles set out in Article 6(1) and more specifically its respect for human rights. In its meeting in Copenhagen in 1993, the European Council set forth political criteria to be met by countries applying for membership in the EU. It stated that, membership requires that the candidate country has achieved stability of institutions guaranteeing democracy, the rule of law, human rights and respect for and protection of minorities.

This was the basis that the Commission used to assess the request for membership by the new Member States from Central and Eastern Europe.40 Thirdly, another innovation of the Amsterdam Treaty is that, for the first time it establishes a sanction provision, Article 7 TEU, which can be applied to a Member State which violates or fails to respect and observe these principles. Under this provision, a Member State judged by its peers to be in “serious and persistent breach” of these principles may have the sanctions applied. Article 7 (2) TEU States that, 39 O´Leary, S. (1998), p.111; See also Weiler, H. H. J. & Fries C. S. (2000). 40 These countries are Cyprus, Estonia, Hungary, Latvia, Lithuania, Malta, Poland, Czech Republic, Romania, and Slovakia.

75

76

Chapter 3

Where a determination according to Article 7 (1), the Council, acting by a qualified majority may decide to suspend certain of the rights deriving from the application of the rights deriving from the application of this Treaty to the Member State in question, including the voting rights of the representative of government of that Member State in the Council. (…).

This principle has its origin in the Reflection Group; it is clearly seen as a necessity connected with the accession of new members that do not have a long democratic tradition, where democracy might prove precarious.41 The provision did not exist long before it came in actual use. The provision was applied against Austria, when the Austrian ruling party decided to share power with the Freedom Party, which was regarded as having right extremist racist views. Fourthly and in a very important way, the jurisdiction of the Court of Justice is extended in matters relating to visas, asylum, immigration and other policies related to free movement of persons42 and on matters relating to police and judicial co-operation in criminal matters.43 These matters were previously dealt with under the Third Pillar of the Maastricht Treaty and were not subject to the jurisdiction of the ECJ. After the Amsterdam Treaty, issues concerning visas, asylum, immigration and free movement of persons were transferred to the First Pillar and therefore the jurisdiction of the ECJ automatically became applicable. The issues of police and judicial co-operation in criminal matters still remained in the Third Pillar. The difference, however, was that the jurisdiction of the ECJ was also extended to this intergovernmental pillar. Although the jurisdiction of the ECJ was enlarged to cover these areas, its judicial review powers were still restricted in some ways that would affect enjoyment of individual rights. Article 68(2) TEC provides that the Court “shall not have jurisdiction to rule on any measure or decision taken pursuant to Article 62(1) relating to the maintenance of law and order and the safeguarding of internal security.” Similarly, under Article 35(5) TEU set out another exclusion from the jurisdiction of the Court. The Court cannot “review the validity or proportionality of operations carried out by the police or other law enforcement services of a Member State or the exercise of the responsibilities incumbent upon Member States with regard to the maintenance of law and order and the safeguarding of internal security.” Since these articles and the Schengen deal with matters of law and order and national security, the limitation is unfortunate. In other ways, the Amsterdam Treaty extended the principle of non-discrimination on grounds of nationality enshrined in Article 12 of the TEC by making it possible for the Council to take action “to combat discrimination based on sex, racial or ethnic origin, religion or belief, disability, age or sexual orientation.” The new Article 13 TEC states that Without prejudice to the other provisions of the Treaty and within the limits of the powers conferred by it upon the Community, the Council, acting unanimously on a proposal from the Commission and after consulting the European parliament, may take appropriate action 41 Petite, M. (1998). 42 Title IV, TEC. 43 Title VI, TEU.

Human Rights Law and Schengen

to combat discrimination based on sex, racial or ethnic origin, religion or belief, disability, age or sexual orientation.

The procedure applicable to this Article is different from that applied to Article 12. The latter has direct effect but the former allows only for secondary legislation. In addition, the procedure in Article 13 still requires unanimity, with the European parliament merely being consulted. Due to this difference, it was seen necessary to separate the two articles in order to ensure that Article 12 on non-discrimination on the grounds of nationality could continue to have direct effect and the concomitant case law could continue to apply.44 The Amsterdam Treaty, in another step toward protection of individual rights, introduced a new Article 286 in the EC Treaty, which applies community data protection acts to EC institutions and bodies. It also requires establishment of an independent data supervisory body, responsible for monitoring compliance and to adopt any other relevant provisions as appropriate. Pursuant to this provision, the EU enacted the Regulation on data protection to apply to the EU institutions.45 Despite these clear provisions on human rights, the EU protection of human rights regime was still perceived as weak because it lacked a category of rights. Lack of a Bill of Rights that indicates which rights are protected was regarded as a serious omission. Suggestions were made for the Community to accede to the ECHR but without success. The European Parliament had been especially vocal in this. It had adopted many resolutions on respect of human rights in the European Union, which included calling for accession and codification of fundamental rights to ensure that rights are comprehensively safeguarded under Community law.46 Opposition originated from some Member States and the ECJ. The countries that expressed opposition were Great Britain, Germany, France and others. During the negotiation of the Amsterdam Treaty, some Member States wanted to go further by having the Union or the Communities as such adhere to the ECHR. But this was not agreed since other Member States believed that it could cause serious legal difficulties and lead to a conflict of jurisdictions between the European Court of Human Rights in Strasbourg and the Communities’ own Court of Justice in Luxembourg.47 44 Petite, M. supra. 45 Regulation (EC) No 45/2001 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by the Community Institutions and Bodies and on the Free Movement of such Data; See also 5.2.5. below. 46 See, Joint Declaration of 5 April 1977 by the European Parliament, the Council and the Commission on the protection of fundamental rights (OJ C 103 of 27.04.1977); Resolution adopting the Declaration of fundamental rights and freedoms (A 2-3/89, OJ C 102 of 16.05.1989); Resolution on the community charter of fundamental social rights of 22 November 1989 (A 3-69/89, OJ C 323 of 27.12.1989); Resolution on the constitution of the European Union (A 3-0064/94, OJ C 61 of 28.02.1994); Resolution on the establishment of the charter of fundamental rights (B 5-0110/1999, OJ C54 25.02.2000 p.93); Resolution on the drafting of a European Union charter of fundamental rights (A 5-0064/2000). 47 Irish Government: White Paper on the Amsterdam Treaty.

77

78

Chapter 3

The ECJ has shown a clear dislike and discomfort in the suggestion of application of the ECHR to the Community. Its objection arose from the fact that accession would mean that the European Community would become a party to the ECHR and would be bound by the convention and by interpretations by the European Court of Human Rights of the Convention’s provisions.48 In its report of 28 March 1996, the Court found that the Community was not empowered to accede to the ECHR. It stated that, Article 308 (235) was not sufficient basis for such authority. Accession to the ECHR would be equivalent to an amendment of the Treaty, since it would result in an essential change in the present Community system for protecting human rights, as it would entail the Community’s integration into a different institutional system governed by international law and the incorporation of all the provisions of the ECHR into Community law.49

Accession would have had obvious advantages to the protection of human rights in European Union, among them, it would ensure visibility of the rights protected and ensure that fundamental rights enjoy a higher law status in the Community.50 Another attempt was to establish an EU human rights charter. During the October 1999 European council meeting in Tampere, an agreement was reached on the composition and working methods of a drafting body as well as on the practical arrangements of its activities. After the drafting of the charter was completed, the European Parliament gave its agreement on 14 November 2000 and the Commission on 6 December 2000. The Presidents of the European Parliament, the Council and the Commission signed and proclaimed the Charter on behalf of their institutions on 7 December 2000 in Nice, France. 3.4.2

The Charter of Fundamental Rights of the European Union

The European Union Charter of Fundamental Rights sets out in a single text, for the first time in the European Union’s history, the whole range of civil, political, economic and social rights of European citizens and all persons residing in the EU. These rights are divided into six sections: Dignity, Freedoms, Equality, Solidarity, Citizens’ Rights and Justice. The legal status of the Charter, whether to make it legally binding by incorporating it into the TEU, was not determined yet. The question of its legal status arose at the Cologne meeting. The Convention endowed with responsibility to draw the draft, did so with a view to its possible incorporation. The European Parliament voted in favour of such incorporation. For its part, the Nice European Council decided to consider the question of the Charter’s legal status during the general debate on the future of the European Union, which was initiated on 1 January 2001. Despite this uncertainty in legal status, the significance of the Charter could not be underplayed as the speeches by leaders of the main EU political institutions clearly showed. Mr Jacques Chirac, President of the European Council 48 O’Leary, S. (1998), p. 112. 49 [1996] ECR I-1759. 50 See for details O’Leary, S. supra.

Human Rights Law and Schengen

In Nice, we proclaimed the European Union Charter of Fundamental Rights, a text which is of major political importance. Its full significance will become apparent in the future and I wish to pay tribute to your Assembly for the major contribution it has made to its drafting. (Strasbourg, 12 December 2000)

Mrs Nicole Fontaine, President of the European Parliament A signature represents a commitment (...). I trust that all the citizens of the Union will understand that from now on (...) the Charter will be the law guiding the actions of the Assembly (...). From now on it will be the point of reference for all the Parliament acts which have a direct or indirect bearing on the lives of citizens throughout the Union. (Nice, 7 December 2000)

Mr Romano Prodi, President of the Commission In the eyes of the European Commission, by proclaiming the Charter of Fundamental Rights, the European Union institutions have committed themselves to respecting the Charter in everything they do and in every policy they promote (...). The citizens of Europe can rely on the Commission to ensure that the Charter will be respected (...). (Nice, 7 December 2000).

The legal sources of the rights in the Charter are diverse. It is based, in particular, on the fundamental rights and freedoms recognised by the European Convention on Human Rights, the constitutional traditions of the EU Member States, the Council of Europe’s Social Charter, the Community Charter of Fundamental Social Rights of Workers and other international conventions to which the European Union or its Member States are parties. As such, the Charter is perhaps the most comprehensive human rights instrument in the modern times. Specifically, the Charter recognises the new developments in technology and tailors its protection scope accordingly, in particular Articles 7, & 8. Article 7 on respect for private and family life states that, “Everyone has the right to respect for his or her private and family life, home and communications”. This right is based on Article 8 of the ECHR, however, with a minor amendment. In order to take account of developments in information and communication technologies, the word “correspondence” in the ECHR has been replaced by “communications”.51 Inclusion of Article 8 on protection of personal data is unique, because, for the first time, protection of personal data is incorporated into a human rights instrument. This has the effect of lifting and giving data protection a human rights status. It may also signal a separation of the right of privacy and data protection. Previously data protection as a human right could only be derived indirectly from the protection of the right of privacy. This change may be more significant than it seems at present. We will come back to this discussion later. Other rights important for this research that the Charter protects are the right to asylum, Article 18, protection in the event of removal, expulsion or extradition, Article 51

House of Lords - European Union Committee, Eight Report 1999-2000.

79

80

Chapter 3

19, the non-discrimination right, Article 21, right of access to documents, Article 42, and freedom of movement and of residence, Article 46. Article 51 on scope of the Charter, limits its application to the institutions and bodies of the Union with due regard to the principle of subsidiarity and to the Member States only when they are implementing Union law. The charter applies primarily to the institutions and bodies of the Union. These are institutions as defined by Article 7 of the EC Treaty and the bodies are all authorities set up by the Treaties or by secondary legislation Article 286 (1) of the EC Treaty. As regards application to Member States, this is in line with the ECJ case law, “that the requirement to respect fundamental rights defined in a Union context is only binding on the Member States when they act in the context of Community law”. This principle, as enshrined in the Charter, applies to the central authorities as well as to regional or local bodies, and to public organisations, when they are implementing Union law.52 The scope of the guaranteed rights is defined in Article 52. The rights may be limited only where such limitation is based on law and respects the essence of those rights and freedoms. Further, subject to the principle of proportionality, limitations may be made only if they are necessary and genuinely meet objectives of general interests recognised by the Union or the need to protect the rights and freedoms of others. But, where a right is granted by a Community treaty or Treaty of the European Union, the exercise of the right should be in accordance with the conditions and limits defined by those treaties. In addition, where the rights in the Charter correspond with rights guaranteed by the ECHR, the meaning and scope of those rights shall be the same as those laid down by the Convention. This provision is meant to create harmony and consistence between the Charter and the ECHR. But the Union, can where it deems necessary, provide more extensive protection without violating this provision. Article 53 is on level of protection. It serves to enhance the last Article by providing that the level of protection in the Community should not be lower than currently accorded by Union law, national law and international law. In particular, the level of protection afforded by the Charter may not, in any instance, be lower than that guaranteed by the ECHR, with the result that the arrangements for limitations may not fall below the level provided for in the ECHR.53 Finally, Article 54 prohibits abuse of the rights enshrined in the Charter by any State, group or person. This goes to the core of international human rights protection, that “human rights are concerns of international community”. 3.4.3

The EU Constitution Treaty

The Draft Treaty establishing a Constitution for Europe54 was adopted by consensus by the European Convention on 13 June and 10 July 2003. On 5 January 2005, the European Parliament ratified the Constitution and urged all Member States to ensure “all possible efforts be deployed to inform European citizens clearly and objectively about the 52 Ibid. 53 Ibid. 54 CONV 850/03.

Human Rights Law and Schengen

content of the Constitution”. Before it becomes law the Constitution must be ratified by all 25 Member States, a task that is not expected to be easy as Euro-sceptic opinion runs strong in some Member States including Britain and Denmark.55 The Constitution is to be ratified either in parliamentary votes or by referendum before it takes effect. The draft Treaty: – Reforms the institutions of the EU – Incorporates a Charter of Fundamental Rights – Changes the way the EU works, including granting the Union some new powers or competences – Enhances the role of national parliaments. All in all, the draft Treaty is composed of the text of current Treaties, and as such much of what it provides is not new. For the purposes of this work, the most significant development is the incorporation of the Charter of Fundamental Rights. Article 2 re-emphasises what the Treaties provide, that “the Union is founded on the values of respect for human dignity, liberty, democracy, equality, the rule of law and respect for human rights.” It is, however, Article 7 under Title II on fundamental rights and citizenship of the Union that incorporates the Charter into the Constitution. It provides in Article 7 (1) that “the union shall recognise the rights, freedoms and principles set out in the Charter of Fundamental Rights which constitutes Part II of the Constitution.” This provision enhances the status of the Charter which is non-binding in character currently as it will become binding with the ratification of the Constitution by Member States. Another significance of Article 7 is that it settles the old conflict between the European Parliament, some Member States and the ECJ on the accession of the EU to the ECHR. Article 7 (2) provides for such accession which has always been supported by the European Parliament and some Member States but opposed by the ECJ and other Member States. It states that, The Union shall seek accession to the European Convention for the Protection of Human Rights and Fundamental Freedoms. Accession to that Convention shall not affect the Union’s competences as defined in the Constitution.

The effect of this provision is to overturn the ECJ judgement in its Opinion 2/94 [1996] ECR 1-1759.56 Paragraph 3 of Article 7 confirms the sources for the general principles of the Union’s Law to be the fundamental rights as found in the ECHR and the constitutional traditions common to the Member States. It states that,

55 But ratification suffered a serious blow already following rejection of the Constitution in French and Dutch referenda in 2005. 56 See also above in 3.4.1.

81

82

Chapter 3

Fundamental rights, as guaranteed by the European Convention for the Protection of Human Rights and Fundamental Freedoms, and as they result from the constitutional traditions common to the Member States, shall constitute general principles of the Union’s law.

3.5

Conclusion

The instruments discussed above form the legal basis for evaluating what is happening in the Schengen area. The United Nations instruments are important because most of the Schengen countries are signatories to them and the obligations imposed by these instruments apply to these countries. The one most important instrument, however, is the ECHR because of its general practice and application in the Schengen countries. The Schengen countries, without exception, are signatories and accept the obligations arising from the provisions of the Convention. As a matter of statistics, none of the Schengen countries have escaped being found in violation of one (or more) of the provisions of the Convention by either the (now defunct)57 European Commission or the Court of Human Rights. These countries have gone ahead to accept their obligations under the convention and amended their national law accordingly or ceased to apply the offending practice. In addition, all of the countries have incorporated the convention into their national laws.58 The incorporation of the Schengen Acquis into the European Union law59 might suggest that the ECHR may have a reduced direct significance as a standard for legal evaluation. This is so, because the EU law does not recognise the jurisdiction of the European Court of Human Rights and therefore the European Court of Justice does not regard the provisions of the Convention binding to it. The situation is, however, different because, as noted above, the provisions of the Convention have been incorporated into national laws of most of the Schengen countries, and the ECJ, in human rights cases, is inspired by the national law. Further, the ECJ does recognise the provisions in the Convention as human rights principles of general application and does seek their inspiration although not applying them directly in its decisions.60 Again, the EU Charter of Human Rights recognises the ECHR as one of its legal bases. The Charter also attempts to create harmony between the rights it protects and those protected in the ECHR. Article 52 of the Charter states that where the rights in the Charter correspond with rights guaranteed by the ECHR, the meaning and scope of those rights shall be the same as those set down by the Convention. In addition, the incorporation of the EU Charter into the EU Constitution gives the Charter a binding effect and therefore becomes applicable to the 57 Protocol 11 abolished the Commission. 58 Gearty, C.A. 1997; Norway, which incorporated the ECHR into its national law on 21 May 1999 and United Kingdom, which incorporated the Convention into its national law in 2000. 59 See, 1.5.2.3 above. 60 See especially, ECJ Opinion in the Case C-465/00 Rechnungshof v. Österreichischer Rundfunk and Others which shows how the ECJ will refer to ECtHR case law when construing an EC instrument (here the Directive 95/46/EC) that itself builds upon the ECHR.

Human Rights Law and Schengen

Schengen. But of most significance is that the EU Constitution provides for accession by the EU to the ECHR. When this happens, it will remove any doubt as to the jurisdiction of ECHR in the EU law. The underlying principle in these instruments is the concept of a democratic society.61 By a democratic society it is meant, in this study, a state governed by the rule of law and respect for human and individual rights. In other words, there is a democratically elected parliament that makes laws which respect human rights and judicial institutions that supervise the respect for rule of law. There is no section of society that is targeted for systematic violation of individual rights. The whole mark of a democratic society is respect for human rights and rule of law. The principle is used as a standard against which the limitations and exceptions that tend to curtail the application of individual rights are evaluated. Modern human rights rules, as stipulated in national constitutions, laws and international instruments, play the role of balancing societal interests and those of the individual. “The rules serve to help balance the rights of the individual and the broader interests of the democratic society as a whole in instances where they may be in conflict.62 On one side, they fetter the actions of a state against the individual’s rights. If a state were unfettered, then it could interfere with every aspect of the individual’s life without restrain. The basis of democracy is that state’s actions against the individual should be restrained. “At every root of democracy lies the principle that the power of the executive authorities is not unfettered.”63 But this does not mean that the State cannot act in a way that individual civil rights would be undermined. “Individuals have rights, but these rights are limited by collective needs and the latter may be more pressing in certain circumstances, as for example in the case of terrorism.”64 The State, on the other hand, must act within some limits. Such limits are expressed in national laws and international instruments. Four methods of evaluating an action of state are developed in the ECHR and have been given judicial recognition by the decisions of the Commission and the Court:65 – Firstly, there must be a violation, which breaches one of the guarantees in the Convention e.g. Art. 8 (1) or any other provision. – Secondly, the violation must be allowed by existing national law. That is, the violation is “in accordance with the law”. – Thirdly, the aim of the violation or measure must be a legitimate one. It must be covered by the wording of the relevant article. 61 See, Art. 29(2) of the United Nations Declaration of Human Rights; Arts. 14(1) (right to public trial, 21 (freedom of assembly), 22(2) (freedom of association) of United Nations Covenant on Civil and Political Rights; Arts. 6(1) (right to a public trial), 8 (right to respect for one’s private and family life, 9(2) (right to manifest one’s religion or beliefs, 10 (right to freedom of expression), 11 (right to freedom of peaceful assembly and of association, of the European Convention for Human Rights, as well as the right of freedom of movement and residence contained in Art. 2 of Protocol No. 4 to the Convention. 62 Klass and Others v. Federal Republic of Germany (1978) op. cit. 63 Gerard S. (1992), p. 17. 64 Ibid. 65 Massias, F. (1992).

83

84

Chapter 3

–

Fourthly, the measure must also be necessary and does not go beyond what is necessary. The violation must be “necessary in a democratic society”.

These principles are examined in detail in the following chapter on informational privacy.

4

International Human Rights Information Privacy

4.1

Introduction

The concept ‘information privacy’ is concerned with the protection of personal data. In Europe, the term ‘data protection’ is used to refer to ‘information privacy’. Although the two concepts, information privacy and data protection, may differ somewhat in meaning, the scope of the former is wider than the latter. Both expressions are used here interchangeably to refer to the same thing – protection of personal data. The concern for protection of personal data is fairly recent and was triggered by the diffusion in society of computers and databases in the last half of the twentieth century. In the early 1960s, fears for a complete loss of privacy started to emerge and were expressed in popular literature with sensational titles such as ‘Surveillance Society’, ‘Data Banks Society’, ‘The Death of Privacy’, and apocalyptic metaphors such as ‘Big Brother’, ‘Panopticon’. Knut S. Selmer, opening a symposium on Data Banks and Society in Oslo in 1972, touched on these fears and concerns. He observed that “it is strange that our symposium is held at a moment when the question of invasion of privacy through public data banks has suddenly aroused very strong feelings in this country”. The culmination of these fears and concerns was the enactment of data protection laws in the 1970s and the main concern of these laws is the protection of personal data. Protection of personal data was deemed necessary because the legislations of the time (human rights laws, constitutional laws, statutory laws etc.) were regarded as inadequate in affording protection to the new phenomenon of personal data. The objective of this chapter is to examine how human rights laws protect information privacy. This is achieved by examining ECHR especially Article 8 case law. In particular it examines the criteria for finding an action of public authority interference with private life and it also examines the four criteria (see Chapter 3 and 4.2. below) used by the ECHR organs to examine acts of the states vis-à-vis individual privacy. Another objective is to examine to what extent transparency and proportionality concerns are part of the case law decisions especially as regards protection of personal data. In other words, how much can one read transparency and proportionality in the Court’s decisions? Later in Chapter 6, when data protection principles are examined, an evaluation 

Data Banks and Society, University Forlag 1972 Oslo. p. 2

86

Chapter 4

model based on transparency and proportionality concepts used in this chapter will be developed. The case law analysed in this chapter ranges from 1983 to June 2004. The choice of 1983 is influenced by the main case relied on in this study, the Klass and Others v. Germany case, which was decided in 1983. The case is important because it was the first case to set out clear warning against the adoption of security measures that can undermine the very fabrics of rule of law and democratic society. It is also the first case to spell out clearly guidelines about adequate safeguards. Subsequent case law has built on the foundations set out by Klass and Others. The analysis here traces these developments to June 2004 when the most recent case used, Von Hannover v. Germany, was decided. The cases were chosen using two criteria. First, their relevance to data protection issues such as gathering, purpose, use, disclosure, access and deletion of data. Second criterion is the cases’ relevance to issues on exemptions under Article 8 (2) of the ECHR. The writer relied on primary case materials for the analysis. The methodology used was to search for cases in the ECHR Document Collections – HUDOC database. The criteria for search used were Article 8 and personal data. The reading through of the summaries followed. The aim was to determine whether the cases were relevant or not. Cases that met the two requirements above were printed out for reading and analysis. In the analysis the writer has benefited from other commentators’ insights and work, although their work may not have been widely cited because we do not share similar objectives. The only two works that are closely related to this analysis are by Bygrave (1998) and Alkema. The two works are rather old now as they do not benefit from the insight of the recent ECtHR decisions. This analysis serves also as an update to these works. 4.2

Main Human Rights Privacy Provisions

The core provisions on privacy are found in the main human rights instruments, namely the ICCPR Article 17 and the ECHR Article 8. Article 17 ICCPR states that, 1. 2.

No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation. Everyone has the right to protection of the law against interference or attacks.

Article 8 EHCR has similar wording with little variation. It states that, 1. 2.

 

Everyone has the right to respect for his private and family life, his home and his correspondence. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country,

App. No. 59320/00 Judgement 24 June 2004. Alkema, E. A. Privacy Under the European Convention on Human Rights. http://www.privacyexchange.org/iss/confpapers/montreal.html last accessed on 14 March 2005.

International Human Rights Information Privacy

for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.

Both instruments do not expressly include the protection of information privacy or protection of personal data. This anomaly, however, has not hindered the case law of the Human Rights Committee and ECtHR from addressing issues of information privacy and protection of personal data whenever they arose. We will come back to this below. In a new development, the Charter of Fundamental Rights of the European Union (Charter) has become the first international human rights instrument to incorporate a provision on protection of personal data. Article 8 of the Charter states, 1. 2.

3.

Everyone has the right to the protection of personal data concerning him or her. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified. Compliance with these rules shall be subject to control by an independent authority.

The Charter has attempted to fill in the gap that many critics have pointed out as lacking in the human rights case law, namely the systematic categorisation of the principles of data protection and supervision by independent data protection authority. The Charter may not be exhaustive in its list of principles of personal data protection. The principles mentioned are fair and lawful processing, purpose principle and individual participation principle. But compared to the catalogue of principles in Chapter 6 below, this is a fairly truncated list. This, however, is a welcome inclusion in framework legislation, which will require to be supplemented by reference to specific legislation on personal data protection. But the most innovative aspect of the Charter is the recognition, for the first time, of a right to protection of data, which hitherto only existed in lower level legislation. The lack of a right to protection of personal data in the classic human rights instruments means that an applicant cannot institute an independent claim on violation of protection of personal data. Instead, one must rely on Article 17 ICCPR or Article 8 ECHR and the case law to further his or her claim. The Charter does not define personal data consequently as mentioned above, one has to look beyond the Charter to the data protection legislation for the definition. In this regard, it is necessary to echo the words by the ECtHR former president Rolv Ryssdal who observed: For our part, we in Strasbourg should not ignore the basic principles laid down in the Data Protection Convention in addressing ourselves to those issues which do come before us. Those basic principles are a sectoral implementation of Article 8 of the European Convention

 

See Bygrave, L. A. (1998); Alkema, A. Ibid. Bygrave, Ibid.

87

88

Chapter 4

on Human Rights in the context of automatic data processing and may therefore [be employed] in aid in interpreting that provision.

The clearest statement of data protection principles under the ICCPR is to be found in the case law developed around Article 17. The Committee for Human Rights, in its General Comment 16 of 1988, reminded State parties that “they are under a duty themselves not to engage in interference inconsistent with Article 17 of the Covenant and to provide the legislative framework prohibiting such acts by natural or legal persons.” In particular, it urged legislation on data protection when it stated that: As all persons live in society, the protection of privacy is necessarily relative. However, the competent public authorities should only be able to call for such information relating to an individual’s private life the knowledge of which is essential in the interests of society as understood under the Covenant. Accordingly, the Committee recommends that States should indicate in their reports the laws and regulations that govern authorised interference with private life. (…) The gathering and holding of personal information on computers, data banks and other devices, whether by public authorities or private individuals or bodies, must be regulated by law. Effective measures have to be taken by States to ensure that information concerning a person’s private life does not reach the hands of persons who are not authorised by law to receive, process and use it, and is never used for purposes incompatible with the Covenant. In order to have the most effective protection of his private life, every individual should have the right to ascertain in an intelligible form, whether, and if so, what personal data is stored in automatic data files, and for what purposes. Every individual should also be able to ascertain which public authorises or private individuals or bodies control or may control their files. If such files contain incorrect personal data or have been collected or processed contrary to the provisions of the law, every individual should have the right to request rectification or elimination.”

The catalogue of principles by the Committee for Human Rights can be said to be among the most articulate statements of the principles by a human rights organ. But seen in the hindsight of the data principles, the Committee’s catalogue is not adequate. The call to regulate data processing by law then was significant because most State parties had not enacted data protection laws. The reach of the principles, however, was not adequately wide. A number of principles found in data protection laws were omitted, such as the minimality principle, specification principle, security principle, and data 



Ryssdal, R. ‘Data protection and the European Convention on Human Rights’, in Data Protection, Human Rights and Democratic Values, Proceedings of the 13th Conference of Data Protection Commissioners held 2-4 October in Strasbourg (Strasbourg: CoE, 1992), 42; Also quoted in Bygrave, L. A. (1998), p. 256. The right to respect of privacy, family, home and correspondence, and protection of honour and reputation (Art. 17): 08/04/88. ICCPR General comment 16. (General Comments) GENERAL COMMENT 16; (UN Doc A/43/40, 181-183; UN Doc CCPR/C/21/ADD.6; UN Doc HRI/GEN/1/Rev 1, 21-23), para. 9 & 10.

International Human Rights Information Privacy

quality principle. Although the purpose principle is mentioned, the way it is formulated is very wide and could include other purposes not initially intended, so far as they are compatible with the provisions of the Covenant. The scope of the access is also limited to automated data files only, whereas manual files are within the scope in data protection principles. The list of principles of protection of personal data has been recognised by most of the international and national data protection laws. Of course, there may be small variations, but the core principles are to be found in most of the data protection laws. Consequently, one would agree with Bygrave that the data guarantees by the Committee are significantly truncated relative to the principles specified in ordinary data protection instruments. As he observes, the truncated list may reflect the view of concept of ‘privacy’ in terms of seclusion or limited accessibility held by the Committee and projected in the Covenant and human rights instruments in general. Under the ECHR, there is no comprehensive catalogue of data protection principles. The Commission and the ECtHR have instead piecemeal recognised a number of these principles in their case law decisions as the analysis here will demonstrate. The case law is not by any means exhaustive and the Court may in the future recognise other principles. The Court has in its case law dealt with a series of issues related to processing of personal information which also reflect some of the principles of protection of data stipulated above. The Commission and the Court, however, have not operated from a set of principles. When such principles are given weight, it is only incidental rather than intended. The Strasbourg organs have instead used a different approach – “interference – violation” approach. They investigate whether an action amounts to interference with the right to respect for private life under Article 8 (1) of the Convention. If they find interference, then they examine if the interference amounts to violation, i.e. whether the interference is permitted or justifiable under § 2 of Article 8. Some of the issues addressed by the Court are gathering (collection) of information, retention (storing) of information, purpose of information, access and release of information, use of information, and deletion (destruction) of information. The case law will be dealt with under these headings. First, issues of interference will be examined and thereafter the issues of violation. The aim is to determine what criteria are used in determination of interference and violation. In other words, what are the determining factor(s) in the finding of interference and violation? The hope is that it will be possible to discern what is protected and to establish the extent to which one can read transparency and proportionality in the decisions of the Court. 4.3

Determination of Interference under Article 8 §1

4.3.1

Gathering or Collection of Personal Information

Gathering or collection of personal information is a necessary activity in an information society. Personal information is a commodity in interaction with others and society at large. Everyday, people exchange personal information for service, as service-rendering  

Bygrave, L. A. (1998), p. 253. Ibid.

89

90

Chapter 4

agencies require personal information in order to carry out their duties. People surrender their personal information either by consent, which may be voluntary or induced,10 or through compulsion, as in the case of legal requirement. Means and technology for gathering information have also advanced. Some of the methods and technologies may be intrusive or non-intrusive, secret or non-secret. Intrusive gathering of information requires the involvement of the persons, for example telephone interception and extraction of bodily samples in DNA or drug tests. Non-intrusive methods do not require the involvement of the individual, for example, computer and Internet searches (data surveillance), data mining, data matching and profiling. But according to data protection laws, personal data should be processed fairly and lawfully. According to ECtHR jurisprudence, collection of personal information may be an interference with the right to respect for private life as protected by Article 8 of the Convention. The means of collection may not be relevant to the finding of interference where gathered by security services. The ECtHR has held that files gathered by security services on a particular individual fall within the scope of Article 8, even where the information has not been gathered by intrusive or covert methods (P.G. and J. H. v. United Kingdom § 57 ).11 Metering, a process that involves the collection and retention of information about the use made of telephones rather than the content of the conversation, has been held can violate Article 8 §1 if the information is released to the police unless there is justification under Article 8 §2 (see Malone case). In the case of P.G. and J. H. v. United Kingdom § 42, the Court noted that “metering which does not per se offend against Article 8 if, for example, done by the telephone company for billing purposes, is by its very nature to be distinguished from the interception of communications which may be undesirable and illegitimate in a democratic society unless justified.” Gathering of personal information by police (or any other gathering agency) has been held to violate Article 8 §1 of the Convention unless justified under one of the exceptions of Article 8 § 2. The Court has repeatedly held that interception of telephone communications may create interference with private life and correspondence and thus violation of Article 8 (see Klass and Others v. Germany § 41).12 In the Huvig case (§ 32), the Court observed that “tapping and other forms of interception of telephone conversations represent a serious interference with private life and correspondence and must accordingly be based on ‘law’ that is particularly precise.” In Kopp v. Switzerland § 53, the Court observed that subsequent use of the recordings made (in interception of telephone calls) has no bearing on the finding that interception of telephone calls is a violation of 10 See Lustig-Prean and Beckett v. United Kingdom Judgement 27 September 1999 § 102; Mr. Beckett was asked to consent to a search of his locker and participate in interviews about his homosexuality. The court considered, however, that the applicants did not have any real choice but to cooperate. It further observed that the authorities would have proceeded to verify the suspected homosexuality of the applicants by other means, which were likely to be less discreet. This was, in fact, made clear a number of times to Mr.Lustig-Prean during his interview, who confirmed that he wished to keep the matter as discreet as possible. 11 See also Rotaru v. Switzerland § 43-44; Amann v. Switzerland, Leander v. Sweden. 12 See also Malone case, Huvig v. France, Kruslin v. France, Kopp v. Switzerland, Amann v. Switzerland, Halford v. United Kingdom, Niemitz v. Germany etc.

International Human Rights Information Privacy

Article 8 § 1. The Court was refuting the argument by the Government, which claimed that there was no interference with the applicant’s private life and correspondence since none of the recorded conversations in which he had taken part had been brought to the knowledge of the prosecuting authorities. Further, it observed that all the recordings had been destroyed and no use whatsoever had been made of any of them.13 Other forms of information gathering, apart from telephone interception, have also been found capable of violating Article 8 §1. In the case of Friedl v. Austria the Court repeated that “compulsory public census, including questions relating to personal details of the inhabitants of a particular household, or the requirement, pursuant to the relevant tax legislation, to produce a list of one’s private expenditure amount to such interference.” Similarly, “the examination of a person in the course of detention, including measures such as his search, questioning about his private life, taking of fingerprints and photographs, and the retention of the records of this examination, was also regarded as interference with the person’s right to respect for his private life” (cf. McVeigh, O’Neill and Evans v. U.K. Comm. Report 18.3.81, D. R. 25 p. 15, § 224). In Murray v. United Kingdom, the first applicant complained of the manner in which she was treated both in her home and at the Army centre. In the latter connection, she objected to the recording of personal details concerning herself and her family, as well as her photograph which was taken without her knowledge or consent. The Court held that these measures amounted to interference with the applicants’ exercise of their right to respect for their private life and family life and their home. The taking and, by implication, also the retention of photographs of the first applicant without her consent had no statutory basis but were lawful under the common law. Finally, the Court found that there was no violation of Article 8 § 1 as the various measures of the complaint were found to be necessary in a democratic society for prevention of crime, within the meaning of Article 8 § 2.14 Similarly, in Perry v. the United Kingdom,15 where the complainant was covertly videotaped by the police, the Court held that the recording and use of the video footage of the applicant disclosed an interference with his right to respect for private life § 43. In this case, the applicant had been brought to the police station to attend an identity parade and he had refused to participate. Instead, the police videotaped him. The police regulated the security camera so that it could take clear footage of the applicant in a custody suit and inserted it in a montage of film of other persons to show to witnesses for the purposes of seeing and identifying the applicant as the perpetrator of the robberies under investigation, in which case he was identified. The video was also shown during the applicant’s trial in a public courtroom. The Court was critical of the method used by the police to photograph the applicant and it observed that “the ploy adopted by the police went beyond the normal or expected use of this type of camera § 41.” Further, it stated that “the footage in question in the present case had not been obtained voluntarily or in circumstances where it could be reasonably anticipated that it would be recorded and used for identification purposes § 42.” 13 (1998) 27 E.H.R.R. 91 § 51 & 53. 14 (1994) 19 E.H.R.R. 193. 15 App. No. 63737/00 Judgement 17 July 2003.

91

92

Chapter 4

In the case of Rotaru v. Romania, the Court held that public information can fall within the scope of private life where it is systematically collected and stored in files held by the authorities.16 The Government, in this case, had denied that Article 8 was applicable, arguing that the information in the RIS’s (Romanian Intelligence Service) letter of 19 December 1990 related not to the applicant’s private life but his public life. By deciding to engage in political activities and have pamphlets published, the applicant had impliedly waived his right to the ‘anonymity’ inherent in private life. And as to his questioning by the police and his criminal record, they were public information. The Court noted that the RIS’s letter contained various pieces of information about the applicant’s life, in particular his studies, his political activities and his criminal record, some of which had been gathered more than fifty years earlier. In the Court’s opinion, such information, when systematically collected and stored in a file held by agents of the State, falls within the scope of ‘private life’ for the purpose of Article 8 § 1 of the Convention. “That is all the more in the instant case as some of the information has been declared false and is likely to injure the applicant’s reputation.” The cases also raise the most important question of the privacy of public figures. Do public figures enjoy privacy or are their lives open books for all to read? The Court’s decision asserts, without so much saying so, that public figures too have private lives. The issue here is not the status of the person, but whether the information is private. If the information has a private character, then the collection and processing of such information could well interfere with the person’s private life and come under Article 8 of the Convention. This was the decision of the Court in the case of Von Hannover v. Germany. 17 In this case, the Court held that “anyone, even if they are known to the general public, must be able to enjoy a “legitimate expectation” of protection of and respect for their private life” § 69. Furthermore, increased vigilance in protecting private life is necessary to contend with new communication technologies which make it possible to store and reproduce personal data. This also applies to the systematic taking of specific photos and their dissemination to a broad section of the public § 70. The exceptions in Article 8 § 2 and other rights, such as the right to freedom of expression, may justify such interference. Transparency concerns, as regards collection of information, seem to be apparent in the decisions of the Commission and the Court although not stated. The decisions seem to aver that secret collection of personal information by security services amounts to interference unless there are legitimate reasons and legal authorisation (see Murray v. United Kingdom). The Court also seems to suggest that interception of telephone communication must be transparent if it will not be considered interference with private life and correspondence (see Klass and Huvig cases). The issue of transparency here is closely tied to the issues of legality and lawfulness of the action concerned and will also be dealt with under the heading on “in accordance with the law”. Proportionality does not feature in the determination of interference decisions but does arise in the determination of whether the interference amounts to a violation or not. 16 App. no. 28341/95 Judgement 4 May 2000. 17 See App. No 59320/00 judgement 24 June 2004;

International Human Rights Information Privacy

4.3.2

Retention or Storage

Retention or storage of information is a special characteristic of information privacy and has been held to offend Article 8 § 1 of the Convention. Such storage could, however, be justified by one of the exceptions in Article 8 § 2. The ECHR does not distinguish between manual and automated storage of information. What seems to be decisive is that the information is stored in a manner that allows it to be retrieved. Under the EU Directive for data protection, personal filing system has been defined as “any structure set of personal data which is accessible according to specific criteria (…).”18 The definition includes both manual and automated filing systems unlike in the CoE Convention which only refers to automated filing systems.19 In Leander v. Sweden, it was established that storing and release of personal information, and refusal to allow Mr. Leander an opportunity to refute it, amounted to an interference with his right for private life guaranteed by Article 8 § 1.20 The applicant was prevented from obtaining a permanent employment and dismissed from a provisional employment on account of certain secret information kept in a police register, which allegedly made him a security risk. But, the interference with the applicant’s private life was found justifiable under Article 8 § 2 on grounds of national security. In the case of Amann v. Switzerland, the Court reiterated that storing by a public authority of data relating to the private life of an individual amounts to an interference within the meaning of Article 8. The subsequent use of the stored information has no bearing on that finding.21 The applicant had complained of violation of Article 8 § 1 after the Public Prosecutor’s Office created a card based on information intercepted and recorded from a telephone to the applicant from a person at the former Soviet embassy in Berne. The card was stored in the Confederation’s card index. The Court held that both the creation of the impugned card, and the storing of it, amounted to interference with the applicant’s private life, which cannot be considered to be ‘in accordance with the law’. According to the Court, the Swiss law did not indicate with sufficient clarity the scope and conditions of exercise of the authorities’ discretionary powers in the area under consideration. It is doubtful if the storage of photographs could violate Article 8 § 1. The decisive factor seems to be whether taking the photograph related to private or public matters. If it relates to public matter the likelihood of inferring violation is limited and if it relates to private matter, violation could be easily inferred. In Friedl v. Austria, the Commission stated that “for the purpose of delimiting the scope of the protection afforded by Article 8 of the Convention against arbitrary interference by public authorities, the Commission has attached importance to the questions whether the taking of photographs amounted to an intrusion into the individual’s privacy, whether it related to private matters or public.” Finding no violation of Article 8, the Commission relied on the fact that the photographs related to a public incident in which the applicant was voluntarily taking 18 Article 2 c, EU Directive Data Protection. 19 Article 2 b & c CoE Convention. 20 (1987) E.H.R.R. 433 § 48; See also Kopp v. Switzerland, Rotaru v. Romania and P. G. & J.H. v. United Kingdom. 21 Judgement 16 February 2000; See also Leander case § 48 and Kopp case §53.

93

94

Chapter 4

part and that they were solely taken for the purposes of recording the character of the manifestation and actual situation at the place in question. In addition, the Commission noted that the individual persons in the photographs taken remained anonymous, in that no names were noted down, and the personal data recorded as well as photographs taken were not entered into a data processing system, and no action was taken to identify the persons photographed on that occasion by means of data processing.22 In the case of Murray v. United Kingdom where the applicant was photographed at a detention centre without her knowledge or consent, the Court, however, stated that the taking of photographs was an interference with the applicant’s private life. The Court, nevertheless, found that the interference was justified under Article 8 § 2 as necessary in a democratic society for the prevention of crime. The question still remains unanswered as to whether interference with private life can be inferred if the photographs were recorded and stored in a database or information system. The dictum by the Commission in Friedl case that “the personal data recorded and photographs taken were not entered into a data processing system” seems to suggest that if they were entered in a database, interference could be easily implied. In P.G. & J.H. v. United Kingdom, the Court implied the same. There are a number of elements relevant to a consideration of whether a person’s private life is concerned in measures effected outside a person’s home or private premises. Since there are occasions when people knowingly or intentionally involve themselves in activities, which are or may be recorded or reported in a public manner, a person’s reasonable expectations as to privacy may be a significant, though not necessarily conclusive factor. A person, who walks down the street, will inevitably, be visible to any member of the public who is also present. Monitoring by technological means of the same public scene (e.g. a security guard viewing through Closed Circuit Television) is of a similar character. Private life considerations may arise however once any systematic or permanent record (italics added) comes into existence of such material from the public domain. It is for this reason that files gathered by security services on a particular individual fall within the scope of Article 8 even where the information has not been gathered by any intrusive or covert method (see Rotaru v. Romania [GC], no. 28341/95, ECHR 2000-V, §§ 43-44).23

The decisive factor here is whether the stored photographs would be used in data processing for identification purposes. If they are used, then interference could be readily implied. This could also be true for recording and retention of other graphics and images such as fingerprints, DNA, biometrics and video images. In such case, justification under Article 8 § 2 would be necessary for retention not to be covered by Article 8 § 1 violation. This matter seems to be settled now in the case of Perry above where the Court held that “the permanent recording of the (video) footage and its inclusion in a montage for further use may therefore be regarded as processing and collecting personal data of the applicant § 41.” 22 Judgement of 31 January 1995. 23 Judgement of 25 September 2001 § 57.

International Human Rights Information Privacy

Issues of transparency would arise in the storage of personal information if it were covert and the person affected was not given access to the information (see Leander case). Also in the Murray case, one could read transparency concerns in the decision of the Court where photographs were taken covertly and stored without her consent. In the case of Amann, the Court seems to imply need for transparency when it demands the scope of the exercise of discretion of the Swiss authorities to be specific. The Court said that “the law did not indicate with sufficient clarity the scope and conditions of exercise of the authorities’ discretionary powers in the area under consideration”. The Court seems to suggest that exercise of discretion should be transparent. Issues of proportionality in storage would arise in the consideration of violation under Article 8 (2). Requirement that the exercise of discretion by public authorities should be specific could be seen, however, as a requirement for proportionality. 4.3.3

Purpose of Information

Purpose of information may not be relevant in determining the issue of interference with Article 8 of the Convention. It is enough that the information is personal information. Purpose is, however, significant in finding whether the interference amounts to a violation of Article 8. The processing of information must be shown to pursue a legitimate aims i.e. one that is stated in Article § 2. The aims are: – the interests of national security, – public safety or the economic well being of the country, – the prevention of disorder or crime, or – the protection of health, morals or – the rights of others. In the case of Leander, it was held that both storing and the release of private information amounted to an interference with Mr. Leander’s right to respect for private life guaranteed by Article 8 § 1. But the interference was justified on national security grounds. The Court had to assess the legitimacy of the processing of the information in order to determine whether the interference amounted to a violation. The Court found that the aim of the Swedish personnel control system was clearly a legitimate one for purposes of Article 8, namely protection of national security. Finding of legitimacy is not fatal to a claim of violation because the Court will go ahead and assess the legality of the interference and whether it is necessary in a democratic society. The aim of the necessity test is to balance the legitimate aim pursued by a public authority against the seriousness of the interference with the applicant’s right to respect for his private life. In data protection laws, the corresponding principle to the legitimate aim principle in the Convention is the purpose specification principle. The convention “legitimate aim principle” limits the purpose for which personal data may be processed by prescribing a limited catalogue of aims. But data laws do not adopt a limited catalogue of purposes of processing, instead, they require that the purpose be lawful and specific. In data protection, the purposes of processing can be wide as long as they are lawful and specific. Nevertheless, the Convention’s limited catalogue may be deceptive because the

95

96

Chapter 4

interpretation and application of the legitimate aims by the Court may be very wide indeed since the aims are very broadly formulated (see 4.4.2.3). The requirement that the purpose pursued must be legitimate can be said to be a requirement for transparency. Transparency requires that the purpose be lawful and stated clearly, that the purpose pursued should be clear and known. Those affected by the measure should not be left guessing the purpose (see Klass & others case). The issue of transparency, as concerns purpose, will be dealt with in detail in the consideration of legitimate aims below 4.4.2.3. The requirement for purpose to be legitimate raises issues of proportionality as well, and will be best considered in 4.4.2.3 and 4.4.2.6 below. 4.3.4

Use of Information

Use of information is not significant in the determination of the issue of interference under Article 8 of the Convention. In the Amann case (above), the fact that the card had never been consulted by a third party did not imply there was no interference with the applicant’s right to respect for his private life. The Court noted that a card containing data relating to the applicant’s private life was filled and stored in the Confederation’s card index. It is not for the Court to speculate as to whether the information gathered on the applicant was sensitive or not or as to whether the applicant had been inconvenienced in any way. It is sufficient for it to find that data relating to the private life of an individual was stored by a public authority to conclude that, in the instant case, the creation and storing of the impugned card amounted to an interference, within the meaning of Article 8, with the applicant’s right to respect for private life. Earlier, in the case of Kopp v. Switzerland (above), the court had arrived at a similar finding. The Court held that interception of telephone calls constitutes “interference by a public authority”, within the meaning of Article 8 § 2, with the exercise of a right guaranteed to the applicant under § 1. The subsequent use made of the recordings has no bearing on the findings. The use of information may, however, be a relevant factor in determination of interference under Article 8 of the Convention. In Rotaru v. Romania, the Court held that “both the storing of the information and the use of it, (…) amounted to interference with the applicant’s right of respect for private and family life as guaranteed by Article 8 § 1.” As noted earlier, the decisive factor is the storing of information in a retrievable form, however, the use may be relevant but not the use on its own. Interestingly enough, under the Convention, the use of information does not amount to interference. It does so only when it is used for other purposes other than the initial objective. Even when information is used for the purpose it was processed for, such as intelligence surveillance, it may amount to interference. This may, however, be justified by one of the exception grounds in Article 8 §2. In data protection laws, what is prohibited is the use for different purpose incompatible with the original purpose of processing the data. Nonetheless, further use could be permitted by consent of the data subject or by law. The purpose specification and minimality principles in data protection laws underscore this. It is difficult to infer transparency in the decisions by the Commission and the Court as regards use of information. In the Leander case (see below 4.2.5) on the issue of access to information, the Court, however, seemed to infer transparency when it held that use of information to the detriment of a person without giving the person access to the

International Human Rights Information Privacy

information would amount to interference with the respect for his private and family life under Article 8 of the Convention. The court was suggesting that such information should be made accessible to the person unless withholding the information was justified under the exceptions in Article 8 (2). It is difficult to say whether the Court decision was based on the issue of use of information or its access. But what is clear is that, if the information was used to the detriment of a person, the person should have access. The mere use of information does not in itself raise transparency concerns. 4.3.5

Individual Access to Information

Individual access to information is similar to the right of access for data subjects in data protection laws. It allows a person the chance to challenge, refute, correct or supplement the information. The ECtHR has held that both the storing by a public authority of information relating to an individual’s private life and the use of it and the refusal to allow an opportunity for it to be refuted amounts to interference with the right to respect for private life secured in Article 8 § 1 of the Convention.24 Access to information is not an absolute right and may be limited under Article 8 §2, however, adequate safeguards against abuse must accompany such limitations. In the Leander case, the applicant claimed that he was not permitted to refute information that had been used detrimentally against him. Despite the favourable finding of interference with the applicant’s right to respect for private life under Article 8 § 1 of the Convention, the Court did not think there was a violation of Article 8. In the Court’s reasoning, the refusal was in accordance with the law, especially because the Swedish personnel control system contained safeguards that met the requirements of paragraph 2 of Article 8.25 In Gaskin v. United Kingdom, the applicant claimed that the refusal of access to all his case records held by Liverpool City Council was in breach of his right to respect for his private and family life under Article 8 of the Convention. Some contributors of the records had consented, and others did not consent to the access of the records by the applicant. Consequently, the applicant had access to the former but not latter records. The Commission and the Court found interference with Article 8. The Court noted that the records contained in the file undoubtedly related to the applicant’s ‘private and family life’ in such a way that the question of the access thereto falls within the ambit of Article 8. It was the Court’s opinion that “persons in the situation of the applicant have a vital interest, protected by the Convention, in receiving the information necessary to know and to understand their childhood and early development. (…). Under such a system the interests of the individual seeking access to records relating to his private and family life must be secured when a contributor to the records either is not available or improperly refuses consent.”26 The Court, however, was quick to add that its finding was not an expression of an opinion as to whether general rights of access to personal data and information may be derived from Article 8 § 1 of the Convention. This finding 24 See Rotaru v. Romania §46; Leander v. Sweden § 48; Kopp v. Switzerland §53 and Amann v. Switzerland § 69 and 80. 25 Leander case § 67. 26 (1988) 12 E.H.R.R. 36 § 49.

97

98

Chapter 4

therefore was restricted to the facts and the case of Gaskin, as the Court added that “it is not called upon to decide in abstracto on questions of general principle in this field but rather has to deal with the concrete case of Mr. Gaskin’s application.”27 This was unfortunate reasoning by the Court because it could have used the occasion to firmly establish a general right of access as accorded by data protection laws. Instead, the Court decided to give more prominence to State’s positive obligation in this case when it noted that “the absence of any independent authority finally deciding on access to records in cases where the contributor was not available, or improperly withheld consent, constituted a violation of the State’s obligation under Article 8 of the Convention, (see § 49 of the judgement).” In a later case M.G. v. the United Kingdom,28 whose facts were similar to the Gaskin case, the Court again applied the State’s positive obligation argument to find interference and violation with the applicant’s access. The court held that there was failure to fulfil the positive obligation to protect the applicant’s private and family life with respect of his access to his social service records from April 1995 when the applicant first requested them, § 31; but that there was no violation of Article 8 of the Convention with respect of the applicant’s access, between April 1995 and 1 March 2000 to his social service records, § 32. The reason being that as from 1 March 2000 (the date of entry into force of the Data Protection Act 1998), the applicant could have, but did not, appeal to an independent authority against the non-disclosure of certain records on grounds of a duty of confidentiality to third parties. “He has not demonstrated therefore any failure by the State to fulfil a positive obligation after 1 March 2000 since he failed to use the appeal process available from that date.” Again, the Court squandered the opportunity to assert the right of access as found in data protection laws by deciding to seek refuge in the doctrine of positive obligation. In McMichael v. United Kingdom, the applicants had been deprived of the care and custody of their son as well as access to him when he was ultimately freed for adoption. They alleged that they had not received a fair hearing before the children’s hearing and they did not get access to confidential reports and other documents submitted to the hearing. On the question of refusal of access to the confidential documents, the Court observed that “whilst Article 8 contains no explicit procedural requirements, the decision making process leading to measures of interference must be fair and as such as to afford respect to interests safeguarded by the provision.” Furthermore, the Court noted that, in the present case, the facts complained of had repercussions not only on the conduct of judicial proceedings to which the second applicant was a party, but also on “a fundamental element of [the] family life” of the two applicants. Finding a violation of Article 8, the Court noted that the decision-making process determining the custody and access arrangements with regard to the son did not afford the requisite protection of the applicants’ interests as safeguarded by Article 8.29 As regards individual access to information, transparency can be inferred in the decisions by the Court. The Court’s decisions are emphatic that such access should be 27 Ibid. § 37. 28 App. No. 39393/98 Judgement 24 September 2002. 29 (1995) 20 E.H.R.R. 205.

International Human Rights Information Privacy

given to the person concerned in order to enable him to challenge and refute the information or the decision arrived at based on the information (see Leander case). The Court’s decisions in all three cases Leander, Gaskin and McMichael, discussed above, put great emphasis on the need for access to information by the person concerned as a procedural requirement in decision-making. According to the Court’s observation in the McMichael case, although Article 8 contains no explicit procedural requirement, the decision-making process leading to measures of interference must be fair such as to afford respect to interests safeguarded by the provision. The use of the term ‘fair’ here could be deemed to indicate concern for transparency and proportionality.30 4.3.6

Disclosure of Information

Disclosure of information deals with release of information to third parties. It aims at protecting the confidentiality of information in order to protect the interests of the data subject. It also aims at protecting public interests such as in health care and to ensure that patients freely give information to health care officials. In criminal investigation, confidentiality of information protects police informants and in extension interest in prevention of crime. The general principle is that disclosure of information to third parties must be either by the consent of data subject or be prescribed by law. The next three cases under Article 8 of the Convention address some of these issues. In M. S. v. Sweden, the applicant complained under Article 8 of the Convention that the submission of her medical records to the Social Insurance Office constituted an unjustified interference with her right to respect for private life. Both the Commission and the Court found that there was no violation of Article 8, however they held that there had been an interference with the applicant’s right to respect for her private life under that provision and that the interference had been justified under § 2.31 Interference was justified as the disclosure could be regarded as having pursued the aim of protecting the economic well being of the country. The disclosure was necessary so as to enable the Social Insurance Office to determine whether the conditions for granting the applicant compensation for industrial injury had been met. Even the information concerning the abortion was found relevant to the assessment. The Court, however, did reiterate that “protection of personal data, particularly medical data, is of fundamental importance to a person’s enjoyment of his or her right to respect for private and family life as guaranteed by Article 8 of the Convention.” The Court added that, “respecting the confidentiality of health data is a vital principle in the legal system of all the Contracting Parties to the Convention. It is crucial not only to respect the sense of privacy of a patient but also to preserve his or her confidence in the medical profession and in the health services.” Z v. Finland involved disclosure of intimate information for the purposes of criminal investigations. The Court was of the view that any state measures compelling communication or disclosure of such information without the consent of the patient calls for the most careful scrutiny on the part of the Court. But the public interest in the prosecution 30 See 6.3.3.2 below 31 (1997) E.H.R.R. 313; See also the Leander case, where disclosure of intelligence information to a third party was found necessary in the interest of national security.

99

100

Chapter 4

of crime and the public interest in the publicity of the court proceedings can outweigh medical confidentiality, but only in limited circumstances and with other safeguards to protect the interests of patients. The case concerned the trial of Z’s former husband on a charge of engaging in sexual acts knowing that he was HIV positive. The defendant refused to testify, so the Finnish authorities seized Z’s medical files and ordered her medical adviser to give evidence with a view to establishing the defendant’s date of knowledge of the infection. After its judgement, the Court of Appeal ordered the medical data to remain confidential for ten years, contrary to the applicant’s request for a longer duration. The Court of Appeal also disclosed the identity and medical condition (HIV infection) of the applicant in its judgement, which was made available to the press.32 The ECtHR noted that, Under the relevant Finnish law, the Court of Appeal had the discretion, firstly, to omit mentioning any names in the judgement permitting the identification of the applicant and, secondly, to keep the full reasoning confidential for a certain period and instead publish an abridged version of the reasoning, the operative part and an indication of the law which it had applied. In fact, it was along these lines that the City Court had published its judgement, without it giving rise to any adverse comment.33

The Court found violation of Article 8 as regards the disclosure of identity and medical condition of the applicant in the judgement and the order on the short duration of ten years to maintain the medical data confidential. In the Leander case, information concerning him was released to National Police Board under the Personnel Control Ordinance. Based on this information, the Board decided that the applicant was not employable at the Naval Museum due to considerations of national security.34 The Court held that the storing and release of such information, which was coupled with a refusal to allow the applicant an opportunity to refute it, amounted to an interference with his right to respect for private life as guaranteed by Article 8. The interference was, however, justified under § 2. Another interesting case, raising disclosure of information to third parties issues, is Peck v. United Kingdom.35 The facts are that the applicant was recorded by Brentwood Borough Council CCTV surveillance system in a depressed disposition in possession of a knife at the High Street central junction. Prior to the recording he had attempted to commit suicide by cutting his wrists. The CCTV operator notified the police, who arrived and took the knife from the applicant, gave him medical assistance on the spot and brought him to the police station. He was later released without charges and taken home by police officers. The Council in its media campaign on effectiveness of CCTV surveillance in crime prevention later released the relevant CCTV footage to the media, which led to two publications by the “Yellow Advertiser” and two broadcasts by Anglia 32 33 34 35

(1997) 25 E.H.R.R. 371. Ibid. § 113. Leander v. Sweden op. cit. application no 44647/98, Judgement on 28 January 2003.

International Human Rights Information Privacy

Television and the BBC. In their publication, the media did not adequately mask the face of the applicant and a number of people known to the applicant recognised him. Finding interference with the applicant’s private life, the Court held that the disclosure by the Council of the relevant footage constituted a serious interference with the applicant’s right to respect for his private life.36 As regards release of confidential information to third parties, transparency may be implied in the decisions of the Court. The Court, however, is emphatic that disclosure would likely amount to interference unless the consent of the person concerned is solicited or there is legal justification (M. S. v. Sweden, Z v. Finland, Leander and Peck). By requiring consent or legal justification, in these cases, the Court was alluding to the need for transparency in disclosure of confidential information. One can also read requirement for proportionality in the Court’s decision in disclosure of confidential information to third parties. But this does not come during the consideration of interference but at the determination of whether the interference was justified under Article 8 (2). The Court does enquire whether there were other options available for achieving the same objectives and whether the public authority concerned considered them (Peck case). Under the principle of proportionality that the Court employs in its consideration of whether an action of a public authority is “necessary in a democratic society”, the Court looks to the existence of other options available to the public authority and whether they were considered (see 4.4.2.6 below). 4.3.7

Deletion of Information

Deletion of information is provided for in data protection laws. The ECHR does not contain a provision for deletion of information. The ECtHR has, however, given judicial recognition to deletion of information in a number of case decisions. Destruction or deletion of information is one of the safeguards against possible abuses pointed out by the Court in its judgement in the cases of Kruslin and Huvig. Both cases involved telephone tapping, which led to prosecution of the applicants. Finding violation of Article 8 the Court observed that, Above all, the system does not for the time being afford adequate safeguards against various possible abuses. For example, the categories of people liable to have their telephones tapped by judicial order and the nature of the offences, which may give rise to such an order, are nowhere defined. Nothing obliges a judge to set a limit on the duration of telephone tapping. Similarly unspecified are the procedure for drawing up the summary reports containing intercepted conversations; (…) and the circumstances in which recordings may or must be erased or the tapes be destroyed, in particular where an accused has been discharged by an investigating judge or acquitted by a court (Italics mine). The information provided by the Government on these various points shows at best the existence of a practice, but a practice lacking the necessary regulatory control in the absence of legislation or case-law.37

36 Ibid. § 63. 37 Kruslin v. France § 35 op. cit; Huvig v. France § 34 op. cit.

101

102

Chapter 4

In the case of Amann v. Switzerland, the Court especially took issue with the fact that the authorities did not destroy the stored information when it emerged that no offence was being prepared against the applicant. The storage of the information was not necessary and should have been destroyed as provided by Swiss law, both before and after 1990, which expressly provided that data which turned out not to be “necessary” or “had no further purpose” should be destroyed.38 Similarly, in the Rotaru case, the Court was critical of Romanian law which provided that information affecting national security may be gathered, recorded and archived in secret files not laying down any limits on the exercise of those powers. Inter alia the law did not lay down limits on the age of information held or the length of time for which it may be kept.39 In these cases, the ECtHR has expressed the necessity for destruction of information as a safeguard against abuse of such information. In doing so, the Court has recognised the data protection right to deletion of personal information. On the other hand, data protection laws contain the most explicit expression of the right to deletion. Requirement for deletion of information may be seen as a requirement for transparency and proportionality and can easily be read in the decisions of the Court. In the cases discussed above namely, Kruslin, Huvig, Amann and Rotaru, the Court requires the authorities concerned to provide for deletion of information in the law and also to take the initiative to delete the information. The Court was emphatic, especially in the Amann case, and it took issue with the authorities for not destroying the stored information when it emerged that no offence was disclosed. To require the law to provide for deletion may be a requirement for transparency and proportionality in information processing. Also to require authorities to take initiative to delete information, especially when it is no longer necessary, is a requirement for proportionality. 4.3.8

Conclusion

To conclude this section, as far as the finding of interference with respect to private life under Article 8 of the Convention is concerned, as summarised in the Figure 2 below, the decisive factors are whether the information is personal information (data) as defined by CoE Convention and recorded in a retrievable manner. Methods of gathering information, sensitivity of information, purpose of information and use of information are relevant but not decisive factors. In this regard, the ECtHR jurisprudence has moved from the narrow approach where sensitivity of information (intimacy and confidentiality) was decisive, to a broad approach where personal data and systematic recording are the determinant factors. In the three cases discussed above, Amann v. Switzerland (2000), Rotaru v. Romania (2000) § 43 and P.G. and J.H. United Kingdom (2001) § 56-60, the Court have explicitly stated that, Its broad interpretation of ‘private life’ tallies with that of the Council of Europe’s Convention of 28 January 1981 for the protection of individuals with regard to automatic processing of personal data, which came into force on 1 October 1985, whose purpose is “to secure in the 38 See § 78 of the judgement. 39 Rotaru v. Romania § 57 op. cit. See also P.G. and J.H. v. United Kingdom § 45 and 47 op cit.

International Human Rights Information Privacy

territory of each Party for every individual … respect for his rights and fundamental freedoms, and in particular his right to privacy, with regard to automatic processing of personal data relating to him” (Article 1), such personal data being defined as “any information relating to an identified or identifiable individual” (Article 2).40

As noted earlier, the phenomenon of databases has made even innocent pieces of personal information into personal data. As Judge Pettiti observed in his consenting opinion in the Malone v. United Kingdom 41 case, “it is known that, as far as data banks are concerned, the processing of “neutral” data may be as revealing as the processing of sensitive data.” According to him, basing interference on the right to respect of private life, on sensitivity of information, would be to miss the target. Basing interference on methods of gathering information would also be misconceived. Judge Pettiti had also foreseen this when he noted that “it is in fact impossible to isolate the issue of interception of communications from the issue of data banks since interceptions give rise to the filing and storing of the information obtained.” The advancement of information and communication technologies (ICT), since the Malone case, has introduced another dimension that Judge Pettiti might not have foreseen in 1984. ICT today allows easy and fast dissemination of information, for example, over telecommunication networks and Internet. “Much of information, collection today occurs in public, and indeed, many parts of cyberspace may well be considered public places.”42 ICT also facilitates easy and speedy retrieval of information and data. The jurisprudence of the Strasbourg organs has developed in such a manner that the old concepts of privacy, namely property, private sphere, intrusive and non-intrusiveness, private and public, and covert and overt, have become less and less significant in determination of interference with the right to respect to private life. The Court has of necessity adopted a broader conception of personal data. Judge Bonello in his partly dissenting opinion in Rotaru case, captured the shift from the narrow to the broad approach adopted by the Court when refusing to endorse the majority decision on applicability of Article 8 he observed that, Article 8 protects the individual’s private life. At the core of that protection lies the right of every person to have the more intimate segments of his being excluded from public inquisitiveness and scrutiny. There are reserved zones in our person and in our spirit, which the Convention requires should remain locked. It is illegitimate to probe for, store, classify or divulge data, which refer to those innermost spheres of activity, orientation or conviction, sheltered behind the walls of confidentiality. (…). In what way does the storage of records relating to the eminently public pursuits of an individual, violate his right to privacy? Until now the Court has held, unimpeachably in my view that the protection of Article 8 extends to confidential matters, such as medical and health data, sexual activity and orientation, family kinship and, possibly, professional and business relations and other intimate areas in which public intrusiveness would be an unwarranted 40 Amann case § 65; Rotaru case §43 and P.G. & J.H. case § 57. 41 Malone v. United Kingdom (1984) E.H.R.R. 182. 42 Solove, D. J. (2001).

103

104

Chapter 4

encroachment on the natural barriers of self. Public activism in public political parties has, I suggest, little in common with the ratio which elevates the protection of privacy into a fundamental human right.43

As regards transparency and proportionality concerns, the Commission and the Court do not expressly infer these concerns in their decisions in connection with interference. Nevertheless, as indicated above, it is possible to construe the concerns in the decisions. The concerns have become more apparent in the recent case decisions in which the Court has decided to adopt the language of the data protection laws (See Amann, Ratoru, P.G. and J. H., and Peck cases). Although the provisions of the Convention do not contain the word ‘proportionality’, the Commission and the Court have actively used the proportionality notion in their decisions on the determination of violation of the Convention as will be seen below. As such, proportionality is a requirement in human rights law but transparency can only be inferred. Decisive Personal Data as defined by CoE Convention

X

Gathering methods Covert/Overt Intrusive/Non-intrusive Voluntary/Compulsory Consent Nature of Information Sensitivity Private/Public Storage of Information Systematic filing Manual Use of Information Deletion of Information

Relevant but Decisions not Decisive P.G.& J.H. v. UK/Amann v. Switzerland/Rotaru v. Romania/Peck v. UK/Hannover v. Germany X X X X

P.G.& J.H. v. UK P.G.& J.H. v. UK Friedl v. Austria Murray v. UK /Perry v. UK

X

Amann v.Switzerland/Kopp v. Switzerland Hannover v. Germany

X X

X X X

Figure 2: Determination of Interference under Article 8 § 1

43 Rotaru case op cit §§ 2 and 6.

Rotaru v. Romania Perry v. UK Kopp v. Switzerland/Amann v. Switzerland Amann v. Switzerland

International Human Rights Information Privacy

4.4

Justification for Interference under Article 8 § 2

4.4.1

Introduction

The right to privacy is not an absolute right. This means that although one has a right to privacy, there are important limits placed on it. This is done when the right comes into conflict with other individual rights or interests such as the right to freedom of expression and freedom of assembly or other public interests such as public order and national security. Limits are, therefore, placed on one or both of the rights. The goal is to achieve a balance - to preserve important qualities of the rights while forging a practical solution that allows them to coexist. As indicated earlier, Article 8 §1 ECHR establishes the right to privacy but Article 8 §2 incorporates limitations to that right. Article 8 §2 also establishes a restricted catalogue of interests and principles to be taken into account while balancing the competing interests. In the preceding section, it was established that determination of interference with the right to respect for private life under Article 8 §1 of the Convention is just the first step of inquiry by the ECtHR. Of course, if it is determined that there is no interference, the inquiry terminates there. If interference, however, is established, the inquiry proceeds to the determination of the question as to whether the interference amounts to a violation or not. In this section, the focus now turns to the question of determination of violation. For a finding of interference under §1 of Article 8 not to amount to a violation, it must be justifiable under §2 of Article 8. It must be: – in accordance with the law, – in furtherance of at least one of the aims listed in § 2, and – be necessary in a democratic society. The application of these principles in determination of violation of Article 8 of the Convention is examined in detail below. An examination of the extent to which the decisions are influenced and manifest transparency and proportionality concerns is also carried out. 4.4.2

Principles in Determination of Violation

4.4.2.1 Introduction Although this chapter is concerned with balancing of interests, the first two principles are not about balancing of interests. The principles of “in accordance with the law” and “legitimate aims” are necessary inquiries the Court must undertake to ascertain that interference is in accordance with the provisions of the Convention. They are questions that must be answered categorically before the issue of balancing of interests can be engaged. In Iatridis v. Greece, the Court observed that it follows that the issue of whether a fair balance has been struck between the demands of the general interests of the community and the requirements of the protection of the individual’s

105

106

Chapter 4

fundamental rights becomes relevant only once it has been established that the interference in question satisfied the requirement of lawfulness and was not arbitrary.44

At this stage of inquiry, the Court does not have to balance any interests. The issue is either there is a law permitting interference or not and the law must pursue one of the legitimate aims stipulated in the Convention or not. As it will be clear below, these are not “yes” or “no” answer questions, and the Commission and the Court have been called, on occasion, to give their own interpretation of what the law means. The third principle “necessary in a democratic society” is concerned with balancing of interests. The Court has discretion and will balance the competing interests where necessary before it concludes on the finding of violation. 4.4.2.2 In Accordance with the Law After the Court has determined that there is an interference with the right to respect for private life under Article 8 of the Convention, the next question for determination is whether the law permits the interference. The requirement that interference be ‘in accordance with law’ means that there must be some sort of legal basis for the interference.45 “The Convention requires a positive basis for an interference with rights. The concept of legality requires first that there must be an identified and established legal basis in domestic law for restrictions on Convention rights. In the absence of such a basis, no derogation from rights can be justified, no matter how worth its objects.”46 This is referred to as the principle of legality.47 The question of ‘law’ involves two further questions, namely the meaning of the term ‘law’ and ‘the essential qualities of the law’. As regards the meaning of the term ‘law’ in the expression “in accordance with the law”, the Court stated in Sunday Times v. United Kingdom that “the word ‘law’ in the expression ‘prescribe by law’ covers not only statutes but also unwritten law”.48 In this case, the Court held that common law is law in the meaning of the Convention. The Court observed that, it [the Court] does not attach importance here to the fact that contempt of court is a creature of the common law and not of legislation. It would clearly be contrary to the intention of the drafters of the Convention to hold that a restriction imposed by virtue of the common law is not ‘prescribed by law’ on the sole ground that it is not enunciated in legislation: this would deprive a common law State which is Party to the Convention of the protection of Article 10 § 2 and strike at the very roots of that State’s legal system.49 44 Judgement 25 March 11999, § 57; See also Lönnroth v. Sweden judgement of 23 September 1982, Series A no. 52, p. 26, § 69. 45 Kopp v. Switzerland (1998) 27 EHRR 214 § 55. 46 Mountfield, H. (2001). p. 7. 47 For detailed discussion of the principle of legality see Svensons-McCarthy, A. L. (1998) Chapter 2 pp 52-94. 48 (1979) 2 EHRR 245 § 47. 49 Ibid.

International Human Rights Information Privacy

The ruling in the Sunday Times case has subsequently been confirmed in several cases.50 The mere existence of a common law rule is, however, not enough, the rule must be ascertainable. It must be able to satisfy the principle of certainty. Where common law rules are so uncertain that they do not satisfy this principle, legislation may be necessary.51 In Malone v. United Kingdom, the Court found the common law rules inadequate because Mr. Malone was not able in absence of legislation to assess whether or not his telephone would be listened into or what the basis in law for the surveillance might be. The rules allowing telephone tapping at the time were in the form of an internal code of guidance produced by police, which was not public. The concept of ‘law’ as used in the Convention is wide enough as to cover various instruments such as statute law, secondary legislation, applicable rules of European Community and international law.52 In Groppera Radio AG and Others v. Switzerland, the Court held rules of international telecommunication law to fulfil the requirements of ‘in accordance with law’.53 Rules of professional bodies may also be sufficient legal basis. In Barthold v. Germany, the Court held that rules of professional conduct applied by the Hanseatic Court of Appeal could be regarded as ‘law’ for the purposes of Article 10 § 2 of the Convention, since they “emanated from the Veterinary Surgeons Council (…) and not directly from parliament”.54 Legal professional rules have also been held to satisfy the criterion ‘law’.55 According to the jurisprudence of Strasbourg organs, for a norm to qualify as ‘law’ it must possess some essential qualities. In the Sunday Times case, the Court observed that, there were two requirements that flow from the expression ‘prescribed by law’. Firstly, the law must be adequately accessible: the citizen must be able to have an indication that is adequate in the circumstances of the legal rules applicable to a given case. Secondly, a norm cannot be regarded as a ‘law’ unless it is formulated with sufficient precision. To enable the citizen to regulate his conduct: he must be able, if need be with appropriate advice, to foresee, to a degree that is reasonable in the circumstances, the consequences which a given action may entail.56

The requirement of accessibility implies that the norm must be published. The condition of accessibility is thus complied with if the impugned restrictions were based on

50 51 52 53 54 55

Malone v. United Kingdom (1984) 7 EHRR 14 § 66 and Chappell v. United Kingdom. Ibid. Mountfield, H. (2001) p. 7 op. cit. (1990) 12 EHRR 321 §§ 65-68. See (1985) 7 EHRR 383 § 46. Casado Coca v. Spain (1994) 18 EHRR 1 §§ 13, 18 and 43; A case concerning legal professional rules 56 § 49.

107

108

Chapter 4

legal texts and case law that had been duly published.57 As the Court, however, observed in Groppera Radio AG and Others case, “the scope of the concepts of foreseeability and accessibility depends to a considerable degree on the content of the instrument in issue, the field it is designed to cover and the number and status of those to whom it is addressed. In other words, accessibility does not mean that the norms should be directly knowable to person affected. If need be a person should seek for appropriate legal advice. Like in this case, the laws were highly technical and complex in nature and were primarily intended for specialists. Hence the accessibility condition was given less strict meaning, because it “could (…) be expected of a business company wishing to engage in broadcasting across a frontier (…) that it would seek to inform itself fully about the rules applicable in Switzerland, if necessary with the help of advisers”.58 Norms in the form of internal guidelines from government departments or other public authorities will probably not fulfil the accessibility requirement unless they are published or at least unless their content is sufficiently knowable.59 In Silver v. United Kingdom, it was observed that the prison orders and instructions on their own would not have met the accessibility criterion because they were not published.60 In the Malone case, Home Office Guidelines on the tapping of telephones were held not accessible because they were not publicly available.61 Similarly, in Govell v. United Kingdom, internal police guidelines on the use of covert listening devices contained solely within non-statutory Home Office Guidelines, which were not legally binding were held by the Commission not accessible because they were not legally binding and publicly accessible.62 The Commission recalls the difficulties experienced by the applicant in obtaining the Guidelines during the course of the judicial review proceedings when the police contended that they were subject to public interest immunity. Further, recalling the dicta of Lord Nolan in R v. Khan [1996] 3 AER 289 at page 302, the Commission notes that there is no general right of privacy in English law. There was, therefore, no domestic law regulating the use of covert listening devices at the relevant time.63

The condition of foreseeability requires that a norm be formulated with sufficient precision to enable the citizen to regulate his conduct (…) to foresee to a degree that is reasonable in the circumstances, the consequences which a given action may entail, those 57 58 59 60 61 62 63

See Svensson-McCarthy, A. L. (1998), p. 79-80; Chappel Judgement, Series A, No. 152-A, p. 23, § 56 at p. 24. (1990) 12 EHRR 321 §§ 65-68. Mountfield, H. (2001), p. 7 op. cit. (1983) 5 EHRR 347 § 87, (But, read together with the notices to the prisoners informing them of the content of Orders and Instructions, the criterion of sufficient foreseeability was satisfied). Malone v. United Kingdom (1984) 7 EHRR 14 § 66-68. Judgement of 14 January 1998 §§ 57-63; See also Khan v. United Kingdom Judgement of 4 October 200. Ibid. § 62.

International Human Rights Information Privacy

consequences need not be foreseeable with absolute certainty. In the Sunday Times case, the Court accepted that absolute certainty as to the application of law to a particular case was neither necessary nor attainable. The Court observed that, Those consequences need not be foreseeable with absolute certainty: experience shows this to be unattainable. Again, whilst certainty is highly desirable, it may bring in its train excessive rigidity and the law must be able to keep pace with changing circumstances. Accordingly, many laws are inevitably couched in terms which, to a greater or lesser extent, are vague and whose interpretation and application are questions of practice.64

In Kokkinakis v. Greece, the Court reiterated that many statutes were imprecise in their wording. It accepted that the need to avoid excessive rigidity and to keep pace with changing circumstances means that many laws are couched in terms which are, to a greater or lesser extent, vague.65 The Court has stated that, the foreseeability condition is “a reference to the protection of the rule of law itself, in that it proscribes any interference with rights save in relation to a set of knowable norms, which are not applied arbitrarily, but in sufficiently predictable fashion to give them the character of law at all.”66 In the Malone case, the Court reiterated its opinion that “the phrase ‘in accordance with the law’ does not merely refer back to domestic law but also relates to the quality of the law, requiring it to be compatible with the rule of law. The phrase thus implies, and this follows from the object and purpose of Article 8, that there must be a measure of legal protection in domestic law against arbitrary interference by public authorities with the rights safeguarded by § 1 Article 8.”67 In Rotaru v. Romania, the Court reiterated that “the rule of law implies inter alia that an interference by the executive authorities with individual’s rights should be subject to effective supervision, which should normally be carried out by the judiciary, at least in the last resort, since judicial control affords the best guarantees of independence, impartiality and a proper procedure”,68 (emphasis added). Although the Court prefers judicial control to other controls, e.g. administrative control, nevertheless, if administrative control exuded qualities of independence, impartiality and proper procedure, it would be regarded as sufficient control. This observation is important as regards data supervisory authorities under data protection laws. It points to the need for independence and impartiality of these authorities. Further, it underscores and recognises that the authorities are able to provide sufficient control that can ensure protection of individual rights. In the Schengen Convention, if the national data supervisory authorities and the Schengen Joint Supervisory Authority are independent, the control they provide would be deemed sufficient. But in a situation where the Schengen Joint

64 65 66 67 68

Sunday Times case § 49. (1993) 17 EHRR 397. Mountfield, H. (2001), p. 9 op. cit. Malone case § 67. § 59; See also Klass case § 55.

109

110

Chapter 4

Supervisory Authority is seen to be under the control of the Council, the sufficiency of control can be questionable. In the Klass case, judicial control was excluded by the system of surveillance established by G10 regulations. Instead, it was replaced with an initial control effected by an official qualified for judicial office and by the control provided by the Parliamentary Board and the G 10 Commission. The last two were independent of the authorities carrying out surveillance, and were vested with sufficient powers and competence to exercise an effective and continuous control. The two supervisory bodies were, in the circumstances of the case, regarded as enjoying sufficient independence to give an objective ruling.69 The Court observed further that, in a field where abuse is potentially so easy in individual cases and could have such harmful consequences for democratic society as a whole, it is in principle desirable to entrust supervisory control to a judge.70 In Kopp v. Switzerland, the telephone of a lawyer, Mr Kopp, was monitored as a third party as he was not under suspicion. The Swiss law protected legal professional privilege when a lawyer is being monitored as a third party and the practice was followed in this case. The Court, however, was critical to the practice followed because even though the case law had established the principle that legal professional privilege covers only the relationship between a lawyer and his clients, the law did not clearly state how, under what conditions and by whom the distinction was to be drawn between matters specifically connected with a lawyer’s work under instructions from a party to proceedings and those related to activity other than that of counsel. In this case, the task was assigned to an official of the Post Office’s legal department, who was a member of the executive, without supervision by an independent judge, especially in the sensitive area of the confidential relations between a lawyer and his clients, which directly concern the rights of the defence.71 The Court observed that in this case, it was conceivable and a risk existed that such an official would not arrive into an objective assessment. The ECtHR has held that “a law which confers discretion must indicate the scope of that discretion.”72 The real question is, in other words, how to provide the executive with discretion and at the same time protect individuals against arbitrariness.73 In the Klass case, the Court stressed that protection against arbitrary interference was required, especially where a power of the executive is exercised in secret, because the risks of arbitrariness are evident.74 The norm that gives discretion must at the same time stipulate the conditions of the discretion by specifying how and by whom it is to be exercised. In Amann v. Switzerland, the rules concerned with processing of personal data had stipulated some general principles, for example that ‘there must be a legal basis for the processing of personal data,’ or that ‘personal data may be processed only for very specific purposes’. But the creation of the card based on those rules was held not to be 69 70 71 72 73 74

§ 56. Ibid. §§ 73-74. Silver and Others case § 88. See Svensons-McCarthy, A. L. (1998), p. 83. Klass & Others case §§ 42 and 49.

International Human Rights Information Privacy

‘in accordance with the law’ because the rules did not contain any appropriate indication as to the scope and conditions of exercise of the powers conferred to the Public Prosecutor’s Office to gather, record and store information. Hence they did not specify the conditions in which cards may be created, the procedures that have to be followed, the information which may be stored or comments which might be forbidden. In conclusion, the Court has used the “in accordance with the law” principle as an evaluation tool to ensure that any restriction on rights conferred by the Convention can only be limited by law. The principle enhances the democratic principle and the rule of law doctrine. The legality principle requires that law should be enacted by democratically elected representatives and institutions. As demonstrated here, the laws and rules that are not enacted by such representatives and institutions may also qualify and be treated as law where they meet the certainty and foreseeability criteria discussed above. For example, regulations and professional codes and rules of conduct based on legislation, common law (where it is public and accessible), treaties and international law and agreements (because they may require ratification by national legislatures). At the same time, rules and laws that are not legislation and do not meet these basic requirements have been declared inadequate as they do not fulfil the “in accordance with the law” principle. The rule of law is also at the heart of the legality principle because it tries to prevent arbitrariness and abuse of power conferred by the law. The requirement that the law must be foreseeable, that is, precise so that those affected by it may conduct themselves in the way required by the law, aims at avoiding arbitrariness and abuse of discretion. A law that is so imprecise and vague such that those it affects do not know the kind of behaviour required of them, will not meet the legality condition. Also inherent in the rule of law doctrine is the requirement of safeguards against abuse of discretion. A law that confers discretion must have in-built safeguards for the exercise of the discretion without arbitrariness. The principle of “accordance with the law” can be said to be a transparency requirement. Transparency requires a positive basis for an interference with rights (see Kopp case). In case law, terms such as ‘ascertainable’, ‘accessible’, ‘foreseeable’, ‘sufficient precision’, and ‘published’ connote transparency. These notions are a demand for transparency in the interference with protected rights. As the Court stated, the law does not refer back to domestic law only, but relates to its quality (Malone case). In other words, the law should possess the attributes named above. That is, it must be transparent. 4.4.2.3 Legitimate Aims After the issue of ‘in accordance with the law’ has been answered positively, the Court must consider the question of legitimate aim. But if the answer is negative, the Court does not consider it necessary to review compliance with the legitimate aim requirement but instead makes a finding of violation of Article 8.75 Consideration of the legitimate aims is treated as something of a formality. The Convention organs have concentrated on the facts of the case at hand, and the question of legitimacy of a particular measure 75 See Kopp v. Switzerland §§ 75-76.

111

112

Chapter 4

at issue is treated along with the question of its necessity.76 On some rare occasions, the interest adduced has been examined critically.77 The legitimate aims play an important role in assessing the proportionality of a restriction and balancing of interests under the ‘necessary in a democratic society’ principle and will be considered under that heading in detail. Article 8 § 2 has a list of six legitimate aims that may be relied upon by a State that restricts the convention right of private life. The aims are: – interests of national security, – public safety, – the economic well-being of the country, – prevention of disorder and crime, – the protection of health or morals and, – the protection of the rights and freedoms of others. The list is exhaustive, and unless the restriction is explicitly stated, there are no grounds for the state to create further grounds. The aims, however, are many and wide in scope and are interpreted flexibly. The governments have a wide choice of aims to select from, and it is not difficult for a government facing an allegation of breach of the provisions of the Convention to find an aim relevant to the case at hand. At the same time, it is difficult for an applicant to argue that the legitimate aim relied upon by the Government is not the ‘real’ aim of the restriction. In the case of Campbell v. United Kingdom,78 the applicant objected to the stated aim by the Government that prisoners’ correspondence was opened for prevention of disorder and crime. He alleged that the purpose of opening correspondence was to learn of the contents of the letter before the prisoner did. The Commission and the Court agreed with the Government that the opening was for prevention of disorder and crime. The Court stated in length that, The Court’s view there is no reason to doubt that the control of the applicant’s correspondence was carried out under the Prison Rules and Standing Orders to ensure inter alia that it did not contain material which was harmful to prison security or the safety of others or was otherwise of a criminal nature. The interference thus pursued the legitimate aim of “the prevention of disorder or crime” within the meaning of Article 8 paragraph 2 (art. 8-2).79

76 Cameron, I. (2000), p. 35-6. 77 Open Door and Dublin Well Woman v. Ireland (1992) § 63: This case involved Article 10 of the Convention. The Government of Ireland purported to rely on the aim of protection of the rights of others (others here referring to unborn child) in an issue of abortion. The applicants objected to the interpretation of others as meaning unborn child. The Court disagreed with the Government assertion. At the same time, it substituted the aim relied on by the Government to that of protection of morals which is one aspect of the protection of the right to life of the unborn in Ireland. 78 (1992) 15 EHRR 137 §§ 40-41. 79 Ibid. § 41.

International Human Rights Information Privacy

It is significant that, although the Government may identify more than one aim, only one is necessary to defeat a claim of breach.80 In conclusion, the hurdle of legitimate aims is an easy one for the State Parties to overcome due to the wide scope and flexible interpretation of the interests. Rarely have the Strasbourg organs found a violation of Convention rights by reference to this standard. It, however, remains to be evaluated whether the interference permitted by the restriction was necessary in a democratic society in the interest of the aim pursued. In this respect, the Convention organs are called upon to assess the proportionality of the measure instituted by the Government. The principle of ‘legitimate aims’ can be seen as both a transparency and proportionality requirement. As a transparency requirement, the principle is a requirement for reasons. The principle limits the aims which can be invoked by a State that interferes with the Convention. By so limiting the aims, the Convention signals that the State must be transparent in its actions and give reasons for the interference. The State concerned cannot purport to rely on non-existing aims. It must give cogent reasons for interference. As indicated above, however, there are difficulties to be overcome because the listed aims are still many, vague and wide in scope, making it easy for the interfering State to escape a finding of violation. Also as indicated below, the Member States are given a wide margin of appreciation which could be used to defeat the purpose of the legitimate aims requirement and the requirement for reasons.81 As a proportionality requirement, the legitimate aims principle is used to consider the proportionality of a measure relied on by a State which interferes with a right protected by the Convention. In fact, it is one of the requirements for proportionality under the proportionality principle.82 It requires that the measure should be proportionate to the legitimate aim. The legitimate aim is dealt with in detail under the principle of proportionality below. 4.4.2.4 Necessary in a Democratic Society 4.4.2.4.1 General The final hurdle in the determination of a violation that the Convention organs must evaluate is the “necessary in a democratic society” criteria. The notion of democratic

80 Klass case §§ 44 and 46; The Government had identified a number of aims as justifying interference namely, the interests of national security, the prevention of disorder and crime and before the Court the Government submitted further aims “in the interests of (…) public safety” and “for the protection of the rights and freedoms of others.” The Court stated that it shared the view of the Government and the Commission that the aim of the G 10 is indeed to safeguard national security and/or to prevent disorder or crime. It did not deem it necessary therefore to decide whether the further purposes cited by the Government were also relevant. 81 See 4.4.2.5 below. 82 See 4.4.2.6 below.

113

114

Chapter 4

society is the cornerstone of European society83 and the entire Convention is based on it.84 The practice of democracy, however, is not uniform in Europe and one finds variations from authoritarian states to liberal states. The “necessary in a democratic society” requirement must be met for an interference with a Convention right to be justified. The objective of this requirement is to protect people against arbitrariness, including the excessive use of public powers. The phrase “necessary in a democratic society” means that, to be compatible with the Convention, the interference must, inter alia, correspond to a “pressing social need” and be “proportionate to the legitimate aim pursued”.85 Under this requirement, the Convention organs deal with three issues. The first is the meaning of “necessary”, second is the question of margin of appreciation and finally is the issue of proportionality. 4.4.2.4.2 Meaning of ‘Necessary’ The Convention organs have defined ‘necessary’ to mean a ‘pressing social need’. In the case of Handyside v. United Kingdom the Court noted that whilst the adjective ‘necessary’, (…) is not synonymous with ‘indispensable’, neither has it the flexibility of such expressions as ‘admissible’, ‘ordinary’, ‘useful’, ‘reasonable’, or ‘desirable’, but it implies a ‘pressing social need’.86 It is not enough for a government to show that the purpose of interference was ‘useful’, ‘reasonable’, or ‘desirable’, instead, it must show the measure met a ‘pressing social need’. As to what amounts to a ‘pressing social need’, in Incal v. Turkey, the Court observed that a state may only restrict a Convention right where it can be demonstrated a ‘pressing social need’ which would justify the finding that the interference complained of was ‘proportionate to the legitimate aim pursued’.87 According to Strasbourg case law, unless the reasons advanced by the authorities in support of a restriction demonstrate a real need for its imposition, a pressing social need is unlikely to be inferred. In Dudgeon v. United Kingdom, legislation in Ireland that criminalised homosexuality relations between consenting adults was found as not responding to a pressing social need. The Court observed that “it cannot be maintained in the circumstances that there is a ‘pressing social need’ to make such acts criminal offences, there being no sufficient justification provided by the risk of harm to vulnerable sections of society requiring protection or by the effects on the public. (…) Accordingly, the reasons given by the Government, although relevant, are not sufficient to justify 83 See Statutes of the Council of Europe 1949 third Pre-ambular paragraph “Reaffirming their devotion to the spiritual and moral values which are the common heritage of their peoples and the true source of individual freedom, political liberty and the rule of law, principles which form the basis of all genuine democracy”. 84 ECHR fourth Pre-ambular paragraph “reaffirming their profound belief in those fundamental freedoms which are the foundation of justice and peace in the world and best maintained on the one hand by an effective political democracy and on the other by a common understanding and observance of the human rights upon which they depend.” 85 Arai-Takhashi, Y. (2002). p. 63. 86 (1976) 1 EHRR 737 § 48. 87 (1998) 29 EHRR 449 § 57.

International Human Rights Information Privacy

the maintenance in force of the impugned legislation in so far as it has the general effect of criminalising private homosexual relations between adult males capable of valid consent.”88 National authorities have a duty to make the initial assessment of the reality of the pressing social need implied by the notion of ‘necessity’. Thus in assessing whether there exists a pressing social need, the Convention bodies have allowed national authorities a margin of appreciation.89 4.4.2.5 Margin of appreciation The doctrine of margin of appreciation is at the heart of the ECHR organs’ jurisprudence. It has been described by one judge of the Court as having been “at the heart of virtually all major cases which come before the Court, whether the judgements refer explicitly to it or not”.90 Although not mentioned anywhere in the ECHR or its travaux préparatories, the doctrine has developed in the case law emanating from the ECtHR and the Commission.91 Its origins can be traced in the Convention organs’ handling of cases concerning public emergencies.92 The justification for granting national authorities a margin of appreciation in emergency cases was based on the notion that it was not fair to criticise a state for having chosen one policy over another. Even if the policy turned out to be wrong, the Convention organs are reluctant to appear wise after the fact.93 Later, the doctrine was applied to other Articles in the Convention, particularly to the question of whether a restriction on the rights set out in Articles 8-11 was “necessary in a democratic society”.94 In a nutshell, the doctrine stands for the notion that the authorities of Contracting Parties to the Convention ought to be allowed a certain measure of discretion in implementing the standards enshrined in the Convention.95 The Court’s application of the doctrine of appreciation is intended to give the State concerned leeway in choosing the appropriate regulatory response to matters affecting rights protection within that state’s territorial boundaries.96 That is, each society is entitled to certain latitude in resolving the inherent conflicts between individual rights and national interests or among different moral convictions.97 Two justifications have been advanced for granting Contracting Parties of the Convention a margin of appreciation namely, the subsidiary nature of the protection 88 89 90 91 92 93 94 95 96 97

(1981) 4 EHRR 149 §§ 60-61. Ari, Y. (1998), p. 42. Cameron, I. (2000), p. 28. Gross, O. & Ní Aolán, F. (2001), p. 625; Benvenisti, E. (1999), p. 845; See also Yourow, H. C. (1996). p. 14. Ibid.; Cameron, Supra p.28; Yourow, H. C. (1996), p. 12-14. Cameron, I. (2000), p. 28. Ibid. Gross, O. & Ní Aolán, F. (2001), p. 626. Ibid. Benvenisti, E. (1999), p. 843.

115

116

Chapter 4

afforded by the Convention and the difficulty in identifying common European conceptions of the extent of the rights or restrictions in question.”98 Thus, the Convention organs have often asserted that national authorities are, generally speaking, in a better position than a supranational entity to adequately balance individual rights with national interests. In the case of Handyside v. United Kingdom, the Court pointed out that, the machinery of protection established by the Convention is subsidiary to the national systems safeguarding human rights (judgement of 23 July 1968 on the merits of the “Belgian Linquistic” case, Series A no. 6, p. 35, para. 10 in fine). The Convention leaves to each Contracting State, in the first place, the task of securing the rights and liberties it enshrines. The institutions created by it make their own contribution to this task but they become involved only through contentious proceedings and once all domestic remedies have been exhausted (Article 26) (art. 26).99

The margin of appreciation, it has been argued, is a product of the distribution of powers between the Convention organs and the national authorities, who share responsibility for enforcement.100 The national authorities have the primary responsibility of securing the rights provided in the Convention, but the last word is for the ECtHR. But Article 10 § 2 does not give the Contracting State an unlimited power of appreciation because the Court has the last word in such cases. The Court “is empowered to give the final ruling on whether a ‘restriction’ or ‘penalty’ is reconcilable with freedom of expression as protected by Article 10. The domestic margin of appreciation thus goes hand in hand with a European supervision.”101 Giving the national authorities a wide margin of appreciation is based on the perception that they are better placed than international judges to interpret the prevailing local context. That is, it is national authorities that are in a good position to judge issues of national security, morality, culture, economic well-being of a country, etc. The Convention organs’ have repeated time and again that “it is certainly not for the Court to substitute for the assessment of the national authorities any other assessment of what might be the best policy in the field at issue.”102 Cameron points out that “the doctrine is in essence one of judicial restraint, inevitable in the circumstances if the Convention organs were to avoid criticism from the Contracting Parties that they were pursuing too dynamic an approach to interpretation.”103 Critics have cast doubt on the justifications for the wide margin appreciation given to national authorities by the Convention organs. Gross and Aoláin have contended that “the margin of appreciation doctrine has resulted in an abdication by the ECtHR of 98 Cameron, I. supra. 28; Gross, O. & Aolán, F. N. (2001), p. 627 “The margin of appreciation doctrine is seen to reflect the twin aspects of subsidiarity and cultural diversity. 99 (1976) 24 EHRR 737 §48. 100 Gross, O. & Ní Aolán, F. (2001), p. 627. 101 (1976) 24 EHRR 737 §49. 102 Klass and Others v. Germany (1978) 2 EHRR 214 § 49. 103 Cameron, I. (2000), p. 28; See also Arai, Y. (1998), p. 61.

International Human Rights Information Privacy

its responsibility to adjudicate complex and sensitive cases, leading to acceptance without sufficient independent reflection, the respondent government’s claims.”104 Chaloka Beyani is also of the opinion that there is a certain danger inherent in this notion since it rests its application on a priori presumption in favour of State measure as falling within the margin of appreciation.105 The jurisprudence of the Court seems to have established that a Contracting State is entitled to a margin of appreciation when the question as to whether it has committed a violation of the Convention comes under review. Beyani further argues that this view places a heavy burden on the part of an applicant to rebut the presumption of legality in favour of the measures taken by a State. He suggests that ideally the question of whether a State acted within the margin of appreciation should be pleaded by the State.106 The onus of proof should lie with the State to show that the measure it took was justified under the limiting exceptions without any aid of entitlement or presumption in the States favour. As Arai has shown, however, the Court is in the habit of shifting the burden of proof from the applicant to the respondent State as an indication of the seriousness of the right involved and hence the need for a stringent review.107 Consequently, the Court has been able to mitigate the liberal application of the margin of appreciation and the effects it may have on the rights of an applicant. Other criticism on the principle of subsdiarity is the extent to which national governments are able to fulfil the primary duty of States as guarantors of human rights in times of emergency, national security crisis, and in the protection of rights of minorities and foreign nationals. As regards emergencies, Gross and Aolán argue that Neither are other domestic structures, mechanisms and institutions able to adequately perform that duty. It is the executive that takes the lead with the judicial and legislative branches either acquiescing or actively supporting it. Emergencies bring about a break down of effective domestic mechanisms of supervision and of judicial and legislative balancing. (…). Faced with national crises, domestic judicial institutions tend to “go to war”, much like the community in which they operate.108

The ECtHR allows the Contracting States a certain margin of appreciation in matters of national policy. The breadth of this margin may be wide or narrow. It depends from case to case. For instance, the Court allows Contracting States a wide margin of appreciation in secret surveillance cases.109 The Court has time and again stated that “it is not for it to substitute for the assessment of the national authorities what might be the best policy in this field.”110 This does not, however, mean that the Contracting States have a blank cheque. While granting a wide margin of appreciation with one hand, the Court does 104 105 106 107 108 109 110

Gross, O. & Ní Aolán, F. (2001), p. 628. Beyani, C. (2000), p. 143. Ibid. Ari, Y. (1998), p. 47; See also Dudgeon case, supra. Gross, O. & Ní Aolán, F. (2001), p. 640. See Leander case & Klass case. See Klass case § 49.

117

118

Chapter 4

limit it with the other hand. In the Handyside case, the Court did stress that domestic margin of appreciation left to the Contracting Parties to the Convention does go hand in hand with a European supervision. It emphasised that “such supervision concerns both the aim of the measure challenged and its ‘necessity’; it covers not only the basic legislation but also the decision applying it, even one given by an independent court.”111 The Court has also often stressed that, the wide margin of appreciation does not mean that the Contracting States enjoy an unlimited discretion to subject persons within their jurisdiction to secret surveillance or other restrictive measures. For example, the Court observed in the Klass case that the Contracting States may not, in the name of the struggle against espionage and terrorism, adopt whatever measures they deem appropriate.112 The Court’s concern here was that such measures could undermine or even destroy democracy on the grounds of defending it. In cases involving issues of morality, the margin is more extensive. In the case of Dudgeon, where the alleged interference concerned “most intimate aspect of private life”, the Court noted that there had to exist particularly serious reasons before interference on the part of the public authorities can be legitimate for the purposes of Article 8 § 2.113 In other cases, the Court has merely emphasised the need for an interference with the rights protected by Article 8 § 1 “in any given case must be convincingly established”.114 Similarly, in immigration cases brought under Article 8, the margin of appreciation allowed public authorities as regards admission and expulsion of foreign nationals from the territory of a Contracting State is presumably wide. The Court, however, is in the habit not to make reference at all either to any particular burden of proof, the margin of appreciation or to the extent of its supervision; instead, it has proceeded to examining the question as to whether the measures taken were “necessary in a democratic society”.115 The doctrine of margin of appreciation is central in the balancing of competing interests under the ECtHR jurisprudence, and in the next section on how the Court has used proportionality as part of balancing of interests will be examined. 4.4.2.6 Proportionality Principle The principle of proportionality is a key feature of ECtHR case law. The term proportionality, however, is not found anywhere in the ECHR. It is derived from the concept of “necessity” found in the Convention that is the notion of “necessary in a democratic society”. The Court employs the proportionality principle to test whether a Convention right has been violated. This is the test whether the interference is “necessary in a democratic society”. Of the three principles for determination of violation, the “necessary in a democratic society” is the one concerned with balancing of interests. While as demon111 112 113 114 115

(1976) 1 EHRR 737 § 49. Klass case § 49. Judgement of 22 October 1981, Series A, No. 45, p. 21 § 52. See Funke v. France (1993) 16 EHRR 297; Miailhe v. France (1993) 10 EHRR 332. Moustaquim v. Belgium (1991) 13 EHRR 212; See also Svensson-MacCarthy, A. L. op. cit.

International Human Rights Information Privacy

strated above the legality principle and legitimate aim principle are easy to surmount, on the other hand, the necessary in a democratic test is rather tricky for the governments and it gives the Court an upper hand in supervising the discretion of the Contracting States. The proportionality principle tends to place the burden of proof on the government to show that the measure or decision undertaken is not disproportional to the legitimate aims. In short, the principle is the mechanism used by the ECtHR to determine whether a fair balance has been struck between the protection of the rights and freedoms of the individual and the interests of the society at large. Proportionality must fulfil three requirements. – Firstly, the interference should impair as little as possible the right or freedom in question. The more substantial the interference with the right in question, the harder it will be for the state to provide “sufficient and relevant” justification.116 – Secondly, any measure adopted which may or will interfere with that right must be carefully designed to meet the objectives in question. That is the measure should be proportionate to the legitimate aim it is supposed to protect such as prevention of crime and disorder. Similarly, where two rights protected by the Convention compete, the measure should be balanced and not be unfairly tilted to the protection of one right over the other. – Thirdly, the measures must not be arbitrary, unfair or based on irrational consideration. This requirement is self-explanatory. The measure must be necessary. That is, it must be designed to meet a pressing social need as discussed above. In the exercise of balancing of interests, the Court takes into consideration the following factors in order to identify whether a measure is disproportionate. – Firstly, the Court will examine whether “relevant and sufficient” reasons have been advanced in support of the measure being pursued.117 The requirement for reasons implies the need to show that the measure is necessary and meets a pressing social need and that the interference must be proportionate to the legitimate aim pursued.118 Measures are likely to be regarded as disproportionate if they impose heavy burdens on an individual or group, apparently arbitrarily, in order to achieve a social benefit, or if they impose penalties which appear to be excessive in relation to the circumstances of the offence to which they relate.119 – Secondly, the issue of whether there was a less restrictive alternative does arise. Metaphorically speaking, a man should not use a club to kill a mosquito. Here the

116 Fordham, M. & Mare, T. (2001), p. 56. 117 Vereinigung Demolratischer Soldaten Österreichs and Gubi v. Austria (1995) 20 EHRR 56; There must be sufficient factual basis for believing that there was a real danger to the interest which the State claims there was a pressing social need to protect. 118 See Silver and Others v. United Kingdom, Judgement of 25 March 1983, § 97. 119 Nasri v. France (1995) 21 EHRR 458; Bensaid v. United Kingdom ; Moustaquim v. Velgium (1991) 13 EHRR 802.

119

120

Chapter 4

– –

–

Court will examine whether other less restrictive measures existed and have been used to achieve the same purpose.120 Thirdly, whether there has been some measure of procedural fairness in the decision-making process. Here the Court will look at the decision-making process to ensure that it is devoid of arbitrariness. This is a rule of law test. Fourthly, is the issue of whether safeguards against abuse do exist. As noted above, Member States are allowed a wide margin of appreciation in most policy matters. Demand for safeguards enables the Court to supervise the exercise of this margin.121 Finally, is whether the restriction in question destroys the “very essence” of the Convention right in issue.122 The act of balancing competing individual and public interests entails balancing of the margin of appreciation allowed to Member States and the rights conferred to individuals.

One may agree with Arai-Takahashi when he proposes that proportionality should be deployed as a device to ascertain whether national authorities have overstepped their margin of appreciation.123 In this way, proportionality would serve an interpretative and evaluative purpose. In fact, the evaluation of the democratic necessity has spawned the most significant principles of interpretation.124 The Strasbourg organs have applied the ‘necessary in a democratic society’ test in a number of policy areas. As regards this study, the areas of concern are surveillance and collection of data as well as immigration, deportation and expulsion of foreign nationals. As regards surveillance and collection of data the legality test plays a more prominent role than the ‘necessary in a democratic society’ test. The latter, however, may come into play when the questions of margin of appreciation and safeguards are being addressed. National authorities are required to prescribe in law ‘adequate and effective guarantees against abuse’ and also they should provide a sufficient degree of democratic control over the exercise of the administration’s discretion.125 Although the ‘necessary in a democratic society’ criterion is mainly a proportionality requirement which is used to balance competing interests, requirement for transparen120 Z. v. Finland (1997) EHRR 186 §§ 105, 110 and 112-113; The Commission relied on the less restrictive alternative doctrine and condemned the failure of the police to inform the applicant, in advance of the seizure of her records and to exclude certain personally sensitive materials from the file transmitted to the public prosecutor and courts. The less restrictive alternative doctrine is also apparent in the Court’s decision that the proportionality test was breached as a result of disclosing the applicant’s identity and health conditions in the judgement and refusing to extend the period of confidentiality granted to her medical data beyond ten years. 121 See Leander case & Klass case. 122 Hertel v. Switzerland (1998) 28 EHRR 534. 123 Arai-Takahashi, Y. (2002). 124 Ibid. p. 12. 125 See, Klass and Others v. Germany (1993) 18 EHRR 305; Leander v. Sweden (1987) 9 EHRR 433; Lambert v. France (1998) EHRR 101.

International Human Rights Information Privacy

cy could also be read in the criteria. For example, the requirement that a measure must not be arbitrary, unfair or based on irrational consideration, it should also be carefully designed to meet the objectives in question, and the requirement for procedural fairness and safeguards all point to the need for proportionality as well as transparency. Whereas hurdles such as legality and legitimate aim may be easy to overcome under the Schengen and EU legal framework because of reasons of legislation, the necessary in a democratic society doctrine especially the proportionality principle, will remain the most potent criterion for evaluating Schengen control measures. 4.5

Conclusion

Going by the recent case decisions of the ECtHR, it is no longer doubtful that data protection is a human right although the Convention does not state this. As indicated above, the Court has boldly manifested data protection principles in its decisions by adopting the language of data protection law. But what still lacks in the Council of Europe human rights framework is a positive statement in the general human rights legislation that human rights protects personal data. Such statement would give data protection the universal status enjoyed by human rights principles. The EU has cured the anomaly by enacting a data protection provision in its Charter of fundamental rights and the EU Constitution. As the analysis of the case law and practice of the ECtHR demonstrates, it is safe to conclude that human rights law is concerned with issues of transparency and proportionality. These are the two main criteria that will be used in this study to evaluate the Schengen Information System and border control co-operation. The criteria are developed further in Chapter 6, and a model for evaluation based on these two notions is formulated.

121

5

Data Protection Laws and Schengen

5.1

A Plethora of Data Protection Laws

Data protection concerns have been with us for over four decades now. A plethora of privacy and data protection legislations have come into existence in the last half of the twentieth century. With the advent of modern computer technology, interest in data protection and privacy surged up in the 60s and 70s. In 1970, the first data protection law in the world was enacted in the Land of Hesse in Germany. Other jurisdictions followed and enacted national laws: Sweden in 1973, the United States 1974, Germany 1977, France and Norway in 1978 and so on. Today, every country in Western Europe has a national data protection law. The laws were a reaction to the enormous potential and capability of computer systems to collect, handle, store, and process personal information. Computers were perceived as powerful tools of surveillance in the hands of governments and private organisations and a danger to individual privacy. There was, therefore, a need to restrict the collection of personal information and stipulate principles to ensure individual protection. At the international and regional levels, there are human rights laws that protect privacy and special data protection legislation that protect personal data. Some laws are overarching, addressing data protection in general and others are sectoral, addressing data protection in special areas such as police, health, telecommunications and Internet. Data protection has been given recognition through enactment of general instruments such as the Council of Europe Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data 1981 (CoE Convention), the OECD’s Guidelines Governing the Protection of Privacy and Trans-border Flows of Personal Data 1981, and the EU Directive on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data 1995. The United Nations has also issued Guidelines Concerning Computerised Personal Files 1990; however the Guidelines have received relatively little attention. Other important instances are sectoral instruments directed to specific sectors, such as the Schengen co-operation, telecommunication, Internet, electronic commerce, police, health care and so on. At the 

See Bygrrave, L. A. (2002), p. 33.

