Tuesday, 9 April 2019
EU Regulations: Referral to Joint Committee
I welcome the opportunity to debate what is before us and what will I expect be before the Joint Committee on Justice and Equality tomorrow morning. However, we will oppose both motions on the basis that we have serious concerns about the implications in the protection of citizens' data in the future, for both non-EU and EU citizens. Although in principle, interoperability means connecting the information contained in several existing databases, this initiative will, in reality and practice, result in the creation of a new giant database that will contain the personal information of tens and perhaps hundreds of millions of people in the longer run, including information collected for very different purposes, both for migration control and crime prevention, both of which have, unfortunately, been somewhat conflated in this specific proposal, despite the fact that they are quite different.
Ireland was authorised to participate in certain non-border aspects of the Schengen acquis by Council Decision 2002/192/EC, principally police and judicial co-operation. There are already sufficient safeguards in place, with Ireland already availing of the Schengen information system for security purposes, as well as being linked with Europol and having signed up to other databases such as SIS, VIS and Eurodac, as well as entry-exit databases. I note the serious concern expressed by the European Data Protection Supervisor which has warned the Parliament and the Council that interoperability would "change the way legal principles have been interpreted in this area so far and would as such mark a ‘point of no return’." It has called for extreme caution and a wider political debate before adopting the proposal.
We discussed the general data protection regulation, GDPR, a lot last year. It is a matter for the European Union and its institutions which can bring forward legislative proposals that can adopt an independent approach to the GDPR. On the principles that underpin the GDPR, Article 5 states:
Personal data shall be:(a) processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
It is unclear to me how this proposal complies the principles the GDPR outlined. It is unclear how the creation of a mega database which is explicitly stated to hold the biometric data of citizens and third country citizens complies with the requirement related to specified, explicit and legitimate purposes. It has been called Orwellian by some MEPs and I would be inclined to agree that it is certainly a step in the wrong direction. By 2017 the Schengen information system had been accessed more than 5.1 billion times by member states. In opting in to these protocols we consent to other member states having access to our citizens' information, much of which is personal in nature. The European Council's press release on the matter states:
The regulations introduce the possibility of using facial images for identification purposes, in particular to ensure consistency in border control procedures. It also allows for the inclusion of a DNA profile to facilitate the identification of missing persons in cases where fingerprint data, photographs or facial images are not available or not suitable for identification.
We will grant all member states the right to access such data and once a person is on one of the databases, he or she cannot get off it, despite the fact that he or she may have committed no criminal offence. There may have been a question about an asylum application or such, yet the person will go through this process and it will follow him or her for the rest of his or her life. He or she will be stuck in this database. Recently the Department of Employment Affairs and Social Protection found itself in a little trouble with the Data Protection Commissioner on this issue. I know that there is an investigation into whether the public services card system is legal, but I warn the Minister to take note of that episode in the context of how this jurisdiction manages data and how we will deal with it at a European level.
The system seeks to merge the areas of migration and crime prevention for reasons which I believe are ultimately political. They are conflated to a point that is wrong. The European Data Protection Supervisor states:
[Repeatedly] referring to migration, internal security and the fight against terrorism almost interchangeably brings the risk of blurring the boundaries between migration management and the fight against crime and terrorism. It may even contribute to creating assimilation between terrorists, criminals and foreigners.
I do not think we should have anything to do with it.