The new Schengen Information System - Anybody in control?
20.12.05 @ 14:06
The European Parliament and member states are about to vote in January on three delicate proposals from the European Commission concerning the new generation of the Schengen Information System.
These proposals raise serious concerns, as they do not fully comply with important European data protection principles.
The Schengen Information System (SIS) represents one of the key instruments of police and judicial cooperation in Europe. It allows for a fast exchange of data from police and asylum authorities between the participating countries. Being in the SIS can have far-reaching consequences for individuals: persons on the black list (so-called "aliens") are refused entry to the Schengen territory.
The European Commission is currently mandated by the Council [member states] to create a new generation of this information exchange tool - SIS II. The European Commission presented its proposals and the main data protection bodies – the European Data Protection Supervisor (EDPS) and the Joint Supervisory Authority of Schengen (JSA) - have put forward their comments on these proposals.
Their opinions make it clear that the proposals do not duly meet European data protection standards. As a consequence, the European Parliament must use all its authority to make sure that dangerous elements of the proposals get eliminated.
Important change of nature
The key characteristic of the new generation of the SIS is its change of nature as opposed to the earlier SIS scheme.
The current SIS is a mere hit/no hit - system. This means that if a person is in the system, the competent national authorities will execute the respective order given by SIS. Thus, a Belgian Police agent would for instance arrest a person in Belgium when he notices that the SIS asks for the arrest of this person.
However, in the future, SIS II will also serve for investigative purposes, providing authorities with the possibility to actively search the system. Consequently its potential will be much broader and more risky, because more (investigative) possibilities also mean an increased risk of violating the fundamental rights of citizens.
It is a common principle of data protection that an enhanced potential of intrusion into citizens' privacy must be accompanied by enhanced safeguards. The following three examples show that this is not the case under the current proposals.
The new categories of data in SIS II will include biometric data. This category is highly delicate since it constitutes, as its name suggests, 'live data'. Fingerprints and pictures for instance represent nothing but 'snapshots' of their subjects, taken at a certain moment. However, the respective persons - and as a consequence their biometric characteristics, too - might change over time.
Experience shows that no computer program is perfect and that individuals sometimes happen to get "caught" through a biometric data recognition system by mistake.
The EDPS mentions in its report the illustrative example of a US lawyer who was imprisoned for two weeks in June 2004. The FBI had matched his fingerprints with the ones found in the Madrid terrorist bombing. He was only released when the FBI realised that the fingerprint matching process had been erroneous and as a result had led to a misinterpretation.
Biometric information becomes especially delicate if it serves investigative purposes and if additionally its potential is overestimated. This is the case in the proposals of the European Commission. No appropriate impact assessment has been provided that would thoroughly identify the risks which this delicate category produces.
A crucial element lies in the establishment of high quality data standards. If, for instance, a picture provided for investigating a person is of poor quality, the risk of confusion later on is significant. Hence, the definition of quality standards - something which is not yet assured in the commission's proposals - is key in avoiding situations like unjust imprisonment.
Europol can use SIS II for own purposes
A second problematic issue is the broadened access to SIS II. The rule has been that only some national authorities have access to SIS and that the purposes of the use of data are clearly predefined in SIS legislation.
This will be different in SIS II where Europol and Eurojust can get access to data and use it for their own purposes. Both bodies already gained access by a council [member states] decision of 24 February 2005.
The current proposals are unsatisfactory, as they do not specify the purposes for which Europol and Eurojust can exploit the data. The expression to be found in the proposal, stating that they have access "necessary for the performance of their tasks", is certainly too broad. What "necessary" means would be interpreted in practice by Europol and Eurojust.
A third problematic point lies in the judicial remedies on which a citizen can rely. Somebody who finds himself/herself by mistake in the SIS, must have the possibility to go to court and to ask for erasure or rectification of data.
However, this right appears to be territorially limited in the proposals. The respective provisions restrict this right to "any person in the territory of any Member State".
This means that individuals who are unduly refused entrance in the Schengen area would have no judicial possibility to contest this, since they can not be, for obvious reasons, physically in the territory of any member state.
The abovementioned concerns must be observed in the light of some important democratic deficits in the Schengen mechanism.
In the field of police and judicial cooperation in criminal matters, the applicable decision-making procedure is the so-called consultation procedure. Under this procedure, the European Parliament can only shape decisions by providing an opinion. It has no actual decision-making powers.
The limited powers of the European Parliament are all the more problematic as the national parliaments have largely lost their influence in the area of police and judicial cooperation by the integration of the Schengen mechanism into the EU structure. Consequently, no directly elected institution is part of the decision-making process.
Since the European Parliament has been marginalised by the council [member states] and the European Commission, chances are good that it will take a critical position towards the proposals for SIS II – even if it will just be in the form of an opinion.
A clear message by MEPs, as well as increased public awareness of the deficits of SIS II, will be crucial in order to avert the setting up of a new information system which runs the risk of endangering citizens' fundamental rights.
Simon Planzer is a Brussels-based attorney-at-law and alumnus of the College of Europe. He expresses his personal views.