124

Chapter 5

national level, human rights, constitutions and statute laws protect privacy and personal data. What follows below is a discussion of the main data protection laws at the international level and a brief comment on the national level. These laws are the primary legislative source of data protection laws. They are discussed here in anticipation of the analysis of data protection principles and interests in the next chapter. The discussion, however, is limited to aspects that deal with data protection in the police and border control co-operation with the Schengen Convention as a point of reference. The analysis also investigates the quest and development for a binding data protection instrument in the police and border control co-operation as a background material for the discussion on a police and border control (Third pillar) data protection framework in the recommendation chapter. 5.2

International Instruments

5.2.1

UN Instruments

The most important UN instrument on data protection is Article 17 ICCPR (see 3.1.). But the clearest statement on data protection principle is to be found in the case law developed under Article 17 by the Committee for Human Rights. The UN has also issued Guidelines Concerning Computerised Personal Files 1990; however, they have had relatively little effect on data legislation elsewhere. As regards the Schengen, despite the fact that all Schengen countries have signed and ratified the UN instruments, the instruments have little relevance and they will not be a subject for further discussion here. The focus will be on CoE and EU instruments which play a bigger role in Schengen co-operation. 5.2.2

Article 8 ECHR

In Europe, Article 8 of the ECHR is regarded as a fundamental legal basis for data protection. Although this Article is essentially a general privacy protection provision, the term “private life” has been given a broad interpretation by Strasbourg organs and goes beyond the classical privacy right to be free from intrusions into one’s private home and covers the collection of personal information (including photographs and fingerprints) and secret surveillance. In its recent cases, the ECtHR, has interpreted the term “private life” to encompass processing of personal data. The Court’s position suggests that     

For a detailed analysis of these laws from a general data protection perspective see Bygrave L. A. (2002), chapter 2. See 4.1 above Ibid. See also, Justice: The Schengen Information System: a human rights audit, p. 32. See cases of Amann v. Switzerland (2000), Rotaru v. Romania (2000) and P.G. and J.H. v. United Kingdom (2001), See 4.2.

Data Protection Laws and Schengen

processing of personal data can interfere with the respect for the right to private life (see 4.3 above). As regards police and cross-border control, Article 8 is very important because the concept of private life touches on matters of police and border control. The processing of personal data using border control information systems and identification technologies raise issues of Article 8. The Court has interpreted Article 8 in a manner that restricts the broad discretion a State enjoys in international law to regulate entry and residence of foreign nationals in its territory. Article 8 is therefore an important evaluation tool in matters affecting police and cross-border control. 5.2.3

Council of Europe Convention 1981

The Schengen Convention refers to the CoE Convention as a minimum level of protection required to be in place before a Contracting Party can implement the SIS. The requirement demands that Member States enact legislation implementing the data protection principles laid out in the CoE Convention. From a historical perspective, this demand was necessary because many European countries at the time had no data protection legislation in place or data protection principles were reflected in Constitutions and not in a separate legislation. At the time the Schengen Convention was enacted, the CoE Convention was the minimum threshold for data protection in most Schengen countries as the national data protection laws of Member States were modelled after the CoE Convention. But the advent and implementation of the EU Directive by Member States indicated a change in the data protection landscape. The EU Directive has become the minimum level of protection in both private and public sectors. Continuing to rely on the CoE Convention as the minimum threshold of data protection in police and border matters means that data protection in this sector continues to have a lower level of protection than in the other sectors. The question arises as to the logic of continuing to rely on the CoE Convention data protection law in police matters. It is significant that while implementing the Directive at the national level, most Member States did not draw any distinction and legislated that the requirements of the Directive are as applicable to policing as they are to other public agencies. The Directive has therefore become the minimum level of protection at the national plane, even in matters of police and border control. In addition, from a technological perspective, the CoE Convention does lag behind new developments and may not accord adequate protection. The age of databanks which the Convention was designed to regulate is long gone and the new communication technologies in telecommunication networks and Internet require sophisticated and up-todate regulatory framework.

 

See Article 35 of the 1976 Constitution of Portugal; Article 18 of the 1978 Constitution of Spain; Article 1 of the 1978 Austrian Data Protection Act: Fundamental Right of Data Protection Korff, D. (2002).

125

126

Chapter 5

5.2.4

Council of Europe Recommendation No R (87) 15

The Schengen Convention also requires Member States to adapt their legislation to ensure compliance with the principles of Recommendation R (87) 15 of the CoE on regulating the use of personal data in the police sector. The Recommendation supplements the 1981 Convention with more detailed provisions on protection of personal data in the police sector. The Recommendation was deemed necessary for a number of reasons named in the preamble, among them, the fact that the CoE Convention permitted derogation under Article 9 from the principles of data protection in matters affecting police work. There was therefore a need to establish clear guidelines for the police sector which indicated the necessary balance needed in society between the rights of the individual and legitimate police activities when the latter have recourse to data processing techniques.10 Despite its importance in regulating data processing in the police sector, the Recommendation has drawbacks. It is not legally binding and the parties may apply it or not. It is therefore difficult to tell, in spite of the express requirement in the Schengen Convention, to what extent Member States have complied with the Recommendation. Justice observes that, “only the Netherlands has specifically incorporated its principles in 1990 data protection legislation covering the police.”11 From an international law perspective, the Recommendation cannot, however, be taken lightly by Member States despite not being legally binding. Reference to the Recommendation in the Schengen Convention, Europol Convention and Eurodac Convention greatly enhanced the Recommendation status and as a matter of international law, it must be taken into account in the interpretation of the Data Protection Convention.12 If it were legally binding, however, it would make data protection in the police sector clearer and more certain. 5.2.5

EU Directive 95/46 and Regulation 45/2001

The EU Directive regulates processing of personal data in the EU and EEA. Most Member States and EEA States have implemented the Directive at the national level since the deadline of 1998.13 The relevance of the Directive to processing of personal data in the police and border control sector has been doubtful as the latter two have fallen outside the scope of the Directive. The Directive regulates data protection in the First 

Council of Europe: Data Protection in the Police Sector, Regional seminar under the activities for the development and consolidation of democratic stability, Strasbourg, 27 April 2000 p 18: In the words of Patijn, “it expresses for the police sector what the principles of Convention 108 mean concretely.” 10 See, Clause 5 Explanatory Memorandum to the Recommendations. 11 Justice (2000), p. 33. 12 See Brownlie, I. (1990), p. 5.; Recital of the instruments in other Data protection laws is evidence for acceptance. 13 Current update status of implementation can be found at http://europa.eu.int/comm/internal_market/privacy/law/implementation_en.htm. The new member states would also require to access and implement the Directive.

Data Protection Laws and Schengen

(Community) Pillar. The Third (intergovernmental) Pillar falls outside the scope of the Directive by virtue of the exemption incorporated in Article 3 § 2 of the Directive.14 Before incorporation of the Schengen into the EU legal framework by the Amsterdam Treaty 1997, data protection in the Schengen fell outside the scope of the Directive. This also applies to other cross-border co-operations and information systems such as Europol and CIS (Customs Information System) that were intergovernmental in character and with legal basis in the Third Pillar. After incorporation of the Schengen into EU, some of its provisions (immigration and refugee) were moved to the Community Pillar and therefore Community law applies to them. The provisions dealing with police and judicial co-operation in criminal matters, however, remained in the Third Pillar. The Schengen has therefore a double legal basis: the Community law and intergovernmental (international) law.15 As regards the SIS, the division is not black and white as by its nature the SIS strands across the two Pillars. It was therefore placed in the Third Pillar awaiting proper legal base allocation. In this case the SIS has a double legal base. It follows, therefore, that for the parts of the Schengen co-operation that are under the First Pillar, the Directive could apply. More precisely, the base will be the recently enacted Regulation16 implementing the Directive with respect to EC institutions.17 The Regulation implements Article 286 (Treaty establishing the European Communities), which states that the Directive applies to all personal data processing undertaken by the Community bodies and institutions. Just like the Directive, the Regulation does not apply to data processing in third pillar institutions. Data processing in SIS, Europol and part of Customs Information System (CIS) is not regulated by either the Directive or the Regulation since the regimes establishing the systems are in the third pillar. The consequence of this is that data processing by police institutions has its minimum base in the CoE Convention, which has a lower threshold of protection than that in the Community institutions. This may, however, change because the EU Draft Constitution Treaty has abolished the pillar structure. “A major consequence of this change is that, with few exceptions, decisions in justice and home affairs matters will be taken in the Community way with intergovernmental elements being reduced to a minimum.”18 As regards data protection, the changes imply that the 14 See 6.3.4. also. 15 The dual legal basis of the Schengen has been reflected in SIS II proposed legislation (see Chapter 13). 16 Regulation (EC) No. 45/2001 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by the Community Institutions and Bodies and on the Free Movement of such Data. Preamble 16 states that the measures should not apply to bodies established outside the Community framework, nor should the European Data Protection Supervisor be competent to monitor the processing of personal data by such bodies (bodies established outside the Community legal framework). 17 Under Article 286 of the TEC (Treaty establishing the European Communities), the Directive also applies to all personal data processing undertaken by the Community bodies and institutions. 18 House of Lords Select Committee on the European Union 41st Report Session 2002-03: The Future of Europe – the Convention’s Draft Constitutional Treaty, HL Paper 169 21 October

127

128

Chapter 5

intergovernmental instruments enacted in the former Third Pillar will be transformed into Community law when the changes proposed in the EU Constitution take effect. The Directive will therefore apply to institutions formerly in the third pillar. The legal base of SIS will not be divided between the first and the third pillar anymore. But for now, the current SIS remains a third pillar regulated system and the future SIS II system will have a dual legal base.19 5.3

A Brief Comment on National Data Protection Laws

Since the early 1970s, all Western European countries have enacted personal data protection laws. One characteristic of these laws is that they tend to be made of general data protection laws and not sector specific laws. Consequently, they are ill- equipped to fully address data protection problems in specialised areas such as telecommunications, health and police sectors. In the former two sectors,20 sectoral data protection laws have been enacted but not in the latter police sector. Despite the issuance of the Recommendation No R (87) 15 above no country has enacted a national data protection law in line with the Recommendation for police sector.21 The proliferation of cross border information systems and data protection laws (Schengen, Europol, CIS Conventions, and Eurodac Regulation) point to the need for an overarching national data protection law in the police sector. The implementation of the Schengen Convention at the national level may have mitigated the lack of a binding overarching legislation. In Norway, the Schengen Convention was implemented by enactment of a special SIS law and amendment of relevant laws in line with the Convention. Incorporation of the Schengen Convention at the national level of Member States, however, differs as countries have followed different approaches. Some countries have adopted solution similar to the Norwegian one of enacting special SIS law and amending the relevant laws. Others have opted for incorporation of the Convention as it stands into the domestic legal system,22 while others have merely amended the necessary laws.23 That notwithstanding, the scope of the Schengen Convention is limited as it relies on other legislation such as the CoE Convention and national data protection laws to supplement it. There is therefore a need for an overarching legislation in the police sector. The following discussion confirms this postulation.

19 20 21 22 23

2003, The House of Lords London – The Stationery Office Limited. Internet version (PDF) p. 42. See Postscript. Lov av 18 mai. Nr. 24 2001 om helseregistre og behandling av helseopplysninger (helseregisterloven)- The Health Registers Act 2001. In Norway, the former Criminal Register Act and replaced with a new law in line with the CoE Recommendation: Lov om behandling av opplysninge I politiet og påtalemyndigheten (politiregisterloven). E.g. Denmark. E.g. Austria.

Data Protection Laws and Schengen

5.4

Search for Binding Instrument on Data Protection in Police Sector?

5.4.1

Development under Council of Europe

The main Council of Europe instrument regulating personal data protection in the police sector is the Recommendation discussed above. The Recommendation builds on the CoE Convention 1981. The Recommendation, however, is not binding and this has drawn discussion as to how to strengthen it. Consequently, debate has ensued about the need for a hard law in the police sector. In this section, this debate and its outcome at the time of writing is followed chronologically. The first to kick off the debate about a legally binding instrument on data protection in the police sector was the Parliamentary Assembly of the Council of Europe. It issued Recommendation 1181 (1992) on police co-operation and protection of personal data in the police sector. Among its recommendations to the Committee of Ministers was to draw up a convention enshrining the principles laid down in the Recommendation No. R (87) 15. In other words, the Parliamentary Assembly was recommending a binding instrument instead of the “soft law” Recommendation. The Parliamentary Assembly recommendation was promoted by the signing of the Schengen Agreement and the emphasis on exchange of personal information, especially through the Schengen Information System (SIS). It was felt that there was a need for adequate protection of personal data in the police sector, in particular as it related to cross-border communication. But no such convention had been drawn up yet. After the recommendation by the Parliamentary Assembly, the Project Group on Data Protection formulated its opinion on the recommendation. Its opinion went contrary to the recommendation of the Parliamentary Assembly. It stated that rather than to elaborate a new convention, Recommendation No R (87) 15 should be examined carefully, and an assessment made of the need to revise, in particular, the scope of the Recommendation and principle 5.4 (international communication) with a view to ensuring an adequate protection of those personal data kept by police forces and other national authorities in the fields of border control and custom services, asylum and refugees and which are the subject of trans-border data flows or which are registered in supranational data banks.24

The opinion was influenced by the fact that a score of member states had not ratified the main data protection Convention 108. It was not necessary as such to deflect the attention of Member States from the ratification of the Convention by enactment of yet a new convention that would require ratification. Further, the opinion took notice of the fact that reference had been made to the Recommendation No R (87) 15 in, among other texts, the Schengen Agreement and provisions on creation of Europol, the European Information System and the Customs Information System.25 Hence, the status of the Recommendation in international law, though not binding, had been enhanced. 24 § 6, Opinion formulated by the project Group on Data Protection. 25 Ibid. §§ 3 & 5.

129

130

Chapter 5

The Consultative Committee, which has the responsibility for facilitating and improving the application of Convention 108, shared in the opinion of the Project Group on Data Protection for a careful examination of the Recommendation No (87) 15 rather than drawing up of a new convention.26 A report by Dr. J. Cannataci, expert from Malta, which examined reports on the question of examination of the Recommendation No R (87) 15, however, arrived to a conclusion against the need for amendment of the Recommendation. He stated that (…), it is difficult to find convincing arguments which highlight why it is really necessary (rather than being possibly – and arguably – desirable) to amend Recommendation No (87) 15. Before such convincing arguments are advanced, it is difficult to abandon the principle of “leave well alone.27

The Cannataci report (the first evaluation report) also established that the Recommendation be the subject of periodic review on a regular basis every four years. Consequently, in 1998 Mr A. Patijn, expert of the CJ-PD from the Netherlands, completed the next evaluation report. The Project Group reached the conclusion that Recommendation No R (87) 15 gives adequate protection for personal data used for police purposes in the fields which it covers that were relevant at the time of its adoption. The core of the report, however, identified areas and aspects of data protection to which future efforts should be directed.28 The report also made a vital proposal that the CJ-PD, in particular in consultation with the CDPC, be instructed to consider the question of whether the application of the principles of Recommendation No R (87) 15 to present-day police and judicial practices in combating crime requires the adoption of a supplementary legal instrument to the recommendations. The report in effect proposed the change of the original decision to evaluate the 1987 Recommendation periodically, in the sense that over time, the question be answered as to whether any additional international instrument should be developed. In essence, the report brought back the question of a binding instrument into the foreground again, after earlier contrary opinions, but the report did not specifically state what kind of international instrument it meant. In 1999, a group of European experts specialising in data protection met for a seminar, under the auspices of the Council of Europe, to discuss data protection in the police sector. In the meetings a number of recommendations addressed to states and the competent international organisations were made to develop data protection law in the police sector.29 Among the specific recommendations made was that national parliaments address in their domestic law the questions raised by developments in crime, the needs and 26 § 6, Opinion formulated by the Consultative Committee. 27 First evaluation of the relevance of Recommendation No R (87) 15 regulating the use of personal data in the police sector, done in 1994, Document CJ-PD (94) 7. 28 See §8 of the report. 29 Council of Europe: Data Protection in the Police Sector – Regional Seminar under the Activities for the Development and Consolidation of Democratic Stability (ADACS) 13-14 December 1999, Strasbourg, 27 April 2000 ADACS/DGI (2000) 3 Sem.

Data Protection Laws and Schengen

methods of the police and data protection requirements. It stated that “in view of the increase in international police data flows, every country must ensure that the quality of personal data communicated is scrupulously assessed, that its police records are effectively supervised and that data subjects receive assistance, beyond national frontiers.”30 The participants also called for greater consultation and co-operation at the international level among competent organisation and bodies. Returning to the theme of a binding instrument, they expressed the hope that the Council of Europe would continue to study the questions raised at the seminar and look into the possibility of drafting additional legal instruments in order to promote and strengthened the protection and international exchange of personal data. The third evaluation report was issued in 2002.31 It declined to recommend any revision of the Recommendation, arguing that “the principles laid down by this Recommendation are still relevant today and continue to provide a basis for the elaboration of regulations on this issue and serve as the point of reference for any activities in this field.” The report also noted that the Recommendation is referred to in other international instruments, such as the Schengen Agreement and the Europol Convention. The report seemed to shelve the issue of a binding instrument once and for all. In fact, the report also recommended the third evaluation be the last of the periodic evaluations on the relevance of the Recommendation, which until then, had been carried out every four years. The report, however, observed that the use of personal data in the police sector remains a continuing concern and therefore recommended that where necessary, future evaluations of specific issues arising in relation to the development of new techniques of processing police data could be carried out. The report, nevertheless, came out with important recommendations on protection of personal data. It especially recommended creating the distinction between judicial and police data, the data between different police files, for example, permanent files, ad hoc files for analysis of specific criminal phenomena, index systems. It also made recommendations on the categories of persons about which data may be stored as well as length of storage and deletion of data. So far then, the debate has not yet produced a binding convention. Neither has the Council of Europe amended the Recommendation in line with the recommendations by the Patijn report (the second evaluation report). After the third evaluation report, the Recommendation continues to be the main data protection regulatory regime in the police sector, leaving it to Member States to reflect its provisions in their national instruments.32 Perhaps the Council of Europe may be adopting a wait and see attitude, hoping that the EU will come out with binding legislation. This would, however, be a defeatist attitude as the Council of Europe instruments have wider scope of applicability and influence than EU instruments. It is important for the Council of Europe to come out with a binding instrument in the area as data protection is mainly left to individual 30 Ibid. p. 116. 31 Report on the third evaluation of Recommendation No R (87) 15 regulating the use of personal data in the police sector, 2002. 32 Norway has amended its law on police data registration to bring it in line to the Recommendation. See Ot prp nr 56 (1998-99), pp. 88-97.

131

132

Chapter 5

countries. The high level of police and border control co-operation, exchange and sharing of personal data, and the increase use of biometric data (see Chapter 10) dictate adoption of a harmonising and binding data protection instrument. 5.4.2

Development under EU Framework

Police co-operation in the EU has been organised and regulated under the Third Pillar as established by the Treaty of European Union (Maastricht Treaty). Even after the Amsterdam Treaty, police co-operation remained under the third pillar. Consequently, personal data protection in police sector in the EU is not regulated by the EU Directive. Separate personal data protection regimes were incorporated in police conventions such as Europol, Eurodac (now regulated under first pillar) and Customs Information Systems. These instruments, adopted under the terms of Title VI of the Treaty on European Union, did not rely upon the provisions for data protection under the Directive, but were based on specific formulae which do not grant individuals the same rights, appeal procedures and do not rely on the same form of independent control.33 In addition, the rules on the protection of personal data contained in these instruments vary considerably as they are not based on the data protection established by the Directive.34 There is therefore a need for harmonisation in the area. Earlier attempts at harmonisation were made when Italy on 6 May 1998, presented a paper (to the Committee of permanent representatives preparing the work of the Council Ministers – Coreper, and Justice and Home Affairs Council) in which they proposed the examination of the possibilities for a more uniform approach towards data protection in Third Pillar instruments.35 Later, the Legal Services of the Council produced a paper dealing with the protection of personal data in third pillar instruments. It was decided, however, that the subject matter needed more detailed examination at Council working group level (Horizontal Group Informatics).36 Later developments involved the adoption of Council Decision 17 October 2000, establishing a secretariat for the joint supervisory data protection bodies set up by the Convention on the Establishment of a European Police Office (Europol Convention), the Convention on the Use of Information Technology for Customs Purposes and the Convention Implementing the Schengen Agreement on the gradual abolition of checks at the common borders (Schengen Convention).37 The Decision set up a single (common), independent data protection secretariat, which is bound by the above-mentioned Conventions in the exercise of its tasks. The 33 Article 29 – Data Protection Working Party: Second Annual Report on the situation regarding the protection of individuals with regard to the processing of personal data 30 November 1998 (DG XVD/5047/98 final WP 14 p. 29. 34 Article 29 – Data Protection Working Party: Third Annual Report on the situation regarding the protection of individuals with regard to the processing of personal data and privacy in the Community and third countries 22 December, 1999 (5066/00/EN/final WP 35 p. 53. 35 Ibid. 36 Ibid. 37 Official Journal, L 271, 24/10/2000 p. 1-3.

Data Protection Laws and Schengen

purpose of the establishment of the common data protection secretariat was to support the existing joint supervisory bodies in the exercise of their obligation to monitor the correct application of data protection provisions under these instruments.38 The ultimate aim also seemed to be to merge the existing supervisory authorities into a single supervisory authority, which then will have competence over data protection in the third pillar. This was to be accomplished once a set of common data protection principles throughout the third pillar is adopted.39 The adoption of the Draft Resolution on the principles of personal data protection in the field of judicial co-operation in criminal matters, as well as police and customs cooperation is welcome in an area characterised by lack of uniformity between the various regimes. The Draft Resolution, however, is far from satisfactory because it is non-binding and lacks sufficient detail to overcome the problem of lack of uniformity. It is not clear why a Decision (or Regulation)40 in line with the EC Directive and Regulation should not be adopted for the Third Pillar instead of relying on a non-binding resolution. Data protection in the Third Pillar seems to suffer from a lower threshold of protection, unlike that enjoyed by other EU institutions in the first pillar. For example the first pillar bodies are now to be supervised by the proposed European Data Protection Supervisor with significantly greater powers than those exercised by any of the third pillar supervisory bodies. Although the recent decision to set up a joint secretariat is a move in the right direction, the ultimate aim should be to establish a joint supervisory authority for the third pillar with a data protection supervisor possessing similar powers as in the first pillar. Otherwise, the lesser threshold of data protection under the third pillar raises questions of compliance with Article 8 of the ECHR. In addition, the legal regimes in the third pillar, for lack of adequate safeguards, would most likely fall short of the requirements of Article 8.41 The abolition of the Pillar system by the EU Draft Constitution might be the answer to the long-term problem for a binding overarching instrument under the EU legal framework. The implication of the abolition is that Community law will apply to all sectors, including those that formerly were under the intergovernmental pillar. In that case, data protection in the police and border control will also fully be regulated by the EU Directive and Regulation. An overarching instrument would, however, still be necessary in order to address specific issues of data protection in the police and border control co-operation. This contention will be discussed further in the recommendation, Chapter 12.

38 Ibid. preamble (2). 39 Draft Resolution on the principles of personal data protection in the field of judicial cooperation in criminal matters as well as police and customs cooperation , 10968/00, JAI 82. 40 To adopt a Regulation for the third pillar would require a change of the Pillar, i.e. from the third pillar to the first pillar. A Working Group on Freedom, Security and Justice in its final report proposed the replacement of the “conventions”, “framework decisions” and “decisions” provided for in Article 34 TEU by “regulations” and “directives” (or their successors). See CONV 401/02 WG X 12. 41 See Chapter 4.

133

134

Chapter 5

5.5

Conclusion

A movement towards a higher level of protection is apparent from the foregoing discussion. But as long as two levels of protection, one lower and the other higher continue to co-exist side by side, data protection in the police and border control co-operation will remain weak and inadequate. The quest for a binding data protection law in the police sector has not been fulfilled; however, piece meal developments in the area seem to strengthen the need for such an instrument. The hope for such instrument does not lie in the Council of Europe which, despite its vital contribution in the area, has shied from adopting one. The mantle seems to fall on the EU. The EU Constitution Treaty paves way for a higher level of protection than offered by the CoE Convention. But a binding instrument in the police and border control sector may still be necessary in order to address specific personal data protection problems in the area.42

42 See 12.3 below for further discussion on this.

6

Data Protection Principles and Interests

6.1

Introduction

The principles are at the core of the philosophical framework of data protection laws. They stipulate the conditions that must be fulfilled by data controllers in order to process personal data. By identifying the principles, one is able to examine and determine the applicable law. The principles may be summarised as follows: – fair and lawful processing, – minimality, – purpose specification, – information quality, – security, – sensitivity – disclosure limitation – and data subject participation and control. The principles are abstractions of a set of legal rules and are found stated in varying words, in all the main international, regional and national data protection legislation. As such, the principles have acquired a normative force firstly through incorporation in data protection laws. They are expressly stated in the OECD Guidelines, CoE Convention, and EU Directive. The UN Guidelines do not catalogue the principles, but they can be read in the provisions of the Guidelines. National data protection laws of Member States have also incorporated the principles in their provisions. Some countries’ laws have specifically catalogued the principles. In the Norwegian Personal Data Act 2000, the principles are formulated in a similar manner as in the EU Directive and are found under Chapter II “General rules for the processing of personal data”. In the Schengen    

See Bygrave, L. A. (2002), p. 57. Ibid. Korff, D. (2002), p. 59. See, NOU 1997: 19 p. 132; United Kingdom, Australia data protection Acts etc.

136

Chapter 6

Convention, the principles are stated as legal rules for processing personal data but the term principles is not applied at all. Secondly, the principles act as guiding standards in the balancing of interests by data protection authorities in their assessment of the legitimacy of data processing by data controllers. Similarly, the ECtHR, in its recent case law, has given judicial notice to data protection principles as necessary safeguards for processing personal data. The principles work to protect individual rights in the process of processing personal data. In a way, they operate as safeguards to the general rule, allowing the processing of personal data because if they are not complied with, processing of personal data should not take place. In fact, they are sometimes referred to as ‘good information handling’, ‘best data practice rules’ or ‘fair information practices’ with which data controllers are required to comply. If they are not complied with, then the processing of personal data is illegitimate. The two main pieces of data protection legislation, the CoE Convention and the EU Directive, are used here as points of reference in the analysis of the principles. The Schengen Convention is the main concern in this study and analysis will be made of the extent to which data protection principles can be read in the Convention or the extent to which the Convention is concomitant with the principles. The concern here is with the individuals or data subjects’ perspective in police and border control co-operation. The assumption is that the concern of data subjects in police and border control work is not the protection of their privacy and personal data per se, but the protection of their integrity and physical safety. It follows therefore that principles and interests concerned with protection of data subjects’ privacy or private sphere (i.e. to be let alone) and integrity of data will not be the subject of analysis. For example, principles and interests that ensure data quality, security and sensitivity will be mentioned but not analysed. The focus is on principles and interests that guarantee data subjects’ access to their information and impose transparency and proportionality obligations on data controllers and data processors. The term ‘transparency’ is used here to mean knowledge of and accessibility to legal information as well as openness in the processing of personal data. That is data processing should not be secret. It also connotes accountability. Those who process personal data should be accountable for their actions. Transparency therefore refers to the rules and requirements that ensure that legal information is understandable and accessible as well as impose accountability and openness in the processing of personal data and in border control in general. They are rules that impose accountability requirements on data controllers and ensure individual participation of data subjects in the processing of personal data. On the other hand, the term ‘proportionality’ means a requirement for guidance, justification and balance as well as a need to avoid excessiveness and arbitrariness in the processing of personal data. It refers to the rules and interests that impose proportionality requirements on data controllers in processing of personal data and in border control work in general.  

See Bygrave, L. A. (2000), p. 57. See Chapter 4.

Data Protection Principles and Interests

Another assumption is that data subjects’ concern in police and border control work is that control is transparent and proportional. Data subjects would like to know when their personal data are processed and the purpose and use to which they are put. They would also like to ensure that the data are correct and adequate for the purpose for which they are processed and used and that they are deleted and destroyed when the purpose for which they were processed does not subsist. In addition, they would like to be assured that the processing of data is fair and proportional. That is, the data are not processed for ulterior motives other than the stated purpose and that the data are treated in the similar manner for all data subjects. This chapter examines the relationship between data protection principles and interests (6.4). The purpose is to combine the two in order to aid the understanding of the interpretation of data protection laws, and in particular the extent to which data subjects’ interests are taken into consideration. But, as stated earlier, not all principles and interests are examined in detail. The analysis is limited to principles and interests directly relevant to transparency and proportionality issues. The limitation is dictated by the objective and the statement of the problem of the inquiry in this study. From the analysis, a set of evaluation criteria (see 6.5) are developed for application in the rest of the study. Before that, however, it is necessary to examine the concept of personal data as it is the main concern of data protection laws. Data that are not personal data are not within the scope of data protection laws. The understanding of personal data is necessary for the purpose of this study because police and border control co-operation is built around the exchange and availability of personal data. In addition, data information systems and control and identification techniques analysed in this work are based on processing of personal data. 6.2

A Brief Comment on Personal Data

6.2.1

Definition

In data protection, only personal data are protected. Data that cannot be classified as personal data are not protected as they do not fall within the ambit of data protection laws. The term personal data has been defined in relation to whether the data can identify or lead to the identification of the person to whom the data refers. In this sense, the  

See discussion in 6.5.3. In a recent case, Durant case [Michael John Durant v. Financial Services Authority [2003] EWCA Civ 1746, Court of Appeal (Civil Division)], the Court of Appeal (UK) in its decision gave the term personal data a narrow and restricted interpretation. According to the judgement, although data may lead to identification of a person, it does not necessarily follow that the data are personal data in the meaning of data protection laws. They must not only lead to identification of the person concerned but they must relate to the privacy of the person. The term ‘relate to’ was given significance. It follows therefore that data that may lead to a person’s identification but do not have consequences to his/her privacy are not personal data. The meaning of this decision is that data must pass both the test of identification and the privacy test for them to qualify as personal data. The significance of the judgement is that it emphasises the individual privacy aspect that lacked in the conventional discussion

137

138

Chapter 6

term personal data is relative. Firstly, it is relative to whether or not the data can lead to identification of the person concerned. If it can, it is personal data and vice versa. Secondly, it is relative to the person or organisation concerned. For example, where data are encoded, if a person or organisation does not have the capability for decoding the data, then the data are not personal data. Similarly, if a person or organisation has the capability to decode the data, the data are personal data in relation to the person or organisation. Thus any data that may not identify or lead to the identification of the person it refers to, are not personal data and are of no concern to data protection legislation. The issue of whether data are personal data or not is not a black and white one, as there are many grey areas, and the line blurs when the data are further and further removed from specific individuals. According to Jon Bing, personal data can be divided into two rough categories. The first category contains the identifiers, these are assigned names, numbers, written, photographic, sound, electronic, sensor, and biometric data, etc, that point to a physical person in the real world.10 One can here think of identifiers such as name, personal identification number, or numbers assigned to customers by banks, retail stores, and insurance companies or biometrics such as fingerprints and DNA. The identifier is itself an example of personal data. At the same time, all data related by the identifier to the data subject, become personal data. If, however, the identifier is lacking, the data is no longer personal data though describing a real person.11 The second category is a combination of personal data which may serve to identify a person, see example below. According to the CoE Convention, personal data is defined as “any information relating to an identified or identifiable individual (data subject)”.12 The EU Directive has a similar definition: “personal data shall mean any information relating to an identified or identifiable natural person (data subject)”.13 The most important concepts in the definitions are “person” and “identification”. First, the data must relate to or concern a person. The CoE Convention uses the term “individual” and the Directive “natural person”. There is no doubt that, in both cases, the reference is to the natural person, and therefore

of the definition of personal data and with which the data protection laws are concerned. At the same time, it narrows the meaning of personal data by requiring the two tests of identification and privacy instead of the identification test only as in the conventional discourses. Consequently, many data that could have been considered as personal data are excluded. This is the weakness of this decision because it highlights the privacy aspects only from a set of personal data, but as is known, even innocent pieces of personal data could when combined with other personal data have consequences to the privacy of the individual which could not be foreseen at the time. From this perspective the Durant decision is restrictive and undesirable because it leaves a lot of personal data out of the scope of data protection laws.  See also Korff, D. (2002), pp. 11-17. 10 Bing, J, (1995) http://www.jus.uio.no/iri/forskning/lib/papers/footprints/footprints.html. 11 Ibid. 12 Article 2 (a) CoE Convention. 13 Article 2(a) EU Directive.

Data Protection Principles and Interests

the instruments do not apply to legal persons.14 The use of the term “data subject” in parenthesis, which is broader than the term ‘natural person’, in both instruments, however, may lead one to conclude that the term may apply to legal persons too. The question of application of the term to legal persons is beyond the scope of this study and therefore will not be considered further here.15 Secondly, the data must facilitate the identification of such a person.16 As stated above, if the data do not lead to identification of a person, then they do not qualify to be referred to as personal data. But whether data will lead to identification of a person or not depends on other factors such as the quality of the data. If the quality of the data is poor, the data may not enable identification of the person. The quality of data may be influenced by a number of factors. Another factor that may influence the quality of data, and therefore the capability of identification of a person, is the quality of information systems. Of interest though, is the point at which data become anonymous. Here the question to ask and answer is whether there is any way that data can be reconstructed so as to link to an individual. In most cases, it is possible to do so because the sources of the data may exist, for example in archives. But, if the original source of data were to be destroyed, one would most likely conclude that data are not personal data.17 They would, therefore, not be of interest to data protection laws. This is the purport of Recital 26 of the EU Directive which states inter alia that “whereas the principles of protection shall not apply to data rendered anonymous in such a way that the data subject is no longer identifiable (…).” The EU Directive goes further than the CoE Convention in its definition by defining the concept “identifiable person” which the Convention does not. The Directive defines an identifiable person as one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.18

The distinction here is significant. The Directive refers to two categories mentioned above. The first category is the direct identification by means of identifiers such as identity numbers. This type of identification may be said to be certain identification except in cases of mistaken or falsified identification. The second category is indirect identification through one or more factors for example physical, physiological, mental, economic, cultural or social identity. This type of identification can also be said to be certain, although probability of mistaken identity is higher than in the first category. In general, however, identification need not be certain for data to be personal data. What is 14 15 16 17 18

See, Bygrave, L. A. (2002), p. 195. For detailed discussion on legal persons see Korff, D. (2002), p. 195. See, Bygrave, L. A. (2002), p. 67. NOU 1997: 19 Et bedre personvern p. 132. Article 2 (a) EU Directive.

139

140

Chapter 6

required is the probability of identification. Where there is no probability of identification, such data do not qualify to be referred to as personal data, for example, where data have been rendered anonymous.19 If for example, one were to talk about an employee in ‘company A’ without mentioning the name or any other information that may lead to the identification of the employee, then the information that is given may not be classified as personal data. But if the person mentioned some particular characteristics of the employee, which may lead to his or her identification, such as the colour of skin of the employee i.e. “black”, whereas company A has only one black employee, then this information is personal data. But if the company employees were mainly black, the information may not be personal data in that circumstance. The definition gives personal data a broad meaning. The need for a broad definition of personal data is a result of the phenomenon of computers and databases that has rendered even innocent pieces of information relating to a person relevant. It is here that the Durant decision is unfortunately restrictive because it does not take into account this aspect of personal data. As Solove has commented, “each particular instance of collection is often small and innocuous; the danger is created by the aggregation of information, a state of affairs created by hundreds of actors over a long period of time.”20 The danger that databases pose is that small unrelated pieces of information collected over period of time, alone, may not be significant and could not be classified as personal data, but seen in light of each other they may reveal a lot about a person. In the present database age, personal information is not limited to intimate information only, but is all information intimate or otherwise, which can lead to direct or indirect identification of the person. The concept of personal data is very wide and covers all types of personal data, whether they be in the private or public domain, intimate, sensitive or not. The nature of personal data in question does not really matter for the purposes of data protection laws. The important factor is that data are personal data. The nature of the data is only relevant for the question of degree of protection to be accorded the data. For example, sensitive data, as defined by the two instruments referred above, is accorded a higher degree of protection. National laws on data protection, prior to the Directive, may have defined personal data differently, but since the implementation of the Directive by the Member States, the definition in most national laws is similar to that of the Directive with only small variations.21 The Norwegian Personal Data Act of 2000 defines personal data as “any information and assessments that may be linked to a natural person”.22 Although the definition is similar to that in the Directive, except for the inclusion of “assessments” 19 See Recital 26 EU Directive. 20 Solove, D. J. (2001). 21 Korff, D. (2002), pp. 11-17: Also Cf. Norwegian, Finish, Swedish and Danish laws which adopt the first part of the definition in the Directive but omit the second part. 22 § 2 (1) Act of 14 April 2000 No. 31 relating to the processing of personal data (Personal Data Act).

Data Protection Principles and Interests

as part of personal data, it is the same as that in the former law.23 Assessment may refer to value judgement given to information especially as a result of linkage of data from different sources.24 The Schengen Convention does not contain a definition of personal data. Instead, it mentions two categories of data which are to be entered in the SIS. – Persons for whom an alert has been issued (Articles 95-99). – Objects referred to in Article 100 and vehicles referred to Article 99. The omission should not be alarming as the Convention also makes reference to the CoE Convention. The understanding would be that the Schengen Convention subscribes to the definition in the CoE Convention. In the circumstance, the interpretation to be given to the term ‘personal data’ in the Schengen Convention should correspond to the definition in the CoE Convention. But that is as far as the similarity goes because the Schengen Convention has, unlike the CoE Convention, stipulated catalogues of what is to be considered as personal data for the purpose of SIS. The first catalogue is data entered into the SIS concerning persons. The items of data are as follows: – Surname and forenames, any aliases possibly entered separately, – Any specific objective physical characteristics not subject to change, – First letter of second forename, – Date and place of birth – Sex, – Nationality, – Whether the persons concerned are armed, – Whether the persons concerned are violent, – Reason for the alert, – Action to be taken.25 The catalogue of personal data is interesting because it includes objective and subjective data. The objective data can be said to be identifiers which can directly identify a person such as name, date and place of birth and identifiers which can indirectly identify a person such as nationality, sex and physical characteristics. The subjective data are opinions and assessments i.e. whether the persons concerned are armed or violent. Such data are not necessary for identification of the person but could be useful when combined with other personal data. The second catalogue of data entered in the SIS is data on objects. These are data on objects sought for the purposes of seizure or use as evidence in criminal proceedings. – Motor vehicles with a cylinder capacity exceeding 50 cc which have been stolen, misappropriated or lost, – Trailers and caravans with an un-laden weight exceeding 750 kg, which have been stolen, misappropriated or lost, – Firearms which have been stolen, misappropriated or lost, 23 NOU 1997: 19 Et bedre personvern p. 131; See also Ot. Prp. 92 (1998-99) p. 101. 24 See Bygrave, L. A. (2002), p. 46 for a detailed discussion. 25 Article 94 (3) the Schengen Convention.

141

142

Chapter 6

– –

Blank official documents which have been stolen, misappropriated or lost, issued identity papers (passports, identity cards, driving licences) which have been stolen, misappropriated or lost, Banknotes (suspect notes).

The Convention states that personal data on objects may be communicated in accordance with the Convention. Both catalogues of data are personal data, because the first is data about persons and refers directly to the person, while the second group does not directly refer to the person but can lead to identification of the persons concerned. The two catalogues limit the scope of what is personal data according to the Schengen Convention, so as to cover these catalogues only. Any personal data which are not entered in the SIS are not personal data for the purposes of the Convention. Thus, while the concepts of personal data in the CoE Convention and the Directive are broad and include all categories of personal data, the concept of personal data under the Schengen Convention is specific, applying to data that are included in the SIS only. But whether or not the data will lead to identification of the person concerned is a question of the quality of the data. As noted above, identification is not guaranteed, other factors such as quality of data are decisive. For example mistaken and false identity and individuals whose identity has been usurped are a big concern in the SIS.26 Recording of aliases, too, gives rise to the problem of false identities. 6.2.2

Data Processing

The concept ‘data processing’ is important in data protection laws, as there cannot be violation of the law if there is no processing of personal data.27 It is also important for 26 JSA - Opinion 98/2 on entering an alert in the Schengen Information System on individuals whose identity has been usurped. 27 In the Lindqvist case, Case 101/01 Criminal Proceedings against Bodil Lindqvist (ECJ Case C-101/01) European Court of Justice, 6 November 2003, one of the issues in the case was whether publishing of personal information on the internet was processing within the meaning of the EU data protection Directive. The Court held that it was processing of personal data. It said that the loading of personal data on a web page falls within the definition of processing of personal data. “Placing on the internet website information such as individual’s name, telephone numbers, job details and medical conditions does in fact constitute the processing of personal data by automatic means.” Lindqvist had been fined in proceedings brought by Swedish data protection authorities for violating data protection law by illegally processing personal data. She appealed. In her appeal, she argued inter alia that posting information on an internet website did not constitute “processing of personal data” within the meaning of the data protection Directive. The Swedish Appeal Court referred the matter to the ECJ for interpretation. If the Court had arrived at the opposite interpretation, the posting of information would not have been processing within the meaning of the Directive and Lindqvist would not have been in violation of data processing law. This case points to the significance of the meaning of the term “data processing” as not all treatment of information is data processing.

Data Protection Principles and Interests

the purpose of this study, and in particular, in the analysis of identification techniques in Chapter 10. It is therefore important to understand what processing means. For example when does processing begin and when does it end? What activities touching personal data constitute data processing? As regards to when the processing begins and ends, the two main international data protection laws give guidance. The CoE Convention is concerned basically with “automatic processing”. It states that, automatic processing includes the following operations if carried out in whole or in part by automated means: storage of data, carrying out of logical and/or arithmetical operations on those data, their alteration, erasure, retrieval or dissemination.28

According to the CoE Convention, processing of personal data starts with the storage of data and ends with retrieval or dissemination. The Convention does not regard early activities on personal data such as collection and recording as part of processing.29 Accordingly, processing begins with the creation of a file or register and not before that. The understanding of the concept of file as “automated filing” and not “manual filing” influences the limitation of the application of the term processing. The status of technology at the time of enactment of the Convention (and most national data laws of the time) also influenced the understanding of the term processing. As Seipel notes, “in the 1970s when most European data protection laws were enacted, searches, selections, matching etc. required that the data be organised in advance.”30 The Directive, on the other hand, adopts a wide meaning of processing. Processing covers every stage from when the data are collected until they are acted upon, that is, disseminated, deleted or placed in an archive. It states that, processing of personal data (processing) shall mean any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available. Alignment or combination, blocking, erasure or destruction.31

According to the Directive processing begins far earlier with operations such as collection, recording and organisation of data before the act of storage. This again reflects the understanding of the concept filing system employed by the Directive to include not only automated but also manual filing.32 In this sense, the scope of the Directive is wider 28 Article 2 (c) CoE Convention. 29 See Note 31 of the Explanatory Report. “Subject to the provisions of Articles 5.a and 12, the collection of information falls outside the notion of “processing”. 30 Seipel, P, (2001), p. 129. 31 Article 2 (b) EU Directive. 32 See Durant case supra for the meaning of filing system. It was held that “a ‘relevant filing system’ for the purposes of the Act, is limited to a system: 1) In which the files forming part of it are structured or referenced in such a way as to clearly indicate at the outset of the

143

144

Chapter 6

than the Convention as it applies to both manual and automated processing of personal data. Again, as Seipel notes, this is a reflection of the state of technological advancement as data processing technology has brought about a situation where powerful searching procedures, etc. can make up for a lack of prior data structure.33 The Schengen Convention does not contain a definition of data processing. The omission could be explained away by the fact that the Convention makes reference to the CoE Convention. In that case, the definition of data processing in the CoE Convention applies to the Schengen Convention too. It is, however, worth noting that since the Schengen Convention has defined the data to be entered in the SIS, the term ‘data processing’ is limited to processing of these data only. Any other processing involving other data than the data defined is not data processing according to the Schengen Convention. Data processing for the purposes of the Schengen Convention seems to start with the registration of data in the SIS. For example, the Schengen Convention does not protect personal data at the stage of collection and before a decision has been made to enter the data into SIS.34 Once the data has been entered into the SIS then the Schengen Convention applies to these data. The processing of data prior to entry into the SIS would therefore be governed by either the national law or the CoE Convention. 6.3

Data Protection Principles

6.3.1

General

The aim of this section is to systematically present the core principles of data protection as established in the main founding legislation. The principles ensure transparency in data processing on two levels. Firstly, they accomplish this through empowering data subjects’ participation in data processing by endowing them with access rights. Secondly, they do this through imposing transparency obligations on data controllers. That is requiring controllers to comply with the principles of data processing and to provide data subjects with necessary information on the processing of their personal data. What follows below is the discussion and analysis of the principles at the two levels. But as mentioned in 6.1 there are more principles of data protection than those discussed below, however, those omitted have no direct relevance to the transparency approach adopted in this study.

search whether specific information capable of amounting to personal data of an individual requesting it under section 7 is held within the system and, if so, in which file or files it is held; and 2) which (system) has, as part of its own structure or referencing mechanism, a sufficiently sophisticated and detailed means of readily indicating whether and where in an individual file or files specific criteria or information about the applicant can be readily located”. 33 Seipel, P. (2001), p. 129. 34 See Chapters 9 and 10 where collection of personal data is covered by national laws and not the Schengen Convention.

Data Protection Principles and Interests

6.3.2

Individual Access Rights

Individual access rights are given expression in the Individual Participation Principle, which is a set of data subject’s rights. The rights are designed to enable the data subjects to have a degree of control on the processing of their personal data.35 The principle of individual participation could, therefore, rightly be referred to as the “principle of individual control” or “self-determination principle”. But the principle also involves data controllers’ obligations because individuals cannot exercise their data protection rights without the co-operation of the data controllers. For example, the right of access cannot be exercised by data subjects without controller’s co-operation, that is, the controller responding to the request for information by data subjects. The principle also sets out the duties of controllers to respond to such requests for information and other obligations that require the controller’s initiative, for example the right to orient data subjects when certain personal information is processed. In the earlier data protection laws, the individual participation principle was mainly reflected in the right of access and the corollary rights of correction, deletion and remedy. Also it involved the data subject right to establish the existence of an automated personal data file (system). Article 8 of the CoE Convention is representative of the principle of individual participation as found in the earlier data protection laws.36 The Directive, which represents the new generation of data protection laws, especially in Europe, has expanded the principle of individual participation to include new rights for data subjects. These rights include – rules requiring data controllers to collect data directly from data subjects in certain circumstances, Article 7, – rules prohibiting processing of personal data without the consent of the data subjects, Articles 7 and 14, – rules requiring data controllers to orient data subjects directly about certain information on their data-processing, Articles 10, 11 and 12, and – rules granting individuals the right not to be subjected to automated decisions, Article 15.37

35 Note 50 of the Explanatory Report to the CoE Convention. 36 Article 8 states that “any person shall be enabled: a. to establish the existence of an automated personal file, its main purposes, as well as the identity and habitual residence or principal place of business of the controller of the file: b. to obtain at reasonable intervals and without excessive delay or expense confirmation of whether personal data relating to him are stored in the automated data file as well as communication to him of such data in an intelligible form: c. to obtain, as the case maybe, rectification or erasure of such data if these have been processed contrary to the provisions of domestic law giving effect to the basic principles set out in Articles 5 to 6 of this convention: and d. to have a remedy if a request for confirmation or, as the case may be, communication, rectification or erasure as referred to in paragraphs b and c of this article is not complied with.” 37 See also Bygrave, L. A. (2002), p. 63.

145

146

Chapter 6

The Schengen Convention also has provisions for data subject rights in Article 109 the right of access, Article 114 the right to request verification of data, Article 111 the right to correction and deletion of data (see discussion in 7.2.6.5.). For data controllers, complying with these rights is a formal process. For example, the controller is required to satisfy any request of information by data subjects if it meets the laid down conditions and unless there are exemptions or restrictions. Exemptions on data subject rights are incorporated in data protection laws: the CoE Convention in Article 9 and the Directive Article 13 (6.3.4 below). The right of access is found in all data protection laws, – the CoE Convention Article 8, – the Directive Article 12, – the Schengen Convention Article 109. The objective of the right of access is to enable a data subject to find out whether information concerning him is being processed and to find out the existence of an automatic personal data file (system). The right as such underscores the need for transparency, that is, operation of information systems dealing with personal data should not be secret. The right requires the controller to provide the data subject, upon request, with information or confirmation as to whether personal data relating to him are being processed. The right presupposes initiative on the part of the data subject to find out whether personal data are registered. In addition, the communication by the controller to the data subject should state the purposes for the processing, the categories of data concerned and the recipients or categories of recipients to whom the data are disclosed. According to the Convention, it should also disclose the identity and habitual residence or principal place of business of the controller. Both instruments require the controller to communicate the data in an intelligible form to the data subject without excessive delay. The directive has expanded the scope of the right of access to include communication of knowledge of the logic involved in any automatic processing of data concerning the data subject at least in the case of the automated decision referred to in Article 15 (1). Communication of such information happens only where the decision is fully automated. That is where the decision is arrived at without human beings taking part in any part of the decision. If there is intervention by a person, then the decision is not automated, and the right is not applicable. If, however, the decision is purely automated then an individual affected by such a decision has the right to request an explanation of the rules inbuilt in the program (software) used to reach such a decision.38 Realistically, there are very few decisions in the public sector that can be said to be fully automated and therefore this right may not be available to most data subjects dealing with the public authorities. This is more so under the Schengen and border control regimes. But with the advent of biometric technology in border control work and the data profiling possibilities it raises, this right may become advantageous.39 38 For detailed analysis of the right under Article 15 of the Directive see Bygrave, L. A. (2002), p. 319-328. 39 See Chapter 9 below.

Data Protection Principles and Interests

The data subjects’ rights of rectification, erasure and blocking (according to the Directive only), which are part of access rights, are available to data subjects if the processing of data is in contravention with data protection laws. For example, where the processing of the data is unfair to the data subject or unlawful or done without the consent of the data subject where such consent is needed. The Directive emphasises that the right applies especially where the data are incomplete or inaccurate in nature. The objective of these rights is to ensure the quality of data. The rights are exercised by the data subjects, but the controllers also have a duty to ensure the quality of data as well as to protect data subjects’ interests and rights. Consequently, data controllers have the obligation, on their own initiative, to rectify, erase or block data that do not meet the quality required. The Directive also requires upon rectification, erasure or blocking, notification to third parties to whom the data have been disclosed unless notification proves impossible or involves a disproportionate effort. There is no similar notification provision in the CoE Convention. The need for notification of the changes to the original data, however, is anticipated by the Convention and it is usually given effect in national laws.40 The Convention provides for a remedy if any of the elements of the principle of participation is not respected. The Directive provides a general right of remedy in Article 22 which applies to breach of any of the provisions. Another right that empowers individual participation and is only found in the Directive Article 14 is the data subject’s right to object. Member States are required to grant data subjects the right to object to processing of personal data in two circumstances. Firstly, in cases referred to in Articles 7 (e) (task carried out in the public interest or exercise of official authority) and 7 (f) (processing necessary for the purpose of the legitimate interests pursued by the controller or by third party), if there are compelling legitimate grounds relating to his particular situation to processing of data relating to him. It calls for balancing of individual rights and interests with public interests. The framing of the provision appears to put emphasis on the protection of individual privacy rights when it states “except where such interest are overridden by the interests for fundamental rights and freedoms of the data subject which require protection under Article 1 (1).” But it is difficult to see how data controllers can accomplish the task of individual protection if that may seem to be contrary to their interests of processing personal data. One is inclined to agree with Schartum’s position, where he observes that according to the condition in Article 7 (f), data protection interests are considered to be less important than other interests (data processing interests). The clause may be understood by controllers to be a sufficient basis for almost any processing of personal data.41 The right to object is not available where the law provides for processing of personal data. If the data subjects have justifiable objection, the processing of such data should be avoided. The right as such, is of limited application for data processing in the public sector where special data protection laws, for example the police or Schengen, are operational. Bygrave has described Article 14(a) as essentially a default provision that operates in the absence of contrary national legislation.42 The second situation when the 40 Note 54 of the Explanatory Report to the Convention. 41 Schartum, D. W. (2001), p. 98. 42 Bygrave, L. A. (2002), p. 355.

147

148

Chapter 6

right to object may be invoked is where personal data are processed for the purposes of direct marketing. This is of no direct relevance to the Schengen and border control work and therefore no further discussion will be carried out here. 6.3.3

Controllers’ Transparency Obligations

6.3.3.1

General

To ensure transparency in the processing of personal data, individual access rights discussed above are important, but also important are the controllers’ obligations to ensure transparency. In this section, the focus is on data protection principles that impose transparency obligations on data controllers. 6.3.3.2 Fair and Lawful Processing Principle The first of the principles that impose transparency obligations on data controllers is the fair and lawful principle. The principle requires that personal data are processed fairly and lawfully and it is the most important of the principles as the other principles are derived from, or complement this principle. The principle of fairness and lawfulness has legal expression in both – the CoE Convention Article 5 (a), which states that personal data processing shall be obtained fairly and lawfully, and, – the Directive Article 6 (a), which states that personal data must be processed fairly and lawfully. The principle is not stated in the Schengen Convention. But since the principle can be read in the other principles such as the principle of quality of data, it can be concluded that the principle is implied. At the same time, the fact that the Schengen Convention refers to the CoE Convention, it is safe to conclude that the principle is also implied. Lack of express mention of the principle, however, may connote a weakness in data protection in the Schengen Convention as the principle is the core of the principles of data protection. None of the legislation on protection of personal data defines the terms ‘fairly’ and ‘lawfully’ but the principles can be said to indicate what is meant by fair and lawful processing.43 The notion fairly is less obvious but potentially the broader of the two.44 It is, however, not a precise term capable of definition. Fairly calls for balancing of interests and expectations of the parties involved. It is also a proportionality principle that may potentially be employed to override even lawful processing, for example, to protect individual data subjects from abuse by data controllers, even where the acts of the latter are lawful. Even though a data controller may be able to prove that information was obtained and personal data processed fairly and lawfully in general and on most occa43 The link of fairly and lawfully to other principles is explicit in e.g. Recital 28 of the EU Directive. 44 Bygrave, L. A. (2002), p. 58.

Data Protection Principles and Interests

sions, if it has been obtained unfairly in relation to one individual, there will have been a contravention of the principle of fairness. Fairness also connotes transparency. That is, the processing of personal data must be transparent to the data subject. This requirement has far-reaching implications, as it means that personal data processing may not be performed without the knowledge of the data subject, i.e. data subject’s consent should be sought where required. Further, where consent is not necessary, for example, where data is collected from a third person or party, the data subject has a right to be informed. The transparency requirement applies to information systems, too.45 The existence of a processing operation should not be secret. The data subject has a right to know of the existence of such processing system.46 In addition, if the data subject is the object of automated decision, the controller may, if required, give an account of the rules incorporated in the computer software which forms the basis for the decision.47 Automated processing can be unfair, either where the program is itself operating correctly, but results in the unfair use of data, or where a program is of poor quality and contains errors which mean that it does not operate as the data controller intended. The other twin concept “lawful” is not as problematic as the “fairly” notion. The concept lawful means permitted by law or done with lawful justification or excuse. Where the law does not permit processing of personal data, then it cannot be lawful. For example, processing of personal data that is in breach of any of the principles of data protection is not lawful, except where there is an exemption allowing such processing. Section II of the Directive stipulates criteria for making data processing legitimate. Among them are consent, and a legal requirement.48 The instances named in Article 7 of the Directive are exhaustive, and data controller cannot purport to add or supplement them. In addition, lawful includes other legal requirements imposed by law and rules, for example, confidentiality, licensing, and disclosure rules. The concept of lawful in data protection is similar but broader than the notion of “in accordance with law” or “legality principle” under Article 8 ECHR (discussed in Chapter 4). Processing that is not lawful under data protection law would also be unlawful under Article 8.49 6.3.3.3 Purpose Specification Principle The other principle that imposes transparency obligations on the controllers is the purpose specification principle. It is also among the most important of the principles. Its aim is to ensure transparency in the processing of personal data and to make it possible

45 46 47 48 49

Ibid. Recital 38 of the EU Directive. § 22, Norwegian Personal Data Act 2000. See, Article 7 of the EU Directive; Recital 30 of the EU Directive. The ECtHR case on Article 8 has recognised data processing principles as important safeguards that if breached would constitute a violation of Article 8.

149

150

Chapter 6

to control the extent to which the processed data are used. But as Blume observes, data controllers resist this principle because it can severely restrict their usage of data.50 – Article 5 (b) of CoE Convention states that personal data undergoing automatic processing shall be: “stored for specific and legitimate purposes and not used in a way incompatible with those purposes”. – Article 6 (b) of the Directive states that Member States shall provide that personal data must be: “collected for specific and legitimate purposes and not further processed in a way incompatible with those purposes”. The purpose specification principle is expressly stated in the Schengen Convention. It can be said to be the cornerstone of data protection in the Convention. Under Article 102, the Contracting Parties are under obligation to ensure that data registered in the SIS are used for the purpose for which they were recorded. In these circumstances, personal data may be used only for the purposes laid down for each type of report in Articles 95100 of the Convention. Use of the data for any other purpose must fall under the derogation requirements in Articles 102(3) and (4). The consequences for such derogation are not discussed here. They will be fully addressed in 8.3.2.3. The principle incorporates three elements i.e. the purpose(s) must be – specified, – legitimate and, – further use or processing should not be incompatible with the original purpose(s).51 Both the CoE Convention and the Directive formulate the principle differently, but all the elements above are present in both definitions. The specific element does not present serious understanding problems. Simply put, it means that the purposes must be defined and documented in advance of collection.52 It also means that the purposes should not be vague or ambiguous. For example, it would not be sufficient to state the purpose as being “for national security”. The term national security itself is broad, vague and could mean many things at the same time. Perhaps that is why the Directive includes the term “explicit”, which emphasises the need for the purposes not only being specific but being clear enough to be understood without difficulties by the data subjects. The legitimate element may be wider in meaning than the connotation lawful. It suggests something more than being lawful. Legitimate here involves elements of ‘fairness’ (as discussed above), ‘necessary’ or being ‘socially acceptable’.53 Data controllers cannot invent any purpose even though lawful, it must be acceptable to society or as Bygrave puts, it must ‘not run counter to predominant social mores’.54 This understanding of 50 51 52 53 54

Blume, P. (2001), p. 18. See also, Bygrave, L. A. (2002), p. 61. Ibid. p. 338. Ibid. p. 61. Ibid.

Data Protection Principles and Interests

legitimate is in line with the concept of ‘legitimate aims’ in human rights law, especially, under Article 8 ECHR (Chapter 4). Although consideration of legitimate aim is treated as something of a formality by the Strasbourg organs, the question of legitimacy of a particular measure at issue is treated along with the question of its necessity. The concept of legitimate aims plays an important role in assessing the proportionality of a restriction and balancing of interests under the ‘necessary in a democratic society’ principle.55 The final element, ‘further use and compatibility with original purposes’, restricts the use of collected data by data controllers. It also protects data subjects from abuse and misuse of their personal data by data controllers. There are, however, instances where it would be reasonable for data controllers to use the data already in their custody for other purposes, for example, where the needed data already exists either in the custody of the data controller or other controllers. Use of such data may be necessary because it is efficient or cost-effective to use the data instead of collecting or processing them all over again. There must, however, be safeguards to protect data subjects’ privacy. One such safeguard is the requirement for a legal authorisation to use the data. The rule of thumb here is that, the data should not be used or processed in a way incompatible with the original purposes. The data controller has a duty to ensure that the new purpose closely corresponds or relates to the original purposes. Where new uses do not conform to the original purposes, for example, if data were originally collected for purposes of processing asylum application, it would be unlawful to use it for purposes of fighting crime if the offence was not related to the issue of asylum. Data controllers, on the other hand, do circumvent this requirement by stating as many purposes as possible. The practice may thwart transparency and predictability in data processing. This arises because it is accepted that more than one purpose can be stated at the time of collection and no limit is indicated.56 The legitimate criteria discussed above, however, can be seen as putting a limit to what purposes may be acceptable or not. Consequently, data controllers cannot incorporate any purposes they think fit. The compatibility element also restricts the disclosure of personal information for purposes that are incompatible with the original use. According to Bygrave, the term compatibility could be seen from two perspectives: the data controllers’ and the data subjects’. From data controllers’ perspective, the term could be read as simply requiring that the secondary purposes for which data are processed must not reduce the possibility of realising the primary purposes for which the data were collected.57 This interpretation promotes data controllers’ interests, namely realising the objective of data processing. As regards data subjects’ perspective, the term incompatible should be seen to promote data subjects’ interests. That is, any secondary purposes will not pass the test of compatibility unless the data subject is objectively able to read those purposes into the primary purposes, or the secondary purposes are otherwise objectively within the ambit of the

55 See also, 4.4.2.3. 56 Blume, P. (2001), p. 18. 57 Bygrave, L. A. (2002), p. 340.

151

152

Chapter 6

data subject’s reasonable expectations.58 In this sense, it is a safeguard against breach of vital interests of data subjects such as privacy, confidentiality, unlawful and excessive control. It also restricts data controllers’ way-wide actions such as data mining, data linkage and data matching where these activities are not permitted. 6.3.4

General Exceptions and Derogations to the Principles

Data protection exceptions and derogations are recognition that transparency is not absolute. It has its limits, especially where societal control interests may outweigh the need for openness, especially in crime prevention and combat. It is this aspect that is emphasised in the analysis of the exceptions and derogations to the principles in this section. The exceptions examined below are those that put limits to transparency. The exceptions not directly involved in curtailing the level of transparency are not examined here. For example, exceptions involving freedom of expression and processing of anonymous data are not dealt with. The main international data protection legislation, the CoE Convention, the EU Directive and the Schengen Convention, which are the focus here; incorporate exceptions or derogation into the principles of data protection discussed above. The objective of the exceptions is to allow processing of personal data where State or societal interests may override the interests of data subjects. The Explanatory Report to the Convention confirms this when it states that “the exceptions are limited to those which are necessary for the protection of fundamental values in a democratic society”.59 According to Article 9 of the CoE Convention, the exceptions apply to Articles 5 (quality of data), 6 (sensitive data) and 8 (data subject rights). The exception clause does not apply to Article 7 (data security). The principle of data security can therefore be said to be absolute as no derogation is allowed at all.60 The list of interests is exhaustive and the Member States may not add to them in any way. According to the Explanatory Report paragraph 56, the purpose of making the interests specific is in order to avoid States having unduly wide leeway. The Directive exceptions in Article 13 apply to principles under Articles 6 (1) (data quality), 10 (data subject rights), 11 (1) and 12 (information orientation to data subjects) and 21 (publicising of processing operations). As in the CoE Convention, the exceptions do not apply to Article 8 (sensitive data). Article 8, however, has its own exemptions to processing of sensitive data. The State interests covered by the exceptions are similar to those listed by the Convention with a few variations.61 58 Ibid. 59 Para. 55 of the Explanatory Report to the Convention. 60 The main State and societal interests that require exception are: i) State security; ii) Public safety; iii) The monetary interests of the State; iv) The suppression of criminal offences, and; v) Protecting data subject or the rights and freedoms of others. 61 Namely: i) national security; ii) defence; iii) public security; iv) the prevention, investigation, detection and prosecution of criminal offences, or of breaches of ethics for regulated professions; v) an important economic or financial interest of a Member States or of the European Union, including monetary, budgetary and taxation matters; vi) a monitoring, inspection

Data Protection Principles and Interests

Another provision of significance is Article 3 of the Directive which restricts the scope of the Directive. Article 3 (2) states that the Directive does not apply to processing of personal data: –

–

in the course of an activity which falls outside the scope of Community law, such as those provided for by Title V and VI of the Treaty on European Union and in any case to processing operations concerning public security, defence, State security (including the economic well-being of the State when the processing operation relates to State security matters) and the activities of the State in areas of criminal law. by a natural person in the course of purely personal or household activity.

The first provision above seems to put most principles discussed above out of the scope of the Directive in matters outside the scope of Community law. If this were the case, it means that the exceptions were not necessary at all and they do not play any useful role for the Schengen Convention. Whereas it is true that the contents of most of the principles fall outside the scope of the EU law and the Directive in police and criminal co-operation matters, however, the Directive is also meant to be transposed at the national level by Member States who have mandate over matters touching the issues subject to exceptions. It seems the exceptions were meant for Member States to take them into account when implementing the Directive at the national level. If a Member State disregards the exceptions and does not incorporate them into the national law then they are of no significance. But if a Member State were to incorporate the exceptions into national law then they will be enforceable. It is also instructive to note that some of the matters which were formerly in Titles V and VI of the Treaty on European Union have been transferred to the Community law by the operation of the Amsterdam Treaty (see below), hence bringing them under the scope of the Directive. Furthermore, the Draft Constitution Treaty of European Union abolishes the pillar structure and therefore Community law would become applicable to all matters previously under the intergovernmental law.62 These developments may render this exception redundant. The nature of these exemptions is that they are general and do not limit the principles unless the former are expressly incorporated in the national law. As such, both the exceptions and the principles are independent of each other. If a Member State wants to limit the principles, this must be incorporated in the national law. In this manner, the significance of the exemptions is reduced as a Member State can disregard them by not incorporating them into the national law. As a matter of fact, Member States have generally not availed themselves of the possibility to limit the scope of the national laws adopted, in order to implement the Directive, to matters within the scope of Community law.63 But where the exemptions are specific and incorporated under a certain principle, or regulatory function connected, even occasionally, with the exercise of official authority in cases referred to in (c), (d) and (e), the protection of the data subject or of the rights and freedoms of others. 62 See Articles 1 & 6 of the Draft Constitution Treaty. 63 Korff, D. (2002), p. 141

153

154

Chapter 6

for example the sensitivity principle, the exceptions cannot be avoided in any way and must be incorporated in the national law.64 The interpretation to be applied to these exceptions is not clear from the data legislation. But since they are closely modelled after Article 8 (2) of the ECHR,65 the interpretation used in the latter (see Chapter 4) should also be applied to the data protection exceptions too. It is significant that the EU Charter for Human Rights (see 3.4.2) has incorporated a data protection right whose interpretation may follow the human rights model of Article 8(2) of ECHR and therefore influence the interpretation of data protection principles in the data protection laws. It is, however, worth noting that the Directive, although allowing exemptions to the principles in Article 13, does impose two conditions that must be met: such exemptions or restrictions must be provided for in “legislative measures” and they must be “necessary” to safeguard the public interest in question. The approach by the Directive, therefore, reflects the approach in the ECHR which also generally allows for restrictions on the protected rights only when these are “in accordance with law” or “prescribed by law” and “necessary in a democratic society”.66 Furthermore, the Directive subjects the compliance to exemptions from monitoring by a “supervisory authority”. This is also highlighted in the Charter. In the case of Österreichischer Rundfunk et al.,67 the ECJ confirmed the above position. In its judgement the Court confirmed that the provision of Directive 95/46/EC should, on the one hand, be interpreted in the light of the protection of privacy afforded by Article 8 of the European Convention Human Rights, a provision of which the European Court of Human Rights considered that it extended to protection with regard to the processing of personal data, irrespective of whether or not those data concerned an individual’s ‘private life’.68 The court considered, on the other hand, Article 8 may be relied upon directly by the individual in order to avoid the application of rules of domestic law that are contrary to those provisions, insofar as these appear to be both unconditional and sufficiently specific.69 The Schengen Convention does not have a general exception clause to the principles as in the Directive and CoE Convention. It does, however, incorporate exceptions into the principles of purpose specification and the individual participation principle, 64 See ibid Chapter 10. 65 Para. 55, Explanatory Report of the CoE Convention: ‘The text of the second paragraph of this article has been modelled after that of the second paragraph of Articles 6, 8, 10 and 11 of the European Human Rights Convention. It is clear from the decisions of the Commission and the Court of Human Rights relating to the concept of ‘necessary measures’ that the criteria for this concept cannot be laid down for all countries and all times, but should be considered in the light of the given situation in each country.’ 66 Furthermore, the Directive, in particular Recitals 1 and 10 were intended to give effect to the requirements of Article 8 ECHR. 67 ECJ (Plenary session), 20 May 2003 joined cases C-465/00, C-/138/01 and C-139/01. 68 Rotaru v. Romania, judgement of 4 May 2000, ECR 2000-V, §43 Eur.Ct. H.R. 69 See also CFR-CDF.rep.UE.2003.en – EU Network of Independent Experts on Fundamental Rights: Report on the Situation of Fundamental Human Rights in the European Union in 2003, January 2004.

Data Protection Principles and Interests

in particular the right of access. The exceptions are specific to these principles and may not apply to the other principles. Article 102 of the Schengen Convention prohibits the use of the data provided for in Articles 95 to 100 for any other purpose other than the purposes laid down for each category of alert referred to in those Articles. Two exceptions, however, are incorporated. The first is under Article 102 (3), which allows derogation from the general rule stated above to permit change from one category of alert to another and hence change of purpose. Nevertheless, the change of alert must be justified by the need to prevent an imminent serious threat to public policy and public security, on serious grounds of national security or for the purposes of preventing a serious criminal offence. The second exception is found in Article 102 (4), which allows use of data entered under Article 96 to be used for administrative purposes. Article 109 allows derogation to the right of access where the information is indispensable for the performance of a lawful task in connection with the alert or for the protection of the rights and freedoms of third parties. Access is also to be refused throughout the period of validity of an alert for the purpose of discreet surveillance. In conclusion, even though the exceptions do restrict transparency by applying to principles that ensure openness in data processing, nevertheless the exceptions cannot be invoked freely. There are conditions that must be fulfilled for the exceptions to be invoked and this in turn restricts the power of the state and public authorities in their control work. The fact that the exceptions are allowed, is an indication that openness cannot be absolute in society. A level of secrecy is allowed, even in the most desirable society, a democratic society. This is the price that must be paid in order to live in a democratic society. It also means that transparency and privacy must be balanced with other societal interests, e.g. free movement of personal data.70 The following chapters will examine how the exceptions may impact on individual protection and the interpretation they may be applied to them. 6.4

Data Protection Interests

6.4.1

General

As stated above, the aim of this section is to examine the extent to which data protection interests are concerned with ensuring transparency and proportionality in data processing. Data protection interests ensure transparency on two levels. Firstly, there are interests that emphasise the participation of data subjects in data processing through exercising their rights, such as the right of access and consent. Secondly, there are interests that are concerned with ensuring that controllers fulfil their obligations in the processing of personal data. But before carrying out this analysis, discussion of some general aspects on data protection interest theory is necessary.

70 See Lindqvist case supra.

155

156

Chapter 6

6.4.2

Data Protection Interest Theory

Norwegian data protection theory has been presented as an interest theory. A theory is a tool which helps one to understand a phenomenon. In that regard, data protection theory is a tool that aids the understanding of the law on data protection. As a tool, the data protection theory has a number of functions. Schartum and Bygrave have identified the following functions.71 – It aids understanding of the law, i.e. it helps in interpretation of legislation and generating points of consideration in order to reach a good solution. It enables people to understand the law and find good solutions to legal problems. – It gives structure and content to questions of discretion that authorities, courts and others must address in order to guarantee consistence and equality in their exercise of discretion. – It is useful when one wants to identify, formulate and explain case law. – It helps understanding of international legal instruments. – It is also useful as a basis for evaluating the extent to which the legal status may be reformed. As no theory is exhaustive, similarly data protection interest theory is not exhaustive. It is dynamic and not static. It does not operate in a vacuum. It has grown and expanded as scholars have added and supplemented it as the legal circumstances, practice and experience required.72 As such, data protection interest theory is a living theory. It has changed with time and legal circumstances. To supplement a theory is to build it further. When a scholar adds to a theory, the amount of knowledge grows, too. Similarly, knowledge on data protection law has increased with the expansion of the data protection interest theory. As a tool, a theory is largely formulated to serve the purpose of the designer which is an ideal that may or may not be achieved. Since a theory can be put to different uses and serve different purposes, it will manifest itself in various forms according to the designer’s purpose. As each era and society concretises and gives weight to data protection ideals in various ways and forms, it is not strange, therefore, that different data protection scholars have identified divergent interests that require protection reflecting their purposes and uses.73 71 Schartum, W. D. & Bygrave, L. A. (2004), p. 19-20. 72 In Norway, the origins of the interest theory can be traced back to Norwegian legal scholars Samuelsen, R. D. Blekeli, Knut S. Selmer and Jon Bing. Blekeli began the development of the interest theory in the Norwegian legal theory in the 70s. The theory received further articulation and development by Selmer and later by Bing. Other scholars who have contributed into the development of the interest theory are Dag Wiese Schartum and Lee A. Bygrave. See for detailed discussion of the interests, Selmer, K. Section In Djønne, E, Grønn, T & Hafli, T: Personregisterloven med kommentarer (Oslo: TANO, 1987), 50, Bing, Jon: Personvern I faresonen (Oslo: Capplen, 1991), 42-63, Schartum, D. W. supra. 57-72 and NOU 1997: 19 2427; See also Bygrave, Lee A. & Jens P. Berg p. 34. and Bygrave (2002), pp. 137-143. 73 Ibid.

Data Protection Principles and Interests

The interests that are discussed below are the most recent presentation of what has now come to be accepted as the Norwegian data protection theory. In their recent book, Schartum and Bygrave have reorganised and expanded the traditional catalogue of data protection interests into a new catalogue.74 In an earlier work Bygrave re-elaborated the traditional interest theory.75 The purpose of the presentation of the interests below is not to repeat what the two authors have accomplished, but rather to highlight some interests regarded as the most important and relevant to police and border control work. It is also a critique of the formulation of the interests as well as an expansion on the catalogue to make the interests more relevant to police and border control work. Interest theory in this study will be used as a tool of legal analysis: de lege lata and de lege ferenda. It will be used to enquire as to the law as it is and the law as it ought to be. In this manner, interest theory is both conservative as well as reformative. It enables us to understand the legal status quo and also to propose changes to the law. 6.4.3

Data Protection Interest Catalogue

Schartum and Bygrave have identified five interests in their catalogue namely, – Interest in control and self-determination over access to ones personal information – Interest in access and knowledge – Interest in data and processing quality – Interest in proportional control – Interest in friendly processing.76 The former traditional catalogue had seven interests but these have now been combined into the five interests above.77 In addition, the present catalogue has interests that were not articulated in the traditional catalogue, such as the interest in proportional control. The interest in data and processing quality has been expanded. The authors’ approach has been to identify and reduce what was formerly held to be data protection interests into main data protection interests and requirements. Therefore, some former interests have been downgraded into requirements while new interests have been introduced. The authors say that the purpose of requirements is to concretize interests. Data protection requirements can be said to be directed against those with power and public authorities so as to uphold data protection ideals, for example through legislation, and leadership in large public and private organisations.78 In the analysis of data protection 74 75 76 77

See Schartum, D. W. &. Bygrave, L. A. (2004) supra. Bygrave, L. A. (2002), pp. 144-160. Ibid. The traditional catalogue contained the following interests: i) interest in confidentiality, ii) interest in access, iii) interest in completeness, iv) interest in protection from unreasonable disturbances of private life, v) interest in citizen-friendly administration, vi) interest in protection against misuse of power and excessive control, and vii) interest in a robust society; See also Bygrave, L. A. (2002) pp. 137-143. 78 Schartum, D. W. & Bygrave, L. A. (2004) supra.

157

158

Chapter 6

interests that follow below, the data categories as presented by Schartum and Bygrave are used as a point of reference. The intention is to use their analysis to highlight issues of control, transparency and proportionality as done with the principles above. In that case, although all the interests mentioned above are important, only interests regarded as directly relevant in the control-transparency-proportionality discourse will be analysed below. The following interest will not be analysed here; – Interest in control and self-determination over access to one’s personal information; because it deals with individual control of information from the individual to the outside world. The concern here is not with information which has not left the realm of the individual but the information that is already in the public domain. The interest is concerned with restriction of release of information – to be let alone. Although it is also concerned with what happens to information once it is in the hands of others, it is thought that issues of transparency and proportionality can take care of that; – Interest in data and processing quality; because it is mainly concerned with the protection of data per se. Although quality of data is important in ensuring integrity of data and data subjects are concerned about data quality; the concerns of data subjects are taken care of by the interest in access and knowledge which is a transparency interest. – Interest in friendly processing; because its main concern is ensuring security of data, information systems and availability of data. It also aims at offering a human face to the processing procedure. Data subjects have little influence, if any at all, over this interest. The interest seems to be directed toward data controllers and data processors who should ensure a friendly processing environment. It follows therefore that, for the purposes here, the interests that will be analysed in detail are the interests in access and knowledge and the interest in proportional control. 6.4.4

Individual Access Interests

Individual access interests are expressed in the interest in access and knowledge. This is the most important among the interests. For many jurisdictions, this interest has been perceived as the major objective for data protection legislation.79 It is also the most relevant because it endows an individual with the right to control the manner in which his data are processed. It is the interest mostly concerned with transparency in data processing. The interest has two aspects. The first aspect involves access to information and the second is access to knowledge. Schartum and Bygrave explain the two features in the form of interest requirements. Those involving the interest to have information are the requirement to general access and the requirement to individual access.80 The interest to have knowledge is described by the requirement to legal information and requirement for reason or substantiation. A detailed analysis follows in 6.5.1. 79 Bing, J. (1995), p. 35. 80 Schartum, D. W. & Bygrave, L. A. (2004), supra.

Data Protection Principles and Interests

6.4.5

Interest in Proportional Control

The interest in proportional control was not in the traditional data protection interest catalogue. It was first proposed by Dag Wiese Schartum.81 Later, it was embraced by Bygrave as an interest in “balanced control”.82 It is now incorporated into the new data protection interest catalogue. The interest postulates that control measures ought not to be one-sidedly focused on curbing say, criminal acts of citizens, but to focus on a range of other concerns as well. The main contention is that controls should be proportional. Although Schartum’s interest in proportional control application was limited to the area of administrative decision-making, it can be extended to other areas such as police and border control work with the same results. He argues that proportional control is necessary in order to avoid slipping into a control and surveillance society. Similarly, proportional control is required in police and border control work so as to avoid excessive control in society. It is, in this sense, that the interest in proportional control is used in here. In other words, border control should not be aimed at catching criminals and illegal immigrants or stopping people from entering the Schengen area, but it should also be applied in such a manner that it facilitates free movement of persons into the Schengen area and inside the area without unnecessary obstacles. The point is that, control has both positive and negative effects and emphasis should not be placed on one with complete disregard of the other. The need for control should not overshadow and eclipse human rights concerns and vice versa. The interest in proportional control was manifested in the interest on protection against misuse of power and excessive control in the earlier traditional catalogue. The strength of the interest on proportional control, however, lies in its pragmatic nature. It provides practical guidance on how to avoid misuse of power and excessive control. The interest is also reflected in the proportionality principle of the human rights under the doctrine of “necessary in a democratic society” (see 4.4.2.4). The principle is also applied in order to avoid misuse of discretional power invested on national authorities and excessive control. The interest in proportional control as such is more concerned with issue of the rule of law which is at the heart of border control rather than transparency. It is this aspect of rule of law that is emphasised here as the transparency aspects are not explicitly visible. The interest in proportional control is expressed in four requirements, namely: – Requirement for proportionality between control and guidance. That is there should be proportionality between effort spent on controlling citizens and effort spent on providing citizens with guidance;83 – Requirement for proportionality between advance and retrospective control. That is there should be proportionality between effort spent on carrying out advance (ex ante) control and effort spent on retrospective (ex post facto) control; 81 Schartum, D. W. (1997). 107-116. See also Schartum, D. W. & Bygrave, L. A. (2004), pp. 5966. 82 Bygrave, L. A. (2002), pp152-153. 83 See also Bygrave, L. A. (2002), pp 152-153.

159

160

Chapter 6

–

–

Requirement for proportionality between control in favour and in disfavour of registered individuals. That is there should be proportionality between efforts spent on control operating in disfavour of citizens (e.g. taking away benefits from citizens who are not entitled to them) and effort spent on control operating in favour of citizens (e.g. identifying under-use of welfare services); Requirement for proportionality between internal and external control. That is there should be proportionality between effort spent on control directed toward the operations of the controlling body (internal control) and control effort directed at the operation of others (external control).

The list of requirements presented above was not meant to be exhaustive. There is, therefore, room for expansion of the requirements to include new ones. From the perspective of border control, the list of the requirements under this interest is deficient. It suffers from bias on the administrative decision-making process. Focus on control in general is preferred here as it is inclusive. Two new requirements with a general control perspective are therefore introduced. The two put emphasis on rule of law in border control issues. – The first one is the requirement for proportionality control between different control target groups. That is, there should be no arbitrary discrimination in the control directed against different control target groups. Control should be proportional and not biased against some target groups. It should apply proportionally towards all target groups. – Requirement for proportionality between proactive and reactive control. This requirement is similar to the requirement for proportionality between advanced and retrospective control above. But the use of the terms advanced and retrospective do not sufficiently include and portray what is proposed here. The terms are narrow, restrictive and can only be associated with control in the administrative decisionmaking process. They do not effectively describe the phenomenon of proactive and reactive registration of personal data that the terms proactive and reactive are concerned with here. Perhaps the terms “advanced” and “retrospective” should be replaced with the terms “proactive” and “reactive”. The requirements are analysed in detail below in 6.5.3. 6.4.6

Summary of Principles and Interests

The principles are abstractions from data protection legal rules. They are a reflection of legal rules. As such they can communicate what the law is. Consequently, the principles are going to be used in this study to establish the applicable law in the Schengen cooperation. On the other hand, the interests are a reflection of ideals that society aims to achieve. As such, the interests have an important role to play. They are used as a critique to the principles. They also play a reformative role. They are used in the legal-political discussion of the Schengen co-operation to help establish de lege referenda and necessary legal reforms. The principles endow discretion on public authorities but do not define how the discretion is to be exercised. The principles are used to establish the discretion. On the

Data Protection Principles and Interests

other hand, the role of interests is to establish the interests that the principles purport to protect. For example the principles may accord discretion to public authorities concerned with data processing or supervision but they do not indicate how the discretion is to be exercised. In order to exercise the discretion, the authorities have to establish the interests involved and how they are to be protected. Interest theory here comes to the aid of the authorities by indicating the kind of interests that may be involved. As such, interest theory is an important tool in the process of balancing of data protection interests. While data protection principles are mainly concerned with data protection, the interests have a wide scope and application. As a set of evaluation criteria, the principles will be used in establishing safeguards that data protection provides. The interests, on the other hand, will be used to evaluate whether these safeguards are adequate and effective. The point is that the interests have a wide application and scope and therefore can be used to evaluate whether other interests rather than data protection interests are also safeguarded. Police and border control work involves more than data protection. While exchange of information has much to do with protection of personal data, at stake also are other rights and interests of data subjects which have nothing to do with data protection. To echo the reformative role of the interests above, the interests are used to establish further safeguards in order to enhance individual protection. Bygrave also states that “the interests are used as standpoint from which to compare how the Schengen Convention safeguards the interests concerned, and can buttress attempts to expand the scope of the law.”84 6.5

Principles in the Light of Interests

The purpose of an evaluation model is to formulate an analytical tool which can be used to explain a phenomenon. The evaluation model here will be used to examine and discuss the level of individual control in society. The objective is to determine the acceptable level of control in society from an individual interest perspective. The model is used to assess the level of individual control in society by examining the existing laws on personal data protection. In this way, by the use of the evaluation model, it is hoped to determine the level of control in the society and also to propose new measures that would avert excessive control. The use of the control evaluation model presupposes setting up a set of evaluating criteria. It is decided to limit the choice to transparency and proportionality interests which will be used to evaluate the “fair and lawful” data protection principle. It could have been possible to investigate all data protections principles mentioned above (4.3.1), but the choice is to examine only the fair and lawful principle since this is the primary of the principles. The other principles can be read in the fair and lawful principle as data processing, which does not comply with the purpose principle and individual participation principle, cannot be said to be fair and legitimate. As Bygrave notes “ the phrasing of Article 6 (1) (a) of the EU Directive which links the criterion of fairness to processing of personal data indicates that the other provisions in the Directive which attach rights 84 See Bygrave, L. A. (2000), p. 158.

161

162

Chapter 6

and obligations to various aspects are an elaboration of the fair and lawful principle.”85 Further, it would have been possible to lay down a number of criteria on the background of data protection parties. For example, one could have chosen to emphasise the controller or user perspectives and interests, but the choice here is to emphasise the individual protection perspective. The purpose is to determine the extent which data protection laws take account of the interests and reasonable expectations of data subjects. In other words, the approach is an individual interest approach. This means that data processing should be sensitive to data subjects’ interests and should not intrude unreasonably upon their privacy nor interfere unreasonably with their autonomy and integrity.86 The choice of the principles and interests above has a bias on the need to emphasise the individual perspective. Another perspective one could follow is the traditional human rights privacy approach, but this has its own limitations as it is concerned mainly with the need to prevent the release of personal data whereas the data protection approach is more concerned with the protection of personal information already in the public domain. In a way, it could be said that the data protection perspective is superior to the traditional human rights privacy approach as the former supplements the latter.87 The data protection perspective adopted here is inspired by the fact that processing of personal data is necessary for effective control in society. But at the same time transparency and proportionality are required in order to hold controllers accountable. The model is influenced by the writer’s understanding of control. That is, it is possible to regulate control through legislation. Legitimate control is necessary in a democratic society as without control a state would be ungovernable. This in turn would adversely affect democracy. But what does the term control mean? Control is normally associated with negative effects. To view control as just negative is an incomplete paradigm. As Lyon observes, control has two faces. It enables as well as contains.88 It has both negative and positive effects. Control is negative if associated with arbitrary denial of human rights and is unaccountable. But control is positive if seen as necessary in order to ensure that legal rules are followed. Control is used here in the latter connotation. As such, control should be viewed as a good in society. But it is known from experience that unfettered control can be abused to the detriment of individuals and society. In the circumstances, control should be checked and monitored. In other words, controllers should be controlled. In this model, transparency and proportionality are used as fetters to control. Control comes at a price. It involves an economic cost to society. Use of Information and Communication Technologies (ICT) in control may reduce costs and increase efficiency. But as a side effect, ICT can increase the incidence of control in society. The problem that society faces as a result is how to ensure an acceptable level of control. The following discussion and examination of data protection principles and interests is an attempt to determine the acceptable level of control in society. The contention is that for control to be acceptable in society, it must be transparent and proportional. 85 Ibid. p. 334-5; Also Articles 10 and 11 of the Directive expressly state that certain of their rules are elaborations of a fairness requirement. 86 Ibid. p. 58. 87 Olsen, B. K. (1998), pp. 101-113. 88 Lyon, D. (1994), p. 211.

Data Protection Principles and Interests

As was stated earlier, the principle under examination is the fair and lawful principle. It will be examined using the two interest perspectives of transparency and proportionality. The modus operandi is, as shown in the Figure 3 below, where interests and requirements are used to examine the extent that they are manifested or can be read in the fair and lawful principle. The objective of the investigation is to formulate research questions that will later be used in the evaluation and assessment of the Schengen border control and co-operation in the rest of the study. The examination and discussion of the principles and interests raise a number of research questions which are answered using the empirical material presented in the rest of the study. This approach is adopted because firstly, to the author’s knowledge, no such systematic examination of the principles and interests has been undertaken before. Secondly, the principles, as stated in the data protection laws, are general and vague; they are not defined, as such their scope may not be determined. An examination of the principles as suggested is an attempt to explain the principles. Further, principles represent legal rules or guarantees that must be fulfilled. They are normally minimum guarantees. But interests reflect ideals to be achieved. Interests, however, provide an opportunity for achieving a higher level of protection than the minimum threshold that may exist. Interests can be used to achieve a higher and better level of protection and enhance the principles. It is possible to achieve a higher protection threshold by incorporating interests and principles as the two complement each other. Interests (Transparency – Proportionality)

Principles (Fair – Lawful)

Research Questions

Figure 3: Evaluation Model

163

164

Chapter 6

6.5.1

Fair and Lawful Principle and Transparency

6.5.1.1

General

In the discussion of the fair and lawful principle above, it is intimated that the principle connotes both transparency and proportionality. The focus is to examine further in detail how the transparency interest is reflected in the principle. The principle can be seen as a requirement for transparency. Requirement for transparency concerns access to information and knowledge in the processing of personal data. Access to information and knowledge serves two purposes in a democratic society. Firstly, it confers to individuals and collective entities the ability to control the exercise of political power. Secondly, it has an educational function. As Schartum says, it serves as a possible method of enlightening the population, thus making citizens more capable in participating in democratic decision making and discussion.89 From a data protection perspective, access to information and knowledge gives data subjects and other interested groups the ability to control the processing of their personal data. It also enlightens and makes data subjects active participators in data processing. In short, it leads to accountability and transparency in the processing of personal data. According to the individual access interest, access to information and knowledge can be accomplished through four requirements namely, – requirement for general access, – requirement for individual access, – requirement for legal information and, – requirement for reason or substantiation. Although the phrase “fair” is not defined in the data protection laws (see 6.3.3.2 above), it is possible to use interest requirements to assess whether an act of data processing is fair or not. Fairness connotes that the processing of personal data is transparent. That is, processing should not be concealed to the data subject. Unfortunately, the fairness principle does not stipulate how this could be achieved. A look at other data protection principles reveals, however, what may be considered as being fair. In the following sections the principles which connote and ensure transparency will be analysed. The right to access is guaranteed in many ways by the data protection laws. It may be, however, classified into two categories: General access and individual access. 6.5.1.2 General Access General access aims at providing general knowledge about processing of information. This is knowledge about what happens with the processed information. It is a requirement for knowledge of the purpose and use of information. The general access right could be said to be given clear manifestation in the purpose specific principle discussed above. The aim is for the general public to know the purpose of the information being processed and the use to which it is applied. The knowledge enables both the public and 89 Schartum, D. W. (2002), p. 56.

Data Protection Principles and Interests

individuals to control how the information is used. It also serves to establish confidence and trust to the public and individual data subjects that their data are handled properly and are not misused. Apart from the purpose principle, there are other data protection rules that serve to make people aware of data processing activities generally. Examples of such rules are provisions requiring controllers to provide data protection authorities information on the processing of personal data.90 The rules enhance the ability of data protection authorities to monitor the practices of data controllers and therefore to make data processing transparent. There are three categories of these rules. The first one requires data controllers simply to notify data protection authorities of certain planned processing of personal information.91 Article 19 of the EU Directive specifies the contents of the notification whose aim is to make data processing as transparent as possible. The second category is a system of prior checking by national data protection authorities with respect to processing that “are likely to present specific risks to the rights and freedoms of data subjects”.92 The consequence of this requirement is that data protection authorities may stop planned data processing operations which may not comply with this rule.93 Thirdly, the Directive under Article 21 provides for publicising of processing operations. Publicising is achieved through the creation and maintenance of a register of processing operations referred to under Article 18 of the Directive. The register contains information listed in the contents of notification under Article 19 which is a minimum threshold. The register so created is to be opened for inspection by the public. Under Article 21(3), provision of information on processing operations, not subject to notification to any person on request, is made. The rules are peculiar to the Directive and are not found in the CoE Convention and the Schengen Convention. The Member States national laws, however, did have similar rules under the requirements for licensing and registration of data processing operations.94 The objective of the general access requirement is to make data processing transparent to the public. As such, it is consistent with the general aim of data protection that data processing operations should not be concealed and secret. That is, data processing should be fair. The question that remains to be answered, however, is whether the rules do achieve transparency in practice. The answer to this question is part of the examination of the Schengen process in Chapter 8 below. 6.5.1.3

Individual Access

Individual access aims at giving an individual access to details about the processing of personal data. It lets the individual or a data subject know whether data about him/her are registered with the data controller. The purpose is to enable a data subject to control 90 91 92 93 94

Bygrave, L. A. (2002), p. 63. Article 19 of the EU Directive. Article 20 (1) of the EU Directive; See also Bygrave, L. A. (2002), pp. 75-77. Bygrave, L. A. (2002), p. 76. See for details Ibid. pp. 63-64.

165

166

Chapter 6

that the data are correct and complete for the purposes for which they are used. In addition, individual access enables data subjects to control data quality and to determine the level of confidence and trust to place on the processing of data. In the circumstances, any data processing that does not give individuals access cannot be said to be fair. That means that the access right under data protection laws is not absolute but may be limited in order to protect other interests such as national security, economic interest and other persons’ interests.95 The limitations, however, should not be framed in such a manner as to unreasonably deny data subjects their rights. Requirement for individual access is not manifested directly in the fair and lawful principle, but it is expressed in a number of ways. Firstly, the expression is given through the right of access and the corollary rights of correction and deletion of data. Secondly, it is given expression through rules that obligate controllers to provide information to data subjects in cases of collection of data from the data subject and where the data is not obtained from the data subject. The main provisions on right of access are found in Article 12 of the Directive, Article 6 of the CoE Convention and Article 109 of the Schengen Convention. As stated above, the right is aimed at giving individual data subject access to information about himself or herself. The right is exercised by the individual through request for the information. The individual must take the initiative. Unfortunately, here lies the flaw with the right to access, because if the individual does not act, nothing happens. The right also presupposes an informed data subject in order to avail oneself the right. The exercise of the right therefore is limited, as rarely do data subjects avail themselves of the right.96 As noted by Schartum, “by and large, only the very well informed and very angry citizen that is likely to use their legal right of access to information.”97 As such, leaving the initiative entirely to the data subject may not be the best way to ensure access to information. Recent data protection laws, and in particular the EU Directive, have attempted to widen the scope of individual access by imposing the initiative to provide information to data subjects on the data controllers. The move is desirable in order to address the anomaly noted above. The rules obligating controllers to provide information to data subjects in cases of collection of data from the data subject and where the data is not obtained from the data subject are found in the EU Directive in Articles 10 and 11 respectively. The aim is to enable data subjects to have control on the processing of personal data as they can control quality of data and exercise other rights associated with processing of personal data. It also gives data subjects confidence and trust in the data processing operations. Preamble 38 of the EU Directive emphasises the need to orientate data subjects if the processing of data is to be fair. Earlier data protection laws such as the CoE Convention and the Schengen Convention, unfortunately do not contain 95 See 6.3.4 above. 96 Eurobarometer: Special Eurobarometer 196 – Wave 60.0 – European Opinion Research Group EEIG – Data Protection, December 2003; On average only 32% of the 15 EU Member States citizens had heard of laws granting individuals access to personal data held by others but only 7% had exercised the right. p. 50 97 Schartum, D. W. (2002), p. 62.

Data Protection Principles and Interests

such rules. Most national data protection laws in Europe have, however, adopted the rules in the Directive and included them in their provisions. Some have even gone further, beyond the minimum level provided by the Directive, and enacted higher protection levels.98 6.5.1.4 Requirement for Legal Information Requirement for legal information can be seen not only as a requirement for fairness but also a lawful requirement. As a requirement for fairness, it is essential that all parties concerned, data subjects and those responsible for data processing e.g. data controllers and supervisory authorities, are acquainted and well-informed of the legality of data processing. Access to legal information is therefore essential. As noted earlier, enactment of data protection laws and regulations without more is not enough. The laws, regulations and other legal information should be made accessible and knowable to the parties. Lack of accessibility and know-ability may create obstacles in fair processing of personal data, as data subjects may not be in a position to exercise their rights and data controllers and others may not be able to fulfil their responsibilities and obligations. The requirement for accessibility and know-ability is also a lawful requirement. According to human rights law, the concept of “law” implies the requirement of accessibility. The law must be adequately accessible and the requirement of accessibility is fulfilled if the norm is published.99 Accessibility does not mean that the norm or legal information should be directly knowable to the person affected, if need be a person may seek appropriate legal advice.100 But in data protection law, accessibility implies know-ability. In data protection law where the law or legal information may be highly technical and complex in nature and primarily intended for specialists especially information systems, the onus for understanding the law should not be placed solely on the data subject. The data controllers and those responsible for data processing should be obligated to make legal information knowable and understandable to data subjects. In this respect, data protection law can be said to be distinct from human rights law and the data protection law approach is desirable. Requirement for legal information is not manifested directly in the data protection laws. The only reference that can be construed to be a requirement for legal information is Article 28 (2) of the EU Directive. It requires supervisory authorities to be consulted when drawing up administrative measures or regulations relating to the protection of individual’s rights and freedoms with regard to the processing of personal data. The aim of this provision is to ensure that such information systems and regulations are sensitive to personal data protection concerns. Such consultation and advice obligations toward data subjects, data controllers and others are not provided for in data protection laws. But one could make reference to obligations for data controllers and those responsible for processing of data enshrined in the rules of access discussed above. Obligations for publicising legal information in other laws could be mentioned here, too, but they are of 98 See Bygrave, L. A. (2002), p. 17. 99 See 8.3.2.4. below. 100 See Ibid. for a detailed discussion.

167

168

Chapter 6

little practical significance in fulfilment of requirement for legal information.101 Efforts to publish data protection legal information, especially on the internet should be commended and encouraged for it makes such information readily available to the public. But it should go further and make the information understandable to the public by giving advice and guidance. 6.5.1.5

Requirement for Substantiation or Reasons

The requirement for substantiation or reasons is requirement for fair and lawful processing of personal data. Data processing must be fair and lawful at all stages of processing. It must not be fair and lawful in the collection and storage stages only, but it must be fair and lawful at the decision-making stage, too. The requirement for reasons is therefore a requirement that decision making that involves personal data must be fair and lawful. It ensures fairness and lawfulness of decision-making because it enables data subjects to control that the decision is legitimate, that is, it is based on law and that the data quality of the personal data used, that is the data are complete, correct, up to date and accurate. It also means that the data controller explains and accounts for the use of personal data. Data controllers must account and explain the lawfulness of data use. The requirement for reasons is both an administrative law and human rights law requirement. In administrative law, a body or tribunal that makes decisions may be required to give reasons for its decision in order to enable a person affected by it to control legality and fairness of the decision. Similarly, in human rights law, the requirement for reasons is a rule of law requirement that serves the same purpose as in administrative law. If the person is not satisfied with the decision and disputes it, he or she may seek for redress through appeal to a higher body or tribunal. In data processing, the requirement for reasons is manifested in Article 12(a) of the EU Directive. It requires that a data subject be granted ‘logic’ access upon request. That is to be provided with the logic involved in any automatic processing of data concerning the data subject at least in the case of the automated decision referred to in Article 15 (1) of the Directive. Other data protection laws, such as the CoE Convention and the Schengen Convention, do not have a similar provision. Article 12(a) protects data subjects from being subjected to automated decisions without reasons by granting them a right to request an explanation for the rules inbuilt in the program (software) used to reach such decisions. As noted above, with the right to access, the initiative is left on the data subject. This limits the usefulness of the right. It could have been more effective if data controllers are required to provide such information to data subjects as a requirement for reasons. 6.5.2

Research Questions

From the discussion of transparency in data processing above, one could draw up a number of research questions to be used in the evaluation of the Schengen and border control co-operation. The approach adopted here is an individual interest perspective. Therefore, the questions will focus on the extent individual interests are taken into con101 Schartum, D. W. &. Bygrave, L. A. (2004), pp. 50-51.

Data Protection Principles and Interests

sideration in the formulation of the Schengen and border control co-operation policies. Three main questions are raised here. – To what extent is there information about the SIS which is accessible and understandable so as to give a true picture of the actual situation? Here the concern is with accessibility to legal information and knowledge about the SIS. Is the information published and publicised? Is it publicised in such a manner as to be understandable to individuals concerned? – To what extent does a registered person in the SIS have access to information on his legal status in an understandable way? Here the concern is with the general and individual access to individual information. Are data subject rights presented in an understandable manner? Does the individual data subject have access to his/her information in an understandable way? Are there obstacles in the exercise of the right to access? – To what extent are individual interests in information processing defined and taken into consideration? Here the concern is sensitivity to individual interests. Is the law formulated in a manner that defines and takes into consideration individual interests? Or is the law individual interest oriented? More questions could easily be raised, but for practical purposes and for the need to hold within the research problem, the three questions are adequate for this purpose. The questions will be applied mainly to examine transparency of data processing in the SIS and related border information systems in Chapters 5 and 6 respectively. To a lesser extent, they will be used to examine the level of transparency in the control techniques and control places in Chapters 8 and 9 respectively. 6.5.3

Fair and Lawful Principle and Proportionality Interest

6.5.3.1

General

In the discussion of the fair and lawful principle above, it was also intimated that the principle connotes proportionality. The focus is to examine further in detail how the principle manifests proportionality interest. The fair and lawful principle can be seen as a requirement for proportionality. Requirement for proportionality is about fairness and reasonableness. It is about application of the law proportionally and in a balanced way. The proportionality interest requires those that execute the law to do so in a balanced and proportional manner. They should not only be guided by the letter of the law but also the spirit of the law. By the spirit of the law here is meant that the law is not intended only to catch and punish the offenders, but it also serves the purpose of eliciting obedience. The purpose of the law is to be obeyed by those concerned, both the executors and the controlled. In order to serve this dual purpose, the execution of the law should be balanced. Proportionality interest, as Schartum has argued serves to ensure that decision-making process is free from error and to avoid excessive control in society.102 This is achieved through a de102 Schartum, D. W. (1997) supra.

169

170

Chapter 6

liberate balancing exercise of individual interests and other conflicting interests. For example, faced with strong economic and social interests, privacy and data protection interests and arguments tend to be eclipsed by the former. To overcome this obstacle, proportionality should be introduced both in case by case decision-making, so as to avoid errors and in general assessment of control measures to judge how these contribute to the total control situation of the society.103 “Thus, we should not only decide on a case by case basis but should also judge how this contributes to the total control situation of the society. That is, in order to prevent undesirable total effects, it may be necessary to change, even stop apparently acceptable single control measures.”104 The proportionality requirements mentioned above are now going to be used to investigate the fair and lawful principle. The requirements are: – Requirement for proportionality between control and guidance, – Requirement for proportionality between control in favour of registered individuals, – Requirement for proportionality between advance and retrospective control, – Requirement for proportionality between proactive and reactive control, – Requirement for proportional control between different control target groups, and – Requirement for proportionality between internal and external control. 6.5.3.2 Requirement for Proportionality between Control and Guidance Requirement for proportionality between control and guidance is a requirement for fairness. It is the most important requirement among proportionality interest requirements.105 Control is normally seen as a means of uncovering errors, avoidance of law and cheating by subjects of control. In this sense, control serves to hinder breaking of the law. It is therefore in the interest of everyone concerned to avoid control. Such view of control is, however, one-sided and incomplete because error and disobedience of the law may be a result of lack of guidance and information on the part of the subjects of control and controllers. In order for control to be fair, those responsible for control should offer guidance and information to the controllers and subjects of control. As indicated above, there is need for legal information to both the controllers and the controlled. The requirement for guidance and information is a reflection of the legal information and knowledge requirement. Guidance and information involves access to legal information and knowledge through laws, regulations, guidelines, and instructions. Superiors in a public body or organisation should give guidance and information to case processors and the latter to the subjects of control. Guidance and information could also come from independent bodies, such as supervisory authorities and should be directed to the organisation and subjects of control. The aim of guidance and information is to influence obedience of the law by avoiding errors and cheating. The assumption is that well-

103 Ibid. 104 Ibid. 105 Schartum, D. W. & Bygrave, L. A. (2004), p. 63.

Data Protection Principles and Interests

informed and guided citizens would tend to obey the law106 and this also may reduce the need for control. It also increases trust in the control and legal process. The law on data protection does not provide for duty to offer guidance and information to data subjects.107 One, however, could read an indirect obligation to offer guidance and information to data controllers in the provision on the establishing of supervisory authority. Article 28 EU Directive gives the supervisory authority power of intervention, such as delivery of opinions before processing operations are carried out.108 This notwithstanding, there is a need for an explicit provision for the duty to offer guidance and information in data protection laws. 6.5.3.3 Requirement for Proportionality between Control in Disfavour and in Favour of Registered Individuals Requirement for proportionality between control in disfavour and in favour of registered individuals is also a requirement for fairness. It therefore falls within the ambits of the fair and lawful principle. The requirement is concerned with ensuring proportionality between efforts employed in uncovering wrongdoings, by the controlled persons and efforts that ensure their rights are considered and respected. This means that those that carry out control should not only be concerned with the controlled wrong doings but they should also ensure that where a law operates in favour of the controlled, that their rights are respected and realised. The controllers should similarly ensure that the wrongdoing is not based on error or misconception of the law or regulation. In other words, control ought to be fair to the controlled. It also means that control should not be executed in a manner that benefits the controller only, but the controller should ensure that needs and benefits of controlled persons are considered. For example, the controller should not only seek information that works in disfavour of the controlled, but must also consider information that works in favour of the controlled. Requirement for proportionality between control in disfavour and in favour of registered individuals is not explicit in the data protection laws. It, however, could be read in the provision that requires data processing to be ‘fair’. Requirement for fairness is found both in the EU Directive Article 6 (a) and the CoE Convention Article 5 (a). A provision of fairness is not contained in the Schengen Convention. The principle for proportionality is, however, a fundamental requirement in the ECHR, especially Article 8(2). 6.5.3.4 Requirement for Proportionality between Proactive and Reactive Control Requirement for proportionality between proactive and reactive control is a fairness requirement. ICT makes proactive control cost-efficient and therefore it has become a preferred method of control as compared with time-consuming and costly reactive control. The advantages of proactive control lie in its potential for future control. Information is 106 Ibid. 107 See Schartum’s attempt to have it introduced in the Norwegian data protection law, NOU 1997:19 § 35 paragraph 4. 108 For details see 7.2.6.6.

171

172

Chapter 6

processed today for tomorrow’s use. It is processed before the fact which is anticipated to happen sometime in the future. Wrongdoing or suspicion is not required in order to instigate information processing. On the other hand, reactive control occurs after the fact or wrongdoing or upon suspicion. Information is processed after the occurrence of the offence or upon reasonable suspicion. Proactive control offers better argument for processing of personal data without reasonable suspicion. The disadvantage with proactive control is its potential for increasing excessive control in society. It targets persons who have not committed any wrong. It also classifies persons as potential offenders and so argues for their control in advance. Proactive control is attractive for proactive investigation.109 It increases the processing of personal data in society and calls for increased creation of information systems. Requirement for proportionality between proactive and reactive control is necessary in order to minimise control in society where the potential for its increase is evident. This is not to say that proactive processing of personal data is not acceptable at all. There are incidents where proactive, or as Schartum calls it ‘advance’ control, would be preferred to reactive control.110 What Schartum argues for is the need to avoid errors in decision-making. He avers that there are instances where it would be in the best interest of the individual to detect errors before they take effect. That is, data quality should be controlled before the fact and not after effect. Proactive control for the purpose of avoiding errors before they take effect should be acceptable. But Schartum’s requirement for proportionality between advance and reactive control does not take into account the phenomenon of excessive control in society. Requirement for proportionality between proactive control and reactive control as regards control of informational quality is found in the rules of quality of data and correction in the data protection laws. But the aspect of excessive control is not directly manifested in data protection laws. The provision that grants supervisory authority the power of intervention by delivering of opinions before processing operations are carried out could be said to represent the requirement for proportionality between proactive control and reactive control.111 6.5.3.5 Requirement for Proportional Control between Different Control Target Groups Requirement for proportional control between different control target groups is a requirement that control must be fair and lawful. It is a requirement for avoidance of negative discrimination. Control that targets specific groups of persons because they share a common characteristic for example age, gender, nationality, colour, etc should only be allowed where there is reasonable justification. ICT allows categorisation and therefore 109 In the aftermath of the events of 11 September, the United States adopted a number of laws and regulations requiring airlines flying into their territory to transfer to the US administration personal data relating to passengers and crew members flying to or from the country. See Article 29 Data Protection Working Party Opinion 2/2004 – 10019/04/EN WP 87. 110 Schartum, D. W. (1997), supra, gives examples of welfare and tax control. 111 See 7.2.6.6.

