Data surveillance and border control in the EU: Balancing efficiency and legal protection of third country nationals

1 Introduction

The Schengen Information System (SIS) has often been described as the keystone for the abolishment of internal border control between the Schengen States. SIS is a a large-scale data base which includes information on millions of objects and individuals and is shared by different European States for different purposes. The major part of the information stored into SIS on individuals, concerns third country nationals to be refused entry to the Schengen territory. However, SIS is not the only large scale data basis used at the European level. Other mechanisms of data sharing and data collection have been developed with the purpose of controlling immigration and safeguarding security, such as Eurodac and Europol. At the EU level, different proposals are being negotiated on the extended use of the SIS, the establishment of a new Visa Information System, the use and storage of biometrical data, and the possibility to interconnect the different EU databases. In the light of these developments, two questions are becoming more and more important. Firstly, how do the EU policy makers, drafting these plans, assess the efficiency and added value of these data surveillance mechanisms? Secondly, is the legal protection of individuals stored into these database sufficiently taken into account in the decision making process?

In the first part of this contribution, I will give an overview of the actual developments with regard to ‘datasurveillance and border control’ in the European Union. It describes the actual use and content of SIS, the development of the so-called second generation SIS (SISII) and other databases, and the future plans with regard the use of biometrics and interconnecting the different databases. In the second part, I will describe the importance of making the right choices at the right moment. I will conclude by arguing that the technical, political, and legal choices which are now to be made at the EU level, will have a major effect on the future protection of individual rights and liberties.

2 SIS: its purpose and actual use

SIS is operational since 26 March 1995 and is regulated in the Schengen Convention of 1990 (hereafter referred to as the SC). Starting with only the three Benelux countries and France and Germany, SIS is meanwhile used by 15 states: thirteen EU Member States, and, on the basis of a separate agreement, Iceland and Norway. In the near future, SIS is to be used by at least 28 European States. UK, Ireland are negotiating to get access to SIS. With the referendum of 5 June 2005, Switzerland recently agreed to sign the Schengen Convention, which includes the use of SIS. The accession of Switzerland is provided for in 2008. Finally, dependent on whether these countries provide for sufficient technical and legal guarantees, the 10 new EU Member States are planned to get access to SIS in 2007 to the second generation SIS (see section 3.2).

The SIS includes more than 15 millions records on objects and persons. [1] More than one million of these records concern persons who are wanted for different purposes. In accordance with the category as regulated in the SC, this includes:

 persons wanted for arrest or extradition (Article 95);

 third country nationals (non EU and non EEA citizens) to be refused entry (Article 96);

 persons missing or to be placed under temporary police protection (Article 97);

 witnesses or other persons summoned to appear in court (Article 98);

 persons (or vehicles) wanted for ‘discreet surveillance’ or specific checks (Article 99).

Whether a national authority has access to SIS, is dependent of the purpose for which a person or object has been stored into SIS. Each year, a list of competent authorities, authorised to search directly SIS, should be forwarded to the Council. [2]

About 90 % of all data on persons stored into SIS concerns data on third country nationals to be refused entry. On the basis of Article 96 SC, third country nationals stored into SIS for the purposes of refusal of entry, can be divided into two categories. Firstly, these records are based on public order or national security grounds, this may include third country nationals who are convicted for an offence, which is penalized by a deprivation of liberty of at least one year or who are suspected of either having committed serious criminal offences. The first category also includes persons against whom there is a serious suspicion he or she will commit serious criminal offences on the territory of one of the Schengen States. Secondly, persons can be recorded into SIS when they have not complied with national immigration law, and therefore have been subjected to measures of deportation, refusal of entry or removal.

The criteria of Article 96 SC are not very transparent or limitative and are being applied very differently in the contracting States. Until now the national practice has not been reviewed, but the Schengen Joint Supervisory Authority (JSA) has initiated in 2003 a coordinated evaluation on the national implementation of the Article 96 criteria, to be carried out by the national data protection authorities. This evaluation awaits publication, but based on some initial reports, one can conclude that the Schengen States are applying the Article 96 criteria very differently. [3] Data stored into SIS does not always meet the criteria of Article 96 and national data protection authorities discovered that time limits for the storage of these data have been exceeded.

