IT security system threatens EU rights
-
Italian police ID check asylum seekers (Photo: Alice Latta)
Efforts at the EU level to better coordinate IT systems – to fight crime, terrorism, and manage migration – drew a sharp rebuke from the EU's Fundamental Rights Agency (FRA).
FRA's director, Michael O'Flaherty, told MEPs on Monday (29 May) that making the numerous databases more interoperable poses serious fundamental rights issues and could lead to discriminatory profiling.
Join EUobserver today
Become an expert on Europe
Get instant access to all articles — and 20 years of archives. 14-day free trial.
Choose your plan
... or subscribe as a group
Already a member?
He also said that interoperable databases are very likely to be highly attractive for those trying to access personal data by illegal means.
"This could include organised crime groups, as well as hackers linked to foreign governments seeking to prevent political opponents from leaving those states," he said.
The EU has been working, in the aftermath of the Paris and Brussels attacks in 2015 and 2016, to figure out better ways of sharing information on security and borders among authorities in different member states.
The move is part of a broader strategy behind the EU's security union to link up all EU information systems for security, border, and migration management.
Some, like the EU's counter-terrorism coordinator, Gilles de Kerchove, want facial image scans to replace fingerprints in the systems.
But the more immediate plan includes improving existing databases such as the Schengen Information System (SIS), which issues alerts on missing and wanted people, and the irregular migration database, Eurodac, among others.
The European Commission has also proposed a new EU entry-exit system to modernise external border management, and the European travel information and authorisation system (Ecris) to gather advanced information on people travelling visa-free to the EU.
Next month, the commission also plans on proposing legislation to expand the powers of eu-Lisa, the EU agency that hosts the big IT systems.
Plans are also underway to set up a so-called European search portal, a shared biometric matching service, and a common identity repository.
The European search portal is an interface that allows police and border guards to enter queries and receive responses from the various databases.
The shared biometric matching service means fingerprint data held in all information systems will be more easily available to police forces.
The common identity repository means core identity data – such as names, date of births, or genders – of people in the systems will only be stored once, to avoid duplication.
The EU commission says the plan is not to create one big database where everything is interconnected, but rather to better streamline existing databases and make them speak to each other.
But while O'Flaherty noted the advantages behind the plans, he also pointed out some risks.
He noted that making those systems interoperable will increase the chances that personal data is unlawfully shared with other countries outside the EU.
Such breaches pose serious risks to people seeking international protection, as well as to their families.
He said officials are also more likely to see information they are not entitled to, which could influence the decisions of the person concerned.
The worry is amplified if a person's personal data is incorrect. Inaccurate information entered into one system is passed onto another.
FRA has already documented numerous instances where inaccurate data has been entered into existing databases in the areas of borders, visas, and asylum.
"We asked staff at selected EU consulates how often they or their colleagues see incorrect personal data entered into one of the IT systems, half the staff we interviewed reported incidences of wrong matches or inaccurate data," O'Flaherty said.
Communication problems
The biometric data of minors is also a big issue. As children grow older, their physical development may reduce the reliability of biometric data over time.
The commission argues that the sharing of accurate and reliable information is crucial following the terrorists attacks around Europe.
"One of the major causes of these problems is that the systems are, on occasion, unable to communicate and share information between one system and another," said EU security commissioner Julian King.
King, who was speaking alongside O'Flaherty, noted that the core task behind the plan is to make all centralised EU information systems interoperable.
The information systems included would be: "the Schengen Information System, the Visa Information System, Eurodac, the proposed EU entry-exit system, the proposed Etias, and the proposed European Criminal Records and Information System for third country nationals," said King.