Data Protection Principles and Interests

it is well suited for target group control. Although it could be argued successfully that target control minimises control in society by targeting those that should be controlled only, target control is prone to misuse and other disadvantages. For example, target control can be used for unfair and unlawful control, especially when directed toward a group of persons because they are identified as offenders by association or belonging. It could also be used to control certain groups of persons out of prejudice – to discriminate. Those that are discriminated against are treated unfairly because they are being subjected to intense and excessive control. Target group control therefore can increase control in society, even though only certain groups in society are targeted. Proportional control between different target groups aims at avoiding negative discrimination in society. Negative discrimination is prohibited by general human rights laws. There is no express prohibition of negative discrimination in data protection laws. An implicit prohibition could be read in the requirement that personal data should be processed in a fair and lawful manner. Article 15 of the Directive which protects individual from being subjected to fully automated decision-making, may be said to be a way of avoiding negative discrimination.112 In addition, a prohibition could also be read in the provision regulating processing of sensitive data. The provision is found in the main data protection laws dealt with here, namely EU Directive Article 8, CoE Convention Article 6 and the Schengen Convention Article 94. There is need for an explicit prohibition of negative discrimination in data protection laws. For example, there should be a general provision that prohibits processing of personal data or control based on prejudice. It should apply also to information systems. 6.5.3.6 Requirement for Proportionality between Internal and External Control The final requirement is the requirement for proportionality between internal and external control. It is about fairness on control directed toward registered persons by the controller because the latter may suspect that the registered person has given incorrect or inadequate information in order to receive a favour or to avoid a duty. In the circumstances, control should not only be directed to the registered, but it should also be directed internally to control errors in the internal routine of the system. For example, there could be an error in registering the information which is caused by a system or human failure. In such an instance, control should not be one-sidedly directed at the registered person, but should also be focused on errors that could be internal. In other words, in as much as the control is directed at the registered person, the controller should also make sure that their routine is proper. The aim here is both to avoid errors and excessive control of the registered person. The scope of the requirement for proportionality between internal and external control could also be extended to cover both internal controls for integrity of the data and information system, which the controller is obligated under law, and external controls by external bodies such as supervisory systems and individual persons. Proportionality between internal and external control implies that there should not be reliance solely on 112 See also Bygrave, L. A. (2002), p. 168

173

174

Chapter 6

either internal or external control. Both internal and external control should be applied as they complement each other.113 Although the controllers may carry out their duties, under the law there is need for external control to ensure that the duty is performed as required. External control acts as supervision to ensure that internal controls are executed. The requirement for proportionality between internal and external control in the first sense above is not directly manifested in the data protection laws. But the interest can be read in the obligation for quality of information, especially in the obligation for notification to supervisory authority where a Member State carries out wholly or partly automatic processing. Articles 19(2) and 21(3) require establishment of some form of internal control for processing that does not involve licensing. The objective is to ensure that the quality of data is safeguarded. The requirement for internal control can also be read in the Schengen Convention, especially Article 103 which requires recording of every tenth transmission of personal data recorded for the purpose of checking whether the search is admissible or not, and Article 118 on security of data. The requirement for proportionality between internal and external control in the second sense above is directly manifested in the data protection laws. The obligation for internal control is manifested in the rules dealing with quality and security of data and special rules as noted above whereas the obligation for external control is manifested in the provisions establishing supervisory authority, especially powers to supervise that the law is followed, Article 28 of the Directive and Article 128 of the Schengen Convention. It must be stressed here that proportionality does not imply giving the same weight to internal and external controls, but rather it requires that consideration be given to both and not only one of them.114 6.5.4

Research Questions

A number of research questions could be raised based on the discussion of the proportionality requirements above. The questions are to be used in the evaluation of the Schengen border control co-operation. The approach used is an individual interest perspective. The questions focus on the extent individual interests are taken into consideration in the formulation of the Schengen and border control co-operation. The aim is to avoid one-sided control that focuses on the controllers’ interests, needs and benefits or interests of costs and efficiency only in disregard to individual interests. – To what extent does the SIS and Schengen border policies enable for decisions that are in favour of individual data subjects or subjects of border control? This calls for examination of the SIS and border control polices orientation. Are they meant to protect individual interests? How are the policies applied? Do they allow for consideration of individual interests where the latter conflict with control interests? To what extent are individual interests in information processing defined and taken into consideration? 113 Karanja, S. K. (2002). 114 Schartum, D. W. & Bygrave, L. A. (2004), p. 63.

Data Protection Principles and Interests

–

To what extent is excessive control in society avoided and minimised? The target here is the rules and other efforts (e.g. education) employed in avoidance of unlawful control and excessive control in society.

Although more questions could be raised, it is decided to limit the evaluation to the two above. This limitation is informed by both practical and problem of investigation considerations. These research questions will be used mainly in chapters on changes in places of control and techniques of control. To a lesser extent they will be used in the chapters on information systems. 6.6

Conclusion

In this chapter, it is illustrated how a combination of data protection principles and data protection interests (i.e. transparency and proportionality interests) can be used to enhance the interpretation and understanding of data protection laws. In particular, the deficiency in data protection principles that could adversely affect transparency and proportionality in data processing has been demonstrated. Especially, there is a need for expansion of data protection principles and interests to include a new principle and interest requirement on non-discrimination. The non-discrimination principle is not expressly manifested in the data protection principles and in the data protection interest catalogues. While transparency in data processing is well-catered for in the data protection principles, proportionality is not explicitly manifested in the principles. It is necessary therefore to expand the principles to include a principle on proportionality. Transparency could also be improved by including an explicit requirement for reasons in the principles. The transparency-proportionality evaluation model developed in this chapter will eventually be used to answer the main question of investigation in this study, namely “the balance between control and individual protection in the Schengen area”. Instead of waiting until the end of the study in order to answer the question, an assessment will be carried out along the way, at the conclusion of every chapter in which the model is applied. Eventually, in the concluding chapters, the core findings of the chapters will be consolidated and recommendations will be put forward. The task undertaken will be deemed accomplished if absence or presence of adequate safeguards to protect individual interests in the face of increasing control can be demonstrated.

175

Part III: Information Systems

7

The Schengen Information System and the SIRENE

7.1

Introduction

In the last decade, a proliferation of cross-border information systems was witnessed mainly in Europe. These systems include the SIS, SIRENE, the Interpol, Europol, Eurodac, Customs Information System (CIS) and the Visa Information System (VIS). While these systems may aid in the control of crime and illegal immigration, they also can have negative consequences as regards human rights compliance. It is, therefore, necessary to examine how they enhance control of persons and at the same time look at the safeguards employed in protection of individual rights against abuse. To accomplish this task, this chapter and Chapter 9 will examine the establishment and nature of these systems by analysing their purpose and policy aims, legal basis, organisation and legal safeguards inbuilt in the systems legal frameworks. In the next chapter, compliance of the SIS with human rights and data protection principles is assessed. 7.2

The Schengen Information System (SIS)

7.2.1

Purpose and Policy Aims

The SIS, which became operational in March 1995, is a very important technological compensatory measure in the removal of internal borders in the Schengen co-operation and establishment of an area of freedom, security and justice. It contributes to the implementation of the policies provided for in the Schengen Convention and now the Treaty, on free movement of persons (Title IV of the EC Treaty) and constitutes a vital tool for day-to-day co-operation between police forces and judicial authorities (Title VI of the EU Treaty). The SIS is a support tool both for free movement of persons and police co-operation. The SIS is a fundamental requirement for implementation of the Schengen Convention and Treaty policies mentioned above. No country can commence the implementation of the Convention before the SIS has been established. As stated earlier, the SIS is op

See also Karanja, S. K. (2002).

180

Chapter 7

erational in 15 countries and partially operational in United Kingdom and Ireland and will be fully operational in the new Member States that join the EU. Norway and the other Nordic countries commenced the implementation of the Convention and SIS on 25 March 2001. The overall objective of the SIS is to strengthen and extend direct co-operation between police, immigration and customs authorities in the Schengen countries (Article 92). That is, to implement EU/Schengen, security, crime control, free movement, and immigration policies. According to Article 93 of the Convention, the specific purpose of the system is twofold. – First, to maintain public order and security including State security. – Second, to enable the Contracting Parties to automatically search the information on persons and objects registered therein for the purposes of border control and police investigations, control and other searches. More precisely, the purpose of the SIS is the control of persons and objects within the territory of the Contracting Parties for the purposes of controlling crime, and illegal immigration (Articles 95-100). These authorities have access to information on persons and goods for use in police and border control and for issuance of visa, residence and working permits and for the general administration of immigration policies. The SIS is basically a database that enables direct search in order to check whether an individual or an object is entered into the system and what action is required to be taken. For example, through the SIS, an examining officer should be able to check rapidly whether a person being checked is mentioned in the database or not. In case of a hit (a positive response), the SIS will indicate what action the officer is to take. Amongst the actions that may be taken are: – arrest for extradition purposes, – entry refusal for unwanted aliens, – whereabouts for missing person, – summons to appear before court for witness or suspects,



   

The two countries have opted in to some parts of the SIS and not all. See, Council Decision of 29 May 2000 concerning the request of Great Britain and Northern Ireland to take part in some provisions of the Schengen Acquis (2000/365/EC published in OJ L 131 of 1 June 2000) and Council Decision of 28 February 2002 concerning Ireland’s request to take part in some of the provisions of the Schengen acquis (2002/192/EC published in OJ L 64 of 7 March 2002); see also Council Regulation (EC) No 2424/2001 ibid preamble 2 and Article 1; Because Great Britain and Ireland do not participate in the parts of the Schengen Acquis relating to immigration, they have no access to immigration data on individuals, which is governed by Article 96 of the Schengen Convention. Ten European countries became full members of the EU in May 2004 and two others in January 2007. See also Ot prp nr 56. p. 59. See also Baldwin-Edwards, M & Hebenton, B. (1994), p. 140. Dumortier, J. (1992), p. 3.

The Schengen Information System and the SIRENE

– –

discreet surveillance or check in order to get information about movements or behaviour for persons required to be put under surveillance, seizure of objects sought.

The SIS is permanently available (24 hours a day) for consultation. It permits consultations on a quick “hit/no hit” basis, to avoid delays and queues, for instance at airports. Construction of a second generation SIS – SIS II is underway. The system is to be a single integrated system. A new SIS system was deemed necessary in order to enlarge the capacity so as to accommodate new Member States who join the EU. The current SIS has the capacity to serve no more than 18 participating States. Further, SIS II will take advantage of the latest developments in the field of information technology and allow for the introduction of new functions.10 SIS II will not only expand the capacity of the system but it will also introduce new technical and investigative possibilities.11 If this happens, the nature of the SIS will therefore fundamentally change and this will enhance and increase control possibilities confirming the fears of Schengen critics. It could also mean duplicating existing EU information systems, especially if new data categories are incorporated.12 The changes to be introduced by SIS II are outlined and discussed below along side the analysis of the current SIS. 7.2.2

Legal Basis

The SIS is established by the Schengen Convention 1990.13 Article 92 of the Convention calls for Contracting Parties to establish and maintain a joint information system, the Schengen Information System, consisting of a national section in each of the Contracting Parties and a technical support function. Since the Schengen Convention is an international law instrument, it was necessary to incorporate it into the national   

Articles 95-100 of the Schengen Convention. Dumortier, J. (1992), p. 3. Commission of the European Communities: Communication from the Commission to the Council and the European Parliament – Development of the Schengen Information System II Com(2001) 720 final; Council Regulation (EC) No 2424/2001 of 6 December 2001 on the development of the second generation Schengen Information System (SIS II) OJ L 324/4 13 December 2001, and ; Council Decision of 6 December 2001 on the development of the second generation Schengen Information System (SIS I) 2001/866/JHA, OJ L328/1 13 December 2001. 10 Ibid. Preamble 3. 11 COM(2001) 720 final and; JSA Opinion on development of SIS II 19 May 2004:- The development of the system is being driven by the changing demands of justice and home affairs in the EU rather than by a stated purpose laid down in a legal framework, if this continues, the character of the system could change completely, with the SIS II evolving into a multipurpose investigative and administrative tool. p. 3. 12 JSA Opinion ibid. p. 8. 13 The proposed SIS II Regulation and Decision repeals and replaces Articles 92-119 of the Schengen Convention as the legal basis of the Schengen Information System.

181

182

Chapter 7

legal systems of member countries. Incorporation into member countries’ legal systems differs according to the tradition each country subscribes to, namely monist or dualist. In nomist countries, the Schengen Convention has been incorporated as it is, without enacting a new law. An example of the monist approach is Austria, where the Schengen Convention has direct effect and therefore it was not necessary to enact a new SIS law.14 On the other hand, Norway chose to follow the dualist path and enacted a new SIS law15 and regulations.16 A number of preparatory works were issued in connection with the incorporation of the SIS law into the Norwegian legal system.17 The changes anticipated under SIS II cannot be accommodated under the current Schengen Convention legal basis. The Commission has therefore proposed developing and installing SIS II, which will eventually require the adoption of legislation to take place of Articles 92 to 119 of the Schengen Convention.18 The legislation will have to rest upon the appropriate legal bases in the Treaties in order to enable the other institutions to play their full part within the institutional framework of the EU and the European Community.19 Without prejudice to adoption in the future of the necessary legislation describing in detail the legal architecture, objectives, operation and use of SIS II, the Council on 11 June 2002 adopted a decision amending certain provisions of the Schengen Convention. The purpose was to introduce new functions which could be realised with the current version of the SIS. The functions were aimed at – giving to EUROPOL and the national members of Eurojust access to the SIS data, – the extension of the categories of missing objects, about which alerts may be entered, – the recording of transmissions of personal data, and, – inclusion of SIRENE in Article 108 of the Convention.20 Later on 29 April 2004 and 24 February 2005, a Regulation and Decision were adopted respectively to amend the Schengen Convention and introduce new functions for the 14 Karanja, S. K. (2002). 15 Lov 16 juli 1999 nr 66 om Schengen Informasjonssystem (SIS) – Schengen Information System Act 1999. Se also Schartum, D. W. & Bygrave, L. A. (2004), p. 215-22. 16 For 21 desember nr 1365 forskrift til lov om Schengen informasjonssytem – Schengen Information System Regulations. 17 See note 70. 18 See the proposed Regulation COM(2005) 256 final and Decision COM(2005) 230 final. 19 Com (2001) 720 final; Council Regulation (EC) No 2424/2001; Council Decision 2001/866/ JHA; The reason for the distinction between Regulation and Decision is that the purpose of the SIS is to improve police and judicial co-operation in criminal matters (covered by Title VI of the TEU) and the policy on visas, immigration and the free movement of persons (covered by Title IV of the TEC); The proposed SIS II will repeal and replace the current legal basis of the Schengen Information System. 20 Council Decision concerning the introduction of some new functions for the Schengen Information System, in particular in the fight against terrorism, SIS 39 SCHENGEN 2 COMIX 369 9408/02.

The Schengen Information System and the SIRENE

Schengen Information System which would also facilitate the fight against terrorism.21 In addition, in 2003 the Commission issued a proposal for a Regulation to amend the Convention in order to grant vehicle registration authorities access to the SIS.22 The amendments may be deemed as the Member States immediate reaction to 11 September 2001 events. The amendments will be outlined where appropriate in the discussion below. 7.2.3

Organisational Overview

7.2.3.1

Technical Structure and Functioning of SIS

The SIS consists of two main components: the national systems, referred to as the national SIS (N.SIS) and a central technical support system known as the Central SIS (C.SIS) (Article 92), see Figure 4 below. The national SIS is the national part of the SIS, and is located in each Contracting Party’s territory. Each Contracting Party is responsible for setting up and maintaining its own N.SIS. It is also responsible for the data it enters in the central support system. The data files of all N.SIS are kept materially identical. This is ensured through the C.SIS. The national system enables designated national authorities to search information in the SIS. Competent national authorities of each Contracting Party can only carry out searches at their own N.SIS as it is not possible to search the data files of other Contracting Parties’ N.SIS. “The SIS operates on the principle that the national systems cannot exchange computerised data directly between themselves, but instead only via the central system (C.SIS).”23 In Norway, the N.SIS is located at the National Unit for Combating Organised and Other Serious Crimes (Den Nasjonale enhet for bekjempelse av organisert og annen alvorlig kriminalitet – Kripos) hereinafter Kripos, Department for Criminal Data (Datakrim avdelingen). The N.SIS database is built separate from the rest of the police information systems. Information in the N.SIS is available to users through the police IT infrastructure and access to the Norwegian N.SIS is similar to access to the national police systems.24 The system enables the police and other designated authorities to search online the registered information on persons and objects. But as the Schengen Convention declares, it is not possible to search other Schengen countries’ N.SIS data21 Council Regulation (EC) No 871/2004 of 29 April 2004 concerning the introduction of some new functions for the Schengen Information System, including the fight against terrorism and Council Decision 2005/211/JHA of 24 February 2005 concerning the introduction of some new functions for the Schengen Information System, including the fight against terrorism. 22 Proposal for a Regulation of the European Parliament and of the Council amending the Convention implementing the Schengen Agreement of 14 June 1985 on the gradual abolition of checks at common borders as regards access to the Schengen Information System by the services in the Member States responsible for issuing registration certificates for vehicles. 23 SIRENE Manual 1 OJ C 38 2003 p. 4. 24 St prp nr 42 p. 38-39.

183

184

Chapter 7

bases. According to the Convention, it is not also possible to transfer information from the SIS to the national police systems. The Ministry of Justice, during the establishment phase, appointed a project group to ensure that the technical, functional and data protection requirements of the N.SIS were met and complied with before implementation commenced.25

SIRENE

N.SIS CP-C

N.SIS CP-B

C.SIS N.SIS CP-A

Immigration Authorities

N.SIS CP-D

Police

Flow of Data Search CP-A – Contracting party A N.SIS – National SIS C.SIS – Central SIS Article 95 Alerts Figure 4: Technical Aspects and Functioning of SIS

The Central SIS, which is located in Strasbourg, France is set up and maintained jointly by the Contracting Parties who are also jointly liable for risks. The French government has the responsibility for the C.SIS with the Minister for the Interior having formal responsibility. But a permanent working group representing the Schengen countries manages the system. The C.SIS links the N.SIS networks of the Schengen countries. It comprises a data file that ensures that the data files of all the N.SIS are kept identical by on-line transmission of information. The data file of the C.SIS contains reports on

25 Datatilsynet: Schengen infomasjonssystemet – Personvern og sikkerhet, prosjektrapport, delprosjekt D – 1999.

The Schengen Information System and the SIRENE

persons and objects from all the Contracting Parties and therefore acts as a backup to the N.SIS files The technical architecture of the SIS will change with the adoption of SIS II. SIS II will comprise a Central System (C.SIS) which contains all data and a National Interface (NI) without data storage. In this architecture, all data are stored centrally in the C.SIS. The National Interfaces store no Schengen data and are little more than “pass through” interfaces.26 Automated queries on the SIS database are to be done, where necessary, on the national copies of the SIS database or on the central system via the national interfaces. The Contracting Parties may decide to store data in their national systems (NS) (and so use and query the national data file), however it is possible for the Member States to query, in an automated manner, the SIS database kept at the central system.27 The national copy of the SIS database is maintained by the countries for their own account and at their own risk. The central system ensures the availability, integrity and continuous update of the SIS data, both for updating the national copies of the SIS database and for the purpose of allowing queries on the database.28 The central system contains the alerts introduced pursuant to Articles 95 - 100 of the Schengen Convention. From the earliest conception of SIS II, it has been clear that the system should be a flexible tool that will be able to adapt to changed circumstances and fulfil, within a reasonable time and without major additional costs and efforts, user requests made during its life cycle.29 As such, the new architecture will be easily adaptable to incorporate new fields or categories of data, incorporate new Member States and be able to handle larger volumes of data than the current SIS.30 SIS II is to allow for new functions in addition to the functionalities already set out in existing provisions. Existing Functions – The functions offered by the current SIS; – The functions set out in Council Regulation and Council Decision concerning the functions for the Schengen Information System, including the fight against terrorism.31 New Functions – The addition of new categories of alerts, both on persons and on objects (including where necessary the possibility that certain alerts be automatically deleted after certain event/date); – The interlinking of any alerts, ensuring that this does not change the existing access rights to the different alerts; – The addition of new fields in the alerts and the modification of existing fields (including changing the optional character of a field to mandatory or vice versa); 26 27 28 29 30 31

Com(2003) 771 final, 11 December 2003. Ibid. Council Conclusion on SIS II, Brussels, 26 May 2003 COMIX 330 p. 6. Ibid. p. 4. Ibid.; See also Com(2001) 720 final, 18 December 2001. Council Conclusions on SIS II functions document 10125/04 SIRIS 69 COMIX 378 p. 3.

185

186

Chapter 7

– – – –

– –

The modification of the duration of the alerts; New authorities to get access to the SIS (including where necessary the possibility to give partial access or access with a purpose different from the original one set in the alerts); The storage, transfer and possible querying of biometric data, especially photographs and fingerprints.32 The technical possibility to store in SIS II the information described in Article 8 of the Framework Decision on the European Arrest Warrant and the surrender procedures between Member States, information contained in forms “A” and “M” relating to extradition procedures under Article 95 of the Schengen Convention and the information currently transmitted through the Q form (misused identity); The technical possibility to include a new category of alerts on minors to be precluded from leaving the Schengen area; and The technical possibility for the exchange of information on stolen and lost passports with the relevant Interpol database.33

In this sense, the character and capacity of the SIS will change and become more inclusive and expansive. The interlinking of alerts is an example of a functionality that could lead to a change in the character of the system from a reporting system to an investigative system.34 The fact that the new SIS will have possibilities of expansion and allow new functions and users to be added in may pose the risk of function creep i.e. expanding the system to all possible uses in future. Data could also be used for purposes not expressly stated well in advance; a risk that Schengen critics have continuously feared. The addition of new categories of information could lead to the SIS II duplicating other EU information systems such as the Europol information system, the customs information system, the Eurodac and even the proposed Visa Information System, a development which, as the Schengen Joint Supervisory Authority (JSA) states in its opinion, might have implications for the standard of data protection.35 The functioning of the SIS is represented in Figure 4 above. Data flows from different sources in the territory of a Contracting Party to the N.SIS. For example, data may come from the police or immigration authority in any one district. Then, the information that is designated for inclusion into the SIS will be forwarded to the N.SIS. When the information reaches the N.SIS office, the authorities assess and evaluate whether it is necessary to include this information in the C.SIS. If the decision is affirmative, the information is entered in the C.SIS. This means that it is upon each country to decide whether information is to be included in the C.SIS or not.36 The Schengen Convention provides a framework of the information that can be registered in the system, but it is 32 33 34 35 36

Council Conclusion on SIS II supra p. 4. Council Conclusions on SIS II functions document 10125/04 SIRIS 69 COMIX 378 p. 5. JSA Opinion on the development of SIS II, 19 May 2004. Ibid. p. 5; see also 9.1 below. This may raise the problem of divergence in the data entered in the system by Contracting Parties. See 7.2.4 below.

The Schengen Information System and the SIRENE

upon each country authorities to decide which information, in a concrete case, shall be entered.37 The C.SIS evaluates the relevance of the data to the SIS and upon approval distributes the data to ALL the national systems, including the N.SIS of the reporting country. All the N.SIS are updated accordingly upon receipt of the data from the C.SIS. This process takes about three to five minutes for the information to be available for search in all N.SIS. As such, the information in the SIS is current and updated. On the other hand, if the decision is negative, the information remains in the N.SIS and cannot be searched by other Contracting Parties. Under Article 92 (2), it is not possible to search the data files of other Contracting Parties’ national sections. That is, only the data that is approved by the C.SIS is searchable by other Contracting Parties on-line. But through the SIRENE system (discussed below 7.3), it is possible for Contracting Parties to exchange supplementary information in the N.SIS but which has not been entered into the C.SIS. This is possible prior to the entry of a report in the SIS, or following a hit (positive search) in the SIS. SIS II will affect the way the SIS functions in a number of ways as has been noted above. Firstly, data will be stored centrally as there will be no data stored in the National Interface (NI). Secondly, search will be carried out on the central system. Where, however, Contracting Parties opt to store data in the National System (NS), a search can be done on the NS. In addition, SIS II will increase the capacity for recording more information and increase functions.38 7.2.3.2

Control Authorities

Each Contracting Party has the responsibility to designate the national authorities with control responsibilities (Articles 92 & 101). As such, each Contracting Party appoints the authorities in charge of the N.SIS. As the Convention is not specific as to which authorities these are, one must look at the national legislation to be able to identify them. It is also expected that the authorities with responsibility differ from country to country because the discretion to designate the authorities is left to the Contracting Parties. What follows below is an analysis and identification of authorities with responsibility under Norwegian SIS law. In Norway, the Ministry of Justice has the overall responsibility in the exercise of functions by the N.SIS and registration responsibility (see diagram below).39 Further, the Ministry is the appeal organ under § 19 of the SIS Act. The law on SIS § 2, however, places the responsibility for operating the Norwegian N.SIS and SIRENE on Kripos. Kripos has the responsibility for registering information of persons and objects in the N.SIS and responsibility for the system. In addition, it ensures that the information placed in the SIS by the Norwegian authorities is correct, up to date and lawfully registered. Apart from the Ministry of Justice and Kripos, the police districts in Norway have the responsibility to make decisions on registration of persons and objects in the SIS. The 37 Ot prp nr 56 (1998-99), pp. 24, 64. 38 See proposed SIS II legislation. 39 Ot prp nr 56 (1998-99) p. 64.

187

188

Chapter 7

decision to register information under any one of the finalities in Articles 95-100 of the Convention is made by the police districts. But under Article 96 of the Convention, the police district role is limited to preparation of the expulsion case, after which it is sent to the Directorate of Immigration which makes the decision and registers it in the central registry, Data System for Immigration and Refugee Cases (Datasystem for Utlendings og Flyktingsaker – DUF). For Article 96, the Directorate of Immigration has the decisionmaking powers.

Ministry of Justice and Police

Kripos

PD

ID

PD

Figure 5: Authorities with Responsibility under Norwegian SIS Law

In compliance with Article 95 of the Schengen Convention, the prosecution authorities in the police districts in Norway have responsibility to file notice of persons wanted for arrest for purposes of extradition. The notice is sent to the SIRENE, which carries out quality control of the message on whether a court order for arrest exists and whether it meets the conditions for registration as stipulated by the Convention. Further, the SIRENE controls the supplementary information under § 95(2a-e) that must accompany the report to the SIRENE.40 In addition to the provisions in the SIS law, the regulations § 1-2 make it clear that only persons competent to do so may make a decision on registering information in the SIS. It provides that registration of information touching on prosecution can only be made by a person with prosecution authority. Similarly, registration of information concerning refusal to enter into the country can only be made by immigration authorities Under SIS II, the authorities responsible for the establishment of the central system (CS) will be the Commission, while the Member States will be responsible for the establishment of the National Interface and National system.41 40 Ibid. p. 64. 41 See also proposed Council Regulation 2004 and Council Decision 2005 on the establishment, operations and use of the second generation Schengen Information System (SIS II).

The Schengen Information System and the SIRENE

7.2.4

Data to be Entered in the SIS

Article 94(1) stipulates restrictive categories of data, which can be entered in the SIS. They are data supplied by each of the Contracting Parties and are required for the purposes stated in Articles 95 - 100. These categories of data relate to persons and objects referred to in Articles 99 and 100. As regards persons, according to the amendment to Article 94 (3), the following obligatory personal data can be registered. – Surname and forenames, any aliases possibly entered separately; – Any specific objective physical characteristics not subject to change; – (…); – Place and date of birth; – Sex; – Nationality; – Whether the persons concerned are armed, violent or have escaped; – Reason for alert; – Action to be taken; – In case of alerts under Article 95: the type of offence(s). The basic information reveals a combination of objective and subjective data. But registering of sensitive data as defined in the first sentence of Article 6 of the Council of Europe Convention of 28 January 1981 for the Protection of Individuals with regard to Automatic Processing of Personal Data is not authorised. That is, ‘personal data revealing racial origin, political opinions or religious or other beliefs, as well as that concerning health or sexual life’. Since, however, the main provision allows the registration of objective and permanent physical features and leaves registration to the discretion of the registering officer, registering of physical features such as colour that may reveal racial origin means that sensitive data will be registered. The development of SIS II may expand the obligatory data to be entered to include new categories such as photographs and fingerprints and the addition of certain details on persons or objects. In addition, link(s) to other alerts processed in the SIS II could be included.42 Hence, SIS II will not only affect the quantity of data but also the quality of the data entered. Among other things, it will enhance the ability to place more references specific to persons into SIS records. SIS II makes possibilities of registering more objective, subjective and sensitive data a reality. The finalities that permit the registration of personal data in the SIS, regardless of nationality are: – arrest in view of extradition (Article 95), – search in case of disappearance, search of minors or of persons to be confined by decision of a competent authority (Article 97),

42 The proposed SIS II legislation has expanded categories of data to include those named here.

189

190

Chapter 7

– –

arrest in view of an appearance in court of justice, even as a witness, in the context of a penal procedure or of the execution of a sentence depriving the subject his freedom (Article 98), discreet watch and specific checks in view of repression of penal offences, prevention of threats to public security or prevention of serious threats to the State Security (Article 99).

Under Article 99(4) for the purposes of discreet surveillance, the following information may be collected and exchanged. – The fact that the person reported or the vehicle has been found; – the place, time or reason for the check; – the route and destination of the journey, persons accompanying the person concerned or occupants of the vehicle; – the vehicle used, objects carried, the circumstances under which the person or the vehicle was found. The provision does raise some problems because it may be used by governments for political surveillance on dissidents and other political opponents, as the provision is vague. On 20 September 2001, the Council proposed the need for simplifying procedures for introducing Article 99 alerts. This would entail replacing the procedures laid down in the Schengen Acquis (Article 99 of the Convention and the SIRENE Manual) for introducing Article 99 alerts by a system simplifying the consultation mechanism. Simplification of procedures would mean that it will be easier to introduce an alert under Article 99 than it is today, hence opening the doors for more registrations under discreet surveillance. This proposal (and many others that will appear in SIS II) is a direct result of the US 11 September 2001 terrorist attacks aftermath. For foreign nationals or aliens (as defined in Article 1 of the Schengen Convention), personal data is registered for the purposes of refusal of entry in the Schengen territory as a result of an administrative or judicial decision taken in accordance with the national procedural regulations, or on the grounds of threat to public order or to national safety and security, or on the grounds of non-observance of national regulations for entry and abode of foreigners (Article 96). Discussions were underway to introduce, in SIS II, amendments to Article 96 so as to allow the introduction of a new database for visas used (granted and refused visas) under this Article. The proposal, by the Council in its conclusion No. 26 of 20 September 2001, wanted the Commission to examine whether the SIS is the appropriate tool for storing and exchanging large volumes of information on visas. The purpose is to exchange information about people who overstay their visa period and their residence permit.43 If this proposal is accepted, the volume of personal data and the persons registered under Article 96 would increase with staggering proportions.44 43 Com(2003) 771 final has recommended a separate Visa Information System (VIS) to be built on the same SIS II technical platform. 44 Visa data will now be registered in the Visa Information System and not in the SIS.

The Schengen Information System and the SIRENE

Objects such as goods can only be entered together with the name of their owner and must relate to cars, firearms, stolen documents or banknotes searched to be seized or serve as evidence in a panel procedure (Article 100). In case of vehicles, it is permitted to register data concerning those searched for the purpose of discreet watch or specific checks (Article 99). Under this category, input of information concerning the watched vehicle’s driver or occupiers is also authorised. The amendment to Article 100 (3) by the Council Decision has expanded the categories of objects to be entered in the SIS. Under SIS II, the number of objects that can be recorded in the system could be expanded to include new categories of stolen property such as art objects, boats and ships. The proposal is for the addition of new categories of objects for the purpose of seizure, use as evidence in criminal proceedings or surveillance. Data input into the SIS for the purposes of search are referred to as alerts. Every positive search is referred to, as a hit. The number of alerts registered in the SIS between 1999 and 2005, are shown in Figure 6 below, however, 2002 figures are lacking.45 The numbers have changed from year to year with 2001 indicating the lowest and 2004 the highest numbers of alerts. Alerts under Article 96 are the highest for all the years and account for an average of 89% of the total alerts registered.

Article 95 Article 96 Article 97 Article 98 Article 99 Total

1999 10,491 764,851 89% 27,436 35,806 17,365 855887

2000 10,914 750,347 89% 28,362 35,297 17,335 842255

2001 11,628 709,763 88% 29,132 30,763 21,874 803160

2003 14,023 780,992 89% 32,211 34,413 16,016 877655

2004 14,902 785,631 89% 34,400 32,696 15,882 883511

2005 15,012 714,078 87% 36,235 35,317 18,031 818673

Figure 6: Alerts Entered in SIS: 1999 - 2005

Looking at the statistics, the SIS could be said to play an important role for policing the movements of third country nationals entering the European Union at the external borders of the Schengen countries because of the consistent increase in number of alerts entered and hits realised. But the statistics also confirm the fear of many Schengen critics that the SIS will be used to target on and restrict the entry of foreign nationals into the Schengen area.

45 Source of data is Challenge Liberty and Security: Data surveillance and border control in the EU: Balancing efficiency and legal protection of third country nationals. http://www. libertysecurity.org/article289.html Accessed on 21 December 2005.

191

192

Chapter 7

Article 95 Article 96 Article 97 Article 98 Article 99

Hits 2,841 26,363 3661 1,779 2,232 (Persons)

2001 % 24 3.7 6% 12 10.5

Hits 3,813 21,957 1,984 4,945 2,989 (Persons)

2004 % 25.6 2.8 14.4 15.1 18.8

Figure 7: Annual Hits 2001 and 2004

Figure 7 represents the number of hits recorded for Articles 95 – 99 alerts in 2001 and 2004 and the percentage when a hit is registered.46 Comparing the numbers of hits with the numbers of entries for each category, entries on Article 96 on third country nationals to be refused entry in the Schengen/EU area, record the lowest hits. This statistical data confirms that registration of third country nationals is less efficient compared with the records of persons stored for other purposes into the SIS. It would also confirm that SIS is being used more and more for other purposes as regulated in the Schengen Convention. In Norway, the number of hits rose from 301 in 2001 to 611 in 2002. 230 of the hits were Norwegian alerts registered abroad, 23 hits were Norwegian alerts in Norway and 358 hits were foreign alerts in Norway.47 If one were to assess the usefulness of the system by the number of hits, then it is clear that the system is functioning as an important tool in the prevention and control of crime and illegal immigration. By 31 December 2002, there were 30, 803 alerts registered in the SIS by Norway. 1,020 of them were alerts on persons. Control of identity of 187,513 persons resulted to 13 hits only.48 This confirms the situation in the general Schengen area. 7.2.5

Access to Data

Information entered in the SIS can be searched and accessed by authorities designated by the Contracting Parties for the purposes of border checks and controls and other police and customs checks when carried out inside the country, in accordance with national law (Articles 92 and 101). In addition, authorities responsible for immigration and administration of aliens may directly search data included in the SIS under Article 96 of the Convention. According to Article 101(4), the Executive Committee must be sent the list of authorities entitled to search directly the data entered in the SIS.49 It is expected the lists of different Contracting Parties will differ reflecting the differences at national 46 47 48 49

Ibid. Nye Kripos: Årsrapport (2002), p. 12. Ibid. See Council of the European Union list of competent authorities who are authorised to search directly the data contained in the Schengen Information System pursuant to Article 101(4) of the Schengen Convention. 6265/03, 14 April 2003.

The Schengen Information System and the SIRENE

levels in the functioning and organisation of police and immigration authorities.50 Amendments to the Schengen Convention by the Council Decision granted Europol and the national members of Eurojust and their assistants the right to access and search the data entered in the SIS. According to the new Article 101A, Europol has a right to access and search data entered in accordance with Articles 95, 99 and 100 and according to new Article 101B Eurojust data entered in accordance with Articles 95 and 98. The amendment of Article 102, through insertion of a new Article 102a, has extended the right of access and search to the services in the Member States responsible for issuing registration certificates for vehicles. The right is for the purposes of checking whether vehicles presented to them for registration have been stolen, misappropriated or lost and that persons applying for a registration certificate are using identity documents to that end. Only services which are government services are entitled to directly search the data entered in the SIS. Services that are not government services have access to data only through the intermediary of a government service. Granting new authorities access and search rights to data entered into the SIS extends the use of the data for purposes which were not originally intended. This re-enforces the view that the data in the SIS will be applied to other uses and increases the risk of function creep. The Norwegian SIS Law SIS Direct Access + Indirect Access with- Access with Search Search out Search Police Police Immigration Authorities Immigration Customs Service Police Authorities Coast Guard Border Control Authorities Immigration authori- Europol and Eurojust ties The Ministry of Justice

Government Vehicle Registration Services Non-government Vehicle Registration Services – Indirect Access

SIS II Access with Search Immigrations Authorities Police Border and Customs Authorities Europol, National Judicial Authorities, Public Prosecutions and Eurojust Asylum and residence Authorities Government Vehicle Registration Services Non-government Vehicle Registration Services – Indirect Access

Figure 8: Access to Data Entered in SIS: A Comparison

50 Ibid. The list of Contracting Parties reflects this divergence; See Figure 12 in Chapter 8.

193

194

Chapter 7

SIS II anticipates expansion of access to data in the SIS to new users. The changed character of the SIS to accommodate more data and functions means it will be of interest to other users such as security and intelligence services, as well as police crime investigation units. The inclusion of new database on protestors51 will mean that the police, security and intelligence agencies will be more interested with the SIS. Under the proposal, Article 99 of the Schengen Convention on secret surveillance would be extended. As post-11 September 2001 measures which call for strengthening co-operation between police services and intelligence services and maximising the potential of existing instruments, the creation of a restricted access terrorist database to allow for access to information in respect of terrorist suspects, without this being circulated widely to all law enforcement officers, is proposed. According to Figure 8, other users who may get access to data in the SIS are judicial authorities, asylum authorities or possibly even authorities such as those responsible for residence permits.52 Under pre-11 September plans, access to the SIS was already to be widened to give access to immigration, drivers’ licensing and other law enforcement agencies and its capacity increased to allow non-Schengen countries (United Kingdom and Ireland)53 and accession candidates to participate.54 Opening access of data in the SIS to many persons and authorities means that security and quality of data may be in jeopardy, misuse of data may increase and control on users may not be possible. 7.2.6

Data Protection

7.2.6.1

General

Data protection is given a prominent position in the Schengen Convention. The specific provisions for the protection of personal data are found in Title VI, Articles 126-130 of the Convention. In addition, Articles 102-119 set out provisions for the protection of personal data and security of data in the Schengen Information System (SIS).55 These 51

52 53 54 55

Conclusions of the special Justice and Home Affairs Council on 13 July 2001; Belgium proposal 15.10.2001 to EU Presidency of the Council of the European Union that the Schengen Information System be extended to cover “potentially dangerous persons” who are to be prevented from entering countries for “sports, cultural, political or social events”; Statewatch: The enemy within; EU plans the surveillance of protesters and the criminalisation of protests; Proposal for the extensions on Article 96 and Article 99 of the Schengen Convention, 12813/01; Statewatch: The “enemy within” II – EU plans to extend the Schengen Information System to i) create EU database to target “suspects” protesters and bar them from entering a country where a protest is planned, ii) create EU database of all foreigners to remove third country nationals who have not left within the prescribed time frame. Council of the European Union 5968/02 LIMITE SIS 6 COMIX 78. United Kingdom and Ireland would not have access to Article 96 data. See Statewatch: The enemy within II supra.; Statewatch Vol. 11 No 1. These provisions are repealed and replaced by the proposed SIS II legislation. See Postscript.

The Schengen Information System and the SIRENE

provisions are by no means exhaustive. The Convention supplements the provisions by providing for the application of national law of a Contracting Party where no specific provisions have been laid down in the Convention (cf. Articles 104 (2), 109 and 114). Under Article 114(1), a national supervisory authority, established under national law, plays an important role in the supervision of the data entered into the national section of the Schengen Information System. A joint supervisory authority is also established under Article 115 to supervise implementation of the Convention in general and in particular the SIS. The Schengen Convention calls for a minimum level of data protection in the Contracting Parties countries. The Convention requires all Contracting Parties to enact data protection legislation with a minimum level of protection equivalent to that in the 1981 Council of Europe Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data. In addition, for the exchange of data on police work, the Convention requires Contracting Parties to comply with Recommendation R (87) 15 of 17 September 1987 of the Committee of Ministers of the Council of Europe, relating to the use of personal data in the police sector. These provisions are supplemented by specific conditions for information exchange without a prior request in the general interests of crime prevention, public policy and security (Article 129).56 The Schengen Convention also requires each of the Contracting Parties to establish an independent national supervisory authority to monitor compliance with the data protection rules before exchange of data under the Convention (Article 128). Data protection rules in the Schengen Convention are complex. They relate to data exchanged within the Schengen Information System (automated data) and outside the SIS (automated and non-automated). There are specific rules covering data protection in the SIS (Articles 102-118) and data exchanged in relation to asylum matters (Article 38). There are also general rules on data exchange in relation to external border checks and surveillance (Article 7), violations of national laws on the entry and residence of aliens [Article 27(2)], mutual assistance and other co-operation between police authorities (Articles 39 & 49), mutual assistance in criminal matters (Articles48-53), and the purchase and possession of firearms (Article 91). Here the main concern is with the exchange of personal data in the SIS. 7.2.6.2 Security of Data Security of data is dealt with comprehensively in Article 118 of the Convention. Each of the Contracting Parties undertakes, in respect of the national section of the SIS, to prevent any unauthorised person from having access to installations uses for the processing of personal data, prevent data media from being read, copied, modified or removed by unauthorised persons, prevent the unauthorised entry of data into the file and any unauthorised consultation, modification or deletion of personal data included in the file, and prevent automated data processing systems from being used by unauthorised persons by means of data transmission equipment. To guarantee that, with respect to 56 House of Lords European Communities Committee, 31st Report.

195

196

Chapter 7

the use of an automated data processing system, authorised persons have access only to data for which they are responsible and so on. Other provisions that enhance the security of data are Articles 101 and 103. Article 101 deals with access to data entered in SIS. The provision limits the access to only authorised persons. The authorised persons may search data which they require for the performance of their tasks. Any search that is not necessary for the performance of their tasks is illegal. In a French court case, Tribunal Administratif de Paris v. Saïd (1996),57 the court condemned French local authorities’ search practices. A person from Algeria, with a valid residential permit in France, was issued a deportation order after reporting a change of residential address to the local authorities. The authorities searched SIS and found that the person had been registered as an unwanted person, to be refused entry under Article 96 of Schengen Convention by Belgian authorities, for an offence committed in Belgium while on a visit there. In its decision, the court held that the local authorities had no right of access to search SIS on the basis of a report concerning change of residential address. Each Contracting Party is also required to furnish the European Council with a list of competent authorities with power to search the data contained in the SIS, specifying for each authority, which data it is allowed to search and for what purpose. The purpose of this provision is to try to limit access to the SIS to authorised persons only. Article 103 is concerned with control of access to the data in the SIS so as to monitor unlawful access. It recommends that each Contracting Party ensures that, on average, every tenth transmission of personal data is recorded in the N.SIS by the data file management authority, for the purposes of checking whether the search is admissible or not. The proposed legislation on SIS II has changed this and recommends that a record or log be made of all access to the data in the SIS. The security of data provisions are extensive such that if they are adhered to, the security of data would be ensured. But as Mathiensen58 observes, due to the different laws and traditions in the protections of personal data and different police practices in the European countries, ensuring the security of data registered in the SIS can be a mammoth task. 7.2.6.3 Quality of Data Articles 112 and 113 of the Schengen Convention limit the time and duration which data may be kept. These provisions are a novelty in the police and border control sector where data were previously kept for as long as possible. In Norway, there was no time limit provision under the former Data Protection Act 1978. Neither has the new Data Protection Act 2000 introduced any time limit. The Act makes a general prohibition against storing unnecessary personal data and requires the controller not to store personal data longer than is necessary to carry out the purpose of the processing. It also requires where the

57 See Karanja, S. K (2002). 58 Mathiessen, T. (1996), p. 25.

The Schengen Information System and the SIRENE

data are not to be stored in pursuance of the Archives Act or other legislation, they shall be erased.59 The Contracting Parties have the responsibility of ensuring that data entered into the SIS does not stay there more than necessary. Under Article 112, data for the purposes of locating persons shall be kept only for the time required for achieving the purpose for which it was supplied. The general period for retention is three years and the reporting Contracting Party may review the need for retention. For alerts entered under Article 99, however, the retention period is one year. This perhaps underscores the fact that most of the data stored under Article 99 may be based on unverified sources and suspicions. When the respective deadlines expire, the C.SIS automatically deletes the data.60 The deletion has to be reported to the reporting State one month in advance, in which case the State may ask for an extension if this is required for the purpose for which the report was made. As concerns other personal information, the Convention puts a ten years time limit after which the data is erased but preserved for one more year in the SIS. During this period, data may only be consulted for subsequent checking as to their accuracy and as to whether the data were entered lawfully. After one year, the data may be destroyed. But data on issued identity papers and suspected banknotes may be kept for a maximum period of five years and data on motor vehicles, trailers and cravens for a maximum of three years. But as will be seen in 8.3.3.5 below, the Contracting Parties have been in breach of the deletion rules. In the SIS II proposal, the need to extend the duration of alerts in the SIS and replacing maximum deadlines by review was suggested. 61 Most delegations were, however, of the opinion that the rules of the Schengen Acquis on the duration of alerts and the possibility of renewing the alert when it is still valid under national law offered enough flexibility and covered operational needs. It was also felt that the added benefit, in terms of management and workload, of extending the duration of SIS alerts and/or replacing maximum deadlines with review deadlines did not outweigh the significant data protection problems that this would involve. But still some delegations wanted these proposals to be examined further.62 The SIS II legislative proposals have extended the retention duration (see Postscript). The Schengen Convention setting out the time frame in which the data is to be erased provides better data protection regime than the national legislation. As regards correctness, up to datedness and lawfulness of data, Article 105 stipulates that the reporting State has the responsibility to ensure that the data included in the SIS is accurate, up to date and lawful. The provision is a statement of the principle of ownership and responsibility.63 The reporting country is the owner of the information registered in the system and not the data subject. Hence, any liability lies with the State, 59 60 61 62

Section 28 of the Data Protection Act 2000. Dumortier, J. (1992), p. 7. Council of the European Union: SIS 5968/02. The proposed SIS II has extended the duration for which the data can be kept before deletion. This is unfortunate as it weakens data protection in the Schengen. 63 Dumortier, J. supra.

197

198

Chapter 7

which has the responsibility for the integrity of the data.64 Further, the Convention provides that it is only the reporting State that can amend, supplement, correct or delete data which it has introduced. If a State is of the opinion that an item of data is legally or factually inaccurate, it must report this to the reporting State which shall check the communication and if necessary, correct or delete the item in question without delay. In case of disagreement, the State that complained shall submit the case to the joint supervisory authority for its opinion. But the Convention is silent as to whether or not the opinion of the joint supervisory authority is final and to what happens if the conflict persists even following its advice. There is also no solution for a case where the joint supervisory authority does not succeed in formulating a unanimous opinion.65 JSA Report on Article 96 data revealed that quality of data can be compromised because different authorities are responsible for quality and integrity of data. Secondly, there are no formal and written procedures to ensure that Article 96 data are accurate, up to date and lawful. It recommended that authorities responsible should develop formal and written procedures to ensure quality and integrity of data. Where different authorities are responsible for the quality and integrity of data, it should be ensured that their different responsibilities are organised and interlinked in such a way that data are kept accurate, up to date and lawful and that the control of these data is guaranteed.66 7.2.6.4 Purpose Specification Article 102 restricts the use of data registered in the SIS for the purposes laid down in the finalities of alert referred to in Articles 95-100 only. Copying of data is prohibited and may only be allowed for technical purposes if it is necessary in order for the authorities referred in Article 101 to carry out a direct search. Copying of alerts by other Contracting Parties from the section of the SIS into other national data files is also prohibited. Derogation from the purpose limitation rule, however, is permitted if justified by the need to prevent an imminent serious threat to public policy and public security, on serious grounds of national security or for the purposes of preventing a serious criminal offence. In such a case, authorisation from the Contracting Party that issued the alert is required. Similarly, use of data for administrative purpose is not permitted. But a Contracting Party may use data entered under Article 96 for administrative purpose if the national law allows derogation as stated above. Use of data outside the ambit of what is permitted under this Article is regarded as misuse of data and is unlawful. 7.2.6.5 Individual Participation Data subjects have a number of rights under the Schengen Convention, among them: the right of access, the right to request verification of data and the right to correction and deletion of data. 64 Art. 116 of the Schengen Convention. 65 Hebenton, B. and Thomas, T. (1995), pp. 177-78. 66 JSA Article 96 Report p. 9.

The Schengen Information System and the SIRENE

The right of access is the most important right in personal data protection from the data subjects’ point of view. It is a basic and inalienable right of every data subject. Without it, from a practical point of view, it would be difficult for a data subject to control, or ever know what data concerning him has been recorded, its correctness, up-todateness, accuracy and relevance. As such, the right of access is important for the data subject to be able to exercise the other rights. It is also an important democratic right to enable citizens to know what information public authorities register about them. Under Article 109 of the Convention, data subjects’ have the right of access. The exercise is governed by a Member State’s national law and has exceptions. Under Article 109 (2), access to personal data registered in the SIS can be refused if it undermines the execution of the legal task relating to the SIS report, or in order to protect the rights and freedoms of others, or in relation to the task of discreet surveillance. These exceptions can reduce the effectiveness of this right. The right of access to information registered in the SIS in Norway is provided for under § 15 of the Schengen Information System Act and Chapter 2 of regulations made under the Act. It follows verbatim the Schengen Convention provision on access right. Although the right of access has a wide ambit in the Norwegian Personal Data Act, the provisions of the Schengen Information System Act apply as the latter is a special legislation, which comes before the general law. A special aspect of the Schengen law on access is the right to request verification of data. Article 114 (2) gives data subjects the right to ask the supervisory authorities established under Article 114 (1) to check the data concerning him which are included in the SIS and the use which is made of such data. The right is governed by the national law of the Contracting Party to which the request is made. For example, if the request were made in Norway, the data inspectorate (Datatilsynet) will carry out the check. This is a very important right for data subjects because, in many cases, the procedure for request of access in many countries is complicated.67 It would therefore be easier for the supervisory authority to carry out the check than a total stranger from another country would. That is, even more so, for asylum seekers and other foreign nationals who are total strangers to European democratic and political culture. Every person, irrespective of nationality, can also exercise the right. One does not need to be a national of any of the Schengen countries. Of course, as Dumortier points out,68 the question of what the supervisory authority does with the results of the check and whether or not the result of the check must be communicated to the person depends on the national data protection law of the country where the request was made. The exercise of the right depends on the co-operation of the supervisory authorities in different countries. The convention demands that, if the data have been included by another Contracting Party, the check may be carried out in close co-ordination with that Contracting Party’s supervisory authority. The situation at present is complex, as national legislation may not provide for such co-operation. In particular, the Norwegian 67 This right has been omitted in the proposed SIS II legislation which is unfortunate as it weakens data protection in the Schengen. 68 Dumortier, J. (1992), p. 8.

199

200

Chapter 7

legislation is not explicit on co-operation with foreign supervision authorities.69 All in all, the right of access may exist but the complications in enforcement procedure and the number of exceptions both at the national and Schengen levels make it difficult to realise.70 Other factors may affect the effectiveness of the right of access, such as lack of information among the public. The Schengen Convention does not include a provision on the right to notification and provision of information to the data subject without his or her initiative. The EU Directive on data protection has enhanced the right to access by providing for the right to notification and provision of information. These rights, however, may not be available to data subjects under the Schengen Convention as the special provisions of the Convention would apply instead of the general national law. Related to the right to access is the right of collection and deletion of data. Article 110 gives data subjects the right to have factually inaccurate data relating to him corrected, or have legally inaccurate data deleted. This right presupposes the access right. Most significant is that, according to the Schengen Convention Article 111, the data subject can enforce this right by an action before the court or any other competent authority in any of the Schengen countries. The convention thus introduces the possibility for shopping around because data subjects have the choice to exercise the right in any Schengen State and the Convention refers to the national law of the country in which the right is enforced instead of regulating these rights itself.71 Again, an element of co-operation is introduced by Article 111 (2) of the Convention in the execution of the final decisions taken by the referred to courts or authorities. In Norway, the right to correction and deletion of data is found in § 16 and Chapter 3 of the regulation made under the Act and follows verbatim the Schengen Convention formulation. The Norwegian Schengen Information System Act, however, goes further than the Schengen Convention, which requires the initiative for the exercise of the right to come from the data subject and requires that the authorities responsible for the SIS in Norway ensure compliance of the right. In other words, the initiative to have the data corrected or deleted can come from the authorities responsible for registering the data. This in a way enhances the right and the quality of data by ensuring that data are kept factually correct, and that legally wrong data are deleted, even without the request from the data subject. 7.2.6.6 Supervision The Contracting Parties have the obligation to supervise the data entered in the SIS. The supervision entails two levels, the N.SIS and the C.SIS. Consequently, the Schengen Convention has two provisions that deal with supervision of data in Articles 114 & 115 respectively: Article 114 deals with the national supervisory authority and Article 115 with a joint supervisory authority. 69 NOU 1997:19, p. 111. 70 See for detailed discussion in 8.3.2.3. 71 Dumortier, J. (1992), p. 9.

The Schengen Information System and the SIRENE

Article 114 (1) requires that each Contracting Party designate a national supervisory authority responsible, in compliance with national law, for carrying out independent supervision of the data file of the national section of the SIS and for checking that the processing and utilisation of data included in the SIS are not in violation of the rights of the person concerned. In order to effectively carry out the checks, the supervisory authority has access to the data file of the national section of the SIS. The requirement for the national supervisory authority, it seems, was included in the Convention because of the lack of a corresponding requirement in the Council of Europe Convention. It is nonetheless welcome as it constitutes an essential guarantee for the individual. The Data Inspectorate (Datatilsynet) which is established in accordance with § 42 of the Personal Data Protection Act 2000, has the supervisory role in Norway.72 It is an independent administrative body, subordinate to the King and the Ministry. But the King and the Ministry may not direct or reverse the Data Inspectorate’s exercise of authority in individual cases pursuant to the statute. A director appointed by the King heads the Data Inspectorate. The contentious issue of the Data Inspectorate’s independence has been resolved as stated by establishing the Privacy Appeals Board. The Privacy Appeals Board decides appeals against the decisions of the Data Inspectorate. § 43 of the new Act states that the Board is an independent administrative body subordinate to the King and the Ministry. But as Schartum points out, “the challenge facing the Board is to establish itself as a well-respected and highly competent authority. (…) The Tribunal (Board) must be viewed as independent both from the Government and the Data Inspectorate.”73 The supervision issue will, therefore, continue to be plagued by the question of independence. The adoption of the EU Directive on data protection by Member States of the EU and Schengen, however, is a welcome measure toward more uniform supervision in Member States. A joint supervisory authority is set up under Article 115 of the Schengen Convention. It is composed of two representatives of each national supervisory authority. Its responsibility is to control the function of the technical support function of SIS (the C.SIS) and it acts in accordance with the Schengen Convention, the European Council’s Convention for data protection, the European Council’s Recommendation on data in the police sector, and in conformity with the national law of the Contracting Party responsible for the technical support function, which is French law. The joint supervisory authority works as a forum for co-operation for the national supervisory authorities given its composition. It plays the role of harmonising of data protection practises of the Contracting Parties through its recommendations if implemented. Further, it writes reports which are forwarded to the authorities to which national supervisory authorities submit their reports. Although it issues annual reports, it does not have the power to implement the recommendations made therein.74 But the weakness of the joint supervisory authority 72 Act of 14 April 2000, No. 31, relating to the processing of personal information (personal Data Act). 73 Blume, P. (2001), p. 110. 74 Although the JSA has made several recommendations in its opinions published in the annual reports from 1996,1997, 1998, 1999 & 2000, very few of these suggestions have been

201

202

Chapter 7

lies in that it does not have power to make decisions. It appears to have an advisory rather than a decision-making one.75 Furthermore, despite the new arrangement with the Council of European Union, providing the authority free access to carry out its work independently, the Council maintains control over the authority’s budget. This may interfere with its independence. As presently constituted, the JSA may not be an effective external control.76 7.3

SIRENE

7.3.1

Introduction

According to the literature on the Schengen, the SIRENE is an English acronym for Supplementary Information REquest at the National Entries.77 In every Schengen country, the SIS is part of a broader framework of the police IT system. In every participating country, a permanent “Schengen office” or SIRENE is established as a unique channel for exchange of police data between participating countries.78 In the Schengen countries, all exchanges pass through the SIRENE, which also controls all new reports of the national police authorities before transferring them to the C.SIS.79 Due to the confusing legal basis and the importance of the SIRENE in the Schengen co-operation, it is necessary to discuss it in detail here. 7.3.2

Legal Basis

The legal basis of the SIRENE had been confusing and contentious. Legal documents seemed to fuel this confusion as they were not explicit on the issue. The SIRENE is not included in the description of the components of SIS in Article 92 of the Convention. In addition, the Convention did not in any direct manner mention the SIRENE. The closest reference to it in the Convention was Article 108 that requires the Contracting Parties to designate an authority with central responsibility for the national section of the SIS.80

75 76 77 78 79 80

implemented. The ability of the JSA to carry out investigations and controls on C.SIS has also been hindered on occasion by the French authorities. The JSA was, however, able to carry out inspection of C.SIS in October 1996. In 1998, ten states, already applying the Convention, under the request of the JSA, carried out inspections of their respective SIRENE Bureaux. SIRENE Manual OJ C 38, 2003 p.4; See also, O’Keeffe D. p. 209. The JSA is to be replaced with the European Data Protection Supervisor in the proposed SIS II legislation. This is welcome as the JSA was not effective in its supervision role. St. prp nr. 42 p. 55. Ibid. Ibid. See also Tromp, R. (1998), p. 163.

The Schengen Information System and the SIRENE

According to the Activity Reports of the Schengen Joint Supervisory Authority,81 the SIRENEs are creations of the Contracting Parties as there is a lack of juridical authority for their establishment in the Convention. The report goes on to point out that, “when the Contracting Parties were asked to specify the grounds of establishment of the SIRENEs in the first report, with exception of Belgium, the States then enforcing the Convention (Germany, Spain, France, Luxembourg, the Netherlands, Portugal) said that they created them on grounds of a national texts. There was no attempt by these States to allocate the central competency for the N.SIS to their SIRENE office on the grounds of Article 108. Further with the exception of Belgium (where the SIRENE office, as an instance with central competency for the N.SIS, is linked to the Ministry of Justice) and Portugal (where the central instance is distinct from the SIRENE office and linked to the Ministerial Department of foreigners and frontiers of the Ministry of the Interior) the other Schengen States had entrusted the central competency for the N.SIS to their police or gendarmerie (state police corps) departments and linked their SIRENE office to these departments.”82 The draft Convention on European Information System (EIS) is the only Convention that directly refers to the SIRENE. Article 30(4) of the draft Convention refers to SIRENE and provides that; “every Member State will operate SIRENE service that shall have the central competence for exchanging of supplementary information in accordance with paragraph 5 of this Article”. This draft Convention has never been adopted. So its significance is limited. The Schengen Executive Committee was of the view that the SIRENE manual contains the legal basis for SIRENE.83 The Manual states that “Article 108 (1) to (4) is the legal basis for the very existence of the SIRENE Bureaux and for any action taken by them”.84 In interviews conducted in Austria, the confusion still existed. The persons interviewed were divided on the issue, their views reflecting two positions. The first position, which is held by the Schengen Member States and was reflected by the Ministry of the Interior, purports that SIRENE has a clear legal basis in Article 108 of the Schengen Convention. The second position, which was reflected in the interview with the Data Protection Commission representative and held by the Central Data Supervisory of Schengen (CDSA), claimed that SIRENE has no clear legal basis.85 There is no legal basis 81 Schengen Joint Supervisory Authority Activity First Report from March 1995 to March 1997 and Second Report from March 1997 to March 1998. 82 Schengen Joint Supervisory Authority Activity First Report from March 1995 to March 1997. 83 The Schengen Executive Committee decision SCH/M (92) 24 rev. 84 SIRENE Manual p. 5. 85 See JSA Opinion of 22 February 1995 on the legal basis of the SIRENE Bureaux. The JSA recommended that, since the Schengen Convention does not explicitly provide for the SIRENE Bureaux, they ought to be given a legal basis, either by amending the Convention or by amending national legislation in a harmonised fashion. On 27 June 1996, however, the Central Group concluded that an adequate legal basis existed. The issue is not yet conclusively resolved.

203

204

Chapter 7

in national law and the Schengen Convention does not explicitly refer to the SIRENE. While these two views continue to exist, the issue of the legal basis remained unresolved. Expectations were, however, that when the second generation of SIS (SIS II) is implemented, rules will be developed to give a clear legal basis for SIRENE.86 In a new turn of events, the Council through a Decision and Regulation dated 24 June 2003 introduced amendments to Article 92 of the Convention by inserting a new paragraph at the end of the provision. It reads, The following paragraph shall be added to Article 92: 4. Member States, in accordance with national legislation, shall exchange through the authorities designated for that purpose (known as SIRENE) all supplementary information necessary in connection with the entry of alerts and for allowing the appropriate action to be taken in cases where persons in respect of whom, and objects in respect of which, data have been entered in the Schengen Information System, are found as a result of searches made in the System. Such Information shall be used only for the purpose for which it was transmitted.87

This amendment gives SIRENE a clear legal basis in the Schengen Convention. Although the Norwegian SIS Act § 11 does not explicitly mention the SIRENE, it however does seem to imply that information exchanged through SIRENE is regulated by the Criminal Registration Act and the Personal Data Act. It provides that, Provision of supplementary information which is not provided through SIS and which is received from other police registers is to be regulated by Criminal Registration Act and the Personal Data Act.

This seems to place the legal basis of the SIRENE in the national law. Still one could argue that since the Schengen Convention was silent on the issue of the SIRENE and at the same time it allowed the application of the national law in such circumstances, then the national law was the legal basis of the SIRENE. Nevertheless, it was necessary to make the legal basis clear instead of leaving it to different national laws. 7.3.3

Organisational Overview

Is the SIRENE a technical or a human structure? The Schengen confidential SIRENE manual may reveal what the SIRENE really is. The following is a quotation from what Busch has summarised from the French and Danish translations of the manual.

86 The legal basis of the SIRENE has been made clear in the SIS II legislative proposals 2005. 87 Council Decision concerning the introduction of some new functions for the Schengen Information System, in particular in the fight against terrorism, 2005/211/JHA and Council Regulation concerning the introduction of some new functions for the Schengen Information System, in particular in the fight against terrorism, (EC) No 871/2004.

The Schengen Information System and the SIRENE

In the Manual the SIRENEs are defined by turns as an “indispensable structure (the French version uses the term “organization”) for the function of the Schengen Information System”, as a “summary description of proceedings” which shall enable the authorities of a Contracting Party to send supplementary information which the receiving Contracting Party needs in order to decide further action following a hit in the SIS, and as an “operational organization”. An official Belgian report of 1994, first describes SIRENE as “the authority which constitutes the “human intermediary” in the computer structure of the SIS for the treatment of reports”, and later on as an “additional structure for the support of the computerized application.88

The SIRENE is both a human and a technical component. Busch continues to observe that “be that as it may, in substance, the SIRENE network consists of one central SIRENE office for each Contracting Party, and a computerized information system making it possible for the SIRENE offices to exchange information between each other, on a bilateral or multilateral basis”. Tromp points out that, “SIRENE supports the automated facility SIS by means of human involvement, but also by means of a sophisticated electronic mail-system to exchange standardized forms that contain all the information necessary to take action in response to an alert”.89 Ahnfelt and From are also of the opinion that the SIRENE is a technical system separate from the SIS components. They observe that “in addition to the SIS there is established a communication system known as SIRENE that shall ensure that inquiries for access to use of information that is exchanged via SIS goes adequately fast between Contracting Parties”.90 From the interviews conducted in Austria with the SIS and SIRENE authorities, it transpired that the SIRENE is both a human and technical interface separate from SIS. Firstly, the creation of the SIRENE was meant to give SIS a human interface through which information on positive hits in SIS could be exchanged. The SIRENE office is manned by officers on a twenty four hours basis. The Austrian SIRENE had, in 2001, 22 officers in total. The request for supplementary information is made to the officer on duty who in turn responds to the request. From a technical aspect, the SIRENE is the technical operational service that is used for transmitting all supplementary information requests at the national entries. It consists of electronic files only and no manual files for security reasons. Also, information is exchanged electronically through standardised forms. Where necessary, however, information may be requested using other media such as telephone. 7.3.4

Functioning of SIRENE

Here, use is made of the findings from interviews with Austrian authorities to explain the functioning of SIRENE. The SIRENE comes into the picture usually when SIS has been consulted and a hit established and where supplementary information regarding

88 Busch: Fortress Europe? – CL No. 49 December 1996/January 1997 p. 5. 89 Tromp. R (1998), p. 163. 90 Ahnfelt, E. & From, J. (1996), p. 73.

205

206

Chapter 7

the hit is required.91 In such circumstances, a request for information is made to the SIRENE. In principle, the request is made to the SIRENE office and not to a particular person. Since the SIRENE office operates twenty four hours a day, it is the officers on duty who act when a request is made. Information is exchanged electronically through standardised forms. For example, a G – Form is for a hit and a Q – Form for data on usurped identity (a new form for cases where a perpetrator uses the name of a stolen passport as an alias), and so on. There are standardised forms for every purpose, e.g. Article 95 on arrest, Article 96 on foreign nationals to be refused entry, and so on. Where further clarification of electronically transmitted information is required, this may be requested by telephone or additional electronic messages. Supplementary information is supplied on request when there is a hit and further information is required. If a hit occurs in Austria itself, (see Figure 9) and the authorities (Dasta) require more information, then the request is sent to Austrian SIRENE who forwards the request to the SIRENE of the Contracting Party concerned. The supplementary information is then supplied to the Austrian SIRENE and forwarded to the requesting authority. If the hit occurs abroad, the request is made to that country’s SIRENE by the control authorities (police), and then forwarded to the Austrian SIRENE, who retrieves the relevant information and relays it back to the requesting SIRENE to forward to the source of the request. This procedure is applied in all cases, except in cases concerning Article 95. In Austria, supplementary information under Article 95 is prepared at the time of entering a report in SIS. At this time, the necessary information is also prepared and distributed to all foreign SIRENEs. The response time for a request depends on the case. In some cases, it can take as little time as 15 minutes. Hit Austria SIRENE Austria SIRENE Abroad

Data

Hit Abroad SIRENE Abroad

Police EKIS – Police Information System Data – Police Station Figure 9: Functioning of SIRENE in Austria

91 SIRENE Manual p. 4.

SIRENE Austria EKIS Austria

The Schengen Information System and the SIRENE

The SIRENE plays a central role in the exchange of information under Articles 39 and 46 of the Schengen Convention and supplementary information outside the SIS. Under Article 39, police authorities may exchange information in compliance with national law for the purposes of preventing and detecting criminal offences. Article 46 deals with the exchange of information, although this may not be requested, which may be of interest to other Contracting Parties in helping prevent future crime and to prevent offences against or threats to public order and security. Supplementary information that may be exchanged between the SIRENE bureaus is in fact information that cannot be included in the SIS under Article 94(2).92 Communication between different national SIRENEs may be either oral via telephone or written, and also in the form of pictures (photographs and fingerprints).93 Information that may be exchanged under the SIRENE is extensive and not always standardised. All forms of personal information verified and unverified may be exchanged without restriction. The function of the SIRENE does not entail exchange of information only. Other functions are translation, evaluation and validation of the obligatory information in accordance with Article 95, quality control and storage of necessary documentation.94 The main SIRENE tasks can be summarised as follows: – point of contact for SIRENE offices of other Contracting Parties, – liaison with national authorities and agencies, – gather further information, for example, obtain and forward documents (judgements, arrest warrants, deportation orders, fingerprints sheets), – provide information for each Article 95 record to the other SIRENEs, – responsible for the SIS data contents and responsible for all management of N.SIS. – facilitate co-operation on police matters outside the scope of the SIS on the basis of Articles 39 and 46 of the Schengen Convention. 7.3.5

Data Protection

Since the SIRENE did not, from the beginning, have a legal basis in the Schengen Convention, data protection rules in the Convention did not apply to the SIRENE. Instead the SIRENE was viewed as a creation of the Schengen Member States and therefore national laws on data protection of the Member States were meant to apply. The amendment to the Schengen Convention Article 92, however, gave the SIRENE a le-

92 Tromp, R. (1998), p. 164 has identified this information to include: the obligatory supplementary information regarding Article 95 with details, for example, such as those mentioned in an arrest warrant provided in accordance with the EU Convention on Extradition; information useful to police officers when involved in the tracing of and searching for persons or goods, which must be available almost immediately; requests for “flagging” according to Article 94, and other remarks, wishes or questions, for clarification about SIS alerts; the report of a hit, and information about the measures that have been taken, or a demand for further instructions from the contracting party making the request. 93 Mathiesen, T. (1996), p. 41 94 See Tromp, R. (1998), p. 164-165 for details.

207

208

Chapter 7

gal base in the Schengen Convention. Consequently, the data protection rules in the Schengen Convention (discussed above) applied also to the SIRENE.95 7.3.6

Relation between SIRENE and SIS

Currently the SIRENE and SIS are separate systems. The former is used as a source of supplementary data to the SIS alert requests, especially after an alert involving Article 95. The SIRENE contains much of the detailed personal information which is not found in the SIS. The arrangement is positive and negative for data protection. It is positive because details and sensitive personal information contained in the SIRENE is not available for search through the SIS. But it is negative because such data is left in a partially regulated SIRENE system. The supplementary nature of the SIRENE system is bound to change with the implementation of SIS II as some detailed and sensitive personal data in the SIRENE will be included in SIS II. For example, the European Arrest Warrants (EWAs) will be issued by the Member States as alerts under Article 95 of the Schengen Convention (the SIS has in fact for some time acted as a de facto arrest warrant system). All information from the EAW form is therefore to be included in SIS II. As a result, a number of new data folders will be created such as maiden name (where applicable), residence and/or known address, languages that the person understands, information relating to the warrant, judicial proceedings and type of offence (ten categories), other information related to the case, and information on related search and seizure orders. The inclusion of these data into SIS II raises proportionality issues. Firstly, it would expand significantly the amount of personal information held in SIS II. Secondly, the logic of including such details and sensitive data in the SIS is doubtful if the same are to be exchanged through SIRENE. 7.4

Conclusion

The SIS and SIRENE system were the first building blocks in the network of control and surveillance systems related to cross-border police co-operation. They have since been joined by other systems discussed in Chapter 9. In addition, the expansion and incorporation of new functions and data through amendments of the current SIS law and inclusion of new data and functions in the future by SIS II would increase the level of control and surveillance in society. In the next chapter, the evaluation of the SIS is undertaken using the human rights and data protection transparency and proportionality criteria analysed and developed in Chapters 4 and 6 respectively.

95 The proposed Council Regulation 2004 and Council Decision 2005 have also given the SIRENE a legal base in these instruments and therefore data protection governing the SIS II will apply to the SIRENE.

8

SIS Compliance with Article 8 ECHR and Data Protection Principles

8.1

Introduction

This chapter is devoted to the evaluation of the SIS compliance with Article 8 ECHR and data protection principles. The human rights evaluation criteria analysed in Chapter 4 and the data protection transparency and proportionality model developed in Chapter 6 are used as evaluation tools. The discussion in this chapter is not based on the factual situation, but on the formal situation. It is a discussion on the obligations and rights. The conclusions arrived at may not necessarily be the same conclusions that the ECtHR may make. The conclusions reached are based on the writer’s interpretation of the obligations and rights in the Convention. The lack of Schengen case law at the ECHR level makes it difficult to say what the law is. The developments at the national level, however, seem to agree with what the writer thinks the law should be (see 8.2.5 below). 8.2

SIS and Article 8 ECHR

8.2.1

The Principle under Examination

The four criteria that are used as evaluation criteria of Article 8 ECHR are: – Interference under Article 8 (1), – In accordance with the law, – Legitimate aims, and – Necessary in a democratic society. 8.2.2

Interference under Article 8 (1)

According to the Klass and Others case, the very existence of a measure amounts to interference with respect for private life under Article 8 (1). The measure does not have to be applied for interference to be inferred. This has been confirmed in subsequent cases of Amann v. Switzerland, Kopp v. Switzerland and Rotaru v. Romania. Similarly, the existence of the SIS would amount to interference with respect for private life under Article 8 (1). The very establishment of the SIS is in itself interference with respect for private

210

Chapter 8

life. This is true also for other systems such as Europol, Eurodac, Interpol, Customs Information System and Visa Information System discussed in the next chapter. Systematic registration of personal information also amounts to interference with the respect for private life. In addition, the information need not be used (Amann v. Switzerland, Kopp v. Switzerland and Rotaru v. Romania). The Schengen Convention allows systematic registration of personal data under Article 94 (1). The registration would amount to interference under Article 8 (1) even if the information was not put to use. The information recorded in the SIS, however, is systematically used for purposes of crime and border control. The storage of personal information also amounts to interference as the Court ruled in the cases of Leander v. Sweden and Amann v. Switzerland. Again here the information need not be used, the act of storage in itself amounts to interference for the purposes of Article 8 (1). Even where the information is used for the purpose intended or the purpose for which it was collected, it could also amount to interference (Rotaru v. Romania). For example, in SIS, the information is recorded for purpose of identification. Even where the information is used for this purpose it could still amount to interference with the respect for private life. The human rights law under Article 8 (1) also places importance on individual access to registered information. Where access to information is denied, the Court has found this to amount to interference (Leander v. Sweden, McMichael v. United Kingdom, Gaskin v. United Kingdom and M.G. v. United Kingdom). In the last two cases, the Court applied the doctrine of State’s positive obligation to find interference where access was denied. Although the right of access is recognised and provided for in the Schengen Convention, it has many obstacles which make it difficult to exercise and as such one may not necessarily get access to the information. Where the exercise of a right is difficult, it cannot be said that a person has a right. Similarly, the disclosure of information can amount to interference with private life under Article 8 (1) (M. S. v. Sweden, Leander v. Sweden, Z v. Finland and Peck v. United Kingdom). The Schengen Convention allows disclosure of information to persons who need the information so as to perform their legal duties. While such disclosure or access to information is in accordance with personal data protection laws, under human rights law, the disclosure, even where allowed, can amount to interference with the respect for private life. Lack of deletion of information procedure amounts to interference with the respect of private life (Amann v. Switzerland and Rotaru v. Romania). The Schengen Convention stipulates deletion procedure and as such interference is difficult to construe purely by the lack of deletion procedures. If, however, the procedures are not followed, it would be possible to infer interference. The JSA had reported that Member States were, after deletion of the information in the SIS, retaining the same information in the SIRENE system. Such practice would amount to interference because there are no clear deletion procedures under the SIRENE system. The information could be retained in the SIRENE for an indefinite duration. It may be difficult for the SIS to comply with non-interference criterion unless the system does not exist. Most critics of the SIS have argued that the system should not have been brought into existence as its existence is a threat to privacy. The reality is that 

See 8.3.2.2.

SIS Compliance to Article 8 ECHR and Data Protection Principles

the SIS exists and it is a threat to privacy, but can the interference with the respect for private life be justified? 8.2.3

In Accordance with the Law

The “in accordance with the law” or “legality principle” may not be difficult to fulfil because the SIS has its legal basis in the Schengen Convention. The SIS is therefore established in accordance with the law. It has a legal basis (Kopp v. Switzerland). The legal basis of the SIRENE has been contentious; the recent amendment of the Schengen Convention, however, seems to have settled the issue by placing the legal basis in the Schengen Convention. But the legality principle is more than just the presence of the law as it also extends to the quality of the law. In order for a norm to qualify as law, it must possess some essential qualities (Sunday Times v. United Kingdom). According to the Sunday Times case, the two qualities the law must possess are accessibility and precision. The law must be adequately accessible and formulated with sufficient precision. It is doubtful whether the SIS law as stated in the Schengen Convention fulfils the two conditions of accessibility and precision. Accessibility implies that the norm must be published. Most of the laws and norms governing the SIS are published and therefore the accessibility test can be said to be fulfilled. The Schengen Acquis forms the body of laws governing the Schengen co-operation including the SIS. At the beginning of the Schengen, however, some norms were published but were not accessible to the public because they were classified and confidential. These included the SIRENE manual, the Consular Instructions and the Common manual. These documents could not fulfil the accessibility condition. The manuals have since been partially declassified. Although the declassification has improved accessibility, the fact that portions of the manuals still remain secret means that the manuals are not fully accessible and cannot fulfil accessibility test. Although the SIS is established under law, there are reasons to believe that the requirement of “in accordance with the law” is not adequately satisfied. The existence of two levels of data protection, one governed by the EU Directive and the other Council of Europe Convention, also raises issues of legality, especially when lesser standards under the Third Pillar regime cover areas involving extremely sensitive data. Continued reliance on a legislation which by all means is out of date as regards technology, investigation methods, border control concerns and nature of crimes is questionable. There should be a consistent level of data protection governing Third Pillar agencies equivalent to that governing the Community law institutions. There should also be a supple-

  

Council Decision 2005/211/JHA, OJ L 68/44 and Council Regulation (EC) No 871/2004, OJ L 162/29. The SIS II proposed law though an improvement in some of the aspects named here, especially concerning Articles 96 and 99, has not fully addressed the problems of supervision and access to information (See Chapter 12). The proposed SIS II Decision legislation has the Council of Europe as the minimum standard of data protection in areas of judicial and criminal law (COM(2005) 230 final).

211

212

Chapter 8

mentary data protection regime for the police sector that reflects the changed nature of policing and the extensive use for criminal intelligence data. Precision of the law implies foreseeability. That is, the law must be stated and formulated with sufficient precision to enable the citizen to regulate his conduct (…), to foresee to a degree that is reasonable in the circumstances, the consequences which a given action may entail. Those consequences, however, need not be foreseen with absolute certainty (Sunday Times v. United Kingdom). Foreseeability is a rule of law test (Malone v. United Kingdom). The rule of law means that there must be a measure of legal protection in the domestic law against arbitrary interference by public authorities with individual’s rights safeguarded by Article 8 (1) (Malone v. United Kingdom). Rule of law condition is a requirement for adequate safeguards, for example effective supervision (Rotaru v. Romania), judicial control (Klass and Others v. Germany), access to information (Leander and Gaskin cases and M. G. v. United Kingdom), and deletion of information (Amann and Rotaru cases). Although the Schengen Convention provides for these safeguards save the judicial control, the safeguards cannot be said to be adequate. The judicial control is totally lacking in the Schengen Convention. The supervisory safeguard is also deficient as the JSA is not independent. It lacks control for its budget and therefore is prone to manipulation by other organs such as the Council that controls its budget. The national supervisory authorities do not have a reporting duty as regards the SIS and SIRENE. As such, accountability on the national level may be difficult to ensure. The exercise of the right of access, as stated below, is fraught with difficulties. It cannot be said to be adequate. The deletion right also has its problems, especially where the Member States decide to retain the data deleted in the SIS in the SIRENE. Another problem associated with precision of the law is that some of the provisions in the Schengen Convention are stated broadly and in vague language. Broad and vague provisions leave wide discretion to the authorities concerned and unless the discretion is adequately supervised, the legality requirement may not be satisfied. In the Schengen Convention, Articles 96 and 99 are some of the provisions which grant wide discretion to the authorities. Rules on registration and search of information in the SIS also are not clearly stated. The discretion of the authorities is not effectively supervised and accountability may be compromised. Accountability is also compromised because the Schengen law is not clear on the sharing of data between SIS and other border control systems such as Europol, Eurodac, Interpol, Customs Information System and the newly proposed Visa Information System. Sharing of data among these systems cannot be ruled out. As regards the SIRENE, there are no rules governing the nature and quality of the supplementary data held by the SIRENE bureaux. There is also lack of guidance as to the type of supplementary data that may be held either in the Convention or SIRENE manual save for the extradition entries under Article 95. There are no reports on what   

Justice (2000), p. 52; Proposal for a Council Framework Decision on the protection of personal data processed in the framework of police and judicial co-operation in criminal matters, COM(2004) 475 final 4 October 2005, {SEC(2005) 1241} See below 8.3.2.2. See Chapter 9.

SIS Compliance to Article 8 ECHR and Data Protection Principles

data is held, whereas it is clear that soft intelligence information which is both personal and of variable reliability is likely to be included. 8.2.4

Legitimate Aims

The legitimate aims criterion is the easiest for the State authorities to satisfy because it is very difficult for an applicant to successfully invoke it against government agencies. The margin of appreciation granted to governments places a heavy burden on the applicant to rebut the presumption of legality in favour of the measures taken by a State. The Court treats the consideration of the legitimate aims as a formality. Instead the Court has concentrated upon the facts of the case at hand, and the question of legitimacy of a particular measure at issue is treated along with the question of its necessity. The six legitimate aims under Article 8 (2) are broad and interpreted widely so that it is not difficult for the government to find an exception on which to rely. The aims of the SIS are to prevent and fight illegal immigration and crime. These are also broad aims that can find justification under the Convention’s legitimate aims exceptions namely, interest of national security, public safety, the economic well being of the country, prevention of disorder and crime, the protection of health or morals and the protection of the rights and freedoms of others. The State merely requires invoking only one of the exceptions in order to defeat the claim of the applicant. Some of the exceptions are incorporated in some provisions of the Schengen Convention, making it easy for the government to rely on them. Under Article 109 (2) of the Schengen Convention, the request for access to data subjects’ information can be denied if, – it undermines the execution for the legal task relating to the SIS, which could be prevention or combating of crime or illegal immigration, – in order to protect the rights and freedom of others or – in relation to the task of discreet surveillance under Article 99 which also could be interpreted as affecting national security. Under Article 96, an alien can be registered in the SIS as a result of a decision by an administrative authority or a court, based on the fact that a person’s presence poses a threat to public order or national security and safety. Most alerts entered under Article 96, however, cannot be defended as they do not satisfy the legitimate aims criterion. The registration of persons, whose asylum application has been rejected, as is the practice in Germany, goes contrary to the legitimate aims of the SIS, which is to combat and prevent crime and illegal immigration. Similarly registration of persons en masse in Italy simply because they are unwelcome immigrants goes against the grain and legitimate aims of the SIS. Such illegal registration serves the purpose of locking out aliens from the Schengen area. It serves to confirm the fear by Schengen critics that the SIS is to be used for the purposes of enforcing a “Fortress Europe”. According to recent statistics over 778,886 persons registered in the Schengen Information System are aliens who are to be refused 

Justice (2000), p. 56.

213

214

Chapter 8

entry. It is difficult to defeat governments’ claims of legitimate aims, but some practices by some the Schengen government do not comply with the legitimate aims principle. 8.2.5

Necessary in a Democratic Society

Being ‘necessary in a democratic society’ is the most important criterion for the evaluation of the SIS. The objective of this requirement is to protect citizens against arbitrariness, including the excessive use of public powers. This requirement is the most difficult for governments to satisfy and therefore it works to the advantage of applicants. Under this requirement, the Court examines three issues: “necessary”, “margin of appreciation” and “proportionality”. Necessary has been said to mean a ‘pressing social need’ (Handyside v. United Kingdom). A pressing social need is said not to exist if the interference complained of is not proportional to the legitimate aim pursued (Incal v. Turkey). The issue that arises as regards the SIS is whether it is necessary and meets the requirement of pressing social need. When one looks at the aims of the SIS, to combat and prevent crime and illegal immigration, and the fact that these are defined as the major problems confronting governments today, one could easily conclude that the SIS satisfies the necessary and pressing social need requirements. But a close scrutiny of the use the SIS and the practice of registration of data in the system by Member States dispel this conclusion. The statistics indicate an overwhelming use of the SIS for preventing people from entering the Schengen area rather than combating and preventing crime and illegal immigration. Of 778,886 persons registered in the Schengen Information System as aliens to be refused entry, 77% are entered by Germany and Italy, whose practice is not in concordance with the aims and objectives of the SIS.10 The use of SIS for policing purposes is also minimal. According to Justice, it is used largely as a clearing-house to check on stolen objects, rather than to identify individuals which begs the question to the claim that the SIS exists primarily to combat serious crime.11 The doctrine of margin of appreciation has become part of ECHR jurisprudence. The court invokes the doctrine based on the notion that, it is not fair to criticise a state for having chosen one policy over another. Even if the policy turned out to be wrong, the Convention organs are reluctant to appear wise after the fact. The Court’s application of the doctrine is intended to give the State concerned leeway in choosing the appropriate regulatory response to matters affecting the rights protected within that State’s territorial boundaries. The argument is that each state is entitled to certain latitude in resolving the inherent conflicts between individual rights and national interests or among different moral convictions. The Court has thus often asserted that national authorities are, generally speaking, in a better position than a supranational entity to adequately balance individual rights with national interests (Handyside v. United Kingdom). The  See Figure 10 below. 10 A French Court in the case of Mrs Forabosco has in particular condemned the practice by German authorities to register asylum seekers whose applications have been rejected in the SIS for purposes of entry refusal. 11 Justice (2000), p. 49.

SIS Compliance to Article 8 ECHR and Data Protection Principles

doctrine of margin of appreciation is also justified because it may be difficult to identify common European standards on the rights or restrictions in question. The Schengen law has two levels of application, namely the Schengen law and the national law. Where the Schengen law applies, those provisions affect all Member States equally. But where the Schengen law is silent or has stated that the national law will apply, it is the national law of the Member States that regulates the situation. There exists therefore a dichotomy in the application of the Schengen Convention. This dichotomy affects the doctrine of margin of appreciation as well. The margin of appreciation doctrine can only apply to Schengen matters where the Schengen Convention is silent or where the national law is applicable. In these circumstances, the Court will hesitate and not interfere with policies where the government and national judicial organs are deemed as having local knowledge. But where the Schengen law regulates matters affecting the Member States, the doctrine of margin of appreciation cannot be invoked because it is deemed that there are common European standards on the matters concerned. This is purely this author’s conjecture on the application of the doctrine on the Schengen as the ECtHR has not had an occasion to decide on the matter. But the position in some Schengen countries vindicates this interpretation. The decision of a French court in the case of Mrs Forabosco criticised the registration in SIS in Germany, because the authorities registered alerts on persons whose asylum application had been rejected. The court asserted that such practice contradicted Article 96 of the Schengen Convention. What the court was saying here without stating it is that the Germany authorities did not have discretion in the matter which was clearly regulated by the Schengen Convention. The authorities could not therefore benefit from the doctrine of margin of appreciation because they did not have discretion in the first place. Alerts issued under Article 96 have serious consequences for the registered person because it bans the person from entering or being admitted in all Schengen countries. A measure that has repercussions on all countries should not be subject to margin of appreciation of one state only. In other words, a state should not be allowed to impose its national interests on other states. The doctrine of margin of appreciation is also discussed below in 8.4.2.2. Similarly, in areas where common rules have been issued, such as asylum and immigration law, margin of appreciation doctrine cannot be available to governments as this would mean applying different criteria that would seriously affect the rights of the persons concerned. The principle of proportionality is the core principle in examination of the ‘necessary in a democratic society’ compliance of a measure by the Court. The assessment of the proportionality of a measure that restricts Convention rights involves examination of the other principles discussed above, especially the ‘legitimate aims’, ‘necessary’ and ‘margin of appreciation’ principles. Accordingly, the proportionality principle must fulfil three requirements: the interference should impair as little as possible the right or freedom in question, any measure adopted which may or will interfere with a right must be carefully designed to meet the objectives (legitimate aims) in question, and the measure must not be arbitrary, unfair or based on irrational considerations. In its examination of the requirements, the Court is guided by the following consideration: whether “relevant and sufficient” reasons have been advanced in support of the measure being pursued, whether there was a less restrictive alternative, whether there has been some measure of procedural fairness in the decision-making process, whether safeguards

215

216

Chapter 8

against abuse exist, and whether the restriction in question destroys the “very essence” of the Convention right in issue. The purpose of the Schengen co-operation is to facilitate free movement of persons. The SIS is meant to facilitate free movement by combating and prevention of crime and illegal immigration. To achieve that goal, the SIS is used to identify ‘wanted’ and ‘unwanted’ persons for purposes of combating and preventing crime and illegal immigration. ‘Wanted’ persons are sought for one reason or another, for example for committing crimes, or as witnesses in judicial proceedings, or as persons reported missing, or as persons requiring protection. “Unwanted” persons are persons registered under Article 96 of the Schengen Convention for purposes of refusing them entry into the Schengen territory. The presumption is that if a person is not registered in the SIS, he or she is “clean” and should be allowed to go about unhindered. From this perspective, allowing unrestricted movement to persons not registered in the SIS, the system can be said to facilitate and not interfere with the free movement right. As concerns those “wanted” and “unwanted” persons, however, the system can restrict their free movement if someone is wrongly registered in the system. The analysis of alerts entered under Article 96 alone indicates that 77% of the persons affected are entered for the wrong reasons. For this group of persons, the measure does interfere with their free movement and therefore it may fail the proportionality test. If the anomaly could be rectified, perhaps the SIS could be said to facilitate free movement. The registration of such large numbers on wrongful grounds raises questions as regards procedural fairness in the decision-making process, the existence of safeguards against abuse and the reasons for the measure itself. In addition, the restriction does destroy the “very essence” of free movement. The measure also cannot be said to be proportionate with the legitimate aims of free movement, combating and preventing crime and illegal immigration as discussed above. The measure suffers from arbitrariness, unfairness and irrational consideration. It creates a scenario where some peoples’ rights are restricted unfairly so that others can enjoy their rights. It is a classic case of “human rights vs. human rights”. Whose rights will prevail? The rights of every person are important and some rights should not be destroyed in order to protect others. All human rights should prevail. 8.2.6

Conclusion

The SIS, as it is currently composed, does not fully comply with human rights requirements stipulated in Article 8 (2). The examination of the four principles reveals the system has shortcomings which may hinder full compliance. The next section continues examination of the issues of compliance raised in the evaluation in this section from a data protection perspective. 8.3

SIS and Data Protection Principles

8.3.1

General

This section applies the evaluation model developed in Chapter 6. The aim is to examine to what extent data processing in the SIS (including the SIRENE) is fair, transparent and

SIS Compliance to Article 8 ECHR and Data Protection Principles

proportional. The expectation is to be able to answer the research questions raised in that chapter. 8.3.2

Fair and Lawful Principle and Transparency

8.3.2.1

General

Fair and lawful principle is not expressly stated in the Schengen Convention, but that does not mean that data processing in the Schengen is not required to comply with the fair and lawful principle. Since the Schengen Convention refers and requires compliance with the CoE Convention which expressly incorporates the fair and lawful principle, it is safe to conclude that the principle is implied in the Schengen Convention. Data processing in the Schengen Convention should therefore be fair and lawful. Having said that, it is important to examine the extent to which data processing in the Schengen Convention is transparent using the four transparency requirements established in Chapter 6. The aim of this de lege lata evaluation is to lay foundation for de lege ferenda recommendations presented at the end of every evaluation section. 8.3.2.2 Requirement for General Access The first transparency requirement is the requirement for general access. The requirement for general access is essentially a requirement for knowledge about what happens with the processed information. It is a requirement for the purpose and use of information. The knowledge enables both the public and individuals to control how the information is used. The requirement of general access, as stated earlier, is manifested in the principle of specific purposes in data protection laws.12 The principle is also manifested in rules or provisions requiring controllers to provide data protection authorities information on the processing of personal data.13 This requirement can also be manifested by giving general access to documents on processing of personal data. It follows therefore that, where access to documents is restricted, the requirement may not be visible, for example, where documents are stamped ‘confidential’ and therefore not accessible to the public. The task now is to examine the Schengen Convention under these three headings. The principle of purpose limitation is provided for under Article 102 of the Schengen Convention. It, however, raises a number of problems. Firstly, it is watered down by the exception that allows Contracting Parties to derogate from the principle where it can be justified ‘by the need to prevent an imminent serious threat to public order and safety, for serious reasons of State Security or for the purpose of preventing a serious offence’. The authorisation of the reporting country is required before the derogating country can use the information for another purpose other than that for which it was recorded. That notwithstanding, it is the derogating State that determines the need for derogation and the reporting State may not be able to evaluate that need. In the circumstances, this safeguard is not adequate given the nature of nation states, that is, they may not want 12 See 6.5.1.2. 13 Ibid.

217

218

Chapter 8

to question matters touching on national security of another country. Consequently, the exception can lead to use of data for other purposes other than those stated in the Convention. In addition, it has been successfully used to argue for expansion of the SIS for new functions and inclusion of new data.14 Another problem raised by the purpose specification principle is that the purpose for entry of data in the SIS is sometimes vague and widely stated. This may raise two problems. Firstly, the criteria for entry of data in the SIS may not be clear. Secondly, the criteria for search may also not be clear. Articles 96 and 99 dealing with aliens and discreet surveillance respectively are worthy comment. The problem on entry criteria is occasioned by lack of guidance on the criteria to be applied under the various entry categories.15 Firstly, a large margin of appreciation is left to the individual states to interpret the provisions as they wish. Some states have an “automatic procedure”, whereby registration on the SIS is mandatory following specific decisions, while others make a “case by case assessment” in connection with certain decisions.16 The first and most recent (1 February 2003) data of alerts under Article 96 by Member States indicate a large discrepancy in the practice of the Schengen states on registration of “aliens” on the SIS. According to the statistics in Figure 10, Italy and Germany had the largest entries of 335,306 and 267,884 alerts respectively compared with countries like Denmark and Iceland that had the lowest, 147 and 10 alerts respectively. Italy Germany Greece France Austria Spain Holland Sweden Finland Portugal Norway Luxembourg Belgium Denmark Iceland Total

335,306 267,884 58,619 52,383 33,732 10,882 9,363 44,454 2,727 1,744 863 406 367 147 10 778,886

Figure 10: Article 96 Alerts in the SIS, 1 February 200317

14 15 16 17

See above 7.2.4 above. See, Justice (2000), p. 34 Statewatch: EU-SIS Three-quarters of a million illegal aliens banned from Schengen area. Ibid.

SIS Compliance to Article 8 ECHR and Data Protection Principles

Secondly, the use of terms ‘threat to public order’, ‘national security’ and safety’ are wide and vague. In practice, an entry under Article 96 is based on a decision from an administrative authority or a court. In a sense the authorities of the Contracting Parties determine whether a person’s information is to be entered. The decision may be based on the fact that, – the person’s presence poses a ‘threat to public order or national security and safety;’ or – the person has been the subject of a deportation, removal or expulsion measure which is still in force.18 The Convention attempts to clarify the vague concepts by stating the persons affected as, – Those who have been convicted of an offence carrying a custodial sentence of at least one year, or – Those who are suspected on ‘serious grounds’ of being involved in ‘serious crime’ or there is ‘genuine evidence of an intention’ to commit such offences. Nevertheless, the terms still raise problems because as Justice has noted in its report, most aliens (non-EU citizens) are generally to be viewed as constituting a primary threat to public order and state security.19 This raises a question of proportionality in response to individual cases which is discussed fully below (see 8.3.3). The vague terms of ‘threat to public order’ or ‘national security and safety’ also occasion entry into the SIS on questionable political grounds without the benefit of judicial decisions. This practice raises issues of rule of law. The Stephanie Mills case is indicative on how this Article can be used for political reasons. Stephanie Mills from New Zealand, a Greenpeace activist, was refused entry into the Schengen “area” on 25 June because France had entered her name in the Schengen Information System as an “undesirable alien”. Stephanie Mills had visited Greenpeace Office in London and was on her way to the group’s Amsterdam headquarters. When she arrived at Schiphol airport in the Netherlands officials checked her passport only to find that she was “tagged”, as an undesired alien in the Schengen Information System (SIS). France had entered the “alert” years ago when she was active in Greenpeace anti-nuclear test Mururoa campaign in 1995. Dutch officials showed some embarrassment, but had no choice but to refuse her entry onto Schengen territory.20

One can, however, observe that they had a choice but they choose not to exercise it. They could have allowed her in under Article 5 (2) of the Schengen Convention which requires that an alien who does not fulfil all the conditions stipulated in Article 5 (1) be refused entry, but incorporates an exception which a Contracting Party can invoke in order to allow such an alien entry. 21 Any of the following grounds may be invoked by the Contracting Party in order to derogate from the principle of refusal of entry: 18 19 20 21

Article 96 (2) & (3). Justice (2000), p. 43. Statewatch September – October 1998 (Vol. 8 no 5). Article 5(2) of the Schengen Convention.

219

220

Chapter 8

– – –

humanitarian grounds grounds of national interest or international obligation.

In the above case, the authorities did not consider invoking the discretion given by this Article. In a different case, the Sun Myung Moon case, the Dutch authorities, on application issued an exception to the Moons and allowed Mrs Moon to enter the Netherlands in 1999 and again in 2000. The Moons, Mr and Mrs Sun Myung Moon had been banned in 1995 from entering into Germany and France when the two countries registered their names in the SIS as persons who should be refused entry in the Schengen areas for public order grounds under Article 96 (2) of the Schengen Convention.22 This case may also serve to illustrate how Article 96 could be used to register persons for vague politicalcum-religious reasons in the name of national security and public order. Article 96 has also been used as a basis for registering asylum seekers whose asylum applications were rejected contrary to the provisions of the Convention. In the case of a Romanian national Mrs Forabosco, a French court criticised the registration practice in Germany, where the authorities registered information about persons whose asylum application had been rejected. The French court asserted that such practice contradicted Article 96 of the Schengen Convention.23 This seem to be an isolated case of one country, but the consequences to the persons concerned are serious because it means being locked out of the Schengen area on grounds not envisaged by the Convention. It is now understood that Italy, too, is registering unwelcome immigrants en masse. Italy and Germany together account for 77 percent of the total number of Article 96 22 Dan Fefferman, the Schengen Treaty and the Case of Rev. and Mrs. Sun Myung Moon (updated 30 July 2001), ICRF (International Coalition for Religious Freedom Reports) White Paper http://www.religiousfreedom.com/Whatsnew/Whatsnew.htm ; The facts of the case were: In response to written requests from the Federal Ministry of the Interior dated 3 and 10 November 1995, the Frontier Protection Headquarters (Grenzschutzdirektion) in Koblenz issued an order denying Mr. and Mrs. Moon entry pursuant to Article 95 para. 2 of the Schengen Convention, for an initial period of three years. The entry ban was extended for a further three years at the end of October 1998. The following reasons for the entry ban were given to Mr. and Mrs. Moon in a letter dated 28 October 1998: Mr. Moon is the leader of the Moon movement/Moon sect in which Mrs. Moon occupies a leading role alongside her husband. In the opinion of the German government, the Moon movement is one of the socalled youth sects and psycho groups whose activities could represent possible risks for the social relations and personality development of young people. In addition to this, the aim of all activities of the Moon movement was to establish a world governed by Korea under the leadership of the “Moon Family”. A public appearance by Mr. and Mrs. Moon would encourage the spread of this movement and lead to strong public reaction. It would therefore be detrimental to public order and national security and to significant interests of the Federal Republic of Germany, thus providing sufficient reason to order refusal of entry pursuant to Article 96 para. 2 of the Schengen Convention. See The Unification Church of Germany (Vereinigungskirche e.V.), v. the Federal Republic of Germany, Judgement of Higher Administrative Court Rhineland-Palatinate 11A 10349/99.OVG. 23 See Guild, E. (1999), p. 436; and Justice, (2000), p. 28.

SIS Compliance to Article 8 ECHR and Data Protection Principles

alerts in SIS (see Figure 10 above). Most of the persons registered by these two countries will, in most cases have not committed any crime but have fallen foul of immigration and asylum procedures which should not result in registration. The JSA report on the use of Article 96 of the Schengen Convention indicates that the reasons for creation of Article 96 alerts differ in the Schengen States and recommends that policy makers should consider harmonising the reasons for creating the alerts.24 Article 99 raises similar interpretation problems as Article 96. The article deals with reporting for the purpose of discreet surveillance and it is both vague and wide and may lead to a lack of clear entry criteria on Article 99 matters. In particular, concern has been expressed because it provides that a report may be used where an ‘overall evaluation’ of the person concerned gives reason to suppose that he or she will commit serious offences in future.25 The provision allows for collection of criminal intelligence information either for the purpose of prosecuting criminal offences or for preventing threats to public safety. The information may be collected under the following instances: – If there are real indications to suggest that a person is involved in numerous and extremely serious offences; or – If there is reason to suppose, on the basis of an overall evaluation of the person, that this is likely to be the case in the future.26 According to the Justice report, some of the terms used are vague and open to variant interpretations. To support their claim, they refer to a Dutch Court of Auditor’s report which highlighted the difference in criteria applied by the 25 regional police forces in submitting entries to the SIS, including under Article 99. It was found that, as a result of lack of a consistent policy, some police forces make no entries at all in certain categories and others make a great number and the report called for harmonisation of the criteria of entry.27 Access to general information on the purpose and use of information by individuals may be complicated because the number of national authorities that may have access to information in the SIS is determined at the national level and may differ from one Contracting Party to another. Lack of a harmonised list of authorities who may have access can mean that data in the SIS may be applied for different purposes and use. This may not be clear to data subjects. The Schengen Convention states the broad categories of authority that may have access to SIS data as those responsible for: – border controls – other police and customs checks and – relevant immigration authorities.28

24 JSA Report 2005 p. 9. 25 Ibid. p. 17. 26 Article 99 (2) the Schengen Convention. 27 Justice (2000), p. 36. 28 Article 101 (1) & (2) the Schengen Convention.

221

222

Chapter 8

The decision as to exactly which authority has access is decided at the national level. Accordingly, the Schengen Convention requires in Article 101 (4) that each Contracting Party compiles a list of authorities with access and to specify for each authority which data it may search and for what purposes. A glimpse at the list filed by the Contracting Parties reveals divergence and differences among the authorities with access to the SIS data (see Figure 11). According to the figure, all Member States give access to four authorities namely police, immigrations, customs and ministry of foreign affairs. The ministries of foreign affairs are included because the foreign missions have access to the SIS data for purposes of processing visa and permit applications. As regards the other authorities, the Member States’ lists differ. With the completion and implementation of SIS II, many more authorities will have access to data in the SIS as indicated above in (7.2.5). New authorities to receive access are Europol, Eurojust, judicial authorities and government vehicle registration authorities. Others, to whom access may be extended, are social benefit and central credit authorities. The overall implication will be that the purposes and use of data in the SIS will become more diffuse. It therefore becomes extremely difficult for an individual to know the purposes and use to which data in the SIS may be put by these authorities. Authorities Police Immigrations Alien’s Office Customs Judicial Prosecutions Intelligence Ministry of foreign Affairs Diplomatic Mission and Consulates Border Guards Coast Guards Harbour Police Anti-terrorist squad Vehicle Registration Ministry of Interior Police & Security Dep. Parliament

B X X X P1 P1 P1 X

D X X

G GR X X X X

S X X

F X X

I X X

L ND X X X X

A X X

P X X

F SW X X X X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

IC X X

N X X

X

X

X

X

X

X

X

X

X

X

X X X X X x

Source 6265/03 X – Authorised; P1 – Planned Authorisation; B – N Member States Figure 11: Authorities with Access in Member States

SIS Compliance to Article 8 ECHR and Data Protection Principles

Sharing of information between these authorities and among information databases related to the SIS such as Europol, Eurodac, CIS, etc. may also jeopardise the observance of the principle of specific purpose. Although the Schengen Convention does not open for sharing of information with other authorities and databases, it does not also prohibit it. According to the Justice Report, the sharing of data between EU databases and even Interpol is a live and important issue which directly affects the rights of individuals.29 It refers, for instance, to the EU’s Action Plan to combat organised crime which recommended that the national bureaux of Europol, Interpol, the N.SIS and SIRENE be brought together at one location in each Member State, in part to facilitate co-operation. It refers to the discussions on a Protocol to the Customs Information Convention giving other international organisations, such as the SIS and Europol, access to the CIS database. In addition, it reported that data collected in Schengen on organised immigrant smuggling was already being passed on to Europol for analysis. This was happening through Europol liaison offices in The Hague who have access to various relevant databases in their member countries. A House of Lords report also indicated ‘it seems likely that, whether or not there are direct links between databases, some form of sharing will happen in practice.30 The issue of sharing information among EU databases is no longer academic. The recent grant of Europol and Eurojust direct access to SIS data means that there will be sharing of data between these systems. Also events after 11 September 2001 point to enhanced data sharing among international databases and control authorities, namely the EU-US Agreement on the exchange of information and further the exchange of airline data between the EU and the US and even other third countries like Canada31 and Australia.32 The requirement to notify data protection authorities is another mechanism used to ensure transparency in data processing by making the processing open and not secret. These provisions are found in the EU Directive for data protection but not in the Schengen Convention.33 This, however, does not mean that since the obligation to notify data processing authorities is not contained in the Schengen Convention that the authorities have no way of ensuring transparency in the processing of data in the Schengen. The fact that the Convention provides for the establishment of supervisory authorities means that the authorities can have influence in the way data are processed. But the most important point to note is that the Directive is implemented in the national level in Member States and the supervisory authority under the Directive is the same 29 Justice (2000), pp. 39 and 49. 30 European Union Databases, Select Committee on the European Communities, House of Lords Session 1998-99, 9 November 1999. 31 Article 29 Data Protection Working Party: Opinion 3/2004 on the level of protection ensured in Canada for the transmission of Passenger Name Records and Advanced Passenger Information from airlines, 10037/04/EN WP 88. 32 Article 29 Data Protection Working Party: Opinion 32/2004 on the level of protection ensured in Australia for the transmission of Passenger Name Records from airlines, 10031/03/ EN WP 85. 33 See Chapter 6 supra.

223

224

Chapter 8

authority under the Schengen Convention. But if there were an express requirement to notify data protection authorities under the Schengen, this would go a long way in securing individual protection. General access also can be ensured through general access to documents, especially legal documents. Schengen at the early stage was notorious in restricting access to legal documents. A number of main documents establishing the Schengen were made inaccessible to the public because they were declared confidential.34 This restricted the general knowledge of Schengen. But after the incorporation of the Schengen Acquis into the EU legal framework, some of the documents have partially been declassified, making them partially accessible. This issue is discussed further under the requirements for legal information and individual access below. In conclusion, in order to enhance general access and to ensure transparency in the processing of data in the SIS the following measures should be implemented: – The purpose of processing data should be stated in a specific manner so as to avoid vagueness. – The criteria for entry and search of data in the SIS should be stated clearly and guidance be provided where necessary. For example, there should be uniform rules for registration of data in the SIS so as to avoid discrepancies and wide discretion among the Member States and ensure proportionality. – The list of Member States authorities with access to SIS data should be harmonised so as to make it clear to the data subjects the authorities which have access to the SIS data and to what use the data are put. – Data processing in the SIS should not be secret. Data protection authorities should be notified of all data processing. – Clear rules for sharing of data among systems and different authorities should be provided. 8.3.2.3 Requirement for Individual Access The requirement for individual access entails data subject’s right to know whether data (facts and assessments) about the data subject are registered with the controller. As such, it is an important democratic right to enable citizens to know what information public authorities register about them as well as to control that information about him/her held by a data controller is correct and complete for the purposes for which it is being used. That is, it enables the individual to control information and data quality. Individual access also enables the data subjects to determine the level of confidence to place on processing of data. It also enables the data subjects to exercise other data subject’s right such as the right to correction, deletion, supplementing and blocking of data. In other words, the requirement for individual access is an important tool in the hands of data subjects in determining the level of their participation in data processing.

34 The SIRENE manual, the Common Border manual and the Common Consular Instructions were declared confidential.

SIS Compliance to Article 8 ECHR and Data Protection Principles

The requirement for individual access is given expression by the traditional right of access in data protection laws.35 Data subjects have a number of rights under the Schengen Convention, among them: the right to access, the right to request verification of data and the right to correction and deletion of data. In principle, Article 109 of the Convention accords data subjects’ the right of access. But the right despite its importance has a number of restrictions that reduces its effectiveness. Firstly, the right of access is regulated by national law of the Contracting Parties where the right is invoked. The right is therefore as good as the national law itself. Its practice will also differ, reflecting the unique nature of each Contracting Parties’ national law.36 The above distinctions notwithstanding, the Schengen Convention also allows exceptions to the general rule by permitting wide discretion for refusal of access. Under Article 109 (2), access to personal data registered in the SIS can be refused for broad reasons (8.2.4.). Furthermore, if the request is made in a state that has not made the entry, the information may not be communicated until the reporting state has been given the opportunity of stating its position. These exceptions may render the access right ineffective as most of the information recorded in the SIS is police information and would fall within the ambit of the wide discretion granted by the exceptions, not to mention the differences that do exist among the Member States as to access procedure and those who can access the data concerned. The above case of the Moons demonstrates how the right of access is practiced in different Member States. The Moons, who were registered by both Germany and France in the SIS as persons to be refused entry in both countries, had different access rights in both countries. In Germany, the law allowed a data subject direct access to the information registered in the SIS but the same access was not allowed in France to the data subject or his/her attorney. A case brought in 1996 challenging registration in France resulted in a judge simply informing the Moons’ attorney that he (judge) considered the file to be in order. In Norway37 and other Schengen countries for example Austria,38 the practice is to inform the data subject who requests information that no data concerning her/him that can be communicated is registered, where no data are registered, or where the registered data fall within one of the exceptions. Such ambiguity is found necessary in order not to reveal to the data subject that data concerning him/her is registered and cannot be revealed. The practice is, however, unfortunate as it leaves the data subject who requests information in a state of confusion, not knowing whether information about her/him is registered or not. The situation here is serious because the data subject is confronted 35 See, 6.4.4. 36 All national data laws of EU Member States have been updated in accordance with the EU Directive. It is therefore safe to state that the national laws of Member States are relatively similar. Some divergences do exist. Nevertheless, the SIS law is a special law that may not necessary be in concordance with the Directive. 37 2000-12-21 nr 1365: Forskrift til lov om Schengen informasjonssystem (SIS-forskriften), § 2‑3. 38 Karanja, S. K. (2002).