The lack of centralized, regularly updated information, makes it difficult, not to say impossible, to asses the added value and practical usefulness of the use of SIS. The last annual report on the implementation of the Schengen Convention of the Schengen Executive Committee appeared in 1999: this report held data on the use of SIS in 1998. After this report, information on the amount of records in SIS in 2000 and 2001, were only published accidentally and by different organisations. For example, the Schengen Joint Supervisory Authority (hereafter JSA) published in its respectively fourth and fifth annual report, data on the content of the SIS. However no such information was included in the sixth report of the JSA on 2002-2003. There are some statistical data included in the ‘Report of the ad hoc group for the study of 3rd pillar information systems’ of the Council in 2003. [4]

Between 1999 and 2005, the following information can be derived from different reports on the total amount of records on persons in SIS. (The author did not find any information on 2002):

1999 [5]

Total of persons entered into SIS: 855.887

Article 95: 10.419

Article 96: 764.851 (89 %)

Article 97: 27. 436

Article 98: 35.806

Article 99: 17.365

2000 [6]

Total of persons entered into SIS: 842.255

Article 95: 10.914

Article 96: 750.347 (89 %)

Article 97: 28.362

Article 98: 35.297

Article 99: 17.335

2001 [7]

Total of persons entered into SIS: 803.160

Article 95: 11.628

Article 96: 709.763 (88 %)

Article 97: 29.132

Article 98: 30.763

Article 99: 21.874

2003 [8]

Total of persons entered into SIS: 877.655

Article 95: 14.023

Article 96: 780.992 (89 %)

Article 97: 32.211

Article 98: 34.413

Article 99: 16.016

2004 [9]

Total of persons entered into SIS: 883.511

Article 95: 14.902

Article 96: 785.631 (89 %)

Article 97: 34.400

Article 98: 32.696

Article 99: 15.882

2005 [10]

Total of persons entered into SIS: 818.673

Article 95: 15.012

Article 96: 714.078 (87 %)

Article 97: 36.235

Article 98: 35.317

Article 99: 18.031

With regard to the numbers of ‘hits’ based on SIS, or in other words the number of times authorities find a record in SIS on when they check a person who is checked by these authorities, Article 96 hits produces as well the largest part. Data on hits are annually reported by the SIRENE bureaux to the General Secretariat of the Council. The last update, on the period between 1 January and 31 December 2004, has been published in 2005. [11] Looking at these data between 1997 and 2004, hits on third country nationals based on article 96 SC, concerned about 60-70 % from the total amount of hits on persons. [12] Interestingly, in 2004, the percentage of hits on third country nationals dropped to 57 % of the total amount of hits, which could be explained by the fact that SIS is being used more and more for other purposes as regulated in the Schengen Convention.

Relatively, if you compare the numbers of hits with the numbers of entries for each category, you see that reports on third country nationals to be refused entry, are the least successful, compared to the other categories. Based on these statistical data, one could conclude that the registration of third country nationals into SIS, in practice is less efficient compared with the records on persons stored for other purposes into SIS. This is illustrated by comparing the figures of 2001 and 2004 [13]:

In 2001:

Article 95: 2.841 hits, which is 24% of the total amount of records on article 95;

Article 96: 26.363 hits: 3,7 %

Article 97: 3.661 hits: 6 %

Article 98: 1.779 hits: 12 %

Article 99(persons): 2.232 hits: 10,2 %

In 2004, there was even a lower percentage of hits on third country nationals, compared with the number of records based on Article 96 SC in SIS:

Article 95: 3.813: 25,6 %

Article 96: 21 957: 2,8 %

Article 97: 1.984: 14,4 %

Article 98: 4.945: 15,1 %

Article 99 (persons): 2.989: 18,8 %

This information should be considered when assessing the added value of recording information on third country nationals to be refused entry in the EU territory. Although, the information stored in SIS concerns for a large majority third country nationals to be refused entry, the number of hits, and thus the actual effects of this storage, is relatively small compared to the number of hits on the other categories of persons stored into SIS.

