Tuesday, 9 April 2019
EU Regulations: Referral to Joint Committee
There is a Big Brother aspect to this operation and there does not seem to have been much debate about fundamental rights, proportionality or the safeguarding of data. I have a number of questions for the Minister of State. I do not know if I will get answers to them today, but perhaps I will get them at another time.
In April 2018 the European Commission's data protection working party, an independent European advisory body comprising employees of the Directorate-General for Justice and Consumers, published an opinion on interoperability between EU IT systems for border controls, international protection, migration, police and judicial co-operation. It highlighted the lack of analysis of data protection issues in the impact assessment given. It also found that no information had been given on which data protection regime would apply to which operation and that no evaluation of security measures needed for the EU-wide databases had been carried out. There had also been no analysis of less intrusive means to reach the goals set in the proposals. That is a damning report. Will the Minister of State provide details of any analysis carried out of interoperability in the meantime, specifically of data protection issues, the security measures needed, or less intrusive ways to achieve the same goals?
The European Commission's data protection working party also highlights that interoperability between IT systems as proposed by the European Union raises fundamental questions about the purpose of, necessity for and proportionality of the data processing involved, as well as concerns about the principles of purpose limitation, data minimisation, data retention and the clear identification of a data controller.
The European Union Agency for Fundamental Rights, FRA, has on a number of occasions expressed concern about the fundamental rights implications of interoperability with reference to eu-LISA. The impact of large-scale IT systems on fundamental rights remains largely unexplored territory. In 2017 the FRA issued a rebuke, warning that interoperability could lead to discriminatory profiling. What safeguards are in place to prevent the information from being accessed illegally?
The FRA has identified the issue of function creep whereby data collected for one reason, for example, asylum and migration, can then be used for other purposes such as internal security by law enforcement agencies. The FRA has found that the information technology systems established by the EU for asylum and migration management are increasingly being used for internal security reasons. What safeguards are in place to ensure that the databases that are not abused by law enforcement agencies carrying out checks on people inside the EU who may be subject to the check due to their colour, effectively racial profiling? The FRA has documented many instances in which inaccurate biometric or alphanumeric data has been entered into databases in the areas of borders, visas and asylum. This can result in a wrong Dublin Protocol transfer. It can lead officials to suspect identity fraud and can bar entry into the EU. It can even lead to a person being detained. If this data is accessed unlawfully the person can be put in unnecessary danger. Does the Minister of State have any concerns that the centralisation of this data will make it more difficult to spot inaccuracies and may actually put people in danger?
Article 5 of the general data protection regulation, GDPR, requires that third country nationals are informed of the relevant aspects of their personal data being processed in a transparent and easily understandable manner, in reality the right to information is often not upheld. The European Data Protection Supervisor, EDPS, has also raised concerns over interoperability, calling it a political rather than a technical choice. According to it, the decision of the EU legislator to make large-scale IT systems interoperable would not only permanently and profoundly change their structure and way of operating but would also change the way legal principles have been interpreted in this area so far and would as such be a point of no return.
The EDPS called for further debate on the issue in order to figure out how to protect fundamental rights. These IT systems deal with migration, the fight against terrorism and serious crime. As the EDPS points out referring to these terms almost interchangeably risks conflating all the issues and ultimately could lead to a perceived link between terrorists, criminals and migrants. Considering the recent swing to the right across most of Europe and worrying incidents such as the protests against the Roma in Italy, is the Minister of State not concerned that supporting the securing of Europe is pushing us further down a dangerous road towards racism and exclusion which goes against the fundamental principles of the EU?