225

226

Chapter 8

with two possibilities: not registered or registered but having no access right. The two possibilities are extremes on an “access line” as shown in Figure 12 below. Either of the two extremes is a possibility but the person concerned will never know with certainty which applies to him or her. The practice has been criticised by the Norwegian Data Inspectorate.39 Registered with access right

Not registered

Registered has no access right

Figure 12: Access Right Extremes40

This in turn may reduce the effectiveness of the right of access, as persons cannot know whether they are registered or not until they are confronted with the reality when refused entry at the border entry point. Even where they may know that they are registered, they may never know the reasons for registration as the Moon case illustrates. Other factors may affect the effectiveness of the right of access, such as lack of information among the public. This may explain the low instances of request for information by data subjects as observed in the Justice Report.41 The problem was also identified by JSA in its 1999 Annual Report.42 This author’s research in Austria confirmed the link between the low numbers of requests with lack of information about SIS by the public. In an interview with the person in charge for data protection in SIS in Austria, it was confirmed that no information was given to the public about the SIS after its inception in 1997, only before that. It also emerged that the number of requests tended to rise when there was a scandal concerning leakage of information within the police data information systems. This could be explained due to publicity given to the scandal by the mass media.43 In 1997, the JSA, in an attempt to bridge the information gap, decided to start an information campaign entitled “The Schengen Information System concerns you”. The campaign consisted of posters and leaflets on rights of access. The leaflets and posters were displayed at the external borders of Schengen by the national authorities concerned. In its 2000 Annual Report, the JSA reported that, 39 40 41 42

Datatilsynet comments to the høringsuttalelse om SIS lov. The author is indebted to Guro Slettemark for this diagram and explanation. Justice (2000), p. 40 JSA Annual Report 1999; It states, “the JSA had found that in practice it was difficult for the general public to exercise its rights, in particular its right to access and verify data. One of the reasons for this shortcoming was the fact that the general public was not sufficiently informed.” p. 12. 43 Karanja, S. K. (2002).

SIS Compliance to Article 8 ECHR and Data Protection Principles

four years after the campaign was launched the leaflets were distributed in seven of the States applying the Schengen acquis and the number of applications lodged by citizens for access to data on them when they are refused entry into Schengen territory had increased considerably since the campaign started, thus demonstrating its effectiveness.44

In 1998, the JSA also decided to create an Internet page whose aim is to inform the citizens of their rights.45 The page was to contain information on the JSA’s activities and on the individual’s rights.46 This issue will be discussed further in the section on access to legal information below. Although improved information to data subjects would empower them to exercise the right of access, they are, however, faced with other obstacles to enable them to exercise the right effectively under the Schengen legal regime. Firstly, the exercise of the right is complicated because it is not easy for the person concerned to know to whom to address the application for access. On the one hand, it is difficult for the data subject to know which country made an entry that is the concern for the application. This is compounded further because of the lack of a requirement to notify the subject of an alert of the entry. The Schengen Convention does not include a provision on the right to notification and provision of information to the data subject without his/her initiative.47 Some of the alerts, especially Article 96, could be made subject to prior notification without affecting the effectiveness of the system.48 Perhaps only alerts under Article 99, as they may touch on matters under investigation and security issues, and Article 97 of missing persons and persons to be arrested for obvious difficulties of serving notification to them, could be exempted from prior notification. On the other hand, it is difficult to know which authority within the country to apply to for access. Since the right of access is practiced according to national laws of Contracting Parties, and the rules and procedures differ from one country to another, this may raise problems for data subjects. Currently, two systems governing the right of access to police data files in the SIS apply: direct right of access in some countries and indirect right of access in others.49 To mitigate the obstacle of knowing to which country 44 JSA Annual Report 2000 p. 18. 45 The JSA page was temporary hosted and accessed on the website of the Portuguese supervisory authority but after the integration of the Schengen acquis into the framework of the European Union, the page was to be hosted on the Council website. The JSA website is now located at http://www.schengen-jsa.dataprotection.org/. 46 JSA Annual Report 1999 p. 12. 47 The EU Directive on data protection has enhanced the right to access by providing for the right to notification and provision of information. These rights, however, may not be available to data subjects under the Schengen Convention as the special provisions of the Convention would apply instead of the general national law. 48 In Norway, the Immigration authorities as a practice require that all alerts registered under Article 96 be subject to prior notification to persons against whom alerts are issued before registration of the alert. (see inspection report by Datatilsynet 1 February 2005). 49 JSA: The Schengen Information System a guide for exercising the right of access: http://www. schengen-jsa.dataprotection.org/ accessed on 16 March 2007; Right of direct access entails

227

228

Chapter 8

and authorities to direct an access request, the JSA has published guidelines for access.50 According to JSA, “while the guidelines are intended mainly for those with a professional interest in rights of access (data protection agencies, police forces, aliens departments, lawyers, etc.), it is meant to be a source of practical information which can also be consulted by anyone interested in the subject.” Secondly, the exercise of the right of access is complicated because it is difficult to obtain the reasons for entry into SIS. According to the Justice Report, the problem arises because of the variable criteria for entry discussed above. Since there are no standard criteria for entry, it is difficult sometimes to know why an alert was entered in the first place. Thirdly, it is difficult to obtain advice and assistance, and in identifying other agencies who may hold the data.51 There are many authorities with access rights to the SIS data in each of the Contracting Parties country, as stated above. Without proper advice and assistance it is hard for data subjects to know which agencies hold personal data. This issue of advice and assistance will be discussed further in the discussion on proportionality below. While these obstacles may create problems for persons in the Schengen area who wanted to exercise the right to access, they compound problems for persons applying for access from overseas. Though in principle those abroad may have the same right of access as data subjects within the Schengen area, the lack of information to the former group is staggering. In conclusion, the right of access is full of obstacles which work to reduce its effectiveness. Consequently, transparency in data processing in the SIS is compromised. To improve and ensure transparency, a number of measures must be taken: – Although limitations in order to protect societal and collective interests are necessary in a democratic society, they should be well-defined to avoid vagueness. They too should be applied and interpreted in a manner favourable to the protection of individual rights. – Harmonisation of access procedures and rules is necessary. The distinction between direct and indirect access should be eliminated so that all Contracting Parties should have direct access procedures. Consideration should be made for access applications to be addressed to the CSIS which in turn could direct the request to appropriate countries and agencies. – Data subjects should be notified where possible when they are registered in the SIS. As noted above, notification could be applied to all alerts except those under Articles 99 and 98 without jeopardising the effectiveness of the system and national security considerations. Notification is also part of the EU Directive data protecthat the person concerned applies directly to the authorities handling the data (police, gendarmerie, customs, etc.). If the law permits, the applicant may be sent the information relating to him. Right of indirect access entails that the person sends his request to the national data protection agency of the State in the same way as for police files relating to national security, defence or public security. 50 Ibid. 51 Justice (2000), p. 57.

SIS Compliance to Article 8 ECHR and Data Protection Principles

– –

tion system. Notification should include reasons for registration so that dissatisfied persons can be able to prepare for appeal and redress.52 Information about SIS should be made readily available and accessible (see recommendations in 8.3.2.4 below) Ways should be considered so as to make the right of access more meaningful for persons applying for access from overseas. A body such as an ombudsman or nongovernmental or intergovernmental organisation should be established and given mandate to assist these persons to exercise the right of access and other rights (see 12.4.3.3).

8.3.2.4 Requirement for Legal Information The requirement for legal information is a requirement for knowledge about legality of data processing. In order to impart such knowledge, it means that legal information on data processing must be accessible. But accessibility alone is not adequate, legal information must also be understandable or knowable.53 The purpose for accessibility and understanding of legal information is to enable data subjects to exercise their rights and for data controllers and others to fulfil their data protection responsibilities and obligations. As such, lack of accessibility and understanding of legal information may create obstacles to fair and lawful processing of personal data. Requirement for legal information is not manifested directly in the data protection laws. The Schengen Convention does not contain such a provision. The only reference that can be construed to be a requirement for legal information is Article 28 (2) of the EU Directive. It requires supervisory authorities to be consulted when drawing up administrative measures or regulations relating to the protection of individual rights and freedoms with regard to processing of personal data. The aim is to ensure that such information systems and regulations are sensitive to personal data concerns. But such consultation and advice obligations toward data subjects, data controllers and others responsible for processing personal data are not provided for in data protection laws. Despite the lack of a similar provision in the Schengen Convention, national data supervisory authorities have exercised similar powers during the establishment of the N.SIS. In Norway, the Data Inspectorate was part of the project group which had the responsibility for ensuring that rules on data protection and data security of the system were observed.54 In Austria, the Data Protection Commission (DPC), though it did not have a direct role in the establishment of the N.SIS, it was often consulted on issues touching on data protection.55

52 The right of notification as suggested here has been included in the SIS II proposal Regulation 2005, see 13.2.7.5. 53 See 6.5.1.4 above. 54 See Datatilsynet: Schengen informasjonssystem personvern og sikkerhet (prosjektrapport, delprosjekt D) – The Schengen Information System Data Protection and Security (project report, project group D). 55 See Karanja, S. K. (2002).

229

230

Chapter 8

At the same time, despite the lack of a clear provision on requirement for legal information in data laws, legal information is available in one way or another. The question is whether the available legal information is adequate as to be said to fulfil the requirement for legal information. Next is an examination of the meaning of the requirement for legal information and the extent of adherence with the requirement. The requirement for legal information is examined under the headings: accessibility and understandability. Accessibility means that legal information is adequately accessible. That is, a person wanting to know which laws govern protection of personal data should be able to access such laws and information without impediment. As such, requirement for legal information entails that such information is published.56 In the Malone case, Home Office Guidelines on the tapping of telephones were found not accessible because they were not publicly available.57 Accessibility can also be seen from two perspectives: formal accessibility and practical accessibility.58 Formal accessibility involves rules on publishing and publicising of the legal information. For example, rules that require legal information to be published. It refers also to rules which prevent or place obstacles to accessibility and use of legal information. Bing observes that such rules are rare but they are there.59 For example, rules on confidentiality and secrecy restrict accessibility to legal information. In the Schengen, rules that declared certain documents namely the SIRENE manual, external border crossing (Common) manual, common consular instructions on visas for diplomatic missions and consular posts and police co-operation handbook confidential, placed obstacles to accessibility of legal information. Practical accessibility refers to easy accessibility of legal information. It means lack of obstacles to access legal information. Bing identifies the main obstacles to be economic (cost), language and distance to the source of information.60 Blume recognised similar obstacles with the exception of distance, but has suggested understandability of legal information as a practical obstacle.61 Understandability is predicated on the language because the language may hinder understandability. For this writer, practical obstacles could entail requirement for payment, formality, or identification before access to legal information is permitted. For example, one would be required to pay a fee, make a written request or identify one’s self in order to access information needed. In such circumstances, free and public access to legal information would be desirable. In this situation, the legal information is accessible to all who have access to the medium of access. This would also entail knowledge of the existence of the legal information and where 56 See Chappel Judgement, Series A, No. 152-A, p. 23,§56 at p. 24; the ECHR organs noted that “the condition of accessibility is complied with if the impugned restrictions were based on legal texts and case law that had been duly published.” 57 Malone v. United Kingdom (1984) 7 EHRR 14 66-68; See also Govell v. United Kingdom Judgement of 14 January 1998 §57-63 and Khan v. United Kingdome Judgement of 4 October 2000. 58 See Bing, J. (1982), p. 86. 59 Ibid. p. 88. 60 Ibid. pp. 86-7. 61 Blume, P. (1986), pp. 50-6.

SIS Compliance to Article 8 ECHR and Data Protection Principles

and how it can be accessed. Where legal information is published but not publicised, a practical hindrance to access could exist because the public may not know where to find the information. In order for the legal information to be practically accessible, it must be publicised. The term publicise means that deliberate actions must be taken to make the public aware of the availability of information. Such action would be advertising, information promotions or meetings, etc. Internet is playing a very important role in publishing and publicising information because the information is easily available to the public. Soon it could happen that information that is only found in the traditional paper format is declared not published within the meaning of “publish” if not also found in electronic (Internet) format. As the Internet becomes an important publishing medium, access to Internet could prove to be a practical problem to accessibility of information. Access to the Internet may be difficult for a number of reasons, such as lack of connection, distance to the Internet terminal or cafe, the cost, if one is required to pay for access to the Internet and poor or lack of knowledge on use of Internet. Nevertheless, the Internet is a great improvement to accessibility of legal information and supplements the traditional paper publications. The obstacles, however, need to be mitigated. The two forms of accessibility pose different problems to accessibility of information, but as Bing has concluded, formal accessibility difficulties are more serious than the practical accessibility problems because it is easier to mitigate the practical obstacles than the formal ones.62 Alleviating formal obstacles may require change of the formal rules hindering accessibility. In addition, there are usually valid reasons for the formal limitations. Applying the accessibility test to the Schengen, it is found that formal legal documents, laws, regulations and decisions are accessible. The Schengen acquis is a collection of formal legal documents on Schengen and includes the Schengen agreement, the Schengen Convention, accession agreements and decisions. To be included in the formal documents of the Schengen would be Schengen case law which is to be found in the ECJ archives which can also be accessed online. The documents are published both in paper and electronic (Internet) format. The latter makes them readily available at no cost for downloading in various formats, the most popular one being PDF. As such, one can say that the Schengen passes accessibility and publicising tests. Even the manuals which were classified and confidential have been partially declassified, thus making them accessible to the general public. The following have been partially declassified: the SIRENE manual,63 the Common (external border crossing) manual,64 and the Common Consular Instructions on Visas for the Diplomatic Missions and Consular Posts.65 Other documents that are accessible include the catalogue of recommendations and best practices. The purpose of the catalogues is to clarify and detail the Schengen acquis and to indicate recommendations and best practices, in order to provide an example for 62 63 64 65

Ibid. p. 105. Decision 2003/119/EC. Decisions 2000/751/EC; 2002/353/EC. Decision 2004/16/EC.

231

232

Chapter 8

those States acceding to Schengen and also those fully applying the Schengen acquis. The aim is not to give an exhaustive definition of the whole of the Schengen acquis but to put forward recommendations and best practices in light of the experience gained through the continuous evaluation in the Schengen States of the correct application of the Schengen acquis. By 2005, four volumes of the catalogue had been issued. The first volume is on external borders, removal and readmission. It was adopted in 2002. The second volume of the catalogue specifically addresses the Schengen Information System and SIRENE. It gives a good indication to candidate countries for accession to the European Union as to what is expected of them, particularly in practical terms, regarding Schengen. The third volume of the catalogue deals with issuing of visas and was adopted in March 2003. The fourth volume of the catalogue is on police co-operation. It consists of two parts: the first one on mutual assistance and information exchange, and the second one on operational co-operation. As the purpose of the catalogue is explanatory, it has no legally binding status. The catalogue volumes can be found at the official EU Internet portal.66 The concept of understandability means that legal rules should be knowable. It involves understanding of the rules, that is, knowing the rights and obligations that follow with the rules. Blume observes that one condition of accessibility to legal information is that it must be understandable.67 Understandability of the rules will depend on the individual person (whether he or she has the necessary legal knowledge) and the complexity of the rules. Legal rules by nature are, however, not easy to understand. They can be highly technical. Understandability requires legal background and which is why lawyers are able to understand legal information better than non-lawyers.68 Further, Blume argues that legal language is a hindrance to understanding of legal information and calls for simplification of the legal language and therefore democratising the legal information system.69 For most citizens, they will need a person with the necessary legal and technical knowledge to explain the rules. They require legal guidance, advice and assistance to understand the rules. Legal guidance could be offered through consulting a legal expert or through written or audio media. It could also be offered through citizens’ contact with public service agencies such as the immigration, police or customs service. Unlike accessibility which may be required by law, understandability of legal rules may not be a legal requirement. As such there is no law that states that rules should be understandable. Individuals must take initiative and consult legal experts. This is the gist of the decision in Groppera Radio AG and others. The Court observed that, the scope of the concepts of foreseeability and accessibility depends to a considerable degree on the content of the instrument in issue, the field it is designed to cover and the number

66 67 68 69

http://europa.eu/ last accessed 16 March 2007. Blume, P. (1987), p. 45. Ibid. Blume, P. (1986), p. 55.

SIS Compliance to Article 8 ECHR and Data Protection Principles

and status of those to whom it is addressed. In other words, accessibility does not mean that norms should be directly knowable to the person affected.70

If need be, a person should seek for appropriate legal advice. The question here remains whether it is the individual’s sole responsibility to seek legal expertise or those relying on or responsible for the making of the rules should also be obliged to explain and give guidance to the individual. Data protection laws do not contain an express provision on understandability of legal information. The initiative is left to the individual persons and individual organisations or authorities to seek and provide the necessary guidance. The trend seems to be to require those who process personal data to provide the legal information in an understandable manner to the data subjects. Under the provision on the right to access in both the CoE convention and the EU Directive data, data controllers are required to provide information on data concerning an individual that are being processed in an intelligible manner. The implication here is that information should be understandable to the data subject. In absence of a clear requirement, however, the initiative seems to be left on data controllers to make legal information understandable. This is the case where the controllers or other authorities responsible for data processing issue guidelines and recommendations in an attempt to explain and clarify the law to their employees, officials and others that may be interested. The EU Schengen Catalogue mentioned above is a good example of guidelines that attempt to explain the Schengen acquis.71 There is, however, lack of a catalogue that explains data protection requirement, rules and best practice. The omission ought to be corrected by issuing a catalogue on data protection recommendations and best practices. The various manuals developed during the inception of Schengen can also be said to be guidelines directed to officials implementing the Schengen Convention. The Common manual72 gives guidance on conditions for entering the Schengen territory and border checks. It also contains annexes which explain and give guidance on conditions of entry and border checks. For example it contains guidance on authorised crossing points, criteria for determining whether a travel document may bear visa, common lists of third countries whose nationals are subject to an airport transit visa requirement, how to fill in visa stickers, lists of documents giving entitlement to entry without visa, fees in Euro to be charged when issuing uniform visas, etc. The SIRENE manual73 contains rules and guidance for exchange of information on alerts registered in the Schengen Information System. It explains the action to be taken and when namely; the areas of intervention, the procedure to be followed and the tasks to be performed per alert category.

70 ECtHR Groppera Radio AG and Others judgement of 28 March 1990, Series A, No. 173 p. 26 § 24. 71 Decision of the Council of 28 May 2001. 72 2002/C 313/02. 73 2003/C 38/01.

233

234

Chapter 8

The common consular instructions on visas for the diplomatic mission and consular posts 74contain explanation and guidance on issuance of visas. They stipulate the rules and requirements for visa issuance. They also provide guidance on how to fill visa stickers, administrative management and organisation and consular co-operation at a local level. The instructions also contain annexes which give further guidance on issuance of visas. For example joint lists on non-member countries whose citizens are required to have a visa by Member States bound by regulation (EC) No 539/2001, specimen of harmonised uniform visa application form, filling in visa stickers, list of documents entitling holders to entry without a visa, etc. While the above guidelines are addressed to officials who implement the Schengen Convention, there is a dearth of guidelines directed to data subjects. To mitigate this, the JSA, as noted above, has issued a guide for exercising the right of access in the Schengen Information System.75 The guide describes the arrangements for exercising the right of access to the SIS. As the guide states, however, it is intended for those with a professional interest in rights of access (data protection agencies, police forces, aliens departments, lawyers, etc.). Nevertheless, the guide too serves as an important source of practical information which can be consulted by anyone interested in the subject. A data subject who may want to learn more about the right to access and how it is practiced by the Contracting Parties would find the guide indispensable. But there is a need for a guide tailored and addressed to the needs of data subjects. The JSA has also issued a brochure76 with information explaining and giving guidance on individual rights under the Schengen Convention. It urges those who feel that they are registered in the SIS to check their alerts to establish whether the reasons for inclusion are founded. It informs data subjects of assistance they can receive from national data supervisory authorities to enable them to exercise their rights. It also refers to the guide which can be found at the JSA website. The good work, however, here depends on whether the public has knowledge of the JSA initiatives and their accessibility to the public. According to Eurobarometer survey and poll, in Europe the level of knowledge about the existence of independent authorities monitoring application of data protection laws was low across the European Union and two-thirds, (68%) of the citizens were not aware of their existence.77 This also could be the case with the JSA. Lack of information could be related to meagre resources. The JSA suffers from budget constraints that affect its work of making information available to data subjects. Bing has clearly demonstrated the relationship between cost and accessibility to information in the accessibility theory.78 The more resources one uses for information accessibility, the greater the accessibility.

74 75 76 77

2002/C 313/01. See http://www.schengen-jsa.dataprotection.org/ . Last accessed on 16 March 2007. Ibid. Special Eurobarometer 196: European Opinion Research Group EEIG, Data Protection, December 2003, p. 48. 78 Bing, J. (1982), p. 89.

SIS Compliance to Article 8 ECHR and Data Protection Principles

Accessibility of legal information by those implementing the Schengen is well provided for but the same cannot be said for data subjects. Guidance and legal information is tailored mainly for the needs of those implementing the Schengen. The data subjects have been relegated to the background. In order to cater to the need for data subjects’ legal information, the following action should be taken: – Obstacles to accessibility of legal information such as declaring legal documents confidential and classified should be avoided. – A catalogue of recommendations and best practices for data processing and protection should be issued. – Legal guidance, advice and assistance to understand the rules should be provided to individuals by those who process data. – There should be guidelines directed to the needs of data subjects. – More resources should be made available to enable better access to legal information by data subjects. – As the Internet as a publishing medium, becomes increasingly significant, it should be a condition that legal information should not be published in the paper format only but in electronic (Internet) format also. Free access to Internet should also be guaranteed. 8.3.2.5 Requirement for Reasons The requirement for reasons is a requirement that decision-making involving personal data must be fair and lawful. The purpose for reasons is to ensure that decision-making is fair and lawful by enabling data subjects to control that the decision-making process is legitimate. That is, the decision is based on legal authority and that the personal data used conform to data quality requirements, namely that the data are complete, correct, up to date and accurate. The requirement for reasons is also a means for data controllers to explain and account for the use of personal data. In other words, data controllers must account and explain the lawfulness of data use. The manifestation of the requirement for reasons in data protection laws is recent. It was introduced through Article 15 of the EU Directive. Other data protection laws such as the CoE Convention and the Schengen Convention do not contain such a provision. Article 15 protects data subjects from being subjected to automated decisions by granting them a right to request an explanation for the rules inbuilt in the program (software) used to reach such decisions. But as noted earlier, the initiative is left to the data subject to request for reasons. As such, the usefulness of the right is limited. It could be more effective if data controllers were required to provide such information to data subjects as a general requirement of reasons. The lack of a provision for requirement for reasons has weakened data protection in the Schengen regime. Even the CoE Convention, which the Schengen Convention relies on as a minimum level of protection, does not contain such a provision. Instances where a provision for the requirement for reasons would serve data subjects better in the Schengen is the registration of data in the SIS and upon a positive hit after the search in the SIS. As noted above, lack of requirement to notify data subjects upon registration in the SIS means that registered persons cannot challenge the registration decisions as

235

236

Chapter 8

they are not aware of them. It should therefore be preferable to notify registered persons upon registration and furnish them with reasons for the decision so as to enable them to establish its legality and challenge it if they are not satisfied. As the Justice report observed, there may be problems in obtaining the reasons for entry (particularly because of the variable criteria for entry).79 This could be mitigated by stating the reasons for entry in the notification of entry. As positive hits after a search in the SIS are accompanied with consequences to the person concerned, such as arrest or refusal to enter the Schengen territory, it is preferable for a notification of a positive hit to be issued stating reasons for entry in the SIS. It could be similar to the form of “Refusal of Entry at the Border”. The form is filled when a person is refused entry in the Schengen territory. It also states the reasons for refusal, for example that the person has no valid travel documents or is a person for whom an alert has been issued for the purposes of refusing entry in the SIS or in the national register.80 The form is filled and handed to the person concerned. This could enable the person affected by the action taken to challenge the decision if necessary. Consequently, the SIS law should contain a provision requiring data controllers to furnish data subjects with reasons. The following should be taken into consideration if framing such a decision: – Data subjects should be notified when a decision to register their data in the SIS is made and should be furnished with reasons for the decision. – Data subjects should be notified in the event of a positive hit after a search in the SIS and be supplied with reasons for the registration. – The initiative to give reasons should come from the controller and not rely on a request for reason by the data subjects. 8.3.3

Fair and Lawful Principle and Proportionality Interests

8.3.3.1

General

Interest in proportionality is about fairness and reasonableness. It is about a balanced application of the law. The proportionality interest requires that those who execute the law do so in a balanced and proportional manner. In other words, they should not only be guided by the letter of the law, but also the spirit of the law. The purpose of the law is to be obeyed by those concerned, both the executors and the controlled. The law has a dual purpose and to fulfil it should be applied in a balanced manner. When the law is applied in a balanced way, it serves to ensure that the decision-making process is free from error and to avoid excessive control in society. This is achieved through a deliberate balancing exercise of individual interests and societal interests. This section examines and evaluates the extent to which proportionality interest is manifested in the Schengen Information System law. In so doing, an attempt is made to answer the research question raised in above 6.5.2. The proportionality requirements discussed in Chapter 6 are used as criteria for evaluation. 79 Justice (2000), p. 57. 80 See Council Decision 6694/04 amending the Common Manual in order to include provision for targeted border controls on accompanied minors.

SIS Compliance to Article 8 ECHR and Data Protection Principles

8.3.3.2 Requirement for Proportionality between Control and Guidance The requirement for proportionality between control and guidance is a requirement that there should be proportionality between effort spent on controlling citizens and effort spent on providing citizens with guidance. It means that control should be balanced. Balanced control entails spending efforts in both controlling and giving guidance. If efforts were spent on controlling only without giving guidance, then control would be one-sided. The assumption is that it is in the best interest of all to avoid breach of legal rules and therefore measures that would avoid breach of legal rules are encouraged.81 To achieve proportionality in control, guidance should be given to both controllers and the controlled. Guidance is given through advice and assistance, for example advice or assistance on how to fill a form correctly. On the other hand, guidelines give guidance on the law or procedure to follow, what information to request or give, etc. Guidance therefore entails making information available to those who need it. Here an examination is carried out of the extent to which the Schengen makes legal information which is understandable available to the citizens. In other words, one can say that the requirement for proportionality between control and guidance is essentially the requirement for legal information as discussed above. International data protection laws are silent as regards giving guidance to citizens. The Schengen Convention too does not contain a requirement to give guidance. This does not, however, mean that guidance may not be provided. Guidance can be oral or written. Oral guidance is given when citizens come into contact with bodies that provide services. Written guidance is in the form of guidelines and explanations of rules and procedures. As regards oral guidance, it is difficult to quantify the extent to which it is given to citizens. The lack of legal duty to give guidance at the Convention level means that officials who come into contact with citizens are not obliged to give guidance. The extent to which such guidance is offered therefore depends on the national law, the individual disposition of the officials concerned and the demands by the citizen. Written guidance is easy to identify as it is a question of whether there are written documents giving guidance or not. Documents that can be said to give guidance are documents which explain legal rules and procedures, for example, regulations made under main framework legislation as they tend to explain the main law in detail. In the case of Schengen, the various manuals give guidance as to the rules and procedures.82 For example, the SIRENE manual explains and gives guidance on exchange of information. The Common manual gives guidance on rules, procedures and conditions for crossing external border. Similarly, the Consular common instructions give guidance on rules, procedures and conditions for visa issuance. The Schengen authorities have also issued a catalogue whose aim is to explain further the rules and procedures in the manuals. They explain how the manuals should be applied in practice. The catalogue is therefore guidelines to the manuals. As noted above four volumes of the catalogue have been issued corresponding to the number of manuals.83 The manuals and catalogue are 81 Schartum, D. W. (2000). 82 See 8.3.2.4. 83 Ibid.

237

238

Chapter 8

however addressed to those implementing the Schengen and therefore they may not be of much use to the citizens as regards guidance. They are meant to assist those who control the borders in order to enforce the rules properly without errors. But as indicated above, there lacks clear guidance on the criteria for entry of data in SIS and who should enter the data. As it is, the practice is for officers of lower ranks make decisions on entry of the data into the SIS. The consequence of this is that there is a great divergence in the data entered. As the Netherlands audit report revealed, the data entered from various parts of the country varied as local officials have discretion on the entry of data. The effect is that sometimes data that should have been entered was omitted and vice versa. In the circumstances, there is lack of proportionality between control and guidance. Similarly, as indicated above there is lack of clear guidance as to criteria for search in the SIS. As a consequence, illegal searches in the SIS cannot be avoided as in the case of Turker v. Prefet de l´Cssone above.84 Lack of clear guidance here may mean that there is a lack of proportionality between control and guidance. As obligation to give guidance to citizens in general is absent in the Schengen Convention, the only attempts to offer guidance directed to citizens comes from the Schengen Joint Supervisory Authority (JSA). The JSA has published a web site which makes available official documents of the JSA and is meant to provide additional information on both the operations of the Schengen Information System and citizens’ rights.85 The most important document on the JSA site is the guide for exercising the right of access in the SIS. It is an attempt to give guidance on the exercising of the right of access in the SIS which, as observed above, is very complicated because citizens may not know to which authority to address the request of information, and the procedure for doing so. Although the guide is not a blueprint for the exercise of the right of access, it helps prepare those concerned on the pitfalls of the exercise of the right. Ultimately, what is required is a simple procedure for the exercise of the right of access in SIS. The other means through which the JSA gives guidance to citizens is through brochures. The brochures explain to individual persons their rights under the Schengen Convention, in particular the right to access to personal data. They are normally placed in airports where they can be accessed by those crossing Schengen internal and external borders. The Manuals and Catalogues issued by the Council and documents issued by the JSA to an extent mitigate the lack of guidance under the Schengen regime. There are, however, particular instances where guidance should be given if the rights of individuals are to be safeguarded: – Guidance on the criteria of entry of data in the SIS and who is to enter the data should be given. As it is at present, lack of clear criteria of entry of data, means that data that should not have been entered in the SIS is registered. – Guidance on the criteria of search in the SIS should also be given. Due to lack of clear criteria for search in the SIS, authorities who should not carry out searches in the SIS are doing so. – There should be increased guidance on data subjects on their rights. 84 No. 983118. 85 See http://www.schengen-jsa.dataprotection.org/. Last accessed on 16 March 2006.

SIS Compliance to Article 8 ECHR and Data Protection Principles

8.3.3.3 Requirement for Proportionality between Control in Disfavour and in Favour of Registered Individual The requirement for proportionality between control in disfavour and control in favour of registered individual entails fairness. The requirement is concerned with ensuring proportionality between efforts employed in uncovering wrongdoings by the controlled persons and efforts that ensure that their rights are considered and respected. It requires that controllers should not only be concerned with the control of wrongdoings, but they should also ensure that where a law operates in favour of the controlled, their rights are respected and realised. The controllers should also control that the wrongdoing is not based on error or misconception of the law or regulation. It also means that control should not be executed in a manner that benefits the controllers or controllers’ aims only, but the controller should also ensure that needs and benefits of the controlled persons are considered. For example, the controller should not only seek information that works in disfavour of the controlled but must also consider information that works in favour of the controlled. In other words, control ought to be fair to the controlled. There is no direct manifestation of the requirement for proportionality between control in disfavour and in favour of registered persons in data protection laws. It can, however, be read in the provisions that require data processing to be ‘fair’, Article 6(a) in the EU Directive and Article 5 (a) in the CoE Convention. There is no corresponding provision of fairness in the Schengen Convention. Nevertheless, proportionality is a fundamental requirement in human rights law particularly under the ECHR regime, especially Article 8 (2). Applying the requirement to the Schengen means examining some provisions of the Schengen Convention where proportionality may not be observed. Three provisions are of interest mainly, – the exercise of the right of access Article 109 and auxiliary rights of correction and deletion, – the registration of persons under Article 99 and, – the registration of persons under Article 96. The exercise of the right of access by data subjects, as indicated above, is complex and full of obstacles. In addition, there is a lack of knowledge and information about the right among the public and registered persons. Surveys and public opinion polls repeatedly indicate that very few are aware of the right of access and of those that are aware, only very small number have exercised the right.86 A number of factors contribute to the poor exercise of the right. Firstly, the exercise of the right is complex for data subjects as there are no standards. Each Schengen country applies its own national procedure. In some Schengen Contracting Parties, the exercise of the right is direct, in others indirect and others a mixture of the two.87 Data subjects would have to acquaint themselves with 86 According to “Special Eurobarometer” survey December 2003, only an average of 32% of EU 15 Member States citizens had heard of the law granting individual rights of access, correction and deletion. Of the 32%, only a very small percentage (7%)had exercised the rights. 87 See 8.3.2.3.

239

240

Chapter 8

the different procedures and know to which authorities to address their application to in order to effectively exercise their rights. Lack of advice and assistance with these matters, however, may complicate the exercise of the right further. Secondly, even where a registered person may know their rights, they may not know that they are registered in the first place because the registering authorities have no obligation to notify the data subject upon entry of their data in the SIS. Thirdly, the right of access is also made difficult to realise because it allows exceptions. The practice in most countries is to give exceptions a priority over the rights of the individual. These instances illustrate that under the Schengen it is the interests of the controller that have priority and not the rights of the registered persons. Control is given priority over protection of individual rights, and as such there is imbalance and lack of proportionality between control in disfavour and control in favour of the registered persons. Registration under Article 99 may raise issues of proportionality. The purposes of the provisions under Article 99 is to place persons and anyone accompanying them under ‘discreet surveillance or specific checks’ with the aim of collecting criminal information either for the purpose of prosecuting criminal offences or for preventing threats to public safety. As Justice observed,88 once criminal intelligence is being held, either on a suspect or an associate, it is notoriously difficulty to activate the normal data protection safeguards because Article 99 (2) of the Schengen Convention automatically denies data subject access rights to data held under Article 99 discreet surveillance. Deletion of the information may also not occur when the entry expires as it may well continue to be held by a police authority in the reporting country or perhaps others across the Member States that have requested it, for example, Europol.89 These measures are disproportionate and to the disadvantage of the persons registered. Control in disfavour of the registered person here is given priority over protection of individual rights. There should be measures that mitigate and enable enforcement of individual rights especially the right for access and deletion. Registration under Article 96 also raises issues of proportionality. Lack of clear standards and guidance on criteria to be applied for entry under this category works to the disadvantage of the registered persons. The article is inclined to control in disfavour of the registered person because it employs vague and wide terms such as ‘unwanted persons’ which opens for unrestricted registration of persons on suspect national security and political grounds or other reasons as in the cases of Sun Myung Moon and Stephanie Mills above. Germany’s practice of entering names of persons whose asylum application had been rejected seemed also to take advantage of the vagueness of this provision. It is also doubtful in some cases whether if a provision operates in favour of the registered person, the controlling authorities would invoke it. In the case of Stephanie Mills, although the authorities would have allowed her in the Netherlands using the exception which allows a Contracting Party to issue a national visa which does not extend the right to travel to other Schengen countries for humanitarian reasons,90 the authorities did not 88 Justice (2000), pp. 36-37. 89 See 8.3.2.3. 90 Article 5 (2) of the Schengen Convention.

SIS Compliance to Article 8 ECHR and Data Protection Principles

invoke it. This would also be the case where an application for a visa is refused because the applicant is registered in the SIS. Rarely is the option for a national visa invoked. In the case of Mrs Forabosco, the French authorities did not invoke that provision so as to allow her in the country for humanitarian reasons after she was registered in the SIS as a result of an asylum application which was rejected by German authorities. The matter is made worse because there is no reporting requirement or request of supplementary information of a hit under this provision to the reporting state. The practice is simply to refuse entry or an entry visa upon a positive hit.91 Lack of minimum requirement and guidelines as to the information that must be included in an entry and common standards of data quality under this Article may lead to identification difficulty and proportionality problems. Although Article 94 (3) specifies what data are to be recorded in SIS alert, it does not restrict the amount of data to be registered under each category. Member States have discretion as to what data is entered because it is the national law that applies and as such, in some cases, more data than necessary are recorded and in other cases only a small amount of data is entered. Since supplementary information cannot be requested under this provision, the data entered in many cases is not adequate for a proper identification. Justice Report has cited a number of instances where identification difficulty has been at issue.92 In one incident, the Report states that Belgian police had difficulty in judging whether a person seeking entry matched a person of the same or similar name on the SIS, as entered by another Schengen state. The report points out that, in some cases the entry gave only a name and year of birth, sometimes without even indicting the sex. In others an entire family of a given surname had been entered, apparently because of uncertainty over which member was subject to refusal or entry.

In addition, there is difficulty in trying to check those whose name and date of birth are the same as a person listed in the SIS, especially in the evenings and on weekends which take too long to get an answer. The problem of the data to be registered is also manifested in cases involving usurped identities. The JSA has been issuing Opinions on this matter in its annual reports. In the fifth report the JSA has noted that, the practice is that ‘in the event of a usurped identity, some Schengen States enter the name of the legitimate holder of the usurped identity in the SIS, whereas it is the usurper who is actually wanted. In other words, the system contains an alert on an identity that corresponds neither de facto nor de jure to the identity of the person actually sought but the identity of the victim and the legitimate holder of the identity is not informed that data on his/her identity are contained in the SIS.’93 In the opinion of the JSA, the principle of proportionality is not being observed because there is a need to strike a balance between respecting the rights of the person whose identity has been usurped and the need to detect the perpetrators. Instead the 91 Justice (2000), p. 37. 92 See, Ibid. pp. 37-38. 93 JSA: Fifth Annual Report of the Activities of SIS March 200 – December 2001, p. 9.

241

242

Chapter 8

Schengen authorities seem to be concerned with the detection of the perpetrators to the disadvantage of the victim who should also be protected. Negative attitude toward aliens (non-EU citizens) among Schengen countries citizens generally may affect proportionality in the entry of data in the SIS. Aliens are generally viewed as suspect and constitute a primary threat to public order and state security. Such an attitude can give rise to disproportionate response to individual cases.94 For example, the requirement that an alien who has been convicted of an offence carrying a penalty involving deprivation of liberty of at least one year should be reported in the SIS95 is arbitrary and disproportional as it does not take into consideration such factors as the nature of the offence, the age of the offender, the person’s attachment to the country, etc, which in numerous cases the ECtHR has decided that should be considered before the issue of deportation and expulsion orders.96 Also Article 96 (2) (b) does not seem to take into account whether a custodial sentence was in fact imposed in a given case, its length, or any rules relating to the rehabilitation of offenders that might be applicable. The measure would be completely disproportionate because it does not consider any favourable factors of the person concerned and it requires entry in SIS based on uncontested evidence. Control as practiced under the Schengen is one-sided and disproportionate to the rights of data subjects. It is in favour of the controllers but in disfavour of the data subjects. To restore the balance and proportionality the following measures should be taken: – A harmonised standard procedure for the exercise of the right of access should be formulated to avoid the current situation where each Schengen State uses its own national procedures. – The exercise of the right of access should be direct and the national authorities to whom the request is directed should be uniform and well defined in all the Schengen States. – Exceptions on the right of access should only be invoked where there are compelling reasons for refusal of access to information and the communication of the refusal must be clear and unequivocal. – Deletion of data under Article 99 should be imposed so as to ensure that the data are deleted when the retention period expires and that they are not retained by other authorities that were supplied or had access to the data such as Europol. – Exchange of supplementary information should be encouraged under Article 96 alerts, especially when a positive hit is registered. This is to enable the State carrying the search to decide whether to invoke the national discretion to allow entry on national visa. 94 Justice (2000), p. 34. 95 Article 96 (2) (a) of the Schengen Convention. 96 See, Nasri v. France (1995) 21 EHRR 458; Bensaid v. United Kingdom; Moustaquim v. Belgium (1991) 13 EHRR 802; In these cases, the ECtHR has held that measures are likely to be regarded as disproportionate if they impose heavy burdens on an individual or group, apparently arbitrarily, in order to achieve a social benefit, or if they impose penalties which appear to be excessive in relation to the circumstances of the offence to which they relate.

SIS Compliance to Article 8 ECHR and Data Protection Principles

– –

Registration of additional data, especially in cases of mistaken identity and identity theft, should be permitted in order to safeguard the rights of the victims of mistaken identity and identity theft. Registration in the SIS should strictly be a result of a decision in which the person concerned is given a chance to be heard. This is so especially as regards Article 96 alerts.

8.3.3.4 Requirement for Proportionality Control between Different Control Target Groups The requirement for proportional control between different control target groups entails non-discrimination in the control directed against different control groups. It means that control should be proportional and not biased against some target groups. It should apply proportionality to all groups. Non-discrimination provisions are found in human rights laws where discrimination is prohibited and in data protection laws where processing of sensitive personal data is restricted. The provision on sensitive data in the data protection laws does not specifically use the word ‘discrimination’, but by prohibiting processing of personal data that reveals racial or ethnic origin, political opinions, religious or other beliefs, intimate and sensitive aspects of the data subject, the provision seems to safeguard the data subjects from collection and use of personal data for purely discrimination purposes. It would, however, provide better protection if data protection laws contained a clear provision on non-discrimination. In addition, there lacks guidance on how to avoid discrimination as there are no guidelines on non-discrimination to supplement and clarify the provision on sensitive data. Discrimination in data processing can manifest itself in many ways. Firstly, as noted above, there is a fear of foreigners among the Schengen populace which can lead to strict control on foreign nationals and those mostly affected are persons whose physical features are different from EU citizens. In the circumstances, foreign nationals from Africa and Asia may be met with more strenuous control than their counterparts from Europe and America. Although such control may not in the outset be motivated by discrimination, lack of guidance on how to avoid discrimination in the control of foreigners may give occasion to discrimination and the feeling of being discriminated. The Schengen law specifies that internal controls at the internal borders will disappear but it does not prohibit such controls elsewhere inside the country. Internal controls continue at the national level and are regulated by the national law. In that case, internal controls as practiced by member countries differ. It is the responsibility of the national authorities to issue guidance on internal controls. Most countries do not have such guidance, only general instructions on internal control without being specific on avoidance of discrimination.97

97 See Politidirektroatet: Politiets utøvelse av kontroll – grensenære områder og annen indre untelndingskontroll (Police execution of control in the border area and other internal controls on aliens) Rundskriv. 3 August 2001.

243

244

Chapter 8

Since the Schengen Convention does not prohibit internal controls in the Schengen area, such controls seem to have increased with the remove of internal border controls (see chapter 11). Most of the controls target foreign nationals and without proper guidance, the controls could be selective and discriminating. Studies carried out in the United Kingdom seem to suggest that mostly people of minority cultures are targeted for police stop checks and controls.98 In Norway, allegations of discrimination of ethnic minorities in stop and search by police led to the appointment of a working group to investigate the implementation for registration of stop and search by police.99 The group, however, did not find any support for the allegations but felt that the fears expressed were not to be neglected, especially among some young men of minority culture origin because their confidence in the police is low and they feel unfairly and negatively focused by the police. But recent revelation of the police training manual based on incorrect and prejudicial information about African people and how to treat them may support the claim for discrimination.100 Recruitment of police officers was one area the working group placed emphasis for strengthening in order to enable them to deal with persons of minority cultures politely and with respect. Another aspect that the working group emphasised is the development of ‘best practices’ from projects that have shown to be useful in strengthening police relationship with minority cultures to be shared with other members of the police. At present the police lack clear guidelines on how to police persons of minority cultures which may lead to justified allegations of discrimination. After 11 September 2001 terrorist attacks, control on foreign nationals has intensified. Unfortunately, the control has assumed a negative image where racial and religious profiling is being justified as a necessary means of investigation and detection. While in a country like United Kingdom racial profiling has been used in the streets under the notorious ‘stop and search’ police method, in Germany racial profiling of databases has resulted in compilation of a vast database of six million personal records of which 20,000 have been singled out as potential terrorists, even though there is no concrete evidence against them.101 The government is requiring public and private institutions to hand over to the police authorities any information from databases on individuals whose profile corresponds to specific criteria on police’s search grid for potential terrorists.102 As expected, such racial profiling is targeting Muslims and persons of African, Asian and Arabic origins. In the rest of Europe racial profiling is expected to increase as intelligence and police authorities become interested in racial profiling in the existing EU databases which mainly target foreign nationals. After the terrorist bombings in 98 In England, Wales and in parts of Scotland a registration regime for all stop and search carried by police was introduced in 1984 because ethnic minority groups felt lack of confidence, professionalism and non-discrimination by police. The objective was to instill confidence, professionalism and non-discrimination in the police. 99 Politidirektoratet Rapport: Registrering og dokumentasjon i forbindelse med politikontroller. 100 See Aftenposten 4 May 2004 Internet edition. 101 Kandnani, A, (2004), https://wwirr.org.uk/2004/july/ak000006.heml accessed on 13.07.2004. 102 Ibid.

SIS Compliance to Article 8 ECHR and Data Protection Principles

Madrid on 11 March 2004, EU law enforcement agencies renewed their calls for access to the data held on Eurodac, a position apparently supported by the Commission despite its incompatibility with EC law.103 Racial profiling is not based on any reasonable or concrete suspicion and as such it goes against the main grain of the legal doctrine requiring reasonable suspicion in application of restrictive measures. As racial profiling proliferates in EU countries, the danger is that more and more communities will be drawn into the loop of suspicion. Racial profiling is also becoming institutionalised with recent wave of terrorism laws that have been enacted throughout the globe tacitly allowing police to use racial profiling as an investigative and detection technique.104 There is no adequate focus on avoidance of discrimination in police and border control work. In order to avoid discrimination the following steps should be implemented: – There should be a clear provision prohibiting discrimination on grounds of race, colour, nationality, ethnicity, nationality, religious and political opinion, and sex in data protection laws. – There should be guidance directed to controllers on how to avoid discrimination in the control of foreign nationals. Especially, there is need to develop a catalogue of best practices in avoidance of discrimination. – Racial profiling should be avoided, but where deemed absolutely necessary, there should be clear guidance so as to avoid discrimination. 8.3.3.5 Requirement for Proportionality between Internal and External Control As noted in 6.5.3.6 above, proportionality between internal and external control can be viewed from two perspectives: first, control directed toward controlled persons and second, control directed toward internal routine of the system and, internal control of the system and external control of the system by such external bodies. The first perspective involves the control of registered persons to ensure that they have given correct and adequate information and the control of the routine of the system to ensure that there are no errors. From this perspective, there should be proportionality between the control to discover errors or omissions by the registered or controlled persons and control to discover errors or omissions in the system and routine of control. For example, it is quite in order to control the information given by the registered person whether it is correct and adequate for the purpose for which it is required or that the registered person does not deliberately give false information in order to gain a favour or to avoid a duty. But at the same time, control should be done to ensure that there are no errors in the control system itself and that the correct procedure and rules have been followed or that the rules and procedures are adequate.

103 Hayes, B. (March-April 2004) Killing me softly? “Improving access to durable solutions”, doublespeak and the dismantling of refugee protection in the EU. Statewatch Analysis: Statewatch bulletin, vol. 14 no. 2. 104 See, Terrorism Act of United Kingdom; the recent agreement of exchange of travelers data between EU and USA and other third countries.

245

246

Chapter 8

Although the requirement for proportionality between internal and external control in the first perspective is not directly manifested in data protection laws, it nevertheless can be read in rules and requirements for quality and security of data, especially in the obligation for notification to supervisory authorities where a Member State carries out wholly or partly automatic processing. Articles 19(2) and 21 (3) require establishment of some form of internal control for processing that does not involve licensing. In the Schengen Convention rules on quality and security of data are provided for in Articles 101-118. But as Justice has indicated, security of data in the SIS is not adequate and has been lacking in certain occasions. An inspection of the C.SIS and its security measures undertaken by JSA revealed various defects, including a lack of proper tracing functions to provide audit trails and inadequate security for the transport of magnetic media containing SIS data. The JSA also observed that too many individuals had a ‘super user’ status enabling them to access and change the contents of the operating system, database and network and to erase any trace of their action. It was, however, finally agreed that the number would be reduced from eight to four. The JSA report of March 1998 and February 1999 had also referred to difficulties in ensuring that the dates on which alerts are entered are correct. The JSA had also requested the national supervisory authorities to report on security measures at their N.SIS bureaux and the many SIS access points. Overall the JSA found the general level of security to be ‘sufficient’ in the majority of Schengen states, but there were still shortcomings in some states. It observed that not all countries had introduced audit systems to determine what information has been accessed and by whom. There were insufficient controls over paper files (in majority states, it is possible to get printouts of SIS and SIRENE data without leaving a trace) and only few states had a requirement to specify the purpose of access to SIS data and access to this data is not always limited to the necessity for a particular purpose. The JSA report made recommendations in all these areas. In particular, it stressed the need to put proper audit systems in place so that each operation can be traced, with log files being regularly checked for anomalies. It also invites the N.SIS and SIRENE bureaux to produce an annual report on security. In interviews with the Austrian N.SIS and SIRENE authorities, the lack of audits and annual reports was also confirmed.105 Article 103 is concerned with control of access to the data in the SIS so as to monitor unlawful access. It recommends that each Contracting Party ensures that, on average, every tenth transmission of personal data is recorded in the N.SIS by the data file management authority for the purposes of checking whether the search is admissible or not. Proposal on SIS II recommends that a record or log be made of all access to the data in the SIS. This is meant to improve and enhance detection of unauthorised access but as discovered in interviews with Austrian SIS authorities a problem of controlling of the records may arise due to lack of manpower. In Austria, a log audit is kept for all access to data in the SIS. In this log audit, the user’s identity or name, password, time and reason for access are recorded. But the lack of manpower and capacity to control the log audits hampers effective monitoring of access, as only twenty persons in five of the nine police divisions are controlled every week. This is a very low number for a system that can be 105 See Karanja, S. K. (2002).

SIS Compliance to Article 8 ECHR and Data Protection Principles

accessed by over 30,000 persons at any given time.106 Lack of personnel and capacity to control log audits can weaken internal control of the system and lead to disproportionate and excessive control of registered persons. To a great extent, security of data is threatened not by the unauthorised intruders, but the authorised person acting illegally to release personal data to unauthorised persons. Those authorised to access the system pose the biggest threat to the security of the system, as the scandal in Austria107 and an earlier one in Belgium108 confirm. Although the Austrian incident did not involve SIS, it did, however, indicate that those who are entrusted with administering the system are its weakest link. Maintaining good quality of data is important for certainty in the identification of persons. Where data quality is poor, identification may be problematic and innocent persons may suffer. Quality of data in the SIS has been problematic as Justice and JSA reports have indicated. The reports point to a lack of common quality and adequacy standards because each Schengen Contracting Party relies on its national law. As a result, this could lead to arbitrary misidentification and injustice particularly in the case of asylum seekers. For example, rules on entry of data in the SIS differ because Contracting Parties follow their own national laws. Justice notes that entries under Article 96 are particularly surprising for the four Schengen countries they investigated. They state that entries differ and are likely to be a source of confusion in the mutual co-operation through SIS and have serious implications for individuals. They added that the situation is made worse because, under Article 96, requesting for supplementary information is not allowed.109 Contracting Parties have also reluctantly deleted the data in the SIS. This also could affect identification of persons because of poor quality of data. In 1998 the Joint Supervisory authority issued an opinion on the interpretation of Articles 112 and 102 of the Schengen Convention. The Member States were deleting data as prescribed by the Schengen Convention, but retaining documents of alerts in SIRENE. This was contrary to Article 201(1) which prohibits Contracting Parties from using the data stipulated in Articles 95-100 for purposes other than those laid down for each type of alert referred to in those Articles. The practice also contravened Article 112 of the Convention above. The 106 Ibid. 107 According to Toward Freedom Magazine, the incident is “Europe’s Watergate”. In a book by the former leader of Austria’s police union, it is claimed that the extreme-right Freedom Party had made widespread and systematic use of paid police informants to obtain confidential information from the police computer system, EKIS. At a 1997 press conference, a party politician, without revealing the names of his contacts, had openly presented EKIS printouts. See further (last visited 26 November 2002). 108 Data printouts from SIS were found lying about at a railway station. Two Belgium SIS officials were implicated in the scandal. See further Schengen JSA, Third Annual Activity Report, March 1998 – February 1999, SCH/Aut-cont (99) 8 rev, pp8-9. See also (last visited 26 November 2002). 109 Justice (2000), p. 35.

247

248

Chapter 8

JSA recommended that after an alert issued for the purpose of locating an individual has been deleted, every Contracting Party to the Schengen Convention shall, pursuant to Article 112 of the Convention, destroy all accompanying documents immediately. The Schengen bodies were also requested to revise the SIRENE Manual with a view to deleting the provisions under 2.1.3 b), which contravened the Schengen Convention.110 In the JSA Report on Article 96, it emerged that Contracting Parties have different retention periods for Article 96 data, which leads to a situation where data are retained for different periods depending on the Schengen State responsible for the decision. The practice also leads to registered individuals being refused entry into the Schengen area for the same reasons but for different periods.111 The JSA recommended that the retention periods for SIS alerts in the national section of the SIS should be approximated in order to prevent discrepancies.112 In SIS II proposal, it had been suggested the need to extend the duration of alerts in the SIS and to replace maximum deadlines by review.113 If rules on deletion are not well spelt out, this could lead to disproportionate control. There is a need for clear interpretation of the rules so that Contracting Parties will not have the discretion to delete and retain the information again in the national system as has been the practice. The Justice Report was concerned that there is a reluctance to delete and weed data as required by the Schengen Convention. For example, the Belgians complained often persons listed in the SIS have become Belgian citizens or been granted long-term residence.114 This is because the deletion of names is not carried out within a reasonable time period by other Member States. The JSA also reported incidences where EU-nationals are listed in the SIS under Article 96 which is contrary to the Schengen Convention because that Article applies to aliens or non-EU nationals only.115

Setting out the time frame in which the data is to be erased by Schengen Convention provides better data protection regime than the national legislation. The second perspective of the proportionality between internal and external control involves use of internal controls and external controls to ensure that the system works as it is supposed to and to ensure there are no errors. In a way, internal and external controls complement and supplement each other. In other words, for a system of control to work properly, both internal and external controls are a must. Proportional control between internal and external control therefore means that internal and external controls must be in use in a system of control. Quality and security of data rules may not be useful if there is no way of ensuring that they are being followed and implemented. 110 Opinion 98/1 of 3 February 1998 on archiving documents after alerts have been deleted (SCH/AUT – CONT (97) 55 REV 2). 111 JSA Report Article 96, p. 7. 112 Ibid. p. 9. 113 Council of the European Union: SIS 5968/02. 114 Justice (2000), p. 37. 115 The JSA Fourth Report SCHAC/2533/1/00 p. 13.

SIS Compliance to Article 8 ECHR and Data Protection Principles

External controls are used to control that internal controls in a system of control are working. Internal controls were discussed in the preceding paragraphs and therefore the following part of this section is to be devoted to analysis of external controls in the Schengen system of control. Proportionality between internal control and external control in the second perspective is indirectly manifested in the quality and security of data rules (internal control) and directly manifested in the rules on establishment of data supervisory authorities, judicial control, and administrative controls. The interest here is the external control rules, in particular the rules on the establishment and powers of data supervisory authorities. Judicial and administrative controls though of interest will not be dealt with because the concern is with external controls that directly touch on data protection, though the latter from a policy point of view do influence data protection they will nevertheless not be addressed. Under the Schengen Convention, the Contracting Parties have the obligation to supervise the data entered in the SIS. The supervision entails two levels, the N.SIS (national level) and the C.SIS (joint supervision). National supervision is governed by national law. This has been problematic from the outset as national laws of Contracting Parties differ significantly. As a result, national supervision has not been uniform. As the Justice Report pointed out, this has been so because there is no common standard for supervision and monitoring by national data protection authorities.116 For example, there is no mandatory requirement in the Schengen Convention for a regular and full inspection of the N.SIS and SIRENE by a national data authority. Inspection has been so far dictated by national laws of Contracting Parties. Consequently there has been variance in the level and extent of inspection. Justice Report also noted that some countries have carried out inspections regularly, while others have been irregular and others have not undertaken inspections at all. Even where inspection have been carried out, full investigations are rare as most inspections focus largely on security matters rather than undertaking a comprehensive privacy and data audit.117 Proper audit systems in the N.SIS and SIRENE bureaux are essential to enable proper monitoring. As the JSA reported, in some countries the N.SIS and SIRENE bureaux lack proper audit systems even though security in the systems is sufficient. It called for such audit system to be implemented in order to ensure that each operation (including paper files) can be more effectively traced and checked for anomalies.118 A common standard for supervision and inspections of the N.SIS and SIRENE bureaux is required. This should be developed at the European level and not the national level by providing detailed regulations on such matters as the nature of the inspections, their frequency and publication of the findings. There has been a general lack of information on the working of the SIS at the national level and this need to be addressed.119 In research on SIS in Austria, this lack of information was clearly manifested in the 116 117 118 119

Justice (2000), p. 59. Ibid. SCH/aut-cont (98)47 rev 2; See also Justice, (2000) p. 59. Justice (2000), p. 59.

249

250

Chapter 8

interviews with Schengen authorities.120 The JSA has recommended that each bureau produce an annual report on security, however, Justice wants this to be broadened to include the bureau’s general work. It is agreed that annual reports on security and the bureau’s general work would be a necessary solution to the dearth of information on the SIS. The Schengen Joint Supervisory Authority (JSA) has the responsibility to control the functioning of the technical support function of SIS (the C.SIS) and it acts in accordance with the Schengen Convention, the European Council’s Convention for data protection, the European Council’s Recommendation on data in the police sector, and in conformity with the national law of the Contracting Party responsible for the technical support function, which is the French law. It delivers opinions in the event that two Schengen states cannot reach agreement with regard to data contained in an alert that has been entered incorrectly or unlawfully [Article 106(3)]. It analyses problems relating to implementation which arise in connection with the operation of the SIS. This includes problems arising in the context of supervision by national data protection authorities, including those resulting from exercising the right of subject access to data [Article 115(3)]. The joint supervisory authority functions as a forum for co-operation for the national supervisory authorities, given its composition. It also plays the role of harmonising of data protection practises of the Contracting Parties through its recommendations and opinions when implemented.121 It also delivers opinions at the request of the Schengen states on the problems arising in applying and interpreting Article 126 in relation to processing data transmitted outside the SIS framework [Article 126(3)]. In addition, it can issue an opinion on the transmission of data from and the entry of data in a non-automated database [Article 127(1)]. Further, it writes reports to be forwarded to the authorities to which national supervisory authorities submit their reports. Although it issues annual reports, it does not have the power to implement the recommendations made therein.122 Unfortunately, the JSA as composed is plagued by a number of weaknesses that may hinder it from being an effective external control. Firstly, the joint supervisory authority does not have power to make decisions. It has an advisory role rather than a decision-

120 See, Karanja, S. K. (2002). 121 Ibid: JSA noted with satisfaction that ‘increasingly, its opinions are being taken into account by decision-makers.’ p. 32; See especially Opinion on Articles 112 and 113 of the Schengen Convention and Opinion on Austria’s foreign mission and access to the Schengen Information System. 122 Although the JSA has made several recommendations in its opinions published in the annual reports from 1997, 1998, 1999, 2000 and 2001, very few of these suggestions have been implemented. In the Sixth report, however, the JSA reported that increasingly the opinions are being taken into account by decision makers. The ability of the JSA to carry out investigations and controls on C.SIS has also been hindered on occasion by the French authorities. The JSA was, however, able to carry out inspection of C.SIS in October 1996. In 1998, 10 states, already applying the Convention under the request of the JSA, carried out inspections of their respective SIRENE Bureaux.

SIS Compliance to Article 8 ECHR and Data Protection Principles

making one.123 This means that it issues opinions that it cannot implement and must wait for implementation by other organs. In the early days, the JSA complained that most of the opinions it had issued were being ignored and were not implemented. In its Sixth Report, the JSA noted with satisfaction that its decisions were “increasingly being taken into account by decision-makers”. This may be a positive sign that the JSA is becoming an effective external controller. Earlier also, although the JSA had inspection powers for C.SIS, it was hindered from effectively carrying the inspection by the host country authorities (French authorities). But this does not seem to be a problem anymore. In 1999, it carried out the inspection successfully with co-operation of the French authorities. In its last inspection of the C.SIS, the JSA also noted that “during the course of the inspection the team had the full co-operation of the staff responsible for managing the C.SIS.”124 The JSA has no power to inspect the national SIS and the SIRENE bureaux. The power lies with the national authorities. Nevertheless, the JSA has been involved in ensuring security in the SIRENE bureaux of Contracting Parties. For example, in December 1997, a few weeks after documents and information were leaked from the Belgian SIRENE Bureaux, the JSA commissioned the national supervisory authorities to verify the level of security at their own SIRENE Bureaux. On this basis, the JSA issued a report on the security of SIRENE Bureaux where it gave a number of recommendations for the improvement of security in the Bureaux.125 Another weakness that was reported in JSA’s earlier annual reports and the Justice Report was that the JSA lacked an independent secretariat. As a consequence, the JSA had to rely on staff of the central Schengen secretariat, who readily admitted that in comparison with the various Schengen Working Groups, the JSA had a low priority.126 Even in its fourth annual report, the JSA reported again it was being denied the necessary human, technical and financial resources to fulfil its tasks. As from the 1 September 2001, the JSA shares a joint secretariat with the Europol and Customs authority.127 The JSA thought that this was a considerable improvement to its former situation.128 Related to the above issue of the secretariat is the problem of the budget of the JSA. The JSA does not have control over its budget as it is integrated in the Council’s budget. Hence the Council maintains control over the JSA’s budget, a situation which the latter deplores because the Council does not take into account the tasks assigned to the JSA by the Convention. The JSA comments thus, the JSA’s effectiveness depends to a large extent on the goodwill of the Council, and in particular the Presidency-in-Office, which, in turn, is faced with a hard choice between its own 123 SIRENE Manual OJ C 38, 2003 p.4; See also, O’Keeffe, D. p. 209. 124 JSA Sixth Report p. 22. 125 SCH/aut-cont (98)47 rev 2: See also the full text report in JSA Fourth Report – SCHAC 2533/1/00 REV 1 p. 77. 126 Justice, (2000), p. 26. 127 Council Decision of 17 October 2000 (OJ L 271, 24 October 2000). 128 JSA Fifth Report p. 23.

251

252

Chapter 8

priorities – among which the JSA does not necessarily occupy first place – and the Council’s limited resources, especially in terms of the availability of meeting rooms and teams of interpreters.129

Although the Council does provide for travel expenses to plenary meetings in Brussels for JSA members, it does not provide for subsistence expenses during C.SIS inspections, or expenses incurred, for example, during a campaign informing citizens of their rights vis-à-vis the SIS.130 The JSA did not comment on the budgetary issue in its sixth (latest) report. But this may not mean that the issue is resolved. The issue should be resolved in order to give the JSA independence and control over its budget if the JSA is to play effective external control role. In the establishment of SIS II, the JSA has tried to follow up with the developments. It has requested various documents, especially the proposals for giving SIS II more functions, which it has been given.131 Consequently, in its efforts to ensure that SIS II complies with data protection requirements, the JSA has issued three opinions on proposals to change the Schengen Convention: in June, October and December 2002.132 In the opinions, the JSA expressed concern about the moves to allow organisations such as Europol access to the SIS, and requested a more thorough examination of the implications of storing biometric data in the SIS. The JSA has also sought to co-operate with all bodies involved in the development of the SIS II, both at European level and at national level, and it has urged these bodies to work together to ensure that the highest standards of data protection are built into the new system.133 The JSA is trying to stamp its role in the establishment of SIS II at its developmental stage in order to ensure compliance with data protection requirements from the beginning. Such a move is much welcome. This will depend, however, on co-operation of bodies concerned with the establishment of SIS II, both at the European and national level. So far things seem to be moving smoothly and in its favour. As such the JSA may become an effective external control of the SIS II system as opposed to the current SIS, where its effectiveness has varied. The appointment of European Data Protection Supervisor will enhance data protection in SIS.134 The Supervisor is to be responsible for monitoring that information in the SIS which relates to immigration (specifically, alerts entered under Article 96). The JSA noted in its Sixth Report that it would be important therefore to ensure that the JSA works with the Supervisor to develop a co-ordinated approach in supervising the SIS.135 Such co-operation is desirable as it will enhance the role of JSA in ensuring ef129 130 131 132 133 134

Ibid. p. 22. Ibid. Ibid. p. 16. JSA Sixth Report pp. 16 and 23-24. Ibid. p. 16. The role European Data Protection Supervisor is provided for in TEC Article 286 (2) and in the EC Regulation on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data – Article 24. 135 JSA Sixth Report p. 20.

SIS Compliance to Article 8 ECHR and Data Protection Principles

fective protection of data and external control. But in order to bring data protection in police and border control work at par with data protection in the Community level, the JSA should have similar powers as granted to the European Data Protection Supervisor (EDPS). It is a requirement of the proportionality principle in Article 8 ECHR that lawful intrusion of privacy by state agencies such as police are properly supervised and made accountable. To ensure proportionality in data protection, external control and supervision is necessary. If the external control role of the JSA is to be effective, its powers must be enhanced especially by granting proper enforcement powers. At present, the JSA relies on other bodies to enforce and implement its findings. On occasion, some of its recommendations have been ignored and not acted upon. The JSA should be given enforcement powers, in particular, the ability to investigate, intervene and engage in legal proceedings in line with the powers given to the European Data Protection Supervisor.136 In addition, the JSA should be fully independent and have powers to control its budget if it is to become effective in its external control work. The role of JSA in the supervision of N.SIS and SIRENE bureaux should also be clearly specified. At present the role of JSA is not clear at all, although as indicated above it has intervened in some instances. The JSA seems to have taken its role of external control of SIS seriously, specifically in raising awareness by informing individuals of their rights and informing other institutions responsible for Schengen of its activities, inspection of SIS, issuing opinions and annual reports. In addition, it has been keen to forge a close working relationship with the institutions involved in developing policy on Schengen, namely the European Parliament, the Council and the European Commission especially as concerns development of SIS II. The aim has been to ensure that the highest standards of data protection are built into the new system. What may be required now is to strengthen this co-operation. In particular, there is need for the other institutions to reciprocate effectively to JSA’s gesture of co-operation. Internal and external control of information systems enhances quality and integrity of the data and entire system. To achieve this in the current SIS, the following recommendations are required to be implemented: – There should be audit systems to trace operations with log files and manual files being regularly checked for anomalies. In addition, a system of controlling the logs should be put in place. – N.SIS and SIRENE bureaux should produce annual reports on security and action taken to rectify security failures. – There should be harmonised data quality and adequacy standards to avoid the current situation where each Schengen State relies on its own national law. – There should be clear common guidance and standards on deletion of data so as to avoid the current situation where data are retained in other systems after deletion in the SIS. – A common standard for supervision and inspection for the N.SIS and SIRENE bureaux is required. It should be developed at the European level and not the national level. 136 Article 24 EC Regulation, OJ L 8 12 January 2001.

253

254

Chapter 8

–

The JSA should be replaced by or given similar powers as the European Data Protection Supervisor.

8.4

Answering the Research Questions

8.4.1

Transparency Questions

–

The first question is to what extent is there information about the SIS which is accessible and understandable so as to give a true picture of the actual situation? Here the concern is with accessibility to legal information and knowledge about the SIS. Is the information published and publicised? Is it publicised in such a manner as to be understandable to individuals concerned?

General accessibility to information on Schengen is fairly good because most legal documents, except those that have been declared confidential, are published and available to the public. Most of the legal documents on Schengen are published on the Internet also and therefore any person with access to the Internet can access the documents. This is, however, easier said than done because one would need to be Internet literate to be able to access the documents. In addition, the Schengen acquis is voluminous and one would need to shift through mountains of documents to get what one wants. The procedure of adopting Schengen documents, which is divided between First Pillar (Regulations) and Third Pillar (Decisions), is also complex and adds to the difficulties of accessibility and understanding of the documents. Understanding of the documents is complicated also because formulation of some provisions is sometimes wide and vague. One can say that although most legal documents are published, they are not publicised especially as regards individual data subjects. Publicising goes further than the mere act of publishing, it requires concrete action to bring the information in the publications to the knowledge of those concerned. Although there are attempts, especially by the JSA, to provide information and guidance to individuals, the efforts are not sufficient and more would be required. The provision of information and guidance is onesided because it tends to favour the controllers and those who carry out border control. Most of the guidance documents mentioned above, namely manuals and catalogues are mainly directed to the controllers and those who carry out border control. Little guidance and legal information is provided to the data subjects. –

The second question is to what extent does a registered person in the SIS have access to information on his legal status in an understandable way? Here the concern is with the general and individual access to individual information. Are data subject rights presented in an understandable manner? Does the individual data subject have access to his/her information in an understandable way? Are there obstacles in the exercise of the right to access?

The general access to information in the SIS is complicated as the answer to the first question above indicates. A number of factors complicate accessibility to legal information and knowledge about the SIS. It is also difficult to know the purpose for process-

SIS Compliance to Article 8 ECHR and Data Protection Principles

ing information as vague and broad terms are employed without proper guidance. For example there is no clear guidance on the criteria for entry of information in the SIS, especially as regards Article 96. Similarly, there is no clear guidance on the criteria for executing searches in the SIS. In addition, it is difficult to access information on the country that entered an alert. As regards the individual access right, although it is provided for, its exercise is difficult as it is full of obstacles. The right has exceptions that may hinder the data subject accessing the information he or she may require. Even where the information is communicated to the person, the answer may be equivocal so as it is not understood by the recipient. Another obstacle is that Contracting Parties have different procedures on the exercise of the right (direct and indirect) which makes it difficult for the person to know to which authority to address the request. Sometimes it is also difficult to know the country that issued the alert so as to know where to direct the request. In addition, it is not easy to get reasons for entry of alerts so as to decide whether to request further information or not. Further, data subjects may not know their rights due to lack of easy to understand information on the rights. Although the JSA is trying to bridge the information gap, more must be done to educate data subjects on their individual rights. Most of the persons affected by the SIS are foreign nationals as the entry of Article 96 confirms. But the way in which the rights and remedies are presented are tailored for EU citizens. Foreign nationals may fail to understand and access legal information due to other obstacles such as language and culture as the legal system is strange to them. The SIS law does not have safeguards against such obstacles. This issue of safeguards is examined and addressed further in Chapters 11 and 12. The difficulties that face a data subject in the exercise of the right of access necessitate the conclusion that the data subjects do not have adequate access to information which is understandable. –

The third question is to what extent are individual interests in information processing defined and taken into consideration? Here the concern is sensitivity to individual interests. Is the law formulated in a manner that defines and takes into consideration individual interests? Or is the law individual interest oriented?

Although individuals have been provided with individual rights in the processing of personal data, the rights are full of obstacles which make their realisation difficult. The rights must be defined precisely so as to avoid vagueness. For example, where a right is limited, the exception should not be wide and vague. The discretion given to public authorities who execute the rights should be limited. The exceptions and discretion should also be applied and interpreted in a manner favourable to the protection of individuals. The rights should be available to all affected. The situation of those in foreign countries is particularly pathetic because it is practically difficult to exercise most of the rights provided. The language and intention of the law favours those in the Schengen jurisdiction. Those in foreign countries have practically no meaningful and adequate remedies. The practice of the right of access in Member States does not favour individuals. The distinction between direct and indirect access is not in the interest of data subjects as it complicates the exercise of the right in jurisdiction with both direct and indirect or only

255

256

Chapter 8

indirect access procedures. The right should be uniform in all Member States. It should be direct as recommended above. In addition, the rights provided are not adequate and effective so as to cater to the interests of the data subjects. Additional rights, such as the right of notification including the right to reasons and rights that permit accessibility and understanding of legal information by data subjects, are required. 8.4.2 –

Proportionality Questions

First, to what extent do the SIS and Schengen border policies enable for decisions that are in favour of individual data subjects or subjects of border control? This calls for examination of the SIS and border control polices orientation. Are they meant to protect individual interests? How are the policies applied? Do they allow for consideration of individual interests where the later conflict with control interests? To what extent are individual interests in information processing defined and taken into consideration?

This question will be answered in Chapter 11 (See 11.6). –

Second, to what extent is excessive control in society avoided and minimised? The target here is the rules and other efforts (e.g. education) employed in avoidance of unlawful control and excessive control in society.

This question is answered in Chapters 7, 8, 9, and 10. As indicated in Chapters 7 and 8, the presence of SIS and SIRENE information systems contribute to increased control in the Schengen area. The question is whether the control is excessive and how excessive control is avoided in society. In this study, excessive control is understood as control without justification or arbitrary control. So longer as there are justifications for control by SIS and SIRENE then the control is not excessive. The question therefore to answer is, are there justifications for SIS and SIRENE controls? To answer this question, one requires bearing in mind the evaluation of the SIS and SIRENE under Article 8 EHCR above. The controls must be in compliance with the justifications in Article 8(2). As concluded above the existence of the SIS and SIRENE systems is an interference with the respect for private life under Article 8(1) and should be justified. The three justifications “in accordance with the law”, “legitimate aims” and “necessary in a democratic society” must be fulfilled for the control to be justified and not excessive. As regards the “accordance with the law” criterion, the SIS and SIRENE have legal basis in the Schengen Convention and therefore it is based on law. But the term ‘law’ is more than the mere presence of a written law; it is also about accessibility and precision of the law. The Schengen law falls short on this because accessibility can be questioned and precision is lacking as regards some key provisions. Accessibility could be questioned because of the existence of two levels of data protection, a lower level for the Third Pillar and a higher level for First Pillar and some documents are still inaccessible to the public. As regards precision of the law, the Schengen law is deficient as some of its provisions lack precision. Some of the provisions are stated broadly and in a vague language, leaving

SIS Compliance to Article 8 ECHR and Data Protection Principles

wide discretion to control authorities while the supervision is also not adequate. Again the dual legal base of the Schengen border control policies undermines precision. The legitimate aims criterion is easy for State governments to fulfil and under Schengen law this is no exception. Practices by some Schengen governments, however, do not comply with the legitimate aims principle as persons who should not be registered in the SIS are registered. The large numbers of persons registered unlawfully under Article 96 run contrary to the aims of the SIS of controlling crime and illegal immigration. Instead the system is being used to stop entry into the Schengen area by persons who should not be refused entry. The lack of adequate safeguards means the SIS does not fully comply with the principle of proportionality in a number of aspects. The following safeguards cannot be said to be adequate: supervision, judicial control, access to information and deletion of information. Although the SIS and SIRENE do comply with human rights there are shortcomings which can be interpreted as contributing to excessive control. Some of the data and alerts registered in the SIS are not justified. Lack of justification could therefore lead to excessive control to those affected. 8.5

Conclusion

The SIS has a weak compliance with human rights Article 8 ECHR. Similarly, transparency and proportionality in processing of personal data is still a far cry in the SIS. The data subjects do not have adequate and understandable access to information about their legal status and the SIS. The Schengen system, being based on an intergovernmental Convention, acquired a ‘low level’ of personal data protection as provided by the CoE Convention on data protection 1981. Recent developments in the integration of the Schengen into the EU legal framework and the abolition of the pillar system by the EU Draft Constitution may pave way for an EC Regulation for the SIS II.137 Such a Regulation, however, will need to address transparency and proportionality issues raised in this study and in particular this chapter.138 But as seen with the proposed Visa Information System (VIS) Regulation, attempts to deal with some of the transparency and proportionality issues still fall short of what is suggested in this study. 139

137 See Postscript. 138 Unfortunately, the current SIS II Regulation and Decision proposals, though incorporating some improvements to the protection of personal data, do not meet the threshold set out in this chapter (see brief analysis in Chapter 12). 139 See 9.6.5 below.

257

9

A Network of Related Cross-Border Information Systems

9.1

Introduction

In this chapter the attention now turns to Schengen related cross-border information systems. The information systems analysed here are not part of Schengen co-operation but are part of police co-operation and cross-border exchange of information in general. As such, it is important to look at their relation with the SIS. When Mathiesen observed that the “ Schengen Information System does not stand alone”, he drew attention to the related information systems that form the web of police co-operation and cross-border exchange of information and averred that it was rapidly developing into a surveillance state. This chapter goes into more detail than Mathiesen does, it examines similarities and differences between SIS and these other systems and how the systems are contributing to excessive control in society. In particular, the concern is to investigate how the systems supplement the SIS or vice versa. Focus is specifically directed to issues of data protection, linkage, integration and sharing of data among the systems. The systems are discussed individually with comments on their relation to the SIS. In addition, an integrated analysis of similarities and differences is carried out in the final section 9.7. In the presentation of individual systems, examination of the establishment and nature of the systems as was done with SIS in chapter 7 is carried out here, analysing the purpose and policy aims, legal basis, organisation and legal safeguards of the systems. The systems analysed here are Interpol, Eurodac, Europol, Custom Information System and Visa Information System. 9.2

Interpol Criminal Intelligence System (ICIS)

9.2.1

Introduction

The first of the systems is the Interpol Intelligence System (ICIS). It differs from the rest of the systems as it is international in nature while the others are European systems. Since Interpol is the oldest form of police co-operation in the world, it would be a seri

Mathiesen, T. (1999), p. 16.

260

Chapter 9

ous anomaly to omit it from the analysis. It still plays an important role in exchange of information on persons wanted for criminal reasons in Europe and the external world. The background of the formation of Interpol was political. The aim then was to create a means by which to maintain order and security on the continent of Europe, which had become turbulent and politically unstable after the First World War. The organisation is still relevant today in combating international crime. International crime has increased as the development of increasingly sophisticated facilities for rapid travel has made it far easier for criminals to move around the world. The development of advanced information and communication technologies has also made it easier for criminals in different countries to execute their criminal activities with less detection. At the same time, the complex structures of modern societies and the constant growth of international exchanges provide more opportunities for international criminal activity. 9.2.2

Purpose and Policy Aims

The primary purpose of Interpol is to promote mutual assistance between police organisations in separate countries through a communication network. Under Article 2 of the organisation’s Constitution, Interpol aims: to ensure and promote the widest possible mutual assistance between all criminal police authorities, within the limits of the laws existing in the different countries and in the spirit of the Universal Declaration of Human Rights, and to establish and develop all institutions likely to contribute effectively to the prevention and suppression of ordinary law crimes. 9.2.3

Legal Basis

Interpol is unique. It is an organisation of police forces, not states. It was founded on a Constitution that was written by a random group of police officers who did not submit the draft to their respective governments for approval or authorisation. This makes it different from other police co-operations discussed here that are established under international treaties and conventions. The Interpol police forces do not operate independently from the States that they represent. The doctrine of national sovereignty has been incorporated as a basic principle that prevails in the execution of its tasks and operations. Respect for this principle means that Interpol cannot have teams of detectives with supranational powers who travel around investigating cases in different countries. International co-operation depends on co-ordinated action on the part of the Member States’ law enforcement agencies, all of which may supply or request information or services on different occasions.

 

Fijnaut, C. (1991). The term ordinary law crimes is employed in order to overcome the barrier of defining crime which may be presented by different legal approaches of member countries. The term therefore represents all types of crimes having an international dimension and falling outside the limits set by Article 3 of the Constitution.

A Network of Related Cross-Border Information Systems

9.2.4

Organisational Overview

For the purposes of exchange of information, Interpol operates its own Criminal Intelligence Database or Criminal Information System (ICIS). The ICIS was introduced in 1987. The aim was to improve methods of storing and retrieving information on crimes and criminals, to speed up replies to Interpol National Central Bureaux (NCBs) inquiries, and give the Interpol Police Division immediate, direct access to the computerised files. Each member state provides and maintains a national Interpol office as a National Central Bureau (NCB). This office is the key link point between national law enforcement and Interpol services. In Norway, the Interpol NCB is located at Kripos. The Criminal Information System comprises following files: – names, – drug seizures, – case, – counterfeit currency, and – property. Member countries access the database through Automatic Search Facility (ASF). ASF was developed to offer a database that contained selected images, photographs, fingerprints and other information and which was available by electronic linkage to NCBs. All NCBs and authorised official services with a law enforcement mission have direct access to the database for selected information in accordance with specific rules. Interpol’s backbone is the circulation of police information between NCBs on what are known as “international notices”. An individual notice gives identity particulars as well as photographs, fingerprints and a physical description. The notices are classified according to colour-code. – Red is for wanted persons for arrest and extradition. – Blue is an inquiry for the collection of additional information on a person. – Green is a warning about ‘professional’ criminals who operate in more than one country. – Yellow is for missing persons requesting assistance for their location. – Black is for unidentified body with fingerprints if available. – Orange is a recent addition to the Interpol notice system. Orange Notices serve as warnings to law enforcement and security officials about threats that they might not normally detect. Package bombs, disguised weapons and information relating to biological, chemical and radiological threats are included in this notification system. It serves also in the fight against terrorism. It is also unique because it is not issued against an individual like the other notices.

  

Hebenton, B. & Thomas, T. (1995), p. 67. Ibid. p. 66. See Interpol web site: http://www.interpol.int/Public/Icpo/FactSheets/FS200102.asp Accessed on 3 January 2005.

261

262

Chapter 9

The individual notices contain two types of information which do not apply to the orange notice. – Identity particulars (comprehensive identity details, physical description, photograph, fingerprints, any other relevant information such as occupation, languages spoken, identity document numbers, etc.); – Judicial information: offence with which the person is charged, references to the laws under which the charge is made or conviction was obtained, the maximum penalty that has been or can be imposed and, in the case of red notices, the references of the arrest warrant or of the sentence imposed by a court, and details of the countries from which the requesting country will seek the fugitive’s extradition. 9.2.5

Protection of Data

Interpol lacks a clear personal data protection regime. Respect for human rights, however, is important for Interpol in order to achieve its goals. Article 2 of the Constitution incorporates the need for respect for human rights. The Article stipulates that international co-operation through Interpol must be carried on “within the limits of the laws existing in the different countries and in the spirit of the Universal Declaration of Human Rights.” El Zein identifies three ways in which respect for human rights is ensured in Interpol. The first is a broad perspective of human rights, where the activities of Interpol are seen as ensuring human rights for the society in general, “the right to national and international justice”. Interpol, through its work of combating crime, ensures that the society enjoys freedom and security. The second is what El Zein refers to as human rights’ traditional concept, the main concern here. In its day-to-day activities, Interpol is concerned with the standards that apply to ensure that its own action respects both human rights and the professional ethics governing international police co-operation. For example, when the Interpol General Secretariat receives information or the reason for a request for information, it can assess whether some requests are unwarranted since they could infringe freedom of movement, the right not to be subjected to arbitrary arrest, the right to a fair and public trial, the right to asylum and, finally, the right to freedom of association and to freedom of opinion. Article 3 of the Interpol Constitution is very important as respect for human rights is concerned. It sets restrictions on the use of the information Interpol possesses for purposes, which are not set forth in its Constitution. The Article strictly forbids the Organisation from undertaking intervention or activities of a political, military, religious or racial character. In practical terms, neither the General Secretariat nor the NCBs are allowed to use Interpol to trace individuals who are wanted for essentially political offences such as the expression of certain statements or unlawful assembly (demonstrations), etc. It is also forbidden to search for individuals (who have not committed an ordinary criminal law offence) simply because they belong to a particular political  

Ibid. http://www.interpol.int/Public/ICPO/FactSheets/FS200105.asp Accessed on 3 January 2005. El Zein, S. (1999).

A Network of Related Cross-Border Information Systems

or religious movement. In these times that terrorism has acquired a political, religious and racial profile, it is difficult to see how Interpol will adhere to the limitations imposed by Article 3. As regards data protection, the Articles on human rights discussed above are important, especially the one concerned with prohibition of using information in Interpol’s possession for purposes not set forth in the Constitution. This principle can be considered as complementary to those of the Universal Declaration of Human Rights and is similar to the data protection purpose specification principle. In addition, Interpol has other internal rules on protection of personal data collected and processed by the General Secretariat.10 The Rules on International Police Co-operation and on the Internal Control of Interpol’s Archives state that the purpose of the Rule is “to protect police information processed and communicated within the ICPO-Interpol international police co-operation system against any misuse, especially in order to avoid any threat to individual rights”.11 They also state that the General Secretariat shall process police information only to prevent and investigate ordinary law crimes, to bring alleged offenders to justice, to find missing persons, and to identify dead bodies. Further, in order to enhance protection of personal data and respect of human rights, a body called the Supervisory Board for the Control of Interpol’s Archives is designated. Its purpose is to ensure compliance with the rules discussed above. Its role is to control Interpol’s archives and to give opinions recommending the deletion of disputable data or that contested by private individuals. In this spirit, the Supervisory Board has on several occasions called for the deletion of certain files on individuals who were wanted in some countries but enjoyed political refugee status in other countries. It has persuaded countries to update their information by informing them of other facts confirmed by other countries, or has made these countries aware of the importance of observing the data retention periods. Finally, it has sought to direct applicants toward the judicial review of policing measures taken in their country of origin or residence, as it has no such judicial role itself.12 The Supervisory Board plays a similar role to data supervisory authorities except that it may not have similar powers. The third way that Interpol ensures the respect of human rights in its actions is through action with regard to human rights. This involves encouraging improvements in national laws governing the powers and duties of the police, helping countries introduce national codes of police ethics, recommending teaching of human rights in police training, providing international or regional training for officers in charge of international investigations into complex offences involving human rights, assisting with the codification of conventions which are in the process of being ratified or drafted. According to El Zein, the respect for human rights and the overall work of Interpol could be enhanced if it were backed by an international code of police ethics and an international convention governing the exchange of police information. Devising these  10 11 12

Ibid. Ibid. Article 1.2 of Interpol’s Rules on International Police Co-operation. El Zein, S. (1999a).

263

264

Chapter 9

instruments, however, is undoubtedly a major challenge. The lack of an international code of ethics may be a serious drawback to the respect for human rights at the national levels of Interpol Member countries because of different legal approaches and police cultures in the member countries. The reliance on the UN Universal Declaration of Human Rights also may not be adequate, as it is not a binding instrument. This is not, however, a serious problem as most countries’ constitutions reflect, in some aspects, the principles laid down in the declaration and the same principles are also reflected in other binding documents such as the United Nations Covenant for Civil and Political Rights, to which most countries are signatories. As regards protection of personal data, some of the member countries do not have laws and rules on data protection especially some countries in Africa, South America and Asia. This deficiency can hamper serious co-operation and exchange of information especially from a European perspective where transfer of personal data to a country without an adequate level of protection is prohibited.13 Interpol’s attempt on personal data protection is important as it may act as a stimulus for participating countries to take data protection seriously and to enact rules and laws in this respect. But what is required, in order to achieve an adequate level of protection, is a data protection regime applicable to all Interpol member countries. The mushrooming of information systems with similar objectives as Interpol in Europe can be seen as an indirect consequence of lack of such data protection regime. 9.2.6

Relation between Interpol System and SIS/SIRENE

The geographical scope of the Interpol and the SIS are different. Interpol is a global system and SIS is a European system. Both have a similar purpose of fighting and preventing crime. Interpol, however, focuses on international and organised crime whereas the SIS is concerned with international and organised crime as well as internal crime (crime regulated by national laws like penal laws, immigration laws, etc.). Apart from this, the SIS has an expanded purpose of fighting illegal immigration which distinguishes it from the Interpol. Both Interpol and SIS are identification systems. The Interpol relies on notices and the SIS on alerts for identification systems. Both systems prescribe the action to be taken when there is a positive identification. Interpol and SIS are separate systems and not interlinked technically. Data sharing, however, is possible through other means and channels. For example, the sharing of data between the two systems on stolen and lost passports and stolen vehicles is envisaged (see 9.8). The fact that both SIS and Interpol systems have registers for stolen and lost passports have made data sharing between the systems necessary. Also similarities in data can open to sharing data across systems. While the SIS is regulated through classical data protection law, the Interpol has no such law but has nevertheless developed its own rules for data protection which as indicated above may not offer adequate safeguards against abuse. 13

Article 25(1) of the Directive 95/46 EC.

A Network of Related Cross-Border Information Systems

9.2.7

Conclusion

The Interpol is an important police and border control system with global reach, making it unique and distinct from the SIS and the other European systems discussed below. In post 11 September 2001, the importance of Interpol in world-wide control and surveillance may increase and therefore become a major player because of its global scope as compared with the purely European systems discussed here.14 Its major weakness, however, is lack of a data processing and protection law applicable to all Members. As such, the level of data protection in Member countries is different whereas in others it may be completely absent. The rules developed by the supervisory board are not adequate and a data protection law would be more desirable. 9.3

Eurodac

9.3.1

Introduction

Eurodac was at first conceived as a computerised database system for registering asylum seekers’ fingerprints. Its scope was, however, extended through protocols15 to the then Eurodac Convention (now Eurodac Regulation)16 to include registration of illegal immigrants’ fingerprints. The Regulation identifies two categories of illegal immigrants. First, under Article 8 of the Eurodac Regulation, each Member States is required to “promptly take the fingerprints of every alien of at least 14 years of age who is apprehended by competent control authorities in connection with the irregular crossing by land, sea, or air of the border of that Member State having come from a third country and who is not turned back.” This provision mirrors the language in Article 6 of the then Dublin Convention (now Dublin Regulation17) and is intended to facilitate its application.18 The second category of illegal immigrants is provided for in Article 11 and involves the taking of fingerprints of any alien of at least 14 years of age found to be illegally present within a Member State. The aim of taking the fingerprints is to check whether the alien has previously lodged an application for asylum in another Member State. 14 Interpol’s involvement in the fight against international terrorism materialised during the 54th General Assembly in Washington in 1985 when Resolution AG/54/RES/1 was passed calling for the creation of a specialised group within the then Police Division to ‘co-ordinate and enhance co-operation in combating international terrorism’. 15 Protocol drawn up on the basis of Article K. 3 of the Treaty on European Union, extending the scope ratione personae of the Convention concerning the establishment of “Eurodac” for the comparison of fingerprints of applicants for asylum. 16 Council Regulation (EC) No 2725/2000 of 11 December 2000 concerning the establishment of ‘Eurodac’ for the comparison of fingerprints for the effective application of the Dublin Convention. 17 Council Regulation (EC) No 343/2003 of 18 February 2003 establishing the criteria and mechanisms for determining the Member State responsible for examining an asylum application lodged in one of the Member States by a third-country national. 18 Ibid.

265

266

Chapter 9

9.3.2

Purpose and Policy Aims

The Eurodac Regulation is conceived as an instrument to assist in the implementation of the Dublin Regulation provisions, in particular Article 15 (now Article 21 of the Regulation).19 This Article stipulates categories of information which Member States must, or may (if the asylum applicant consents) communicate to each other to determine responsibility under the Dublin Regulation. Although the Eurodac is not provided for in the Schengen Convention, nevertheless, it is an important aspect of compensatory measures on asylum policies as contemplated by the Schengen Convention and now the responsibility of Dublin Regulation.20 As stipulated in Article 1 of the Eurodac Regulation, “the purpose of the Eurodac system is to assist in the determining the Member States responsible, pursuant to the Dublin Convention for examining an application for asylum lodged in a Member State, and otherwise to facilitate the application of the Dublin Convention under the conditions set out in this Regulation.” The Dublin Convention (Regulation) entered into force on 1 September 1997 and implementation began on 1 July 1999. It establishes a framework for determining which Member State is responsible for examining an asylum application. The aim of the Dublin procedures is to ensure that an asylum application is heard only once within the EU. The idea is that the State responsible for the presence of an asylum seeker within the EU should also be responsible for examining the application for asylum, even where the application is made in another Member State. Under the Convention, the State responsible is the State that for example, has issued a visa or residence permit. The State also is responsible if it is the first point of entry into the EU for an asylum seeker who has made an “irregular” border crossing. The Dublin Regulation is conceived as a compensatory measure on the removal of internal borders, to ensure that asylum seekers do not abuse the freedom of movement by presenting applications in two or more EU countries. The policy aim of the Eurodac and the Dublin Regulation is therefore to deal with the menace known as “orbiting refugees” who go shopping around from one Member State to another for asylum. Taking asylum seekers’ fingerprints policy was justified on grounds of reliability, cost reduction, and benefit to asylum seekers. It is said that fingerprints are the most reliable means for establishing identity of asylum seekers and illegal immigrants whose identity cannot be established reliably by other means.21 The effective operation of the Dublin mechanism depends on the ability to identify asylum seekers and to establish their first point of entry into the EU. Fingerprints enable quick determination of identity and swift return of asylum seekers to the Member State responsible for asylum application. There would be, in such instances, potential savings in welfare benefit and other costs. In a kind of reverse argument and logic, it is said that quick determination of identity would amount to reaching asylum case decisions faster and this is to the benefit of asylum seekers because they will avoid long waiting periods. This may, however, work against the interests of the asylum seekers by removing them out 19 House of Lords: European Communities Committee – Tenth Report. 20 See also, Aus, P. J. (2003), p. 7. 21 See, Chapter 10.

A Network of Related Cross-Border Information Systems

of the jurisdiction before their applications are properly and conclusively determined therefore jeopardising their chances for an effective remedy. 9.3.3

Legal Basis

Although the legal basis of the Eurodac is now firmly established in the Eurodac Regulation, it could also be traced to the former Dublin Convention since the purpose of the Eurodac is closely connected with the implementation of the Dublin Convention and Dublin Regulation. Brouwer has pointed out this connection when stating that, “in February 1993 the working party on Asylum asked the Legal Services of the Council to give advice on the question whether Article 15 of the Dublin Convention could be used as the legal basis for the creation of Eurodac.22 The legal Service confirmed in its advice of 18 March 1993 that Article 15 provided sufficient legal basis for the establishment of Eurodac.”23 The Eurodac was initially founded on a Third Pillar Convention, the Eurodac Convention. But after the Amsterdam Treaty, which transferred matters on asylum seekers from the Third Pillar to the First Pillar, the Convention was transformed into a Regulation under the first pillar. The effect of the Regulation is that, unlike the convention, it does not require to be transposed into national law as it applies directly and confers or imposes duties on the Community citizen in the same way as domestic law. Another important aspect of Regulation is its Community character, which means that it lays down the same law throughout the Community, regardless of international borders, and applies in full in all Member States. A Member State has no power to apply a regulation incompletely or to selectively apply those provisions which it approves and disregard those which it disapproves. The Eurodac is therefore to be applied uniformly in the Member States. As the Commission of the European Communities has stated, ‘a Regulation was therefore preferred to a directive in view of the need to apply strictly defined and harmonised rules in all the Member States in relation to the storage, comparison and deletion of fingerprints.’24 The Eurodac Regulation of December 2000 only created the legal basis for systematic collection and comparison of fingerprint data, while Eurodac Regulation II was needed to make the system technically operational. A second Eurodac Regulation (Eurodac II) of February 2002 therefore followed the first Regulation of 2000. Eurodac II Regulation lays down specific rules for the administrative maintenance and enforcement of the system.25 22 SN 1419/93 WGI 1365. 23 Brouwer, R. E. (2002), 231-247. 24 First Annual Report of the Council and Parliament on the activities of the EURODAC Central Unit, p. 4. SEC(2004) 557. 25 Council Regulation (EC) No 407/2002 of 28 February 2002 laying down certain rules to implement Regulation (EC) No 2725/2000 concerning the establishment of ‘Eurodac’ for the comparison of fingerprints for the effective application of the Dublin Convention. Annex I provides detailed technical specifications for the collection of both the rolled and plain impression of all ten fingers of third country national in question.

267

268

Chapter 9

For Norway, which is not a Member of EU, both the Regulation and the Dublin Convention did not apply just as the Schengen Convention did not. Norway, however, as a member of the Schengen co-operation wanted to participate fully in all aspects of that co-operation including asylum and refugee policies, it therefore, became necessary to participate in the two instruments also.26 In the circumstances, Norway and Iceland (which is the other member of Schengen, which is not an EU member) entered into a separate agreement with the EU in respect of the Dublin Convention.27 The agreement provides inter alia that Norway and Iceland accept the Council Regulation on Eurodac. This agreement is the legal basis for application of the Eurodac Regulation in Norway and Iceland. The legal basis for taking fingerprints of foreign nationals in Norway already existed in the Immigration Act § 37 and Regulations made there under §131 second and third paragraphs which provide for the exchange of fingerprints with other States.28 It was, however, necessary to amend the law so as to accommodate the requirements of taking fingerprints in accordance to Eurodac Regulation, which requires taking of fingerprints of 14 years old foreign nationals, which was not provided for in the Norwegian law.29 9.3.4

Organisational Overview

9.3.4.1 Technical Aspects The Eurodac system, European Dactylographic System (Eurodac) is the first common European Union computerised central database equipped with a fingerprint recognition system (Automated Fingerprint Recognition System - AFIS). It is a system for the collection, storage, exchange and comparison of fingerprints of asylum applicants. The aim of comparison of fingerprints is to determine, with certainty, the Member State responsible for examining an asylum request.30 All EU countries (except Denmark), Norway and Iceland participate in the Eurodac. The co-operation in this Eurodac framework has 26 St. prp. Nr. 38 (2000-2001) 1.1. Innledning (Introduction). 27 Agreement between the European Community and the Republic of Iceland and the Kingdom of Norway concerning the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in a Member State or Iceland or Norway. 28 The reasons for the provision on taking and exchanging fingerprints of asylum seekers was given in Ot.prp. nr. 83 (1991-92), point 1. It states that “Immigration authorities have experienced an increasing tendency in which asylum seekers have made applications to a number of countries, they also present themselves in a number of police stations in Norway as asylum seekers under different identities and that they return in Norway after they have been deported and expelled. The situation is a serious problem in society. It requires a lot of resource to investigate in order to identify foreigners. In many cases identity cannot be ascertained. In the circumstances, it is feared there is risk that Norway in times to come will find itself in a situation where part of its population is of unknown identity and/or without legal residence. Illegal residence is a big problem in many countries.” 29 Ot. Prp. Nr 96 (2000-2001) Om lov om endringer i utlendingsloven (Amendments to the Immigration Act). 30 Marinho, C. & Heinonen, M. (1998), p. 5.

A Network of Related Cross-Border Information Systems

been total and thus forms a good basis for further common large-scale IT projects, such as the second generation of the SIS and European Visa Information System.31 The Eurodac system consists of a Central Unit, a computerised central database and a means for transmission between the Member States and the central database.32 The Central Unit is a human interface established within the Commission and is based in Luxembourg but managed from Brussels. The Commission is responsible for operating the central database on behalf of the Member States.33 The Central Unit processes personal data of asylum applicants, and illegal immigrants on behalf of Member States of origin. Its other responsibilities are to draw up statistics on its work quarterly which contains a breakdown of data for each Member State. Pursuant to the procedure laid down in Article 23(29), the Central Unit may be charged with carrying out certain other statistical tasks on the basis of the data it has processed. The Central Unit of Eurodac began operations on 15 January 2003 with an empty database, implying that only asylum applications lodged after this date should be stored in EURODAC.34 It operates 24/24 hours and 7/7 days. Article 24(4) requires the Commission to produce an evaluation report on the Central Unit one year after it began operating. The first report was issued on 5 May 2004. The central database is the computerised part of the system in which data referred to in Article 5(1) are recorded and stored for the purpose of comparing fingerprints of applicants for asylum. A Member State places the data in the central database and they are processed on behalf of that Member State at the Central Unit. This means that the Member State is the owner of the data and is responsible that the data are accurate and up-to date when they are transmitted to the Central Unit. 9.3.4.2 Functioning of Eurodac According to the Regulation, each Member State is required, in compliance to its national law and practice, to take the fingerprints of every non-EU or third country national aged 14 years or over who applies for asylum. All EU Member States have in place automated fingerprinting systems for asylum seekers.35 As a result of the Eurodac Regulation, Member States have put in place computerised systems capable of transmitting “images” of asylum seekers’ fingerprints. The procedure for taking the fingerprints is governed by national law but the applicant for asylum must be informed the purpose of taking the fingerprints as provided in Article 13(1) of the Eurodac Convention. Once fingerprints from the three categories are transmitted by the Member State to the Central Unit, the Central Unit records the data in the central database. The Central Unit then compares the data so transmitted by the Member State with the fingerprints 31 32 33 34

Aus, J.P. (2003), p. 7. Article 1(2) of the Eurodac Convention. Article 3(1) of the Eurodac Convention. First Annual Report of the Council and Parliament on the activities of the EURODAC Central Unit, p. 6. SEC(2004) 557. 35 Karanja, K. S. (2001), p. 107-110.

269

270

Chapter 9

transmitted by other Member States recorded in the central database. It first compares Category 1 against Category 1 and if a hit is returned,36 it means that the fingerprints of an asylum seeker have been recognised by the Central Unit as a match against the stored fingerprints of an existing asylum applicant. This hit is referred to as ‘local’ when the asylum seeker has already applied for asylum in the same Member States and ‘foreign’ when he/she has already applied for asylum in another state.37 Then it compares Category 1 against Category 2 and if a hit is returned, it means that the fingerprints of an asylum seeker match the stored fingerprints of an alien who has illegally crossed the border and who could not be turned back.38 Finally, the Central Unit compares Category 3 against Category 1 data and if a hit is returned, it means that the fingerprints of an alien found illegally present within a Member State are being recognised by the Central Unit as a match against the stored fingerprints of an asylum seeker.39 Central Unit: A Human Interface Member State Central Database

Indirect Transmission Direct Transmission

Figure 13: Functioning of Eurodac

Where a Member State so requests, the data it transmits is compared with the fingerprint data previously transmitted by it. After comparison, the Central Unit immediately communicates the results to the transmitting Member State. A ‘no hit’ result means that no match to this data was found. A ‘hit’ result means the existence of a match or matches between fingerprint data recorded in the databank and those transmitted by a Member States with regard to a person.40 The Member State then checks the results and makes 36 See 9.3.4.4 below on data categories. 37 First Annual Report of the Council and Parliament on the activities of the EURODAC Central Unit, p. 7. SEC(2004) 557. 38 Ibid. 39 Ibid. 40 Ibid.

A Network of Related Cross-Border Information Systems

final identification in co-operation with the Member States concerned as provided in Article 21 of the Dublin Regulation. Any information received from the Central Unit that does not match or is found to be unreliable is to be erased by the Member State of origin immediately. The Regulation provides for possibilities of direct recording of fingerprint data by Member States into the central database. It also provides for direct comparison of fingerprints and transmission of the results back to the Member States concerned without involvement of the Central Unit. This, however, is subject to technical conditions allowing it. The problem of multiple asylum applications is evident from the first Central Unit annual statistics. From a total of 246,902 asylum applications, recorded by Eurodac in the first year of operations, 17,287 cases show that the same persons had already made at least one asylum application before (in the same country or in other Member States).41 That means 7% of the cases are multiple applications. Although this figure too may seem low, however, due to the newness of the Eurodac it may be early to reach concrete conclusions. The Commission is of the opinion that the number will increase in due course. Of interest is that the Central Unit has registered a high number of multiple hits (i.e. two or more hits). For instance, 1,632 cases of third applications were registered. The overall trend shows that the problem of multiple applications does exist. The numbers may not be as high as initially was thought when Eurodac policy was being formulated, but the problem is real. 9.3.4.3 Authorities The EU Commission is responsible for operation of the central database and national authorities are responsible for the technical transmission part. In practice, the day-today operations of the Central Unit are managed by Directorate General Justice and Home Affairs (DG JAI) with the help of other Commission Services such as Directorate General Personnel and Administration (Informatics Directorate) and Directorate General Enterprise (IDA Unit).42 In Norway, Kripos has the responsibility for technical transmission of information to and from the Central database. The responsibility involves ensuring that transmission of information goes according to the rules and that only authorised persons have access to the information that is transmitted.43 On the other hand, administrative responsibility, which involves control responsibility, correction and deletion of the registered information and ensuring the rights of foreign nationals are taken care of, is placed either under Kripos or the Directorate of Immigration. Data Inspectorate is the national supervisory authority under the Eurodac system. It, in accordance with the national law, controls the processing of information, that is,

41 Ibid. p. 12. 42 Ibid. p. 8. 43 Ot.prp. Nr 96 (2000-2001) Om lov om endringer i utlendingsloven.

271

272

Chapter 9

transmission of information to the central unit is lawful, in accordance with the Eurodac Regulation.44 9.3.4.4 Data Entered and Stored in the Central Database Data transmitted to the central database is classified according to the three categories of persons to be registered. The three categories are: – asylum seekers Article 5 (category 1), – persons irregular crossing of an external border, Article 8 (category 2) and – persons found illegally present in a Member State, Article 11 (category 3). But only data transmitted under Articles 5 and 8 are to be recorded in the central database. Data transmitted under Article 11 are to be erased and the transmission media destroyed once the results of the comparison have been transmitted to the Member State of origin. Article 5 of the Regulation deals with the data for asylum seekers recorded in the central database. The data include: – the Member State of origin, place and data of the application for asylum; – the fingerprints data; – sex; – reference number used by the Member State of origin, and; – date on which the fingerprints were taken. Other data are: – the date on which the data was transmitted to the Central Unit; – date on which the data were entered in the central database, and; – details in respect of the recipient(s) of the data transmitted and the date(s) of transmission(s). Article 8 deals with data for persons apprehended in connection with the irregular crossing of an external border. The data are similar to the first set of data in Article 5 above. After the data have been entered in the central database and the comparison is complete, the transmission media is to be destroyed or returned to the Member States of origin if so requested after the recording of the data in the central unit. Clearly some objective data such as the name and nationality of the asylum applicant are omitted because the purpose of the Eurodac system is to compare fingerprints and not to identify the applicant. Identification of the applicant is the responsibility of the Member State of origin in co-operation with the Member States concerned.45 According to the first annual activities report, in one year of activities, from 15 January 2003 to 15 January 2004, the Central Unit received a total of 271,573 successful transactions (a ‘successful transaction’ is a transaction which has been correctly processed by the Central Unit, without rejection due to a data validation issue, fingerprint errors 44 Ibid. 45 Article 4(6) of the Eurodac Regulation.

A Network of Related Cross-Border Information Systems

or insufficient quality): 246,902 of asylum seekers (category 1), 7,857 of illegal bordercrossers (category 2) and 16.814 of illegal apprehended on the territory of a Member State (category 3). Category 2 annual figures seem too low since earlier it was expected that this category would form a large number of data entered in the Eurodac. As the Commission, however, observes it is too early to come to solid conclusions because this category was completely new and there are no statistical data against which to accurately compare the figures. But the low numbers may point to the fact that the problem posed by this group was exaggerated at the time in arguing for their inclusion in the EURODAC. 9.3.5

Access to Data Entered in the Central Database

Access to data in the central database is limited to a Member State of origin which transmitted and which recorded the data in the central database only, Article 15(1) the Regulation. The Regulation also prohibits searches by a Member State in the data transmitted by another Member State. It also prohibits receiving of data by a Member State except from data resulting from the comparison carried out in accordance with the provisions in the Regulation. Each Member States designates authorities with access rights to data recorded in the central database and communicates to the Commission a list of those authorities. Exchange of data recorded in the central database with authorities of any third country is prohibited, unless it is specifically authorised in the framework of a Community agreement on the criteria for determining the State responsible for examining an application for asylum.46 The prohibition is meant to strengthen the purpose limitation rule. 9.3.6

Data Protection

9.3.6.1 General Data protection concerns are given high priority in the Regulation. The European Parliament and Council Directive on data protection47 is the minimum level of data protection for Eurodac system that applies to the processing of personal data by the Member States.48 Similarly, by virtue of Article 286 of the Treaty, the Directive49 applies to the central unit, which is established by the Commission and therefore a Community institution. Preamble 17 of the Regulation also calls for the principles set out in the Directive to be supplemented or clarified, in particular as far as certain sectors are concerned. Chapter VI of the Regulation does exactly that by setting out detailed rules on data protection in the Eurodac system. 46 47 48 49

Article 15 (5) of the Eurodac Regulation. Directive 95/46/EC. Preamble 15 of the Regulation. Or in particular the EC Regulation No 45/2001 of the European and of the Council on the protection of individuals with regard to the processing of personal data by the Community Institutions and Bodies and on the Free Movement of such data.