New functionalities of SIS and the development of SIS II

3.1 Piecemeal approach: actual amendments of SISI

It is important to differentiate between the development of the second generation SIS (SIS II) and the actual amendments which have already been made or proposed for the actual SIS. [14] Apart from the development of SIS II (planned to be operational in 2007, see para. 3.2), the EU Member States have been negotiating different amendments of the actual SIS. In 2001, Spain submitted a proposal for a Decision and a Regulation on new functionalities for SIS. The Regulation, adopted on 29 April 2004, provides for a legal basis for the information sharing by SIRENE offices, provides for the possibility to add extra information stored into SIS (whether a person has escaped), and gives visa authorities the possibility of access to information on stolen identity papers. [15] The Regulation also include the duty to make a record of every transmission of personal data, instead of every tenth transmission, which allows to check unlawful use of SIS. The EU Council adopted the Decision on new functions for SIS on 24 February 2005. [16] This Decision provides for the access for Europol and Eurojust to SIS, however limited to their judicial and police tasks and not including data of Article 96, nor 97 SC.

Based on Article 9 of the Framework Decision on the Arrest Warrant of 13 June 2002, information on arrest warrants may be included into SIS, in accordance with the provisions of Article 95 of the Schengen Convention. [17] Further, on 24 January 2005, the Council for Agriculture an Fisheries adopted a common position on the exchange of information on stolen and lost passports between the ‘SIS countries’ and Interpol. Member States should, whenever they enter data on stolen passports in national databases or SIS, exchange these data immediately as well with Interpol. Finally, the Council adopted in June 2005 a Regulation to give vehicle registration authorities access to SIS data on stolen cars. [18]

3.2 Second generation SIS or SIS II: a ‘flexible tool’

Apart from the actual amendments with regard to the functioning of SIS, as described above, Member States are preparing since 2001, the development of the so-called «second generation SIS or SIS II». The initial reason for SIS II was the technical need to make SIS applicable for a larger group of states, after the accession of the 10 new Member States to the EU on 1 May 2004. From the beginning, however, the development of SIS II have been used as well for political discussions on possible new requirements or functions of SIS. Between December 2001 and June 2004, political agreement has been reached on the following functions: [19]

 SIS should remain hit-not hit based information system;

 it should be possible to interlink different alerts (which would allow authorities to check whether persons/object are registered in SIS for different purposes);

 the (non-mandatory) insertion of photographs;

 the (non- mandatory) insertion of fingerprints to be applicable to all alerts (95-99);

In the Council, new categories to be included in SIS have been proposed but not agreed upon: violent troublemakers; animals; works of art, minors to be precluded from leaving Schengen area

Regardless of the fact that on the political level, the decision on the final functions of SIS II is still awaiting its adoption, technically this system is already being developed to allow for various new functions. According to the principle of a «flexible tool», the Council decided in June 2003, to instruct the IT companies which are developing SIS II, to design SIS II as such to allow for new requirements whenever this is necessary. These possible new functions would include the addition of new alerts, the modification of the duration of alerts, the storage of biometric data (especially photographs and fingerprints), and the possibility to grant new authorities access to SIS. On 31 May 2005, the European Commission published three legislative proposals on the second generation SIS. [20] In these proposals, the categories of alerts or records to be kept in SIS remain almost unmodified. The draft Regulation includes a new drafting for the registration of third country nationals into SIS, which is based on a more harmonised approach for the conditions on the basis of which third country nationals may be recorded into SIS.

4 Other EU databases & developments

4.1 Eurodac

Eurodac is a database which includes fingerprints of asylum seekers and illegal immigrants seeking access to one of the European Member States. Eurodac became operational on 15 January 2003. [21] This database is based on the Dublin Convention of 1990 which includes rules for the establishment of the State which is responsible for an asylum application in the EU. This Dublin Convention has been replaced by the Council Regulation 343/2003 (Dublin II) of 18 February 2003. The purpose of Eurodac is to facilitate the determination of the responsible State, by controlling in which country an asylum seeker has forwarded his or her application for the first time, or in which country he or she stayed previously. Based on a so-called ‘hit’, which occurs when transmitted fingerprints match with the fingerprints already stored into Eurodac, Member States can retrieve whether an asylum seekers previously has stayed in another Member State.

