The Commission envisages to create interoperability between the different large-scale information systems in the Area of Freedom, Security and Justice (AFSJ). Diana Dimitrova will elaborate on the interoperability concept in two blog posts. The first (and present) one will primarily describe the concept itself. The second post will critically assess several of the proposed interoperability elements through the lens of data protection.
The Interoperability Vision
The concept of interoperability between information systems which implement EU policies in the Area of Freedom, Security and Justice (AFSJ) has been under development for more than a decade. In its Communication of April 2016, the Commission set out in more concrete terms its vision with regards to the interoperability of existing and future AFSJ information systems. These information systems are, amongst others, the second generation Schengen Information System (SIS II), the Visa Information System (VIS), Europol data, the newly proposed Entry Exit System (EES) and the European Travel Information and Authorization System (ETIAS). The four tiers of interoperability, as presented by the Commission in 2016, are:
- a Single Search Interface (SSI) which would simultaneously query the different background databases and produce combined results,
- interconnectivity of databases which allows them to consult each other,
- the establishment of a shared Biometric Matching Service (BMS) which will serve the various information systems, and
- a common repository of data for the different information systems.
Concrete proposals on how to implement this vision into practice followed soon after, e.g. in the EES and ETIAS proposals. In the meantime the Commission established a High Level Expert Group on Information Systems and Interoperability (HLEG), which advises the Commission on the strategic vision for interoperability and its concrete implementation. The Presidency seems to favour the vision, proposing even further measures in the direction of interoperability.
Interoperability in practice
The EES and ETIAS proposals, as well as the amendment proposals on the SIS II, contain details on how interoperability could be implemented. Examples include interoperability between the EES and ETIAS, between the EES and VIS and between the SIS II and ETIAS. One can briefly summarize the proposals as follows:
- The proposed EES would be a new database where the entry and exit records of Third Country Nationals (TCNs) who enter the EU for a short stay would be recorded. The data stored on this database would include alphanumeric and biometric data (facial image and fingerprints). Pursuant to the proposal, the EES could be consulted directly via the Visa Information System (VIS) and vice-versa.
- The proposed ETIAS mirrors existing programmes such as the US ESTA. It would invite TCNs who are visa-exempt (TCN VE) to fill out in advance an online form with their alphanumeric data. This will be used to screen the applicant for security, health and illegal immigration risks against several information systems, e.g. SIS II, but also against a newly established watchlist by EUROPOL. Interoperability elements are, e.g. the proposed common repository of data with EES, automatic communication of certain newly entered alerts in the SIS II, e.g. on entry bans for TCNs, for a cross check with ETIAS, and similar data retention periods of 5 years with EES. Article 10 of the ETIAS proposal refers in general terms to the future interoperability between the ETIAS and the other AFSJ systems, i.e. not only the SIS II and EES.
- There are several proposed enhancements to the SIS II (here, here and here), which is an information system containing alerts on entry bans for TCNs, on people and objects wanted for law-enforcement purposes and soon also possibly on return decisions and “unknown wanted persons,” i.e. a perpetrator is not known but it is believed that the fingerprints found at a crime scene belong to him. Amongst others, the novelties would enable 1:n biometric searches with the biometrics stored on the SIS II. The proposed synergy with other biometric systems in terms of the biometric data to be processed, the possible shared BMS with other information systems for 1:n face and fingerprints searches and proposed interconnection with Interpol are noteworthy. The potential inclusion of DNA data could enhance the interoperability with Prüm.
The Interim Report of the HLEG from December 2016 discussed further interoperability options. For instance, BMS could become an SSI for all biometric systems, e.g. SIS II, VIS, EES and Europol, and produce “hit/no-hit” flags. The “hit” flag against a system would mean that someone’s biometric data is recorded in the respective system. The BMS could extend also to purely national data. The common BMS can be seen as the other side of the SSI coin. This would mean that alphanumeric and biometric data across the different information systems could be simultaneously searched.
As to the common repository of alphanumeric data, the Interim Report takes it beyond the proposed ETIAS and EES. The purpose of such a repository would be to avoid blind spots and fragmentation of data, which is attributed to the purpose limitation principle. The common repository of identity data and the shared BMS would allow for single identifications using biographical and/or biometric data. The report, however, reminds us that interoperability would have to comply with the access rights of the authorities to the data in the individual systems.
It may not come as a surprise that these initiatives raise important data protection issues. These will be critically discussed in the second part of this blog.
This blog has been funded by the European Commission FP7 project FastPass (A harmonized, modular reference system for all European automated border crossing points) under Grant Agreement No: 312583. It reflects the personal opinion of the author and does not represent the views of the FastPass consortium.