273

274

Chapter 9

The Regulation’s personal data protection rules for the Eurodac system are clearly an improvement on its predecessor, the Eurodac Convention, which (together with other third pillar Convention such as the Schengen and Europol) had the CoE Convention as the minimum threshold, which is lower than that in the Directive. By virtue of the agreement between the European Community and the Republic of Iceland and the Kingdom of Norway concerning the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in a Member State or in Iceland and Norway, the Directive applies to the processing of personal data under the Eurodac Regulation in Norway. The agreement indicates in preamble number 4 and Article 1 (4) that Norway and Iceland will apply the Directive when processing personal information for the purposes of the agreement. That purpose includes processing personal information for Eurodac system. Article 1 (5) of the agreement applies the provisions of the Eurodac Regulations to Norway and Iceland also. 9.3.6.2 Lawfulness and Fairness The Regulation sets out the obligations of Member States as regards processing of personal data in the Eurodac system. The Member State of origin has the responsibility for ensuring what in data protection language is called lawfulness and fairness in collection of personal data, in this case the taking of fingerprints. The Member State also has the responsibility to ensure lawful transmission of data to the Central Unit. It also must ensure that data in the central database are lawfully recorded, stored, corrected and erased without prejudice to the responsibility of the Commission on the same. The Member State of origin also ensures that the results of fingerprints data comparisons transmitted by the Central Unit are lawfully used.50 The Commission is responsible for ensuring that the operation of the Central Unit is in accordance with the provisions of the Regulation and its implementing rules. Article 13 (4) (a-d) gives it additional powers to ensure compliance. 9.3.6.3 Data Security The Member State of origin has the responsibility over the security of data within its control. That is, the data that are referred to in § 1 of Article 13 before and during transmission to the Central Unit as well as the security of the data it receives from the Central Unit.51 The Member State must implement the measures stipulated in Article 14 so as to ensure security of data. The Commission is responsible for security as regards the Central Unit. It takes necessary measures to ensure security of the Central Unit in accordance with Article 14.52 The Commission has the responsibility to establish and operate the Central Unit. Finally, it is the responsibility of the Member State of origin to make the final identification of data pursuant to Article 4(6). That is, the making of identification of data 50 Article 13 (1) of Eurodac Regulation. 51 Article 13 (1) of the Eurodac Regulation. 52 Article 13 (4) (c) of the Eurodac Regulation.

A Network of Related Cross-Border Information Systems

after the comparison of fingerprints data by the Central Unit. Placing this obligation on the Member State is important because the Central Unit does not make any matching or linking of data to an individual. This obligation is left to the Member State of origin who has the data linking an individual to a set of fingerprints. 9.3.6.4 Data Quality The three sets of data recorded in the Eurodac are treated differently as regards storage and deletion of the data. The data recorded pursuant to Article 4 on asylum seekers are stored in the central database for ten years, after which the Central Unit automatically erases the data from the database.53 The erasure, however, can be done before ten years if the person whose data has been recorded acquires citizenship of a Member State.54 Where a person has been recognised and admitted as a refugee in a Member State, the data shall be blocked in the central database. The blocking is meant as an experiment for five years in order to determine whether such data should in the future be unblocked and remain in the database for ten years or should be immediately erased when the person concerned acquires refugee status.55 Data recorded pursuant to Article 8 are stored in the central database for two years from the date which the fingerprints were taken and automatically erased from the central database after the period of two years. The data, however, are to be erased pursuant to Article 15(3), which entitle a Member State of origin to erase such data. According to Article 10(2), such data is to be erased before the expiry of two years if the alien has been issued with a residence permit, has left the territory of the Member States or has acquired the citizenship of any Member State. As noted above, data transmitted under Article 11 are to be erased and the transmission media destroyed once the results of the comparison have been transmitted to the Member State of origin. Only the Member State of Origin shall have the right to amend the data, which it has transmitted to the Central Unit by correcting or supplementing such data, or erase them in accordance to the provisions of the Regulation. Where the Member State of origin records data directly in the central database, it may amend or erase the data directly. But where the Member State has not recorded data directly into central database, the Central Unit shall amend or erase the data at the request of that Member State.56 Data in the central database may be amended if they are factually inaccurate and if they are illegally recorded in the central database. In both cases, the initiative may come from a Member State or the Central Unit in which case, the Central Unit checks the data concerned and amends or erases them.57 53 54 55 56 57

Article 6 of the Eurodac Regulation. Article 7 of the Eurodac Regulation. Article 12 of the Eurodac Regulation. Article 15 (3) of the Eurodac Regulation. Article 15 (4) of the Eurodac Regulation.

275

276

Chapter 9

9.3.6.5 Individual Participation The Regulation has strengthened data subjects’ rights as compared with the Eurodac Convention and the Schengen Convention. The Regulation uses the language of the Directive on information orientation. In Article 18 (1), the Regulation requires that the Member State of origin inform a data subject of a number of things pertaining to taking of fingerprints’ information. A data subject should be informed of the identity of the controller and of his representative, if any; the purpose for which the data will be processed within Eurodac; the recipients of the data; the existence of the right of access to, and the right to rectify, the data concerning him or her. As concerns taking fingerprints of asylum seekers and aliens apprehended in connection with irregular crossing of an external border, the persons should be informed of the obligation to have his or her fingerprints taken. The information is provided at the time of taking the fingerprints. In the case of aliens found illegally present in a Member State, the information is to be provided no later than the time when the data relating to the person are transmitted to the Central Unit. Where it proves difficult to fulfil or costly to inform, the obligation shall not apply. This seems to give Member States some discretion whether to inform or not. But whether they are required to prove or give reasons for hindrance is not clear from the provisions. As such, Member States can use this provision to defeat the obligation to inform. The Regulation extends the right of access as formulated in the Directive Article 12 to data subjects under the Eurodac system.58 This also seems to strengthen the position of data subject rights in a police system. The right of access under the Directive is extensive, unlike in the Schengen Convention. The right of access involves also the right to obtain communication of the data relating to a data subject recorded in the central database and of a Member State which transmitted them to the Central Unit. The right of access may only be granted by a Member State. The right of access also entails the right to have factually inaccurate data corrected and unlawfully recorded data erased which should be carried out without excessive delay and in accordance with the law of the Member State concerned. A data subject may approach any Member State in order to exercise the right of access. In that case, the competent authorities are to co-operate actively to promptly enforce the rights accruing from the right of access. In each Member State, the national supervisory authority is to assist the data subject in exercising his or her rights.59 A data subject has a right to remedy and may bring an action or a complaint before the competent national authorities and courts of the Member State responsible for recording the data in the central database in order to exercise the rights of access, correction, and erasure.60

58 Article 18 (2) of the Eurodac Regulation. 59 Article 18 (9) of the Eurodac Regulation. 60 Article 18 (11) and (12) of the Eurodac Regulation.

A Network of Related Cross-Border Information Systems

9.3.6.6 Supervision and Control The Eurodac Convention provides in Article 19 for the establishment of national supervisory authorities by Member States. The task of the national supervisory authority, pursuant to Article 28(1) of Directive 95/46/EC, is to independently monitor in accordance with its respective national law, the lawfulness of the processing, in accordance with the Regulation of personal data by the Member State in question, including the transmission of data to the Central Unit. In performing its monitoring task, the authority shall act independently and in accordance with the national law. Each Member State is required to ensure that its national authority has access to advice from persons with sufficient knowledge on fingerprints. This is a new requirement that was not in the Eurodac Convention.61 Supervision is more enhanced under the Regulation than in the predecessor, the Eurodac Convention, and the Schengen Convention by requiring national supervision authorities to be established pursuant to Article 28(1) of the Directive which gives extensive powers to the supervisory authorities. A joint supervisory authority composed of a maximum of two representatives from the supervisory authorities of each Member State is established in Article 20(1). The JSA is independent and does not receive instructions from any government or body. It has the task of monitoring the activities of the Central Unit, to ensure that the rights of data subjects are not violated by the processing of the data held by the Central Unit. It also monitors the lawfulness of the transmission of personal data to the Member States by the Central Unit. The joint supervisory authority has also an implementation and interpretation role in connection with the operation of Eurodac. It also writes and submits reports, which are public and forwarded to the bodies to which national supervisory authorities submit their reports, to the European Parliament, the Council and the Commission for information. It is consulted on the part of the draft-operating budget of the Eurodac Central Unit, which concerns it. The joint supervisory authority receives support from the national supervisory authorities and the Commission. It has also access to advice from persons with sufficient knowledge of fingerprint data in performance of its tasks. The Regulation provides that the JSA is to cease to exist and be disbanded as soon as the independent supervisory body referred to in Article 286(2) of the Treaty is established. Such an independent supervisory authority, known as the European Data Protection Supervisor (EDPS), was established by the Regulation (EC) no 45/2001 Article 41.62 On 17 January 2004, the JSA was indeed replaced by the European Data Protection Supervisor, in accordance with Article 20 of the Regulation.63 The duties of this figure are describe in its Article 46. The EDPS tasks are inter alia to ensure that the fundamental rights and freedoms of natural persons, and in particular their privacy, 61 Article 19 (2) the Eurodac Regulation. 62 Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data. Article 41(2). 63 First Annual Report of the Council and Parliament on the activities of the EURODAC Central Unit, p. 9. SEC(2004) 557.

277

278

Chapter 9

are respected by the Community institutions and bodies.64 Article 8 of the Charter of Fundamental Rights of the European Union introduced the right to protection of personal data as a fundamental right of the European citizen and calls for supervision by an independent authority.65 Provisions on the Court of Justice control have been omitted in the Eurodac Regulation. Under the Eurodac Convention, the ECJ had jurisdiction in the interpretation and application of the Eurodac Convention (Article 17). This jurisdiction was to be exercised to rule on any dispute between Member States and between one or more Member States and the Commission of the European Communities. The Court could also give a preliminary ruling on a matter concerning the interpretation of the Convention if asked by any court of a Member State. The jurisdiction, however, was not general and was subject to the acceptance by the Member State concerned. The omission is not fatal because similar provisions are to be found in Title IV of the TEC. But it would have enhanced judicial control, if the provision were repeated in the Regulation. The Regulation also seems sensitive to matters of protection of data subjects’ human rights as it advocates that the procedure for taking fingerprints be determined in accordance with the safeguards laid down in the ECHR and UN Convention on the Rights of the Child.66 The Regulation seems to strengthen the protection of individual rights by reference to these international instruments unlike the Schengen Convention, which is completely silent about them. The reference to Convention on the Rights of the Child is promoted by the fact that the Regulation requires taking of fingerprints of every alien under 14 days who is subject to the provisions of the Regulation. This requirement has been subject of severe criticism as it is seen to undermine the integrity and rights of minors.67 9.3.7

Relation between Eurodac and SIS/SIRENE

The Eurodac is the first biometric European police and border control co-operation database. As such it differs with SIS which is not a biometric system yet, however, the 64 65 66 67

Article 41 (2) & 46, Regulation (EC) No 45/2001. OJ C 364, 18 December 2000. Articles 4(1) and 8(1), the Eurodac Regulation. Ot.prp. nr 96 (2000-2001) Redd Barna in its commentary on the Bill for amendment of the Immigration Act suggested that the authorities should change the age limit to 18 years. They observed that the UN Convention on the Rights of the Child has 18 years as the lowest age limit, because obligation should not be place on children who do not understand it or its consequences. Further they observed that when one breaches the age limit in the law it means breaching the rights of those involved.; Justice in its comments on the draft Eurodac Convention had made similar observations. They stated that Article 8 EHCR requires interferences with the right to respect for private life to be objectively justified. This means that there must be real indications that multiple asylum applications are made by children under fourteen, or that there is another ‘pressing need’ to fingerprint them. It is considered here that a policy to fingerprint all child asylum seekers cannot be objectively justified; The European Parliament in its opinion also called for the minimum age for fingerprinting the categories of persons covered by the Regulation to be raised from 14 to 18 years.

A Network of Related Cross-Border Information Systems

SIS II will incorporate biometrics, especially fingerprints and photographs. The Eurodac is a foreign nationals’ register unlike SIS which registers data on EU citizens also. Both systems share the same purpose of prevention of illegal immigration. The SIS, however, is also concerned with the prevention of crime and ensuring security. The Eurodac and SIS are separate systems and do not share data. But with the development of biometric systems such as SIS II and VIS, sharing of data among the systems will be possible, especially if the systems become interoperable as has been proposed (see 9.7.6). As regards data protection, the Eurodac and SIS are completely different. With the adoption of the Eurodac Regulation, the Eurodac become a first pillar database and is regulated by the EU data protection Directive 95/46 at the national level and the Regulation 45/2001 at the Community level. The current SIS is still a third pillar database regulated by the CoE Convention. Under SIS II, however, migration data will be in the first pillar and will be regulated by the same data protection rules as the Eurodac. The SIRENE plays no role as regards exchange of supplementary information within the Eurodac system but its role in the future cannot be ruled out as systems become integrated and interoperable. 9.3.8

Conclusion

According to the first annual report of Eurodac Central Unit, the success of Eurodac lies in that the system identifies and therefore prevents the duplication of asylum requests in the EU Member States. But whether the system has accomplished its second aim of assisting Member States in determining the Member State responsible for processing an asylum application or not, the report does not indicate this. The conversion of Eurodac from an intergovernmental Convention to a Community Regulation has transformed data protection in the Eurodac system. It has moved data protection from a Council of Europe Convention ‘lower level’ to an EU Directive ‘higher level’. The most notable change is the replacement of Eurodac JSA, which had limited supervisory powers, with the European Data Protection Supervisor who has extensive supervisory powers. The presence of Eurodac system in itself, however, is a threat to data protection as it increases instances of surveillance and control in society, but with an adequate regulatory regime, data protection should not be in danger. According to the first annual report, no data protection problems have been raised in respect of Eurodac operations by the national data protection authorities responsible for monitoring the lawfulness of the processing of the personal data by Member States. But the transparency and proportionality concerns raised with SIS could also be applicable to the Eurodac. It is important therefore that the system is monitored and supervised properly in order to ensure transparency and proportionality. As indicated, the EU Directive, which the Eurodac relies on, needs to be appraised in order to enhance transparency and proportionality in processing of personal data.

279

280

Chapter 9

9.4

Europol

9.4.1

Introduction

European Police Office (Europol) is a successor to the Europol Drug Unit (EDU). EDU was established by a Ministerial Agreement in June 1993. The unit’s role was to act as a non-operational team for the exchange and analysis of information in relation to illicit drug trafficking. Later its role was extended to cover nuclear crimes, the smuggling of human beings (illegal immigration networks), and vehicle trafficking and associated money laundering operations. The establishment of Europol was agreed in the Maastricht Treaty (EU Treaty) on 7 February 1992. Europol is one of the most important components of the intergovernmental Third Pillar of the EU Treaty.68 9.4.2

Purpose and Policy Aims

The concern of the Europol, unlike the Schengen, is with serious forms of international crimes. Europol initially was concerned with prevention and combating unlawful drug trafficking, trafficking in nuclear and radioactive substances, illegal immigrant smuggling, trade in human beings and motor vehicle crime. Two years after the entering into force, Europol was empowered to deal with crimes committed or likely to be committed in the course of terrorist activities against life, limb, personal freedom or property. In light of 11 September 2001 events, Europol is to become a very important tool for the fight against terrorism. Its wide exchange of data mandate makes it suitable for this role.69 In its Annual Report 2003, Europol observes that “the attack of 11 September 2001 led to the formation of a Task Force and most other work was temporarily frozen, as the majority of resources were put into efforts made by the Task Force on focusing on Extreme Islamic terrorism.” Further, “in accordance with the conclusions of the Special JHA Council of 20 September 2001, a Counter Terrorism Task Force was set up in order to deal with the specific threat in post 11 September 2001. At the same time, Europol established relations with its counterparts in the United States, posting Liaison Officers to Washington, and an FBI Liaison Officer was posted to Europol for the first half of the year.”70 It is also envisaged that the competence of Europol will be extended to cover other forms of crime listed in the Annex to the Convention.71 The role of the Europol is an expanding one. The wording of the Europol Convention seems to leave room for almost any criminal offence to be covered. It also leaves too much scope for investigation and prosecution from a human rights point of view. Some 17 forms of crime have been added to Europol’s competence, replacing the original “crime related approach” with

68 69 70 71

Bruggeman, W. (1995). p. 217. See 9.4.7. See also EUROPOL: Annual Report 2003. Article 2 of the Europol Convention.

A Network of Related Cross-Border Information Systems

a broad, proactive and unregulated mandate.72 The Convention was rewritten to give Europol operational powers and a much wider remit. When Europol was agreed upon, every opportunity was taken to emphasise a non-operational constitution. But it was expected that Europol officers will be participating in joint investigation teams operating in two or more EU Member States.73 The principal tasks of the Europol include: – facilitating exchange of information, – collection, analysis and provision of information and intelligence, – support for national investigations and – maintenance of computerised information.74 Statewatch states that “under the Convention, Europol was set up to act as both a ‘clearing house’ for bilateral and multilateral exchange of data and as curator and custodian of a central EU intelligence database on organised crime.”75 In order to exchange information, the Member States are to establish and designate a national unit which is to be the only liaison body between Europol and the competent national authorities. The tasks of the national units are: – to supply Europol on their own initiative with the information and intelligence, – respond to Europol’s requests for information, intelligence and advice, – to keep information and intelligence up to date, – to evaluate information and transmit it to the competent authorities – to supply Europol with information for storage in the computerised system. – issue requests for advice, information, intelligence and analysis to Europol, and – ensure compliance with the law in every exchange of information between themselves and Europol.76 9.4.3

Legal Basis

The legal basis of the Europol computer systems is the Europol Convention. As noted earlier, the legal basis can be traced back to the EU Treaty, which provided for the establishment of Europol. The Europol Convention, which is an intergovernmental agreement, was enacted on 18 July, entered into force on 1 October 1998 and became operational on 1 July 1999. The negotiations for the Europol Convention started in 1992. The Convention establishes the Europol computer systems, Europol Information System (EIS), provides for personal data protection rules and safeguards, and institutional organisation.

72 Statewatch press release, 4 February 2002: The activities and development of Europol: towards an unaccountable “FBI” in Europe. 73 Ibid. 74 Article 3 of the Europol Convention. 75 Statewatch press release 4 February 2002, supra. 76 Article 4 of the Europol Convention.

281

282

Chapter 9

Only EU Member States can become parties and members of Europol. The Convention, however, is open for third countries and international organisation as well as bodies which can enter into co-operation agreement with Europol. On 27 March 2000, the EU Council decided to give Europol power to enter into agreements with a number of countries and organisations, among them Norway.77 Norway entered into a co-operation agreement with Europol in 2001, and the co-operation came into effect on January 2002 when Norway officially became a member of Europol.78 This agreement is the legal basis of Norway’s participation in Europol. 9.4.4

Organisational Overview

9.4.4.1 Personnel At the end of 2005, there were 536 persons working with Europol at the headquarters in The Hague. 93 of them were liaison officers, known as Europol Liaison Officers (ELOs), stationed there by their respective Member States, representing a variety of law enforcement agencies (police, customs, gendarmerie, immigration services, etc.).79 The ELOs, together with the Europol officers, analysts and other experts provide an effective fast and multi-lingual service 24-hours per day. The liaison officers come from different national authorities, police, custom services, immigration and so on. They represent the interests of their countries and they assist in the exchange of information between the national units that have seconded them and Europol.80 They are therefore the link between their own national units, Europol and other Member States in the process of exchange of information and intelligence. The national units do not address themselves directly to Europol or other Member States, but they may do so through their liaison person seconded to Europol. The Europol office in Norway is housed at Kripos. It is localised in the international department together with other international offices Interpol, SIRENE and Nordic Police Co-operation. In addition, Norway has seconded one liaison officer to Europol.81 9.4.4.2 Technical Aspects Europol operates its own computerised system of collected information, known as the Europol Computer Systems (TECS). The TECS consists of three components: 77 OJ C106, 13.4.2000, p. 1 – The Council Decision of 27 March 2000. 78 Other countries, organisations and bodies that Europol has entered into agreement with Strategic agreements are: EU Commission, European Central Bank (ECB), European Monitoring Centre for Drugs and Drug Addiction (EMCDDA) and World Customs Organisation (WCO), Colombia and the USA. Operational agreements: Interpol, Norway, Iceland, Hungary, Poland, Estonia, Slovenia, USA and the Czech Republic. Cf. EUROPOL: Annual Report 2003. 79 Europol Annual Report 2005, p. 19. 80 Article 5 of the Europol Convention. 81 Nye Kripos: Årsberetning 2000 og årsrapport 2002.

A Network of Related Cross-Border Information Systems

– – –

a central information system, work files and, an index system.

The TECS is not linked to any other automated system save the automated processing system of the national units. In essence, it must not be electronically linked to other systems such as Interpol, Eurodac or Schengen. As shown below, however, these systems may complement each other through other forms of exchange of information. The central information system has a restricted and precisely defined content to allow rapid reference to the information available by the Member States and Europol. It contains the principal database for facilitating Europol’s co-operation and information exchange functions.82 The Member States represented by their national units and liaison officers may directly input data in the system. The transmission of data by Member States is governed by their respective national laws and procedures. Europol has also authority to directly input data supplied by third States and third bodies and analysis data. Direct access to the data is allowed for consultation by national units, liaison officers, the Directors and duly empowered Europol officials. But the range of access by the national units is restricted in respect to data entered under Article 8(1) to the details of identity listed in Article 8(2).83 The second component of the TECS is the work files for the purposes of analysis (the Analysis System). As the name signifies, the work files are to be used for the purposes of analysis only. Analysis is defined as the assembly, processing or utilisation of data with the aim of helping a criminal investigation.84 The Analysis System provides a range of tools to enable Europol analysts to conduct strategic and tactical intelligence projects in order to maintain an intelligence picture of major criminal activities and organisations.85 The purpose is to assist with specific investigations at the request of national law enforcement agencies, governments and the Council of Ministers.86 The work files are temporary and designed for a specific analysis task; once the analysis work is accomplished the file is closed.87 The analysts will collect information from a number of sources. These include the national law enforcement agencies and intelligence organisations in the Member States, the European Liaison Officers, third States, international organisations and open sources. The information includes not only the data input in the central information system by virtue of Article 8 of the Convention but also other data. That is, data of possible witnesses, victims or persons whom there is reason to believe could be victims, contacts and associates and informants, Article 10(1) 2- 5. The information covers a far range of data in the form of both structured and

82 83 84 85 86 87

Storbeck, J. (1997), p. 121. Article 7 of the Europol Convention. Article 10(2) of the Europol Convention. Storbeck, J. (1997), supra. Ibid. Article 12 of the Europol Convention.

283

284

Chapter 9

free text.88 As Mathiesen has noted, these categories are very wide circles of individuals loosely tied to persons who have been sentenced or are under suspicion. For example, any person who has had contact or association with the sentenced and/or suspected person can be caught in the ‘fish net’, notwithstanding that the contact or association had nothing to do with the crime. Europol is also authorised to receive data from third States and third bodies other than the Member States. Where it is entitled under other Conventions to gain computerised access to data from other information systems, Europol can so retrieve such data if necessary for performance of its analysis tasks. Only the analysts are authorised to enter data and retrieve data from the file concerned. Sensitive data, as defined by Article 6 of the Council of Europe Convention of 28 January 1981 with regard to Automatic Processing of Personal Data, may also be recorded if they are strictly necessary for the purposes of the file concerned or to supplement other data already entered in that file. Collecting personal data, however, is prohibited if done solely on the grounds that relate to racial origin, religious or other beliefs, sexual life, political opinions or membership of movements to organisations that are not prohibited by law. The ‘room’ seems therefore open for registration of sensitive data. TECS is the third component is the index system. As the name connotes, the index system is a reference point. It enables one to determine whether or not a given item of information is stored in the TECS. It allows liaison officers to discover whether data concerning their Member States is stored in the analysis system. It, however, does not display the actual data held within the database.89 Europol may also store non-automated data, which is held in the form of (manual) files. That is, any structured set of personal data accessible with specific criteria [Article 14(3)]. 9.4.5

Data to be Entered

According to Article 8 of the Convention, only the data that is necessary for the performance of Europol’s tasks, with the exception of data concerning and related to criminal offences, may be stored in the information system. Data entered, first, relates to persons who are suspected of having committed or having taken part in a criminal offence for which Europol is competent or who have been convicted of such an offence. These data may include criminal offences, alleged crimes and when and where they were committed, means which were or may be used to commit the crimes. Further, they may include departments handling the case and their filing references, suspected membership of a criminal organisation, convictions, where they relate to criminal offences for which Europol is competent under Article 2. The criminal offence must be defined as an offence in the national law of the Member State concerned. Second, the data also may relate to persons for whom there are serious grounds under national law for believing will commit criminal offence for which Europol is competent. Personal data to be registered include surname, maiden name, given names and any alias or assumed name. In 88 Strobeck, J. (1997), supra. 89 Ibid.

A Network of Related Cross-Border Information Systems

addition, to be included are data on date and place of birth, nationality, sex and where necessary, other characteristics likely to assist in identification, including any specific objective physical characteristics not subject to change. 9.4.6

Access to Data

The right to access the data in the central information system is restricted as stated earlier to national units, liaison officers, and the Director, Deputy Directors of duly empowered Europol officials. The right involves the right to input data directly into the information system and retrieve it from the system. Retrieving the data is restricted to situations where this is necessary for the performance of Europol’s tasks. The law applicable in such a case is the national law and any additional provisions contained in the Convention. The right of access also involves the right to modify, correct or delete data entered into the system. From the outset, it is only the national unit which enters the data that may modify, correct or delete such data. This may be done if the data are incorrect or in order to supplement them. But where another unit has entered additional data, especially as regards criminal offences under Article 8(3), where there is a contradiction, the units concerned consult each other before taking an action. In addition, where one unit has input data as required by Article 8(2) and would like to delete them altogether, but another unit has input additional data under Article 8(3), responsibility and the right to modify, supplement, correct and delete the data is to be transferred to the latter unit. Direct access to Europol data may be restricted, but as noted below, indirect access is wide as Europol can receive and share data with a broad range of third party bodies.90 9.4.7

Reception of Data from and Communication of Data to Third States and Third Bodies

Under Article 10 (4), Europol may, where it seems justified to have other information for the performance of its tasks, in Article 3(1) point 2, request that information from third States and third bodies. Third States and third bodies may also provide the information on their own initiative. Third bodies include the European Communities and bodies governed by public law established under the Treaties establishing those communities, as well as other bodies governed by public law established in the framework of the European Union. Other bodies such as international organisations and their subordinate bodies governed by public law, bodies governed by public law which are based on an agreement between two or more States (e.g. Schengen), and the international Criminal Police Organization (Interpol).91 In receiving or communicating information to third States and third bodies, Europol is to be governed by rules drawn by the

90 See 9.4.7. 91 Council Decision 8803/01 authorising the Director of Europol to conclude a Co-operation Agreement between Europol and Interpol.

285

286

Chapter 9

Council in consultation with the Managing Board.92 As stated earlier, Europol may also receive information by gaining access to other information systems if entitled by other Conventions. A February 2005 amendment to the Schengen Convention gave Europol direct access to SIS data.93 Similarly, Europol may communicate personal data it holds to third States and bodies mentioned above. Such communication is authorized if this is necessary in individual cases for the purpose of preventing or combating criminal offences for which Europol is competent under Article 2. It is also permissible where an adequate level of data protection is ensured in that State or that body and if this is allowed under the general rules within the meaning of paragraph 2. To determine the adequate level of data protection, the assessment must take into account all the circumstances which play a part in the communication of personal data. Particular account must be taken of the nature of the data, the purpose for which the data is intended, the duration of the intended processing and the general or specific provisions applying to the third States and bodies within the meaning of Article 10(4). Restrictions in communication of data to third States and third bodies, however, have been put on Europol. First, where data to be communicated originates from a Member State, Europol will require the consent of the Member State concerned before such data can be so communicated. The Member State may give its prior consent, in general or other terms, to such communication and that consent may be revoked at any time. Second, where such data has not been communicated by a Member State, Europol need only satisfy itself that communication of those data is not liable to obstruct the proper performance of the tasks falling within a Member State’s sphere of competence and jeopardise the security and public order of a Member State or otherwise prejudice its general welfare. As indicated earlier, Europol is responsible for the data received and communicated to such third states and third bodies. As regards to the communication of such data, Europol is responsible for the legality of the authorising communication. In that respect, Europol is to keep a record of communications of data and of the grounds for such communications. In any case, the communication of data is authorised only if the recipient gives an undertaking that the data will be used only for the purpose for which it was communicated. In addition, where the communication of information is subject to the requirement of confidentiality, communication is only permitted if an 92 Sets of rules have been adopted in this connection: Council Act of 3 November of 1998 laying down rules concerning the receipt of information by Europol from third parties (1999/C 26/03); Act of the Management Board of Europol of 15 October 1998 laying the rules governing Europol’s external relations with European Union-related bodies (1999/C 26/10); Council Act of 3 November 1998 laying rules governing Europol’s external relations with third States and non-European Union related bodies (1999/C 26/04); Council Act of 12 March 1999 adopting the rules governing the transmission of personal data by Europol to third States and third bodies (1999/C 88/01). 93 See Article 101 A of the Schengen Convention.; introduced by the Council Decision 2005/211/ JHA of 24 February 2005 concerning the introduction of some new functions for the Schengen Information System, in particular in the fight against terrorism, OJ L 68/44 15 March 2005.

A Network of Related Cross-Border Information Systems

agreement on confidentiality exists between Europol and the recipient. This provision, however, does not apply to the communication of personal data required for a Europol inquiry. It is clear from the forgoing discussion that Europol is a central actor in the exchange of information within the European Union and with the external world. The only hindrance is limitations mentioned above, but these could easily be overcome. As it is, Europol can receive information and data from any source it deems fit. It can also share information with third parties if the restrictions do not hinder. 9.4.8

Data Protection

Europol Convention belongs to a generation of international police and border legislation, which emphasises the need for data protection. Like in the Schengen and Eurodac conventions, data protection in the Europol Convention is given a high profile. The Convention set out a minimum standard of data protection that each Member State should meet before the implementation of the Convention commences (Article 14). The standard required in relation to the processing of personal data in data files, in the framework of the Convention, is a standard of protection which at least corresponds to the standard set out by the Council of Europe Convention of January 1981. Further, Member States should also take account of Recommendation No R (87) 15 concerning the use of personal data in the police sector. The minimum standard requirement has become a common feature in this type of legislation. Presently, EU Member States have in place national legislation that meets the requirement. In addition, the implementation of the European Parliament and Council Directive on personal data protection means that data protection in the Member States may be well above this minimum standard.94 This has the effect of raising the minimum level of data protection in Member States which is a desirable result. 9.4.8.1 Data Quality The Europol and the Member States share the responsibility in data protection respectively. Responsibility covers legality of collection, the transmission to Europol and the input of data, as well as their accuracy, their up-to-date nature and verification of the storage time limits. In this respect, the responsibility of the Member State extends to the data it inputs and data communicated to the Europol, and for the Europol, responsibility is in respect of data communicated to Europol by third parties or which result from analysis conducted by Europol. In addition, the responsibility for Europol extends to all data it receives and processes whether automated or non-automated. In the Europol Convention, provisions and rules of confidentiality further enhance the protection of data. Articles 21 and 32 of the Convention are provisions on confidentiality and require Europol and the Member State to take appropriate measures to protect information subject to the requirements of confidentiality. The Council is also required 94 See 5.2.5 above.

287

288

Chapter 9

to unanimously adopt appropriate rules on confidentiality. Such rules were adopted by the Council on 3 November 1998.95 9.4.8.2 Purpose Specification The use of data is restricted to the purpose for which it was collected. Only Europol and competent authorities of the Member States may utilise the data processed by Europol. The competent authorities of Member States may only use the information in order to prevent and combat crimes falling within the competence of Europol and to combat other forms of crime. On the other hand, Europol may use such information only for the performance of its tasks as referred to in Article 3. Exceptions are allowed on the general rule only with consultation with the Member States responsible of the data. 9.4.8.3 Individual Participation The right of access for data subjects is guaranteed in principle under the Convention (Article 19). The right involves access to data relating to the data subject which have been stored within Europol or to have data checked. The request is directed to the national competent authority in any Member State the data subject wishes, and in turn the authority refers the request to Europol who replies to the data subject directly within a period of three months. The right of access is exercised in accordance with the national law of Member States where the right is claimed. But this right is not absolute. The following exceptions may restrict its exercise: – First, where the law of the Member State applies to a communication concerning data, such communication must be refused if necessary to enable Europol to fulfil its duties properly. – Second, it is refused if necessary to protect security and public order in the Member States or to prevent crime. – Third, to protect the rights and freedoms of third parties. The data subjects have also the right of correction and deletion of data (Article 20). This right is a right to ask Europol to correct or delete incorrect data concerning the data subject. Europol is required to inform the inquirer that the data has been corrected or deleted. If the enquirer is not satisfied with Europol’s reply or if he received no reply within three months, he may refer the matter to the joint supervisory body. Rules concerning the correction and deletion of paper files are different and much simplified (Article 22). Europol on its initiative is supposed to destroy any paper file or data that it is no longer necessary for performance of its tasks or the information concerned is in contravention of the convention. Destruction may not take place if there are grounds for assuming that the legitimate interests of the data subject would otherwise be prejudiced. In such cases, the paper file must bear a note prohibiting all use. A data

95 Council Act of 3 November 1998 adopting rules on the confidentiality of Europol information (1999/C 26/02).

A Network of Related Cross-Border Information Systems

subject, however, may claim the right against Europol to correction or destruction of paper files or the inclusion of a note. The Convention also sets out the rules on duration of storage of data. In general there is no time limit for the storage and deletion of data files for non-personal data (Article 21). Data in data files is to be held by Europol only for as long as is necessary for the performance of its tasks. But the need for continued storage is to be reviewed periodically, and not later than three years after the input of data or last review, by those who have responsibility of the data as discussed above. If no decision is taken on the continued storage of data, those data shall automatically be deleted. Storage of personal data as a rule may not exceed a total period of three years (Article 22). The need for continued storage, however, shall be reviewed annually and the review documented. Further, deletion is not permitted if it would damage the interests of the data subject which require protection. In such cases, the data may be used only with the consent of the data subject. 9.4.8.4 Supervision Establishment of supervisory bodies has become standard procedure in border and police conventions on information systems. For its part, the Europol Convention provides for establishment of national supervisory bodies at the national level and a joint supervisory body at the supranational level. At the national level, each Member State is to designate a national supervisory body (Article 23). Its task is to monitor the permissibility of the input, retrieval and any communication to Europol of personal data by the Member State and examine whether this violates the right of the data subjects. In carrying out this task, the national supervisory body acts independently, in accordance with its respective national law and has access at the national unit or at the liaison officers’ premises to the data entered by the Member States in the information system and in the index system. In addition, the national supervisory body has access to the offices and documents of their respective liaison officers at Europol and supervise the activities of national units in matters relevant to the protection of personal data. Further, the national supervisory bodies have the duty to receive requests from individuals who would like to ensure the lawfulness of entry and communication of data concerning him in any form and the consultation of the data by the Member States concerned. Article 24 of the Europol Convention establishes the joint supervisory body. It is composed of not more than two members or representatives of each of the national supervisory bodies who are appointed for a period of five years by each Member State. Each delegation has one vote. The main task of the joint supervisory body is reviewing the activities of Europol in order to ensure that the rights of the individual are not violated by the storage, processing and utilisation of the data held by Europol. It also monitors the permissibility of the transmission of data originating from Europol. In order for the joint supervisory body to carry out its tasks, Europol must supply information requested, give access to all documents and paper file as well as access to the data stored in the system. Further, Europol must allow access at any time to all its premises by the joint supervisory body. Europol must also assist the joint supervisory body to carry out the joint supervisory decisions on appeals.

289

290

Chapter 9

The joint supervisory body is to have competence to examine questions relating to implementation and interpretation in connection with Europol’s activities the processing and utilisation of personal data. It is also to have competence for the examination of questions relating to checks carried out by the national supervisory bodies or relating to the exercise of the right to information, as well as drawing up harmonised proposals for common solutions to existing problems. The joint supervisory body shall also receive requests from individuals who would like to ensure his personal data have been collected, stored, processed and utilised by Europol in a lawful manner and are accurate. In case of violation of the Convention in this regard, the joint supervisory body is to make any complaints it deems necessary addressed to the Director of Europol who will be required to respond within the time limit specified. The joint supervisory body may refer the matter to the Management Board in case of any difficulty. The joint supervisory body is also required to draw up activity reports regularly. The reports are to be forwarded to the Council, however, the Management Board is to have opportunity to give an opinion to be attached to the reports. The joint supervisory body may decide whether to or not publish its activity report. In carrying out its task of examining appeals, the joint supervisory body is to set up an internal committee comprising one qualified representative from each Member State with one vote entitlement. It may also set one or more other committees. It shall also be assisted by a secretariat whose tasks are to be defined in the rules of procedure. The joint supervisory body is to be consulted on the part of the budget that concerns it and its opinion is to be annexed to the draft budget in question. 9.4.9

Relation between Europol and SIS /SIRENE

The Europol system is unique from SIS as it is an investigative system and not an identification system like SIS. As an investigative system, data registered in the Europol differ from those registered in the SIS. The Europol registers a wider range of personal data than the SIS. The purpose of Europol is also wide and includes both prevention of crime, illegal immigration and public security. Europol and SIS are technically separate systems and not linked. The sharing of data from a technical point of view therefore is not feasible. Sharing of data using other channels, however, is possible. The Europol Convention Article 10(4) opens for possibility of obtaining information and data from the SIS. The Schengen Convention was also amended to allow access to SIS data by Europol officers. The SIS data is therefore available for the purposes of Europol. The SIS supervisory authorities share the same personnel at the national level and joint supervisory level. This has led to the call for unification of the joint supervisory authorities. As a first step, the joint secretariats of SIS, Europol and CIS have been consolidated. The Europol like the current SIS is a third pillar system and regulation of data processing is based on the CoE Convention as a minimum level of protection. The SIRENE currently does not play any role in the exchange of supplementary information within the Europol system. But its role in the future may change and become

A Network of Related Cross-Border Information Systems

the core system in the exchange of supplementary information that involves other systems including the Europol (see 9.7.6). 9.4.10 Conclusion The Europol system plays a central role in control and surveillance in Europe and society in general. It is the only system that can access data from other systems almost without restriction. Its role is therefore important in facilitating information and data sharing and exchange among systems, organisations and countries. Due to its wide powers to share data with other entities, Europol has acquired a global characteristic which serves to enhance global control and surveillance. As Europol is still trapped in the intergovernmental and third pillar setting, transparency and proportionality is a real concern. 9.5

The Custom Information System (CIS)

9.5.1

Purpose and Policy Aims

The aim of the EU CIS is to enable national custom services to exchange and disseminate information on smuggling activities and request action. It assists in preventing, investigating and prosecuting serious contraventions of national laws by increasing, through rapid dissemination of information, the effectiveness of the cooperation and control procedures of the customs administrations of the Member States [Article 2(2)]. 9.5.2

Legal Basis

The Custom Information System (CIS) is established by the Convention on the use of information technology for customs purposes. The Convention was drawn up on the basis of Article K. 3 of the Treaty of the European Union. 9.5.3

Organisational Overview

9.5.3.1

Technical Aspects

Article 2(1) provides for the establishment of the CIS. The CIS is a joint automated information system for customs purposes. It is mainly a central database accessible via terminals in each Member State.96 The strategy, however, is to create profiles of offenders to increase the efficiency of random stops.97 9.5.3.2 Data Entered Non-personal and personal data necessary for achieving the aim of the CIS is to be entered. The data includes the following categories: 96 Article 3 of the Convention. 97 Tupman, W. A. (1995), p. 267.

291

292

Chapter 9

– – – – –

commodities, means of transport, businesses, persons, fraud trend and, availability of expertise.

In this regard, the Member States are to determine the items of information to be included in the CIS. These shall comprise no more than the following: – name, maiden name, forenames and aliases, – date and place of birth, – nationality, – sex, – any particular objective and permanent physical characteristics, – reason for inclusion of data, – suggested action and, – a warning code indicating any history of being armed, violent or escaping. The recording of sensitive personal data listed in Article 6, first sentence of the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data is prohibited. The inclusion of data in the CIS is governed by the national law of the supplying Member State except where the Convention provides otherwise. 9.5.3.3 Access to Data The Convention reserves direct access to data in the CIS exclusively for the national authorities as designated by each Member State. The national authorities are the customs administration and may include other authorities competent under national law to act in order to achieve the aim of the Convention. Access, however, may be permitted to international or regional organisations where agreements to that effect exist. This provision together with Article 8 (4) of the Convention, allows extensive transfer of data to third parties. 9.5.4

Data Protection

9.5.4.1 Introduction In order to be able to receive and include personal data in the CIS, Member States are required to comply with a minimum data protection requirement. They must enact a national legislation providing minimum protection equivalent to a level of protection of personal data resulting from the principles of the 1981 Strasbourg Convention. In addition, the Member States must designate a national supervisory authority or authorities as required by the Convention.98 98 Article 13 of the Convention.

A Network of Related Cross-Border Information Systems

9.5.4.2 Purpose Specification The principle of purpose specification in Article 8 allows Member States to only use data obtained from the CIS in order to achieve the aim stated in Article 2(2). But the wording of the aim is vague and wide and it leaves the interpretation as to the purpose of the Convention to discretion. Furthermore, the data may be used for administrative or other purpose with the prior authorisation of and subject to any conditions imposed by the Member State, which included the data in the system. The use of the data is also restricted to competent national authorities designated by the Member State in question. But with prior authorisation, the data may be communicated for use by national authorities other than designated national authorities such as non-Member States, and international or regional organisation. The extension of the purpose specification principle may be understandable because as Tupman observes ‘the Commission itself harbours a long-term ambition of a unified Customs Service.99 9.5.4.3 Data Quality and Security The responsibility for the accuracy, currency and lawfulness of data lies with each Member State for data it has included in the CIS. Article 21 of the Convention emphasises that, the responsibility of each Member State is to comply with the provisions of Article 5 of the Council of Europe Convention of 1981. The responsibility to amend, supplement, correct or delete data which are factually inaccurate or are included or stored unlawfully in the CIS rests with the supplying Member State, Article 11. The data included in the CIS can be retained only for the time necessary to achieve the purpose for which they were included. The need for retention, however, is to be reviewed at least annually by the Member State, which supplied the data, Article 12. If there is no decision to retain data, they shall automatically be transferred to that part of the CIS to which access is limited to a representative of the committee and supervisory authorities as established by the Convention. The data shall continue to be retained for one year within the CIS during which period the Committee and the supervisory authorities may consult the data for the purpose of checking its accuracy and lawfulness, after which the data must be deleted. 9.5.4.4 Individual Participation Data subjects have the right of access, which is to be exercised in accordance with the national law the Member State in which the right is invoked. The national supervisory authority is to decide whether information is to be communicated and the procedure for doing so, as provided in the national law. The right of access, however, is limited. Access may be refused if it may undermine the performance of the legal task specified in the report to Article 5(1), or in order to protect the rights and freedoms of others. Access is also to be refused in any event during the period of discreet surveillance or sighting and reporting. 99 Tupman, W. A. (1995), p. 266.

293

294

Chapter 9

Data subjects have also the right to have personal data relating to the data subject corrected or deleted if they are factually inaccurate, or were included or are stored in the CIS contrary to the Convention or to the provisions of Article 5 of the 1981 Strasbourg Convention. The rights to correction and deletion are to be exercised in accordance to the national law of the Member State concerned. Another right that the data subjects may invoke according to the Convention is the right to a remedy. Any person, in the territory of each Member State, may in accordance to the national law bring an action or if appropriate, a complaint before the courts or the competent authority concerning personal data relating to himself on the CIS. The right may be invoked in order to correct or delete factually inaccurate personal data or personal data included or stored in the CIS unlawfully or to obtain access to personal data and to obtain compensation. 9.5.4.5 Supervision In order to enhance protection of personal data, the Convention requires the setting up of data supervisory authorities. Article 17 of the Convention requires each Member State to designate a national supervisory authority or authorities to be responsible for data protection. The national supervisory authorities are to be independent. They are to carry out independent supervision and checks, to ensure that the processing and use of data held in the CIS do not violate the rights of the persons concerned. In addition, any person may request any national supervisory authority to check personal data relating to himself on the CIS and the use which has been or is being made of that data. In order to carry out their work, national supervisory authorities are to have access to the CIS. Article 18 of the Convention establishes a joint supervisory authority composed of two representatives from each Member State who are also members of the national supervisory authorities. The role of the joint supervisory authority is to supervise operation of the CIS, to examine any difficulties of application or interpretation which may arise during its operation, to study problems which may arise with regard to the exercise of independent supervision by the national supervisory authorities of the Member States, or in the exercise of rights of access by individuals to the system, and to draw up proposals for the purpose of finding joint solutions to problems. The reports so drawn are to be forwarded to the authorities to which the national supervisory authorities submit their reports. To carry out these tasks the JSA shall have access to the CIS. 9.5.4.6 Judicial Control The European Court of Justice (ECJ) has been given a limited role of resolving disputes between Member States on interpretation and application of the Convention and between Member States and the Commission of European Communities on the application of the Convention (Article 27).

A Network of Related Cross-Border Information Systems

9.5.5

Relation between CIS and SIS/SIRENE

The Customs Information System is mainly a crime investigating system. Therefore, it differs from the SIS which is both a crime and immigration system. The CIS mandate is exclusively customs crime which limits its scope while the SIS is general crime. Technically the CIS and SIS are separate and sharing of data is not feasible. But with the future possibility for interoperability of systems, data sharing may become possible between the two systems. As regards data protection, the CIS is a third pillar system regulated by the CoE Convention as a minimum data protection requirement like the SIS. The SIS and CIS supervisory authorities share the same personnel. The SIRENE does not play any role in exchange of supplementary information within the CIS system but its role in the future may change as interoperability and data sharing among systems becomes a reality. 9.5.6

Conclusion

The role of CIS in control and surveillance may not be extensive, as the other systems discussed here, because its scope is limited. It is concerned with customs offences and control only. But the mere existence of the system itself is a threat to human rights and adds to control and surveillance in society. Since like Europol, it is regulated by intergovernmental and third pillar legal regime, it may suffer from lack of transparency and proportionality. 9.6

Visa Information System

9.6.1

Introduction

The background and development history of the Visa Information System (VIS) may be summarised as follows. In its Laeken meeting the European Council directed the Commission to take steps to set up a common visa identification system.100 In 2002 the Spanish Presidency submitted a proposal for guidelines for the introduction of a common system for an exchange of visa data at the meeting of the Visa Working Party on 3 April 2002.101 The guidelines served as a basis for a feasibility study on setting up a data system prepared by the Commission. In May 2003, the Commission presented the feasibility study to the Council which welcomed and confirmed the objectives for a Visa Information System as set out in the guidelines and invited the Commission to continue 100 See, point 42 of Laeken European Council Conclusions. 101 9615/02 LIMITE VISA 92 COMIX 386: study provides an analysis of the technical and financial aspects of the VIS. It is based on the Technical and Functional guidelines for the feasibility study, as set out in part II of the guidelines, adopted by the Council on 13 June 2002, and provides possible technical solutions for the VIS, including the use of biometrics, and assesses the impact of each solution on financial and human resources. The study does not cover an assessment of the existing national systems, but considers their interoperability with the VIS.

295

296

Chapter 9

its preparatory work on the development of the VIS in co-operation with Member States on the basis of a centralised architecture, taking into account the option of a common technical platform with the second generation Schengen Information System (SIS II). In June 2004, a Council Decision for the establishing the VIS was adopted.102 And in December 2004, the Commission issued a proposal Regulation.103 The VIS is expected to be operational in 2007. 9.6.2

Purpose and Policy Aims

Currently the purpose and policy aims of the VIS are spelt out in the guidelines of June 2002 and the proposal for the VIS Regulation. They defined the VIS as a system for the exchange of visa data between Member States. It will act as a storage of visa data during the visa issuing process, and the consultation of these data, where and when that information is useful, for instance at external border controls.104 The VIS proposal Regulation states that the VIS shall improve the administration of the common visa policy, consular co-operation and consultation between central consular authorities by facilitating the exchange of data between Member States on application and on the decisions made in order: – to prevent threats to internal security of any of the Member States; – to prevent the bypassing of the criteria for the determination of the Member States responsible for examining the application; – to facilitate the fight against fraud; – to facilitate checks at external border checkpoints and within the territory of the Member States; – to assist in the identification and return of illegal immigrants; and – to facilitate the application of Regulation (EC) No 343/2003. The system would have a capacity to connect at least 27 Member States, 12000 VIS users and 3500 consular posts worldwide. The study that recommended this was based on the assumption that 20 million visa requests would be handled annually.105 9.6.3

Legal Basis

The main legal instrument for VIS is the Council Decision which establishes the VIS, Article 1 of the Decision and the proposed Regulation. The Decision gives the 102 Council Decision of 8 June 2004 establishing the Visa Information System, OJ L 213, 15 June 2004, p. 5. 103 Proposal for a Regulation of the European Parliament and the Council concerning the Visa Information System (VIS) and the exchange of data between Member States on short stayvisas. COM(2004) 835 final. 104 Communication from the Commission to the Council and the European Parliament: Development of the Schengen Information System II and Possible Synergies with a Future Visa Information System (VIS), COM(2003) 771 final. 105 Ibid.

A Network of Related Cross-Border Information Systems

Commission the mandate to prepare the technical development of VIS and to provide the required legislative basis to allow for the inclusion in the Community budget of the necessary appropriations for the technical development of VIS and the execution of the budget.106 The Decision was adopted without prejudice to the adoption in the future of the necessary legislation establishing and describing in detail the operation and use of VIS. This legislation is the proposed Regulation which defines the categories of data to be entered into the system, the purpose for which they are to be entered into the system and the criteria for their entry, the rules concerning the content of VIS records, the rights of access for authorities to enter, update and consult the data, and rules on the protection of personal data and their control. 9.6.4

Organisational Overview

9.6.4.1 Technical Aspects and Function of VIS According to the Council guidelines, the structure of the VIS must be similar to that of the existing Schengen Information System. It is based on a centralised architecture and a common platform with SIS II. The VIS consists of a central information system referred to as ‘the Central Visa Information System’ (CV-VIS) and an interface in each Member State, referred to as ‘the National Interface’ (NI-VIS) which shall provide the connection to the relevant central national authority of the respective Member State, and the communication infrastructure between the Central Visa Information System and the National Interfaces. The consular posts and other national authorities (border checkpoints, police and immigration authorities) would need to connect to their corresponding N-VIS to benefit from the VIS services. The VIS will have three levels:107 – Central level - that is the C-VIS under a single responsible authority to be decided. It is to be hosted in the same location as the Central System of SIS II. But the C-VIS and its business continuity system should be hosted at different locations; – National level - for each Member State, comprising national systems N-CIS and their interfaces to the C-VIS; – Local level - which includes consular posts, border crossing points, and immigration and police authorities. A synergy is envisaged between VIS and SIS II at the central level. This is based on the assumption that both systems would have a centralised architecture. Synergy between the two would facilitate consultation between the systems. Thus, VIS users would consult SIS II during the issue of visa and determine whether an alert has been issued for the visa applicant for the purpose of refusing entry. Likewise, SIS users (border crossing points, police and immigration authorities) connected to the SIS technical infrastruc106 Proposal for a Council Decision establishing the Visa Information System (VIS), COM(2004) 99 final. 107 COM (2003) 771 final; See also Council Conclusions 5831/04 of 2561st Council meeting – Justice and Home Affairs – Brussels 19 February 2004..

297

298

Chapter 9

ture would need to consult the VIS in order to check visa authenticity or traveller identity, and as well as to identify undocumented travellers. Despite the synergy between the two systems, data and access will remain separate.108 9.6.4.2 Authorities Article 23 of the proposed Regulation places the responsibility for establishing and operating the C-VIS and the communication infrastructure between the C-VIS and National Interfaces on the Commission. The data is processed by the C-VIS on behalf of the Member States. Article 24 places the responsibility for establishing the National system on the Member States. Each Member State has a number of responsibilities which are spelt out in Article 24 (4). 9.6.4.3 Data Registered According to Article 3 of the proposed Regulation, the VIS will hold the following categories of personal data: – Alphanumeric data on the applicant and on visas requested, issued, refused, annulled, revoked or extended; – Photographs; – fingerprint data, and; – links to other applications. The VIS data will be processed in two steps. In the first step, data will be alphanumeric data and photographs. These will include: – Types of visa: Schengen uniform visa and “national visas”, indicating types (A,B,C,D,D+C), and including LTVs;109 – Status of visas; Visas requested and visas issued, visas formally refused, visas annulled, revoked, extended; – All the relevant data required to identify the applicant, to be taken from the application form; – All the relevant data required to identify the visa, to be derived from the sticker; – The competent authority that issued the visa (including border crossing points) and whether that authority issued it on behalf of another State, as well as the competent authority that formally refused, annulled, revoked or extended the visa; – Standard grounds for refusing, cancelling, withdrawing and extending visas; – Information required for the VISION consultation and on the results obtained by that consultation; – Record of persons issuing invitations, those liable to pay board and lodging costs; 108 Ibid. 109 A, B, C-Visas (Schengen Uniform Visas; D, D+C-visas (National visas); LTVs (Visas with Limited Territorial Validity).

A Network of Related Cross-Border Information Systems

–

Digitalised photographs or original photographs of the visa applicants, taken with a digital camera depending on further assessment of the impacts of both alternatives.

In the second step, biometric data and scanned documents will be processed and entered in the VIS. The choice of biometric data was recommended by the feasibility study to include: fingerprints as the primary biometric identifier and facial recognition as an additional verification facility. The biometric data would allow the linkage with alphanumeric data and photographs above for verification and identification purposes including background checks. As a further step, supporting documents could be scanned and processed when they are added to the visa file such as, – Travel documents; – Record of persons issuing invitations, those liable to pay board and lodging costs; – Insurance policies, etc. 9.6.4.4 Access to Data Article 4 of the proposed Regulation provides rules for access to the data. Access for entering, amending or deleting the data is reserved only for duly authorised staff of the visa authorities. Access for consulting data and the right to search and to use data is reserved exclusively to duly authorised staff of the authorities competent for the purposes as specified in Chapters II and III, limited to the extent as need for the performance of these tasks. Each Member State is to designate the competent authorities, the staff and communicate to the Commission a list of these authorities. 9.6.5

Data Protection

The proposed Regulation is Community legislation and therefore protection of data laws, the Directive 95/46/EC and Regulation (EC) 45/2001 will fully apply.110 This Regulation follows suit with the Eurodac Regulation and the two are among the first border control information systems to have a higher level of data protection. It is a great leap from the intergovernmental level of protection seen in the SIS, Europol and CIS. Chapter IV of the proposed Regulation is about the retention and amendment of data. Article 20 allows a retention period of five years for each application file. There are two exceptions, the first is Article 21 where data is inaccurate or unlawful and may be deleted. The second exception is Article 21, where data may be deleted before attaining five years if the person associated with the data acquires nationality of any Member State. Upon expiry of the period of five years, the VIS shall automatically delete the application file and the link(s) to the file. Authority to amend data is placed on the Member State which has transmitted the data to the VIS. The right includes the right to update, supplement and correct or delete the data. 110 Recitals 14 and 15.

299

300

Chapter 9

Chapter VI deals with the rights and supervision on data protection. The rights conferred are the right of information, right of access, correction and deletion. Article 32 requires co-operation among competent authorities of Member States in order to actively enforce these rights. For the first time, it is stipulated in law that the national supervisory authority shall where requested, assist the person concerned in exercising his right to correct or delete data. These should, however, also have included the exercise of the right of access. The person concerned can also apply for assistance and advice to the Independent Supervisory Authority, i.e. the European Data Protection Supervisor. This is a welcome clarification because it goes beyond granting rights and calls for giving information, guidance and assistance to data subjects, something that has not been categorically stated in data protection laws and what this study is advocating. Article 33 is about remedies, the right to bring an action or complaint to courts of a Member State where a Member State has refused a person the right of access to or the right of correction or deletion of data relating to him. The national supervisory authority is required to assist and, where requested advise the person concerned, throughout the proceedings. Article 35 establishes the national supervisory authority in accordance with Article 28 (1) of the Directive. Its role is to independently monitor, applying the national law, the lawfulness of the processing, according to the Regulation, of personal data by the Member State concerned, including their transmission to and from the VIS. An Independent Supervisory Authority is established under Article 35. This is the European Data Protection Supervisor as established by Article 41 (1) of Regulation (EC) No 45/2001 whose role is to monitor the activities of the Commission relating to the rights of persons covered by this Regulation. The national supervisory authorities are required to support the EDPS in performance of its tasks. The Commission too is required to supply information requested by the EDPS, give the supervisor access to all documents and to its records referred to in Article 28 (1) and allow him access to all its premises, at all times. 9.6.6

Relation between VIS and SIS/SIRENE

When the Visa Information System becomes operational, it will be a new biometric system as opposed to the non-biometric SIS. As far as the current SIS is concerned there is not much comparison with the VIS because the latter is a future system. The best comparison with VIS would be the SIS II. The VIS and SIS II will share the same technical platform so that access to data by the officers of both systems will be reciprocal. That is, VIS officers would be able to access data in the SIS II and vice versa. Sharing of data between the two systems is therefore envisaged. The VIS is mainly an immigration control system unlike SIS or SIS II which are both immigration and crime controls systems. As such, the VIS targets foreign nationals as subjects of control while SIS (II) targets both foreign nationals and EU citizens. The VIS is a First Pillar system and data processing is regulated by Community data protection laws, EU Directive 95/ 46 and EC Regulation 45/2001. The SIS II is partly a First Pillar and Third Pillar system and has a dual legal base. Data protection is divided between the First Pillar instruments and Third Pillar CoE Convention.

A Network of Related Cross-Border Information Systems

The SIRENE will most likely play the role of exchange of supplementary information in the future VIS given the high possibilities of data sharing with the SIS II. 9.6.7

Conclusion

The VIS is another step toward total surveillance in police and border control co-operation. Since it is the first police and border control system to be established in the aftermath of 11 September 2001, it will allow for wide consultation among police, border control and security authorities. Although inclusion of biometric data have been mooted before, after 11 September and later events of 11 March 2004 in Madrid Spain, their inclusion has been justified and VIS is just the beginning. It is expected that police and border control co-operation will in the future be characterised by wide usage of biometric data. The challenge that faces the co-operation is how to regulate and safeguard individual rights in a biometric environment. The proposed Regulation seems to take into consideration some of the transparency and proportionality concerns raised in this study and it is a good start. More, however, needs to be done; especially the Directive on which data protection in Europe is based needs to be reviewed in order to improve transparency and proportionality. The VIS also expands the scope of persons whose data is systematically registered within the EU beyond the scope of the SIS and Eurodac. The three systems together now bring all foreign nationals in the EU under monitoring and surveillance. 9.7

A Combined Analysis of Cross-Border Police Systems

The objective of this section is to discuss and analyse problematic areas and issues that may arise as a result of proliferation of cross-border police systems discussed above. The discussion here will be brief because these issues run throughout the entire work. The table below offers a summary of the areas of convergence and divergence among the systems. According to Figure 14 below, the technical linkage between SIS and the other systems is currently non-existent, but SIS II will allow such linkage. The scope of the SIS and most of the systems is European save for Interpol which is global. There is quite some overlapping of purposes among the systems. The legal basis of the SIS, Europol and CIS is the Third Pillar, while that of the VIS and Eurodac is the First Pillar but the SIS will have dual legal basis: First Pillar and Third Pillar. The Interpol is based on a constitution and quite unique from these other systems. Currently data sharing is possible between the SIS and Interpol and SIS and Europol but there is no sharing of data between the SIS and Eurodac, VIS and CIS. SIS II, however, will share data with Europol, Interpol, VIS and possibly Eurodac. Future operability of the systems is anticipated. Finally, all the systems save Eurodac and VIS, which have their target restricted to aliens, have their targets as European citizens and aliens.

301

302

Chapter 9

Systems

Technical Scope linkage

Purpose

Pillar

SIS/SIRENE

N

E

C/I/S

T

Interpol

N

G

C/S

N

Eurodac Europol CIS VIS

N N N N

E E E E

A/I C/I/S C/S I/S

F T T F

SIS II

Y

E

C/I/S

F/T

Data Sharing

Future Target Inter-operability Interpol/ P EC/A Europol SIS/ P EC/A Europol N P A N P EC/A N P EC/A SIS/SIS P A II/ Europol Interpol/ Y/P EC/A Europol/ VIS

Key: A – Aliens or Foreign nationals, C – Crime, E – European, EC – EU Citizens F – First Pillar, G – Global, I – Immigration, N – No or None, P – Possible S – Internal Security, T – Third Pillar, Y – Yes. Figure 14: Analytical Comparison of the Systems

9.7.1

Purpose

A common purpose may be at the core of the establishment of the cross-border systems outlined above. The systems are organised around shared common goals and policies of preventing and combating crime and illegal immigration. The crimes that are covered by these systems have an international dimension. It may not be wrong, therefore, to conclude that these systems enhance the enforcement of international laws such as, extradition and refugee laws, and national laws with an international character such as criminal and immigration laws. The particulars and scope of the crimes they deal with, however, differ in some degree. For example, the SIS covers both internal and international crimes. Internal crimes are crimes that are mainly regulated by national laws like the penal laws, immigration laws, etc. As regards penal code crimes such as murder, theft, rape, etc, the SIS is applicable where the perpetrator disappears from the jurisdiction after committing the crime. Article 95 of the Schengen Convention is invoked and a report is made for arrest and extradition of the person for trial in the country of origin. In case of foreign nationals who are expelled as a result of violation of alien law or rejection of asylum application, Article 96 may come into play. Interpol deals with what it refers to as “ordinary law crimes”. These are crimes having an international dimension and falling outside the limits set by Article 3 of Interpol Constitution. Eurodac is mainly concerned with asylum seekers and illegal immigration. Its objective is to prevent and combat illegal immigration, especially ‘multiple asylum applications’ by systematically recording information and fingerprints of all

A Network of Related Cross-Border Information Systems

persons who request for asylum in the European Union. Europol is concerned with serious international crimes including crimes touching on immigration control such as prostitution and human smuggling and trafficking while the CIS deals with crimes contravening national laws but with an international aspect, for example, smuggling and dealing with prohibited goods. The problem that may arise, where many systems exist, is the overlapping of purpose, tasks and competence which may occasion ambiguity. This may be true as regards the SIS and Interpol, which are databases with similar objectives.111 For example, persons registered in the SIS for purposes of arrest and extradition could very well be registered with Interpol. In such circumstances, cases of duplication may be difficult to avoid. This is true given the scope of Interpol is global while that of the Schengen system is restricted to a number of countries in Europe. The tendency, therefore, would be to post requests both in the SIS and Interpol. The SIRENE Manual appreciates the duplication problem and sets out rules on how to overcome the overlapping roles of SIRENE and Interpol. The rules state, for example, that priority is to be given to SIS alerts over Interpol alerts. The priority is to apply in particular, if a SIS alert conflicts with an Interpol alert.112 Furthermore, within the territory of the Contracting Parties, alerts in the SIS take priority over Interpol alerts. Interpol alerts are to be restricted to exceptional cases (alerts not provided for in the convention) for instance, where it is not possible to enter alerts for works of art into the SIS or if not all information is available for a SIS alert. Also, similarities in data may open to sharing data across systems. The fact that both SIS and Interpol system have registers for stolen and lost passports have made data sharing between the systems necessary as indicated below. Due to the objectives of Europol as a crime analysis system, it does not seem to duplicate and conflict with the other systems as Europol will not duplicate the other systems because its objectives are different. Rather, it will supplement the other systems.113 After 11 September 2001, the purpose of the systems has expanded to include generally prevention and the fight against terrorism. While this may not have been the original purpose of entering the information in most of the systems, the requirement to share information across systems (see below) tends to expand the purpose of data in these systems to include prevention and the fight of terrorism. The consequence is that data could be applied to different purposes than they were originally intended. 9.7.2

Scope

The geographical scope of the SIS, Eurodac, Europol, and CIS is restricted to EU Member States. In other words, only Member States of the EU may implement and operate these systems. But in the case of SIS non-EU members, Norway and Iceland have been allowed to operate the SIS after signing a co-operation agreement with EU Member States who are members of Schengen co-operation. Interpol is the only system, which is global, with members all over the world. As discussed below (9.7.4), the extent 111 Schengen Central Group Annual Report SCH/C (98) 60 rev 4 Brussels, 22 June 1998. 112 See details of the rules; Article 3.2.3 SIRENE Manual. 113 See, Storbeck, J. (1997). pp. 117-128.

303

304

Chapter 9

of exchange of information recorded in these systems, however, may go beyond the restricted geographical scope making them global in effect. Exchange of information with third countries and third bodies is therefore feasible as Europol Convention contemplates in Article 10 (4).114 The SIRENE manual also authorises sending of information to third States. It states that the SIRENE Bureau of the Contracting Party which issued the alert always decides whether or not to pass information on to third States.115 The intensified war against terrorism, especially after 11 September 2001, will mean that these systems become more global as pressure will be exerted for sharing of information with countries outside the restricted geographical area. An example here is the agreement between the USA and Europol to share information.116 The systems have also different scope because they target different social groups. The SIS applies mainly to aliens. Citizens may be registered but not on the basis of Article 96 under which most alerts on persons in the system are registered. Citizens may be registered under Article 95 (extradition), Article 97 (wanted persons), Article 98 (witnesses) and Article 99 (discreet surveillance). The number of person registered under these provisions, however, is very low. The SIS therefore remains predominately an aliens’ database. The Interpol system applies to persons involved in crime, both aliens and citizens may be registered. Similarly, Europol is an all persons’ crime register, irrespective of nationality. The same applies to CIS which registers persons involved in customs related crimes. The Eurodac, on the other hand, is purely an aliens’ system as it records all foreign nationals who apply for asylum or are illegal immigrants or are arrested for irregular border crossing. The proposed Visa Information System also targets foreign nationals who apply or are issued with entry visa or resident permit. Later, a European Passport System could become a reality and it will target EU citizens and nationals.117 From this analysis, it is evident that, in the near future, no person will be spared. Each individual will be registered in one or other border control system. Consequently, total surveillance, which has all the time been dreaded by Schengen and privacy critics, seems to become a reality under the current police and border control co-operation in Europe. 9.7.3

Technical Structure

The technical structure of all the systems are similar, however, there are some fundamental differences. The differences may be an obstacle to data sharing among systems, which is positive from an individual data protection perspective but negative from a national security consideration. All the systems have a central system with corresponding national systems. The SIS has the C.SIS and NSIS/SIRENE, Eurodac, a Central Unit and national transmission systems; Europol, the Central System and the national units; CIS, 114 See also Europol rules of exchange of information with third States and bodies, note 67 supra. 115 Article 3.2.3. (c) of the SIRENE manual. 116 Draft agreement between Europol and USA: Council Decision 13359/01. 117 COM(2004) 116 final, Proposal for Council Regulation on standards for security features and biometrics in EU citizen’s passports, Brussels, 18 February 2004.

A Network of Related Cross-Border Information Systems

the Central System and national terminals and Interpol, Criminal Intelligence Database and National AFS. The current SIS, however, is unique from the other systems in that it does not allow searching the central system. Member States may only search their N.SIS registers and not the central system. But this is designated to change with the implementation of SIS II which will allow searching the central system. The changes reflect the current thinking in security circles which advocates creating a network of decentralised systems for easy sharing of data. Technology used in different systems may also be different and does not allow sharing of data across systems. As stated below, information sharing could be possible through other means and channels. But as new developments indicate (see below) sharing information across systems may be possible in the future as the call for interoperability of the systems and availability of data118 is heeded. As the US 9/11 report has observed “the necessary technology already exists. What does not, are the rules for acquiring, accessing, and using the vast stores of public and private data that may be available”.119 As if to heed this observation, the recent Council Draft Framework Decision purports to set up such rules of wide sharing of information using existing and future data systems (see below 9.7.6). 9.7.4

Data Recorded

All the cross-border systems record personal data. The items of data recorded, the extent and scope are, however, specific to the purpose of each information system. But the various data recorded by the different systems make sharing of information across systems attractive. For example, Interpol and SIS are to share data on lost and stolen passports. As such, a search in the Interpol system would not be complete without a similar search in the SIS and vice versa, as both systems contain data on lost and stolen passports. Interoperability between the two systems has been advocated for and it would allow sharing of data. Similarly, when SIS II and VIS become operational, it will be possible to search both systems. The inclusion of biometric data in both systems makes sharing of data attractive. The sharing of data will also be extended to Eurodac which too contains biometric data (fingerprints), see below. The character of data in these systems is also changing to include biometric data. After 11 September 2001, there has been a surge for biometric data in border control. For example, the US Congress has mandated the addition of biometric data in a new automated entry and exit system for travellers known as United States Visitors and Immigrant Status Indicator Technology (US-VISIT). In Europe, the new SIS II and VIS system will contain biometric data too. The European Council in its Thessaloniki meeting said that “a coherent approach was needed in the EU on biometric identifiers or 118 The Hague Programme adopted at the EU Summit on 5 November 2004 requires that from 1 January 2008 the “principle of availability” - which means that where data is held then it can be shared between law enforcement agencies – to become the guiding principle for access to personal data held by national law enforcement agencies in other EU Member States. 119 US: The 9/11 Commission Report – Final Report of the National Commission on Terrorist Attacks Upon the United States, p. 419.

305

306

Chapter 9

biometric data for documents for third country nationals, EU citizen’s passports and information systems (VIS and SIS II), and invited the Commission to prepare the appropriate proposals, starting with the visa.” When these proposals are implemented, biometric data processing will encompass all persons in Europe. 9.7.5

Access to Data

The systems specify the authorities and persons who have direct access to the information entered in the systems. Mainly it is the authorities involved in border control work that have the access. In most cases these authorities are the police, immigration and customs. In some cases, the authorities that may need and have access to information are not clear. Access therefore may be problematic, as it may not always be possible to know where to draw the line as to which authority should or should not have access. In border control matters, it is not only the above mentioned authorities that have responsibility, other authorities such as the judiciary, intelligence and military also exercise responsibility. This has led Busch to comment the following: The complexity of this constantly developing legal labyrinth threatens to blind us to the fact that, despite their patchwork character, all of the legal and technical instruments set up in recent years in the domain of Justice and Home Affairs co-operation have one characteristic in common: each of them is paving stone on the one-way road towards the creation of a powerful common European public order and security apparatus, where the traditional border-lines between judiciary, police, customs, intelligence and military will disappear, where executive organs will play a leading role, and where national systems of checks and balances will no longer apply in a ‘a common area of freedom, security and justice.120

The impact of this development is that data processed by one authority will become available to other authorities. This is becoming increasingly true especially after the 11 September 2001 terrorist attacks on the USA. The 9/11 Report identifies lack of sharing and access to public data by security authorities as to have rendered the US vulnerable to the terrorist attacks. From a data protection perspective, the principle of finality that limits the use of information for the original purpose may be violated, as different authorities may not restrict themselves to the use of data for that purpose as sharing of data become more common. 9.7.6

Integration of Systems

Fear has been expressed by privacy critics that cross-border systems may be used for surveillance purposes that may extend over the entire society. The possibility that the systems may become integrated gives foundation to such claim. Mathiesen has aptly demonstrated how such integration is taking form.121 He observes that “a vast, amalga120 Busch, N. (May/June 1997), p. 11. 121 Mathiessen, T. (1999), p. 30.

A Network of Related Cross-Border Information Systems

mated police-based data system of the kind envisaged above may function both on the individual and the aggregate level: Individuals may be subjected to registration and surveillance, while whole population groups may quickly be sorted out for “special treatment”. The system may be used for political purposes by police forces as well as through political institutions”.122 Although physical or electronic integration of the systems is not currently envisaged as the systems stand and operate as different entities, such integration is feasible through sharing of data across systems. The Europol Convention is explicit, as discussed above in section 9.4.6 that Europol may get its information from a variety of sources,123 which would include such information systems as SIS, Eurodac, CIS, and Interpol. The Schengen Convention has been amended to allow Europol access to SIS data. Europol may also share its information with a multitude of third States and third bodies without restriction. As Mathiesen has further argued, Europol may become the focal point of integration of cross-border systems taking the lead from the Schengen system, which is rapidly being integrated into the EU system.124 The extent of information sharing authorised for the Europol system leads to the conclusion that Europol is the core of this integration process. Recent developments, especially after 11 September 2001 and 11 March 2004 (Madrid terrorist attack), have given impetus for a wide scale sharing of data across systems. The 9/11 Commission Report has not minced words and calls for sharing information. It observes that “the U.S. government has access to a vast amount of information. But it has a weak system for processing and using what it has. The system of ‘need to know’ should be replaced by a system of ‘need to share’.”125 The European Council, in its meeting on 25 March 2004, coming immediately after the Madrid attacks, called for ‘simplifying the exchange of information and intelligence between law enforcement authorities of the Member States’.126 Soon after, on 4 June 2004, the Kingdom of Sweden issued a draft Framework Decision on the exchange of information.127 The objective of the Framework Decision is to establish the rules under which Member States’ law enforcement authorities effectively and expeditiously can exchange existing information and intelligence for the purpose of conducting crime investigations or crime intelligence operations and in particular as regards serious offences, including terrorist acts, Article 1. The more precise objectives as stated in the explanatory memorandum to the Framework Decision are to: – Create a common legal framework for the exchange of information and intelligence applicable to all national authorities with a law enforcement function; – Increase and simplify the exchange of information and intelligence between such authorities; 122 123 124 125 126 127

Ibid. p. 30. Article 10(4) of the Europol Convention. Mathiesen, T. (1999), p. 30. 9/11 Report. PDF Version, pp. 416-417. http://www.gpoaccess.gov/911/pdf/fullreport.pdf . European Council: Declaration on combating terrorism, Brussels, 25 March 2004, p. 5. Draft Framework Decision on simplifying the exchange of information and intelligence between law enforcement authorities of the Member States of the European Union, in particular as regards serious offences including terrorist acts.

307

308

Chapter 9

–

Close possible gaps caused by stricter rules for gathering and exchanging information and intelligence at Union level than national level.

This would open for wide information exchange among all authorities involved in prevention and combating crime: police, custom, judicial and immigration authorities. The Commission confirms this in its Communication when it states that “this communication intends to improve information exchange between all law enforcement authorities”.128 The exchange of information will use existing channels, including information systems, liaison officers and other channels that Member States may deem appropriate.129 The exchange of information is both required and spontaneous.130 Article 7 of the Draft Framework Decision provides that “exchange of information and intelligence may take place via the SIRENE Bureaux or in accordance with Article 4(4) and 5(4) of the Convention on the establishment of a European Police Office (the Europol Convention) or in customs matters via the central units as defined in Article 5(1) of the Convention on mutual assistance and co-operation between customs administration or within any other framework established at bilateral or multilateral level among the Member States of the European Union.” According to the Commission, the first core objective of Information Policy for Law Enforcement is to establish free movement of information between law enforcement services, including Europol and Eurojust. That may mean both Europol and Eurojust information systems could be interoperable. As regards other systems, the Declaration did request the Commission to submit a proposal for enhanced interoperability between European databases and to explore the creation of synergies between existing and future information systems (SIS II, VIS and Eurodac) in order to exploit their added value within their respective legal and technical frameworks in the prevention and fight against terrorism. As indicated above (9.6), both SIS II and VIS will operate on the same technical platform and the synergy between them will allow users of both systems to consult each of the systems. In its Communication, the Commission is of the view that the only viable option for the future will be the creation of interoperable and interconnected EU systems. A conceptually comprehensive IT architecture that integrates national, European and international inter-linkages offer in the long run considerable savings, synergies and policy opportunities, both in the area of criminal intelligence and in the broader context of an evolving European Security Strategy.131

Further, the European Council wanted the work on exchange of stolen and lost passport information between SIS and Interpol completed. It asked the Commission to issue a 128 Communication from the Commission to the Council and the European Parliament towards enhancing access to information by law enforcement agencies, Brussels, 16 June 2004 COM (2004) 429 final p. 4. 129 Articles 7 of the Draft Framework Decision. 130 Article 8 of the Draft Framework Decision. 131 COM (2004) 429 final, p. 9.

A Network of Related Cross-Border Information Systems

proposal on the creation of an integrated system for the exchange of information on stolen and lost passports having recourse to the SIS and the Interpol database. It also requested the Commission to issue a proposal for a common EU approach to the use of passengers’ data for border and aviation security and other law enforcement purposes. The Hague Programme on Area of justice, freedom and security 2004, launched the ‘principle of availability’ as a common standard for information sharing and exchange between the national law enforcement authorities.132 The principle, as set out in The Hague Programme, states that information for law enforcement purposes needed by the authorities of one Member State will be made available by the authorities of another Member State, subject to certain conditions.133 The principle is invoked as a motive to interlink different EU databases and to give authorities a wide access to these databases as well.134 All these measures, especially the Commission Communication, open floodgates to all law enforcement agencies to have access to each others’ databases, right across all the EU States and even non-EU States.135 The principle of finality of data may be at risk here as data shared across systems may be put to different use than that for which they were recorded. As mentioned above linking, matching and profiling data may raise serious problems. 9.7.7

Data Protection

Focus on data protection in border and police work is a recent development that has taken place in the last decade of the twentieth century. It was brought about by the rise of cross- border information systems in the control of persons. The legislation establishing the information systems discussed above have extensive provisions on data protection. Even Interpol has developed its own rules for data protection. The Schengen, Europol and CIS conventions set out a minimum requirement for data protection equivalent to the principles established by the Council of Europe 1981 Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data at national levels. Further, the Schengen and Europol conventions require Member States to take account of Recommendation No. R (87) 15 of the Committee of Ministers of the Council of Europe of 17 September 1987 concerning the use of personal data in the police sector. These regimes, however, still raise some pertinent data protection issues that need to be addressed. For instance, the Council of Europe Convention is a general data protec132 The Hague Multinational Programme for strengthening the area of freedom, security and justice, European Council 4-5 November 2004. 133 Communication from the Commission to the Council and the European Parliament: The Hague Programme: Ten priorities for the next five years – The partnership for European renewal in the field of Freedom, Security and Justice, 8922/05 JAI 163, 13 May 2005. 134 Liberty & Security: Data surveillance and border control in the EU: Balancing efficiency and legal protection of third country nationals. http://www.libertysecurity.org/article289.html. 135 See also, Statwatch: European Commission proposes “free market” for law enforcement database access. http:www.statewatch.org/news/2004/jul/08-com-lea-access.htm. Accessed on 6 September 2004.

309

310

Chapter 9

tion legislation, which does not fully address the needs of protection in police sector. Further, the Convention leaves room for derogation by member countries. The Council was aware of these problems, so it issued the Recommendations.136 Unfortunately, the Recommendations are not binding and therefore countries are not obligated to follow them. In addition, with the EU Directive being the minimum level of data protection (within the applicable scope) in the European Community and Member States, continuing to rely on the CoE Convention which offers a lower level of protection than the Directive is unfortunate. Data protection in police and border control should apply higher level of protection like the other sectors of the EC. Eurodac Regulation and the proposed VIS Regulation have the EU Directive and Regulation on data protection as a minimum standard. In this respect, both are the only border control system applying a higher level of data protection. The European Parliament has been in the forefront in urging for adoption of legal instruments that offer higher protection within the police and border control co-operation. For example, it called for the Council to endorse draft Article 22 (Europol)137 which makes Europol part of the First Pillar, including the proposal to convert the Europol Convention into a regulation.138 With the adoption of the Draft EU Constitution, it is expected that this anomaly of lower and higher protection will come to an end as the Draft abolishes the pillar system. Data protection in the police and border control co-operation would fall under the EU law (once the EU Constitution comes into effect) and therefore the higher protection criterion will apply. But with the rejection of the Constitution by some Member States in referenda has cast a dull prospect for its successful ratification. Apart from the legislative problems above, the description and analysis of the police and border control systems raise two main data protection concerns namely:– sharing of data across systems, and – use of biometric data. These concerns will be analysed further in the following chapter on control and identification techniques. 9.8

Conclusion

The cumulative effect of these systems is that they increase instances of control and surveillance in Europe. Each system that is added brings a new dimension of control and surveillance. The number and category of persons put under control and surveillance increase with every system that is put into place. The aggregate effect of the SIS, Eurodac and VIS is to place all foreign nationals in the EU under control and surveillance. EU citizens may have escaped control and surveillance by these systems, but they 136 See, Explanatory Memorandum to the Recommendation No. R (87) 15 Regulating the use of personal data in the police sector 17 September 1987 paragraphs 13-14. See also Joubert, Chantal & Hans Bevers (1996) p. 458. 137 CONV 614/03 of 14 March 2003 on Area of Freedom, Security and Justice. 138 FINAL A5-0116/2003 Recommendation to the Council on the future development of Europol, European Parliament 1999-2004.

A Network of Related Cross-Border Information Systems

are also not so lucky as they are drawn (albeit specific categories who are subject of these systems) into the web of control and surveillance by systems such as Europol, CIS and Interpol. But the implementation of the European Passport regime and the accompanying information system would net all European citizens into control and surveillance. As noted in the previous chapter on the SIS and SIRENE, the same concerns on transparency and proportionality in processing of personal data analysed there could well be applied to the information systems discussed in this chapter. All the systems except the VIS were conceived, developed and implemented in the era of strong notions of intergovernmental co-operation under the third pillar. As such, data protection was not given a high level of protection. Recent development in the EU, however, has brought about a shift of thinking from the intergovernmental to Communitarisation. Legislation is responding to this shift and good examples are the Eurodac Regulation and the proposed VIS Regulation. Both legislations implement the higher level of data protection as found in the EU Directive and EU Regulation on data protection. The other border control legislations will require following suit if an adequate level of data protection is to be achieved. At the same time with the new control and identification techniques, such a data sharing among systems and use of biometric data, new ways of protecting personal data which allow greater transparency and proportionality need to be conceived and implemented.

311

Part IV: Border Control Technologies and Policies

10

Border Control and Identification Techniques

10.1

Introduction

Success in border control is predicated on effective identification techniques. As such border control authorities must ascertain that the person who crosses the border is permitted to do so. For example, they must be satisfied that the person is authorised to enter the country he or she desires to enter and has the necessary documentation. They must also make sure that the person is not a wanted criminal. Border control identification techniques have changed with time and technology. In recent years, the improvement in biometrics technology is propelling advanced methods of identification for border control. The aim of this chapter is to examine different identification methods used in the control of persons. The objective is to examine their justifications and the problems they raise as regards the protection of persons. Are the justifications offered for the introduction and use of these control and identification techniques valid? Do the control and identification techniques undermine or strengthen individual protection? To examine this, the transparency and proportionality criteria developed and used in the preceding chapters will be used here. This chapter will also demonstrate how the information systems discussed in the preceding chapters are fed with information collected through the identification methods discussed here. Another aim is to demonstrate how these techniques and technologies enable and facilitate police and border control co-operation. The collection of information is part of processing of personal information and the manner and methods of collecting information do impact on the entire processing procedure. For example, questions may arise as to the fairness and lawfulness of collection of the information. To be able to deal with such questions, it is necessary first to explain reasons for identity control, the different identification methods and the type of personal information involved. The approach used is to distinguish between traditional identification and control techniques and the biometric techniques. The techniques are explained and their extent of use established. The discussion then ventures to the legal basis both at the Schengen/EU level and the national level in particular Norway. An assessment of the impact of the identification methods on individual protection, especially compliance with Article 8 ECHR and data protection rules, is carried out. Since some of the methods discussed here are new and have not been applied yet, the assessment will be both de lege lata and

316

Chapter 10

de lege ferenda. The de lege ferenda hypothesises on legal consequences for use of the new identification methods. This will be an evaluation based on human rights compliance and data protections transparency and proportionality perspectives. 10.2

Identity Control and Its Justification

Reasons for identity control are numerous as are identity schemes. Too, official reasons may be different from the underlying reasons which are never stated. While it is easy to identify the official reasons which are normally provided in government policy documents, the underlying reasons are difficult to point out because they are never stated. In this section, the focus is on official justifications. It examines a number of identification schemes and their justifications by examining official policy documents and legislation. Eurodac is an identification system which uses fingerprints as an identifier. According to Eurodac Regulation, the purpose and policy aims of the system are to identify persons who make multiple asylum applications in different countries and to enable determination of which Member State is entitled to handle the asylum application. It accomplishes this by taking and registering fingerprints of asylum seekers and illegal immigrants. Other justification put forward was reliability of fingerprint identification which would enable authorities to catch those making multiple applications and abusing the asylum system. Cost reduction was also put forward as a justification, those identified to be cheating are to be thrown out of the region and this saves the country a lot of money which would have been spent to sustain the person in the country while his or her application was being determined. It was also argued that identification was beneficial to the genuine asylum seekers because quick determination of identification would amount to reaching asylum case decisions swiftly and the person concerned would avoid a long waiting period. But what was not revealed is the reasons why persons make multiple applications. Surely there are a few who make multiple applications in hope of benefiting from the social welfare benefits. But it is not a secret that Member States have different procedures for deciding asylum application and it is easier to get asylum in some countries than others. An asylum seeker may also prefer a certain country over the first country that one enters because of other reasons such as presence of other family members or people from his or her country in the host country. Although the Eurodac first annual report does confirm the problem of multiple application is real, the numbers, 7% of the cases being multiple applications, is not as high as initially was thought when the Eurodac policy was being formulated. Perhaps the cases of multiple applications could be explained by the alternative reasons other than the need to cheat and abuse the system. The securing of documents, visas, residence permits and passports scheme uses biometric: photograph and fingerprints as identifiers. The purpose is to make identification of the holder of the document secure so that the document can with certainty be linked to the holder. The commission sets out the justification in the two proposals for Regulations on the use of biometrics in visas and residence permits. It states that, 

See 9.3.4.2.

Border Control and Identification Techniques

in the aftermath of the tragic events of September 11, 2001 the Commission was asked to take immediate action in order to improve document security. Clearly it was important to be able to detect persons who tried to use forged official documents in order to gain entry to European Union territory. Prevention of the use of bogus or false identities could best be achieved by enabling more reliable checking of whether the person who presented a document was identical to the person to whom the document had been issued.

Justification is to prevent use of forged documents and detect those who try to use them. Earlier on, photographs had been incorporated into visas and residence permits with the following justification. One of the weaknesses of the system then in use was that neither the visa nor the residence permit, in sticker form, included any sort of photograph or other reliable means of identification. Consequently, it was decided that at the very minimum, it was urgent to provide for the incorporation into both documents of a photograph, meeting high security standards.

As regards incorporation of biometrics on EU passports, the Commission issued a proposal Regulation in 2004. Its aim is to use facial image (Member States may opt to include fingerprints) as identifiers. The aim is to render the passport more secure and at the same time to establish a reliable link between the genuine holder and the document through biometric identifiers. An additional justification is to allow EU Member States to meet the requirements of the US Visa waiver programme in conformity with international standards. The main justification of introducing biometric identifiers into these documents is to ensure secure identification of the holders. But the fact is that the documents are used as filters of identity to determine holders entitled to benefits accruing with the documents; they have more than the mentioned purposes. For example, visas and residence permits are used also for control on illegal immigration. Enhancing identity control means that many more people who could have entered the territory or stayed in the territory cannot. The link of the introduction of biometrics in the documents to 11 September events means that the documents are being used also in the fight against terrorism.



   

See Proposal for a Council Regulation amending Regulation (EC) 1683/95 laying down a uniform format for visas COM(2003) 558 final Brussels 24 September 2003, and; Proposal for a Council Regulation amending Regulation (EC) 1030/2002 laying down a uniform format for residence permits for third-country nationals COM(2003) 558 final Brussels 24 September 2003. Ibid. Proposal for a Council Regulation on standards for security features and biometrics in EU citizen’s passports COM(2004) 116 final Brussels, 18 February 2004. Ibid. Article 1. Ibid. p. 3.

317

318

Chapter 10

In the British national identity cards scheme, identifiers being considered are facial, iris and fingerprint. The aim is to ensure secure identification of the card holder. Further the government argues that the cards would help in the following areas: – Illegal working and immigration abuse; – Organised crime and terrorism; – Identity fraud; – Entitlement to public services; and – Easier access to public services. United Kingdom Presidency of the Council of European Union has proposed that all ID cards in the EU should have biometrics, that is, fingerprints on them. If the proposal is accepted that would mean passports, resident permits, visas and identity cards would contain biometrics on them. This in effect would mean that everyone in the EU would have their biometrics in documents and stored on national databases and EU wide database. According to Norris and Armstrong, identity control is deemed necessary because we live in both a stranger society and a risk society.10 In a stranger society, identity control is a way of establishing reputation. Today’s society is a stranger society that demands we establish our reputation now and then through documentation or other forms of identification. In the old society where people lived in small isolated and closely knitted worlds – in bands or tribes or villages or towns, establishing reputation was not a big deal. The people then shared one crucial characteristic: the absence of anonymity.11 In those communities, “people were born and reared, they reached adulthood and married, propagated, grew old and died, surrounded always and almost exclusively by persons who knew them and who were known to them.”12 In contrast, the present society, especially the city life, facilitates the growth of individualism, autonomy and personal freedom and this has given rise to what Lofland calls the “world of strangers”. 13 According to him, the city becomes a place where persons find themselves to be “strangers in the midst of strangers”. In such a society where nobody can vouch for another’s reputation, identity control becomes necessary in order to authenticate who one claims to be. Today’s society can also be classified as a risk society. Identity controls are meant to minimise risk. “Risk society promises a world in which fail-safe risk technologies rather than fallible people rule. It promises any technology of govern-mentality that might



House of Commons – Home Affairs Committee: Identity Cards, fourth report of Session 2003-2004 vol. 1, HC130-I p. 44.  Ibid. p. 23.  Minimum common standards for national identity cards, 11092/05 LIMITE VISA 169, 11 July 2005. 10 Norris, C. & Armstrong, G. (1999), Chapter 2. 11 Lofland (1973) p. 5 quoted in Norris, C. & Armstrong, G. (1999), p. 20. 12 Ibid. 13 Norris, C. & Armstrong, G. (1999), p. 21.

Border Control and Identification Techniques

reduce uncertainty, foster self-regulation and prevent loss.”14 Surveillance reigns in a risk society.15 The aim is to produce as much information of populations as possible. A risk society is also preventive as it tries to predict risk before it happens. Policing in a risky society is therefore proactive. Another characteristic of a risk society is actuarial justice: an abandonment of individual suspicion. That is “justice intervention increasingly based on risk assessment, rather than on the identification of specific criminal behaviour. As a consequence, we are witnessing an increase in, and legal sanction of, such actuarial practices as preventative detention, offender profiling and mass surveillance.”16 Some writers see in the society a broader structural transformation trend from an industrial society toward a risky society (Beck 1992). More recently, other writers such as Ericson and Haggerty (1997) and Feeley and Simon (1994) have argued that we are also witnessing a transformation of legal forms and policing strategies, which reflect the transition to a risky society.17 Where risk society view dominates, policing becomes oriented to the future rather than the past. In other words, it becomes proactive rather than reactive. Even where it is reactive, it demands that information be gathered for the purpose of future risk assessment.18 Applying this to identity control, the emphasis on risk makes everybody a legitimate target of control: Everyone is assumed guilty until the risk profile assumes otherwise. Identity control in a risk society is meant to establish one’s innocence. The increase in crime, especially internationally related crimes is fuelling the call for secure identification. After the 11 September and 11 March terrorist attacks in the USA and Europe respectively, the need for identification has increased and new methods of identification involving biometric technologies have been adopted in order to thwart future attacks.19 Policies on border control are built on the need to minimise risk and future attacks and are proactive in nature. The security authorities are now relying more on intelligence analysis about risks than pre-active methods that respond to attacks. As demonstrated in the preceding chapters, information systems have been justified on the need to identify those crossing borders and entering Europe or those involved in crime, or who are a risk to national security. Identification and risk assessment have become primary movers in securing borders and national security. Society is relying more and more on technology to ensure security and avoid risk. At the same time, individuals have become targets of more scrutiny by these technologies. Rights are granted or denied based on assessments which are technologically biased. With the adoption of biometrics as primary border control technologies and identifiers identification technologies have gone a notch higher. At the same time, society is subjected to technological scrutiny more than ever before in the name of security.

14 15 16 17 18 19

Ericson, R. V. & Haggerty, K. D. (1997), p. 53. Ibid. p. 450. Ibid. Norris, C. & Armstrong, G. (1999), p. 24. Ibid. The 7 July 2005 attacks in London will only hasten the process.

319

320

Chapter 10

10.3

Control Techniques

10.3.1

Traditional Control Methods

Traditional forms of identification and authentication have been something one possesses (token) or something one knows (a code number or word). In border control, tokens have been the most important means of control, identification and authentication. For centuries, tokens have been used for purposes of authentication. Tokens can take a variety of forms, for example cards, disks (wooden or other material), documents, keys, etc. Tokens are things that a person possess or are prescribed to the person. They can be either smart or dumb depending on whether they possess processing powers. Tokens have been used for authentication purposes (that is to verify that the person is who he/she claims to be) and identification (to answer the question ‘who are you?’). Simple tokens such as keys require nothing more other than possession for authentication. But cards carry information such as written information, photographs or fingerprints that may require further verification. For border control purposes, the most commonly used tokens are identification cards which may carry written information only or written information combined with other identification marks such as photographs or fingerprints or both. The main disadvantage with tokens is that they can be lost, stolen or falsified. Secondly, they hardly confirm anything about the person presenting them as they are separate from the person. The problem of lost, stolen and falsified documents has fuelled the need for more secure documents. Incorporating biometrics into documents is seen as the best solution to the problem because it is not easy to change who one is. That is biometric ID is something one is. So, biometrics has become the buzz word in air travel, airport security and border control. The events of 11 September have also spurred an increased activity of both private and public interest in border control security and biometrics. Biometrics, unlike tokens, cannot be separated from the person. The person will always possess them. The following section discusses the main tokens used for identification and authentication for purposes of police and border control work, namely identity cards and photographs. 10.3.1.1 Identity Cards Identification (ID) cards as a form of identification are controversial especially where they are used as internal passports. As an internal passport, the ID card ‘may be a state’s principal means for discriminating among its subjects in terms of rights and privileges’.20 The historical use to which ID cards or tokens have been put may make people detest them. The Roman Empire used tiles called tesserae to identify slaves, soldiers, and citizens over 2,000 years ago. In more recent history, the British used a passbook system to restrict the movement of natives in the colonies. The South African apartheid government used the notorious passbooks to regulate its repressive apartheid system. 20 Torpey, J. (2000), p.165.

Border Control and Identification Techniques

In modern times ID cards of one form or another are in use in many countries. “Identification cards, are not normally, or at least not primarily, used to regulate movement, but simply to establish the identity of the bearer for purposes of state administration and gaining access to benefits distributed by the state.” 21 Their voluntary nature, non-general application and the limited information they contain make them less controversial. It is the compulsory, general application and detailed ID cards that cause most pessimism. Whether voluntary or compulsory, ID cards, however, ‘construct and sustain enduring identities for administrative purposes that enhance states’ embrace of individuals’.22 The Schengen Convention does not contain provisions requiring the use of ID cards in the Schengen area. A number of EU and Schengen Member States, however, have ID card schemes. All EU countries except Great Britain and Ireland have national identification cards of one form or another.23 The cards are voluntary in Austria, Finland, France, Italy and the Netherlands. They are, however, compulsory in Germany, Belgium, Spain, Gibraltar, Greece, Luxembourg and Portugal. Identity cards are compulsory if citizens are required to carry them at all times and show them to any government official who demands them. The five Schengen countries, Belgium, the Netherlands, Luxembourg, France and Germany, studied by Chantal & Bevers, use ID cards as a form of identification. The obligation to carry an ID card permanently accompanied by a fine for non-compliance and the duty to show it at every request of a police or other official, as is the case in Belgium and Luxemburg is the most intrusive.24 In Germany and France, there is no obligation to carry the card but one is expected to show it to prove identity. “In the Netherlands the tendency is for the card to become obligatory at the working place (without any sanction), football games (with a fine) and for clandestine public transportation passengers (where not carrying an ID constitutes an aggravating circumstances).”25 The information recorded in the cards also varies from country to country with the German one containing the most information and the Dutch containing the most confidential information and therefore most likely to offend Article 8 ECHR.26 As regards the legal basis of the cards, only the German card prescribes in statute which information the card should contain. The information to be recorded on the rest of the countries’ cards is regulated at lower levels of legislation. According to Holvast, the Dutch identity card was introduced as a compensatory measure on the removal of internal border control. “The introduction of the card is once again, justified with the argument that an open society as the Dutch will need a new 21 Ibid. p. 159. 22 Torpey, J. (2000), p. 166. 23 See La commission d’accès à ‘information: Background Paper on Identity Cards in Quèbec. October 1996. http://www.autoroute.gouv.qc.ca/publica/identang.html accessed on 05 July 00. 24 Joubert, C. and Bevers, H. (1996), p. 319. 25 Ibid. 26 Ibid.

321

322

Chapter 10

form of control after the opening of the borders.”27 Here the link between the abolition of internal borders and the emergence of new internal controls is evident in the Dutch Card scheme. Some countries have identity cards for foreigners and asylum seekers who are required to produce them when demanded by the police. In Belgium, foreigners are issued with aliens identity cards that state the purpose of the visit if it exceeds three months. In the Netherlands, asylum seekers are issued with the Asylum Card introduced in 1993. Asylum seekers are submitted to routine checks up to three or four times a day.28 A similar project to issue asylum seekers with an Asylum Card was also proposed in Germany. Asylum seekers were expected to carry the card at all times. The card is a smart card (micro-chip integrated card) providing for storing and processing of personal data, photograph, a digital fingerprint, as well as comprehensive information on the current state of the asylum procedure, the receipt of food and other public benefits, the holder’s registered address and the work permit.29 Such a card would definitely open the door to unlimited control of foreigners and asylum seekers. Other countries like the Scandinavian Norway, Sweden and Denmark have National Identification Numbers that may serve similar functions as the ID cards. Personal identification numbers in Norway, especially as regards foreign nationals, are used for internal control purposes. “All residents have a personal identification number that is often required when, visiting a doctor or a hospital, when registering children in school and so forth.”30 A public poll carried out in 1997 in Norway showed that 55% of those interviewed were concerned about the numerous uses of the personal identification number.31 The main arguments for ID cards are connected with control of fraud and other crimes, and illegal immigration. Proponents of the cards lavishly quote figures of revenue that will be saved through control of frauds in social security benefits and tax evasion and employment to be created by the control of illegal immigration. But these figures usually do not stand scrutiny.32 For opponents of the ID card schemes, the threat to civil liberties is real. Identity cards subject an individual to police control without suspicion. The police powers granted under the law on control of identity cards can lead to arbitrary, discriminatory and racist practices based merely on the physical appearance of a person. Although the cards are usually introduced with one use in mind, they are often applied to other uses in a creeping-like effect. 27 Holvast, J. Fortress Europe- Circular letter: “The Netherlands: An Open door in a Europe without Borders. February 1993 http://www.fecl.org/circular/1208.htm accessed on 21 May 00. 28 Nicholas Busch, Fortress Europe- Circular letter: Project for an “Asylum Card” Raises Widespread Concern, February 1995 http://www.fecl.org/circular/3104.htm accessed on 21 June 00. 29 Ibid. 30 Brochmann, G. & Hammar, T. (1999), p. 217. 31 Ukens statiskstikk nr. 39, 1997. See also Datatilsynet, Spor 2/1998. 32 Privacy Committee Special Report: Privacy Issues and the Proposed National Identification Scheme. State of New South Wales, Australia.

Border Control and Identification Techniques

After 11 September 2001, the debate for national ID cards has re-emerged. The arguments for ID cards are being formed by the current surge for biometric identifier technologies. Governments in many countries are calling for the introduction of national ID cards which include biometric identifiers. Consequently, the debate for ID cards is linked with arguments for biometrics. Countries traditionally opposed to ID cards, the United Kingdom,33 the USA,34 Canada35 and Australia,36 have started to use or are considering national ID card systems.37 What this portends for the future is that, introduction of biometric identification technologies will be accompanied with implementation of national ID cards. Article 8 ECHR does not prevent the issue of any form of identity card. The Commission in the case of Reyntjens v Belgium has held that the issue of an identity card containing only a person’s name, sex, date and place of birth, current address, and the name of their spouses, does not itself raise issues of the right to private life under Article 8 ECHR. In addition, it held that “the obligation to carry an identity card and to show it to the police whenever requested to do so does not as such constitute interference in a person’s private life within the meaning of article 8 of the Convention.”38 The import of this decision is that identity cards that contain only objective personal information do not interfere with the protection provided by Article 8. But if the card contained sensitive personal information, it could be construed as interference with protection of private life. For example cards with biometric data would most likely raise Article 8 issues. The obligation to carry the card, whether voluntary or mandatory does not also interfere with private life under Article 8. That means that identity cards, voluntary or compulsory, are not prohibited under Article 8 ECHR. The issues that would involve Article 8 are not the issuing or the carrying of the card or the demand by public or private authority to produce identity card, but the gather33 Identity Cards Bill 25 May 2005, see http://www.publications.parliament.uk/pa/cm200506/ cmbills/009/2006009.htm. 34 Real Id Act 2005 USA: The law mandates state uniformity of driver’s licenses, in a manner to be determined by the Department of Homeland Security. The card will nominally be issued by each of the 50 states, but if any state should not comply with the federal standards, its residents will not be allowed the use their licenses to board an airplane or to enter a federal building. Without an approved card, it will be impossible to open a bank account, collect Social Security payments, or use virtually any other government services. The Real ID Act makes the driver’s license a de facto USA national identity card. 35 In October 2003, the Committee on Citizenship and Immigration of the Canadian House of Commons published an interim report “A national Identity Card for Canadian? See http:// www.parl.gc.ca/committee/CommitteePublication.aspx?COM=3280&Lang=1&SourceId= 61198. But it reached no formal conclusions. On 31 December 2003, however, the government introduced an identity card for foreign nationals who are legal permanent residents in Canada. http://www.ci.gc.ca/english/pr-card/index.html. 36 Photo card Bill 2004 (NWS); The card will provide New South Wales residents who do not hold a driver’s license with a document that will assist them to establish their entitlement to rights and privileges in the community. 37 Lyon, D. (2004). 38 (1992) 73 DR 136, 152.

323

324

Chapter 10

ing and recording of personal data, including data to establish a person’s identity. In the case of Friedl v Austria, the questioning of the applicant to establish his identity and the recording of personal data including fingerprints constituted an interference with Article 8 rights.39 The ECtHR stated in the case of Vasileva v Denmark that it is a fundamental condition for the police in order to carry out their tasks, and thus ensure law enforcement that they can establish the identity of citizens.40 Requiring persons to identify themselves for police and border control purposes is not therefore contrary to Article 8. What would contravene the provision is registration and use of the information. The use or disclosure of information relating to a person’s private life would be interference with respect for private life.41 Identity cards can therefore raise data protection issues that may require to be justified under Article 8 (2). Another issue that may arise from issuing and the obligation to carry identity cards is discrimination. Compulsory registration and identity cards for certain population groups, for example, foreign nationals, minority groups, refugees and asylum seekers, may discriminate against these groups contrary to Article 14 ECHR read in conjunction with Article 8. Article 14 prohibits unjustified discrimination on any grounds.42 Under Article 14, however, a difference of treatment may be permitted where there is an objective and reasonable justification for it, and where it is proportionate to a legitimate aim.43 Compulsory registration and identity cards on grounds of fighting and prevention of crime and illegal immigration or fraud may not be justified if there are alternative means to fight and prevent these vices. Countries involved would be hard pressed to prove registration and identity cards were the only means to fight and prevent crime, illegal immigration and fraud. Indirect discrimination that is not covered by Article 14 ECHR may also be an issue as regards compulsory registration and identity cards for certain groups in the population. Protocol 12 ECHR, which could address indirect discrimination, entered into effect on 1 April 2005 but is not ratified by most Schengen and EU countries and therefore does not apply to these countries.44 Other laws, the International Covenant on Civil and Political Rights (ICCPR) Article 26, UN Covenant on Economic Social and Cultural Rights (ICESCR) and the EU Racial Equality Directive45 that prohibit indirect discrimination could, however, come into play. Indirect discrimination is permissible but only if it is “an appropriate means of achieving a legitimate aim”.46 39 (1996) 21 EHRR 83, § 52. 40 Application No 52792/99 Judgement 25 September 2003. 41 See Leander v Sweden (1987) 9 EHRR 433, § 48; MS v Sweden (1999) 28 EHRR; Z v Finland (1997) 25 EHRR 371. 42 Pine Valley Developments Ltd v Ireland (1992) 14 EHRR 319. 43 Belgian linguistics case (No2) (1968) 1 EHRR 252. 44 See 12.4.3.1. below. 45 Council Directive 2000/43/ of June 2000 implementing the principle of equal treatment between persons irrespective of racial or ethnic origin, OJ 2000 L 180/22. 46 Enterprise Privacy Group, the Identity Project: an assessment of the UK Identity Cards Bill & its implications, Interim Report, LSE the Department of Information Systems p. 43.

Border Control and Identification Techniques

10.3.1.2 Photographs Photographs are used for identification in many circumstances. Photographs play a significant role in identification as they are mostly imposed in the identification documents. They are also used in criminal investigations in combination with fingerprints. In Norway and many other countries, the law requires the taking of the photograph of a suspected or convicted person in criminal cases.47 Photographs are also used in the control of foreign nationals. The Norwegian Immigration Act requires the taking of photographs and fingerprints of some categories of foreign nationals for identification purposes.48 In 2002 the Norwegian police photograph register (person-fotoregisteret – POF) at the National Criminal Investigations Service (CSIS) – (Kripos) was converted to a digital electronic register searchable through internal network.49 The Schengen Convention does not have provisions requiring the taking of photographs for identification purposes. Article 45, however, provides for identification of persons staying in public lodges and hotels and may involve the use of photographs as a form of identification as normally most identification documents (passports, identity cards, driving licences, etc.) are usually accompanied with photographs. It reads, The Contracting Parties undertake to adopt the necessary measures in order to ensure that: (a) the managers of establishments providing accommodation or their agents see to it that aliens accommodated therein, including nationals of the other Contracting Parties and those of other Member States of the European Communities, with the exception of accompanying spouses or accompanying minors or members of travel groups, personally complete and sign registration forms and confirm their identity by producing a valid identity document, (b) (…).

In any case, the lack of a clear provision on identification in the Schengen Convention implies that the national laws of Member States would apply. Under SIS II, the situation may change with a provision for photographs being inserted in the Schengen Convention as photographs will be exchanged through SIS. Unlike fingerprints, photographs are not the best form of identification because they can easily be interfered with or altered. They also suffer from other disadvantages. The physical features of a person in the photographs alter with age. With today’s computer technology, however, photographs can be manipulated to reflect the changes in age and other features. The usefulness of photographs for identification cannot be overrated, especially in detecting and identifying criminals. Crime investigators use photographs to jog the minds of eyewitnesses who may not clearly remember the looks of the culprit. They also use photographs to get witnesses and place a suspect at the scene of crime. In what came to be known as Baneheia double murder, where two young girls were raped and murdered while on there way back from a swimming trip in Kristiansand, a city in the 47 See note 13 above. 48 Article 37, Immigration Act 1988. 49 Kripos årsberetning 2002 (Annual Report) p. 1.