National authorities should forward to the Central Unit of Eurodac the fingerprints of all individuals aged 14 years or over, who make applications for asylum, or who were apprehended when crossing illegally the borders. This unit will check whether the fingerprints forwarded by the national authority are already stored into the system. If so, the national state will be informed on this ‘match’ and on the Member State which previously forwarded the fingerprints. States may also forward fingerprints on persons found illegally present within their country. Eurodac only holds fingerprints and an identification number, but no name or other personal data. The data stored into Eurodac may only be checked to establish whether another Member State is to be held responsible for the asylum application.

A first annual report of the Commission has been published on 5 May 2004. [22] According to this report, from 15 January 2003 to 15 January 2004: 271 572 fingerprints were successfully transmitted to the central authority. From a total of 246 902 asylum applications recorded by Eurodac, 17 287 cases showed the same person already made on asylum application before (either in another contracting state or in the same state) thus 7 % of cases, multiple asylum applications. The annual report on Eurodac does not provide information on whether these ‘hits’ actually lead to transfer of person to state which is responsible for asylum application. It is therefore not possible to conclude whether by the use of Eurodac the goals of this system are actually achieved.

4.2 Visa Information System

In December 2004, the Commission presented a proposal for the establishment of a Visa Information System (VIS). [23] In this VIS, the EU Member States will have to store information on every visa issued; on every decision to examine an application for a visa; each visa which is refused, annulled, or revoked; and on each extension of a visa. This implies the storage of information on millions of third country nationals, each record to be stored for five years. VIS will also include information on the EU and non EU nationals inviting third country nationals.

From the start, VIS is planned as a multipurpose tool. The guidelines for the establishment of the ‘Visa Information System’, adopted at the meeting of 13 June 2002 of the JHA Council, describe as possible goals of VIS: the improvement of the functioning of the common policy in the field of visa; internal security and the fight against terrorism; fight against fraud; the prevention of visa shopping; the improvement of the possibilities to return illegal immigrants, and finally, the improvement of the application of the Dublin Convention. [24] Data will be used for the purpose of examining a visa application; the consultation between central national authorities in accordance with Article 17 (2) SC; checks at the external borders for verifying the identity of the person or authenticity of the visa; identification and return of illegal immigrants; the determination of the responsibility for asylum applications; and, for the examination of an asylum application. The actual proposal of the Commission does not regulate the consequences of being registered into VIS. It does not explicitly prohibits that based on a registration of a visa applicant into VIS, he or she could be refused a visa by the authorities of a Member State. The VIS proposal has been presented together with an Extended Impact Assessment on the added value of a new VIS. [25] In this report, four alternatives for the exchange of data on visa have been examined with regard to their various impacts on, for example, the efficiency of a common visa policy, its contribution to internal security, financial costs, and the impact on fundamental rights. The report, amongst others, refers to the «potential extremely grave consequences» of the use of such a VIS for travellers and to the high financial costs of the establishment of such a system. Also, it concludes that the effects of the use of VIS with biometrics for tracking terrorists or organized criminals will only be limited and dependent upon the effectiveness of other measures taken. In the light of these conclusions, it may surprise, that the Extended Impact Assessment report concludes that the option of a VIS supported by the use of biometrics is the best available solution for improving the common visa policy. The adoption of the VIS Regulation is foreseen for mid 2006. It is to be adopted by qualified majority vote and through co-decision with the European Parliament. As has been underlined by the rapporteur of the European Parliament for this subject, Sarah Ludford, the decision making on VIS has been made difficult as the Commission proposal does not regulate every future use or impact of VIS. [26] For example, in February 2005, the Council decided to give law enforcement authorities access to the future VIS. [27] The proposal as forwarded to the European Parliament, does not provide a draft regulation on this matter. Nor does it take into account the future plans on the interoperability of VIS with SIS II and other European databases.

