Smart Borders package: Unproportionate & unnecessary data collection
“The proposal is fear-driven and fear-triggering at the same time, placing emphasis on a putative need to protect the EU from those coming from outside.”
(Extract from EDRi’s response to the consultation)
In an attempt to overcome the failed proposal from 2013 on the Smart Borders package, the European Commission launched a consultation to prepare a revised text, to which EDRi submitted its response on 29 October 2015. The new EU Entry/Exit System (EES) plans to extend biometric ID checks to all non-EU nationals entering or leaving the EU. Despite the numerous questions about the costs and serious implications to civil liberties raised in relation to the 2013 proposal, the European Commission seems decided to give it another try.
The Smart Borders Package, which is aimed at improving the management of migratory flows , consists of three legislative proposals: (1) a Regulation establishing an EU Entry/Exit System (EES); (2) a Regulation establishing a Registered Traveller Programme (RTP) and (3) a Regulation amending the Schengen Borders Code to take into account the establishment of the EES and the RTP.
EDRi’s submitted the position that such a vast collection of sensitive personal data risks undermining the right to privacy of millions of people. As any other restriction of fundamental rights, this measure needs to be guided, inter alia, by the necessity and proportionality test of the Article 52.1 of the Charter of Fundamental Rights of the European Union. The new entry system could include biometric ID checks including the collection of ten fingerprints and facial images. The Commission has yet to demonstrate clearly why these privacy invasive measures are necessary, effective and proportionate, and whether the system could operate without some or all of them.
In our submission we mentioned the need to learn from the case law of both the European Court of Human Rights (ECtHR) and the Court of Justice of the European Union (CJEU), and recalled that if an intrusive measure such as data retention was to be considered, the legislators would have the obligation to verify the “proportionality of the interference”. Therefore, no data retention mandates should be approved until a credible, independent test, proving compliance with CJEU and ECtHR case law has been conducted. In addition to the European courts, the issue of biometric databases has been the subject of debate in various Member States, for example in the French Constitutional Court.
Once the European Commission has analysed the responses, it will produce a legislative proposal. This proposal needs to take into account the concerns that were raised before and that are still under analysis by experts like the EU Fundamental Rights Agency. As we have seen with the Safe Harbor agreement and the Data Retention Directive, legislation which was in clear violation of EU core norms can lead to the violation of citizen’s rights that can drag on for years, as well as costs for companies, citizens and the European courts. The Commission and the European Parliament cannot fail again and drag us into years of litigation, nor can it leave it to the CJEU to fix the breaches of fundamental rights law that they willfully or negligently foist on individuals. The EU needs to produce the right policies to achieve its goals, and stop suggesting the dragnet collection of personal data as the solution to all European problems.
Response from EDRi to the Smart Borders Consultation (29.10.2015)
EDRi-gram: France: Biometric ID database found unconstitutional (28.03.2012)
Biometric data in large EU IT systems in the areas of borders, visa and asylum – fundamental rights implications
(Contribution by Diego Naranjo, EDRi)