325

326

Chapter 10

south of Norway, the police asked all possible witnesses in the case, who were in the area at the time of the murder, to volunteer to be photographed.50 The objective was for the photographs to help the witnesses in identifying the person or persons they may have observed around the scene. Of course, such identification could be followed by investigation and questioning of the person concerned in order to eliminate them as suspects. This procedure resembles mass DNA screening discussed below where persons who live in and around the scene of the crime are invited to volunteer for DNA tests in order to eliminate them as possible suspects. Photographs are also important in identifying persons seeking public or private services. Photographs, however, can pose a risk to privacy and other individual rights. There is always the risk of photographs being used for the purposes that they were not intended in the first place. In Norway, a case was reported in one of the daily newspapers Verdens Gang (VG) where a research fellow with the university was arrested by police and detained in isolation custody for 20 hours. The arrest occurred after a narcotic addict, using a picture supplied by the police, identified the researcher as the person who had sold heroin to the addict. According to the court, “the police used the picture because the person was a foreigner, whose picture was taken because he was a foreign national or he had come to the country as an asylum seeker, and whose picture was taken according to the law.” Misuse of photographs by applying them for purposes not originally intended may jeopardise individual rights as this case illustrates. Photographs properly used cannot be said to be a risk to privacy as most use would be supported by legal provisions. As the case above demonstrates, photographs could be misused by applying them to other purposes other than the original. It is also tempting to use photographs for proactive purposes. Taking of photographs without a person’s knowledge or consent is interference with the respect for private life. The court in the case of Murray v. United Kingdom held that photographing detainees in police custody without their knowledge and consent was interference with their right to privacy under Article 8, but can be justified in certain cases. But it seems that taking of photographs of a person in the process of criminal investigation could amount to interference with the respect to private life also. In McVeigh, O’Neill and Evans v. United Kingdom where the applicants were detained for interrogation and they were searched and questioned as well as their fingerprints and photographs taken, the Commission agreed that the applicants’ privacy had been interfered with. In this case, justification for interference was required. The manner in which the photographs are obtained seems to be significant in the finding of interference. If the photographs are obtained through secret means without the knowledge of the person, then it amounts to interference. If the photographs are taken in a public place and do not specifically identify the individual concerned then it does not amount to interference (Friedl v. Austria). But where an individual is identified or if the photographs are taken in a public place but the person was engaged in private activity, then it amounts to interference. In the case of Von Hannover v. Germany §53, the Court held that publication by various magazines of photos of the applicant in her daily life either on her own or with other people falls with the scope of her private life. 50 Aftenposten 6 July 2000, afternoon edition, p. 3.

Border Control and Identification Techniques

On the other hand, the use of photographs previously obtained lawfully or with consent in the process of criminal investigation does not amount to interference with the respect to private life. In the case of Friedl v. Austria, the Commission noted that use of individual photographs in the course of criminal investigation would not be interference where the photographs concerned had either been previously provided voluntarily in connection with applications for official documents, or had been obtained on the occasion of previous arrest, and were not made available to the general public nor used for any purpose other than the criminal proceedings in question. The manner of storage of photographs is also significant to the finding of interference. If the photographs are kept in a general administrative file recording the events in question, then it may be difficult to infer interference. But if they are entered into a data processing system, then interference could be inferred (Friedl v. Austria §66). The decisive factor here is whether the photos are kept in a manner that allows identification. Under the Schengen and border control, if photographs used for identification purposes are found in existing documents such as travel or other identification documents and are not linked to a data system, this may not amount to interference under Article 8(1). But if the photographs are linked or entered into a data processing system that could amount to interference with the protection accorded by Article 8(1) and must require justification under Article 8(2). It follows therefore the anticipated storage of photographs in SIS II and VIS will amount to interference with protection of Article 8(1) and must be justified under Article 8(2). Use of photographs in systems like SIS II and VIS will be ease to justify under the legitimate aims in Article 8(2) as their use would fall within the scope of most of the legitimate aims. They may, however, raise issues of proportionality under the “necessary in a democratic society” test for example as regards to presence of adequate safeguards and availability of alternative less restrictive measures. 10.3.2

Biometrics

10.3.2.1 General Biometric based technologies have recently received a great deal of interest as a possible ‘solution’ to crime, terrorism and as a “foolproof ” method of identification. Whether these claims are met is a matter of proof. It is, however, becoming apparent that airports and border-crossing points will become the intense focus of biometrics trials, deployments and study in the near future.51 Use of biometrics for identification and authentication is not new as fingerprints have been used for decades for these purposes. But their usefulness has been limited by technology which is cumbersome and time-consuming. With advancement of technology in the area of identification and authentication and especially with improvements in ICT, biometrics has assumed a central focal point. In order to overcome the weakness 51

OECD – Directorate for science, technology and industry committee for information, computer and communication policy: Working Party on Information Security and Privacy Biometric based technologies, 30 June 2004 – DISTI/ICCP/REG(2003)2/FINAL.

327

328

Chapter 10

of traditional forms of identification and authentication, especially the tokens, interest in biometrics has been increasing. After 11 September, border control has focused on improving security by adopting biometrics in documents and other forms of control.52 Biometrics has often been presented as a good means to improve public safety. Biometrics has acquired much interest because the technology is available and it is better applicable to identification and authentication than the traditional tokens. Biometrics does not replace tokens or codes but rather it enhances their effectiveness. While tokens could be lost, stolen and falsified, biometrics are unique to the person and are difficult to lose, steal or falsify.53 In border control, the increase emphasis on security has led to a growing and urgent need to identify humans both locally and remotely on a routine basis. Biometrics is defined as “automated methods of identifying or authenticating the identity of a living person based on physiological or behavioural characteristics.”54 Automation is the aspect that has made biometrics attractive for large scale identification and authentication systems, for example, in border control where many persons have to be controlled in a short time. Identification and authentication are also important aspects of the definition because the products associated with each category are vastly different.55 Identification occurs when an individual’s characteristics are being selected from a group of stored images. Identification is a “one-to-many” i.e. 1:n search process. The question to be answered is “who are you?” For identification purposes, the images must be stored in a database which is searched. As noted below, biometrics for identification is likely to raise data protection and privacy problems.56 On the other hand, authentication occurs when an individual makes a claim of identity by presenting a code or token. Authentication is a “one-to-one” i.e. 1:1 search process. The question to be answered is “are you who you claim to be?” In authentication, the individual’s characteristics are measured against an enrolled image that is stored on a token or in a local database with the image presented. Use of biometrics for authentication purpose does not pose serious data protection and privacy issues as the search is “one-to-one”, especially if the image is not stored in a database where it could be shared and used for other purposes.

52 Both the EU and the USA have enacted laws for inclusion of biometric data in travel documents: visas and passports. Discussions are also ongoing concerning the incorporation of biometrics on ID cards and travel documents. The ILO Convention no. 108 was modified in 2003 in order to introduce compulsory biometrics for seafarers. There are also discussions in other international fora such as the G8, OECD, etc. 53 Biometrics can be compromised, even lost, stolen or faked, but it is a rather cumbersome process. As such they are a more secure identification and authentication platform than the traditional systems. 54 Bowman, E. Everything you need to know about biometrics, Identix Corporation January 2000: http://www.ibia.org/EverythingAboutBiometrics.PDF Accessed on 19 October 2004. 55 Ibid.; See also GAO: Technology Assessment – Using Biometrics for Border Security, GAO03-174 p. 39. 56 See 10.4 below.

Border Control and Identification Techniques

The term ‘living person’ in the definition is also important. In order to avoid cheating the system, the image that is compared with the stored image or template must be from a living person. Although biometric data are unique, they can be compromised or imitated. For example fingerprints from a dead hand, latex finger, digital audio tape, plaster hand, prosthetic eye, etc, could be presented for purposes of identification or authentication. This could fool the system, and in order to avoid that, an image from a living person is required. This also means that the person has to give the image in person and the system must be able to verify that the image is from a living person. The difference between physiological and behavioural characteristics is also significant. A physiological characteristic is relatively stable as it does not alter without considerable duress, for example mutilating fingers, hands, etc, to alter fingerprints or hand geometry. Some of physiological characteristics include fingerprint, hand geometry, iris pattern, retina pattern, facial pattern, etc. A behavioural characteristic refers to person’s psychological makeup even though general physical traits such as size and sex have a major influence. Main behavioural characteristics for biometric purposes are signature, keyboard strokes, speech and gait. The main disadvantage of behavioural characteristics over physiological is that the former change with time while the latter remain stable. For border control where stability is important, systems based on physiological characteristics are preferred. In border control, some biometric technologies have become leaders and are either in use or have been proposed for incorporation. The different technologies in use reflect the fact that some technologies are better suited to specific applications than others and some are more acceptable to users. The common technologies are fingerprint recognition, facial recognition, iris scan, retinal scan, speaker/voice recognition, hand/finger geometry, signature recognition and keystroke dynamics. For border control purposes, however, the following technologies are important and will be examined here: fingerprint recognition, facial recognition, iris scan, DNA analysis and language recognition. 10.3.2.2 Fingerprints For decades, fingerprints have been the best known form of identification. Unlike other forms of identification that may change with time, fingerprints do not change over the course of an individual’s lifetime, and no two fingerprints are exactly the same. The first application of fingerprints was in crime detection and control. In the last decade it was extended to the control of foreigner nationals in Western countries. In the period immediately before and after 11 September, its application has been extended to border control generally. The Schengen Convention does not provide for taking of fingerprints. The Schengen Convention in Article 41 (2) (b) alludes to identification of a person arrested on hot pursuit. The police on hot pursuit may apprehend the person, but his arrest and identification is carried out by the local police. The rationale being that the law to apply is the national law as only local police would be conversant with it. The Schengen Convention does not therefore stipulate how the identification is to be performed. In that case, the legal basis of identification, which would include taking of fingerprints, is the national

329

330

Chapter 10

laws of the Member States. SIS II, however, will include fingerprints as some of personal data to be stored in the system.57 Most Schengen and EU countries have laws that legalise taking of fingerprints for identification purposes. All five Schengen countries (Germany, France, Luxembourg, the Netherlands and Belgium) investigated by Joubert & Bevers allow the taking of fingerprints and photographs for identification purposes in criminal matters.58 In the Nordic countries, fingerprints are systematically taken and registered in the Automatic Fingerprint Identification System for identification purposes in criminal and asylum matters.59 In criminal matters, fingerprints may be taken to establish a suspect’s identity or after conviction by a court of law. In Norway, fingerprints and photographs may be taken of a person who is suspected or convicted of criminal offence, which according to law may be punished by imprisonment. In addition, fingerprints and photographs can be taken of a person who has been expelled or extradited to a foreign country.60 Although the Schengen Convention does not provide for taking of fingerprints, the national laws of Member States it relies on provide for taking of fingerprints. More recently, fingerprint taking has been extended to some categories of foreigners. Fingerprints of asylum seekers are taken as a routine in all Schengen and EU countries. The aim is to control the foreigners through identification by fingerprints. In Norway, the Fingerprints Register (Fingeravtrykksregisteret) is a register for the control of foreign nationals and it is mainly a fingerprint register. Fingerprints registration of asylum seekers and other persons who came into the country without proper identity was authorised for the first time in 1991.61 The scope of registration was later extended to include all asylum seekers (with identification documents) and foreigners who have been rejected and expelled from the country.62 Some European countries have bilateral agreements for exchange of asylum seekers’ fingerprints. Such an agreement exists between Norway and Germany.63 At the EU level the Eurodac Regulation allows the taking and registration of asylum seekers and illegal immigrants and registering them in a computerized database known as Eurodac.64 The objective of the registration is to assist in the implementation of the Dublin Convention provisions, in particular Article 15 on determining the Member State responsible for examining an asylum application. In addition, in 2003 the EU decided to introduce biometrics in travel documents both visas and passports. In accordance with the European Council of Thessaloniki, a coherent approach was to be taken as regards the introduction of biometric identifiers into the visa, the residence 57 58 59 60 61 62 63 64

See Postscript. Joubert, C. & Bevers, H. (1996), pp. 308-324. See Karanja, S. K. (2001a), pp. 108-109. Section 160 of Criminal Procedure Act 22 May No. 25 1981 and Chapter 11 of the prosecution guidelines. See Karanja, S. K. (2001a), pp. 108-109. St. melding nr. 23 Årsmelding for Datatilsynet 1992 p. 20. Karanja, S. K. (2001a), p. 104. See 9.3 above.

Border Control and Identification Techniques

permit and the passport. As a first step, the European Commission produced two draft Regulations (25 September 2003) to introduce two sets of biometric data, namely fingerprints and facial images on visas and resident permits for third country nationals by 2005. The biometric data and personal details on visas are to be stored and be accessible through the Visa Information System (VIS) held on the Schengen Information System (SIS II) platform. On the second step, on 18 February 2004, the European Commission issued a proposal for Council Regulation on standards for security features and biometrics in EU citizen’s passports. The objective of the proposal is rendering the passport more secure by a legally binding instrument on minimum standards for harmonised security features, and at the same time to establish a reliable link between the genuine holder and the document by introducing biometric identifiers.65 In addition, this would allow EU Member States to meet the requirements of the US Visa waiver programme in conformity with international standards.66 The proposal also recommends that the same biometric identifiers in visa and resident permits, facial image and fingerprints, could be used for the European passport in order to ensure coherence. In the first step, the facial image will be mandatory with fingerprints being optional for Member States who want to do so, if they want to search in their national databases, which would currently be the only possibility for identification. But in the second step, which will see the creation of the European Register for issued passports, the fingerprints have to be taken and registered in order to enable background searches (one-to-many). As such, facial images and fingerprints will become obligatory biometric identifiers, for border control purposes in the EU as they are in the US. In the US, a similar system known as INS Automated Biometric Fingerprint Identification System (IDENT) was developed in 1990 to identify illegal aliens who are repeatedly apprehended trying to enter the United States illegally.67 Furthermore, laws passed since 11 September require a more extensive use of biometrics for border control, for example the Patriot Act §403(c) and §414 and the Enhanced Border Security and Visa Entry Reform Act of 2002 §202(a) (4) and §303. The Department of Homeland Security is developing the United States Visitors and Immigrant Status Indicator Technology (US-VISIT) to implement these laws. The US-VISIT system currently uses IDENT technology to collect a photograph and two index fingerprints from travels holding non-immigrant visas. Later, the US-VISIT procedures are to be expanded to include visitors travelling to the US under the visa waiver program. 65 COM (2004) 116 final – Proposal for a Council Regulation on standards for security features and biometrics in EU citizens’ passports. 66 The United States set 26 October 2004 as the final date for a visa waiver country “as a condition for designation or continuation of that designation that it has a programme to issue to its nationals machine-readable passports that are tamper-resistant and incorporate biometric identifiers that comply with applicable biometric identifiers standards established by the International Civil Aviation Organisation.” 67 United States General Accounting Office (GAO): Aviation Security: Challenges in Using Biometric Technologies (Statement of Keith A. Rhodes, Chief Technologist Applied Research and Methods) GAO-04785T.

331

332

Chapter 10

Globally, the International Civil Aviation Organisation (ICAO) has endorsed facial image as the primary interoperable biometric identifier and fingerprint and/or iris images as an optional biometric identifier for countries which require this for database searches.68 This opens the way for other countries to adopt these identifiers for border control purposes with fingerprints being the preferred secondary identifier as following the two leaders in this area, the EU and the US. Fingerprints are extensively used in control and identification of criminals and recently as a tool in control of asylum seekers and illegal immigrants. Fingerprinting has been applied as a compulsory measure with legal authorisation. As such the practice may not raise serious privacy or data protection issues as there is always a legal justification and therefore the legality criterion is fulfilled. Issues of whether the measure is justified in a democratic society may be raised but perhaps with little success as the proportionality principle would be easily satisfied. The issue that could be contentious is the use of fingerprints for different purposes other than the original and use of the fingerprints for proactive purposes, especially in databases such as Eurodac. Abuse of fingerprints may arise also especially where the purpose principle may be infringed. For example, fingerprints acquired for purposes of deterring asylum seekers who cheat and illegal immigrants may be used for criminal detection purposes. Another drawback may be user acceptance. Although common and accepted in some parts of the world, fingerprint recognition maintains an element of negativity due to its association with fingerprinting and criminal justice systems. User acceptance is rated as “Medium Low”.69 Taking of fingerprints certainly raises issues of interference with respect for private life, but most likely it would be held to be justified under Article 8(2) ECHR. According to case of McVeigh, O’Neill and Evans v. United Kingdom, the applicants were detained on arrival at Liverpool from Ireland under Prevention of Terrorism Act in force then. While in detention, they were searched, questioned and their fingerprints and photographs were taken. The Commission accepted that their privacy had been interfered with but held that it could be justified under Article 8(2) as being necessary for prevention of crime. Similarly, taking fingerprints in cases of border control and for determination of asylum procedures would certainly be interference with respect for private life of the persons concerned but could easily be justified under the exception in Article 8(2). Taking of fingerprints is well regulated by law and therefore issues of legality may not arise. Issues of proportionality, however, may crop up, especially where fingerprints are taken for general purposes without any crime being committed. Introduction of fingerprints in visas, passports and identity cards would require justification because the persons are not suspected of or directly connected with a criminal act. Similarly, registration of asylum seekers and illegal immigrants may raise proportionality questions, especially when the age of those to be registered is lowered to include minors of 14 years old and also for asylum seekers because there is no crime committed. Issues of proportionality may also arise because the legitimate aims criterion may not be fulfilled. For example, the Eurodac is meant to prevent multiple asylum applications. The reason68 COM (2004) 116 final. 69 OECD - DISTI/ICCP/REG(2003)2/FINAL p. 22 .

Border Control and Identification Techniques

ing was that numbers of multiple applications were high, but the statistics compiled in the first Eurodac report indicates only 7% of the cases involved multiple applications.70 The numbers are low and may raise questions of legitimate aim. Similarly, issues of direct and indirect discrimination, as discussed above for identity cards, could arise in case of fingerprints and justification would be required. 10.3.2.3 Facial Recognition As observed above, facial recognition has been adopted as the primary biometric identifier for border control in the EU and the US, and the ICAO has recommended it for identification purposes. At present, facial recognition is not widely in use but with these developments, it may quickly diffuse in society. Unlike fingerprint technology, facial recognition technology is relatively new. Its development began in the late 1980s and became commercially available in the 1990s. Although its popularity has increased after 11 September, it had been in use selectively in some instances; for example, in the US it was used several months earlier at the Super Bowl 2001 in Tampa. Pictures were taken of every attendee as they entered the stadium through the turnstiles and compared against a database of some undisclosed kind. The technology has also been deployed on busy public sidewalks both in Tampa and some cities in Great Britain. Facial recognition technology identifies people by analysing features of the face that are not easily altered for example the upper outlines of the eye sockets, the areas around the cheekbones, and the sides of the mouth. The technology can be used to compare live and static images to a stored template for purposes of identification and authentication. It is the technology that is best suited for both identification and authentication systems. In addition, because facial images can be captured from video cameras, facial recognition is the only biometric that can be easily used for general surveillance purposes. Currently there is no special law whose focus is regulation of face recognition, as in the case of fingerprints. General laws on privacy and data protection, however, apply to face recognition. For border control users, the technology has a number of advantages. It uses faces, which could be argued to be public. It is also non-intrusive and contact free process. A picture of the face can be taken from a distance; the person does not have to come into contact with the technical instrument (camera). It can also be used with legal databases, an attractive option for law enforcement as there exists a number of databases with facial images that could be compared with images caught in facial recognition cameras. Facial technology is also easy to integrate with existing surveillance systems. Ironically, it is these advantages that make facial recognition technology a threat from a privacy and data protection perspective. The fact that the technology is nonintrusive could lead to abuse as it can be used for covert surveillance. The Super Bowl 2001 incident mentioned above was a covert application of the technology. At the same time, privacy and data protection laws look unfavourably on any covert and clandestine application of technology and this would be no exception. As it integrates with other technologies especially video cameras, facial recognition technology could be used for 70 See 9.3.4.2 above.

333

334

Chapter 10

general surveillance. For example, in United Kingdom, closed circuit television (CCTV) technology is being married to facial recognition technology to automate the recognition of criminals on city streets.71 Although facial technology is improving drastically, it still does not work reliably. It returns high rates of false positives and false negatives. This could raise issues of data protection especially quality of data, that is, accuracy, correctness and completeness of the information. Furthermore, like all technologies, facial technology once in place, will be susceptible to function creep, where it could be used for different purposes than originally meant. Despite the fact that the issue of facial recognition may not yet have been addressed by the ECtHR, gathering and storage of iris information in a database, the use of the information as an identity check and disclosure of to other bodies, will each engage the right to respect for private life protected by Article 8 ECHR. The ECtHR has held that files gathered by security services on a particular individual fall within the scope of Article 8, even where information has not been gathered by intrusive or covert methods (P.G. and J.H. v. United Kingdom). Similarly, in cases of fingerprints and photographs, the Court has held that taking of fingerprints and photographs during interrogation of a person can be regarded as interference with the person’s right to respect for his private life (McVeigh O’Neill and Evans v. United Kingdom Comm. Report 18.3.81, R. R. 25 p. 15 § 224). In Leander v. Sweden, it was held that both the storing and the releasing of private information (…) amounted to an interference with Mr. Leander’s right to respect for private life guaranteed by Article 8 § 1. In Amann v. Switzerland, the Court reiterated that storing by a public authority of data relating to the private life of an individual amounts to interference within the meaning of Article 8. The decisions in these cases point out that any processing of personal information that is gathering, storage and subsequent use and disclosure of such information would amount to interference with private life under Article 8 § 1 unless such activities could be justified under the second paragraph of this provision. What is significant here is that the information processed is personal information, which facial recognition is, and not the method of gathering whether intrusive or non-intrusive and whether the information is public or private, sensitive or non-sensitive. The use of facial recognition information could also raise private life problems, especially if it were used for discreet surveillance purposes. The use of digital photographs in travel documents, passports, visas, and permits as proposed in EU legislation72 is the first step toward the use of facial recognition for border control which would engage Article 8 ECHR and therefore will require justification under Article 8(2). Facial recognition legislation is non-existent. Facial recognition as 71 Lack, 1999: Townsend and Harris, 2003 referred to in OECD - DISTI/ICCP/REG(2003)2/ FINAL p. 13; Also studies on use of CCTV surveillance systems confirm abuse by camera operators who focus disproportionately on people of colour and the mostly male operators who frequently focus voyeuristically on women. 72 Proposal for a Council Regulation amending Regulation (EC) 1683/95 laying down a uniform format for visas and Proposal for Council Regulation (EC) 1030/2002 laying down a uniform format for residence permits for third-country nationals, COM(2003) 558 final, 24 September 2003; Proposal for a Council Regulation on standards for security features and biometrics in EU citizens’ passport, COM(2004) 116 final, 18 February 2004.

Border Control and Identification Techniques

such is regulated by general privacy and data protection laws. Although these laws do offer legal basis and legality to facial recognition as a measure, legality questions could arise as facial recognition is not regulated by a special law. In case of legitimate aims, facial recognition is aimed at securing identification documents in order to facilitate a reliable identification for purposes of combating and preventing crime, illegal immigration and fraudulent use by establishing more reliable link between the holder and the documents. These aims are easily justifiable under the legitimate aims in Article 8(2), especially prevention of crime. Facial recognition, however, will raise issues of proportionality particularly questions of adequate safeguards would arise because there is no special law addressing facial recognition privacy and data protection challenges. For example, supervision may not be adequate as data protection supervisory authorities lack adequate resources and supervision of the processing of biometric will increase their workload. As the Commission noted, it would be necessary to provide additional resources for the authorities to be able to meet these challenges.73 10.3.2.4 Iris Recognition Iris recognition has been mentioned as a possible secondary biometric identifier by ICAO. The EU and the US, however, seem to have settled on fingerprints as the secondary biometric identifier with facial recognition as the primary biometric identifier. But this does not mean that iris recognition is of no significance in security and border control. Iris recognition is being used in airport security around the world.74 Airport operations encompass many requirements for secure identification of persons, including arriving passengers, departing passengers, airline crews, and airport staff with special access privileges.75 Iris recognition is deployed to secure these transactions. Iris recognition is being deployed in Amsterdam Schiphol Airport to expedite immigration clearance for arriving passengers (Iris as Passport). In Tokyo Narita Airport, it is used to expedite processing and check-in of departing passengers. In Charlotte Douglas airport it is applied for airline crew facility access and to expedite security clearance. In New York and Schiphol airports for airline employees’ access to tarmac and other restricted areas. In five airports in United Arab Emirates for watch-list screening of all arriving passengers.76 Other deployments are “Iris as Passport” at Heathrow airport and other airports in and around UK, eight Canadian airports under the code name CANPAAAir, Amsterdam airport under the brand name PRIVIUM.77

73 COM(2003)558 final, 24 February 2003 p. 6. 74 Dunker, Mary, Don’t Blink: Iris Recognition for Biometric Identification, SANS Institute 2004. http://www.sans.org/rr/papers/download.php?id=1341&c=8fb860228f54d54ccbadf01e b5907438 Accessed on 20 May 2005. 75 Daugman, J. Iris recognition: Enhancing airport security, efficiency and convenience, International Airport Review. http://www.russellpublishing.com/airport/iar30315.pdf accessed on 22 October 2004. 76 Ibid. 77 Ibid.

335

336

Chapter 10

There are no specific laws regulating iris recognition. General data protection and human rights laws, however, are capable of regulating it. This notwithstanding, there could be a need for special law to regulate biometrics in general as some of the technologies applicable could raise serious issues of privacy and data protection. Iris is preferred for airports and other access facilities because it is safe, effective and highly accurate. Apart from retina recognition, iris recognition ranks as the second best biometric identifier. It has a higher rate of accuracy or lower error rate than fingerprints recognition and facial recognition. Despite its delicate nature, the iris is one of the most carefully protected organs in the body. As such it is not subject to deleterious effects as aging, its features remain stable and fixed from one year of age until death.78 Furthermore, no two irises are alike, even if they are from identical twins or the left and the right eye of the same person. Its physiological characteristics combined with the fact that those characteristics are exhibited with so much variation over the population, make the iris a prime candidate for use in identity.79 Another advantage with iris recognition is user acceptance. Since it does not require physical contact for collection of the data, users are comfortable with it. Imaging is done by a person being required to look at a special video camera positioned in front of the person and a close-up image of the iris is taken.80 The process is very fast and takes only a few seconds to complete. But the process can cause discomfort for some people when the camera is trained at a close range to the face. Lighting could also affect camera performance. Most of the observations on compliance with Article 8 ECHR made above concerning facial recognition apply also for iris recognition. Iris recognition like other biometrics is a good privacy-enhancing technology due to its low rate of error.81 Like all other biometrics, however, it could be used for surveillance as it offers very good identification results. In addition, its ‘contact-less’ nature is ideal for general and covert surveillance. “Iris scanning can already be performed at a substantial distance (a range of 18 to 24 inches) from the subject. As the technology improves, it is quite likely that iris acquisition may take place from even greater distances and without any user involvement whatsoever.”82

78 Williams, Gerald O., Iris Recognition Technology – Iridian Technologies, Inc. http://www. hrsltd.com/pdf/iridian/iris_recognition_williams.pdf. 79 Dunker, Mary supra. 80 The process uses simple and non-threatening video technology to take images of the iris, digitised the features, and create a 512-byte code, which is then compared against an entire database in less than two seconds. See Williams, Gerald O. supra. 81 Consultative Committee of the convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (T-PD): Progress Report on the application of the principles of Convention 108 to the collection and processing of biometric data, February 2005, T-PS (2005) BIOM E. 82 OECD - DISTI/ICCP/REG(2003)2/FINAL p. 13.

Border Control and Identification Techniques

10.3.2.5 DNA Analysis Deoxyribonucleic acid (DNA) analysis and language tests (10.3.2.6 below) are not basically biometric technologies as they do not rely on image, photograph or scan for matching identities. “For example, DNA matching is not a biometric the same way that traditional forensic fingerprint examination is not a biometric. There is, however, a case for discussing the two together with other biometric-based technologies inasmuch they make use of a physiological or behavioural characteristic to verify or determine identity.” 83 In addition, the policy ramifications, while much more serious for DNA-based technologies, share some common attributes with other biometrics. DNA is a new and exciting form of identification. Until the 1990s, fingerprints were the best and sure way to establish the identity of an individual. Currently, DNA is becoming the method of choice when it comes to linking individuals with crime scenes and criminal assaults. The success with DNA in criminal investigation is making the extension of DNA analysis in other areas of investigation attractive. DNA identification gains credence from the theory that every person (except an identical twin) has certain elements of his or her DNA that are unique. At the same time, this is its limitation as compared with fingerprints that are unique even for identical twins. Nonetheless DNA has more advantages over fingerprints. DNA lasts longer while fingerprints are lost through decay when a person dies, but bones, teeth and hair last a long time and DNA typing using these materials can be conducted long after death. The Schengen Convention does not have a provision on the use of DNA for identification. Article 41 (2) (b) of the Convention, however, provides for identification of a person apprehended in cross-border pursuit. The identification is to be carried out by the officers of the Contracting Party in the territory of which the pursuit is taking place. As such, it is the national law on identification of the Contracting Party concerned that applies. Use of DNA for identification would therefore apply where the national law so provides. Most European countries have established national DNA databases for the purposes of criminal investigations: Norway, the United Kingdom, the Netherlands, Austria, and Germany. Others that were in the process of establishing databases by 1998 are Belgium, Denmark, Finland, Spain, Sweden, and Switzerland.84 In all these countries, specific legislation was required for creation of the databases. In Norway, the Criminal Procedure Act was amended in 1995. Article 160a was added empowering establishment of a central DNA register. DNA information of persons convicted of serious crimes such as homicide, aggravated assault, robbery, rape and other sexual offences are to be entered into the register.85 The register also to contain DNA information of unknown persons collected at the scenes of crime. There were plans to extend the categories of 83 Ibid. p. 11. 84 Most of them have established DNA databases now. 85 A conflict has arisen between Kripos who are responsible for the operation of the Norwegian criminal DNA register and prison health officials, because the latter refused to assist Kripos in taking DNA test of the prisoners. The prison health officials argue that if they did so, the confidence between them and the prisoners will be eroded. Aftenposten Interactive updated 05.12.99 22:16 hours. http://www.no/nyhter/iriks/d113286.htm.

337

338

Chapter 10

offences to be registered to include minor crimes such as burglary.86 In 2005, a committee was appointed to evaluate whether there was a need to change the DNA register law. It proposed that a new DNA law be issued.87 The proposal recommended adoption of a separate DNA law. The committee also recommended the extension of categories of registration of DNA to be the same as those of fingerprints. By 14 January 2004 there were 7790 persons registered in the DNA register in Norway.88 DNA testing was extended to immigration control in Norway and other European countries in the end of 1990s. The Norwegian immigration authorities established a pilot project involving DNA testing of Somali persons applying for family reunion.89 The difficulty of obtaining reliable written documents on family relations in Somali is put forward as a justification for this move. DNA analysis in family reunion cases has been used in Denmark and Finland for several years. According to one study, in 60 percent of the Somali cases in Denmark, blood relationship could not be established. The tests on Somali nationals are labelled voluntary however, the consequences of not taking a test may be compelling. Suspicion, delay and eventual rejection of reunion application may be among the consequences. The Medical Association in Norway was opposed to application of DNA to the control people. It says, “it is unethical to use technology developed to improve people’s lives as a tool of control.90 There is no binding legislation at the European level on the use of DNA analysis in criminal matters. The Council of Europe, however, issued a Recommendation in 199291 and the Council of the European Union issued a Resolution in 199892 to that effect.93 The Council Recommendation has been used by Member States as a basis for their national legislation. The Council resolution called for the establishment of national DNA databases, standardisation of DNA technology, legal safeguards and exchange of DNA results at the EU level. It also recommended the establishment of a European DNA database as a second step once the conditions for exchange of the DNA analysis results are realised and suggested a role for Europol to be considered. DNA databases are established in other jurisdictions outside Europe such as Canada, USA (State databases are linked to the Federal database), and Australia.

86 87 88 89 90 91 92 93

Dagsavisen, 16 April 1998. NOU 2005: 19 Lov om DNA-register til bruk i strafferettspleien. Nye Kripos: Årsrapport 2004 p. 34. See Utlendingsdirektoratet årsrapport 2000 om gjennomføringen av innvandrings- og integreringspolitikken p. 31. NRK Dagsnytt 7 November 98. Council of Europe Recommendation No. R (92) 1 of The Committee of Ministers to Member States on the Use of Analysis of Deoxyribonucleic Acid (DNA) within the Framework of the Criminal Justice System. Council Resolution of 9 June 1997 on the exchange of DNA analysis results (97/C 193/02) OJ C 193, 1997. The Sunday Telegraph reported that David Blunkett, UK Home Secretary in July 2004 planed to present a plan for an EU central DNA and Biometrics database. The Sunday Telegraph 4 July 2004

Border Control and Identification Techniques

The potential and benefits for the use of DNA profiling are many. It is a powerful tool that can be used to catch the guilty and to exonerate the innocent.94 It can also be a human rights nightmare. The amount of information DNA reveals is too much both in quantity and quality than fingerprints. The information includes many details that most people would prefer to keep private. A DNA sample contains an individual’s entire genetic blueprint. It contains data such as markers for up to 4,000 diseases. DNA technology may also pose other problems connected with discrimination and exclusion. DNA tests have been used in various countries to catch sex offenders. In 1987, in Leicestershire (Britain) on 5,511 men aged between 16 to 34 who lived near the scene of crime; in 1988, in Buckinghamshire on approximately 4,000 men; in 1989, in Münster (Northern Germany) on 92 men; in 1994 in Basel (Switzerland) on more than 300 African men, they were stopped on the street, or visited by police at their homes or work places. Black males with residence in Basel or its suburbs received letters with a date for the blood test. Non-residents were checked on the spot.95 Use of DNA tests in criminal investigation raises the problem of inversion of the burden of proof as the persons involved are pressurised to undergo the test to prove their innocence. Usually the delivery of blood or saliva or other samples are labelled voluntary but the consequence of refusal is suspicion. Those who refuse to undertake the test are stigmatised and may only escape by taking the test. Since DNA testing is especially intrusive because it requires not just moral submission to authority but also physical submission in the form of body tissue or fluid,96 it is necessary to balance privacy interests and crime prevention and combat interests. Collection of DNA samples whether intrusive or not clearly would engage Article 8, and such collection would amount to interference with the right to respect for private life. Most of the samples, however, would obviously be for purposes of prevention and detection of crime and therefore would clearly find justification under Article 8(2). Nevertheless the national law for such collection must be complied with and the sample must be used for crime prevention or detection purposes. As noted, above most Member States have legislation regulating DNA collection and registration in place, so issues of legality may not be pressing. The measure must however comply with the principle of proportionality in order to ensure compatibility with the Convention. In family reunion and some criminal investigation instances, collection of DNA samples is said to be voluntary as persons are asked to volunteer to the taking of samples. This, however, raises the question of consent. The fact that a person has volunteered to provide 94 In the USA, DNA is being used successfully to exonerate inmates who were wrongly convicted. See U.S. Department of Justice Research Report: Convicted by Juries, Exonerated by Science: Case Study in the Use of DNA Evidence to Establish Innocence After Trial. 1996 http://www.ncjrs.org “Every year since 1989, in about 25 percent of the sexual assault cases referred to the FBI where results could be obtained (primarily by State and local law enforcement), the primary suspect has been excluded by forensic DNA testing.” 95 Busch, N. Fortress Europe – Circular Letter, Discriminatory DNA-Analyses in Basel. July/ August 1994 http://www.fecl.org/circular/2601.htm accessed on 21 June 2000. 96 Clarke, R. (December 1994). http://www.anu.edu.au/people/Roger.clarke/DV/HumanID. html Accessed 8 June 2000.

339

340

Chapter 10

a sample may not mean that the person has also consented to the taking of the sample. In the case of Lustig-Prean and Beckett v. United Kingdom, the Court addressed the issue of voluntary consent. Beckett was asked to consent to search of his locker and participate in interviews about his homosexuality. The court considered, however, that the applicants did not have any real choice but to co-operate because the authorities would have proceeded to verify the suspected homosexuality of the applicants by other means, which were likely to be less discreet. This was made clear a number of times to Lustig-Prean during his interviews, who confirmed that he wished to keep the matter as discreet as possible. Similarly, in reunion and criminal investigation cases where a person is faced with the unpleasant alternatives of either a negative decision in reunion matters or living with the stigma of being a suspect, consent cannot be said to be voluntary. In these cases there is adequate psychological inducement to render such consent voluntary. Discrimination as discussed in the case of identity cards can also be an issue in the use of DNA for criminal investigation and in family reunion cases and require reasonable justification. For example, in the case of application of DNA testing to Somalia nationals, the problem of documentation of identity specific to this group could be a reasonable justification. Similarly, where investigations conclusively point to the nationality or colour of the culprit selective collection of DNA touching the group concerned could be reasonable justification. Without such reasonable justification, targeting people because of purely their ethnic, nationality or colour would amount to discrimination both directly and indirectly. 10.3.2.6 Language Tests Language testing as a form of identity control may not be widespread. This is in the process of changing as asylum and immigration authorities in Sweden, Switzerland, the Netherlands, Germany and Norway engage in a new form of co-operation aimed at determining through language tests the country of origin of asylum seekers whose national origin is uncertain.97 The tests are used to determine nationality, especially in asylum seekers’ cases. The purpose of the test is to prove nationality with the aim of expulsion where an asylum seeker is found to have given false information. Sweden was the first country to experiment with language tests for determining the country of origin of aliens in 1993. The tests are carried out by the ‘language Section’ of the Swedish Immigration Authority under the name Eqvator which has been selling its services to foreign immigration authorities in Denmark, Norway, Finland, the Netherlands, Switzerland and Germany.98 The tests are based on at least 15 minutes of tape recorded “free speech” of the test person. Thus, the test person never meets the “analyst”. The test person is asked to speak freely of

97 Nicholas Busch, Controversial Language Tests for the Determining of Asylum Seekers’ country of Origin. Fortress Europe – CL No. 53 January/February 1998 pp. 11-12. 98 Ibid.

Border Control and Identification Techniques

things such as his upbringing, childhood memories, eating habits, street names in his home town, the type of government in his country, and “people he particularly likes or dislikes”.99

States may want to rely on a language test because other forms of identification discussed above fingerprints, photographs, DNA, ID cards (because they can be falsified) cannot prove nationality. But even a language test is not conclusive. According to some experts it is inconsistent, unscientific, and unreliable100 and without other collaborating evidence is very weak. In Norway, the most publicised case in language testing as a proof of nationality is the Gholam case. Gholam Hussain came to Norway as an asylum seeker in 1990 without travel documents. He presented himself as an Afghanistan national. He and others in the same situation were granted permission to stay in Norway because it was not possible for them to travel back. Later, the Norwegian authorities received information from Denmark that Gholam had travelled to Denmark to visit relatives on a visa as a Pakistan citizen. The visa application to Denmark was later recovered. In 1993, Gholam’s wife and four children came to Norway and presented themselves as Afghanistan nationals. They were also allowed to stay on family reunion. Information was also established that they had too travelled to Norway via Denmark on visas as Pakistan citizens. On the basis of this information the Norwegian Directorate of Immigration and Kripos in 1994 established the so-called Quetta project. Quetta project involved similar cases of persons who claimed were Afghanistan nationals but came from the Quetta region of Pakistan. The aim was to gather evidence that could establish the nationality of these people, approximately seventy of them. Among the investigative work that was carried out was interviewing the persons again, language tests and collection of other evidence materials such as visa applications in Denmark and Pakistan. According to the Ministry of Justice, the evidence so gathered demonstrated that there had been well organised and extensive human smuggling and illegal immigration from Quetta to Norway. Those involved were not refugees and did not require protection. They got permission to stay on false information of nationality, identity, travel route and asylum reasons. The Ministry further states that, “human smuggling is a serious crime and for prevention sake and protection of the institution of asylum, it requires that such cases be taken very serious by the Norwegian immigration authorities.”101 The interesting issue of these cases and others similar cases in the Laos-project,102 is the authorities’ use of language tests to decide on matters of nationality. Being subjected to a language test is similar to undergoing a lie detector test. It may not tell the whole truth. As the U.S. Supreme Court in United States v. Scheffer commented in upholding 99 Ibid. 100 Ibid. 101 Justis – og politidepartementet: Gholam – familien og Quetta-prosjekt – bakgrunnsnotat (The Justice and Police Ministry: Gholam family and the Quetta-project – background information) http://odin.dep.no/html/nofovalt/pr-meld/jd/1998/k2/980506v.html, accessed on 16 June 2000. 102 A project similar to Quetta project but involving Laos refugees who were said to be Thailand nationals undertaken by Norwegian Directorate of Immigration and Kripos.

341

342

Chapter 10

a military court evidence rule (Rule 707) that prohibits the use of lie detector results in military trials, “the lie detector tests create the possibility of vexing side issues about the reliability of the test”. Similarly, language tests for nationality are wanting in reliability and would tend to omit other patent issues in a case. For example, in the Gholam case, many people felt that justice was not being done by expelling him because he had lived in Norway for about seven years, the period of time required before a foreign national can apply for citizenship. His expulsion could in the circumstances be interpreted as an attempt to thwart his claim for citizenship by Norwegian immigration authorities. In addition, it is a common thing for refugees to travel on false papers. Further, for people who live in border areas, it would be very difficult to ascertain the nationality as the same group of people would be found on both sides of the border.103 As Berg has also argued, the expulsion could not be legally founded and would not be in line with humanitarian considerations. The case would also likely violate Article 8 ECHR on “right to respect for his (…) family life.104 Echoing the cautious words of H. Edgar, “we should be careful not to reduce complex human behaviour to biological simplicities.”105 Overreliance on technology to fix problems would lead to unpleasant situations as regards protection of individual rights. Language testing has not become an issue in the ECtHR, but it could raise issues under Article 8. Language testing is similar to interrogation and interrogation does raise issues under Article 8. In Friedl v. Austria, it was held that “compulsory public census, including questioning relating to personal details of inhabitants of a particular household (…) amount to interference with Article 8” (emphasis added). Similarly in McVeigh, O’Neil and Evans v United Kingdom, it was held that “examination of a person in the course of detention, including measures such as his search, questioning about his private life, (…) was interference with the person’s right to respect for his private life” (emphasis added). The issue of voluntary consent would also arise (Lustig-Prean and Beckett v United Kingdom). The issue of legality would be problematic as language testing is not based on any law. It is based on voluntary consent of the person concerned. It also may not pass the proportionality test because it has to be shown that there was no other less restrictive alternative. Language testing is similar to lie detector testing which is not widely accepted. In most cases, these methods do not establish the true nature of things as they do not reveal all human aspects. Again the language testing in these cases may have been pursued solely either to deny those concerned their right for asylum or to remove them from the country. Language testing may have consequences for data protection because the exercise generates personal information. But since the information is not registered in a database, the consequences may be minimal. But it could be of consequence if the person is expelled and his name entered in the SIS under Article 96 of the Schengen Convention. 103 See also Rania Maktabi, Når staten bestemmer hvem du er (When the state decides who you are) Kronniker Dagblad Internett utgave http://www.dagbladet.no/kronikker/970521-kro1.html, accessed 5 June 1997. 104 Berg, Jens Petter Juss og humanitære hensyn (Law and humanitarian consideration) Kronnik Dagbladet Friday 15 May 1998. p. 30. 105 Edgar, H. (2000). p. 1.

Border Control and Identification Techniques

10.3.3 Electronic Monitoring and Data Surveillance Electronic monitoring and surveillance is more suited to control rather than identification purposes. But when it is combined with identification, it becomes a very potent means of control. Biometric identification technologies such as fingerprint recognition and face recognition, iris scan, DNA etc., being advocated especially after 11 September, rely heavily on the use of searchable databases with the aim of anticipating, pre-empting and preventing acts of terrorism by isolating in advance potential perpetrators.106 The advancement of information technology in the last decades of the twentieth century has seen increase in the use of electronic administration systems. Today, registration of personal information is far greater than in the last ten years and this trend seems to advance. As Lyon writes, everyday is now subject to myriad forms of checking, recording, analysing, so much so that we often take for granted the fact that we leave trails and traces wherever we are and whatever we do. But those trails and traces, however justified, are not innocent. Taken together they are located within a network of relationships that service us, situate us, and also help to organize and order our social lives.107

Instances of where personal data are required and processed are many. As one goes about one’s daily business in the modern information society, trails of information are left behind. For control purposes, these trails of information are very important because they may reveal who one is, where one has been, when and what one did there. In criminal matters, electronic trails do play a significant role in the detection and arrest of culprits. Police are increasingly making use of electronic trails to catch suspects. After 11 September, monitoring and surveillance have become an important form of border control, especially as regards travel security and fight against terrorism. Surveillance has been intensified at the external borders, particularly entry points such as land ports, airports, and seaports. In addition, control and surveillance inside countries has been beefed up and any trails left behind are of interest to control and security authorities and may be used against a person when necessary. This section identifies and analyses different forms of electronic monitoring which have relevance to police and border control co-operation. Beginning with the work-place, electronic entry control systems are a common phenomenon. In the work place, people working there are usually issued with either electronic cards for access or use their body biometrics such as fingers, arms, face, iris and voice for access. A database contains information of which card or biometrics will be given access to specific doors and at a given time. Every attempt to gain access whether successful or unsuccessful is registered and a log is made for all access made or attempted. From the log of information recorded, it is possible to tell who was in the building 106 Lyon, D., Terrorism and Surveillance: Security, Freedom, and Justice after September, 11 2001. A paper given at Privacy Lectures Series http://privacy.openflow.org, url: http://privacy.openflows.org/pdf/lyon_paper.pdf. 107 Lyon, D. (ed.). (2002b), pp. 242-257.

343

344

Chapter 10

and where in the building. As for what one did in the building, this can be discerned from electronic devices one interacts with, for example a computer, a telephone, a fax, and so on. Also some workplaces have surveillance cameras mounted either outside or inside the building or both, these cameras record when a person entered the building and the time a person left, and also, where cameras are mounted inside the building, what one did in there. When one uses a credit card in a bank or to pay for services such as buying goods, bus, train plane or parking tickets, one leaves a trail of information that reveals much about a person. Bonus cards, where a customer earns points that can be exchanged for goods or services, are common especially in shopping and air travel. Domino and Trumf bonus cards were popular with certain supermarkets in Norway, so was the SAS and BRA bonus cards with Scandinavian airways and Braathens airways respectively. As one travels in and out of the country, one leaves a trail of personal information at the airports with travelling companies, travel agencies or the Internet where one buys tickets. One’s travelling pattern can easily be constructed from these electronic trails. Information of when and where a person has been can also be found in road toll systems although the registration of time and place of passing a road toll station is not allowed in Norway. If a car passes the toll station without valid subscription, a front view photograph of the car is taken for the purpose of claiming fine. In addition to photographing of the car, other information on time and place, that the illegal passing took place, is registered. Information of the owner of the vehicle is readily available and can be retrieved from motor vehicle database. Instances of electronic surveillance have also been on the increase in the past decade. Video surveillance in public places such as buildings, parks, streets, car parks, bus and train stations, airports and even schools are common features in modern cities. Whole cities are in danger of being under the electronic eyes of closed circuit television (CCTV) cameras constantly, as the cases in Great Britain indicate. CCTV is also moving from the old analogue to digital technology, which makes it possible to integrate surveillance systems to corporate and public networks and databases. Unlike analogue videotapes systems, digital images on DVDs or CDs can be indexed and searched easily.108 Another form of electronic monitoring and surveillance of importance for police and border control co-operation is “database surveillance”. Data surveillance, or “dataveillance”, as referred to by Roger Clarke109, is the systematic use of personal data systems in the investigation or monitoring of the actions or communications of one or more persons. Dataveillance is of two types: personal dataveillance and mass dataveillance. Personal dataveillance is the systematic use of personal data systems in the investigation or monitoring of the actions or communications of an identified person. It is applied as a means of deterrence against particular actions by the person, or repression of the person’s behaviour.110 Personal dataveillance is well suited for individual identification and 108 Flynn, L. J. (2003). 109 Clarke, R. Introduction to Dataveillance and Information Privacy, and Definitions of Terms: http://www.anu.edu.au/people/Roger.Clarke/DV/Intro.html#DV accessed on 1 November 2004. 110 Ibid.

Border Control and Identification Techniques

authentication. For example, SIS and related cross-border systems are applicable for this kind of dataveillance. An individual’s name is checked in the SIS to determine whether an alert on the person has been entered. The same applies to the Eurodac where persons are checked whether their fingerprints are already in the system. Similarly, the VIS will be used to verify and identify persons for purposes of issuance and control of visa and resident permits. Mass dataveillance is the systematic use of personal data systems in the investigation or monitoring of the actions or communications of groups of people. It is applied in order to identify individuals who belong to some particular class of interest to the surveillance authorities. It can also be used for its deterrent effects.111 Mass dataveillance is well suited for airport and travel security monitoring, especially in the fight against terrorism. Systems like the Passenger Names Records, Total (Terrorist) Information Awareness,112 CAPS II (Computer Assisted Passenger Screening)113 and CAPPS (Computer–Assisted Passenger Pre-Screening Systems)114 in the US for exchange of air passengers and travellers personal data are used for mass dataveillance. The computer age has brought surveillance into a new era in which information about almost anybody is available to almost anybody.115 Numerous personal data databases exist both in public and private sectors that could be used for linking, matching and profiling for purposes of surveillance. As indicated in the preceding chapters, for police and border control purposes, various personal data databases are in place.116 With the increased call for sharing of data and advancement of identification techniques to include biometric data, the verge of the development of the most extensive dataveillance systems on the globe may have been reached. With sharing of data, it will now be easy to identify individuals across systems. It will also be feasible to carry out mass surveillance of individuals, groups or whole populations across systems. Electronic spoor and surveillance has its downside as it makes an individual prone to control. The developments above indicate that often and in many more situations the individual will be observed and registered without reflecting. “Surveillance may involve physical watching, but today it is more likely to be automated. Thus it makes personal data visible to organisations, even if persons are in transit, and it also allows for comparing and classifying data.”117 Electronic surveillance and especially dataveillance leads to

111 Ibid. 112 Its purpose is to gather information about terrorists from databases worldwide. 113 It is used to separate low-risk air-travellers form high-risk travellers by gapping into ever passenger’s travel history and living arrangements, plus a wealth of other personal and demographic information. 114 The system requires foreign border control points , including EU Member States, to submit information on passengers who are travelling to the United States. 115 STOA: Development of surveillance technology and risk of abuse of economic information, Luxembourg, May 1999. 116 See Chapters 7 and 9 above. 117 Lyon, D., (2002a).

345

346

Chapter 10

the phenomenon “social sorting” as described by Lyon118 or “panoptic sort” by Gandy.119 Social sorting is a form of categorisation of persons and populations into desirables and undesirables based on risk assessment for purposes of inclusion or exclusion. The Schengen Convention does not regulate electronic registration apart from registration in the Schengen Information System. In order to establish the legal basis of the electronic registration that results in electronic spoor or surveillance one must look into the national law and other international laws. In Norway, the main law that governs electronic spoor and surveillance is the Personal Data Act of 2000 and the regulations made there under and other specific laws such as the labour law and criminal procedure law. The Personal Data Act regulates the use of personal information in certain types of activities such as credit rating activities, data processing activities, addressing and distribution services as well as opinion polling and marketing surveys.120 The same activities are regulated by regulations made there under. The Act also regulates video surveillance. On the international level, the main human rights and data protection legislation regulate surveillance in general and in particular electronic monitoring and data surveillance can be said to fall within the scope of these laws. The human rights laws of significance are the UN Covenant for Civil and Political Rights, the European Convention for Human Rights and the EU Charter for Fundamental Rights privacy provisions. The main data protection laws are the EU Directive and Council of Europe Convention ETS no. 108. As regards the EU Directive, it addresses the general obligation of Member States to guarantee the protection of the right to privacy of natural persons with respect to the processing of personal data. The Directive 97/66/EC of the European Parliament and of the Council of 15 December 1997 concerning the processing of personal data and the protection of privacy in the telecommunication sector was adopted to specifically regulate processing of personal data and privacy in the telecommunication sector, thus translating the principles set in the Directive 95/46/EC into specific rules for the telecommunications sector. The Directive 97/66/EC allowed retention of personal data relating to subscribers for purposes of billing only and to the extent that is necessary for the provision of services, Article 6(1). In Article 5, it also ensures confidentiality of the communication and prohibits listening, tapping, storage or other kind of interception or surveillance of communications, by others than users, without the consent of the users concerned, except when legally authorised, in accordance to with Article 14(1). As such the Directive limited the use of telecommunication personal data by security services for surveillance purposes. The amendment of the Directive by Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing 118 Lyon, D (ed.) (2002b). 119 Gandy, O. The Panoptic Sort: A political economy of personal information, (Boulder CO: Westview, 1993). In his view, persons and groups are constantly risk-profiled which in the commercial sphere rates their social contributions and sorts them into consumer categories. In the policing and intelligence systems persons are rated relative to their social dangerousness, see Ericson, R. & Haggerty, K. (1997). 120 The Personal Data Registers Act 1978 Chapters 5-8.

Border Control and Identification Techniques

of personal data and the protection of privacy in the electronic communication sector (Directive on privacy and electronic communication) popularly known as the Privacy Directive, extended the retention of traffic data (e.g. records of the length, origin and destination of phone calls) for national security and law enforcement purposes, once it is no longer required for billing or other essential management purposes, provided that any measures taken by Member States are proportionate and necessary. But there was no retention time frame agreed by Member States. Directive 2006/24/EC on data retention,121 however, provides for extended retention of traffic data and location data for a period of 6 months to 24 months. It puts obligation on Member States to ensure that specific communication data (land and mobile telephones, faxes, e-mails, internet histories and many future communications technology) are retained for a specified period. The obligation covers data which otherwise would have to be erased pursuant to Directive 2002/58/EC on privacy and electronic communications. The wide retention of personal data by the Directive 2006/24/EC has potential of opening flood gates for wide scale surveillance of society.122 The recent European Council Cybercrime Convention123 increases the powers of law enforcement agencies to carry out data surveillance and electronic monitoring.124 It gives law enforcement authorities across states wide investigative powers without introduction of sufficient privacy and data protection safeguards. The Convention allows expedited preservation of stored computer data, Article 16, expedited preservation and partial disclosure of traffic data, Article 17, production order, Article 18, search and seizure of stored computer data Article 19, real-time collection of data, Article 19 and interception of data, Article 21. But Article 15 on conditions and safeguards, which provides inter alia, that each party must ensure that “the established, implementation, and application of the powers and procedures provided for in this section (investigative procedures) are subject to conditions and safeguards provided for under its domestic law, which shall provide for the adequate protection of human rights and liberties.” Such a blanket reference to national law safeguards without incorporation of the necessary privacy and data protection safeguards in the Convention itself is quite vague and inadequate. The Convention should give specific and detailed protection within any of the specific provisions. As Buttarelli observed, “the vagueness of this provision (and others) introduces the risk of enhancement of the flaws and benefits of the Cybercrime Convention overall,

121 Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC. 122 See also, Karanja, S. K. (2006). 123 Council of Europe Convention on Cybercrime – ETS No. 185 Budapest, 23 November 2001. 124 The aim of the Cybercrime Convention is to facilitate investigation of computer and internet crimes. These crimes are difficult to conduct because a maze of interconnected computer networks can transmit information instantaneously. Criminals can delete or alter data as quickly as they create it. The ability to destroy or alter data quickly makes it difficult to obtain evidence and perform investigative procedures.

347

348

Chapter 10

as the Convention is transposed into the laws of ratifying countries which may have drastically different pre-existing privacy and human rights protections.”125 The classic surveillance case of Klass and Others v. Germany is applicable to electronic and data surveillance discussed here. In that case, the applicants were protesting against a legislation which had the effect of putting every person in Germany under secret surveillance without ever being notified of the same, even after the fact. The Court laid great emphasis on the need for adequate safeguards against surveillance. It said that “the Court must be satisfied that, whatever system of surveillance is adopted, there exist adequate and effective guarantees against abuse (§ 50).” The decision in Klass and Others has been confirmed in many subsequent cases (See Huvig, Kopp, Amann, Rotaru, etc, cases). Similarly, for electronic and data surveillance that is allowed by law, the law should incorporate adequate and effective guarantees against abuse. Most electronic and data surveillance instances discussed above are permitted by law, but the question is whether those laws provide adequate and effective safeguards against abuse. The most recent legislation the Directive on data retention and the Cybercrime Convention are going to influence surveillance landscape in the countries concerned. But they also seem to give wide investigative powers to law enforcement agencies, but provide very few guarantees against abuse. The Directive has serious omissions which will affect transparency and proportionality in data processing.126 The Cybercrime Convention, on the other hand, grants wide investigative powers but has not incorporated human rights and data protection guarantees in the provisions. It leaves the discretion to the Member States concerned to implement the necessary protection. There is no doubt that most electronic and data surveillance instances would be considered interference with the right to respect for private life under Article 8(1) as they are systems of surveillance (Klass and Others). They would therefore require to be justified under Article 8(2). As regards “in accordance with law” test, that would not be difficult to fulfil as most electronic and data surveillance acts would find legal justification. The legitimate aims test too would be easy to surmount as most acts could be justified as necessary for the prevention of crime and for national security. But as shown above, electronic and data surveillance would be difficult to fulfil as regards “necessary in a democratic society” criterion because there may not be adequate and effective safeguards against abuse. 10.4

Identification Techniques and Control Compliance with Article 8 ECHR and Data Protection Principles

10.4.1

Compliance with Article 8 ECHR

As the discussion on human rights compliance under every method of identification and control has indicated, the methods of identification and control do not comply with 125 Buttarelli, G. (May 2004). Remarks in Washington, D.C., Promoting Freedom and Democracy: A European Perspective, May 21, 2004, http://www.epic.org/privacy/intl/buttarelli052104.html, accessed 18 July 2005. 126 Karanja, S. K. (2006). p. 55.

Border Control and Identification Techniques

Article 8 requirements. The methods amount to interference with the right to respect for private life under Article 8 and as such they would require to be justified under any of the conditions in Article 8 (2). The collection of identification data other than objective data and their storage in identification systems would certainly engage Article 8. The Commission in the Case of Reyntjens v Belgium held that the issue of an identity card containing only a person’s name, sex, date and place of birth, current address, and the name of their spouses does not itself raise issues of the right to respect for private life under Article 8. That is, gathering and storage in processing system of photographs and biometric data (fingerprints, DNA, etc.) would amount to interference with the right to respect for private life. According to Vasileva v Denmark, the use of different identification methods in order to establish identity would not be interference with the protection of Article 8(1). In this case, the Court observed that “it is a fundamental condition for the police in order to carry out their tasks, and thus ensure law enforcement, that they can establish the identity of citizens”. Concerning the legality requirement, most of the techniques are permitted by law and easily satisfy the legality condition. A few techniques, however, especially the voluntary DNA testing for crime suspects and family reunion applicants and language tests for asylum seekers fall in the grey area where legislation is not clear. Either regulation is totally lacking or only lower echelon regulation is available. In this circumstance, these methods cannot be said to fully comply with the legality criterion, it also questionable whether the consent to undergo the test can be considered voluntary and free of physical or psychological inducement (Lustig-Prean and Beckett v United Kingdom). The issue of legitimate aims does not present problems as most of the techniques and surveillance could find justification in one or more of the aims under Article 8(2). The aims are interests of national security, public safety, and the economic well being of the country, prevention of disorder and crime, the protection of health or morals and the protection of the rights and freedoms of others. As noted, in chapter 4, these aims are wide and governments have a broad menu of aims from which to choose. Further, the state only requires to identify and rely on one aim only to defeat an applicants claim, but as the aims are many it could rely on as many as it wants. In addition, the Court allows governments broad discretion in matters of policy and legislation and unless the Court thinks that the discretion is being abused, it would not interfere (Klass and Other also subsequent cases). Even when the Court does interfere it adopts a flexible interpretation of the aims so that it rarely finds a violation of the Convention rights by reference to this standard. The “necessary in a democratic society” condition is the most difficult for identification and control techniques discussed here to fulfil. First and foremost the measure must be shown to be necessary. That is it must be a ‘pressing social need’ (Handyside v United Kingdom). A pressing social need is said not to exist if the interference complained about is not proportionate to the legitimate aim pursued (Incal v. Turkey). The legitimate aims for the identification techniques and controls are numerous as they aim at establishing secure identity for services and benefits, prevention of identity theft and fraud, prevention of terrorism, prevention of illegal immigration, etc. But cramming

349

350

Chapter 10

together all these aims in one system may not work and can be counter-productive. As LSE Identity Project report127 observed, The current proposals seek to address multiple, divergent goals, yet the evidence from other national schemes indicates that identity systems perform best when established for clear and focused purposes. The goal of “prevention or detection of crime”, for example, involves a potentially huge number of applications and functions that may not be appropriate for an identity system that also seeks to achieve a goal of public services delivery.

The fact that these measures have multiple aims may make it difficult to associate a measure to specific aims and therefore the measure may not be said to be necessary as it does not meet a specific pressing social need. In other words, it may be difficult to establish the pressing social need pursued by the measure. Identification and control techniques must also pass a proportionality test. Proportionality test is the most difficult for a measure to pass as the Court applies the test rigorously. The identification and control techniques discussed here certainly raise proportionality issues. First and foremost the Court will examine whether “relevant and sufficient” reasons have been advanced in support of the measure being pursued. As noted above, the reasons given for identification and control measures usually are many and this may cause confusion as to the specific aim the measure is pursuing. In addition, the Court will ask whether there was a less restrictive alternative. The trend currently with identification and control measures is to enhance the traditional techniques with biometric data. In some cases the traditional measures may have worked well without the need to emboss them with biometric data and entering the data in an identification system. In such cases, it may be difficult to argue for and defend inclusion of biometric data and entering them into an identification system. The use of biometrics gives rise to particular concern because this technology has never been used at such a scale.128 Further, the issue will arise as to whether safeguards against abuse exist. This is the most important criterion as regards the techniques discussed here, and as it is evident from the discussion above, for these methods to be in compliance with Article 8(2) the issue of adequate safeguards must be addressed in accompanying legislation. Some of the laws fall short on the requirement of adequate safeguards. In conclusion, the techniques examined here amount to interference with the respect for private life and must be justified under Article 8(2). Some techniques, especially DNA and language tests for asylum seekers and persons seeking reunion, may not pass the legality test as there is lack of legislation, and where the legislation is present it is of lower echelon. The methods also may not satisfy the proportionality criterion for reasons stated above. In the following section on compliance with data protection principles, the issue of safeguards is examined in detail as most of the safeguards are concerned with data protection. 127 Enterprise Privacy Group, the Identiy Project: Interim Report p. 10. 128 Ibid.

Border Control and Identification Techniques

10.4.2 Compliance with Data Protection Principles 10.4.2.1 General As the preceding analysis on control and identification techniques demonstrates, biometric technologies are becoming the choice as regards identification in police and border control co-operation. Even the nature of traditional control methods, identity cards and photographs, is changing. Identity cards are becoming embossed with biometric data and photographs are digitalised and machine readable. Identity cards and photographs are no longer the same. Consequently, the traditional identification and control methods should be seen in the wider discourse of biometric and electronic and data surveillance methods. The integration of the old and the new techniques may pose serious human rights and data protection problems. For example, the use of identity cards and photographs in the traditional manner did not have serious implications for data protection if the personal data were not biometric or entered into an identification system. A card that contains only objective personal data (name, address, sex, date of birth, etc.) and not subjective, sensitive or biometric data cannot be said to interfere with the right to respect for private life. But this is so far as the data are not entered into an identification system, because once they are stored in the system they become objects of interference. Data in a database can be consulted independent of and without consulting the data subject. In the discussion on data protection in this section, the focus is on integrated traditional methods with emphasis on biometric identifiers and dataveillance. In the EU, there is no specific law protecting biometric data. The approach adopted is piecemeal, affecting individual biometrics (e.g. fingerprints, DNA). For example, the Eurodac Regulation is the only special law regulating processing of fingerprint data. Recently, with the introduction of biometric identifiers (facial recognition and fingerprints or iris scan) in the uniform format for visas and residence permits for thirdcountry nationals, proposals were forwarded to amend the respective Regulations [Regulation (EC) 1683/95 laying down a uniform format for visas and Regulation (EC) 1030/2002 laying down a uniform format for residence permits for third-country nationals] in order to comply with the data protection rules in the processing of biometrics data. Hopefully when the Visa Information System Regulation is formulated, data protection rules on biometric data would also be highlighted.129 Biometric data are also likely to be included in the next generation of Schengen Information System (SIS II). There is also the inclusion of biometric data in EU passports, in a European register on passports. The regulation proposed for this purpose does not seem to be sufficient for protection of biometric data.130 Since biometrics are becoming the preferred identifiers, the piecemeal approach may become redundant and the need for a special framework

129 See 9.6.5 above. 130 Privacy International: An open letter to the European Parliament on Biometric Registration of all EU Citizens and Residents, November 30, 2004, http://www.privacyinternational.org/ issues/terrorism/ep_letter_biometrics.html Accessed on 6 July 2004.

351

352

Chapter 10

law to regulate the use of biometric data comprehensively and to supplement these individual Regulations may be necessary. Currently, privacy and data protection laws do offer general regulations of biometric data. The protection of biometrics data, in data protection laws, depends on whether biometric data are considered personal data or not. As indicated in the discussion of personal data in Chapter 6, personal data is defined in Article 2 (a) of the Directive as “any information relating to an identified or identifiable natural person (…); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental (…) identity,” (emphasis added). Since biometrics use either physiological or behavioural characteristics of the person for identification, it can be said to be within the ambit of the definition of personal data. Recital 26 adds that “to determine whether a person is identifiable, account should be taken of all the means likely reasonably to be used either by the controller or by any other person to identify the said person.” In this case, biometrics as a means of identification falls within the ambit of the definition. In that case, measures of biometric identification or their digital translation in a template form in most cases are personal data.131 But if the biometric data were made anonymous or, like a template, were stored in a way that no reasonable means could be used by the controller or by any other person to identify the data subject, those data should not be qualified as personal data. Similarly, where biometric data fall within the exceptions in the Directive, they are not personal data. For example, Article 3 (2) second ambit where biometric data are processed by a natural person in the course of a purely personal household activity, the data are not personal data. Although Article 3(2) first ambit does not affect data processed for border control where it involves the crossing of borders and immigration matters, however, it could apply to processing of biometric data for police and crime purposes, in which case the data will not be personal data within the scope of the Directive. But this is only academic because the same data would have other legal basis within national law. Despite these remarks, processing of biometric data may only be considered fair and lawful if all procedures are carried out, starting from enrolment, according to provisions of the Directive.132 For the purpose of this work, only issues concerned with transparency and proportionality from a data subject’s perspective will be examined. What follows below is an examination of biometrics and data protection using the transparency and proportionality model developed in Chapter 6. Since all technologies that process personal data do raise issues of transparency and proportionality, the question addressed as regards biometric technologies is the special problems of transparency and proportionality raised by biometric technologies. The analysis below will therefore identify and focus on these special problems only. General data protection problems which are not peculiar to biometrics technologies will not be treated here. 131 Article 29 – Data Protection Working Party: Working document on biometrics, 1 August 2003 12168/02/EN WP 80 p. 5. 132 Ibid.

Border Control and Identification Techniques

10.4.2.2 Fair and Lawful Principle and Transparency Requirement for general information has two ambits: general access and individual access. Under general access, the main concern is to what extent does a data subject have access to the information on purpose and use of their personal data which is in the custody of the data controller? The concern here is how does processing of biometric data complicate the general access to the information on purpose and use of personal data by the data subject? Important aspects to be highlighted are the specific purposes principle and the openness in data processing, that is, data processing should not be secret or covert. Processing of biometric data could easily offend the specific purpose principle in two ways: function creep and sharing of data. In these situations, it would be difficult for data subjects to know the purpose and the use to which the data is put. Function creep means data collected for one purpose, being applied to other purposes. For example, fingerprint data collected for asylum processing purposes, being used for criminal or general dataveillance purposes. Function creep is not unique to biometric data; it is a problem that is prevalent in all technologies. The greatest danger, however, is not the expansion of the original use to new well meaning purposes, such as the application of new uses to for example combat crime, airport and air travel security, or protection of children (as few would object to such uses), but rather to other uses that go beyond the original purposes that fail to address the limitation of the original collection activity.133 Function creep also means that data could be used for other purposes, for example covert surveillance, without the consent of the individual concerned. In such a situation, the data subjects will never know how, who and where their data are being used and for what purpose. Consequently, data subjects will lose control of their data. Biometric data as unique identifiers offer a good platform for linkage and sharing of data as well as surveillance because data linkage and sharing require high-integrity identifiers which biometric data offer. The linkage and data sharing is not bad in itself. The danger lies in that personal data could be used for new and different purposes from the original purpose. In addition, linkage and sharing could lead to misuse of personal data, especially where they are used for unauthorised purposes. The centralised storage of biometric data also increases the risk of the use of biometric data as a key to interconnecting different databases that could lead to detailed profiles of an individual’s habits both in the public and private.134 In addition, the standardisation and interoperability of databases and biometrics could lead to greater interlinking between databases. Furthermore, function creep could be envisaged in a situation where data were linked and shared freely. But use of biometric data for purposes of authentication or verification seems to create less risk for protection of fundamental rights and freedom of individuals.135 This is especially so where data are not stored centrally, for example in a database, but on a mobile device like a smart card and the matching process happens 133 Cavoukian, A. (1999). 134 Article 29 – Data Protection Working Party: Working document on biometrics, 1 August 2003 12168/02/EN WP 80. 135 Ibid.

353

354

Chapter 10

on the card. But where biometric data are used for identification purposes as unique identifiers, there is risk, especially, where data are stored in a database, because such identifiers can link disparate databases and information. The possibility of clandestine surveillance increases, too where biometric data are stored in centralised databases because linkage of data is possible without the knowledge and consent of the individual concerned. For example, facial recognition systems can track individuals without their knowledge or consent. Furthermore, the information from clandestine surveillance can be combined with other personal data acquired through biometrics, and provide even more insight into an individual’s private life. The Super Bowl Tampa, Florida incident above illustrates how biometric personal data can be used for surreptitious surveillance. Although data protection laws expressly provide for specific purpose principle, in order to serve a useful purpose, the principle should be stated clearly without ambiguity. The purpose for which biometric data are to be applied should be specific without leaving room for other interpretations. In this regard, Rapporteur Carlos Coelho Committee on Civil Liberties’ Justice and Home Affairs recommends that in transposing the two principles (specific purpose and proportionality principles) the purpose of introducing biometrics should be stated more specifically in the legal text and that the users of this data have to be clearly identified. As regards the purpose for which the data will be used, it has to be made absolutely clear that the data can only be used for verification and under no circumstances for other purposes, in particular hidden surveillance.136

Also system architecture should be developed in such a manner so as to enable better enforcement of the principle. Requirement for individual access entails the right of a data subject to know whether data about him or her are registered with the controller. The objective is to enable the data subject to control that data about him or her held by the data controller are correct and complete for the purposes for which they are being held and used. Use of biometric data as identifiers could undermine the right of access in a number of ways. Traditionally, few persons have exercised the right of access. This is despite the fact that most traditional methods of identification and collection of data could have been flawed and data incorrect, inadequate or out of date. The reasons for this are varied but one of them is worth highlighting here. Most data subjects tend to trust data controllers and data processors or they have been desensitised, through the widening of the use of personal data in almost every aspect of their lives. Consequently, they do not exercise their right of access unless they are personally adversely affected by the decision of the data controller. The same trust and desensitisation is likely to increase with the use of biometric data.137 Biometric data offer high-integrity identifiers because they 136 European Parliament Committee on Civil Liberties, Justice and Home Affairs – Draft Report on the proposal for a Council Regulation on standards for security features and biometrics in EU citizens’ passports, PROVISIONAL 2004/0039(CNS) p. 13. 137 Article 29 – Data Protection Working Party: Working document on biometrics, 12168/02/EN WP 80.

Border Control and Identification Techniques

are unique, accurate and difficult to falsify or lose. Faced with biometric evidence, few people think of challenging whether the data used are correct, adequate and update. In addition, biometric data is not easy to repudiate. This may be so even though the rates of false negative138 and false positive139 could be high in some biometrics. These errors are dependent not only on the technology, but also on the application and the environment of use. It would, therefore, be wrong, to assume that the results of biometric verification or identification are ‘tight correct’. But even where one would like to challenge the use of biometric data, the task is insurmountable as the burden of proof seems to shift to the data subject who must contest and prove his or her innocence. Furthermore, the processing of biometric data is highly technical which most data subjects do not understand. This alone can discourage most people from requesting access to their information. There is also the problem of function creep and sharing of data discussed above which could affect the right of access. When data is applied to new functions not originally intended and shared across systems, there is a risk that data subjects would not know that the data are being applied to new uses and shared. Consequently, it becomes cumbersome for a data subject to follow the data into the new uses and new users. The trail of access and control is lost as the data subject could be in the dark as concerns these new applications of the data. The matter is even worse in discreet surveillance because the data subjects do not even know that their data are being processed. Access to biometric data, as in other personal data, will be subject to the exemption clause on the right of access. Biometric data in police and border control co-operation will mainly fall under the security reasons for exemption and this may mean that the right to access can be denied in a number of instances. To ensure that the right of access is respected by data controllers and practised by data subjects, notification to data supervisory authorities and information and education to data subjects are necessary. Notification and informing the data subject are recognised by the EU Directive, Article 18, Articles 10 and 11 respectively, but not all data protection laws incorporate these rights. The Schengen Convention and others such as the Eurodac Regulation on fingerprints do not contain provisions on notification. In the processing of biometric data, notification to supervisory authorities should be obligatory. Notification is meant to encourage transparency and discourage clandestine processing of personal data. Information can be given to data subjects in two instances. Firstly, information is to be given under Article 10 of the Directive which requires information to be released to the data subject in cases of collection of data from the data subject. Such information is to enable the data subject to form an informed consent and exercise his/her right of access, if need be. Secondly, information is to be given under Article 11 of the Directive where data have not been obtained from the data subject. The situation envisaged here is where data may be obtained from a third party or through sharing or disclosure of

138 False negative rate is also known as False Rejection Rate (FNR). It is an error that occurs where a legitimate user fails to be recognised. 139 False positive rate is also known as False Acceptance Rate (FAR). It is a mistaken identification or verification where the person is matched against an enrolled user.

355

356

Chapter 10

information. The purpose is to enable the data subject to keep track of who has his or her personal information and to have control of the information. Education about the nature and processing of biometric data should be availed to data subjects. The purpose is for the data subject to be informed of the nature of biometric data. That is, biometrics does not offer non-repudiation. In other words, biometrics and biometric data or evidence is open to challenge because the data can be stolen, falsified, or erroneous. In addition, the integrity of data can be questioned because biometric data can be collected covertly. Because of their ‘low-level intrusiveness’ some biometrics are amenable to blanket utilisation and covert use. Data subjects should not accept such use without questioning. Requirement for legal information is a requirement for legality. But enactment of data protection laws and regulations without more is not enough. What is required is that, all parties concerned, data subjects, data controllers and supervisory authorities are acquainted and well informed of the legality of data processing. In other words, the laws, regulations and other legal information should be made accessible and knowable to the parties. Lack of accessibility and know-ability may be an obstacle to fair processing of personal data as data subjects may not be in a position to exercise their rights, and data controllers and others may not be able to fulfil their responsibilities and obligations. As regards biometrics, the law is in the formative stage. There is no general data protection law on biometrics and recourse is to the general privacy and data protection laws. There are, however, special laws for the commonly used biometric data such as fingerprints and DNA. New biometric data such as facial recognition and iris recognition are not regulated by special laws yet. As mentioned above, proposals to regulate biometric data in visas, resident permits and passports have been put forward. But this amounts to piecemeal regulation and what is needed is a framework law to legislate the processing of biometric data. Biometric data as seen in this chapter, raise special data protection problems, function creep, linkage and sharing data and covert surveillance, which although they could be addressed by the general data law, it may not be adequate. In addition, the piecemeal laws are scattered around and could affect know-ability as it would require a lot of effort to understand the laws, especially on the part of data subjects who lack legal expertise. The Article 29 Data Protection Working Party has also prepared a working document on biometrics which looks at the effects of processing of biometric data on the protection of personal data.140 It issues such documents as part of its duties to advise the Commission on matters of protection of personal data. The working party is, therefore, a useful source of legal information within the EU framework. Other bodies which would be entitled to disseminate legal information are the national supervisory authorities, who are to be consulted when drawing up administrative measures or regulations relating to the protection of individual’s rights and freedoms with regard to the processing of personal data. They also have the obligation to hear claims lodged by any person concerning the protection of his rights and freedoms in regard to the processing of personal data. A number of decisions on processing of per140 Article 29 – Data Protection Working Party: Working document on biometrics, 12168/02/EN WP 80.

Border Control and Identification Techniques

sonal data have been taken by various national data supervisory bodies.141 Supervisory bodies would also be expected to educate the public on matters concerning their rights and duties in the processing of personal data. On biometrics, they should issue information which would educate the public on their rights in the processing of biometric data. So far there is no such information specific to processing of biometric data available to knowledge of this author. Requirement for reasons is a requirement that decision-making which involves personal data must be fair and lawful. The purpose for reasons is to ensure decision- making is fair and lawful by enabling data subjects to control that the decision- making process is legitimate. That is, the decision is based on legal authority and that the personal data used conform to data quality requirements, namely that the data are complete, correct, up to date and accurate. The requirement for reasons is also a means for data controllers to explain and account for the use of personal data. In other words, data controllers must account and explain the lawfulness of data use. Consequently, requirement for reasons is a requirement for transparency in data processing. Biometrics technology is highly automated. Biometric systems, more than other systems of identifiers, enable automated decision-making because they are easy to automate. It is this attribute that makes biometrics a leader in identification technology. Automation, however, has its downside because there could be error or errors in the system. There is therefore a risk if there is undue reliance on automated decision-making for such decisions to be seen as always correct. The requirement for reasons, for decisions arrived at by authorities, has the purposes of safeguarding against solely relying on automated decision-making in matters that may have serious consequences to the person concerned. For example, a system may mistakenly identify a data subject as a person who should not be allowed to take a plane or should not enter a specific country and who would have little means to resolve the problem when he is faced with such ‘indisputable’ evidence against him.142 Fortunately, data protection laws, especially the Directive under Article 15, discourage solely relying on automated decisions. This requires Member States to grant the right to every person not to be subjected to a decision (…) based solely on automated processing of data. The import of the requirement is to impose an obligation to give reasons where request for such decisions is made. But as argued elsewhere, the right to reasons should not depend on data subjects taking the initiative, rather the duty to give reasons should lie with the data controller. The data controller should, as a routine, give reasons to data subjects in every case where automated decision making is relied on. The requirement for reasons is also important in a situation where processing of personal data relies, more and more, on linkage and sharing of data among systems. As note above, biometric data enhances linkage and sharing of data. At the same time, the data subject seems to lose control of his or her data with every linkage and sharing of data. The right to reasons therefore would give the data subjects a measure of control of their data by giving them an insight to the decision-making process and enable them to challenge unfavourable decisions. Rapporteur Carlos Coelho on the Committee on Civil 141 Ibid. 142 Ibid.

357

358

Chapter 10

Liberties, Justice and Home Affairs endorses the requirement for reasons when he states that “there will have to be guarantees to the effect that when border checks are carried out and a false rejection occurs, the citizens concerned will be informed of the reasons for such a rejection and of the means to be employed in order to clarify and rectify the situation as quickly as possible.”143 10.4.2.3 Fair and Lawful Principle and Proportionality In this section, focus is on two proportionality requirements because biometric technologies seem to especially raise issues concerned with guidance and discrimination. The other three requirements may have some relevance but the issues they raise may not be as pertinent as those raised by the two requirements chosen for analysis. The requirement for proportionality between control and guidance is a requirement that there should be proportionality between effort spent on controlling citizens and effort spent on providing citizens with guidance. It means that control should be balanced. Balanced control entails spending efforts both in controlling and in giving guidance. If efforts were spent on controlling only without giving guidance then control would be one-sided. Need for guidance in biometric control is vital because the nature of biometric technology is that they are regarded as highly accurate. In the circumstance, any decision arrived at may be regarded as irrefutable. Guidance to both controllers and the controlled is required in order to disabuse the irrefutability notion. Both parties should be aware that there could be errors in the compared biometrics which result in wrong decisions. In such cases, the controller should accept the challenge of the decision by the controlled persons and assist them to get the appropriate remedy. In addition, the fact that the use of biometric identification technologies is new, the controllers and those controlled should be offered guidance to enable them to understand the technology and how it affects their work or rights respectively. In data protection laws, there is no explicit requirement to give guidance but data protection authorities do fulfil this role. Controllers, however, are not required to provide guidance by law. In other circumstances, the initiative to request for guidance is left with the controlled persons. This is an anomaly that should be rectified by requiring controllers or data protection authorities to give guidance to data subjects. Requirement for proportionality control between different control target groups is a requirement for non-discrimination. It is a requirement not to be discriminated against because of one’s nationality, ethnic, race, sex or religion. Biometric technologies of identification could easily be used for discrimination purposes. This could happen where profiling in border control is done on the basis of race, colour, religion or nationality. The fight against terrorism especially has taken a racial, religious and nationality dimension, and profiling based on these reasons is common. In such circumstances, if control is to be proportional there is need for a clear non-discrimination requirement in the law. 143 European Parliament Committee on Civil Liberties, Justice and Home Affairs – Draft Report on the proposal for a Council Regulation on standards for security features and biometrics in EU citizens’ passports, PROVISIONAL 2004/0039(CNS) p. 15.

Border Control and Identification Techniques

As noted elsewhere, data protection laws lack an express provision on non-discrimination. Merely stating that control authorities and officials should observe human rights law is not enough when the law they are applying does not specifically prohibit discrimination on the basis of race, colour, religion and nationality. 10.5

Conclusion

In this chapter, a convergence of traditional techniques of control and modern biometric technologies has been demonstrated. The integration is predicated by the need for secure identification, security and the availability of biometric technologies. In particular, after 11 September, the use of biometric technologies for security and border control purposes has accelerated. Whereas biometric technologies enhance security especially as they make identification secure, they raise issues of human rights, especially privacy. Current data protection laws do not seem adequate, especially from the framework of transparency and proportionality adopted in this study. They may require to be brought in line with transparency and proportionality requirements discussed in this work. In the next chapter, the focus is on how the border control policies discussed in this chapter and the previous chapters are implemented in the control and surveillance of persons crossing external borders and residing in the Schengen/EU territories.

359

11

Border Control Legal Measures and Policies

11.1

Introduction

The abolition of internal border controls in the Schengen co-operation is realised under Article 2 (1) of the Schengen Convention: “Internal borders may be crossed at any point without any checks on persons being carried out”. The implication of this provision read together with Article 21, which allows free movement for third country residents, is first, that all travellers, either EU citizens or third country nationals are exempted from any form of border control when crossing an internal frontier. Article 21 is very significant because, for the first time, it allows free movement for third country nationals residing in any of the Schengen countries. The granting of free movement to these people has been the bone of contention among EU Member States that led to the creation of the Schengen co-operation. It also means that travellers no longer have an obligation to stop at the internal borders and present travel documents for inspection as no checks are carried out there. The second implication is that the Schengen States have to ensure that all travellers may cross the border without hindrance. That is, border guards and physical barriers have to be withdrawn. As Nanz observes, in the case of land borders, unhindered crossing of the border also includes the removal of the frequent “slalom” traffic lanes when approaching the border post. The definition of internal borders in Article 1 of the Convention implies that control is to be abolished not only at the land border-crossing points but also at internal airports and seaports. Internal borders therefore mean land borders of the Contracting Parties, their airports for internal flights and their sea ports for regular trans-shipment connections exclusively from or to other ports within the territories of the Contracting Parties calling at any ports outside those territories. As airports may also be external borders, it has become necessary to adapt airports for functions of internal borders and external    

Article 1 of the Schengen Convention defines a third country national or an “alien” as any person other than a national of a Member States of the European Communities. Nanz, K. P. (1995), p. 32. See, the discussion in section 2.2 above. Nanz, K. P. (1995), p. 32.

362

Chapter 11

borders. Most international airports have therefore had to make changes in their layout to allow for Schengen flights to be dealt with in the same manner as domestic flights. Although the removal of internal border controls is intended to be complete, there are also exceptions that may restrict free movement inside the Schengen as discussed below in 11.5.4. At the same time the concept of free movement is restricted because, as indicated in Figure 15, the removal of internal border controls has meant or resulted in dislocation of controls internally, intensification of external controls and transfer of controls to external border as well as exportation of controls to countries of origin. In this chapter, discussion and analysis of places of controls are undertaken under the following headings corresponding to places of controls outlined in the figure below. – Control beyond Schengen external borders – Control at the Schengen external borders – Control inside the Schengen territory

External borders Internal borders Transfer of controls to the external borders Spreading of controls inside the Schengen area Transfer of controls outside Schengen area

Figure 15: Control Places

The objective of this analysis is to identify who is affected by the controls at these places, which authorities are involved in the control work, the controls and control methods in use, the information systems in use and the protection available to individuals concerned. In a way, this chapter is an attempt to consolidate the measures and policies ana

Ibid. p. 33.

Border Control Legal Measures and Policies

lysed in the preceding chapters in order to portray a complete picture of the application of these measures and policies in the border control co-operation. 11.2

Categories of Persons Affected by Border Controls

Places of control, and border controls carried out there, affect all persons who cross them but all are not affected in the same way. It is necessary therefore to classify persons crossing borders in different categories in order to capture the reality of places of control and controls carried out there and how they affect the different groups. Using the metaphor ‘sorting’ by Lyon, places of control are viewed as sorting out places. Travellers are sorted out according to categories and controls applied correspond to these categories. Seven categories, of persons who cross EU and Schengen borders can be identified. The question that will also be answered is whether the protection is tailored according to categories and groups. The categories presented below are a modification and addition to the list of categories by Cholewinski. – Category 1: EU Member States Citizens and Schengen Contracting Parties citizens. (Modified) – Category 2: Third country nationals resident in EU and Schengen countries. (Modified) – Category 3: Third country nationals whose countries are on the EU/Schengen ‘positive’ visa list and who do not require a visa to enter EU/Schengen for visits of up to three months. (Cholewinski’s) – Category 4: Third country nationals whose countries are on the EU/Schengen “negative” visa list and as such who must be in a possession of a ‘Schengen uniform visa’ to enter the EU for visits of up to three months. (Cholewinski’s) – Category 5: Third country nationals who must also be in possession of an airport transit visa to pass through an international airport in EU/Schengen territory. (Cholewinski’s) – Category 6: Third country nationals of one nationality who are singled out for different treatment on the basis of race, ethnic origin or religion. (Cholewinski’s) – Category 7: Refugees and asylum seekers who do not require a visa but who must nonetheless possess one in order to enter EU/Schengen area to request for asylum because they come from a country which nationals must possess a visa or transit visa in order to be admitted into the EU/Schengen territory. (added) As it will be demonstrated in this chapter, EU/Schengen rules relating to entry into the territory are applied and affect these groups differently. Cholewinski has argued that this is discrimination which is sanctioned by EU/Schengen rules on the crossing of external borders and by rules concerning issuing of visas to third country nationals and even the ECtHR decisions do not avail to these groups. In a report, Borders and Discrimination in the European Union he concludes that due to these distinction of persons,  

Lyon, D (ed.) (2002). Cholewinski, R. (2002), p. i.

363

364

Chapter 11

the fundamental right to be free from discrimination is undermined considerably by EU rules on the crossing of external borders, and by rules concerning the issuing of visas to third-country nationals. (…) there is no reasonable and objective justification for these rules, and that they may in fact be masking discrimination based on invidious grounds such as race, ethnic or national origin and religion. Serious deficiencies can be identified not only in the way these rules are formulated, but in the way they are applied in practice.

In the analysis that follows on control places and the controls taking place there, different groups will be associated with the controls and rules of entry and residence indicating how they affect the groups concerned and the protection available for the groups. 11.3

Control Beyond Schengen External Borders

11.3.1

Introduction

The journey to the EU/Schengen area starts at the country of origin and it is here that a traveller encounters the first set of controls and checks in the form of visa controls (for categories 4, 5 and 7 above) and airport controls for all passengers. The determination of European countries to prevent and combat illegal immigration therefore begins in the countries of origin or any other third country one may be travelling from. “The focus has been largely on joint measures to combat illegal immigration by restricting access to the territory and accelerating the expulsion of ‘illegal’ aliens.” In their effort to restrict access to the territory, these countries are exporting immigration control measures to countries of origin. Experience has proven that once immigrants have been allowed to reach the external borders of the host countries, it is a tedious and time-consuming exercise to send them back to their countries of origin. The objective, therefore, is also to focus control in the countries of origin as a preventive measure in order to contain potential illegal immigrants in their countries of origin. Combinations of measures, which may be characterised as “non-arrival” policies, are put into play to achieve this objective. They include mandatory visa requirements, carrier sanctions and the posting of immigration liaison officers to countries of origin. Although these measures are primarily directed against illegal immigration, the indiscriminate manner in which they are applied has undoubtedly been detrimental to the protection of refugees.10 11.3.2

Control Points and the Controlled

11.3.2.1 Foreign Missions For persons who must have a visa or a transit visa in order to enter the Schengen/EU area or pass through a Member State’s territory, foreign missions and consulates of  Ibid. p. i.  Kpenou, C. (1997). p. 90. 10 Bijleveld, A. W. (1999), http://www.cicerofoundation.org/p134bijl.html Accessed on 20 September 2000.

Border Control Legal Measures and Policies

Member States are the first points of control. The controls also affect asylum seekers and refugees who do not require a visa but who must nonetheless possess one in order to enter the Schengen/EU area for protection purposes because they come from a country whose nationals must possess a visa or transit visa. Several controls are performed here. Firstly, it is to ascertain whether the person is an “unwanted” person who should not be allowed entry into the Schengen/EU territories by checking the person’s identity against the entries in the Schengen Information System - SIS. If the person has an alert under Article 96 registered against him or her, the visa is denied as a routine. Secondly, control is done to establish whether the applicant should be issued with a visa if his or her name is not in the SIS. A number of controls are taken. They include checking travel and identity documents (passport), purpose of visit, financial position of the applicant, etc. Thirdly, the person’s security risk is controlled. This is a type of profiling. The person’s country of origin is important as it determines how one is treated. Countries considered as security risks are those who export many illegal immigrants and asylum seekers and have a high rate of crime. Persons from these countries are first and foremost assessed as a group and stringent control is applied to them. As Guild has noted, When used as reasons for placing visa requirements on all nationals of a country, the Union is in effect stating that nationals of some countries are by definition more likely to be illegal immigrants or criminals than nationals of other countries. This assessment of risk is not connected to the individual behaviour of the person who seeks to travel. The individual’s behaviour vis-à-vis the Member States is the subject of SIS. Here the approach is one of profiling: who is likely to be a risk. This profile is not based on individual characteristics, such as statements of intention or activities, but on nationality, to what state does the individual belong? 11

The control here is two-sided: group and individual control. First, one is placed into a group that must be controlled and then individual control follows. The consequence is that the control is first and foremost group. It is the category of the traveller that determines whether the individual control is to follow or not. If a person passes the control at foreign missions and consulates one then moves to the next line of control in the country of origin. 11.3.2.2 Departure Ports Control in the country of origin also happens at the departure ports, namely airports, seaports and land-crossing points. These are controls and checks before one embarks into the carrier and all persons mentioned above in (11.2) are affected by the controls. They are, however, not affected in the same manner. Travellers who require a visa tend to be controlled more rigorously than those who have no visa requirements. Again the logic is the same, the visa travellers belong to the risk category group. The controls carried out here are firstly, identity and document checks to establish the identity of the 11

Guild, E. (May 2001), p. 34-35.

365

366

Chapter 11

traveller and that he or she has all relevant travel documents such as travel ticket, passport and visa where applicable. For those persons who do not require a visa to travel this is the first line of control. For those who require visas this is the second line of control. Secondly, security checks are performed both on the luggage and the travellers. For travellers, apart from undergoing checks on their person, invincible and clandestine security controls are also carried out against security watch lists. These may be national watch lists, SIS alerts, terrorist watch lists or Interpol notices of wanted criminals. 11.3.3

Control Authorities

In the country of origin, control of travellers is mainly done by visa issuing authorities at the consulates, carrier officials and immigration liaison officers. Visa issuing authorities are only involved where travellers require a visa to enter the Schengen/EU area. The controls they carry are stipulated and governed by the Common consular instructions and they include verification of the visa application, verification of the applicant’s identity, verification of travel documents, verification of other documents (supporting documents regarding the purpose of journey, means of transport and return, means of subsistence and accommodation) and assessment of the applicant’s good faith (immigration risk).12 Carriers, under the carrier sanctions provision, are required to ensure that the passengers they transport have their identity and documentation in order. As such, the carriers’ officials are involved in the control of travellers so as to verify that they are who they say they are and authenticate that the documents are not forged or falsified. Immigration laws of the destination country apply here and the carriers will carry out controls and checks guided by the law of the destination country. Immigration liaison officers are not directly involved in the control of travellers but they assist the carrier staff with the verification and authentication of identity and documents held by the travellers. They liaise with carrier officials and local immigration officials in detecting and determining cases of insufficient and lack of proper documentation by the travellers. Local immigration authorities are involved in security controls on both the travellers and their luggage. The checks and controls are meant to ensure the safety of the carrier and travellers on board as well as to ensure that wanted persons do not leave the country and the necessary action is taken against them. The controls are also meant to detect that any prohibited and dangerous items are not carried by the travellers on themselves or in their luggage. The laws of the host country apply for these controls and checks. 11.3.4

Control and Control Methods

11.3.4.1 Visa Control The Schengen and EU negative visa lists (see 11.5.3 below) imply that the nationals of the countries on the list must have a visa as precondition of entry. The visa requirement, 12 Part V 1. of the Common Consular Instructions.

Border Control Legal Measures and Policies

however, is not restricted to entry only, but it is used also as a precondition to travel out of the country of origin, as the discussion below will illustrate. In this circumstance, foreign nationals of the listed countries must obtain a visa from the Schengen and EU foreign missions in their country of origin.13 The legal framework for processing of visa application is the Common Consular Instructions (CCI).14 According to the CCI, applications for visa are to be lodged with the representative of the Schengen Contracting Party in the country of nationality, in person.15 Application is made by filling in the uniform visa form. The form has been harmonised and a specimen is found in CCI-Annex 16. The Council has also issued an EU Schengen catalogue as guidelines for issuance of visas.16 The guidelines give assistance to both visa officials and applicants. As such, it is a positive step in making issuance of visa transparent and proportional. Guild points out that the Commission relies on three reasons for imposing visa requirements on a country: illegal immigration, crime and international relations. But she argues that other grounds are manifest. An analysis of the countries in the visa requirement list reveals that the majority of the population in these countries is black and Muslim. She concludes that because the lists are not reasoned, race and religion could be the grounds for inclusion. Another reason, she suggests, could be wealth as most of the countries on the visa requirement list can be categorised as poor.17 The potential use of visa requirements is evident in times of crisis when huge influxes of refugees are expected as a result of war and other political instability. In order to forestall such an influx of asylum seekers, Western countries as a routine impose visa requirements for foreign nationals of such countries. Following a dramatic increase in the number of Slovak Roma seeking asylum in Norway, the authorities imposed a visa requirement for Slovak citizens in July 1999. Although it briefly lifted the visa requirement, the Norwegian government re-imposed it in December. Finland and Denmark also imposed visa requirements for Slovak citizens following similar influxes of Slovak Roma.18 Visa requirement is used to check huge influxes of refugees. As regards transparency and proportionality of issuance of visa, the Schengen Catalogue19 has, to a large extent, mitigated transparency and proportionality in the issuance of visas. For example, it recommends and proposes best practices in information on visa to the applicant. It requires that “leaflets providing guidance to applicants 13 Article 12, Schengen Convention. 14 Council Common Consular Instructions on Visas for the Diplomatic and Consular Posts 2202/C 313/01. 15 See chapter II of the Common Consular Instructions. 16 Council of EU Schengen Catalogue: Issuing of Visa Recommendations and Best practices, March 2003. 17 Guild, E. (2001), p. 30-39. 18 US Committee for Refugees: Worldwide Refugee Information: Country Report Norway 1999. http://www.refugees.org/world/countryrpt/europe/denmark.htm Accessed on 10 October 2000. 19 EU Schengen Catalogue: Issuing of Visa Recommendations and Best Practices, Vol. 3 March 2003.

367

368

Chapter 11

are available in sufficient quantity at all relevant contact points in the host country and also published on the mission’s website, if any” and give details of the information to be published. It also requires the harmonised form to be translated into the principal languages of the countries where applications are lodged. The catalogue also recommends that a notification of refusal is issued where a visa application is rejected. The applicant is to be notified either verbally or in writing within a reasonable time, in accordance with the provisions of national law. The notification is to state the reasons for rejection, possibilities of appeal or possibilities of submitting of a second application if an appeal has been lodged against the decision on the first application and the decision on appeal is pending. In the case of refusal motivated by a “SIS alert”, reference is made to the existence of a “SIS alert”. Although the recommendation and best practices are welcome and an improvement on transparency and proportionality, they have some shortcomings. Firstly, the catalogue is not legally binding and as such it may not have adequate impact. The implementation is left to the discretion of issuing officials. It would have been more effective if it were binding or transformed into binding legal rules. Secondly, the Catalogue does not address issues of discrimination. It does not have recommendations and best practices on avoidance of discrimination on nationality, sex, colour or race. This is, however, not unexpected because the omission is consistent with the entire EU border control legislation.20 Thirdly, although the catalogue recommends notification of refusal of visa, it does not have the institutional framework that would allow the affected persons to act on this information. The person would have to complain or appeal through the set administrative and judicial process. Further, the safeguards are individual-oriented. Since control is group-oriented, there is also a need for group-oriented protection. For example, there is need for a visa ombudsman or other bodies so mandated located in the mission or consulate which the persons affected may address their grievances to and which offer group protection. This point will be taken up later. Visa requirements are stringent and may vary from Member State to Member State. For example, the monetary amount required for crossing borders is fixed annually by the national authorities (CCI-Annex 7). Similarly, the number and nature of supporting documents required for verification of visa application are numerous (CCI-V 1) and may differ considerably depending on where the application is lodged. Countries may also impose additional conditions, for example, Denmark requires a visa guarantee sum of DK 50,000 for a tourist visa. Norway is considering imposing similar requirements.21 Further, the assessment of the applicant’s good faith is required and it may depend on the discretion of the assessing official. The effect of these conditions is to make acquisition of visas practically difficult for the applicants. Since the assessment involves an element of discretion, potential for discrimination on the basis of nationality, race, colour and religion is real. Those affected are mainly third country nationals from countries where the requirement of a visa in order to cross EU and Schengen external borders is 20 Cholewinski, R. (2002), p. i. 21 Aftenposten Morning Edition 1 March 2005.

Border Control Legal Measures and Policies

a must. But also seriously affected are refugees and asylum seekers from these countries as the host countries seem to link asylum with visa requirements. 11.3.4.2 Carriers Sanctions Carrier sanctions involve penalties imposed on air, sea or land carriers for bringing along aliens without proper documentation. They aim at preventing ‘unwanted aliens’ from leaving their country of origin by enforcing entry requirements, especially visa and travel documents requirements at the points of departure.22 In order to avoid sanctions being imposed on a carrier, carrier authorities and employees are required to check travellers’ documentation before allowing them on board the carrier. Control of these documents may take place during check-in at the airport and sometimes a second control may be carried out immediately before boarding an aircraft. The notion of carrier sanctions is not new. It has been in practice in many countries outside Europe, especially the traditional countries of immigration such as Australia, Canada and the USA, since the 1950s. The introduction of the concept carrier sanction in legislation in Western European countries began in the second half of 1980s.23 At this time, the number of asylum applications submitted in those countries was growing rapidly. Today, all EU Member States, with the exception of Ireland,24 have incorporated carrier sanctions into their legislation. The clause on carrier sanctions was introduced in Austria in 1991, Belgium 1987, Germany 1987, Denmark 1989, France 1993, Netherlands 1994 and United Kingdom 1987.25 The notion has also become popular with other countries, outside the developed world, in Latin America, Asia and Africa. Even many countries that may not have introduced formal carrier sanctions schemes nevertheless oblige transport companies to meet the costs of detaining or deporting passengers who arrive without proper documentation.26 In Western Europe, carriers’ sanctions have been codified into the Schengen Convention and the Draft Convention on Crossing of External Borders. Both legislations, in Article 26 and Article 14 respectively, require the Contracting Parties or Member States to incorporate into their national legislation measures obliging carriers to take all necessary measures to ensure that persons coming from third countries are in possession of valid travel documents and of the necessary visa, and to impose appropriate penalties on carriers failing to fulfil this obligation. They are required also to implement measures that oblige carriers that brought an alien who is refused entry into the territory of a Contracting Party to assume responsibility for him at once and return him to the Third State from which he was transported, issued the travel document or 22 See Guiraudon, V. (2003), p. 4. 23 UNHCR: The State of the World’s Refugees: A Humanitarian Agenda, 1997, (Box 5.1). 24 A bill, the Immigration Bill 2002 imposed sanctions on commercial operators (planes, ferries, trucks) that transport insufficiently documented passengers to Ireland. Commercial operators will be fined EUR 3000 per insufficiently-documented passenger. 25 Amnesty International: Report - ACT 34/21/97 November 1997. 26 Ibid.

369

370

Chapter 11

any other Third State to which he is guaranteed entry. These measures apply to air, sea or land carriers. As the Schengen Convention and the Draft Convention on Crossing of External Frontiers do not set out any detailed rules, as such, the implementation of carrier sanctions in Schengen and EU Member States national law vary considerably. While some countries impose pecuniary fines for non-compliance with the carriers’ responsibilities, others do not. Norway is among the countries that do not impose fines. The consequences for not complying with the provision of carrier responsibility are spelt out in Section 46 of the Norwegian Immigration Act and Section 144 of the regulations made there under. According to these provisions, if a foreign national is refused entry, “the carrier that brought him in is obliged to take him on board again or otherwise to take the foreign national out of the realm, or to cover any expenses incurred by the public purse in connection with the conducting of the foreign national out of the realm.” The only changes that were deemed necessary in order to bring the Act in concordance with the Schengen Convention are those involving land carriers that were not part of the provision.27 Accordingly, now all carriers, air, sea and land, are within the ambit of the provision on carrier sanctions. Another amendment to the Act that was necessary is that concerning the crossing of internal borders. The carrier sanctions provision does not apply on entry involving the crossing of internal borders.28 This was necessary to bring the Act in line with the general aims of the Schengen Convention of removal of internal border controls. In order to harmonise Member States laws on carrier obligations, the Council issued Directive 2001/51/EC on 28 June 2001.29 It inter alia obliges Member States to penalise carriers for transporting illegal immigrants. Article 4 (1) imposes penalties ranging from a maximum of EUR 5000 and minimum EUR 3000 or equivalent and a maximum lump sum not less than EUR 500 000 or equivalent national currency penalty for each infringement. Article 2 requires carriers to return third country nationals provided for in the provisions of Article 26 (1) (a) of the Schengen Convention. Council Directive 2004/82/EC30 goes further than the 2001 directive and requires carriers to co-operate with Member States’ border control and immigration authorities by transmitting to them information on their passengers in advance of travel. According to Article 1, the Directive aims at improving border controls and combating illegal immigration by the transmission of advance passenger data by carriers to the competent national authorities. The Directive also incorporates data protection rules based on EU Directive on protection of personal data. Imposing penalties on carriers and requiring them to provide information on passengers has serious consequences on the free movement of persons as it makes it extremely 27 Ot prp nr 56 (198-99) p. 40-41; See also Lov om endringer I utlendingsloven og I enkelte lover som følge av Schengensamarbeidet 16 juli 1999 nr 67. (Amendments to the Immigration Act and other laws as a result of the Schengen Convention). 28 Ibid. 29 Council Directive 2001/51/EC of 28 June 2001 supplementing the provisions of Article 26 of the Convention implementing the Schengen Agreement of 14 June 1985. 30 Council Directive 2004/82/EC of 29 April 2004 on the obligation of carriers to communicate passenger data.

Border Control Legal Measures and Policies

difficult for refugees and persons in need of protection to arrive directly from their state of origin into the EU and Schengen countries to seek asylum. Further, there are no adequate safeguards for passengers who may be adversely affected by these Directives. The Directives lack remedies for aggrieved passengers, especially if one were refused to board the carrier. There are no remedies for individuals affected either against the State or against the carrier. Even the remedy offered by the EC Regulation adopted by the Council on 26 January 2004 that obliges carriers to compensate passengers in the event of their being denied boarding, except where there are reasonable grounds for doing so, is not sufficient. It remains to be seen whether a wrong decision of an immigration authority is deemed to be such an exception and the extent which passengers will have a claim against carriers under the Regulation for being denied boarding as a result of either insufficient documentation or the transmission of data under the two Directives.31 The safeguards in Directive 2004/82/EC, although largely compatible with the data protection principles in domestic and international legislation, do not pass transparency and proportionality tests presented in this study. For example, it may fail on transparency and proportionality tests concerning purpose of data as the data collected may be excessive in relation to the purpose for which they are processed. Again if one is aggrieved, it may not be possible to get reasons and if one were to get the reasons, they may not be available immediately so as to seek for a remedy. There lacks general guidance for passengers in the event of violation of one’s rights. The Directives also do not have a clause on non-discrimination which prohibits discrimination on basis of sex, race, nationality, colour or religion. Finally, there is a danger of shifting immigration control functions and responsibility from the State to carriers. Carriers may be reduced to informers and border control functionaries. Although State authorities argue that carriers would not be expected to make decisions to grant or refuse entry as the power remains with immigration control authorities, carriers would have to submit data and subsequently enforce the immigration authorities’ decision by denying boarding to passengers identified as inadmissible.32 This way, carriers may be subjected to liability in case of wrongful identification and inadmissibility. 11.3.4.3 Immigration Liaison Officers The posting of Immigration Liaison Officers (ILOs) or airline liaison officers by Schengen and EU Member States abroad is now a common phenomenon. The practice has gained prevalence because it is “easier and more effective to deal at source with abuse of immigration laws and stem migratory pressures.”33 The role of immigration liaison officers is to assist and liaise with airline officers and foreign immigration officers in detecting 31

House of Lords European Union Committee: Fighting illegal immigration: should carriers carry the burden? 5th Report of Session 2003-04, HL Paper 29 pp. 11-13. 32 Ibid. 33 UK Ministry for Home Affairs: Fairer, Faster and Firmer: A Modern Approach to Immigration and Asylum. Cm 4018. http://www.official-document.co.uk/document/cm40/4018/4018. htm, accessed on 13 December 1999.

371

372

Chapter 11

and determining cases of insufficient and/or lack of proper documentation by foreign nationals. This may involve offering training and even working along side airline officers and host foreign immigration officers.34 Their role also involves collecting information on immigration trends for early warning purposes. The legal basis for sending immigration liaison officers abroad is mainly bilateral agreements based on national law. The legal basis could also be implied from international legislation such as the Schengen Convention and the Treaty establishing European Communities - TEC as amended by the Treaty of Amsterdam. Article 7 of the Schengen Convention requires Contracting Parties to co-operate and exchange information in matters concerning checks and surveillance. Such co-operation may also take the form of the exchange of liaison officers. This provision can be interpreted as permitting the exchange of immigration liaison officers among Schengen Contracting Parties. Further the exchange of immigration liaison officers could be implied from Article 47 regarding police co-operation and exchange of police liaison officers. Article 63 (3) (b) of the TEC, which allows the Council to adopt measures on illegal immigration, may imply that the EU could enter bilateral agreements on sending immigration liaison officers with Third states. The EU 1996 Joint Position on “Pre-frontier assistance and training assignments” is based on Article K.1 (3) (c) of the Treaty of European Union, similar to Article 63 (3) (b) of the Treaty of Amsterdam. Selection of countries to which immigration liaison officers are sent is done on the basis of the number of inadequately documented passengers originating from or passing through them.35 Countries of origin likely to produce refugees and airports in transit countries where these refugees may pass through are therefore target areas of sending immigration liaison officers. Norway has immigration liaison officers in countries such as Pakistani and Sri Lanka, and Kenya as transit airport for refugees from Somalia. The aim of Council Regulation (EC) No 377/200436 is to formalise the existence and functioning of a network of Immigration Liaison Officers (ILOs). The Regulation is binding to all Member States. The Regulation sets out the functions and responsibilities of ILOs, the establishment of local or regional co-operation networks and the way they should operate, the potential for shared tasks and representation and the way in which the Community is to be informed of ILO activities. According to the Regulation, the purpose of ILOs is to establish and maintain contacts with the authorities of the host country with a view to contributing to the prevention and combating of illegal immigration, the return of illegal immigrants and the management of legal migration. The ILOs are posted to the national consular authorities of Member States in third countries or the relevant authorities of other Member States, to the competent authorities of third countries, as well as to international organisations for a reasonable time.