4.3 Biometrics

On the national level and on the European level, governments are developing mechanisms through which individuals can be controlled through the use of biometric data. Biometrics can be described as ‘automated methods of recognising a person based on a physiological or behavioural characteristic’. These characteristics include fingerprinting, retinal and iris scanning, hand and finger geometry, voice patterns, facial recognition, and other techniques. Governments present the inclusion of biometric data in databases and in travel documents, as a new measure for different purposes: to prevent illegal immigration or visa shopping, to combat terrorism, to facilitate the return of rejected asylum seekers, etcetera. Until now, Eurodac is the most large-scaled data base of biometric data, namely fingerprints. However, in the future, biometrical data will be stored and used on a much larger scale. On the EU level, different decisions have been adopted with regard to the use of biometrics. On 13 December 2004, the Council adopted the Regulation 2252/2004 on biometric features in EU passports. [28] Despite the negative advice on this matter of the European Parliament, this Regulation allows for the central storage of the biometric data. Further, the EU Member States reached political agreement on the draft Regulation amending the uniform visa and residence permits to include biometric data. Due to technical reasons, this proposal still awaits final adoption. [29] The proposals on SIS II and VIS provide as well for the inclusion of biometrics (fingerprints) in these databases. There are discussions about the reliability of identification by using biometrics. The so- called ‘False Rejection Rate’ of the various biometric identifiers is still estimated between 0.5 and 1 %. This means, with an expected number of 20 million visa applicants as of 2007 in the EU, this could lead to 100.000 to 200.000 persons who will wrongly be rejected a visa or shall have troubles getting access to the EU. [30]

4.4 Differences between functioning/purpose of the EU systems

It is important to be aware of the different functions and purposes of the systems described above. The SIS is a multipurpose system, to be used by different authorities for different purposes. However, until now the access to SIS is strictly connected to each category of data registered into SIS. This means that authorities may only have access to those data which are necessary for the performance of their specific tasks. SIS is also to be considered as a ‘hit-no hit’ based database. SIS can initially only be used by authorities to check whether or not a specific person has been registered into SIS. If so, dependent on the category for which the person has been recorded, this ‘hit’ allows for specific measures which are defined in the provisions on each category of data in the SC. So, in principle, data on third country nationals to be refused entry on the basis of Article 96 SC, may not be used for criminal investigation purposes and SIS cannot be checked by any authority on any occasion.

Eurodac can also be considered as a hit- no hit data base, however with the special feature that national authorities do not have direct access to the information stored into Eurodac. Contrary to SIS, Eurodac has only one purpose, namely the establishment of which country is responsible for an asylum application. According to the Eurodac Regulation now, the information stored into Eurodac is not accessible for any other authority and may not be used for any other purposes.

The plans for VIS imply a multipurpose system. According to the actual political decisions, possible decisions to be based on a VIS registration could be: the refusal of entry or a visa; expulsion to the country of origin if the person has overstayed his or her visa, and the return of illegal immigrants. As we have seen, the EU Council decided to give law enforcement agencies access to VIS and there are plans to link VIS with other databases as well. Compared to Eurodac and SIS, VIS will be much more an investigative tool, to be used for different goals and by authorities with very different tasks.

4.5 Differences in the selection of persons to be recorded:

There are also differences with regard to the criteria on the persons to be stored into these databases described above. The selection of the persons to be registered into SIS is based on the personal behaviour of the person concerned, including for example: previous convictions, the presence of serious reasons to suspect somebody of committing or planning serious crimes, administrative decisions based on immigration law, and judicial decisions.

Eurodac includes fingerprints on every person applying for asylum in one of the EU Member States, or every person crossing illegally external borders or found illegally on the territory of a EU Member State. These persons should be 14 years and older and a non EU citizen. As mentioned above, Eurodac does not contain any personal information, but only these fingerprints and an identification number.

VIS should include data on every non EU-citizen applying for a visa, irrespective of his or her personal behaviour. The only criteria these visa applicants will have in common, are that they are nationals from countries which are on the EU ‘visa list’, and that they seek access to one of the EU Member States. Further, as we have seen, VIS is to contain data on every person (EU or non EU citizen) issuing an invitation for the visa applicant or liable for the costs for this applicant.

Finally, it is important to keep in mind the decisions to include biometrics in passports, travel documents, and residence permits of EU citizens and third country nationals residing in the EU. These proposals include the possibility that these data will be stored into a centralised database as well. This would mean that everyone, residing in the EU or with the nationality of one of the EU Member States and who for applies for a EU travel document, passport, or residence permit, will be registered into a EU database.

4.6 Interoperability of the different EU databases and the principle of availability

On 25 March 2004, in the Declaration on combating terrorism, the European Council invited the Commission to submit proposals for enhanced interoperability between SIS II, VIS, and Eurodac and to use this information for the fight and prevention of terrorism. A communication on ‘enhanced synergies between SIS II, VIS and Eurodac’ by the Commission is expected in 2006. [31] As we have seen, the multiple use of SIS is already invoked by the various new measures which provides for the access or use of SIS information by other organisations, like Europol, Interpol, national vehicle registration authorities, and Eurojust. But apart from the access of Europol authorities to SIS, the Commission announced as well to study the ‘development of links between SIS II and the Europol information system’ before 2007. [32]

In the ‘Hague Program on Area of justice, freedom and security’ of 2004, the ‘principle of availability’ was launched as a common standard for information sharing and exchange between the national law enforcement authorities. [33] This principle, which is to be further developed, is invoked as a motive to interlink different EU databases and to give authorities a wide access to these databases as well.

5 Protecting individuals: the importance of political, technical, and legal choices

5.1 Choices at the political level: transparency and assessment of added value

Until now, the EU policy on the use and amendments of EU databases, is characterised by a lack of transparency, which is enhanced by the piece meal approach by which the decisions are actually taken. In the last two-three years, the EU decision makers gradually extended the use, the functions, and the content of existing and planned databases. It is very difficult on the basis of the different decisions which have been adopted, to get an overall picture of the EU architecture for the future collection and sharing of personal information. This problem has also been addressed by the European Parliament.

A positive development is the principle which has been launched in the Hague program of November 2004 on the ‘assessment of added value of new EU databases’. According to this principle the added value should be established before the setting up of new large scale EU systems. A first example of the implementation of this principle has been the simultaneous presentation of new the draft Regulation on VIS with the report on the Extended Impact Assessment. Only, it remains very difficult to assess the objectivity of these ‘added value reports’. For example, with regard to VIS, it is questionable whether this Extended Impact Assessment report, in which only a few alternatives have been described, offers a sufficient basis for a balanced, well-informed decision on the establishment of VIS. With regard to the development of SIS II, it is surprising that SIS I never has been evaluated. As pointed out above, looking at the number of hits based on data on third country nationals, which forms the largest part of the data stored into SIS, it is important to keep in mind the relative small success of storing information on such a large group of persons. Policy makers should also be more explicit in balancing the expected positive effects of biometrics against the estimated rate of false recognition and the possibility of misuse of this information.

The obligation of recurring evaluations will remain very important with regard to the proposed EU information systems, from the moment they are operational. The Eurodac Regulation, but also the new proposals on VIS and SIS II include such an obligation for the Commission to report on the evaluation of these systems. But here again, everything depends on the objectivity in which these evaluations will take place. In the first annual report on Eurodac of 2003, the Commission seemed more eager to underline the success of Eurodac, than to point out the shortcomings of this system.

As we have seen above, the actual EU databases have been set up and designed for limited and specific goals. One could wonder whether their efficiency does not depend on these limitations and whether the proposals for interconnecting these systems, would not have negative effects for the reliability and use of these systems. With regard to SIS II, the EU Council decided that this should remain a hit/no hit system. However, the actual development, the choice for a flexible system, allowing more authorities to have access to SIS, the function of SIS II will change de facto in an investigative tool. [34] Policy makers should be more explicit about the fact that their plans for ‘interoperability’ of different systems, the extension of access to different authorities, and the use of biometrics, could alter the actual scope and content of EU databases.