34 See EU 1996 Joint Position on “pre-frontier assistance and training assignments and EU Council 26 January 1998 Action Plan on the “Influx of Migrants from Iraq and the Neighbouring Region”. 35 Cm 4018 supra. 36 Council Regulation (EC) No 377/2004 of 19 February 2004 on the creation of an immigration liaison officers network.

Border Control Legal Measures and Policies

According to the model of transparency and proportionality, ILOs play an important part in providing guidance to consular officials, carrier officials and local government officials on the control of immigration. There is, however, no guidance and safeguards envisaged for travellers. For example, if proportionality is to be maintained, there may be need for Protection Liaison Officers to offer guidance to aggrieved travellers. There is also reason for concern especially as regards refugees and asylum seekers. It is doubtful and difficult for these officers to determine ad hoc if a person seeking to reach the EU and Schengen territories has a legitimate claim and should thus be granted the right to proceed in to the territory of a Member State. It is also to be envisaged that a potential co-operation of these officers with local authorities of countries of origin poses a serious concern in those countries of origin, where human rights do not enjoy the same level of protection as in the European Union and Schengen areas. There is also need to include in the training of these officers a thorough human rights and refugee/humanitarian curriculum which includes non-discrimination training, with special reference to racial, national and colour profiling. The Regulation is silent on these issues. Refugees and asylum seekers will be adversely affected by the operation of ILOs if the above concerns are not addressed. 11.3.5

Information Systems

Currently the information system widely used in foreign countries to control visa applications is the SIS. The SIS plays an important role in exporting the issuance of visas to countries of origin. It enables Contracting Parties to co-operate in the issuance of visa in the country of origin as a Contracting Party now can easily consult the SIS to determine whether any of the Contracting Parties has entered an applicant as ‘undesirable’ alien to be refused entry. Before the implementation of SIS co-operation in visa issuance was hampered by lack of direct channels of consultation. Search in the SIS helps the visa issuing authorities to verify whether the applicant is registered in the system for the purposes of refusing entry or verification as to whether he or she poses any other threat (to security) which constitute grounds for refusal to issue the visa.37 The consequence of registration in the SIS is the denial of visa, especially for Article 96 alerts. Similarly when Visa Information System (VIS) will be implemented and become operational, it will further improve the co-operation in issuance of visa in foreign countries. VIS is a multipurpose system and the data registered in the system will be used by the visa-issuing authorities for the purposes of examining visa applications. Lack of transparency and proportionality and poor compliance with Article 8 of EHCR discussed in Chapter 8 is the main weakness of these systems and will affect the rights of those subject to control.

37 Part V 1.2. of the Common Consular Instructions.

373

374

Chapter 11

11.3.6

Individual Protection

Within country of origin, two places of control, namely the consular offices and international airports can be identified. These places act as filters and sorting sites for unwanted foreign nationals who should be stopped from leaving the country. Mostly affected by these policies are refugees and asylum seekers who may be fleeing from persecution in their country of origin and who, under the circumstances may not get necessary and proper travel documents. The legislation examined has no exceptions for this category of travellers and they are grouped together with illegal immigrants. There is also no guidance or assistance to controllers as to how to treat this category of travellers. As the controls lack proportionality, this affects everyone without travel documents without taking into special consideration the needs of asylum seekers and refugee. “It seems far easier to reach agreement in the Council on common control mechanisms than on common migration and asylum policies. Thus the careful and necessary proportionality in the comprehensive approach is lost.”38 There is also lack of proportionality when persons who are not trained for immigration and document control are allowed to carry out such control work. This is so with carrier control officers who are not trained in immigration control and are expected to execute decisions denying persons identified as inadmissible from boarding carriers. In some cases, identification controls may be based on suspicion and can result in discrimination, especially when certain group of travellers are targeted because of their nationality, race, colour or religion. Again there lacks clear guidance and training on how controllers can avoid control based on prejudice. It is not enough to state in the law that controllers should observe human rights regulation. There is need to have a clear non-discrimination provision in the law which prohibits control based on race, nationality, colour and religion. Since the fight against terrorism is more and more based on racial profiling, it is difficult without clear non-discrimination prohibition to avoid discrimination. Further control at this stage is both group and individual. On the other hand, protection measures are not group-oriented but based on individual circumstances. As a result, one is not protected as a group but as an individual. Consequently the safeguards cannot be said to be adequate.

38 Comments on the Communication from the Commission to the Council and the European Parliament on A Common Policy on Illegal Immigration, COM (2001) 671 final of 22 November 2001 and on the Proposal for a comprehensive plan to combat illegal immigration and trafficking of human beings in the European Union as adopted on 28 February 2001 Presented by the Presidency to the Council of European Union (Document ST 6621/1/02 REV 1).

Border Control Legal Measures and Policies

11.4

Controls at the External Border

11.4.1

Introduction

Arrival at the EU/Schengen external border does not guarantee admission into the territory, especially for travellers under categories 4, 5, 6 and 7. At the external border, travellers meet with a new set of controls and checks, the subject matter of this section. With the fall of internal border controls, the assumption was that these controls were to move to the external borders of the Schengen area thereby affording Contracting Parties a protection similar to that which was provided by former national frontier controls.39 The transfer of internal border controls to the external borders was seen as a necessary compensatory measure because States were unlikely to waive their power of control without being provided with an equivalent protection with regard to both persons arriving at the external frontiers and those admitted in one of the countries concerned.40 This is exactly what happened at the beginning of implementation of the Schengen Convention in 1995. France retained controls at its national frontiers with the Netherlands, Luxembourg and Belgium because it was not satisfied that the Dutch authorities would adequately control their section of the external border as concerns trafficking of drugs. Great Britain has continuously rejected the idea of removal of internal border controls because it doubts whether the external borders of the Schengen area are policed effectively and to the same standards as the controls it exercises.41 The strengthening of external frontiers has in recent years been seen not only as necessary to compensate for the removal of internal frontier controls, but also as an increasingly high political priority in its own right in the fight against illegal immigration and cross-border crime, including people-smuggling.42 11.4.2

Control Points and the Controlled

Article 1 of the Schengen Convention defines an external border as the Contracting Parties’ land and sea borders and their airports and sea ports, provided they are not internal borders. This definition, as Donner observes, is a novelty because “by excluding flights and ferry-services between two or more Schengen countries from border controls at the ports of destination, the Schengen Convention differs from both the Benelux and Nordic Union schemes.”43 Under Article 4 (1) of the Schengen Convention external controls are to be carried out at the first point of entry to the Schengen area, any subsequent travel to other member countries is considered internal and therefore exempted from control at the ports 39 40 41 42

Donner, J. P. H. (1993), p. 6. Ibid. p. 7. House of Lords – European Communities – Seventh report Session 1998-99. House of Lords – European Communities – 29th Report Session 2002-03: Proposal for a European Border Guard, HL Paper 133. 43 Donner, J. P. H. (1993), p. 13.

375

376

Chapter 11

of destination. These controls affect all travellers in the above categories, but as demonstrated below, those who are not EU/Schengen citizens meet with more and thorough controls and checks than EU/Schengen citizens. In addition, those from visa requirement countries are subjected still to more controls than the rest of the travellers. As such, the external border control of travellers can be said to discriminate to these categories of travellers. External borders are crossed only at marked border-crossings during fixed opening hours.44 Opening hours are indicated at border posts by a notice.45 Crossing the border at any other points (what is called blue and green borders) other than marked points and during fixed opening hours is regarded illegal and may be punished accordingly.46 This provision is intended to reduce instances of illegal immigration through the blue and green borders. In order to enforce these provisions, Contracting Parties are required to keep their external borders under surveillance (see below in 11.2.4).47 11.4.3

Control Authorities

According to Article 6 of the Schengen Convention, the national authorities of the Contracting Parties carry out external controls within the limits of their national legislation. Consequently, each Member State entrusts checks and surveillance at the external borders to the authorities of its choice, in accordance with its own national structures.48 According to the Common Manual, checks at external borders are to be carried out by officers of the border police forces or the services of the Contracting Parties responsible in accordance with national law for border police duties.49 The services with border control powers and duties differ among Contracting Parties and as such the Common Manual has issued a list of these services for each of the Contracting Parties.50 For example for Norway it is stated that, in principle, checks at the external borders are carried out by the police. They may, in certain cases and at the request of the head of the local police force, be carried out by Customs or the armed forces (specially, the Coast Guard or the Varanger-South garrison). In such cases, these bodies have limited police powers.51

44 45 46 47 48

Article 3(1) Schengen Convention; See also Article 1 of the common Manual. Article 1.2. of the Common Manual. Article 3(2) Schengen Convention. Article 6(4), Schengen Convention. Communication from the Commission to the Council and the European Parliament towards integrated management of the external borders of the Member States of the European Union, p. 8. 49 See Part II 1.1.1. of the Common Manual. 50 Ibid. 51 See also Karanja, S. K. (2001a), Chapters 4-7.

Border Control Legal Measures and Policies

Due to the differences in composition of Member States’ border authorities, the Commission had proposed the creation of the European Border Guard, but the plans have been shelved because of objection from mainly Great Britain as well as other Member States. Instead a European Agency for the Management of Operation Co-operation at the External Borders of the Member States of European Union was created with the task of providing the Community and the Member States with adequate information to allow for appropriate measures to be taken or to tackle identified threats and risks with a view to improving the integrated management of external borders.52 11.4.4

Controls and Methods of Control

11.4.4.1 General The State that carries the external controls does so, on behalf of the other Contracting Parties. It is, therefore, necessary that these controls be based on uniform principles throughout the external borders in the region. The aim here is to avoid divergence in the manner the controls are executed. In order to ensure uniformity, the then Schengen Executive Committee enacted a number of decisions to enhance the provisions of the Schengen Convention on external controls.53 Among others, the Committee issued the secret Common Handbook for border control authorities in different Schengen countries.54 The Schengen Convention introduces uniform principles for external border controls. Entry and exit controls at the external borders are carried out according to uniform principles provided by Article 6(1), however, each Contracting Party applies its own legislation. The uniform principles are defined in Article 6 (2) (a-e) and include, – general control of identity, – other entry and exit conditions such as visa, working and residence permits and, – security control Article 6(2) (a). These controls also cover vehicles and objects in the possession of persons concerned and each Contracting Party should carry them out in accordance with its legislation, in particular as regards search. It is understandable that search should be singled out here because different procedures and methods may apply in different countries. The uniform principles of external control can be divided into four categories that follow below.

52 Council Regulation (EC) No 2007/2004 of 26 October 2004 establishing a European Agency for the Management of Operational Co-operation at the External Borders of the Member States of the European Union. 53 Articles 3 - 8 and 20, Schengen Convention. 54 Schengen/Com-ex (93) 22 re, 14 December 1993.

377

378

Chapter 11

11.4.4.2 Identity Controls Article 6(b- e) of the Schengen Convention introduces both entry and exit checks for all passengers both the EU citizens and third country nationals coming from or leaving for a third country. These checks are thorough, especially during entry where all persons must be subject to at least one check, making it possible to establish their identities on the basis of their presentation of travel documents, Article 6(b). For aliens, there are to be further stiffer controls as set out in 6(a), discussed below in 11.4.4 As observed in the previous chapter, the objective of identity controls is to establish that the person is who one claims to be. Identity control therefore involves checking the validity of travel documents and whether they have been forged or falsified.55 Further, the controllers carry out informal controls, especially when it involves a foreigner carrying national passport of one of the Schengen parties, where the controllers understand the language of that Contracting Party, they ask the bearer a question or just greetings in that language. The point is to check whether the bearer understands the language or not. If the latter is the case, then the likelihood is that the document has been forged and further and thorough control will follow.56 Exit checks are carried on all persons crossing external borders and leaving for a third country. The controls, however, are focused on aliens on whom thorough checks are carried out. According to Article 6 (2) (d), such checks are made in all cases in respect of aliens. In Norway, exit controls were not practised before the Schengen, but now the Immigration Act has been amended in Article 23 to accommodate them as required by the Schengen Convention.57 The checks at least include control of identity by checking travel documents.58 The checks are carried out as required in the interest of all Contracting Parties under the law on aliens in order to detect and prevent threats to national security and public policy of the Contracting Parties. In order to avoid long queues building during checks, Contracting Parties may as a priority carry out entry controls instead of exit controls. Perhaps this is an indication that the Contracting Parties perceive the threat to national security as coming from without and not within the Schengen area. Under Article 23 of the Norwegian Immigration Act, any person entering the realm is obliged to report for identity control to the nearest police authorities. The Act has been amended to include an exemption on internal border control. Persons crossing Schengen internal borders will not undergo border control in Norway. Another amendment is to include exit controls on persons travelling from Norway to a third country. Exit controls were not part of external controls in Norway. The King has been empowered to issue regulations under the Act on entry and exit controls and he can give police 55 St prp nr 42 p. 22. 56 Knowledge of this is based on personal experience of the writer.: See also Karanja, S. K. (2001b). 57 See Lov om endringer i utlendingsloven og i enkelte andre lover som følge av Schengensamarbeidet 16 July 1999 nr. 67. (Amendments to the Immigration Act and othe laws as a result of the Schengen Convention). 58 St prp nr 42 p. 22.

Border Control Legal Measures and Policies

authority to execute more vigorous identity and document controls and also require carriers, air-crafts or ships, to control whether foreign nationals have valid travel documents before entry into the realm. Control checks are being enhanced with the inclusion of biometric data in travel documents and the operation of Visa Information System. 11.4.4.3 Security Controls The main idea behind the Schengen external border controls is that one country carries out the checks on its own behalf and on behalf of the other Contracting Parties. In such a case, the country carrying out the checks must take into account the interests of all Contracting Parties. This provision refers mainly to the security interests of the other member countries. It means that the country carrying out checks must not permit entry to a person who is a security risk to another Contracting Party even though the person may not pose any risk to the checking country. This happens if a person’s name has been entered into the SIS by any of the Contracting Parties as an undesirable person who should be refused entry into the Schengen area according to Article 96 of the Schengen Convention.59 After 11 September, external controls have been enhanced in the Schengen area and a person whose name is in the terrorist watch list is to be arrested if he attempts to cross the external border. Persons are also checked against Interpol notices and national security watch lists. The provision on refusal of entry also applies to aliens on transit. These are persons who hold a residence permit or a return visa issued by one of the Contracting Parties or both residence permit and return visa, if required. Such persons are to be allowed entry in transit, unless their name is on the national list of persons reported as to be refused entry held by the Contracting Party at the external borders of which they arrive.60 11.4.4.4 Visa and Permit Controls Visas and permits are among the most effective internal and external control measures that countries use in order to regulate the entry and residence of foreign nationals into their territories. Here the concern, however, is the use of visas and permits as external control measures. According to the Schengen Convention Article 6 (2) (c), external controls for foreign nationals are vigorous and involve more than the general identity controls applying to all persons crossing the external borders from or to a third country. In addition to identity controls, foreign nationals must undergo checks stipulated in Article 6 (2) (a) which includes verification of travel documents and other conditions of entry, residence, work, exit and security checks. These requirements for thorough checks of foreign nationals have to be read together with Article 5 (1) (a-e) and 5 (3) which set out the conditions necessary for entry.

59 See Stephanie Mills case 8.3.2.2 above. 60 Article 5(3), Schengen Convention.

379

380

Chapter 11

Foreign nationals entering the Schengen area for a period not exceeding three months must fulfil the entry conditions set out in 5 (1) (a-e). Among these conditions is the requirement to be in possession of a valid visa if so needed, Article 5 (b). Residence permits are also used as a technique for control. They are, however, oriented more to the internal control than external control. One instance of external control where a resident permit may be used for control is under Article 5(3) for aliens in transit. A foreign national with a valid resident permit may be allowed entry unless his/her name is entered into the SIS for reasons of entry refusal. A foreign national with a resident permit issued by one of the Contracting Parties and in transit may, however, be refused entry because of the validity of his or her travel documents as the Belgian cases discussed below in 11.4.6 indicates. The registration of visas in the VIS will enhance visa control at the external border. According to the proposed VIS Regulation, one of the objectives of the system is to facilitate checks at external border checkpoints and within the territory of the Member States. The data in the VIS can be consulted where and when that information is useful, for instance external border controls.61 11.4.4.5 Surveillance of External Borders So far only external controls on the manned and authorized crossing points of the external borders of the Schengen territories have been discussed. External controls at the external borders also involve the surveillance of the entire external border of the Schengen territories. Some of the Schengen external borders are extensive and it is impossible to man them all in order to prevent illegal entry. For example, the Norwegian external border is a vast coastline spanning over 4000 kilometres. Similarly, the total length of the Finnish external border is about 4000 kilometres,62 and the Greek external border is a vast coastline with a multitude of islands and rocks of all sizes forming the Greek territory.63 Under Article 6(3), the Schengen Convention requires Schengen States to keep surveillance on their Schengen external borders between crossing points and border crossing points outside normal opening hours. The objective of the surveillance is to dissuade people from circumventing the checks at crossing points. Many people, however, die trying to circumvent these crossing points in order to enter Europe.64 The Council is required where appropriate to issue surveillance procedures. In order to comply with this provision, countries seeking to join and implement the Schengen Agreement are given a checklist of criteria to be complied with. One of the concerns is the question on checks at the external borders and surveillance of external frontiers, a country has not only to answer the question positively but must also demonstrate the capability to 61 62 63 64

See also 9.6.2 above. Veijalainen, R. (1998), p. 101. Nikolopoulos, G. P. (1998), p. 105. UNITED for Intercultural Action European network against nationalism, racism, fascism and in support of migrants and refugees has documented more than 2046 between 19932001; http://www.united.non-profit.nl/pages/List.htm#1993 Accessed 20 May 2001.

Border Control Legal Measures and Policies

do so. For example, although Italy and Austria had joined the Schengen co-operation as early as 1991 and 1995 respectively, they were not able to implement the Convention before 1997. Germany and the other Contracting Parties demanded that the two must effectively control their external borders before they commenced implementation of the Convention.65 In order to effectively conduct checks and maintain surveillance along external borders, the Contracting Parties are required to deploy appropriate officers to do so. In Norway, police officers maintain surveillance on external borders along the Russian land border. As concerns the Norwegian coastline, the Coast Guard (Kystvakten) has the responsibility of maintaining surveillance. In Finland, Veijalainen describes surveillance of the external border thus, The full length of the border between Finland and Russia is effectively secured on both sides. The borders are controlled and guarded on the Finnish side using mobile units, technical control equipment and aircraft, while the most important areas are controlled in such a way that allows immediate response on a case by case basis. Other areas guarded in a manner relevant to the prevailing border situation.66 The Finnish Frontier Guard has stationary as well as mobile and transportable control equipment at its disposal which has been purchased from several countries. Most of the stationary control equipment is placed in close vicinity to border crossing points. A network of target areas, which are electronically controlled, is under construction on the most sensitive stretches of the land border. Along the sea border the Finnish Frontier Guard already has equipment based on a modern radar and camera surveillance system in operation.67

In Greece, Nikolopoulos observes that, (…) a program to upgrade and modernize border security has already been initiated. Recently, the Ministry of Public Order instituted a special police force called “Police Service of Border Surveillance” (Law No. 2622/98). The exclusive mission of this force is the prevention of the illegal entry by foreigners into the country and also the arrest of anyone who aids it.68

11.4.5

Information Systems

Schengen external border crossing points are equipped with SIS terminals for the purposes of checking whether the persons concerned are registered in the SIS. Mobile terminals are provided for use in trains where passengers do not disembark the train for purposes of the checks.69 Consultation of the SIS is meant to verify whether the persons 65 66 67 68 69

See 2.2 above. Veijalainen, R. (1998), p. 102. Ibid. Nikolopoulos, P. G. (1998), p. 108. Karanja, S. K. (2001b).

381

382

Chapter 11

concerned have alerts registered against them. If consultation of the SIS reveals that an alert has been made as defined in Articles 95 to 100 of the Schengen Convention, the action requested, which appears on the screen, must be performed.70 The SIS plays an important role in the external border security controls and is often consulted especially where the person involved is a foreign national from a third country.71 National data systems are also consulted for the purposes of external border control.72 The purpose is to verify whether the person concerned is registered in the national system and what action is to be taken as a result of a positive hit. Eurodac is also consulted for the purposes of external border control when a foreign national is apprehended irregularly crossing an external border. According to Article 8 of the Eurodac Regulation, each Member States is required to take the fingerprints of every alien of at least 14 years of age who is apprehended in connection with the irregular crossing of external borders and who is not turned back. The purpose for registration is to verify whether the person has previously lodged an application for asylum in another Member State. If the person is found to have lodged an application in another Member State, he or she may be returned to that country. The main policy aim of the Eurodac system is to detect and prevent multiple asylum applications. In the future, the VIS will also form part of the information systems to be consulted at the external border. The system will be consulted for the purposes of verification of the identity and the authenticity of the visa of the travellers who must possess a visa and for consultation between central national authorities in accordance with Article 17 (2) of the Schengen Convention. With the issue of biometrics on visas, the effectiveness of the VIS as an identification verification and visa authentication tool will be enhanced. The Customs Information System (CIS) is also consulted in case of customs control. 11.4.6

Individual Protection

Again control at the external borders like that at the country of origin is based on categorisation of persons into groups. Although control affects all persons passing through the external borders, aliens especially aliens who must have visas for entry purposes are rigorously controlled. As demonstrated here, even though control is individual-oriented, it is based on group assessment. Persons belonging to certain groups or categories are controlled more than the others. Protection is individual-based but there is no provision for group-based protection. In this section, a number of individual safeguards available to travellers are examined. Article 5(2) of the Schengen Convention allows the State carrying out external controls to derogate from the main principles for refusal of entry to foreign nationals who do not fulfil all the conditions set in Article 5(2). That includes where a person may be refused entry for reasons of national security or having been reported in the SIS. Where this derogation is exercised, such a person could be allowed to enter if the country carrying controls finds it necessary to permit entry for humanitarian reasons or in the 70 Part II 1.3.2.4. of the Common Manual. 71 Karanja, S. K. (2001b). 72 Part II 1.2.1. of the Common Manual.

Border Control Legal Measures and Policies

national interest or because of international obligation. In such a case, permission to enter is restricted to the territory of the granting country only and the person may not enter other Schengen countries. The granting country is required to inform the other Contracting Parties accordingly. But as indicated in Chapter 8, it seems that the powers to derogate are discretionary and rarely exercised by the Schengen States. Controls at the external borders may lead to a person, especially an alien being refused entry into the Schengen/EU area, In this circumstance, the person must be informed of the decision and furnished with “Refusal of Entry at the Border” form filled by the refusing officer stating the reasons for refusal, for example that the person has no valid travel documents or is a person for whom an alert has been issued for the purposes of refusing entry in the SIS or in the national register. Although issuing of such a form is positive, it is not adequate safeguard for the persons concerned. The purpose of the form is to enable the aggrieved person to know the reason for refusal and where necessary appeal against the decision if he or she so decides. The person, however, must initiate the processes personally and there is no guidance on how to go about it in the form. Most of the persons refused entry may not know what course of action is open to them and even if they knew, it is expensive and tedious. Furthermore, the reasons for entry into the SIS are not disclosed in the form and one has to seek further reasons if the reason was an entry in the SIS or national register. As indicated in Chapter 8, this is not easy as there are many obstacles for seeking access to information registered in the SIS. The application of Article 4(1) “crossing of external borders” has come under challenge in some cases in Belgium. In one such case examined by the Conseil d’Etat,73 the applicant, a woman from Zaire with temporary legal residence in France, was coming from Kinshasa and stopped at Brussels airport to take her connecting flight to Paris. The immigration authorities considered that her passport was forged. She was arrested and her repatriation to Zaire was ordered. She appealed against the decision to repatriate and argued that Belgian authorities had no jurisdiction to arrest and repatriation her back to Zaire because she did not intend to enter the Belgian territory. The Conseil d’Etat ruled that since the applicant was only transiting in the airport and had no intention to enter Belgium, the legal basis of the authorities’ decision was incorrect. But the legal reasoning in the later ruling is flawed according to Hurwitz. She argues that Article 4 of the Schengen Convention clearly stipulates that Contracting Parties shall check all persons arriving in the first ‘Schengen’ airport from a third State. Perhaps, what could have been questioned is the decision to repatriate and not to check and arrest. The Schengen Convention does not stipulate what action the authorities are to take in such an instance and hence recourse has to be made to the national law. According to Hurwitz,74 however, the Belgian Aliens Act is confusing because it refers to the pre-Schengen era and provides that an alien may be returned if he or she is stopped in the transit area and does not hold valid travel documents, or if he or she intends to enter the Belgian territory without valid documents.75 No direct reference is made to the post-Schengen 73 Arrêt No. 67.861 of 30 august 1997 and No. 67.988 of 4 September 1997, n.p.; See also as quoted in Hurwitz, A. (2000), pp. 46-47. 74 Hurwitz, A. ibid. 75 Article 3(1-2), Belgian Aliens Act.

383

384

Chapter 11

era with regard to the controls which Belgian authorities carried out on persons coming from a third State on behalf of other Contracting Parties. In a later decision, based on similar facts, the Conseil d’Etat has tried to reconcile the confusion between the Belgian Aliens Act and the Schengen Convention. The claimant was, as in the preceding case, residing in France, and the French authorities did not seem to have noticed any forged elements in the passport. The Conseil d’Etat decided that the Belgian authorities should have consulted with the French authorities regarding this matter before taking any steps to return the applicant.76 11.5

Control Inside Schengen Area

11.5.1

Introduction

Even after one has been admitted into the EU/Schengen area, controls do not cease. The discussion in this section now turns to controls carried out inside the Schengen/EU area. The objective of these controls is to combat illegal immigration and crime. This is emphatically stated in the EU Schengen Catalogue on external border control, removal and readmission.77 Measures to prevent illegal immigration and cross-border crime should be pursued inside the territory of the Schengen States by enhanced search, checks and surveillance measures based on national information and in accordance with national law, where possible on the basis of police co-operation agreements pursuant to Article 39(4) and (5) of the Schengen Convention.

11.5.2

Control Points and the Controlled

In general, the controls, especially the controls which are purely aimed at combating crime, affect all persons in the above categories. But as regards fighting illegal immigration, foreign nationals and especially those from countries outside Europe and North America will be targeted most. The removal of internal border controls has meant not only that border controls were transferred to the external border, but that some controls have been dislocated internally within the Schengen area. The implication being that control places have also been spread internally. The control places may not be permanent or fixed. They are due to, for example, temporary reinstatement of internal border controls (11.5.4.1). They also take the form of mobile patrols and mobile frontiers (11.5.4.3) and hot pursuit and discreet observance across internal borders (11.5.4.4). Controls also take place at local control authorities’ premises such as police stations or immigration offices because foreign na76 Arrêt No. 79785 of 8 April 1999 n.p.; also quoted in Hurwitz, A. supra. 77 EU Schengen Catalogue on external border control, removal and readmission, p. 15.

Border Control Legal Measures and Policies

tionals have obligation to report their presence to local authorities (11.5.4.5). As such, control places inside the Schengen area are spread all over the territory. 11.5.3

Control Authorities

Many authorities are involved in controls inside the Schengen area. The law applicable here is mainly the Contracting Parties’ national law. The police play an extensive role as they are involved in many controls which are related to identity check, crime prevention and violation of public order and security. For example, the police have powers to stop and search persons suspected of wrongdoing. The immigration authorities are also involved in controls related to residence and asylum inside the Schengen area. Private sector authorities play a part in controls too. They are mostly involved in identity control. For example, owners of lodging and boarding premises, banks, schools, and so on require customers or students (especially foreign nationals) to identify themselves by identification documents. The private sector authorities involved in employment of foreign national also require them to establish that they have the necessary permits such as work and resident permits. 11.5.4

Controls and Methods of Control

11.5.4.1 Reinstatement of Internal Border Controls The removal of internal border controls is intended to be complete but the following exceptions have been allowed. One such exception is Article 2(2) of Schengen Convention. Under this Article, a Contracting Party can reintroduce border controls if reasons of public order and national security so dictate. A number of restrictions have, however, been inserted meaning that the measure has to be used sparingly. In other words, it should not be used as a means of reintroducing border controls. Furthermore, the exception can only be used if public policy or national security requires immediate action. Where such action is taken, the Contracting Party concerned must inform the other Contracting Parties as soon as possible. In addition, the measure must be for a limited period not more than 30 days but can be renewed for a period of 30 days.78 In practice, the reinstatement of controls has been temporary measure lasting between one day and three weeks.79 Where the measure does not require immediate action, the other Contracting Parties must be consulted beforehand. The provision has been invoked many times since the entry of the Schengen into force on 26 March 1995.80 France invoked the safeguard clause in April 1995 on reasons of internal security in order to allow temporary continuation of passport controls 78 See, Proposal for a Council Regulation establishing a Community Code on the rules governing the movement of persons across borders, COM(2004) XXX p. 31. 79 Groenendijk, K. (2004), pp. 150-170, p. 162. 80 Groenendijk identifies 33 instances when the reinstatement of borders occurred between 2000-2003. He also identifies the reasons which have given rise to the reinstatement of controls during this period, Ibid. p. 159.

385

386

Chapter 11

on its borders with Belgium and Luxembourg. The move was felt necessary because France had never felt comfortable with the Dutch liberal drug policy. In January 2000, Belgium also reintroduced internal controls for an indefinite period. The restrictions were aimed at “deterring gangs of human traffickers” at a time when Belgium was granting citizenship to some illegal immigrants. Although such measures may be justified at times, the danger exists that they can be used to restrict the movement of refugees and asylum seekers. It happens especially when masses of refugees and asylum seekers head for Europe from the neighbouring countries. Schengen States use this clause to restrict the movement of these people. It has also been invoked several times by Contracting Parties to restrict movement of protestors during EU summits or other international meetings.81 Groenendijk, who has done a detailed study of the reinstatement of controls, notes that in most cases the temporary controls are aimed not at reducing illegal immigration or preventing crime, but at the protection of meetings of political leaders. The individual checked or stopped at the borders are predominantly Union citizens, not third country nationals.82 11.5.4.2 Control on Foreign Nationals Another exception to the notion of free movement but which does not imply reintroduction of internal border controls is stipulated under Article 2(3). The abolition of checks on persons at internal borders shall not affect the provisions laid down in Article 22, or the exercise of police powers throughout a Contracting Party’s territory by the competent authorities under that Party’s law, or the requirement to hold, carry and produce permits and documents provided for in that Party’s law.

The import of this exception is that the removal of internal border controls does not mean the discontinuation of internal controls and checks carried inside Schengen countries and away from the internal frontier. Under this exception foreign nationals, according to Article 22, would still be required to report to national authorities of any Schengen country they enter notwithstanding the fact that they have a Schengen visa.83 Even foreign nationals residing within the territory of the Contracting Parties who 81 Council Decision 15376/02 on application by Sweden of Article 2.2 of the Convention implementing the Schengen Agreement: On the occasion of the European Council meeting in Copenhagen on 12-13 December 2002; Council Decision 14766/02 on application by Denmark of Article 2.2 of the Convention implementing the Schengen Agreement: On the occasion of the European Council meeting in Copenhagen on 12-13 December 2002; Council Decision 13470/02 on application by Italy of Article 2.2 of the Convention implementing the Schengen Agreement: On occasion of the meeting of European Social Forum on 6 November 2002. Council Decision 10057/02 on application by Norway of Article 2.2 of the Convention implementing the Schengen Agreement: On occasion of the World Bank Annual Bank Conference on Development Economics (ABCDE-Conference) in Oslo on June 24-25 2002; etc. 82 Groenendijk, K. (2004), p. 150. 83 Article 22(1) of the Schengen Convention.

Border Control Legal Measures and Policies

enter another Schengen country will be required to report to national authorities.84 A Contracting Party, however, may enact exceptions to the requirement for foreign nationals to declare themselves and communicate it to the Council. The exception under Article 2(3) also means that persons crossing internal borders will still be subject to the exercise of police powers by competent authorities in every Schengen country they enter. They may also be subject under national law to the obligation to hold, carry and produce permits and documents provided for in its legislation. As such, this exception opens for general control and checks of persons inside a Schengen country and in the entire Schengen area. It implies that one can be stopped and be required to identify oneself and even be subject to compulsory identity controls. In essence, the free movement in the Schengen area is subject to provisions of national law of the Contracting Parties. This observation was confirmed by the Conclusions of the special Justice and Home Affairs Council on 20 September 2001 which recommended that, Member States step up external border controls, increasing police ID checks, monitoring the movement of legally resident “aliens” between member states, register more people in the Schengen Information System and consider widened access, and invite Commission to examine urgently the relationship between safeguarding internal security and complying with international protection obligations and instruments.85

11.3.4.3 Alternative Controls and Checks Alternative internal controls are new controls emerging elsewhere inside the Schengen countries’ national borders. They take different forms, for example, spot (random) checks, mobile patrols, mobile frontiers, mobile brigades, etc. The controls are either unilateral (being applied by one country only), bilateral or multilateral (based on an agreement between two or more countries). The new controls and checks seem to proliferate because the Schengen Convention does not prohibit or is silent about them. The main assumption with the new checkpoints is to increase control internally as a consequence of lifting of the internal border controls. In other words, there is a clear link between the removal of internal border controls and the emergence of the new checkpoints. The French European Affairs Minister, Michel Barnier, confirmed this when he said, in France, we can see the usefulness of such controls (new checkpoints). (…) We now have the concept of mobile controls and mobile frontiers, which could be more effective than fixed controls.86

84 Article 22(2) of the Schengen Convention. 85 SN 3926/6/01 REV 6. 86 Statewatch: Schengen: “Mobile frontiers” introduced. Artdoc February=1997 at http://www. poptel.org.uk/cgi-bin/dbsearch2/statewatch, accessed on 5 August 1997.

387

388

Chapter 11

The meeting of the Schengen Executive Committee on 24 October 1996 agreed to a proposal by France to recognise the creation of “mobile patrols” and “mobile frontiers” under bilateral agreements between Schengen countries.87 Mobile frontiers allow controls and checks behind the internal frontiers within 20 kilometres from the border. Mobile frontiers started as early as 1994 as a French-Dutch police initiative to maintain checks to search for illegal immigrants. The mobile units are authorised to stop and check persons at random. On several of the major border crossings, a vehicle is semi-permanently posted near the border with a watchful observer equipped with binoculars in it. This officer alerts his colleagues waiting a little further down the road on motorcycles who then stop and inspect the car and its passengers.88

In 1997, France had concluded mobile frontiers bilateral agreements with Belgium, Germany and Spain. Germany also had signed agreements with France and Luxembourg. The agreement made possible the setting up of joint patrol of police to carry out checks at a distance of 20 kilometres inside on either side of the formal border. French and Dutch immigration authorities use mobile brigades of immigration police behind internal frontiers to check visas. The officials of both countries work routinely in each other’s territory on board international trains to carry out checks on the status of travelling aliens in an effort to intercept those without a visa while they are still in the country of departure.89 In Germany, random checks were allowed in 1998. The German border Protection Police, BSG (Bundesgrenzschutz) is authorised to carry random checks, that is checks not promoted by suspicion, on persons almost anywhere inside the country. Under the new law, identity checks can be carried out on trains, in railway stations, on motorways, and in city centres. People can be requested to open their baggage and to declare their possession of cash. Beyond being subjected to an ID check, anybody can be searched and brought to a police station for criminal identification (including fingerprinting) on grounds of ‘concrete elements of suspicion’.”90 The justification for these new measures is given as the need for protection of public order and security against “cross border crime”,91 in view of the abolition of internal border controls within the Schengen space and European Union.

87 88 89 90 91

Ibid. Ibid. Ibid. Busch, N. (December 1998 ) pp. 7-8. See Statewatch, Germany: New stop and search powers. May –August 1999 (Vol 9 no. 3 & 4) p. 11.

Border Control Legal Measures and Policies

11.5.4.4 Electronic Controls and Surveillance Another emerging phenomenon in new controls is electronic control and surveillance. It takes the form of CCTV (Closed Circuit Television) and traffic video cameras. CCTV cameras monitor public streets and places such as parks and areas that may be considered unsafe because of drugs and crime. Cameras are installed also in public buildings, banks and so on to monitor the flow of the people and any unwelcome behaviour such as crime. Traffic video cameras are also used to monitor traffic on the road and drivers who flout traffic rules. 11.5.4.5 Cross-border Controls and Co-operation Police co-operation in cross-border controls is a new feature of the Schengen Convention. The Schengen Convention in this aspect challenges the doctrine of national sovereignty in police matters. Traditionally, policing has been a national affair as no foreign law-enforcement agencies were allowed in other countries’ territory. Even where cross-border operations were allowed like the Nordic police co-operation, hot pursuit was informal and not legislated.92 The aim of cross border controls is to prevent and combat cross border crime, 93 which was anticipated would increase with the removal of internal border- controls. Articles 39-91 of the Schengen Convention are concerned with police co-operation and security. The main upshot of police co-operation is the movement of law enforcement across the borders.94 That is the movement of investigations and prosecutions across the borders. As observed earlier, the free movement of persons would also entail the free movement of crime and criminals.95 So in order to prevent and combat crime, it would be futile for the law enforcement authorities to be limited by internal borders. The movement of law enforcement takes the form of operations and exchange of information. Operations cover the movement of police and other law enforcement officers, for example the customs officers, across the border undertaking either hot pursuit or discreet surveillance or undercover operations.96 All the three forms of operation are provided for in the Schengen Convention except the third that can be carried out in the scope of discreet surveillance.97 Investigations can also be extended to other countries by way of controlled delivery and search and seizure. Controlled delivery of drug shipment provisions under the Schengen Convention requires the Member State to undertake

92 93 94 95 96

Fode, (1993) p. 66. Article 39, the Schengen Convention. Peers, S. (2000), p. 197. See Chapter 1 above. See also, The convention drawn up on the basis of Article K.3 of the Treaty on European Union, on mutual assistance and co-operation between customs administrations, Document 498Y0617(01). 97 Ibid.

389

390

Chapter 11

to allow such deliveries after prior authorisation by each Member States concerned.98 While the Member State carrying out the delivery should in principle respond to requests from other Member States, it controls the operations and its national laws apply. The Schengen Convention provides for cross-border observation under Article 40. This is the first time an international treaty does so.99 The Convention allows “Contracting Parties, who within the framework of a investigation, are keeping under observation in their country, a person who is presumed to have taken part in a criminal offence to which extradition may apply, to be authorised to continue their observation in the territory of another Contracting Party where the latter has authorised cross-border observation in response to a request for assistance which has previously been submitted.” Crossborder observation is allowed only if there is an ongoing criminal investigation, on the person concerned and the investigation must relate to an offence to which extradition may apply. The offences to which extradition may apply are stipulated in paragraph 7 of Article 40. The list of the offences, however, may not be exhaustive because Contracting Parties may define in their criminal law other offences that may not be included here as requiring extradition. In that case, a conflict may arise if an offence is not an extradition one in the country the observation is to continue. Finally, the SIS plays an important role in cross-border policing and especially observation. Article 99, which deals with discreet surveillance, requires law enforcement authorities to record and exchange information for purposes of border checks or other police and customs checks carried out within the country. For the purposes of crossborder observance, it implies that information on persons and vehicles involved in the commission or preparation to commit a crime may be exchange through the SIS. The proposed SIS II may expand the category of persons to be observed. Article 41 of Schengen Convention authorises “continued pursuit” (“hot pursuit”) by officers of one Schengen state to another Schengen state of persons caught, in their country, in the act of committing of one of the offences stipulated in paragraph 4 or participating in one of those offences. Hot pursuit is also authorised if the person pursued has escaped from provisional custody or while serving a custodial sentence. The officers must have been pursuing the individual or individuals in their country who cross the border into a neighbouring country. Hot pursuit is not a new phenomenon of the Schengen Convention. It has been the subject of the 1962 Benelux Extradition and Mutual Treaty Article 27. Also Norwegian, Swedish and Finnish police have practised hot pursuit informally and without any formal regulation under the Nordic Co-operation. The aim of hot pursuit is to ensure that criminals do not escape the long arm of law by simply crossing the border to a neighbouring country. 11.5.5

Information Systems

For controls inside the Schengen area the SIS, the Eurodac and national systems are consulted as a routine. In the future, the VIS will also be consulted for such controls. 98 Article 73, The Schengen Convention. 99 Joubert, C. & Bevers, H. (1996), p. 127.

Border Control Legal Measures and Policies

The SIS is consulted as a routine in spot (random), mobile patrols, and mobile frontier checks. These checks involve control of persons and objects. The purpose is to verify whether an alert has been registered concerning the person or object. The SIS is also consulted in cases of resident permit applications. The purpose here is to verify that the applicant has no alert registered against his or her name. In the future, the SIS II will also be consulted in cases of asylum applications. In addition, the SIS is also consulted in cases of vehicle registration to ascertain that the vehicle is not reported as stolen or missing. The Eurodac is consulted when a foreign national applies for asylum and is found to be illegally present in a Member State. According to the Eurodac Regulation, each Member State is required as a routine to take fingerprints of every non-EU or third country national aged 14 years or over who applies for asylum. Similarly, the Member States are required under Article 11 of the Regulation to take fingerprints of any alien of at least 14 years of age found to be illegally present within a Member State territory. The fingerprints so taken are matched with the fingerprint database in the central unit of the system to verify whether the person has previously applied for asylum in another Member State. Again here the Eurodac is used to deal the phenomenon of multiple applications. When it becomes operative, the VIS will be consulted for controls inside the Schengen territories for the purposes of identification and return of illegal immigrants, the determination of the responsibility for asylum applications and for the examination of an asylum application. National systems are consulted for various controls too.100 Police systems are consulted on crime controls. The foreign nationals systems are consulted in matters involving residence permits and asylum applications. From October 2005, Europol became available to Member States for consultation on cross-border crimes. Three of 25 Member States, France, Germany and Sweden, started using the data. For example, The German authorities might have information on a suspect they have been investigating for trafficking in human beings. The German authorities would then feed in the data they have about their suspect in a query. Some fields in the data may then match a record that has been initiated in Sweden about a known counterfeiter. The Swedish authorities would then be contacted by the German authorities so that the two can work closely to further their investigation into this suspect’s various activities.101

11.5.6

Individual Protection

Consequences of controls inside the Schengen area for individual persons depend on the controls and the national law applicable. The exceptions examined allow internal controls which work to restrict free movement inside the EU/Schengen area. Since the law applicable is national law of the Contracting Parties, the safeguards available to individual persons are also national in nature. Of course, in a situation where different na100 For detail discussion on national systems see Karanja, S. K. (2001a), Chapters 4-7. 101 Europol: Annual Report 2005, p. 17

391

392

Chapter 11

tional laws are applicable, the protection will also differ. The discussion on the adequacy or shortcomings of any of the national laws is not undertaken here because such a task is beyond the scope of this study. Instead, in the following section, an attempt is made to answer the research question left unanswered in Chapter 8. 11.6 –

Answering the Research Question in 6.5.4

To what extent do the SIS and Schengen border policies enable for decisions that are in favour of individual data subjects or subjects of border control? This calls for examination of the SIS and border control polices orientation. Are they meant to protect individual interests? How are the policies applied? Do they allow for consideration of individual interests where the later conflict with control interests?

The control measures and policies discussed in this chapter are individual oriented and group-based because they are triggered by the category to which the persons to be controlled belongs. For example, the intensity of controls, even where all categories of persons are controlled, depends on one’s group. Foreign nationals who require visas to enter the Schengen/EU territory meet with more vigorous control than the other categories of both foreign national who do not require visas and Schengen/EU citizens. At the same time, protection is only individual-based and not group-based. Consequently, the safeguards available to these persons are individual-oriented in nature. In other words, protection is directed to an individual not a group. As such, there are no group safeguards. Lack of such safeguards does not work in favour of individual persons’ interests. At the same time, most of the individual safeguards examined here are not adequate and cannot be said to enable decisions that are in favour of individual persons’ interests. For example, the SIS controls are meant to establish whether the person concerned is registered in the system or not. If the individual is not registered then there are no consequences that follow. On the contrary, if a person is registered, this triggers the action to be taken. The action to be taken may be to arrest or refuse the person entry into the Schengen territory. The analysis in Chapter 8 indicates that once a person is registered in the SIS, it is not easy to exonerate oneself because the safeguards that exist are full of obstacles that make it difficult for the person to exercise the rights accorded. It is also apparent that a person aggrieved by rejection of a visa application can only seek redress through the host country’s legal system. In most cases the persons are still in their country of origin which makes it difficult to invoke such legal action. The legal system, the language and culture is strange to the person, not to mention that the whole process is costly and time-consuming. This applies also to the persons who are refused to embark on a carrier at the departure airport or seaport or are refused entry in the Schengen area at the external border. Even persons who eventually enter the Schengen territory and meet with control measures are too faced with a strange legal system, culture, languages and costly judicial justice system. In these circumstances, it is difficult to see how the control measures work in favour of the controlled persons. The control policies do not also work to the advantage of the controlled persons because while the controls (visa controls carrier controls and liaison officers) have been successfully exported outside the Schengen territory and into the countries of origin of

Border Control Legal Measures and Policies

travellers, protection measures and policies have not been similarly extended into the foreign countries of origin. Again there has been an effort to grant non-governmental actors such as carriers control duties but there is no corresponding effort to grant non-governmental agents individual protection duties. In the next chapter, it is recommended that for there to be proportionality in control, non-governmental actors should assist in the protection of persons against the acts of controllers. It is especially necessary in a situation where control is group-based. In this circumstance, group protection should be contemplated. 11.7

Conclusion

In this chapter it is demonstrated that there exists an imbalance between control measures and policies on the one hand and the protection accorded individuals under control on the other hand. The imbalance is caused by a control approach which is not proportional to the protection of individuals on four fronts. Firstly, the control is groupbased while group protection is negated. Secondly, the controls are exported outside the Schengen/EU area to the countries of origin while there is no clear export of protection of individuals. Thirdly, while individual control is accompanied by individual protection the latter are not adequate. Fourthly, non-governmental agents, such as carriers are granted control duties, but no such non-governmental agents are granted individual protection duties. In the next chapter, recommendations to improve the protection accorded to individuals are suggested.

393

Part V: Recommendations and Postscript

12

Post-11 September Protection of Individuals

12.1

Introduction

The legal, policy and technological changes discussed in the preceding chapters lead to the question whether “a post 11 September legal protection regime” is needed. If so, what shape will it take? This chapter attempts to bring together the main findings in the study and proposes how they could be used to enhance individual protection by improving transparency and proportionality in privacy and data protection laws. To do this, the evolution of international data protection laws will be discussed first. The objective is to trace their development and try to predict the future direction. The discussion will be based on what is identified here as different epochs in the development of data protection laws. The question whether what is needed is a police and border control data protection law (Third Pillar framework legislation) or a review of the EU data protection Directive will be posed and answered. Notwithstanding the answer arrived at to the question above, the research has indicated that there is need to improve transparency and proportionality in the processing of personal data both in the Community pillar and Third Pillar respectively. Consequently, new data protection principles derived from the analysis of transparency and proportionality of data processing in the present data protection laws will be proposed. The new principles are meant to fill the transparency and proportionality gap that exists in the present data protection regime. Another way of enhancing data protection is through human rights law. The UN International Covenant on Civil and Political Rights (ICCPR) and the European Convention on Human Rights (ECHR) do not contain express provisions on data protection. The Human Rights Committee and the European Court for Human Rights (ECtHR) have instead implied data protection in their case law decisions. This will be discussed and why such a provision is overdue. 12.2

Evolution of International Data Protection Laws

In the evolution of international data protection legislation, two main epochs can be discerned. But it is also contended that a third epoch is already unfolding but it is not fully appreciated. The first epoch began with the enactment of the CoE data protection Convention 1981. The second epoch was heralded by the enactment of the EU Directive

398

Chapter 12

for data protection 1995. The third epoch may have started with the 11 September 2001 terrorist attacks. It is said that it is not appreciated yet because it is still camouflaged in the first epoch and second epochs. The data protection solutions of these epochs are still being used to address the problems of the new era. It is proposed that data protection solutions for the new era be sought and applied in order to improve or replace the old solutions. The era of the CoE Convention has been extensive. The Convention has influenced data protection solutions well over its time. The Convention was the only binding international data protection regime from 1981 to 1995 when the EU Directive was enacted. During this time, the Convention impacted on data protection at the national level as it influenced most national data protection laws. Its influence has, however, extended over this period for two reasons. Firstly, when the EU Directive came into existence, its effectiveness was suspended until 1998 when the Member States were supposed to implement it by enacting national data protection legislation. Although the deadline for compliance was 1998, not all the Member States had implemented the Directive by that date. That means that, in some Member States, the influence of the Convention continued well over the deadline. Today, all the Member States have complied with the Directive and therefore the national data laws reflect and are influenced by the Directive. At the Community level, however, a dichotomy exists and this leads us to the second reason. Data protection at Community level has been influenced by the division of the European Community into three pillars. In the Community pillar or First Pillar, the EU Directive became applicable as soon as it was enacted in 1995. But as regards the intergovernmental pillars, Second and Third Pillars, it was the CoE Convention which was the applicable data protection regime. In addition, Article 3 (2) of the Directive removed the Third Pillar from its scope. Consequently, even after the coming into being of the EU Directive, the CoE Convention has continued to apply to the intergovernmental pillars, especially the Third Pillar (the concern here) up to today. In 1997 with the signing of the Amsterdam Treaty, the influence of the CoE, however, was curtailed while that of the Directive was expanded when some Third Pillar competences were transferred to the First Pillar. Competences transferred to the First Pillar were immigration, visas, refugees and border crossing. Police and judicial co-operation matters, however, remained under the Third Pillar. Combating terrorism and other international crimes which have acquired much significance after 11 September and 11 March still fall under the Third Pillar and therefore have the CoE Convention as the main data protection regime. The significance of the dichotomy as discussed in earlier chapters is that there are now two levels of data protection in Europe, one higher and the other lower. The Directive represents the higher level because it is viewed as an improvement to the CoE Convention. The Directive tried to create harmony and uniformity where there were divergences at the national level. On the other hand, the CoE Convention is considered a lower level regime because there were many differences in the national laws as the Convention does not require full compliance but instead only estimation at the national level. The emerging era as indicated above has been necessitated by the fact that the two levels of protection are not offering adequate safeguards, as the transparency and proportionality analysis in this study indicates. Solutions offered by the two legal regimes to

Post-11 September Protection of Individuals

the emerging immigration, terrorists and other international crimes are not adequate. A new data protection regime may therefore be overdue. 12.3

Binding Police and Border Control Data Protection Law

The debate for a binding police and border control data protection law has ranged for a long time without any concrete outcome on the matter as the discussion in Chapter 5 indicated. But there is agreement that the current piecemeal legislation based on CoE Convention does not afford adequate protection and there is a need for harmonisation and uniformity in the area in the form of general binding framework legislation. As the Joint Supervisory Authorities of Europol, Eurojust, Schengen and Customs have noted, Convention 108 is perhaps too general in its nature to provide for an adequate set of data protection provisions dealing with the new dimension in processing personal data as set out in the different EU initiative. Furthermore, there are significant differences in the way this Convention has been implemented by Member States in national law.

Consequently, the Joint Supervisory Authorities have called for a more specific set of data protection rules for police and intelligence authorities to be developed to enhance the level of data protection. Similarly, B. de Schutter has pointed out the weakness and confusing nature of a piecemeal approach to data regulation in the police sector when he states that, The European and the international informational co-operation in the police sector – formal and informal – are based upon a great number of disparate arrangements and not only upon the Schengen, Europol, Eurodac or Custom Information System and Interpol systems. A number of other instruments, often a bilateral character, have no provisions concerning privacy protection. Hopes must be focused on a sufficient national protection system, but privacy protection is not yet a fact in all third countries Europe deals with. On the other hand, when present, the provisions on data protection lead, because of the presence of different texts, to a diversification of applicable rules, coupled with a multiplicity of intervening instances. This proliferation is unlucky. The lack of uniformity brings confusion, particularly for the citizen.

The diversity of data protection rules in the police and border control sector coupled with a lower level of data protection legislation, that is the CoE Convention, means that data protection in this sector is not adequate. As indicated in Chapter 5, the Council of Europe, however, is not keen to introduce a binding legislation in the area. The work of  

Opinion of the Europol, Eurojust, Schengen and Customs Joint Authorities presented to the House of Lords Select Committee on the European Union Sub-Committee F for their inquiry into EU counter-terrorism activities, Brussels, 28 September 2004. de Schutter, B. (2003). The processing of data in the police and judicial area and the protection of privacy. http://www.era.int/web/en/resources/5_2341_645_file_en.716.pdf. Accessed on 12 August 2004.

399

400

Chapter 12

harmonising the law in the sector therefore seems to be a European Union endeavour. The European Parliament (EP) has already urged for a legal instrument on the protection of privacy applicable to the Third Pillar. The EP has said that the instrument should be binding in nature and aimed at guaranteeing in the Third Pillar the same level of data protection and privacy rights as in the First Pillar. It should also harmonise, according to the higher standards, the current rules on privacy and data protection concerning Europol, Eurojust and all other third-pillar organs, as well as any exchange of data between them and the third countries and organisations. There have been also initiatives within the Council of European Union and with participation of the national Data Protection Authorities to set up a harmonised legal framework, but this has failed. The Commission has called for adoption of a legal framework for the Third Pillar. The Commission considers that the data protection principles, which apply by virtue of Directive 95/46/EC in the context of the First Pillar, are suitable to be applied in the context of the Third Pillar as well. This can be achieved by the adoption of a Third Pillar instrument laying down a set of data protection principles which are applicable to the processing of personal data in the context of all Third Pillar activities. But as the call for a legal framework for data protection in the Third Pillar has been ongoing, new legislative activities within the EU, especially the adoption of the EU Constitution may militate against such a solution. Once ratified by Member States, the EU Constitution will abolish the pillar system. All matters that are now under the Third Pillar would become subject to Community law and regulations. In that case, data protection will become uniform in the Community as the EU Directive for data protection will apply to all sectors. Data protection in police and border control co-operation, however, may still require special rules tailored to data requirements in this sector. A legal framework for data protection in the police and border control co-operation may still be necessary. As the Joint Supervisory Authorities for Europol, Eurojust, Schengen and Customs noted, such legal framework should provide for a tailor made set of rules applicable to law enforcement activities. Simply reaffirming general principles of data protection shall not be sufficient. It could perhaps further elaborate on the principles set out in the recommendation of the Committee of Ministers to Member States regulating the use of personal data in the police sector including the results of the three evaluations of that recommendation. Any moves in this direction would, of course, have to take account of the existing legislation (particularly the different national approaches to dealing with data protection in the area of law enforcement), the fundamental rights of data protection guaranteed in Article I-51 of the

  

See Resolutions passed on 27 March 2003 (on a proposal by J. S. HERNANDEZ MOLLAR) European Parliament: Report (Cappato Report) on the First Report on the implementation of the Data Protection Directive [95/46/EC) (COM (2003) 265-C5-0375/2003/2153(INI)] Final a5-0104/2004 p.7/22. Opinion of the Europol, Eurojust, Schengen and Customs Joint Authorities, supra note 1163.

Post-11 September Protection of Individuals

Draft Treaty establishing a Constitution for Europe and the increasing convergence of the First and Third Pillars.

It is the opinion here that such framework law should also incorporate the solutions suggested in this study in order to enhance transparency and proportionality in police and border control work so as to provide effective individual protection. The solutions are elaborated in the next section. The approach used is to suggest new data protection principles aimed at fortifying transparency and proportionality in the new law. They could also be used as a springboard for amendment and review of the existing framework data protection law, especially the EU Directive. There are new developments in this area that were not anticipated at the time of writing. The Commission has issued a proposal Framework Decision on the protection of personal data processed in the framework of police and judicial co-operation in criminal matters. When this is adopted, it will put to rest the debate on a binding legislation in the police and border control co-operation and it is a welcome development. The assessment of the impact of the Framework Decision is, however, beyond the scope of this study. 12.4

New Data Protection Principles

12.4.1

Introduction

In 6.4.5 and 6.5 above, it was noted that interests have a reformative role. That is, they can be used to highlight deficiency in the applicable law. This is what this study has endeavoured to do as regards principles examined. It has indicated deficiency in the current data protection principles. In the analysis of data protection principles and interests in Chapter 6, it was clear that a number of transparency and proportionality requirements used in the analysis were not directly reflected in the principles. They were implied in the principles but not directly manifested. It has also been demonstrated that some of these requirements are very important as guarantees for transparency and proportionality. In this section, the requirements that are not directly reflected in the principles are highlighted and elaborated further. It is suggested that they should be given clear and direct manifestation in the existing data protection laws and in future data protection legislation. It is also proposed that they should be adopted and incorporated as new data protection principles to expand the existing catalogue of principles in new data protection laws. In this study, principles have been understood as rules of the applicable law.  



Ibid. EU Directive on Data Protection Evaluation report 2003 – the European Commission described a clear lack of harmonisation, but stated that there was no reason yet to come to an amendment of the Directive and that it was necessary to make better use of the existing legal framework. A second evaluation is likely to follow in the near future. Proposal for a Council Framework Decision on the protection of personal data processed in the framework of police and judicial co-operation in criminal matters, COM(2005) 475 final 4 October 2005, {SEC(2005) 1241}.

401

402

Chapter 12

The principles are therefore obligations imposed on data controllers for fair and lawful processing of personal data and rights granted to data subjects in order to ensure that their personal data are processed in a fair and lawful manner. The recommendations of new data protection principles made here are meant to supplement and clarify the existing data protection obligations and rights. 12.4.2 Transparency Principles 12.4.2.1 Principle for Reasons The main objective of a principle for reasons would be to enable a person affected by a decision of a data controller, which involves use of personal information in the custody of the controller, to challenge and control the legality of the decision. It would also enable the data subject to decide whether to challenge the decision by way of appeal or not. Further the data subject would be able to control the quality of personal data used to arrive at the decision. That is the data subject would be in a position to control whether the data used were correct, complete, up-to-date and accurate. Although the principle for reasons may be said to be manifested in Articles 12 (a) and 15 (1) of the EU Directive, it is stated as a data subject right which requires that initiative be taken by the data subject. The data subject must request the reasons before they can be made available to him or her. Such a situation is not desirable because it implies that the data subject must be well-informed about his or her rights. It is public knowledge, however, that this is not always true. Data subjects are not usually adequately informed about their rights and a majority do not even know that the right exists at all. In order for the right to reasons to be effective, it is necessary to make it an obligation for data controllers to give reasons. That is why it is proposed here as a principle for reasons. The data controllers will be required to give reasons to data subjects for automated or nonautomated decisions they make, especially when the decisions affect the data subject adversely. As noted earlier, the Schengen Convention and other police and border control laws such as Europol Convention and Customs Information System Convention, even the CoE Convention which these conventions are based on, do not have a provision for reasons. Police and border control work involves making decisions which may affect the persons concerned adversely by denying them their rights or suffering a detriment. Lack of reasons for such a decision on the part of the person would put him or her in a disadvantaged position where he or she may not be able to challenge or control the legality of the decision. As police work and border control work increasingly relies on technology and exchange of information, the need for giving data subjects reasons becomes urgent. 

See Special Eurobarometer survey December 2003 p. 43 – On average, more than two-thirds of EU citizens (70%) tend to agree that awareness of personal data protection in their home country was low. Similarly, on average only 32% of EU Member States citizens had heard of the law granting individual right of access, correction and deletion. Of the 32%, only a very small percentage 7% had exercised the right, p. 49.

Post-11 September Protection of Individuals

Databases and biometric technologies are becoming key features of police and border control work. Terrorist concerns have meant also that data sharing, mining and profiling are increasingly used as methods for controlling and detecting crime. In such a circumstance, when a decision is made that a person is dangerous and should not be allowed to board an aircraft for example, it would be necessary for the person to be furnished with reasons for such a decision. Further, when biometrics technology is used to deny a person entry to a country or get a visa, it should be imperative to furnish the person with reasons for the refusal. 12.4.2.2 Legal Information Principle The main objective of the legal information principle is to enable the public to obey the law and regulations. Without legal information it would be difficult for those concerned to carry out their obligations and exercise their rights as required by the law. For example, availability of legal information is a necessary condition for exercising the right of access to personal information registered with the controllers. The legal information principle would therefore enhance general and individual access to information registered with the controller.10 The principle of legal information requires that legal information is made available to the public. Availability means that information should be both accessible and understandable. These concepts are explained in (8.3.2.4) and are central to the principle for legal information. Accessibility is more than the act of publishing the law. It entails also publicising it. When the law is published, it is made universally available to whoever may be interested to look or search for it. But publicising entails making deliberate efforts to make the law available to the majority of the people. Understandability of the law entails making it knowable to the majority of the population. It means employing deliberate efforts to explain and interpret the law and give guidance to the people where necessary. The legal information principle therefore encompasses availability, accessibility (publishing and publicising) and understandability of legal information. A new principle of legal information is required in data protection laws because it is not adequately and clearly manifested in data protection laws. The principle, however, could be construed in Articles 28, 29 and 30 of the EU Directive which deal with the establishment and roles of the Supervisory Authority (Article 28) and the Working Party (Articles 29 and 30). The roles of the two bodies could inter alia be interpreted as to give legal information. As longer as they give guidance, advice, explain and interpret the law, it can be regarded that they provide legal information. As such, it is not clear to what extent their role entails making the legal information available, accessible and understandable. The proposed legal information principle will create an obligation on such bodies and controllers to make legal information available. Need for the legal information principle is compelling because of the manifest lack of information among the members of public. The Schengen Joint Supervisory Authority in 1997 decided to launch a Schengen-wide public information campaign because it had 10 See analysis of general and individual access to legal information in 8.3.2.3 & 8.3.2.4 respectively.

403

404

Chapter 12

found that in practice it was difficult for the general public to exercise their rights, in particular the rights to access and verify data. One of the reasons for this was the fact that general public was not sufficiently informed.11 In its subsequent Annual Reports,12 the JSA reported an increase in the number of requests for access made. The increase was attributed to protracted SIS information campaign carried by the JSA to inform members of the public of their rights under the Schengen Convention in the previous years. This revelation points to a clear link between the exercise of the right to access and provision of legal information. Public opinion polls in Europe, on the knowledge of data protection law and the rights it provides to data subjects, confirm lack of information on these laws and rights among the public.13 The lack of legal information is attributed to the passivity exhibited by the public as regards the exercise of the rights made available in data protection laws. An increase in legal information is not only important for the public and data subjects in particular, but it is also necessary for data controllers and data processors if they are to fulfil their obligations under the law. Provision for information should therefore target all interested parties in the processing of personal data. 12.4.2.3 Principle for Individual Notification The principle for individual notification aims at making an individual aware that personal data about him or her are being or have been processed by the controller. It would also serve to make the individual aware that a decision that may lead to personal information about him or her being registered has been taken by the authority concerned. For example, under the Schengen Convention if a decision is made to register an alert in the Schengen Information System, the individual should be informed of the decision and subsequent registration. Individual notification is provided for in the EU Directive Articles 10 and 11. There is, however, no such provision in the police and border control co-operation data protection laws such as the Schengen Convention, Europol Convention and Customs Information System Convention. There is no such provision in CoE Convention on which data protection in these police co-operation Conventions are based. Consequently, it is suggested that a principle for individual notification should become a feature of these conventions and laws in the future.14 It is demonstrated in (8.3.2.3 above) the necessity of such a requirement for notification under Schengen law. Inclusion of a provision on individual notification would be needed in any future police and border control data protection 11 JSA Third Annual Report of Activities March 1998 – February 1999, p. 12. 12 See JSA Fourth and Fifth Reports March 1999 – February 2000 p. 15 and March 2000 – December 2001 p. 18 respectively. 13 See note 9 above. Further the survey showed that the level of knowledge about the existence of independent data protection authorities was low across the European Union and twothirds 68% of the EU citizens were not aware of their existence, p. 48. 14 The right of notification has been incorporated in the SIS II proposal legislation which was published after this suggestion was made. The right, however, fall short of what is recommended here as indicated in the postscript.

Post-11 September Protection of Individuals

framework law. Limitations would, however, be required in order not to compel data controllers to give notification in instances where such notification would be contrary to interests of processing the data. Such an instance could be where the notification would jeopardise the work of the controller such as where investigations are ongoing or on matters of specified national security interests. The limitations should be specific and not general, wide and vague. It should also take into consideration data subjects’ interests. As noted in (8.3.2.3) notifying data subject when alerts under Article 96 are made does not affect interests of the controller in the processing of data. An investigation by the Norwegian Data Protection Authority (Datatilsynet) on the immigration section of the SIS has indicated that the immigration authorities have been issuing notification to persons registered in the SIS under Article 96 in Norway.15 According to the report “the foreign nationals are given advance notice of any entry in the SIS. The notice also appears in the decision that a decision will be made for entry in the SIS. If advance notice of such entry has not been given, an alert on the foreign national is not to be entered in the SIS.”16 The Norwegian immigration authorities have received very few requests for access (approximately three during four years). This has been attributed to the authorities’ practice of issuing notification to persons registered under Article 96. Despite the fact that the Schengen Convention does not contain a notification requirement, the practice by the Norwegian authorities demonstrates that notification is effective and desirable.17 12.4.3

Proportionality Principles

12.4.3.1 Non-discrimination Principle The non-discrimination principle aims at protecting individuals and groups of individuals against negative discrimination.18 That is, discrimination based on race, nationality, political and religious beliefs and gender. The need for a non-discrimination principle 15

Datatilsynet: Inspection Report of the Inspection at the UDI (Immigration Directorate) on 1 February 2005 p. 4 paragraph 4.3. 16 Ibid. 17 The SIS II legislative proposal 2005 has incorporated a right to notification but the right is not adequate as indicated in the postscript. 18 The use of the term “negative discrimination” encompasses both what is referred to as ‘Direct’ and ‘Indirect’ discrimination within EU regulations, especially the Race and Equality Directive. It is also used as defined in the Human Rights Committee General Comment No. 18, namely “the term discrimination as used in the Covenant should be understood to imply any distinction, exclusion, restriction or preference which is based on any ground such as race, colour, sex, language, origin, property, birth or other status, and which has the purpose or effect of nullifying or impairing the recognition enjoyment or exercise by all persons, on an equal footing, of all rights and freedoms.” As used, negative discrimination implies positive discrimination which means that certain distinctions and differences in treatment can be justified under controlled circumstances or conditions. Not every differentiation will constitute discrimination, if the criteria for such differentiation are reasonable and objective and if the aim is to achieve a purpose which is legitimate under the law.

405

406

Chapter 12

is justified by the fact that the EU border-crossing policies are highly discriminating according to a person’s country of origin.19 A person’s country of origin determines how one is treated at the borders. For example, imposing visa requirements on particular persons based on their country of origin and exempting others from visa requirement based on their country of origin as the EU visa policy amounts to discrimination on nationality basis. It also happens that most persons from countries which require a visa to enter the EU/Schengen area are not white and/or are mostly of Islamic faith. This again can amount to discrimination on basis of colour and religion.20 Data protection laws do not contain a categorical provision prohibiting discrimination as understood here. Prohibition, however, could be implied in the provision that requires that personal data be processed in a fair and lawful way and the provision regulating processing of sensitive data. Both provisions are found in the main data protection laws such as the EU Directive and CoE Convention. The Schengen Convention also prohibits processing of personal data revealing racial origin, political opinions or religious or other beliefs, as well as personal data concerning health or sexual life. The prohibitions are limited because they apply only to the processing of personal data while border control involves more than that. For example, it does not prohibit doing a search in the SIS or other database on the grounds that it could amount to discrimination. It also does not apply to situations where databases are used for racial profiling or data mining on racial, religious or nationality basis. The protection afforded by the prohibitions cannot therefore be regarded as adequate. In this section, it is argued for introduction of non-discrimination principle in the data protection laws. Since the non-discrimination principle is a human rights creation, a brief account of the principle in the human right regimes and in the EU context in particular is necessary. The objective is to show that even in the human rights law the principle is not always universal in nature. The introduction of the principle in the data protection laws is meant to be universal. International human rights law prohibits negative discrimination. Nevertheless, protection under European human rights regional instruments is weak. The main non-discrimination clause in the ECHR is Article 14. This provision does not provide freestanding right against discrimination. It is accessory and adjectival.21 The Article cannot be invoked alone. Its violation can only be alleged in conjunction with a substantive right or freedom. According to the Convention, discrimination is prohibited in relation to “the enjoyment of the rights and freedoms set for the in the Convention (…).”22 In that case, the scope of Article 14 is limited to the rights protected under the Convention. It is not a general prohibition against discrimination and therefore there are certain kinds

19 20 21 22

See Chapter 11 above. Cholewinski, R. (2002), p. (i). Hepple, B. (2004), p. 5. Article 14 full text – “The enjoyment of the rights and freedoms set forth in this Convention shall be secured without discrimination on any ground such as sex, race, colour, language, religion, political or other opinion, national or social origin, association with a national minority, property, birth or other status.”

Post-11 September Protection of Individuals

of discrimination that cannot be redressed by the Article.23 In addition, whether the discrimination is direct or indirect, there is defence that the discrimination is objectively justifiable and is proportionate and necessary to the legitimate aim being pursued. The limited applicability of Article 14 led the Council of Europe to adopt Protocol 12, which opened for signature on 4 November 2000. The protocol has general application. It guarantees a free-standing right to equality.24 As such it advances the protection of equality in the Convention beyond the relatively limited guarantee in Article 14. The Protocol, unlike Article 14, can be enforced in a range of discriminating circumstances covered by many laws and not only the rights protected by the Convention. Depending on how the ECtHR will interpret it, it may enjoy a general applicability to discrimination as Article 26 of the International Convention on Civil and Political Rights.25 Article 26 is a ‘stand-alone’ or substantive equality clause. It is not limited to the rights that are provided for in the Covenant.26 As such it is an important instrument for fighting against discrimination in many facets. The Protocol is especially important for border control because it extends protection against discrimination beyond the scope of the Convention rights and freedoms. Supporting the adoption of the Protocol the ECtHR stated that “certain forms of discrimination cannot be brought within the ambit of Article 14”.27 Despite its significance, the Protocol took over five years before it entered into force on 1 April 2005. The delay was caused by lack of adequate states that had ratified the Protocol. Most states were apprehensive about the wide scope of the Protocol and therefore had adopted a wait and see attitude. The Protocol required ten ratifications before 23 The ECtHR has confirmed in a series of case that Article 14 is not directed at discrimination in general: X v. Federal Republic of Germany, Application No. 8410/78, 261; Belgian Linguistic Case, 23 July 1968, § 9; Abdulaziz, cables and Balkandali v. United Kingdom, 28 May 1985, § 71. 24 Protocol 12 states that (1) The enjoyment of any right set forth by law shall be secured without discrimination on any ground such as sex, race, colour, language, religion, political or other opinion, national or social origin, association with a national minority, property, birth or other status; (2) No one shall be discriminated against by any public authority on any ground such as those mentioned in paragraph 1. 25 The UN Human Rights Committee has clarified the protection of Article 26 ICCPR thus “Article 26 provides that all persons are equal before the law and are entitled to equal protection against discrimination on any of the enumerated grounds. In the view of the Committee Article 26 does not merely duplicate the guarantee already provided in Article 2 but provides in itself an autonomous right. It prohibits discrimination in law or in fact in any field regulated and protected by public authorities. Article 26 is therefore concerned with the obligations imposed on State parties in regard to their legislation and the application thereof. Thus, when legislation is adopted by a State party, it must comply with the requirement of Article 26 that its content should not be discriminatory. In other words, the application of the principle of non-discrimination contained in Article 26 is not limited to those rights which are provided for in the Covenant. See General Comment No. 18 on Non-discrimination.” 26 Ibid. 27 Opinion of the European Court of Human Rights on draft Protocol 12 to the European Convention on Human Rights.

407

408

Chapter 12

it could enter into force.28 Another downside is that most Schengen and EU Member States have not ratified it. Only Finland and the Netherlands have ratified the Protocol as of 29 April 2005. Since the Protocol is binding for the countries that have ratified it only, it means that for the majority of the Schengen 15 Member States and EU 25 Member States the Protocol does not apply. People in these countries cannot take cases to the European Court of Human Rights invoking a breach of the Protocol. From a political aspect, however, since most Schengen and EU Member States, with the exceptions of Denmark, Spain and Sweden, have signed the Protocol, this is an indication of their commitment not to undermine the purpose or effect of the Protocol. Under the EU legal framework, discrimination is prohibited by the treaties and the Charter. The prohibition by the treaties has also been problematic and weak because its application has been limited. The scope of the Community equality or non-discrimination principle, until recently, had been relatively narrow in terms of the grounds protected, since it only outlawed discrimination on the grounds of nationality and sex.29 It also applied in a limited material context to prohibit discrimination in those areas in which the Community had competences, namely areas connected with economic activity.30 Third country nationals were not covered by the limited application of the treaty prohibition against discrimination except as related to discrimination on the basis of sex. With regard to non-discrimination based on nationality, it was generally accepted before the entry into force of the Treaty of Amsterdam that only EU citizens came into its scope.31 Sex discrimination is outlawed in respect to all working men and women within the EU without distinction, including third country nationals.32 But whether new Community norms prohibiting non-discrimination can be applied to the EU rules on borders and visa, discussed in Chapter 11, is the central question here. The main Articles on non-discrimination are Articles 12 and 13 of EC Treaty. Article 12 prohibits discrimination on the grounds of nationality. It does not grant an independent right to non-discrimination as the treatment complained of must fall within the scope of Community law. The Member States governments of EU have always interpreted this Article as applying only to EU nationals. This position has been subsequently confirmed by the European Court on Human Rights which stated that the European Union constitutes ‘a special legal order which has, in addition, established its own citizenship’.33 The transfer of matters dealing with visas, asylum, immigration and other policies related to free movement of persons by the Amsterdam Treaty to the Community pillar could have raised an occasion for expanding of the scope of Article 12 to include equal treatment between EU citizens and third country nationals. The 18 and 21 Presidency Conclusions of the Tampere European Council October 1999 pointed to 28 Countries that as on 29 April 2005 have ratified the Protocol are Albania, Armenia, Bosnia & Herzegovina, Croatia, Cyprus, Finland, Georgia, Netherlands, Serbia, Montenegro and Macedonia. 29 See, Articles 12 and 141 EC Treaty. Also Cholewinski, R. (2002), p. 39. 30 Cholewinski, R. (2002), ibid. 31 Ibid. 32 Ibid. 33 C v. Belgium, Judgement of 7 August 1996, § 38.

Post-11 September Protection of Individuals

the expansion possibilities when they asserted claim for fair treatment of third country nationals residing legally on the territory of its Member States and called for granting them rights comparable to those of EU citizens. Article 13 EC Treaty expanded the scope of non-discrimination. It states “without prejudice to the other provisions of this Treaty and within the limits of the powers conferred by it upon the Community, the Council, acting unanimously on a proposal from the Commission and after consulting the European Parliament, may take appropriate action to combat discrimination based on sex, racial or ethnic origin, religion or belief, disability, age or sexual orientation”. The scope of the Article includes prohibition of discrimination on many aspects, not only nationality and sex. It, however, has shortcomings as it does not offer a free-standing prohibition as its scope is limited to that of Community law. Its effect is also limited because the Article does not seem to confer direct effect as it only empowers the Council to act (by unanimity). The Council took action, and in 2000 it adopted two Directives. The first is the Racial Equality Directive34 a general prohibition of discrimination based on racial or ethnic origin. The second is a Framework Directive banning discrimination in employment on the grounds of religion or belief, disability, age or sexual orientation.35 Of interest here is the Racial Equality Directive because of its potential application to third country nationals, and in particular the possibility of its application to the operations of the border control co-operation under the border and visa rules in Title IV EC Treaty. The Racial Equality Directive prohibits both direct and indirect discrimination based on racial and ethnic origin as well as harassment. It applies to “all persons, as regards both public and private sectors, including public bodies”. The scope of activities it covers are access to employment, self employment and occupation, vocational training, working conditions, membership of a trade union, social protection, social security and healthcare, education and goods and services available to the public, including housing. It has, however, its limitations because it does not apply to third country nationals especially in matters concerning visa, immigration and border control. Cholewinski has observed, the impact of the directive on the treatment of third country nationals in the field of immigration control is likely to be nominal as the exclusion of religious and nationality discrimination from the scope of the directive, the unwillingness of the Council to expressly protect third country nationals from distinctions purportedly based on nationality from constituting indirect discrimination on the grounds of racial and ethnic origins, and the failure to explicitly identify immigration authorities as public bodies the actions of which are covered by the scope of the directive, are unfortunate developments in the overall context of combating discrimination against third country national.36

34 Council Directive 2000/43/ of June 2000 implementing the principle of equal treatment between persons irrespective of racial or ethnic origin, OJ 2000 L 180/22. 35 Council Directive 2000/78/EC of 27 November 2000 establishing a general framework for equal treatment in employment and occupation, OJ 2000 L 303/16. 36 Cholewinski, R. (2002), p. 47.

409

410

Chapter 12

The Charter of Fundamental Rights and Freedoms reinforces fundamental rights and non-discrimination in the EU. It has, however, failed to afford a general prohibition against discrimination. Article 21 prohibits discrimination on any ground such as sex, race, colour, ethnic or social origin, genetic features, language, religion or belief, political or any other opinion, membership of a national minority, property, birth, disability, age or sexual orientation and also discrimination on the ground of nationality. The scope of the Charter is limited to matters which are dealt with by the Union law. Under Article 51, the Charter clearly identifies the addressee of the Charter as the Union and the Member States. As regards the Union, it means that the Union as a whole, together with each of its institutions, bodies and agencies are bound by the terms of the Charter.37 As regards the Member States, it is a bit tricky as according to Article 51, the provisions of the Charter are addressed to Member States only when they are implementing Union law. Consequently, the provisions of the Charter cannot be used by the citizen to challenge state actions in matters which have nothing to do with Union law.38 Article 52 (2) states that those Charter rights for which provision is made in the Treaties (or draft European Constitution) shall be exercised under the conditions and within those limits defined by the Treaties (or draft Constitution as the case may be). The significance of this provision is that, since prohibition against discrimination is provided in the Treaties, the right shall be exercised under conditions and limits that are set in the Treaties. In that case, Article 21 of the Charter shall be exercised under the conditions and limits of Article 13 of the EC Treaty. In other words, Article 21 is not a free-standing provision and therefore has no universal application for matters defined in the Treaties.39 In the circumstances, Article 21 of the Charter may not afford third country nationals protection against discrimination based on nationality. The discussion above signifies the problem involving third country nationals in the protection against discrimination in the European context. European human rights laws, both under Council of European and the European Union instruments do not ex37 Walsh, D. (2003), p. 13. 38 Ibid. p. 14. 39 Ibid p. 16 – Article 21 (1) of the Charter prohibits discrimination on a wide number of grounds. Article 13 EC, however, also addresses discrimination on a narrower number of grounds. Moreover, it does not prohibit discrimination on these narrower grounds per se. Instead it only authorises the Council to take action against such extent that the Council has acted. It follows from Article 52 (2) of the Charter that the prohibition is absolute for those grounds that are not specified in Article 13 EC. Moreover, since Article 13 EC is not directly effective, it would seem that the Charter prohibition also applies absolutely to those grounds that are specified in Article 13 EC, apart from any on which the Council has acted. As it happens the Council has acted on race and ethnic origin (Directive 2000/43/EC). It follows that the Charter prohibition on discrimination on the grounds of race and ethnic origin must be exercised in accordance with Article 13 EC and the Council Directive. By contrast the prohibition on discrimination on the other grounds mentioned in Article 13 EC is absolute, although that will change for any of those grounds which are the subject of Council action in future. For those grounds that are not mentioned in Article 13 EC but are contained in Article 21 (1) of the Charter, the prohibition will always be absolute – unless they are affected by the implied limitations flowing from Article 52 (1) of the Charter.

Post-11 September Protection of Individuals

tend unequivocal protection to third country nationals. That is, the protection afforded under these laws is not universal. It seems therefore, necessary to include a provision on protection against discrimination in new legislation that have a direct or indirect effect on third country nationals so as to buttress the extent of the protection and give the protection universal character. The Commission has noted in its proposal for a Council Directive concerning the status of third country nationals who are long-term residents that “such an inclusion obliges the Member States to enforce the principles of non-discrimination when implementing the obligations imposed by the Directive and also that it is in accordance with Article 21 of the EU Charter of Fundamental Rights.” Fortunately, this is becoming the trend in legislation under Title IV EC where standard anti-discrimination clauses, purportedly in accordance with the principle of ‘mainstreaming’ equality are now being inserted. Although, as Cholewinski notes, the approach has not been uniform.40 Data protection legislation should borrow a leaf from these developments, as it also affects third country nationals especially in visa, immigration and border control, and insert such a non-discrimination clause. 12.4.3.2 Guidance and Assistance Principle The objective of the guidance and assistance principle is to enhance obedience of the law and avoid excessive control. Disobedience of law is not always precipitated by reckless defiance of the law. In most cases, individuals have the will to obey the law but may lack the necessary legal knowledge and information. As such, lack of legal knowledge and information may lead to disobedience and excessive control. Disobedience of the law and excessive control may also result from error either by the person enforcing it or a person affected by it. The guidance and assistance principle is therefore aimed at avoiding the pitfalls of disobedience of law and excessive control. Guidance and assistance is aimed at provision of legal knowledge and information. Data protection laws do not contain an express provision for guidance and assistance. Provision for establishment of data supervisory authorities in most data protection laws and Article 29 Working Party in the EU Directive can, however, be seen as a requirement to give advice and assistance, especially as far as giving opinions and issuing reports is concerned. But as indicated earlier, whereas these bodies do give guidance they are poorly equipped for the task as regards giving advice and guidance to data subjects. Data supervisory authorities have broad mandates and responsibilities and as such they are poorly placed to offer quality guidance and assistance to data subjects. They too have inadequate budgets and personnel which reduce their effectiveness in guidance and assistance. In the next section, the establishment of a new body whose specific mandate will to give guidance and assistance to data subjects is proposed. Guidance and assistance is an exclusive responsibility of data supervisory authorities. Data controller, data processors and their personnel should also have a duty to give guidance and assistance. As such the principle for guidance and assistance does target them and impose a duty on them to offer guidance and assistance to data subjects and persons with whom they contact. In the current state of affairs, however, the initiative to 40 Cholewinski, R. (2002), p. 49.

411

412

Chapter 12

offer guidance is left to of the data controllers and their personnel. This is not desirable. A guidance and assistance principle is needed. It will impose a duty to offer guidance and assistance on those who are involved in the work of processing of personal data. The objective is to improve proportionality and obedience of law in control work. As noted in 9.6.5, the proposed Visa Information System (VIS) Regulation attempts to impose a duty to offer guidance and assistance on the data supervisory authorities. While this is welcome, the duty to give guidance and assistance is limited to data supervisory authorities only and the data subjects have to take the initiative to request assistance. The duty should apply to all actors involved in the work of processing personal data and they should be required to take initiative too. 12.4.3.3 Supervision Principle: Group Protection and New Protection Actors The supervision principle is provided for in data protection laws in the establishment of data supervisory authorities in all major data protection laws. But due to inherent problems and limitation in the powers of the authorities,41 they do not perform their work effectively, especially as far as taking care of individual interests is concerned. Due to the wide mandate and lack of adequate budget and personnel, the authorities’ capacity to provide guidance and assistance or legal knowledge and information to data subjects is diminished. This in turn impacts poorly on transparency and proportionality in processing of personal data. To improve transparency and proportionality, it is imperative to address the problems faced by the authorities. The mandate of data protection authorities is too wide that even with adequate budget and personnel, it may still be difficult to adequately handle data subjects’ interests. The establishment of new data protection actors to safeguard data subject interests only is recommended. The analysis in the preceding chapters has pointed to lack of proportionality in border control measures and policies. In other words, there is no proportionality between control and protection policies. Four areas where proportionality is lacking have been identified. First, control is group-based but group protection is not available. Secondly, controls are exported outside the Schengen/EU territories to countries of origin of travellers but there is no clear export of protection for individuals abroad. Thirdly, while individual control is accompanied by individual protection, the latter are not adequate as they are mostly tailored for data subjects of Schengen/EU countries. Fourthly, nongovernmental agents e.g. carriers are granted control duties but no non-governmental agents are bequeathed with individual protection duties. The imbalance between control and protection could be redressed by introduction of new protection actors to supplement the traditional actors. The suggestion is born out of the fact that control of persons has changed. Similarly, protection should also change 41 The Commission in its first report on the implementation of Directive 95/46/EC (COM(2003) 265 final, 15 May 2003) indicated that data protection authorities are currently under-resourced for their wide range of tasks. The report states “that the supervisory authorities themselves in many MS are also concerned about this in particular their lack of resources and resource difficulties may affect independence. See also COM(2003)558 final, 24 September 2003.

Post-11 September Protection of Individuals

to keep up with new trends. The main change in control is a shift from individual focused control, where individuals are targeted for control based on suspicion, to a group focused control, where groups of persons are targeted for control because the group is deemed suspect. The Schengen/EU border control measures and policies affect foreign nationals most. But not all foreign nationals are seriously affected. Foreign nationals who must possess a visa so as to enter into the Schengen/EU area are the most controlled of them all. Under this group is also found asylum seekers and refugees who are often clustered together because of immigration reasons. Visa obligation is normally imposed on foreign nationals from countries that have been identified to pose potential crime and illegal immigration risks to the Schengen/EU interests. As such, foreign nationals belonging to this group are highly vulnerable especially when faced with a strange legal system, culture and languages. The problems discussed in this study on accessibility and understanding of legal information are more glaring for this group of persons than any other individuals. For this group, lack of accessibility and understanding of the legal information complicates the exercise of individual oriented rights and protection. A group-oriented protection would be the best solution for this group. While individuals will be at liberty to exercise individual rights, a group protection approach would aim at improving protection for the group by finding a common group solution to individual problems. The group protection approach accepts that individual protection problems have a group genesis. For example, if one is not identified as a member of a group of persons on whom visa obligations are imposed, visa requirements and stringent control meted against this group would not apply. Individuals protection problems based on visa requirements would not exist for the person. Group protection would be best served if non-governmental or intergovernmental agents are recruited in the protection role. Just as group control may have become effective by granting non-governmental agents such as carriers control duties, group protection could also be entrusted to non-governmental or intergovernmental bodies which have no special interest in the control of persons. The advantage is that non-governmental agents can easily be posted or stationed abroad where protection is badly needed. Mobility of protection is important so that it follows the group or individuals as they move through border control levels and places. Currently protection is not visible in the control places. Stationing protection agents at the control places will give visibility to protection. Here it will suffice to mention some of the non-governmental and intergovernmental agencies that would ideally take charge of group protection. These choices are influenced by the fact that these agencies are already engaged in work related to protection of group rights of foreign nationals and especially the vulnerable groups which are focused here. At the international level, organisations such as the International Organisation for Migration (IOM) and the European Council on Refugees and Exiles (ECRE) come to mind.42 IOM is an intergovernmental organisation established in 1951 to resettle European displaced persons, refugees and migrants. It has grown to encompass a variety of migra42 http://www.iom.int.

413

414

Chapter 12

tion management activities throughout the world. It has offices and operations in every continent.43 Currently, 112 states are members of the IOM with 23 states having observer status. A number of international governmental and non-governmental organisations also have observer status. They include the United Nations, International Committee of Red Cross and numerous others.44 The main role of the IOM is to work with migrants and governments to provide humane solutions to migration challenges. Brunson McKinley, IOM Director General has stated the concerns of IOM thus, Migration will be one of the major policy concerns of the twenty-first century. In our shrinking world, more and more people will look to migration - temporary or permanent - as a path to employment, education, freedom or other opportunities. Governments will need to develop sound migration policies and practices. Properly managed, migration can contribute to prosperity, development and mutual understanding among people. IOM exists to help migrants with all their needs and to assist governments in managing migration for the good of all (...). In reacting to conflicts and emergencies, speed and flexibility are essential if humanitarian needs are to be properly met. In the post-conflict rebuilding phase, IOM helps returnees restart their lives through a variety of individual and community programmes (…). The human rights of migrants deserve greater attention. Trafficked migrants are routinely exploited, mistreated or even killed. Migrant workers often find themselves without protection or recourse, either from their own governments or in the country where they are working. IOM is dedicated to assisting migrants in distress.45

The general role of IOM in the protection of migrants would not be contrary to a more particularised role of protection of migrants at border control places. It seems it would be within the mandate of the IOM. The European Council of Refugees and Exiles is a pan-European network of refugeeassisting non-governmental organisations. ECRE is concerned with the needs of all individuals who seek refuge and protection within Europe. Its objective is to promote the protection and integration of refugees in Europe based on the values of human dignity, human rights, and an ethic of solidarity. ECRE is an umbrella organisation of 76 refugee-assisting agencies in 30 countries working toward fair and humane policies for the treatment of asylum seekers and refugees. ECRE seeks to achieve its objective by: – Advocating a humane and generous European asylum policy and by promoting the development of a comprehensive and coherent response by the international community to refugee movements. – Strengthening networking between refugee-assisting non-governmental organisations in Europe. 43 http://www.iom.int/en/who/main_mission.shtml. 44 http://www.iom.int/en/who/main_members.shtml. 45 http://www.iom.int/en/who/main_mission.shtml. These site and those related above were accessed on 31 October 2005.

Post-11 September Protection of Individuals

–

Developing the institutional capacity of refugee-assisting non-governmental organisations in Europe.46

The role of ECRE can be particularised to provide protection for asylum seekers, refugees and exiles in border crossing places without watering down of its general role. At the national level, the organisations affiliated or working with the IOM and ECRE could have protection duties within the territory of the Member States. For example in Norway the two organisations affiliated to the ECRE are the Norwegian Organisation for Asylum Seekers (NOAS) and the Norwegian Refugee Council. These could take the role of group protection of asylum seekers and refugees as well as immigrants in general. Another model could be to make use of data protection ombudsman especially as data protection is concerned. The concept of ombudsman is not new in public or private administration. The ombudsman is an official charged with representing the interests of the public by investigating and addressing complaints addressed by individual citizens. Currently, the data protection authorities act as ombudsmen for they receive, investigate and act on complaints from individuals. But, as pointed out and many data protection officials confirm, the data protection authorities’ mandate is wide and budget and personnel constraints do not give them enough time for individual complaints. The establishment of the office of data protection ombudsman could alleviate the problems. The task of the ombudsman would be to impart legal knowledge and information and give guidance and assistance in the processing of personal data. His or her task would be especially to ensure the respect of individual rights in the processing of personal data. In the circumstances, data protection authorities would be charged with control and supervision of the implementation of data protection law only. The creation of the office of ombudsman should enhance transparency and proportionality in data protection. In the Netherlands, the office of a data protection ombudsman has been established by law especially in police work. There is an ombudsman in all police districts. The ombudsman has many tasks and serves all personnel. In addition, he or she receives requests of access from the public.47 Such Dutch model could also be used for a data protection ombudsman in the general data protection sphere and also in specialised areas. For example, as indicated in Chapter 11, there is a need for sending out data protection liaison officers into foreign countries where currently immigration liaison officers have been posted. Such data protection liaison officers would be part of the office of data protection ombudsman. As indicated earlier also, this would ensure proportionality in control work as individuals in these foreign countries would have somebody in the vicinity to address their complaints. Currently, the practice is to address complaints to the controllers who can either act upon or refer the problem to others who may be in the host country. As can be expected, the controller has not the best 46 http://www.ecre.org/about/mission_statement.shtml. Accessed on 31 October 2005. 47 Minutes from a study tour at the Dutch data protection authority: theme – data protection ombudsman in police sector by Norwegian data protection authority and police delegation on 29 May 2001. (Refrat fra studiebesøk ved det nederlandiske datatilsynet – Tema: personvernombud I politisektoren).

415

416

Chapter 12

interests of the controlled at heart. It would be, therefore, preferable if an independent person were to handle the complaint. Another model is provided by the data protection Regulation (EC) No 45/2001.48 The Regulation establishes the office of Data Protection Officer in each Community institution or body. The role of the data protection officers is to ensure the application of the regulation and that the rights and freedom of data subjects are not likely to be adversely affected by the processing operations. The objective is to have the presence of data protection officers where data processing takes place. If the task of monitoring the application of the regulation and that the implementation of rights and freedoms of data subject was left solely to the European Data Protection Supervisor, the work would be overwhelming and effectiveness would be compromised. 12.5

Data Protection as a Human Right

Since the advent of data protection laws, data protection at the international level has mainly been regulated by special data protection laws. On the other hand, in most countries worldwide, data protection is enshrined at the national level in either the national human rights law, the constitution or the national data protection law.49 That notwithstanding, discussion has ranged whether data protection is a human right. The discourse has been encouraged because until recently, with the enactment of the European Charter of Fundamental Rights and Freedoms, no international human right legislation contained a provision on the right to protection of personal data. The main international and regional human rights laws such as the United Nation Universal Declaration of Human Rights, United Nations International Convention on Civil and Political Rights, European Convention for the Protection of Human Rights and Fundamental Freedoms and others50 do not contain provisions on data protection rights. Instead they have privacy protection clauses which have been interpreted by the UN Human Rights Committee (in case of UN legislation) and the European Court for Human Rights (in case of ECHR) to protect personal data also. Consequently, as the discussion in Chapter 4 indicated, there is now no doubt that data protection is a human right. Despite the clear statement on data protection from the two most important judicial bodies, the lack of a categorical clause in the human rights law that protects personal data is no longer tenable. Consequently, the inclusion of such a provision in the EU Charter is a very welcome development. Instead of arguing for the right of protection of personal data from the point of view of privacy, it would be necessary to incorporate a separate data protection right in the human rights legislation. The objective of such a 48 See Article 24 of Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data. 49 Privacy International: Privacy and Human Rights 2003 and 2004 – An International Survey of Privacy Laws and Developments, see country reports. 50 See also, American Convention on Human Rights and African Charter on Human and Peoples’ Rights. The latter do not even contain a privacy protection clause.

Post-11 September Protection of Individuals

move would be to make the right to data protection more visible in the human rights instruments. It would also make it easier for individuals to invoke the data protection remedy rather than the amorphous privacy remedies. In an extreme case, this may also call for institutional changes. It may be necessary to create special data protection courts and appoint judges with data protection expertise. Such changes may, however, seem untenable because the Human Rights Committee, ECtHR and the ECJ have demonstrated that they are apt to the task by their case law. In its first two cases on data protection, the Rechnungshof case May 2003 and Lindqvist case November 2003, the ECJ has applied and interpreted the EU Directive, an indication that the Court and the judges are competent in data protection matters. In case it becomes necessary to amend the ICCPR and ECHR to include a data protection right, then the path to take is one of adoption of new protocols. The UN ICCPR uses optional protocols to achieve this objective. So far two optional protocols have been adopted. The first optional protocol was to enable the Human Rights Committee to receive and consider communications from individuals claiming to be victims of violations of any of the rights set forth in the Covenant.51 The second optional protocol aims at the abolition of the death penalty.52 The objective of the optional protocols is to further achieve the purposes of the covenant on ICCPR and the implementation of its provisions.53 The ECHR also uses protocols to add to Convention provisions. Currently, 14 Protocols have been adopted touching on various matters from education, free movement enjoyment of personal property, institutional arrangements, death penalty, nondiscrimination and so forth. It can be argued that the inclusion of the right to protection of personal data is not necessary as the decisions of the Committee and the Court make the right realisable. But the inclusion of a data protection right in the human rights law would give legislative effect to the decisions. In addition, it would make the right more visible. Lately, there is an increase in the use of technology for security and control purposes and the case law on data protection is bound to increase as many more complaints are brought before the ECtHR.54 It would be more convenient for complainants to invoke the right to protection of personal data directly without having to base their action on privacy or private life right. Although there is a Council of Europe Convention on data protection, a complainant cannot invoke the provisions of the Convention directly in the ECtHR as 51

Optional Protocol to International Covenant on Civil and Political Rights, New York 16 December 1966. 52 Second Optional Protocol to International Covenant on Civil and Political Rights, aiming at the abolition of death penalty, New York 15 December 1989. 53 See, Preamble the Optional Protocol to International Covenant on Civil and Political Rights, New York 16 December 1966. 54 The ECtHR is established under the ECHR and therefore cannot acquire jurisdiction and competence over matters outside the Convention provisions. Perhaps it could be conferred competence and jurisdiction through adoption of a protocol for that purpose. But the preferred approach could be the inclusion of a data protection right in the Convention or protocol.

417

418

Chapter 12

the latter do not have jurisdiction and competence. Instead the Court can only refer to the data protection Convention in its decisions that are based on the right of privacy. As regards UN laws, there is no binding law on data protection like the Council of Europe Convention on data protection.55 Inclusion of a data protection within the binding ICCPR would greatly improve the status of data protection within UN legal framework. From the foregoing, data protection right has come to be and it would enhance data protection if the right was given legislative effect in the main international human rights laws. The inclusion of data protection rights would not be by any means superfluous. Instead, it would supplement the privacy right just as the Protocol 12 on non-discrimination supplements Article 14 of the ECHR.56 The aim of the Protocol was to extend the non-discrimination protection to include general discrimination as protected in other laws and not to limit it to the provisions of the convention as Article 14 did. A data protection right would similarly extend privacy remedies by incorporating data protection remedies. 12.6

Future Research

In lieu of a conclusion, there is a need to postulate the direction of future research as the issues discussed here are still in the process of implementation and legislative development. For example, a framework law that will harmonise data protection in police and border control co-operation has been long overdue. The 2005 proposal for the Council Framework Decision could, however, fill the void when adopted. It will, nevertheless, complicate data protection as it is a third pillar legislation. Protection of personal data in police and border control co-operation will continue to be confusing as it spans two legal bases. On a positive note, the different levels of protection may be a thing of the past as the Framework Decision enjoys the same level of data protection as the EU Directive 95/46. In addition, the Framework Decision may have recognised the existence of the new epoch in the development of data protection laws which started with the 11 September terrorist attacks and which require new data protection solutions. As this study draws to an end, it heralds a new beginning. It has recorded the events and developments of the past and emerging epochs but leaves the analysis of the new epoch and especially the emerging data protection laws in the police and border control co-operation to future research. Whether the Framework Decision has taken into consideration the recommendations in this study and this chapter in particular, is not going to be analysed here; that task is left to future researchers. In the following postscript, the main changes brought by SIS II legislative proposals are discussed in relation to the findings and recommendations in this chapter. The analysis and evaluation of the final SIS II legislation, however, is also a task for future research projects.

55 The UN Guidelines Concerning Computerised Data Files – 1990 are not binding. 56 Protocol No. 12 to the Convention for Protection of Human Rights and Fundamental Freedoms, CETS No.: 177.

Postscript

In this study reference has been made to the establishment of Schengen Information System II (SIS II). But what has been lacking was SIS II legislation. As such, most of what has been said about SIS II has been based on conjecture or non-authoritative documents. The study has therefore limited itself to analysis of the current SIS law. On 31 May 2005, however, the situation changed with the issue of SIS II proposal legislation by the Commission. The legislation has three proposals: – The first is a Regulation based on Title IV of the Treaty establishing the European Community (TEC), on the establishment, operation and use of the second generation Schengen Information System (SIS II). – The second is a Decision based on Title VI of the Treaty on the European Union (TEU), on the establishment, operation and use of the second generation Schengen Information System (SIS II). – The third proposal is a Regulation based on Title V TEC (Transport) regarding the specific issue of access to the SIS II by the authorities and services in the Member States responsible for issuing registration certificates for vehicle. The first Regulation and the Decision lay down provisions on the architecture, financing, responsibilities and general data processing and data protection rules for the SIS II. Apart from these common rules, the Decision contains specific provisions regarding the processing of SIS II data for supporting police and judicial co-operation in criminal matters, while the Regulation rules on the processing of SIS II data supporting the implementation of policies linked to the movement of persons, part of the Schengen   

Proposal for a Regulation of the European Parliament and of the Council on the establishment, operation and use of the second generation Schengen Information System (SIS II), COM(2005) 236 final, 31 May 2005. Proposal for a Council Decision on the establishment, operation and use of the second generation Schengen Information System (SIS II), COM(2005) 230 final, 31 May 2005. Proposal for a Regulation of the European Parliament and of the Council regarding access to the Second Generation Schengen Information System (SIS II) by the services in the Member States responsible for issuing vehicle registration certificates, COM(2005)237 final, 31 May 2005.

420

Postscript

Acquis, external borders and visa. The purpose of the third Regulation is to guarantee that the services responsible for issuing registration certificates for vehicles shall have access to the same SIS data under the new legal framework for SIS II as they will have when the 2003 proposed Regulation enters into force. These legal instruments are meant to be adopted in due time for allowing the necessary preparations to the new system and, in particular, the migration from the current system to the SIS II. The effect of the proposals is to repeal and replace the current SIS law which is based on the Schengen Convention Articles 92 – 119 and the Decisions and Declarations of the Schengen Executive Committee which related to the SIS. Further the Regulation and the Decision will also repeal Regulation (EC) No 378/2004 of 19 February 2004 on procedures for amending the SIRENE Manual. At first, the knowledge of the proposal legislation raised concerns that the proposals would render the study out of date. After a careful consideration, however, it was relieving to realise that the changes are but a continuation and progression of the study as they are anticipated in its body. In addition, since this work has tried to evaluate the current SIS rules and their compliance to human rights and data protection rules, it was necessary that such evaluation should be seen in light of the future developments of SIS II. The issuance of the proposals provided an opportune moment to look ahead beyond the current SIS law and examine whether the new law takes into consideration the issues raised in the study. This postscript examines the main changes brought about by the legislative proposals and compares them to the current SIS rules to determine whether they strengthen or weaken the Schengen data processing and data protection rules. The changes are not examined in detail here but one can find such an examination in an article written by this author. In addition, the Schengen Joint Supervisory Authority (JSA) and the European Data Protection Supervisor (EDPS)10 have each issued an opinion on the SIS II legislative proposals. Their views agree in many instances with this postscript though the latter was written without reference to the two. The opinions and the postscript, however, are each unique in their emphasis.11

 

COM(2005) 236 final, p. 4 and COM(2005) 230 final, p. 4. COM(2003) 510 final – 2003/0198; Text will be revised in case the Proposal from August 2003 is adopted.  COM(2005) 236 final, p. 4; also Article 36 and COM(2005) 230 final, p. ; also Article 62.  OJ L 64, 2 March 2004, p. 5 & 45 respectively; See also Articles 63 of the Decision and 37 of the Regulation.  Karanja, S. K. (2005), pp. 81-103.  Schengen JSA: Opinion on the Proposed Legal Basis for SIS II. http://www.statewatch.org/ news/2005/oct/JSA-SIS.pdf. 10 EDPS – Opinion of the European Data Protection Supervisor. http://www.edps.eu.int/legislation/Opinions_A/05-10-19_Opinion_SISII_EN.pdf. 11 Another work worth mention and issued after the writing of the postscript is the House of Lords, European Union Committee 9th Report of Session 2006-07: Schengen Information System II (SIS II). HL Paper 49.

Postscript

The changes highlighted in this postscript can be categorised under the following subject areas: – Legal basis, – Supervision – New data categories – New functions – Data protection – Individual participation. As noted in Chapter 2, the SIS has a dual legal base, but it was not located to its appropriate legal base. Instead it was left in the Third Pillar. The new legislation has cured this anomaly and allocates the SIS its appropriate legal basis. Under the Amsterdam Treaty, the legal basis of the Schengen Acquis was divided between the First Pillar and the Third Pillar. Council Decision 1999/436/EC of 20 May 199912 determined the legal basis in the Treaties for each of the provisions or decisions of the Schengen Acquis but the Council did not reach a decision on the provisions regarding the SIS. Despite the SIS acquiring a dual legal base with the transfer of matters concerning immigration and border crossing to the First Pillar, the provisions of the SIS were regarded as acts based on Title VI TEU of the Third Pillar. The SIS II law therefore allocates the SIS its appropriate legal basis in the Treaties as required by Article 5(1) of the Schengen Protocol annexed to the Amsterdam Treaty. The two instruments, the Regulation and the Decision, reflect the dual nature of the Schengen Acquis. The Regulation has its legal basis in Title IV TEC, which deals with visa, asylum, immigration and other policies related to the movement of persons. While the Decision has its legal basis in Title VI TEU concerned with police and judicial co-operation in criminal matters, the legal basis of the second Regulation proposal is Article 71(1) (d) TEC.13 The choice for the legal basis signifies that access to the SIS by vehicle registration services has a basis in the EC Treaty.14 The Regulation replaces Article 102a of the Schengen Convention. Although the SIS II proposed legislation makes clear the legal basis of different aspects of the SIS, it falls short of what many Schengen commentators have advocated for, namely the transfer of the entire Schengen Acquis to the First Pillar. The dual legal basis of the SIS means that there continue to be two levels of data protection as demonstrated in this study. This is pitiable for data protection. But on a positive note, the incorporation of the SIRENE in these instruments means that the SIRENE now has a proper and certain legal basis within the Treaties. Another major change is that concerning the supervision of the SIS. The supervision at Community level (that is, processing of data by the Commission) will be carried out by the European Data Protection Supervisor. The EDPS replaces the Schengen Joint Supervisory Authority for both the proposed Regulation and the proposed Decision. The requirement for the EDPS to monitor data processing within the framework of the 12 OJ L 176, 10 July 1999, p. 17. 13 COM(2005)237 final 2005/01404 (COD) p. 3. 14 Ibid. p. 5.

421

422

Postscript

proposed Decision is surprising since the Decision is a Third Pillar instrument. The change, however, is welcome as it will improve data protection and monitoring in the Third Pillar too because the EDPS has better-defined monitoring powers than the joint supervisory authority. Supervision of the lawful access to and further processing of SIS II personal data by Europol and Eurojust, however, will not be done by the EDPS. The supervisory authorities established by the Europol Convention and the Decision establishing the Eurojust are to monitor the access to and further processing of personal data in SIS II by these bodies. Although this may seem logical, it may complicate supervisory work at the Community level because the different supervisory bodies monitoring data processing have diverging powers. In addition, the SIS II proposal legislation is not clear as regards joint supervision as provided in the current SIS law. The co-operation requirement between national supervisory authorities and the EDPS does not seem to be enough. The proposed legislation should clearly state the nature of the co-operation. SIS II will allow entry of new categories of data, that is, data which are not allowed in the current SIS. The main change is the inclusion of data on photographs, fingerprints and links between alerts among the compulsory data to be entered in SIS II. Inclusion of these data will transform the SIS II into an investigative tool rather than a ‘hit’ search database as it is at present. Personal data is entered in the SIS if an alert on the person concerned is registered in the system. This will also apply to data entered in the SIS II. The old alerts issued under the current SIS law have been retained in the SIS II legislation. But two of the alerts have also been revised. Another difference is that the alerts have been allocated different legal bases. The alerts concerning judicial and criminal co-operation have been allocated to the Decision. The alerts concerning immigration and border entry are allocated to the Regulation. New data will also be recorded in SIS II because the decision allows additional data on alerts in respect of persons wanted for arrest and surrender or extradition to be entered in the SIS II. Additional data on persons wanted for arrest and surrender are the data referred to in Article 8(1) of Framework Decision 2002/584/JHA and a copy of the original of the European Arrest Warrant (EAW), Article 16. The data from the European Arrest Warrant will therefore form part of additional data to be entered in the SIS II. The requirement for registration of additional data will increase the amount of personal data to be entered into and exchanged through SIS II. The SIS II will contain much more personal information than the current SIS. SIS II is also to be used to implement the EAW. Both the Decision, Article 44 and the Regulation, Article 25 permit registration in the SIS II additional data for identification purpose where confusion may arise between the person actually intended by an alert and a person whose identity has been misused. The data are to be added in order to avoid the negative consequences of misidentification. The requirement is a response to the opinion by the Schengen Joint Supervisory Authority which had recommended a solution be found regarding individuals whose identity has been usurped.15 The legislation requires that such information be added into the SIS II with that individual’s explicit consent. The information is to be used only for purposes of differentiating the individual whose identity has been misused from 15

JSA Opinion 98/2 on entering an alert in the Schengen Information system on Individuals whose identity has been usurped (SCH/AUT-CONT (97) 42 REV 2).