5.2 Technical choices: ‘Privacy Enhanced Technology’

Until now, the important consequences of the choice for architecture of new databases and the use of biometrics for the rights and liberties of individuals receive only little attention in the decision making process. Which architecture and which biometrics are to be chosen, seem to be more an issue in the negotiations between politicians and IT companies, than in the public debate. For example, the fact that there are still strong doubts on the reliability of biometric identifiers, does not seem to be taken fully into account during the decision making process. Further, technical choices will have consequences for the question whether somebody knows he or she is being checked. For example: the use of contactless chip in visa or passport will make it possible to check persons without their knowledge. Are the devices on visa or passport based on a read-only mechanism or can they be altered by the controlling authorities? In its opinion on the draft Regulation on VIS, the European Data Protection Supervisor (EDPS) referred to the impact of the choice to embed a microchip or not in the visa, as this has consequences for the way the central VIS database is to be used. [35] The EDPS proposed with regard to the visa checks at the borders to amend the VIS proposal of the Commission as such to give competent authorities only access to the microchip on the issued visa, and not to the central database of VIS, as this would be disproportionate. Technically, it is also possible to include in passports or visa a device which makes it possible to follow the position of travellers by satellite. Policy makers should make clear and explicit choices on whether they want to allow or prohibit this kind of use. And when they have chosen for the latter option, they should exclude every kind of technology which would make this prohibited use possible.

5.3 Legal protection of individuals: clear criteria and extended rights

The legal framework of the ‘EU data surveillance architecture’ will be highly important, not only for the protection of individual rights, but also for the possibility of independent authorities to scrutinize the use of these systems. The storage and use of personal information is bound by rules of data protection. General rules are for example laid down in the EC Data Protection Directive of 24 October 1995. [36] More specific data protection provisions are incorporated in the regulations on the different instruments, including the Schengen Convention, the Eurodac Regulation, and the draft VIS Regulation. With regard to decision making based on information systems (rejection of visa; refusal of entry; expulsion; rejection of residence permit), the rules of national immigration and/or administrative law apply. The rules of immigration and asylum law are only to a certain extent harmonised on EU level. With regard to the content, scope, or effects of available remedies, the applicable European rules, both in immigration and in data protection law, are not very detailed. Procedural guarantees are left to the scrutiny of the national legislator and access to a judicial court is not always explicitly required. Until now, the EU rules on border control and visa applications do not provide for any explicit right to legal remedies at all.

Actually, the powers and the available means of independent data protection authorities are limited. Future legislation should at least include the possibility to impose heavy financial fines on governments which act in breach of the applicable rules and supervisory authorities should be equipped with sufficient means and staff to fulfil their tasks.

With regard to the role of national courts, there is still much unclear about the actual scope of the competence of national courts to assess the legitimacy of national decisions by authorities of another Member State, and about the binding force of their judgments in other Member States. Traditional interpretation of sovereignty rules, as well as the lack of harmonisation of the underlying rules on public order and security, seem to limit a broad competence for national courts to rule on the decisions of other Member States’ authorities. SIS I is based on the mutual recognition of national criteria on public order and security and of national decisions on ‘inadmissible aliens’. Harmonisation of these criteria will strengthen the possibility of national courts to assess the legitimacy of records in databases such as SIS. With regard to the registration of third country nationals into SIS II, the Commission has chosen for a more harmonised approach in her new proposal. [37]

The access to the courts is further hindered by the lack of knowledge on the applicable laws for lawyers and the individuals concerned. Access to effective remedies depends on the informed decision making: new instruments should therefore include clear rules on the duty to motivate decisions which are based on information stored in European databases. Positive developments are the proposed amendments of the Common Manual on Borders, which include amended standard form for refusals of entry at the border. [38] This standard form includes the obligation to indicate the reasons of refusal and references to national legislation relating to the right of appeal. The draft Regulation on the Community Code on the movement of persons across borders includes the duty that authorities when refusing entry should give a substantiated decision stating the procedures for appeal. [39]

The value of these latter rules depends of course on the availability of legal remedies at the national level. In the light of the actual developments, it will become more and more important that individuals encountering negative decisions based on ‘datasurveillance’ have an indiscriminate right to access to courts. This right should not depend on their nationality, legal status, or actual location. Persons being refused entry at the borders, or whose application for a visa has been rejected based on information stored into EU databases, should have effective remedies against these decisions, whether they are in the EU territory or not. [40]

Annex

Article 96 of the Schengen Convention:

Data on aliens for whom an alert has been issued for the purposes of refusing entry shall be entered on the basis of national alert resulting from decisions taken by the competent administrative authorities or courts in accordance with the rules of procedure laid down by law.

Decisions may be based on a threat to public policy or public security or to national security which the presence of an alien in national territory may pose. This situation may arise in particular in the case of: (a) an alien who has been convicted of an offence carrying a penalty involving deprivation of liberty at least one year; (b) an alien in respect of whom there are serious grounds for believing that he has committed serious criminal offences, including those referred to in Article 71, or in respect of whom there is clear evidence of an intention to commit such offences in the territory of a contracting party.

Decisions may also be based on the fact that the alien has been subject to measures involving deportation, refusal of entry or removal which have not been rescinded or suspended, including or accompanied by a prohibition on entry or, where applicable, a prohibition on residence, based on a failure to comply with national regulations on the entry or residence of aliens.

Article 111 of the Schengen Convention:

Any person may, in the territory of each contracting party, bring before the courts or the authority competent under national law an action to correct, delete or obtain information or to obtain compensation in connection with an alert involving them.

Article 15 of the draft Regulation on SIS II, COM (2005) 236:

Member States shall issue alerts in respect of third country nationals for the purpose of refusing entry into the territory of the member states on the basis of a decision defining the period of refusal of entry taken by the competent administrative or judicial authorities, in the following cases;

If the presence of the third country national in the territory of a Member state represents a serious threat to public policy or public security of any Member state based on an individual assessment, in particular if;

The third country national has been sentenced to a penalty involving deprivation of at least one year following a conviction of offence referred to in Article 2 (2) of Council Framework decision 2002/584/JHA on the European arrest warrant and the surrender procedures between member states;

The third country national is the object of a restrictive measure intended to prevent entry into or transit through the territory of member states , taken in accordance with Article 15 of the EU Treaty.

If the third country national is the subject of a re-entry ban in application of a return decision or removal order taken in accordance with Directive 2005/XX/EC [on Return].

Member States shall issue the alerts referred to in paragraph 1 in accordance with Article 25 (2) of the Schengen Convention and without prejudice to any provision which may be more favourable for the third country national laid down in:

Council Directive 2003/86/EC on the right to family reunification;

Council Directive 2003/109/EC concerning the status of third country nationals who are long term residents;

Council Directive 2004/81/EC on the residence permit issued to third-country nationals who are victims of trafficking in human beings or who have been the subject of an action to facilitate illegal immigration, who cooperate with the competent authorities;

Council Directive 2004/83/EC on minimum standards for the qualification and status of third country nationals or stateless persons as refugees or as persons who otherwise need international protection and the content of the protection granted;

Council Directive 2004/114/EC on the conditions of admission of third country nationals for the purposes of studies, pupil exchange, unremunerated training or voluntary service;

Council Directive 2005/XX/EC on a specific procedure for admitting third country nationals for purposes of scientific research.

Where the decision to issue an alert is taken by an administrative authority, the third country national shall have the right to a review by or an appeal to a judicial authority.

Article 30 of the draft Regulation on SIS II, COM (2005) 236

Any person in the territory of any Member State shall have the right to bring an action or a complaint before the courts of that Member State if he is refused the right of access to or the right to rectify or erase data relating him or the right to obtain information or reparation in connection with the processing of his personal data contrary to this Regulation.