Postscript

the person actually intended by the alert and to allow the individual whose identity has been misused to prove his identity and to establish that his identity has been misused. This inclusion is welcome as it may reduce the risk of a person who is a victim of stolen identity from being identified as the wrongdoer as in the current SIS. Originally, the SIS law only allowed access to data to police and border control authorities. Access was, however, expanded by amendments to the Schengen Convention to allow access to SIS data by Europol, Eurojust and judicial authorities (will be granted access to all SIS data according to the relevant provisions of the 2004 Regulation16 and the 2005 Decision,17 from 13 June 2005). In addition, Member States’ vehicle registration services will have access to stolen vehicle data in the SIS from December 2005. The SIS II proposed legislation extends access to SIS II data to new authorities. The proposed new Regulation on immigration data is to extend access to asylum and expulsion authorities. Asylum authorities are granted access for the purposes of determining the Member State which has responsibility for asylum applications on the grounds of an illegal stay, Article 18(2) and to take decisions on asylum claim, on grounds that a person is a threat to public order or internal security, Article 18(3). The expulsion authorities are granted access for the purpose of identifying third country nationals staying illegally in the territory so as to enforce a return decision or removal order, Article 18(1). The police will no longer have access to immigration data according to Article 17. This is a welcome exclusion. The extension of access to new authorities, however, is not positive as it increases the number of persons who have access to the SIS II data and will require adequate safeguards to be implemented. The current SIS law does not allow sharing of personal data with third parties. The proposed Decision in Article 48 however opens the possibility of transfer of personal data to third parties. It allows transfer of personal data processed in the SIS II to a third country or to an international organisation where there is an explicit provision for this in EU law. It also allows transfer of the SIS II personal data to third countries or international organisations within the framework of European Agreement in the field of police or judicial co-operation guaranteeing an adequate level of protection of the transferred personal data and with the consent of the Member States that entered the data in the SIS II. This is a clear signal that European countries are willing to exchange personal data for police and judicial co-operation purposes with non-European countries. A good example is the exchange of personal information in the framework of communication of Passenger Names Records (PNR) with the US18 and other countries such as Canada and Australia. There are important changes in data protection rules in the SIS proposed legislation, which differ with the current SIS law. Some changes are general and others are specific, 16 Regulation 871/2004 amending Schengen SIS rules for immigration data, OJ 2004 L 162. 17 Decision 2005/811 amending Schengen SIS rules for policing and criminal law data, OJ 2005 L 68. 18 Council Decision 2004/496 on the conclusion of an Agreement between the European Community and the United States of America on the processing and transfer of PNR data by Air Carriers to the United States Department of Homeland Security, Bureau of Customs and Border Protection, O.J L 183 of 20 May 2004, p. 83.

423

424

Postscript

that is affecting specific data protection principles. The allocation of the SIS II to different pillars means that there are two sets of general data protection laws protecting personal data in the SIS II. Under the First Pillar which is governed by the proposed Regulation, the applicable laws are the EU Directive 95/46 (as regards the national application of SIS II) and the EC Regulation 45/2001, which set similar rules governing data protection as regards data processed by the EU institutions including the role for European Data Protection Supervisor.19 Under the Third Pillar, which is regulated by the proposed Decision, the main data law applicable is the Council of European Convention of 28 January 1981. The application of two different sets of general data protection laws implies that there will be two levels of protection of personal data, one lower (Third Pillar) and the other higher (First Pillar). This is different from the current situation where all personal data in the SIS are protected under Third Pillar (lower level) law. The proposal legislation has also introduced changes in individual rights. Article 28 of the proposed Regulation and Article 50 of the proposed Decision introduce a new right of information, which is not found in the current Schengen Convention. The right requires that an individual whose data are processed in the SIS II in application of the Regulation and the Decision is informed of: – The identity of the controller; – The purposes for processing data; – The potential recipients of the data; – The reasons for issuing of the alert; – The existence of the right of data access and rectification. The right is a welcome improvement. The requirement to be informed of the identity of the controller is especially important because it means that the data subject is to be informed as to which Member State issued the alert. In the current Schengen Convention, it is difficult for a data subject to know which Member States issued an alert. The right to information, however, is weak as it does not include the obligation to inform individuals about the national or EU supervisory authorities, the right of erasure of data, or the mechanisms of making a challenge, including relevant remedies.20 It is also not clear whether the obligation to inform is to be carried out prior to registration (especially when the decision is made) or after registration of the alert or when the alert is used to make a decision. In addition, it is not explicit whether the right to inform is to be exercised at the initiative of the controller or at the request of the data subjects. The right to information under the proposed Regulation is not subject to any exception which is a positive development. The proposed Decision, however, incorporates exceptions. The communication of the information stipulated above is to be refused if this is indispensable for the performance of a lawful task in connection with the data entered in the SIS II or for protecting the rights and freedoms of the individual concerned or of third parties. It is also to be refused during the period of validity of an alert for the purpose of discreet surveillance. The exceptions may render the exercise of the right difficult. 19 Peers, S. (June 2005), p. 6. 20 Ibid. p. 8

Postscript

The right of access, rectification and erasure is provided for in Article 29 of the proposed Regulation and Article 51 of the proposed Decision. It entails the right of individuals to have access to, and to obtain the rectification or erasure of their personal data processed in the SIS II. The right is to be exercised in accordance with the law of the Member State before which that is invoked. The fact that the right can be exercised by a data subject in the territory of any Member State gives the person the freedom to shop around as in the current Schengen Convention right of access. When exercised in a Member State that did not issue the alert, the issuing Member State will be given an opportunity to state its position before the concerned Member State communicates to the individual requesting access. The provisions require the personal data to be communicated to the individual requesting access as soon as possible with a time limit of 60 days from the date of the request of access. The individual is also to be informed of the follow-up to the exercise of the right as soon as possible but not later than six months after the request. These requirements are new as they are not found in the current SIS law. They are also positive and desirable. The proposed Regulation right of access, rectification and erasure does not contain exceptions. This too is new and positive. The proposed Decision right, however, incorporates an exception similar to the one in the current SIS law, Article 109(2) of the Schengen Convention. According to the exception, the communication of the information stipulated above is to be refused if this is indispensable for the performance of a lawful task in connection with the data entered in the SIS II or for protecting the rights and freedoms of the individual concerned or of third parties. It is also to be refused during the period of validity of an alert for the purpose of discreet surveillance. The exception could render the exercise of the right difficult. The ambiguity found in the exercise of the right to access in the current Schengen Convention will be perpetuated here too.21 A right to remedies is also provided under Article 30 of the proposed Regulation and Article 52 of the proposed Decision. The right, which is limited to a person in the territory of any Member State, entitles him to bring an action or a complaint before courts of that Member State in case of refusal of the right of access to or the right to rectify or erase data relating to him or the right to obtain information or reparation in connection with the processing of his personal data contrary to SIS II law. This right is weaker than the one found in the current SIS law, Article 111 of the Schengen Convention. It omits reference to the administrative recourse offered by the Schengen Convention. It also drops the reference to the mutual undertaking to enforce final decisions taken by the courts and administrative bodies. The geographical limitation of the right to remedy also weakens the right because in most cases, especially as regards the proposed Regulation, the people affected may be outside the Member States’ jurisdictions. The foregoing analysis of changes brought about by SIS II proposed legislation indicates clear strengths and weaknesses of the proposed law. The following text comments on the changes that have direct relevance to the findings in Chapter 12 indicating their 21 See 8.3.2.3.

425

426

Postscript

strengths and weaknesses as regards protection of personal data and individual protection in general. The impact of the changes on the findings is also assessed. As regards the legal basis of the SIS II, the proposed Regulation is a welcome improvement to the current SIS law as it creates a new legal basis, in the First Pillar, for immigration data. Data protection in the First Pillar is considered to be a higher level of protection than in the Third Pillar on which data protection of the current SIS is based. SIS II judicial and criminal data in the proposed Decision, however, is still under the Third Pillar legal basis. As such, the SIS II has a dual legal basis which might complicate personal data protection and protection of individuals. Dual legal basis requires a distinction between immigration and judicial and criminal data in the application of SIS II legislation. It also means that one will have to address himself or herself to two sets of laws. SIS commentators and this study have argued for the transfer of the entire Schengen Acquis to the First Pillar. The current changes fall short of this concern. Both the proposed Regulation and the proposed Decision have the European Data Protection Supervisor as the new supervisory authority at the Community level. This is a good improvement as the EDPS powers are clearly defined and adequate as opposed to the Schengen Joint Supervisory Authority whose powers and budget are limited. This improvement is, however, still short of what is recommended in the findings. Again the mandate of the EDPS is broad and will not be able to address individual data protection as it will be mainly concerned with monitoring the application of the SIS II legislation. Individual complaints may not get adequate attention. Even with this improvement, the call for an ombudsman and non-governmental agencies for group protection is still relevant. The new right of information is a clear improvement as the current SIS law does not contain such a right. Especially, it is positive that the right requires giving reasons for issuing of the alerts to the person concerned. The right, however, has some weakness as indicated above. As regards the findings, it does not fully satisfy the recommendations for the principle of individual notification and the principle for reasons in the findings. Lack of specification of when the notification is to occur and whether it will be at the initiative of the controller or at the request of the data subject makes the right less useful for a data subject. What the data subject wants to know is when personal data about him or her are being or have been processed by the controller and when a decision has been taken by the authority concerned to enter the data in SIS II. The right should specify when and the mode of exercise of the right. It should be clear when the information is to be communicated to the data subject and on whose initiative: data controllers’ or data subjects’. A clear weakness of the changes is the omission of reference to the prohibition on processing of sensitive data in the current SIS law. Since data protection laws do not incorporate a non-discrimination principle, the ban against processing of sensitive data revealing racial origin, political opinions or religious or other beliefs, as well as personal data concerning health or sexual life is the closest they come on non-discrimination prohibition. Now that this remote ban is removed, it means that data processing can go on without attention to the principle of non-discrimination. Inclusion of biometric data is without adequate safeguards. Especially, there is no clear justification of inclusion of biometric data as alternative identification methods

Postscript

would suffice. The linkage of alerts would also require adequate safeguards, which are lacking in the legislative proposals. The SIS II proposed legislation has no provisions which can be interpreted as a requirement for legal information and requirement for guidance and assistance. As such the proposed laws do not address the concern raised in the findings regarding the principle for legal information and the principle for guidance and assistance. In conclusion, there is no doubt that the SIS II proposed legislation has some positive improvements on the current SIS law; at the same time, some provisions are weaker than the current law. It is especially disturbing that the proposed law should be weaker than the current law. This is a clear lowering of the protection standard. The least that was expected is an improvement over the current law but not a movement in the opposite direction. The improvements proposed by the new laws do not fully satisfy the recommendation in the findings. Some of the recommendations are also not addressed at all. As such, the SIS II proposed laws fall below the threshold of improvements set out in this study. The relevance of the study is, therefore, not undermined by the proposed legislation.

427

Selected Bibliography

A

Books and Journal and Internet Articles

Agre, P. E. & Rotenberg, M (Eds.). (1998). Technology and privacy: The new landscape. London: The MIT Press. Ahnfelt, E. & From, J. (1996). Politsamarbeid og europeisk integrasjon- fremveksten av justis- og innenrikssamarbeid i EU, Europol og Schengen. Oslo: Ad notam Gyldendal. Alkema, E. A. Privacy Under the European Convention on Human Rights. http://www.privacyexchange.org/iss/confpapers/montreal.html last accessed on 14 March 2005. Alston, P. & Weiler, J. H. H. (1999). An ‘ever closer Union’ in need of a human rights policy: the European union and human rights. European Journal of International Law 9(1998), 658-725 http://www.ejil.org/journal/Vol9/No4/art3.html last accessed 12 March 2007. Alston, P. (Ed.). (1999) The EU and human rights. Oxford: Oxford University Press. Anderson, M., & den Boer, M. (Eds.) (1994). Policing across national boundaries. London: Pinter. Anderson, M. et al (Eds). (1995). Policing the European Union: Theory, law, and Practice. Oxford: Clarendon Press. An-Na’im, A., (1998). The Universal Declaration as a living and evolving ‘common standard of achievement’. In Heijden, B. V. D. & Tahzib-Lie, B. (Eds.), Reflections on the Universal Declaration of Human Rights: A fiftieth anniversary anthology. The Hague/Boston/London: Martinus Nijhoff. Arai, Y. (1998). The margin of appreciation doctrine in the jurisprudence of article 8 of the European Convention on Human Rights. Netherlands Quarterly of Human Rights, 16/1, 4161. Arai-Takahashi, Y. (2002). The margin of appreciation doctrine and the principle of proportionality in the jurisprudence of ECHR. Antwerp: Interentia. Arnesen, F. (1992). Introduksjon til rettskildelæren i EF, 2. utgave, Oslo: Universitetsforlaget. Ashbourn, J. (January 2005). The social implications of the wide scale implementation of biometric and related technologies: Background paper for the Institute of prospective Technological Studies, DG JRC – Sevilla, European Commission. European Communities. Available at http://cybersecurity.jrc.es/pages/ProjectlibestudyBiometrics.htm Aus, J. P. (2003). Supranational governance in an “Area of freedom, security and Justice”: Eurodac and the politics of biometric control. SEI Working Paper No 72, SEEI Sussex European Institute. http://www.cas.susx.ac.uk/documents/wp72.pdf last accessed on 15 November 2005

430

Selected Bibliography

Baldwin-Edwards, M. & Hebenton, B. (1994). Will SIS be Europe’s Big Brother? In Anderson, M & den Boer, M (Eds.) Policing across national boundaries: London: Pinter. Banisar, D. (2000). Privacy and human rights 2000. EPIC/PI- 2000. Banks, W. C. & Bowman, M. E. H. M. R. (2001). Articles executive authority for national security surveillance. American Law Review [Vol. 50:1]. Last accessed on 02 January 2002. Beck, U. (1992). Risk society: Toward a new modernity. London: Sage. Bennet, C. J. (1992). Regulating privacy: Data protection and public policy in Europe and the United States. Ithaca and London: Cornell University Press. Benvenisti, E. (1999). Margin of appreciation, consensus, and universal standards. The New York University Journal of International Law and Politics, 31, 843. Berting, J. (Eds). (1990). Human rights in a pluralist world : individuals and collectivities. Roosevelt Study Center publications, 10, New York : Meckler. Betten, L. & Grief, N. (1998). EU law and human rights. London and New York: Longman. Beyani, C. (2000). Human rights Standards and the movement of people within States. Oxford: Oxford University Press. Bier, R. & Monar, J. (Eds). (1995). Justice and Home Affairs in the European Union: Developments in the Third Pillar. Brussels: European Interuniversity Press. Bijleveld, A. W. (1999). The European Migration and Refugee Policy in the Context of Wider, Global Refugee Movements. Cicero Foundation http://www.cicerofoundation.org/p134bijl. html Last accessed on 20.09.2000. Bing, J. & Schartum, W. D. (1995). Public adminstration and information technology: Compendium to the Erasmus Course. Complex 6/95 Instittut for Rettsinformatikk. Oslo: TANO. Bing, J. (1982). Rettslige kommunikasjonsprosesser., Oslo: Universitetsforlaget. Bing, J. (1989) Rettslig informasjonssøking: fra lovsamlingen til lovdata. Oslo: Tano. Blume, P. (1986). EDB-Retlige foredrag, Complex nr. 9/86 Institutt for rettsinformatikk. Oslo: Universitetsforlag. Blume, P. (1992). Schengen og Persondatabeskyttelsen, in Social Kritik 22-23/92. Blume, P. (Ed) (2001). Nordic data protection law. DJØF Publishing Copenhagen. Boe, E. & Sejersted, F. (1999). Schengen og grunnloven. Oslo: Universitetsforlaget. Boeles, P., et al. (2003). Border control and movement of persons: towards effective legal remedies for individuals in Europe. The Standing Committee of Experts on International Immigration, refugee and Criminal law. Utrecht 2003. Borchardt, K. (1994). The ABC of Community law. Luxembourg: European Documentation. Bowman, E. (2000). Everything you need to know about biometrics. Identix Corporation. http:// www.ibia.org/EverythingAboutBiometrics.PDF. Last accessed on 19 October 2004. Brochmann, G. & Hammar, T. (1999). Mechanisms of immigration control : A comparative analysis of European regulation policies. Oxford, New York: Berg. Brownlie, I. (1990). Principles of public international law (4th ed.). Oxford: Clarendon Press. Bruggeman, W. (1995). Europol and the Europol Drugs Unit: their problems and potential for the development; in: Bieber, R. & Monar, J., Justice and home affairs in the European Union. Brussels, European University Press, 1995, 437 (pp. 217 - 230).

Selected Bibliography

Bunyan, T. The war on freedom and democracy: An analysis of the effects on civil liberties and democratic culture in the EU. http://www.statewatch.org/news/2002/sep/analysis13.htm Accessed on 15 June 2005. Busch, N. (1996). Fortress Europe? – CL No. 49, December 1996/January 1997 Busch, N. (1998). Controversial Language Tests for the Determining of Asylum Seekers’ country of Origin. Fortress Europe –CL No. 53 January/February 1998 Busch, N. (1998) Germany: New powers for the border police, Checks anywhere at any time. Fortress Europe?- CL No56. December 1998 Busch, N. (1995) Project for an “Asylum Card” Raises Widespread Concern, Fortress EuropeCircular letter: February 1995 Busch. N. (1997), Schengen data protection authority: No phone number, no secretariat, no powers. Fortress Europe? – CL No. 51. May/June1997 Buttarelli, G. 2004). Remarks in Washington, D.C., Promoting Freedom and Democracy: A European Perspective, May 21, 2004, http://www.epic.org/privacy/intl/buttarelli-052104. html Last accessed 18 July 2005. Bygrave, L. A. (1998). Data protection pursuant to the right to privacy in human rights treaties. International Journal of Law and Information Technology, 6/ 3,247-284. Bygrave, L. A. (2000) Where have all the judges gone? Reflections on judicial involvement in developing data protection law. In Walgren, P. (ed.) (2000). IT och juistubildning. Nordisk årsbok i rättsinformatik: Stockholm: Jure AB. pp. 113-125; also In Privacy Law & Policy Reporter, 7, pp. 11-14, 33-36. Bygrave, L. A. (2002). Data protection law: Approaching its rational, logic and limits. The Hague: Kluwer Law International. Cameron, I. (2000). National security and the European convention on human rights. Uppsala: Iustus Förlag. Campell, D. & Fisher, J. (1994). Data transmission and privacy. Dorddrencht: Martinus Nijhoff. Cate, F. H. (1997) Privacy in the information age. Washington. D.C.: Brookings Institution Press. Cavoukian, A. (2003). National Security in Post-9/11 World: The Rise of Surveillance … the Demise of Privacy, Information and Privacy Commissioner. Ontario. Retrieved November 15, 2005 from http://www.ipc.on.ca/userfiles/page_attachments/nat-sec.pdf Cavoukian, A. (1999). Biometrics and Policing: Comments from a Privacy Perspective. Information and Privacy Commissioner. Ontario August 1999, Last accessed on 11 November 2005. http:// www.ipc.on.ca/userfiles/page_attachments/biometric.pdf. Cavoukian, A. (1999a). Consumer biometrics applications: A discussion paper. Information and Privacy Commissioner, Ontario September 1999. Last accessed on 11 November 2005. http:// www.ipc.on.ca/userfiles/page_attachments/pri-biom.pdf Cavoukian, A. (1999b). Privacy and biometrics. Information and Privacy Commissioner. Ontario. September, 1999 http://www.ipc.on.ca/userfiles/page_attachments/pri-biom.pdf Last accessed on 11 November 2005. Cavoukian, A. (1999c). Privacy as fundamental human right vs. an economic right: An attempt at concillation. Information and Privacy Commissioner. Ontario. September 1999,Last http:// www.ipc.on.ca/userfiles/page_attachments/pr-right.pdf last accessed on 11 November 2005. Cholewinski, R. (2002). Borders and discrimination in the European Union. London: ILPA – Immigration Law Practitioners’ Association. http://www.ilpa.org.uk/ Last accessed on May 20, 2004.

431

432

Selected Bibliography

Clapham, A. (1993). Human rights in the private sphere. Oxford: Clarendon Press. Clarke, R. (December 1994). Human identification in information systems: management challenges and public policy issues. Information Technology & People 7,4, 6-37 http://www.anu. edu.au/people/Roger.clarke/DV/HumanID.html Retrieved on 08.06.00. Clarke, R. Introduction to Dataveillance and Information Privacy, and Definitions of Terms: http://www.anu.edu.au/people/Roger.Clarke/DV/Intro.html#DV accessed on 1 November 2004. Craig, P. & Búrca, G. (1996). EC Law: Text, cases, and materials. Oxford: Clarendon press. Daugman, J. Iris recognition: Enhancing airport security, efficiency and convenience. International Airport Review, pp15-21. http://www.russellpublishing.com/airport/iar30315.pdf accessed on 22 October 2004. de Hert, P. (2005). Biometrics: legal issues and implications. Background paper for the Institute of prospective Technological Studies, DG JRC – Sevilla, European Commission. European Communities. January 2005 http://www.poptel.org.uk/statewatch/news/2005/apr/jrc-biometrics-paul-de-hert.pdf Last accessed on 12 March 2007 de Schutter, B. (2001). International police co-operation and privacy protection. Paper presented during the 21st International Conference on Privacy and Personal Data Protection. Hong Kong: http://www.pco.org.hk/conproceed.html: See also Data protection in area of freedom, security and justice. In (2001) Integral security in Europe, a democratic perspective. Belgium: Collegium No. 22 – XIII, 2001. de Schutter, B. (2003). The processing of data in the police and judicial area and the protection of privacy. http://www.era.int/web/en/resources/5_2341_645_file_en.716.pdf. accessed on 12 August 2005. den Boer, M. (Ed.) (1998). Schengen’s final days? The incorporation of Schengen into the new TEU, external borders and information systems. Maastricht: European Institute of Public Administration. den Boer, M. (Ed.) (2000). Schengen still going strong: evaluation and update: texts in English, French and German. Brusselles: EIPA den Boer, M. (Ed.). (1997). The implementation of Schengen: First the widening, now the deepening. Maastricht: European Institute of Public Administration. den Boer, M. Guggenbühl, A. & Banhoonacker, S. (1998). Coping with flexibility and legitimacy after Amsterdam. Maastricht: European Institute of Public Administration. Donnelly, J. (1991). Universal human rights in theory and practice. Ithaca and London: Cornell University Press. Donner, J. P. H. (1993). Abolition of border controls. In Schermers, H. G., Flinterman, C., Kellermann. A. E., Hersolte, J. V., & Meent, G. A. (Eds.). Free movement of persons in Europe: Legal problems and experiences. Dordrecht/Boston/London: Martinus Nijhoff Publishers. Doublet, D. & Bernet, J. F. (1992). Retten og vitenskapen. Bergen: Alma Mater. Dst 1997:38 Severiges anslutning till Schengensamarbetet. Regeringskansliet utrikesdepartementet. Dumortier, J. (1992) Data protection in the Schengen Convention, Communication at the International Conference ‘Computer and Law’ in Montreal, 30/9 - 3/10/92. Dunker, M. (2004) Don’t Blink: Iris Recognition for Biometric Identification. SANS Institute. http://maverick.giac.org/rr/whitepapers/authentication/1341.php Last accessed on 11 November 2005.

Selected Bibliography

Dworkin, R. (1977). Taking Rights Seriously. London: Duckworth. Eckhoff, T. and Helgesen, J. E. (1997). Rettskildelære. (4. utgave). Oslo: Tano Aschehoug. Edgar, H. (2000). DNA as a forensic Instrument. Columbia Law School. September 22, 2000. El Zein, S. (1999). Interpol’s Role in Protectin Human Rights. International Criminal Police Review – No. 474-475 http://www.interpol.int/Public/Publications/icpr/ICPR4/4_1.asp Retrieved 10 March 2004. El Zein, S. (1999a). Reconciling Data Protection Regulations with the Requirements of Judicial and Police Co-operation. Paper presented during the 21st International Conference on Privacy and Personal Data Protection. Hong Kong. Last accessed on 15 December 2005 from http:// www.pco.org.hk/english/infocentre/files/elzein-paper.doc. Ericson, R. V. & Haggerty, K. D. (1997). Policing the risk society. Oxford: Clarendon Press. Eskeland, S. (1997). Grunnloven og Schengensamarbeidet. Oslo: Gyldendal. Etzion, A. (1999). The limits of privacy. New York: Basic Books. Feely, M. & Simon, J. (1994). Actuaral justice: The emerging new criminal law. In Nelken, D. (Ed.). The future of criminology: London: Sage. Pp. 173-201. Fijnaut, C. & Marx G. T. (eds.) (1995) Undercover police surveillance in comparative perspective. The Hague –London – Boston: Kluwer Law International. Fijnaut, C. (1991) Police co-operation within western Europe. In Hidensohn, F. & Farrell, M. Crime in Europe. London & New York: Routledge. Fijnaut, C., Wouters, J. & Naert, F. (Eds.) (2004) Legal instruments in the fight against international terrorism: a transatlantic dialogue. Leiden: Nijhoff. Flaherty, H. D. (1989) Protecting privacy in surveillance societies. Chapel Hill and London: The University of North Carolina Press. Fleischer, C. A. (1995) Rettskilder. Oslo: At notam Gyldendal. Flynn, L. J. (2003). “Now Digital Spy Camera Technology Widens Gaze” New York Times, 21 April 2003 Fode, H. (1993). Cooperation on law enforcement, criminal justice and leigislation in Europe: Nordic experience. In Schermers, H. G., Flinterman, C., Kellermann. A. E., Hersolte, J. V., & Meent, G. A. (Eds.). Free movement of persons in Europe: Legal problems and experiences. Dordrecht/Boston/London: Martinus Nijhoff Publishers. Fordham, M. & Mare T. (2001). Identifying the principles of proportionality. In Jowell, J. & Cooper, J. (Eds.). Understanding the Human Rights Principles. Oxford and Portland: Hart Publishing. http://www.wcl.american.edu/journal/lawrev/50/banks.pdf. Last accessed on 12 March 2007. Gandy, O.(1993). The panoptic sort: A political economy of personal information. Westview: Boulder Co. Gearty, C. A. (ed.) (1997). European civil liberties and the European Convention on Human Rights: A comparative study. The Hague: Martinus Nijhoff Publishers. Gerard, S. (1992). Terrorism. In Mireille, D. (Ed). The European Convention for the Protection of Human Rights: International Protection versus National Restrictions. Dordrecht: Martinus Nijhoff. Gewirth, A. (1998). The justificatory argument for human rights. In Sterba, P. J. Ethics: The Big Questions., Massachusetts: Blackwell.

433

434

Selected Bibliography

Gomien, D. (1991). Short guide to the European Convention on Human Rights. Strasbourg: Council of Europe. Groenendijk, K. (2004). Reinstatement of controls at the internal borders of Europe: Why and against whom?. European Law Journal, 10 / 2. pp. 150-170. Groenendijk, K.(1999) Long-term immigration and the Council of Europe. The European Journal of Migration and Law, 1/ 3. Gross, O. & Ní Aoláin, F. (2001). From Discretion to Scrutiny: Revisiting the Application of the Margin of Appreciation Doctrine in the Context of Article 15 of the European Convention on Human Rights. Human Rights Quarterly 23 (2001) 625-649. Guild, E. (1999). Adjudicating Schengen: National judicial control in France. European Journal of Migration and Law, 1: 419-439. Guild, E. (2001). Moving the borders of Europe. The inaugural lecture delivered during the official ceremony on the occasion of the assumption of the professorship of the CPO Wisselleerstoel at the University of Nijmegen, the Stichiting Steunfonds Juridisch (Post) Doctoraal Onderwijs. http://www.jur.kun.nl/cmr/articles/oratieEG.pdf. Last accessed on 2 January 2002. Guiraudon, V. (2002). Controlling the EU border by proxy? The delegation of migration control in practice. Paper presented at the 13th International Conference of Europeanists “Rebordering Europe: can the social, economic and geopolitical implications of a common EU immigration policy be reconciled. March 14-16, Chicago. Guiraudon, V. (2003). Enlisting third parties in border control: a comparative study of its causes and consequences. Paper presented at the workshop “Managing International and Interagency Cooperation at the Border”, held in Geneva 13-15 March 2003, organized by the Working Group on Democratic Control of Internal Security Services of the Geneva Centre for Democratic Control of Armed Force. Hailbronner, K. & Thiery C. (1997). Schengen II and Dublin: Responsibility for Asylum Applications in Europe. Common Market Law Review 34: 957-989. Hairston, M. C. (1992). Successful Writing. New York: W.W. Norton & Company. Hayes, B (May 2005). SIS II: fait accompli? Construction of EU’s big brother databases underway. Statewatch Analysis. Hayes, B. (2004 February). From the Schengen information system to SIS II and the Visa information (VIS): the proposals explained. Statewatch Analysis. Hayes, B. (March-April 2004) Killing me softly? Improving access to durable solutions, doublespeak and the dismantling of refugee protection in the EU. Statewatch Analysis: Statewatch bulletin, vol 14 no2. Heard, A. (1997) Human rights: Chimeras in sheep’s clothing? Last accessed on 15 November 2004 http://www.sfu.ca/~aheard/intro.html. Hebenton, B. & Thomas, T. (1995). Policing Europe: Co-operation, conflict and control. London : M St. Martin’s Press. Helset, P. og Stordrange, B. (1998). Norsk statsforfatningsrett. Olso: Ad Notam Gyldendal. Hendriks, A. & Nowak, M. (1993) Western European case-study: The impact of advanced methods of medical treatment on Human Rights. In Weeramantry G. C. The Impact of technology on human rights: Global case-studies. Tokyo: United Nations University Press. Hepple, B. (2004). Race and law in fortress Europe. The Modern Law Review 67/1.

Selected Bibliography

Holvast, J. (1993) “The Netherlands: An open door in a Europe without borders. Fortress EuropeCircular letter: February 1993 http://www.fecl.org/circular/1208.htm accessed on 21 May 2000. Hondius, F. W. (1993). The last frontier: Free movement of persons in greater Europe: The role of the Council of Europe. In Schermers, Henry, G., Flinterman, C. et al (Eds.). Free movement of persons in Europe: Legal problems and experiences. Dordrecht/Boston/London: Martinus Nijhoff. Hurwitz, A. (2000). The ‘Schengen’ practice and case-Law in Belgium. European Journal of Migration and Law 2: 37-48. Jacobsen, M. (1997 15-16 May). On the universality of human rights. Thematic introduction to the workshop on Human Rights and Asian Bvalues at the University of Copenhagen. Retrieved October 4, 2003 from http://nias.ku.dk/nytt/issues/97/2/michael/body.html Janis, M., Kay, R. & Bradely, A. (2000). European Human Rights Law: Text and materials (2nd Ed.). Oxford: Oxford University Press. Jones, H. W.,. Kernochan, J. M. & Murphy, A. W. (1980). Legal Method; Cases and Text Materials. Mineola: The Foundation Press. Joubert, C. & Bevers, H. (1996). Schengen investigated: A comparative interpretation of the Schengen provisions on international police co-operation in the light of the European Convention on Human Rights. The Hague: Kluwer Law International. Justice (2000) The Schengen Information System: A human rights audit. London. ISBN 0 907247 344 (This report was written by Madeleine Colvin & Michael Spencer). Kandnani, A. (2004). Analysis: the war on terror leads to racial profiling, Institute of Race Relations 2004: https://wwirr.org.uk/2004/july/ak000006.heml accessed on 13.07.2004 Karanja, S. K. (1995) The role of legal regulation in the social shaping of new information technologies – The computerised health data card (CHDC) as a case study. (unpublished). http://folk. uio.no/stephenk/prosjekt/thesis.shtml Last accessed on 12 March 2007. Karanja, S. K. (2000) The Schengen co-operation: Consequences for the rights of EU citizens. Mennesker og Rettigheter Nummer 3 2000, Årgang 18 - (No. 3 2000 Vol. 18) p. 215-222. Karanja, S. K. (2001a). Norwegian border control in a Europe without internal frontiers: Implications for data protection and civil liberties. Complex 6/01 Institutt for rettsinformatikk. Unipub forlag, Oslo. Karanja, S. K. (2001b). Crossing the Schengen external border. In Bygrave, L. A. (ed.).Yulex. Oslo: Institutt for rettsinformatikk and Unipub forlag. Karanja, S. K. (2002). ’The Schengen information system in Austria: An essential tool in day to day police and border control work?’, Commentary, The Journal of Information, Law and Technology (JILT) 2002 (1) . Karanja, S. K. (2005) SIS II Legislative Proposals 2005: Gains and Losses! In Krog, G. P. & Bekken, A. G. B. (Eds.) Yulex. Oslo: Institutt for rettsinformatikk and Unipub forlag. pp. 81-103. Karanja, S. K. (2006). The directive on data retention – between privacy and security. Published in Olav Torvund & Kirsti Pettersen (Eds.): Yulex 2006 (ISBN 82-7226-100-6) Senter for rettsinformatikk og Unipub forlag. 2006: 49-63. Korff, D. (2002). EC Study on implementation of data protection directive: Comparative summary of national laws. September 2002 (study contract ETD/2001/B5-3001/A/49).

435

436

Selected Bibliography

Koslowski, R. (2004). International Cooperation on Electronic Advance Passenger Information Transfer and Passport Biometrics. Paper prepared for presentation at the International Studies Association meeting, Montreal March 17-20. Kpenou, C. (1997). Refugees – A challenge for Europe. In den Boer, Monica (Ed.) The implementation of Schengen: First the widening, now the deepening. Maastricht: European Institute of Public Administration. Krank A. C. (1995). Asyl i Europa inom ramen för Schengen- och Dublin -konventionerna. Avhandling för juridiska fakulteten vid Helsingfors universitet. Helsingfors: Untrikesministeriets Publikationer. Kuijper, P. J. (2000). Some legal problems associated with the communitarization of policy on visas, asylum and immigration under the Amsterdam treaty and incorporation of the Schengen acquis. Common Market Law Review 37: 345-366. Lack, B. (1999). Development of facial recognition technologies in CCTV systems. Sourceuk.net, 25 october. www.sourceuk.net/indexf.html?00624 , accessed on 20 April 2004. Lambert H. (2001). The position of aliens in relations to the European convention on human rights. 2nd Ed. Strasbourg: Council of Europe. Larsen, L. B. (1997). Schengen and the Nordic countries: Recent developments. In Boer, Monica (Ed.) The Implementation of Schengen : first the widening, now the deepening. Maastricht: European Institute of Public Administration. Lund-rapporten (1996) Rapport til Stortinget fra kommisjonen som ble nedsatt av Stortinget for å granske påstander om ulovlig overvåking av norske borgere. Dokmentent nr. 15. (1995-96) Jann, T. (1996). Grenseseminar 6 Schengen-samarbeider, Interreg-samarbeidet og praktiske handelshindringer mellom Norge og Sverige 25. - 26. Mars 1996. Voksenåsen Norges nasjonalgave til Sverige. Lyon, D (ed.) (2002b) Surveillance as Social Sorting: Privacy, Risk, and digital Discrimination. London and New York: Routledge. Lyon, D. (1994). The electronic eye: The rise of surveillance society. Cambridge: Polity Press. Lyon, D. (2001). Terrorism and surveillance: Security, freedom, and justice after September 11. A paper given at Privacy Lectures Series http://privacy.openflow.org. Lyon, D. (2002a). Editorial. Surveillance Studies: Understanding visibility, mobility and the phonetic fix. 2002 Surveillance & Society 1(1): 1-7 www.surveillance-and-society.org . Lyon, D. (2004). Identity Cards: social sorting by database, Oxford Internet Institute, Internet Issue Brief no 3. Marinho, C. & Heinonen, M. (1998). Dublin after Schengen: Allocating responsibility for examining asylum applications in practice. Maastricht: EIPASCOPE, EIPA. Marinho, C. (Ed.). (2001). Asylum, immigration and Schengen post-Amsterdam: a first assessment : conference proceedings. Maastricht : EIPA. Mark, G. T. (1988). Undercover police surveillance in America. Berkeley: University of California Press. Massias, F. (1992). Control of aliens. In Mireille D. M. The European convention for the protection of human rights: International protection versus national estrictions. Dordrecht: Martinus Nijhoff Publishers. Mathiesen, T. (1996). Er Schengen noe for Norge? Et bidrag til Europeisk poliforskning. Institutt for Kriminologi, Universitetet i Oslo.

Selected Bibliography

Mathiesen, T. (1997) Schengen: Politisamarbeid, overvåking og rettssikkerhet i Europa. Oslo: Spartacus Forlag. Mathiesen, T.(1999). On globalisation of control: Towards an integrated surveillance system in Europe. London: A Statewatch Publication. Meijboom A.P. & Prins. C. (Eds.). (1991).The law of information technology in Europe 1992. Deventer-Boston: Kluwer Law and Taxation Publishers. Meijers, H., Bolten, J. J., Cruz, A., Steenbergen, J. D. M., Hoogenboom, T., Swart, A. H. J., et al (1992). Schengen: Internationalisation of central chapters of the law in aliens, refugees, privacy, security and the police. 2nd ed. Leiden: Stichting NJCM-Boekrij. Meyer, J. D. (1973). The right to respect for private and family life, home and communication in relations between individuals, and the resulting obligation for states parties to the convention. In Robertson, A. H. Ed. Privacy and human rights. University Press, Manchester. Michael, J. (1994). Privacy and human rights: An international and comparative study, with special developments in information technology. Dartmouth: UNESCO Publishing. Mountfield, H. (2001). The concept of a lawful interference with fundamental rights. In Jowell, J. & Cooper, J. (Eds). (2001). Understanding human rights principles. Oxford and Portland: Hart Publishing. Nanz, K. P. (1995). The Schengen Agreement: Preparing the Free Movement of Persons in the European Union. In Bieber, R. & Monar, J. (Eds). Justice and home affairs in the european union: The development of third pillar. Brussels: European Interuniversity Press. Nikopoulos, G. P. (1998). Security arrangements at the external borders of schengen. A view from Greece. In Monica den Boer (Ed). Schengen’s final days? The incorporation of Schengen into the new TEU, external borders and information systems. Maastricht: European Institute of Public Administration. Nordisk Ministerråd. (1995). Schengen-konventionen och den nordiska passfriheten. København: Tema Nord 1995:582. Norris, C. & Armstrong, G. (1999). The maximum surveillance society: The rise of CCTV: Berg: Oxford. Oberlitner, R. (1998). Schengen und Europol : Kriminalitätsbekämpfung in einem Europa der inneren Sicherheit. Schriftenreihe zum gesamten Europarecht ; Bd. 2. Wien : Manzsche Verlag. O’Leary, S. & Tiilikainen, T. (1998). Citizenship and nationality status in the new Europe. The institute for public policy research. London: Sweet & Maxwell. Olsen, B. K. (1998). Identifikationstenknologi og individbeskyttelese – en øvelse I juridisk teknologivurdering. København: Jurist- og Økonomforbundets Forlag. Opsahl, T. (1973). The Convention and the Right to Respect for Family Life: Particularly as regards the unity of the family and the protection of the rights of parents and guardians in the education of children. In Robertson, A. H. (Ed). Privacy and human rights. Manchester: University Press. Peers, S. (2000). EU justice and home affairs law. Harlow, England: Longman. Peers, S. (June 2005) SIS II proposals: Statewatch Analysis. Petite, M. (1998). The Treaty of Amsterdam. The Jean Monnet Chair, Harvard Law School, Working Papers. Pound, R. (1942). Social control through law. London: New Haven, Yale University Press.

437

438

Selected Bibliography

Raab, C. (1995). European Perspectives on Privacy. Proceedings of the conference on law and information policy for /spatial databases. Orono, ME: National Center for Geographical Information and Analysis (NCGIA). 257-265. Reagan, P. M. (1995) Legislating privacy: Technology, social values, and public policy. Chapel Hill & London: The University of North Carolina Press. Robertson, A. H. (Ed). (1973) Privacy and human rights. Manchester: University Press. Roger C. (2004). Introduction to dataveillance and information privacy, and definitions of terms. http://www.anu.edu.au/people/Roger.Clarke/DV/Intro.html#DV accessed on 01.11.2004 Rule, J. et a.l (1980). The Politics of Privacy: Planning for Personal Data Systems as Powerful Technologies. New York: Elsevier North Holland. Ryssdal, R. (1992). Data protection and the European convention on human rights. in Data Protection, Human Rights and Democratic Values, Proceedings of the 13th Conference of Data Protection Commissioners held 2-4 October in Strasbourg (Strasbourg: CoE, 1992). Sandsund, F. A. (2001). International police cooperation and the role of the Schengen Convention. [S.l.]: University of Exeter. Schartum, D. W. (1993). Rettessikkerhet og systemutvikling i offentlig forvaltning. Oslo: Universitetet Forlaget. Schartum, D. W. (1997). Proportionality control? 11 Int Rev of Law Computers & Technology, 107116. Schartum, D. W. (2002). What should access legislation be like in the future? – possible structures for access legislation. In Bygrave, L. A. (Ed.) Yulex 2002. Oslo: Institutt for rettsinformatikk and Unipub forlag. Schartum, D. W. and Bygrave, L. A. (2004). Personvern i informasjonssamfunnet – En innføring i vern av personopplysninger. Oslo: Fagbøklaget. Schattenberg, B. (1993). The Schengen Information System, privacy and legal protection. In Schermers, H. G., Flinterman, C., Kellermann. A. E., Hersolte, J. V., & Meent, G. A. (Eds.). Free movement of persons in Europe: Legal problems and experiences. Dordrecht/Boston/ London: Martinus Nijhoff Publishers. Schermers, H. G., Flinterman, C., Kellermann. A. E., Hersolte, J. V., & Meent, G. A. (Eds.) (1993). Free movement of persons in Europe: Legal problems and experiences. Dordrecht/Boston/ London: Martinus Nijhoff Publishers. Scott, G. G. (1995). Mind your own business: The battle for personal privacy. New York: Insight Books Plenum Press. Seipel, P. (2001). Sweden. In Blume, P. (Ed.), Saarenpää, A, Schartum, W. D, Seipel, P. Nordic data protection. Copenhagen: DJØF. p. 129. Sheptycki, J.W.E. (1995) Transnational Policing and the Makings of a Post-modern State. British Journal of Criminology, Vol. 35 No. 4 Autumn 1995. London: Oxford University Press. Sieghart, P. (1983). The international law of human rights. Oxford: Clarendon Press. Simitis, S. (1992). New trends in national and international data protection law. In Dumortier, J. Recent developments in data privacy law, Belgium’s data protection bill & the European draft directive. Leuve: University Press. Simitis, S. (1987). Reviewing privacy in an information society. University of Pennsylvania Law Review (vol. 135:707. Simone, V. (1997). Report of High Level Panel on the Free movement of Persons.

Selected Bibliography

Skogly, S. I. (May 2000). From human captital to human rights: The human rights obligations of the World Bank and the International Monetary Fund. Dissertation presented to the University of Oslo, faculty of law for completion of the Degree of Doctor of Law. (Unpublished). Solove, D. J. (2001). Privacy and power: Computer databases and metaphors for information privacy. 53 Stanford Law Review 1393. Spencer, M. (1990). 1992 and all that civil liberties in the balance. London: Civil Liberties Trust. Staples, H. (2000). Adjudicating the Schengen agreements in the Netherlands. European Journal of Migration and Law 2: 49-83. Storbeck, J. (1997). Coordinating the flow of Eropean itellengence: Europol’s acountability mechanism. In den Boer, M. (Ed.). Undercover policing and accountability from an international perspective. Maastricht, the Netherlands/ Pays-Bas: EIPA Svensson-MacCarthy, A. L. (1998). The international law of human rights and states of exception: with special reference to the travaux préparatoires and case-law of the international monitoring organs. The Hague: Martinus Nijoff publishers. Tomkins, A. (1997). Civil Liberties in the Council of Europe: A critical Survey. In Gearty, C.A (Ed.). European civil liberties and the European Convention on Human Rights: A comparative study. The Hague: Martinus Nijhoff Publishers. Torpey, J. (2000). The invention of the passport: Surveillance, citizenship and the state. Cambridge: Cambridge University Press. Torvund, O. (1996). Å studere jus : innføring i privatrett grunnfag. [2. utg., rev. og utvidet]. Oslo: Tano Aschehoug. Townsend, M. & Harris, P. (2003). Security role for traffic cameras. The Observer, 9 February. http: observer.guardian.co.uk/politics/story/0.6903.892001.00.html accessed on 20 April 2004. Tromp, R. (1998). Thre inner workings of SIRENE. In den Boer, M. (Ed.) Schengen’s final days? The incorporation of schengen into the new teu, external borders and information systems. Maastricht: European Institute of Public Administration. Tupman, W. A. (1995). Cross-national criminal databases: The ongoing search for safeguards. Law, Computers and Artificial Intelligence, Vol. 4, No. 3. Url: http://privacy.openflows.org/pdf/lyon_paper.pdf Veijalainen, R. (1998) Security Arrangements at the External Borders of Schengen. A View from Finland. In Boer, M. (Ed.). Schengen’s final days? The incorporation of Schengen into the new TEU, external borders and information systems. Maastricht: European Institute of Public Administration. Velu, J. (1973). The European convention on human rights and the right to respect for private life, the home and communications. In Robertson, A. H. (Ed.). Privacy and human rights. Manchester: University Press. Wagner, E. (1998). The integration of Schengen into the framework of the European Union. LIEI 1998/2. Walsh, D. (2003). The EU charter of fundamental rights: what practical effects? Conference on new human rights legislation. Human Rights Commission and Law Society of Ireland 18 October 2003, p. 13. Ward, I. (1998). An introduction to critical legal theory. London: Cavendish Publishing Limited. Weiler, J.H. H. (1992). Thou shalt not oppress a stranger: On the judicial protection of the human rights of the human rights of non-EC national – a critique. The European Journal of International Law, Vol. 3 (1992) No. 1.

439

440

Selected Bibliography

Westin, A. F. (1967). Privacy and freedom. New York: Atheneum. Widgren, J. The development of a Pan-European regime for entry control, on the basis of the Amsterdam Treaty and in the framework of an enlarged European Union. http://migration. uni-konstanz.de/alt/mpf2/mpf2-widgren.html accessed on 20 May 2003. Williams, G. O. Iris recognition technology – Iridian Technologies, Inc. Youngs, R. (1998). English, French and German comparative law. London: Cavendish Publishing Limited. Yourow, H. C. (1996). The margin of appreciation doctrine in the dynamics of European human rights jurisprudence. The Hague: Kluwer Law International.

B

Government Reports and other Documents

Australia Privacy Committee Special Report: Privacy Issues and the Proposed National Identification Scheme. State of New South Wales, Australia.

Canada The Protection of Personal Information – building Canada’s Information Economy and Society, January 1998. Privacy Commissioner: annual Report 1999-2000.

Ireland The Irish government White Paper on the Amsterdam Treaty.

Norway Datatilysnet: Inspection Report of the Inspection at the UDI (Immigration Directorate) on 1 February 2005. Datatilysnet: Schengen Informasjonssystem Personvern og Sikkerhert. Prosjektrapport, delprosjekt D - 1999. Kripos: Årsrapport 2002. NOU 1997: 19 Et bedre personvern- forslag til lov om behandling av personopplysninger. NOU 1997:15 Etterforskiningmetoder for bekjempelse av kriminalitet. NOU 2005: 19 Lov om DNA-register til bruk i strafferettspleien Nye Kripos: Årsrapport 2004. Ot prp nr 56 (1998-99) Om lov om Schengen informasjonssystem (SIS) of lov om endringer I utlendingsloven og I enkelte andre lover som følge av Schengensamarbeidet. Ot prp nr 92 (1998-99) Om lov om behandling av personopplysninger (personopplysningsloven). Ot. Prp. nr 96 (2000-2001) Om lov om endringer i utlendingsloven.

Selected Bibliography

Politidirektoratet Rapport: Registrering og dokumentasjon i forbindelse med politikontroller. St prp nr 42 (1996-97): Om samtykke til ratifikasjon av samarbeidsavtale av 19 desember 1996 mellom partene i Schengenavtalen og Schengenkonvesjonen, og Island og Norge om avskaffelse av personkontroll på de felles grenser. St. prp. nr. 38 (2000-2001) 1.1. Innlending. Utlendingsdirektoratet årsrapport 2000 om gjennomføringen av innvandrings- og integreringspolitikken.

United Kingdom The LSE Identity Interim Report: an assessment of the UK Identity Cards Bill & its implications, Interim Report, LSE the Department of Information Systems. March 2005. UK Ministry for Home Affairs: Fairer, Faster and Firmer: A Modern Approach to Immigration and Asylum. Cm 4018 http://www.official-document.co.uk/document/cm40/4018/4018.htm accessed on 13 December 1999.

USA Convicted by Juries, Exonerated by Science: Case Studies in the Use of DNA Evidence to Establish Innocence After Trial. U.S department of justice, office of justice programs, national institute of justice. NCJ 161258, June 1996. Electronic Surveillance in a Digital Age – (July 1995 OTA-BP-ITC-149 GPO stock #052-00301418-1). House Select Committee on Homeland Security: America at Risk: The State of Homeland Security – Initial Findings, January 2004. Markle Foundation: Creating a Network for Homeland Security, Second Report of the Markle Foundation Task Force, December 2003. Markle Foundation: Protectin America’s Freedom in the Information Age, A Frist Report of the Markle Foundation Task Force. October 2003. The 9/11 Commission Report: Final Report of the National Commission on Terrorist Attacks Upon the United States. http://www.gpoaccess.gov/911/pdf/fullreport.pdf United States General Accounting Office (GAO): Aviation Security: Challenges in Using Biometric Technologies (Statement of Keith A. Rhodes, Chief Technologist Applied Research and Methods) GAO-04785T. United States General Accounting Office (GAO): Technology Assessment – Using Biometrics for Border Security. (GAO-03-174).

European Union The European Commission Commission Communication on the Charter of Fundamental Rights of the European Union. Brussels, 13.9.2000 COM(2000) 559 final.

441

442

Selected Bibliography

Commission of the European Communities: Communication from the Commission to the Council and the European Parliament – Development of the Schengen Information System II/ Com(2001) 720 final. Communication from the Commission to the Council and the European parliament: The Hague Programme: Ten priorities five the next five years – The partnership for European renewal in the field of Freedom, Security and Justice. 8922/05 JAI 163, 13 May 2005. Communication from the Commission on the Legal Nature of the Charter of Fundamental Rights of the European Union. Brussels, 11.10.2000 COM(2000) 644 final. Communication from the Commission to the Council and the European Parliament - Development of the Schengen Information System II and possible synergies with a future Visa Information System (VIS)/ COM/2003/0771 final Communication from the Commission to the Council and the European Parliament towards integrated management of the external borders of the Member States of the European Union. (COM (2002)233) (7 May 2002). Communication from the Commission to the Council and the Parliament: Biannual update of the scoreboard to review progress on the creation of an area of “freedom, security and justice in the European Union (Second Half of 2000). Brussels, 30.11.2000 COM(2000) 782 final. Communication from the Commission to the Council and the Parliament: On a Community Immigration Policy. Brussels, 22.11.2000 COM(2000) 757 final. Communication from the Commission to the Council and the Parliament: Towards a Common Asylum Procedure and a Uniform Status, Valid throughout the Union, for Persons Granted Asylum, Brussels, 22.11.2000 COM(2000) 755 final Communication from the Commission to the Council and the Parliament: On the Special Measures Concerning the Movement and Residence of Citizens of the Union which are Justified on Grounds of Public Policy, Public Security or Public Health, (Directive 64/221/ EEC). European Commission (1997). Building the European Information Society for us all: Final policy report of the high level expert group, April 1997. Brussels, Belgium. European Commission: Public Sector Information: A Key resource for Europe – Green Paper on Public Sector Information in the Information Society. COM(98)585final, adopted on 20 January 1999.

European Parliament European Parliament Committee on Civil Liberties, Justice and Home Affairs – Draft Report on the proposal for a Council Regulation on standards for security features and biometrics in EU citizens’ passports,. PROVISIONAL 2004/0039(CNS). European Parliament, Directorate-General for Research 1999: Freedom, Security, Justice: An Agenda for Europe – Civil Liberties Series. LIBE 106 EN. Luxembourg. European Parliament, Directorate-General for Research 2000: Asylum in the EU Member States – Civil Liberties Series. LIBE 108 EN. Brussels. European Parliament, Directorate-General for Research – Working Paper: Free Movement of Persons in the European Union – Civil Liberties Series. LIBE 100 EN.

Selected Bibliography

European Parliament: Directorate-General for Research, working document (Consultation version)- An Appraisal of Technologies of Political Control. Luxembourg, 6 January 1998. PE 166 499 . European Parliament: Report (Cappato Report) on the First Report on the implementation of the Data Protection Directive (95/46/EC) (COM(2003) 265-C5-0375/2003/2153(INI)) Final a5-0104/2004. European Parliament: Resolution on Respect for Human Rights in the European Union (1996) A4-0034/98. STOA: Development of surveillance technology and risk of abuse of economic information. Luxembourg, May 1999.

The Council of the European Union Council Decision (1999/436/EC) determining, in conformity with the relevant provisions of the Treaty establishing the European Community and the Treaty on European Union, the legal basis for each of the provisions or decisions which constitutes the Schengen Acquis. OJ L 176/17 10.7.1999. Council Decision 2004/496 on the conclusion of an Agreement between the European Community and the United States of America on the processing and transfer of PNR data by Air Carriers to the United States Department of Homeland Security, Bureau of Customs and Border Protection. OJ L 183 of 20.05.2004. Council Decision Concerning the Conclusions of an Agreement between the European community and the Republic of Iceland and the Kingdom of Norway Concerning the Criteria and Mechanisms for Establishing the State Responsible for Examining a Request for Asylum Lodged in a Member State or Iceland or Norway. (COM(2001) 55 final. Council Directive 2000/43/ of June 2000 implementing the principle of equal treatment between persons irrespective of racial or ethnic origin. OJ 2000 L 180/22. Council Directive 2000/78/EC of 27 November 2000 establishing a general framework for equal treatment in employment and occupation. OJ 2000 L 303/16. Council of the European Union: Council Decision concerning the introduction of some new functions for the Schengen Information System, in particular in the fight against terrorism. 9408/02 LIMITE SIS 39 SCHENGEN 2 COMIX 369, 11 June 2002. Council of the European Union: EU Schengen Catalogue – External borders control, Removal and Readmission: Recommendations and best practices. Volume 1 February 2002, http:// ue.eu.int/jai/schengen/catalogue%20EN.pdf accessed on 05.05.2003. Council of the European Union: EU Schengen Catalogue – Schengen Information System, SIRENE: Recommendations and best Practices. Volume 2 December 2002, 15443/02 SCHEVAL 43 SIS 97 SIRENE 75 COMIX 703 http://ue.eu.int/jai/schengen/Cat.Sch.Vol.2EN.pdf accessed on 05.05.2003. Council of the European Union: List of competent authorities which are authorised to search directly the data contained in the Schengen Information System pursuant to Article 101(4) of the Schengen Convention. 6265/03, 14.04.2003. Council Resolution of 9 June 1997 on the exchange of DNA analysis results (97/C 193/02) OJ C 193, 1997.

443

444

Selected Bibliography

Council Resolution of on the creation of an early warning system for the transmission of information on illegal immigration and facilitator networks. Brussels, 11 May 1999 (OR. D) 7965/99 LIMITE CIREFI 20 MIGR 33. Proposal for a Council Regulation establishing a Community Code on the rules governing the movement of persons across borders. COM(2004) XXX. Regulation (EC) No 45/2001 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by the Community Institutions and Bodies and on the Free Movement of such Data. O J L 8/1 12.01.2001.

The European Council Presidency Conclusions – Tampere European Council 15 and 16 October 1999. Presidency Conclusions – Amsterdam European Council 16 and 17 June 1997. Presidency Conclusions – Cologne European Council 3 and 4 June 1999. Presidency Conclusions – Nice European Council 7, 8 and 9 December 2000.

C

Reports, Opinions, Research and Policy Papers

European Union Article 29 Data Protection Working Party: Working document on biometrics, 1 August 2003 12168/02/EN WP 80. Article 29 Data Protection Working Party Opinion 2/2004 – 10019/04/EN WP 87. Article 29 Data Protection Working Party: Opinion 3/2004 on the level of protection ensured in Canada for the transmission of Passenger Name Records and Advanced Passenger Information from airlines, 10037/04/EN WP 88. Article 29 Data Protection Working Party: Opinion 32/2004 on the level of protection ensured in Australia for the transmission of Passenger Name Records from airlines, 10031/03/EN WP 85. CFR-CDF.rep.UE.2003.en – EU Network of Independent Experts on Fundamental Rights: Report on the Situation of Fundamental Human Rights in the European Union in 2003, January 2004. Data Protection Working Party: Third Annual Report on the situation regarding Protection of Individuals with regard to the Processing of Personal Data and privacy in the Community and in Third Countries covering the year 1998, Adopted by on 22 December 1999 5066/00/ EN/final WP35. EU Directive on Data Protection Evaluation report 2003. First Annual Report of the Council and Parliament on the activities of the EURODAC Central Unit, p. 6. SEC(2004) 557. Living in an Area of Freedom, Security and Justice – Justice and Home affairs in the European Union - European Commission information brochure for the general public Priority Publications Programme 2000. December 2000. Report of the High Level Panel on the free movement of persons chaired by Mrs. Simone Veil, presented to the Commission on 18 March 1997.

Selected Bibliography

Working Party on the Protection of Individuals with regard to the Processing of Personal Data: First Annual Report, adopted by the working Party on 25 June 1997 XV/5025/97 –final-EN corr. WP3. Working Party on the Protection of Individuals with regard to the Processing of Personal Data: Second Annual Report, adopted by the working Party on 30 November 1998 DG XVD/5407/98 final WP14.

Council of Europe Consultative Committee of the convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (T-PD): Progress Report on the application of the principles of Convention 108 to the collection and processing of biometric data, February 2005, T-PS (2005) BIOM E. Council of Europe Convention on Cybercrime – ETS No. 185 Budapest, 23.XI.2001. Council of Europe Recommendation No. R (92) 1 of The Committee of Ministers to Member States on the Use of Analysis of Deoxyribonucleic Acid (DNA) within the Framework of the Criminal Justice System. Council of Europe, New technologies: a challenge to privacy protection? Strasbourg 1989. Data Protection in the Police Sector – Council of Europe Regional Seminar under the Activities for Development and Consolidation of Democratic Stability (ADACS) – 13-14 December Strasbourg (France), Strasbourg, 27 April 2000 ADACS/DGI (2000) 3 Sem. First Evaluation Report: Evaluation of the relevance of Recommendation No R (87) 15 regulating the use of personal data in the police sector, done in 1994. Document CJ-PD (94) 7. New technologies: a challenge to privacy protection? Study prepared by the Committee of experts on data protection (CJ-PD) under the authority of the European Committee on Legal Cooperation (CDCJ), Strasbourg 1989. Opinion of the European Court of Human Rights on draft Protocol 12 to the European Convention on Human Rights. Protection of Personal Data with regard to Surveillance: Report by Mr. Giovanni Buttarelli, Secretary General of the Italian Data Protection Authority (Italy). Revisiting Sensitive Data (1999): Document prepared by Professor Spiros Simitis, Research Centre for Data Protection Johann Wolfgang Goethe University, Frankfurt. Second Evaluation Report: Evaluation of the Relevance of Recommendation No. R (87) 15 regulating the use of personal data in the police sector in the light of new development in this field: Fianl Activity Report of the Project Group on Data Protection (CJ-PD)( adopted on 28 October 1999). The Introduction and Use of personal identification numbers: the data protection issues: Study prepared by the Committee of experts on data protection (CJ-PD) under the authority of the European Committee on Legal Co-operation (CDCJ), Strasbourg 1991. Third Evaluation Report: Evaluation of Recommendation No R (87) 15 regulating the use of personal data in the plice sector, 2002.

445

446

Selected Bibliography

OECD Implementing the OECD “Privacy Guidelines” in the Electronic Environment: Focus on the Internet DSTI/ICCP/REG(97)6/FINAL; 1998. OECD – Directorate for science, technology and industry committee for information, computer and communication policy: Working Party on Information Security and Privacy Biometric based technologies, 30 June 2004 – DISTI/ICCP/REG(2003)2/FINAL. Report of the Ad Hoc Meeting of Experts on Information Infrastructures Issues Related to Security of Information Systems and Protection of Personal Data and Privacy, OCDE/GD(96)74 ; 1996. Working Party on Information Security and Privacy: Inventory of Instruments and Mechanisms Contributing to the Implementation and Enforcement of the OECD Privacy Guidelines on Global Networks, DSTI/ICCP/REG(98)12/FINAL – 1998.

Schengen Council Conclusion on SIS II, Brussels, 26 May 2003 Document 9808/03 SIRIS 47 CATS 34 ASIM 31 COMIX 330. Council Conclusions on SIS II functions Brussels, 3 June 2004 document 10125/04 SIRIS 69 COMIX. Opinon of the Europol, Eurojust, Schengen and Customs Joint Authorities presented to the House of Lords Select Committee on the European Union Sub-Committee F for their inquiry into EU counter-terrorism activities, Bruseels, 28 September 2004.

Schengen Joint Supervisory Authority JSA - Opinion 98/2 on entering an alert in the Schengen Information System on individuals whose identity has been usurped. JSA Opinion of 22 February 1995 on the legal basis of the SIRENE Bureaux. JSA Opinion on the development of SIS II, 19 May 2004. JSA: The Schengen Information System a guide for exercising the right of access: http//Escher.drt. garanteprivacy.it/doc.jsp?ID=23229 accessed on 09.10.2003. Opinion 98/1 of 3 February 1998 on archiving documents after alerts have been deleted (SCH/ AUT – CONT (97) 55 REV 2). Schengen Joint Suprevisory Authority: Report of the Activities of the Schengen Joint Supervisory Authority March 1995 – March 1997. Brussels, 20 October 1997, SCH/Aut-cont(97) 27 rev. 2. Schengen Joint Supervisory Authority: second annual report of the activities March 1997 – March 1998. Schengen Joint Supervisory Authority: Third annual report of the activities March 1998 – February 1999. Schengen Joint Supervisory Authority: Fourth annual report of the activities March 1999 – February 2000. Schengen Joint Supervisory Authority: Fifth annual report of the activities March 2000 – December 2001.

Selected Bibliography

Schengen Joint Supervisory Authority: Sixth annual report of the activities January 2002 – December 2003. Schengen Joint Supervisory Authority: The Schengen Information System – a guide for exercising the right of access. Web site http://www.schengen-jsa.dataprotection.org/. Schengen Joint Supervisory Authority: Web site http://www.schengen-jsa.dataprotection.org/.

European Data Protection Supervisor Opinion of the European Data Protection Supervisor on the proposal for a Council Framework Decision on the protection of personal data processed in the framework of police and judicial co-operation in criminal matters (COM (2005)) O.J. 2006/ C 47/ 12. Opinion of the European Data Protection Supervisor on three Commission proposals regarding SIS II. (COM (2005) 230 final); (COM (2005) 236 final; (COM (2005) 237 final, OJ 2006/ C 91/ 11 Opinion of the European Data Protection Supervisor on the proposal for a Directiove of the European Parliament and of the Council on the retention of data processed in connection with the provision of public electronic communication services and amending Directive 2002/58/EC (COM (2005) 438 final) O.J. (2005/ C 298/ 01)

United Nations High Commissioner For Refugees Colleen Thouez, Towards a Common European Migration and Asylum Policy? – Working Paper No. 27, August 2000 ISSN 1020-7473. Discussion paper: Reconciling Migration Control and Refugee Protection in the European Union: A UNHCR Perspective, October 2000. Jens Vedsted-Hansen, Europe’s Response to the Arrival of Asylum Seekers: Refugee Protection and Immigration Control – Working Paper No. 6, May 1999. Susan F. Martin, Forced Migration and the Evolving Humanitarian Regime, Working Paper No. 20, July 2000. UNHCR Position: Visa Requirements and Carrier Sanctions, September 1995. UNHCR: The State of the World’s Refugees: A Humanitarian Agenda, 1997.

United Kingdom House of Commons home Affairs Committee Identity Cards Fourth Report of session 2003-04 Volume 1 HC 130-1.

House of Lords European Committee Reports House of Lords Select Committee on the European Union – Sixth Report: Enhancing Parliamentary Scrutiny of the Third Pillar – Session 1997-98. House of Lords Select Committee on the European Union – Fifteenth Report: Dealing with the Third Pillar: The Government Perspective – Session 1997-98.

447

448

Selected Bibliography

House of Lords Select Committee on the European Union – Twenty Ninth Report: Europol: Third country Rules. Session 1997-98. House of Lords Select Committee on the European Union – Thirty-first Report: Incorporating the Schengen Acquis into the European Union – Session 1997-98. House of Lords Select Committee on the European Union – European Union Databases - Session 1998-99, , 9 November 1999. House of Lords Select Committee on the European Union – Seventh Report: Schengen and the United Kingdom’s Border Controls - Session 1998-99. House of Lords Select Committee on the European Union – Tenth Report: Fingerprinting Illegal Immigrants: Extending the Eurodac convention – Session 1998-99. House of Lords Select Committee on the European Union – Seventeenth Report: Enlargement and EU External Frontier Controls – Session 1999-2000. House of Lords Select Committee on the European Union – Eighth Report: EU Charter if Fundamental Rights – Session 1999-2000. House of Lords Select Committee on the European Union s – Fifth Report: UK Participation in the Schengen Acquis – Session 1999-2000. House of Lords Select Committee on the European Union s – Fourth Report: The EU Framework Directive on Discrimination – Session 2000-01. House of Lords Select Committee on the European Union – Twenty Eighth Report: Defining Refugees Status and Those in Need for International Protection – Session 2001-02, HL Paper 156. House of Lords Select Committee on the European Union – Fifth Report: Europol’s Role in Fighting Crime – Session 2002-03, HL Paper 43. House of Lords Select Committee on the European Union – Thirty seventh Report: A Common Policy on Illegal Immigration – Session 2001-02, HL Paper 187. House of Lords Select Committee on the European Union – 41st Report Session 20002-03: The Future of Europe – the Convention’s Draft Constitutional Treaty, HL Paper 169 21 October 2003, The House of Lords London – The Stationery Office Limited. Internet version (PDF) p. 42. House of Lords Select Committee on the European Union – 29th Report Session 2002-03: Proposal for a European Border Guard, HL Paper 133. House of Lords European Union Committee – Fighting illegal immigration: should carriers carry the burden? 5th Report of Session 2003-04, HL Paper 29. House of Lords European Union Committee – Schengen Information System II (SIS II) 9th Report of Session 2006-07. HL Paper 49.

Amnesty International Amnesty International: No Flights to Safety: Airline Employees and the Rights of Refugees. Report - ACT 34/21/97 November 1997. http://www.amnesty.org/ailib/aipub/1997/ACT/A3402197.htm

Selected Bibliography

Liberty & Security Data surveillance and border control in the EU: Balancing efficiency and legal protection of third country nationals. http://www.libertysecurity.org/article289.html

Europol Europol Annual Report 2004. Europol Annual Report 2005.

Statewatch Statewatch: ”Scoreboard” on post-Madrid counter-terrorism plans Statewatch: Analysis no 1. The Conclusions of Justice and Home Affairs Council on 20 September 2001 and their implications to civil liberties. Statewatch: Analysis: Killing me softly? ”Improving access to durable solutions”, doublespeak and the dismantling of refugee protection in the EU. By Ben Hayes in Statewatch bulletin, vol 14 no2 (March-April 2004). Statewatch: Monitoring the State and Civil Liberties in the UK and Europe. http://www.statewatch.org/ Statewatch: EU-SIS Three –quarters of a million illegal aliens banned from Schengen area. http:// www.statewatch.org/news/2005/apr/08SISart96.htm Statewatch: The enemy within; EU plans the surveillance of protestors and the criminalisation of protests. Statewatch: The “enemy within” II – EU plans to extend the Schengen Information System to i) create EU database to target “suspects” protestors and bar them from entering a country where a protest is planned, ii) create EU database of all foreigners to remove third country nationals who have not left within the prescribed time frame.

The Standing of Experts in International Immigration, Refugee and Criminal Law, Utrecht Netherlands Comments and Recommendations to the European Commission for the Consultation on the Visa Information System (VIS), CMO0409 12 May 2004. Comments on draft Regulation establishing a Community code on the rules governing the movement of persons across borders, COM (2004) 391, 26 May 2004. Comments on the draft proposal for a Regulation concerning the Visa Information System (VIS), COM (2004) 835. Proposals on amendments to the Standards for the Amended proposal for a Council Directive on minimum standards on procedures in Member States for granting and withdrawing refugee status (COM) 2002 326 final, CM0407 18 March 2004.

449

450

Selected Bibliography

Human Rights Watch France: Towards a Just and Humane Asylum Policy, October 1997 Vol. 9, No. 12(D). Sweden: Swedish Asylum Policy in Global Human Rights Perspective, September 1996 Vol. 8, No. 14(D).

Danish Refugee Council Legal and Social Conditions for Asylum Seekers and Refugees in Western European Countries (May 2000). Safe Third Country – Policies in European Countries (November 1997). The Dublin Convention - Study on its Implementation in the Member States of the European Union (December 2000).

D

International Legislation

European Union Treaties The Treaty establishing the European Community, 1957. OJ C 325/33 24 December 2002. The Treaty of European Union, 1993. OJ C 325/5 24 December 2002. The Amsterdam Treaty, 1997. The Protocol integrating the Schengen Acquis into the framework of the European Union. B. Protocols annexed to the Treaty on European Union and to the Treaty establishing the European Community. The European Union Constitution Treaty, OJ C 310 16 December 2004.

EC Regulations Council Regulation (EC) No 377/2004 of 19 February 2004 on the creation of an immigration liaison officers’ network. Council Regulation (EC) No 2007/2004 of 26 October 2004 establishing a European Agency for the Management of Operational Co-operation at the External Borders of the Member States of the European Union.

Data Protection Agreement between the European Community and the Republic of Iceland and the Kingdom of Norway concerning the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in a Member State or Iceland or Norway. Article 286 of the Treaty Establishing the European Communities. Article 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms.

Selected Bibliography

Articles 7 & 8 of the Charter of fundamental Rights of the European Union (2000/C 364/01). Convention Implementing the Schengen Agreement of 14 June 1984 between the Governments of the States of the Benelux Economic Union, the Federal Republic of Germany and French Republic on the Gradual Abolition of Checks at their Common Borders – 1990. Council Decision 8803/01 authorising the Director of Europol to conclude a Co-operation Agreement between Europol and Interpol. Council Regulation (EC) No 2725/2000 of 11 December 2000 concerning the establishment of ‘Eurodac’ for the comparison of fingerprints for the effective application of the Dublin Convention. Council Regulation (EC) No 343/2003 of 18 February 2003 establishing the criteria and mechanisms for determining the Member State responsible for examining an asylum application lodged in one of the Member States by a third-country national. Council Regulation (EC) No 407/2002 of 28 February 2002 laying down certain rules to implement Regulation (EC) No 2725/2000 concerning the establishment of ’Eurodac’ for the comparison of fingerprints for the effective application of the Dublin Convention. Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data. OJ L 281/31 23.11.1995. Directive 97/66/EC of European Parliament and the Council on the Processing of Personal data and the Protection of Privacy in the Telecommunications Sector, in Particular in Integrated Services Digital Networks (ISDN) and the Public digital Mobile Networks. (OJ No. L 24 of 30.1.1998). Directive by Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and protection of privacy in the electronic communication sector. OJ L 2001/37 31.07.2003. Draft Framework Decision on the retention of data processed and stored in connection with the provision of publicly available electronic communications services or data on public communications networks for the purposes of (…) investigation, detection and prosecution of crime and criminal offences including terrorism, 8864/1/05 REV 1 LIMITE COPEN 91 TELECOM 33, Brussels, 24 May 2005. Draft Resolution on the principles of personal data protection in the field of judicial cooperation in criminal matters as well as police and customs cooperation, 10968/00, JAI 8 Official Journal, L 271, 24/10/2000 p. 1-3. Proposal for a Council Framework Decision on the protection of personal data processed in the framework of police and judicial co-operation in criminal matters, COM (2005) 475 final 4 October 2005, {SEC (2005) 1241}. Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies on the free movement of such data. OJ L 8/1 12.1.2000.

Human Rights Charter of Fundamental Rights of the European Union (OJ C 364, 18.12.2000). Convention determining the State Responsible for Examining Applications for Asylum Lodged in One of the Member States of the European Communities (OJ 1997/C 254/01).

451

452

Selected Bibliography

Council Directive 2000/43/ of June 2000 implementing the principle of equal treatment between persons irrespective of racial or ethnic origin, OJ 2000 L 180/22. Council Directive 2000/78/EC of 27 November 2000 establishing a general framework for equal treatment in employment and occupation, OJ 2000 L 303/16.

Council of Europe Data Protection Amendments to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS No 108) allowing the European Communities to Accede (adopted by the Committee of Ministers, in Strasbourg, on 15 June 1999). Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data ETS no. : 108 of 1981. Council of Europe Convention on Cybercrime – ETS No. 185 Budapest, 23.XI.2001. Draft additional protocol to Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS No 108) regarding supervisory authorities and transborder data flows Strasbourg, 8 June 2000. Guiding Principles for the Protection of Individuals with Regard to the Collection and Processing of Personal Data by Means of Video Surveillance. Protocol No 12 to the Convention for the Protection of human Rights and Fundamental Freedoms (ETS no. 177). Recommendation No. R (87) 15 of the Committee of Ministers to Member States Regulating the Use of Personal Data in the Police Sector 17 September, 1987.

Human Rights European Convention for the Protection of Human Rights and Fundamental Freedoms, as amended by Protocol No. 11 (ETS 005) 1950. European convention for the Prevention of Torture and Inhuman or Degrading Treatment or Punishment, Strasbourg, 26 November 1987. Protocol No. 12 to the Convention for Protection of Human Rights and Fundamental Freedoms, CETS No.: 177.

Schengen Council Decision 2003/19/EC of 14 October 2002 on declassifying certain parts of the Sirene Manual adopted by the Executive Committee established by the Convention implementing the Schengen Agreement of 14 June 1985 (OJ L 8, 14.1.2003, p.34). Council Decision 2005/211/JHA of 24 February 2005 concerning the introduction of some new functions for the Schengen Information System, in particular in the fight against terrorism, OJ L 68/44 15.3.2005. Council Decision 6694/04 amending the Common Manual in order to include provision for targeted border controls on accompanied minors.

Selected Bibliography

Council Decision of 28 February 2002 concerning Ireland’s request to take part in some of the provisions of the Schengen acquis (2002/192/EC published in OJ L 64 of 07.03.2002). Council Decision of 29 May 2000 concerning the request of Great Britain and North Ireland to take part in some provisions of the Schengen Acquis (2000/365/EC published in OJ L 131 of 01.06.2000). Council Decision of 6 December 2001 on the development of the second generation Schengen Information System (SIS I) 2001/866/JHA, OJ L328/1 13.12.2001. Council Directive 2001/51/EC of 28 June 2001 supplementing the provisions of Article 26 of the Convention implementing the Schengen Agreement of 14 June 1985. Council Directive 2004/82/EC of 29 April 2004 on the obligation of carriers to communicate passenger data. Council Regulation (EC) No 2424/2001 of 6 December 2001 on the development of the second generation Schengen Information System (SIS II) OJ L 324/4 13.12.2001. Council Regulation (EC) No 871/2004 of 29 April 2004 concerning the introduction of some new functions for the Schengen Information System including in the fight against terrorism OJ L 162/29 30.4.2004. Council Regulation concerning the introduction of some new functions for the Schengen Information System, in particular in the fight against terrorism, 100545/03. Proposal for a Council Decision on the establishment, operation and use of the second generation Schengen Information System (SIS II) COM(2005) 230 final. Proposal for a Regulation of the European Parliament and of the Council on the establishment, operation and use of the second generation Schengen Information System (SIS II) COM(2005) 236 final. Proposal for a Regulation of the European Parliament and of the Council regarding access to the Second Generation Schengen Information System (SIS II) by the services in the Member States responsible for issuing vehicle registration certificates COM(2005) 237 final. SIRENE Manual OJ C 38/1 17.02.2003. The Common Consular Instructions on Visas for the Diplomatic Mission and Consular Posts OJ C 313/1 16.12.2002. The Common Manual OJ C 313/97 16.12.2002. The Schengen Acquis as referred in Article 1 (2) of Council Decision 1999/435/EC of 20 May 1999, OJ 22.9.200.

OECD Data Protection Guidelines on the Protection of Privacy and Transborder Flows of Personal Data – 1980. Guideline for the Security of Information Systems – 1992.

453

454

Selected Bibliography

United Nations Data Protection Guidelines Concerning Computerized Personal Data Files – 1990.

Human Rights Universal Declaration of Human Rights – 1948. International Covenant on Civil and Political Rights – 1966. International Covenant on Economic, Social and Cultural Rights – 1966. Optional Protocol to the International Covenant on Civil and Political Rights – 1966. Convention on the Elimination of all forms of Discrimination against Women – 1979. Second Optional Protocol to the International Covenant on Civil and Political Rights, aiming at the abolition of the death penalty – 1989. Convention Against Torture and Other Cruel, Inhuman or Degrading Treatment or Punishment – 1984. Convention on the Rights of the Child – 1989.

National Legislation USA Real Id Act 2005 USA.

Norway Lov av 18 mai. nr. 24 2001 om helseregistre og behandling av helseopplysninger (helseregisterloven)- The Health Registers Act 2001. Lov av om behandling av opplysninger i politiet og påtalemyndigheten (politiregisterloven). Lov 16 juli 1999 nr 66 om Schengen Informasjonssystem (SIS). For 21 desember nr 1365 forskrift til lov om Schengen informasjonssystem. Lov 14 april 2002 nr 31 om behandling av personopplysninger (personopplysningsloven).

E

Surveys and Public Opinion Polls

Eurobarometer: Special Eurobarometer 196 – Wave 60.0 – European Opinion Reserch Group EEIG – Data Protection, December 2003. Eurobarometer: Flash Eurobarometer 147 – Taylor Nelson Sofres. Coordination – EOS Gallup Europe – Data Protection, December 2003.

Selected Bibliography

F

Some Selected Interenet Resources

Statewatch http://www.statewatch.org/ Last Accessed on 12 March 2007. Schengen en bibliografi – et utvalg http://www.ub.uib.no/avdeling/edc/schengen.htm Last accessed on 10 March 2007. Europa database http://europa.eu/ Last accessed on 11 March 2007. Justice, Freedom and Security http://europa.eu/pol/justice/index_en.htm last accessed on 12 March 2007. Freedom, Security and Justice http://ec.europa.eu/justice_home/fsj/privacy/ Last accessed on 12 March 2007 ECHR: http://www.echr.coe.int/echr Last accessed on 12 March 2007. The Dutch Data Protection Authority http://www.dutchdpa.nl/index.stm Last Accessed on 12 March 2007. The House of Lords United Kingdom http://www.parliament.the-stationery-office.co.uk/pa/ld/ ldeucom.htm Last accessed on 12 March 2007. Norwegian Data Inspectorate http://www.datatilsynet.no/ Last accessed on 12 March 2007. European Data Protection Supervisor http://www.edps.europa.eu/EDPSWEB/ Last accessed on 12 March 2007 United Nations Human Rights Committee http://www.unhchr.ch/html/menu2/6/hrc.htm Last Accessed on 12 March 2007. Council of Europe http://www.coe.int/DefaultEN.asp Last Accessed on 12 March 2007. European Civil Liberties Network http://ec.europa.eu/justice_home/fsj/privacy/ last accessed on 12 March. JUSTICE http://www.justice.org.uk/ Last accessed on 12 March 2007. EUROPOL http://www.europol.eu.int/index.asp?page=Jobopportunities&language= Last accessed on 12 March 2007. INTERPOL http://www.interpol.int/Default.asp Last accessed on 12 March 2007 KRIPOS http://www.politi.no Last accessed on 12 March 2007. Schengen Joint Supervisory Authority http://www.schengen-jsa.dataprotection.org/ Last accessed on 12 March 2007. Privacy and Data Protection http://privacydataprotection.co.uk/news/ Last accessed on 12 March 2007. TELEPOLIS http://www.heise.de/tp/ Last accessed on 12 March 2007. Urbaneye http://urbaneye.net/index.html last accessed on 12 March 2007. Privacy International http://www.privacyinternational.org/ Last Accessed on 12 March 2007. ACLU http://www.aclu.org/ Last accessed on 12 March 2007. European Court of Justice http://curia.europa.eu/ Last accessed on 12 March 2007.

455

Appendix

SIS Interview: Topic Areas 1.

Comments on the SIS (Schengen) legislation and documentation and the extent of their accessibility to public.

2. Establishment of SIS. Which parties (actors) were involved? 3. Modeling of data and design of the SIS. 4. The process of entering data in the SIS. 5. Ensuring data quality in the SIS. 6. Ensuring data security, integrity and confidentiality in the SIS. 7.

Authorities with regard to SIS that have control responsibilities and their responsibilities.

8. The role of the SIS in interstate co-operation. 9. Exchange of supplementary information and the role of SIRENE in this. 10. The relationship between SIS and Europol, Eurodac, Interpol & Customs Information Systems.

Index

9/11 Commission Report  305, 306, 307, 441

A

Abstractions  135, 160 Accession agreements 42, 231 Accession Protocols  21, 16, 28 Accountability  xxiii, 9, 47, 50, 136, 164, 212 Actuarial justice  319 Adequate safeguards  53, 56, 86, 97, 101, 133, 175, 212, 257, 264, 327, 335, 348, 350, 371, 398, 423, 426, 427 Administrative decision-making  159, 160 Admissible  174, 196, 246, 371, 374 Airline data  63, 223, 335 Airport  45, 60,181, 219, 233, 238, 320, 327, 334, 336, 343, 344, 353, 361, 362, 363, 364, 365, 369, 372, 374, 375, 383, 392 Alphanumeric data  298, 299 Amendments  14, 28, 70, 183, 190, 193, 204, 208, 268, 370, 378, 423 Amsterdam Treaty  13, 15, 26, 28, 29, 39, 42, 44, 48, 57, 58, 59, 60, 74, 75, 76, 77, 127, 132, 153, 267, 398, 408, 421, 450 Anonymity, anonymous  92, 94, 139, 140, 152, 318, 352 Anti-terrorism  60, 61, 62, 222 Arbitrary  48, 86, 93, 106, 109, 110, 119, 121, 160, 162, 212, 215, 242, 247, Area of Freedom, Security and Justice  11, 20, 47, 57, 179, 306, 309 Associate status  41 membership  41, 42, 46 Asylum, see Refugee card  322 seekers  8, 10, 15, 17, 54, 62, 64, 72, 199, 214, 220, 247, 265, 266, 267, 268, 269,

272, 273, 275, 276, 278, 302, 316, 322, 324, 330, 332, 340, 349, 350, 363, 365, 367, 369, 373, 374, 386, 413, 414, 415 Authentication  320, 327, 328, 329, 353, 366, 382 Automated decisions  145, 168, 235, 357, 402 Automatic Search Facility (ASF)  261 Refusal  52 Availability of (personal) data  137, 158, 308

B

Baggage checks  45 Banknotes  142, 191, 197 Basic Law  70 Behavioural characteristics  328, 329, 352 Bilateral agreement  4, 40, 54, 330, 372, 388 Bill of Rights  67, 70, 77 Biometric Data  9, 132, 138, 252, 299, 301, 305, 306, 310, 311, 323, 328, 329, 331, 345, 349, 350, 351, 352, 353, 354, 355, 356, 357, 379, 426 Technologies  319, 329, 331, 337, 351, 352, 358, 359 Blue borders  376 Border control co-operation  xxiii, 3, 4, 6, 7, 9, 11, 14, 15, 16, 21, 36, 37, 69, 121, 124, 132, 133, 134, 136, 137, 168, 169, 174, 278, 301, 304, 310, 315, 343, 344, 351, 355, 363, 400, 401, 404, 409, 418

C

Canada  62, 223, 323, 338, 369, 423, 440, 444 Carrier sanctions  364, 366, 369, 370 Catalogue of principles  87, 88, 401 Categories of persons  131, 278, 363-364, 392

460

Index

data  141, 146, 185, 189, 297, 422 Categorisation  25, 87, 172, 346, 382 Central SIS (C.SIS)  183, 184, 185, 186, 187, 197, 200, 201, 202, 246, 249, 250, 251, 252, 304 Central Unit  269, 270, 271, 272, 273, 274, 275, 276, 277, 279, 304, 308, 391 Check-in  335, 369 Citizenship  40, 46, 61, 81, 275, 323, 342, 386, 408 Closed Circuit Television (CCTV)  94, 100, 334, 344, 389 Coast Guard  61, 193, 222, 316, 381 Common Consular Instructions  27, 30, 224, 230, 231, 234, 366, 367, 373 data protection secretariat  132, 133 European standards  215 frontiers  8, 40, 44 Handbook  377 Law  91, 106, 107, 111 Manual  27, 50, 211, 230, 233, 236, 237, 376, 382, 453 Platform  297 social morality  68 visa policy  296 Communication of data  285-287, 289 to third states  285-287 to third bodies  285-287 Community bodies  77, 127, 252, 273, 277, 416 institutions  59, 77, 127, 182, 211, 252, 273, 277, 278, 416 law  13, 31, 33, 45, 46, 47, 49, 64, 75, 77, 78, 80, 107, 127, 128, 133, 245, 299, 300, 400, 408 First Pillar  13, 15, 29, 48, 58, 64, 76, 127, 132, 133, 254, 256, 267, 279, 300, 301, 310, 398, 400, 421, 424, 426 Third Pillar  13, 15, 29, 48, 49, 58, 59, 60, 64, 76, 124, 127, 128, 132, 133, 211, 254, 256, 267, 274, 279, 280, 290, 291, 295, 300, 301, 302, 311, 397, 398, 400, 401, 418, 421, 422, 424, 426 Compensatory measures  6, 8, 37, 40, 41, 45, 46, 50, 51, 56, 266 Competences  81, 398, 408 Competent authorities  59, 192, 196, 276, 281, 288, 299, 300, 372, 386, 387 Competing interests  7, 8, 105, 106, 118

Compulsory (IDs)  60, 321, 324, 387 Computerised access  284 Conditions for entry  52, 380 Considerations of fairness  24, 34 Constitutions  25, 33, 69, 70, 83, 124, 125, 264 Consular co-operation  63, 234, 296, 297 authorities  296, 372, 373, 374 posts  230, 231, 234, 296, 297, 367 Common Consular Instructions  27, 30, 224, 230, 231, 234, 366, 367, 373  Consultative Committee  130, 336, 445 role  47, 58, 59 Control techniques  22, 24. 37, 169, 315, 320-327, 349, 350 places  24, 169, 362, 364, 384, 385, 413, 414 Controls External  7, 173, 174, 248, 249, 362, 375, 376, 377, 378, 379, 380, 382 Entry  378 Exit  377, 378 Internal  51, 173, 174, 243, 244, 248, 249, 322, 386, 387, 391 passport  385 Checks  379 cross-border pursuit  4, 337 Correspondence  74, 79, 86, 88, 90, 91, 92, 112 Country of origin  263, 302, 340, 364, 365, 366, 367, 369, 373, 374, 382, 392, 406 Court order  263, 302, 340, 364, 365, 366, 367, 369, 373, 374, 382, 392, 401 Covert methods  90, 94, 334 surveillance  333, 336, 353, 356 Crime combating  7, 8, 57, 130, 183, 213, 214, 216, 260, 262, 264, 286, 302, 308, 335, 384 organised  5, 51, 54, 223, 264, 281, 318 preventing  8, 55, 87, 91, 94, 95, 99, 100, 112, 113, 119, 152, 155, 192, 198, 207, 213, 214, 216, 217, 264, 276, 286, 290, 291, 302, 308, 324, 332, 335, 339, 348, 350, 385, 386 investigation units  194 cross-border  375, 384, 391 Criminal databases  11, 303 investigations  99, 325, 337 records  131

Index

Crossing internal borders  45, 51, 387 Cultural relativism  68, 69 Customs authorities  55, 59, 180, 193 Customs checks  192, 221, 390 Cybercrime Convention  347, 348

D

Data banks  85, 88, 103, 125, 129 flows  129, 131, 186 linkage  152, 353 processing  23, 37, 38, 88, 94, 126, 127, 136, 142-144, 145, 147, 148, 149, 151, 155, 158, 161, 162, 164, 165, 166, 167, 168, 169, 171, 175, 195, 196, 216, 217, 223, 224, 228, 229, 233, 235, 239, 243, 265, 290, 300, 306, 327, 346, 348, 353, 356, 357, 397, 416, 319, 420, 421, 422, 426 Inspectorate  xxiv, 199, 201, 226, 229, 271 Matching  90, 143, 152, 275, 309, 337, 345, 353 Profile  61, 244, 353 processing system  195 protection ombudsman  415 Database surveillance  344 Dataveillance personal  344, 345 mass  344, 345, 351, 353 de lege ferenda and de lege lata  26, 28, 35-36, 37, 157, 217, 315, 316 Decentralised systems  305 Deletion of information  101, 102, 104, 210, 212, 257 Destruction of information  89, 102 Detention  10, 72, 91, 94, 319, 332, 342 Digital camera  299 photographs  61, 334 Directorate of Immigration  188, 271, 341 Discreet surveillance  55, 155, 181, 190, 191, 213, 218, 221, 240, 293, 304, 334, 340, 355, 384, 389, 390, 424, 425 Discretionary powers  93, 95 Disfavour  160, 171, 239, 240, 242 DNA analysis  337 databases  337, 338 screening  326 tests  326, 337, 338, 339, 340, 349 fingerprint  338

Domestic flights  362 law  106, 108, 109, 111, 130, 145, 154, 212, 267, 347 Drivers’ licensing  142, 194, 325 Drug policy  56, 386 trafficking  56, 57, 59, 280, 375 Dual basis  48 criminality  63 Dublin Convention  15, 41, 45, 50, 54, 265, 266, 267, 268, 330 Regulation  54, 57, 265, 266, 267, 271 procedures  266 mechanism  266 Dutch Council of State  46

E

Eastern Europe  42, 75 Economic well being  86, 95, 99, 112, 116, 153. 213, 349 Electronic commerce  123 monitoring  343, 344, 346, 347 surveillance  344, 345 trails  343, 344 Enforcement of criminal judgements  55 External borders  8, 10, 26, 40, 41, 43, 45, 49, 51, 53, 58, 63, 191, 226, 232, 238, 343, 359, 361, 362, 363, 364-384, 420 Equality  33, 78, 81, 156, 324, 405, 407, 408, 409, 411 EU acquis  21 citizenship  40, 81, 408 Constitution  50, 69, 80-82, 83, 121, 127, 128, 133, 134, 153, 257, 310, 400, 401, 410 Treaty  44, 48, 49, 57, 58, 59, 60, 75, 76, 78, 179, 280, 281, 419, 421 law  25, 26, 28, 29, 30, 31, 32, 33, 34, 35, 4350, 64, 80, 82, 83, 153, 245, 310, 410, 423 passports  306, 311, 317, 318, 331, 351 Eurodac II Regulation  267 System  266, 268, 269, 271, 272, 273, 274, 276, 279, 382 Eurojust  10, 182, 193, 222, 223, 308, 399, 400, 422, 423

461

462

Index

European Arrest Warrant  62, 186, 208, 422 Court of Justice  xvi, 8, 29, 30, 32, 33, 47, 58, 69, 72, 74, 82, 142, 292 Police Office  132, 280, 308 society  114 supervision  116, 118 Europol Drug Unit  280 Europol Information System  186, 281 Evaluation report  130, 131, 269, 401, 444, 445 tool  111, 125, 209  Excessive control  152, 159, 161, 169, 172, 173, 175, 236, 247, 256, 257, 259, 411 Exchange of information  3, 4, 8, 11, 41, 55, 161, 186, 207, 223, 233, 237, 259, 260, 261, 264, 281, 282, 283, 287, 304, 307, 308, 309, 389, 402 Explanatory Report  143, 145, 147, 152, 153 Extradition  10. 55, 62, 63, 79, 180, 186, 188, 189, 212, 261, 262, 302, 303, 304, 390, 422 Extreme Islamic terrorism  280

F

Facial image  317, 331, 332, 333 recognition  299, 329, 333, 334, 335, 336, 351, 354, 356 Fair balance  105, 119 False identities  142, 317, 341 negatives  334, 355 positives  334, 355 Falsified identification  139, 142, 317 Family  74, 79, 86, 91, 96, 97, 98, 99, 103, 241, 316, 338, 339, 340, 341, 342, 349 Federal law  61 Filing systems  93, 143 Fingerprints  329-333 Fingerprints Register  330 First country rule  54 Foreign nationals  51, 52, 53, 117, 118, 120, 125, 140, 191, 199, 206, 243, 244, 245, 255, 268, 271, 274, 300, 301, 302, 304, 310, 322, 323, 330, 367, 372, 374, 379, 380, 382, 384, 385, 386-387, 391, 392, 405, 413 Formal accessibility  230, 231 Fortress Europe  8, 213 Freedom of Assembly  83, 105 expression  74, 83, 92, 105, 116, 152

movement  45, 52-54, 72, 80, 262, 266 Frontier controls  40, 41, 375 Function creep  186, 193, 334, 353, 356 Fundamental human rights  71, 74, 75

G

General access  148, 164, 165, 217, 224, 254, 353 Comment  88, 405, 407 principles of law  24, 31, 34 Good information handling  136 Green borders  376 Group protection approach  413 Group-oriented protection  368, 374, 413

H

(The) Hague Programme  305, 309 Hard law  129 Health care  99, 123, 409 officials  99, 337 Hit  180, 181, 187, 191, 192, 205, 206, 207, 235, 236, 241, 242, 270, 382, 422 HIV  100 Homeland Security Act  61 Human rights law  11, 22, 36, 67-84, 85, 104, 121, 123, 151, 167, 168, 173, 210, 239, 243, 336, 346, 359, 397, 406, 410, 416, 417, 418 Human Rights Committee  xvii, 73, 87, 397, 405, 407, 416, 417 Human trafficking  59, 280, 303, 374, 391 Humanitarian reasons  52, 240, 241, 382

I

ICAO  332, 333, 335 Identical twins  336, 337 Identification documents  51, 325, 327, 330, 335, 385 Numbers  322 techniques  37, 137, 143, 310, 315-359 Identified or identifiable  103, 138, 352 Identifiers  138, 139, 141, 305, 316, 317, 318, 319, 323, 330, 331, 332, 351, 353, 354, 357 Identity papers  51, 142, 197 documents  63, 193, 262, 325, 365 cards  60, 142, 318, 320-324, 325, 332, 333, 340, 349, 351, 447 Illegal immigration  3, 5, 6, 8, 40, 42, 44, 45, 56, 179, 180, 192, 213, 214, 216, 257, 264, 279, 280, 290, 302, 317, 322, 324, 335, 341, 349, 364, 367, 370, 371, 372, 374, 375, 376, 384, 386, 413

Index

Independent supervision  38, 201, 294 Index System  131, 283, 284, 289 legal indexes  16 Indirect discrimination  324, 333, 405, 409 Individual access  97-99, 145, 158-159. 165-167, 169, 210, 224, 225, 254, 255, 353, 354, 403 control  37, 145, 158, 161, 365, 393, 412 interest  161, 162, 168, 169, 170, 174, 175, 236, 255, 256, 392, 412 approach  162 Informal controls  378 Information and Communication Technologies (ICT)  6, 79, 103, 162, 171, 172, 260, 327 Information privacy  85-121 Inspection  152, 165, 202, 246, 249, 250, 251, 252, 253, 361, 405 Integrity  136, 158, 162, 173, 185, 198, 253, 278, 353, 354, 356, 457 Intelligible form  88, 145, 146 Interception  90, 91, 92, 96, 103, 346, 347 Interest requirements  158, 164, 170 International community  68, 71, 80, 414 court  30, 32 Court of Justice  28, 34, 72 crime  3, 5, 260, 280, 302, 303, 398, 399 judges  116  law  24, 28, 30, 31, 32, 34, 39, 67, 72, 78, 80, 107, 111, 125, 126, 127, 129, 181, 302, 346 obligations  31, 53 Interoperable or Interoperability  279, 295, 305, 308, 332, 353 Interpol database  186, 309 General Secretariat  262, 263 Interviews Personal  13 semi-structured  23 Intimate information  99, 140 Intrusive, non-intrusive  67, 90, 94, 103, 104, 321, 333, 334, 339, 356 Iris recognition  335, 336, 356 Irregular crossing  265, 272, 276, 382 IT architecture infrastructure  183, 343 interface  185, 187, 297, 298

J

Joint Organ  33, 34 Joint Supervisory Authority (JSA)  xxiv, 33, 109, 133, 186, 195, 198, 201, 203, 238, 250, 277, 294, 403, 420, 421, 422, 426 Joint supervisory body  56, 288, 289, 290 Judicial control  9, 10, 11, 32, 43, 47, 48, 58, 109, 110, 212, 249, 257, 278, 294 Justice and Home Affairs  47, 127, 132, 194, 271, 306, 354, 358, 387

K

Know-ability  167, 356 Knowable  108, 109, 167, 229, 232, 233, 356, 403 Knowledge and consent  326, 354

L

Law and order  23, 47, 50, 58, 60, 76 Legal basis  181-183, 202-204, 260-261, 267-268, 281-282, 291, 296 indexes  16 information  167-168, 229-235, 403-404 persons  88, 139 regimes  13, 29, 133, 227, 295, 398 safeguards  7, 179, 259, 338 system  30, 31, 32, 34, 39, 42, 43, 44, 46, 55, 70, 99, 106, 128, 182, 255, 392, 413 Legitimate aim  95, 96, 106, 111-113, 114, 119, 121, 151, 209, 213-214, 215, 216, 256, 257, 324, 327, 332, 333, 335, 348, 349, 467 Legitimate expectation  35, 92 Lex superior  70 Liaison officers  55, 280, 282, 283, 284, 285, 289, 308, 364, 366, 371, 372, 373, 392, 415 Lie detector test  341, 342 Liechtenstein  23, 42 List of authorities, countries  27, 192, 221, 222 Luxembourg  26, 40, 42, 77, 203, 218, 269, 321, 330, 345, 375, 386, 388

M

Maastricht Treaty  74, 76, 132, 280 Magna Carta  70 Margin of appreciation  113, 114, 115-118, 120, 213, 215, 218 Mass surveillance  319, 345 Medical records  99 data  99, 100, 103, 120

463

464

Index

confidentiality  100, 103 files  100 Metering  90 Migratory pressures  371 Minimality  88, 96, 135 Minimum level of protection  125, 195, 235, 290 threshold  52, 125, 163, 165, 274 Misuse of power, See excessive control  157, 159 Mixed Committee  42 Mobile brigades, patrols  384, 387, 388, 391 Money laundering  280 Moons (Mr. and Mrs.)  220, 225 Motor vehicle crimes  141, 197, 280, 344 Multiple applications  54, 271, 316, 333, 391 Mutual assistance  55, 195, 232, 260, 308

N

National Central Bureau  261 National constitutions  69, 83, 124, 125 copy  185 courts  25, 31, 32, 47, 58, 73 interest  4, 115, 116, 214, 215, 220, 383 interfaces  185, 297, 298 jurisdiction  25, 123 level  7, 16, 21, 25, 30, 32, 33, 34, 62, 124, 125, 126, 128, 153, 209, 212, 221, 222, 223, 243, 249, 252, 252, 264, 279, 289, 290, 297, 308, 309, 315, 398, 415, 416 parliaments  47, 50, 81, 130 SIS  (N.SIS)  183, 184, 185, 186, 187, 200, 203, 207, 223, 229, 246, 249, 251, 253, 305 Natural person  138, 139, 140, 153, 277, 346 Necessary in a democratic society  84, 86, 91, 94, 95, 101, 105, 106, 112, 113, 114, 115, 118, 120, 121, 151, 154, 159, 162, 209, 214-216, 228, 256, 327, 348, 349 Negative discrimination  172, 173, 405, 406 New category of alerts  186 Nice  78, 79 non(ne) bis in idem  25, 35, 56 Non-arrival policies  364 non-disclosure   98 Non-refoulement clause  72 Nordic countries  21, 41, 43, 180, 330 Notification  49, 147, 165, 174, 200, 227, 228, 229, 236, 246, 256, 261, 355, 368, 404-405, 426

O

Obedience  169, 170, 411, 412 Objective data  141, 272, 349 Ombudsman  229, 368, 415, 426 One country rule  54 One-to-one  328 Onus of proof  117 Orbiting refugees  266 Ordinary law crimes  260, 263, 302 Original Schengen countries  21, 25 Outside Schengen  51, 362 Overlapping, duplication  279, 301, 303

P

Panoptic sort  346 Parliamentary Assembly  129 scrutiny  46 Passenger Name Record  63, 223, 444 Photograph register  325 Physical safety  136 Physiological characteristics  329, 336 Police authorities  40, 55, 195, 202, 207, 244, 260, 297, 378 control  322 districts  187, 188, 415 informants  99, 247 register  93, 204 Positive obligation  98, 210 Postscript, see SIS II  395-419 Practical accessibility  230, 231 Preliminary rulings  60 Prescribed by law  99, 106, 107, 154 Pressing social need  114, 115, 119, 214, 349, 350 Primary biometric identifier  299, 333, 335 Principle of availability  309, 403 of certainty  35, 49, 50, 107 of human rights  82 of legality  106, 111, 119, 149, 211 Prior checking, see notification  165 Probability of identification  140 Procedural fairness  120, 121, 215, 216 Project group  129, 130, 184, 229 Proper procedure  109 Public  census  91, 342 emergencies  74, 115 figures  92 interests  5, 99, 105, 120, 147

Index

life  92 matter  93 policy  52, 155, 195, 198, 378, 385 safety  35, 60, 86, 95, 112, 113, 152, 213, 221, 240, 328, 349 sector  125, 146, 147 Publicising  152, 165, 167, 230, 231, 254, 403 Purpose specification principle  95, 149-152, 218, 263, 293

Q

Quality of data  139, 142, 147, 148, 152, 158, 166, 172, 174, 194, 196-198, 200, 247, 334

R

Racial discrimination  73, 245, 358, 359, 363, 364, 368, 371, 374, 405, 406, 407, 410 origin  189, 284, 406, 426 profiling  244, 245, 374, 406 Racism  57, 59, 380 Random checks  387, 388, 391 stops  291, 388 Reactive control  160, 170, 171, 172 Reasonable expectations  94, 152, 162 Reasonableness  34, 169, 236 Recommendation R (87)  15 Refugee  6, 10, 15, 17, 62, 64, 72, 127, 129, 188, 263, 266, 268, 275, 302, 324, 341, 342, 363, 364, 365, 367, 359, 371, 372, 373, 380, 386, 398, 413, 414, 415 law  72, 302 status  263, 275 Regional level  69, 123 Residence permit  50, 190, 194, 266, 275, 316, 317, 334, 351, 377, 379, 380, 391 Retention of records  89, 90, 93-95 data  197, 242, 248, 263, 293, 294, 346, 347, 348 Retina recognition  336 Retrieval of information  103 Right of access  80, 87, 97-99, 145-148, 155, 166, 193, 196, 198-199, 200, 210, 212, 225. 226, 227, 228, 229, 234, 238, 239, 240, 242, 255, 276, 285, 288, 293, 300, 354, 355, 403, 425 of correction  145, 146, 166, 172, 198, 200, 224, 225, 239, 271, 276, 288, 289, 294, 300, 402

of rectification  88, 145, 147, 424, 425 of erasure  143, 145, 147, 275, 276, 424, 425 of blocking  143, 147, 224, 275 to object  147, 148 Rigorous checks  45 Rule of law  10, 30, 33, 50, 60, 68, 75, 81, 83, 86, 109, 111, 114, 120, 159, 160, 168, 212, 219

S

Scanned documents  299 Schengen Acquis  20, 21, 25, 26, 27, 28, 29, 30, 31, 32, 34, 39, 42, 43-50, 64, 82, 180, 190, 197, 211, 224, 231, 232, 233, 421, 426 Agreement  8, 10, 12, 21, 26, 27, 28, 39, 40, 42, 44, 129, 131, 132, 183, 231, 380, 386 area  8, 37, 39, 44, 51, 52. 53, 54, 55, 57, 68, 82, 159, 175, 186, 191, 192, 213, 214, 220, 228, 244, 248, 256, 257, 321, 362, 363, 364, 373, 375, 379, 380, 384-392, 406 territory  190, 216, 219, 227, 233, 236, 362, 363, 392 countries  21, 22, 25, 26, 28, 45, 53, 82, 124, 125, 180, 183, 184, 191, 199, 200, 202, 215, 225, 240, 242, 247, 321, 330, 361, 363, 371, 375, 377, 383, 386, 387, 388 catalogue  233, 367, 384 Central Committee  13, 27, 29 uniform visa  53, 233, 234, 298, 363, 367 Second generation SIS  181 Secondary identifier  332 Secrecy  50, 62, 155, 230 Sectoral  87, 123, 128 Secure documents  320 Security intelligence services  194 deficit  5, 7, 8 measures  48, 86, 246 of data  158, 174, 194, 195-196, 246, 247, 248, 249, 274 paradigm  37, 43, 50, 60-64 risk  93, 365, 379 standards  317 Self-determination  11, 145, 157, 158 Sensitivity  29, 31, 56, 102, 103, 104, 135, 136, 154, 169, 255 Serendipity  20 SIRENE Bureaux  203, 212, 246, 249, 251, 253, 308 Manual  180, 203, 204, 211, 212, 230, 231, 233, 237, 248, 303, 304, 420

465

466

Index

SIS II  12, 14, 38, 49, 50, 128, 181, 182, 185, 186, 187, 188, 189, 190, 191, 193, 194, 196, 197, 204, 208, 222, 246, 248, 252, 253, 257, 279, 296, 297, 300, 310, 302, 305, 306, 325, 327, 330, 331, 351, 390, 391, 404, 405, 418, 419-427 Social mores  150 sorting  346 Soft law  129 Software  17, 146, 149, 168, 235 Sources of law  24-35 Sovereignty  4, 54, 55, 71, 260, 389 Specific and legitimate  150 Spot checks  387, 391 Statute law  70, 107, 124 Stephanie Mills  219, 240 Storage manual  93 automated  93, 281 Stranger society  318 Strasbourg  77, 79, 87, 89, 103, 107, 113, 114, 120, 124, 151, 184, 292, 294 Subjective data  141, 189 Subsidiarity  116 Supervisory Board  263, 265 Supplementary information  187, 188, 202, 203, 204, 205, 206, 207, 241, 242, 247, 279, 290, 291, 295, 301, 457 Surveillance society  85, 159 Switzerland  23, 42, 90, 93, 96, 102, 104, 107, 108, 110, 209,210, 211, 334, 337, 339, 340

T

Tampere  78, 408, 444 Tapping  90, 101, 107, 108, 230, 346 Telecommunications  63, 123, 128, 346 Telephone communications  90 Terrorism  7, 10, 57, 59, 60, 61, 62, 63, 83, 118, 183, 185, 204, 245, 261, 263, 265, 280, 286, 303, 304, 308, 317, 318, 327, 332, 343, 345, 349, 358, 374, 398 Terrorist   attacks  xxiii, 43, 63, 190, 244, 280, 305, 306, 307, 319, 398, 418 database  194, 345 groups  63 list  63, 366, 379 Third country nationals  40, 64, 191, 192, 194, 306, 331, 351, 361, 363, 364, 368, 370, 378, 386, 408, 409, 410, 411, 423

Third parties  98, 99, 100, 101, 147, 155, 286, 287, 288, 292, 423, 424, 425 Three months  52, 53, 288, 322, 363, 380 Tokens  320 Trail of information  344 Trajectories; trajectory  3, 4, 5 Transparency and proportionality  xxiii, 6, 37, 38, 85, 86, 89, 99, 102, 113, 121, 136, 137, 155, 158, 161, 162, 163, 164, 175, 205, 209, 257, 279, 291, 295, 301, 311, 315, 316, 348, 352, 359, 367, 368, 371, 373, 397, 398, 401, 412, 415 Transparency obligations  144, 148-152 Travaux préparatoires  21 Transportation Security Administration (TSA)  61

U

Unalienable rights  71 Unanimity  48, 72, 409 Undercover operations  389 Understandability  230, 232, 233, 403 Undesirable alien  219, 373 Uniform visa  53, 233, 234, 298, 363, 367 Universal Declaration of Human Rights  71, 72, 260, 262, 263, 264, 416, 454 US-VISIT  61, 64, 305, 331 USA Patriot Act  61, 331 Usurped identity  206, 241

V

Vehicle trafficking  280 Video footage  91, 94 images  94 surveillance  344, 346 Visa lists  53, 233, 234, 366, 367 ombudsman  368 policy  53, 296, 406 waiver  61, 317, 331 Voluntary (IDs)  90, 104, 321, 323

W

Waiver programme  317, 331 Watch list  61. 335, 366, 379 Written guidance  237

X

Xenophobia  57, 59