Schengen CrossNational Surveillance and Data Protection

1
Schengen Cross-National Surveillance and Data
Protection

• Erasmus/LLM Lecture
• 03.04.2008
• Stephen K. Karanja
• Senior Researcher
• Norwegian Centre for Human Rights (NCHR)
• University of Oslo
• Faculty of Law
• s.k.karanja_at_nchr.uio.no
• http//www.folk.uio.no/stephenk/

2
Introduction

• Origins Development of the Schengen
  Co-operation
• Objectives of the Schengen Co-operation
• The Schengen Information System
• Surveillance in Society
• Data protection issues in the Schengen
• New Legislation in the Area

3
Origins Development of Schengen co-operation

• What is Schengen?
• Area of free movement of persons
• Origins of Schengen
• Intergovernmental co-operation
• Schengen Agreement 1985
• Schengen Convention - 1990
• Five original members
• 1995 implementation of Schengen commenced
• 15 members 13 EU member States and 2 Non-EU
  member States
• United Kingdom and Ireland participate
  partially
• Switzerland admitted also
• Membership expanded to 30 with admission of new
  EU members
• Incorporation to EU Law
• Amsterdam Treaty 1997
• Title IV TEC (1st Pillar) External borders
  Immigration, visa asylum co-operation
• Title VI TEU (3rd Pillar) police, crime and
  judicial co-operation
• Area of Freedom, Security and Justice
• EU Constitution
• Abolishes the Pillar system - Article 1-7 on
  legal personality

4
Schengen Surveillance System

• Objectives of Schengen Convention
• Free movement Removal of internal border
  control
• Enhance Security compensatory measures
• After Amsterdam Area of Freedom, Security and
  Justice
• Targets in Cross-National Border Surveillance
• Persons wanted and unwanted
• Objects lost, stolen, seized, etc.
• Surveillance and Border Control Policies
• Enhancement of External Border Policy
• Immigration (Visa) Policy
• Asylum/Refugee Policy
• Police Co-operation and exchange of information
  Policies
• Justice and Criminal Co-operation Policy
• Implementation of Surveillance Policies
• Schengen Information System - (SIS) - SIS II
• Related Border Surveillance Systems

5
Changes in places of control

• External borders
• Internal borders
• Transfer of controls to the external border.
• Spreading of controls inside the Schengen area.
• Transfer of controls outside Schengen area

6
SIS Related Border Surveillance Systems
SIS
Europol
Eurodac
EVIS
CIS
Interpol
7
Proposed New Systems

• Entry and Exit Register
• Target non-European Visitors not requiring a visa
  to enter EU bloc
• EUROSUR
• European Border Surveillance System
• For all land and maritime borders
• To detect unauthorized border crossing
• Reduce death of illegal immigrants at sea
• Increase internal security of the EU
• ETA Electronic Travel Authorization
• Applicable to TCN not subject to the visa
  obligation
• PNR European Passenger Name Record
• In-flying airlines required to give access upon
  request to data processed by their reservations
  and departure control system esp. PNR
• API Advanced Passenger Information
• Pan-European system for exchanging passenger
  information

8
The Schengen Information System

• Search database (Alerts)
• Persons wanted and unwanted
• Objects lost, stolen, etc
• Purpose Art. 92
• Enhancing co-operation between border control
  authorities police, immigrations and customs
  authorities Art. 92(1).
• Specific purpose Art. 93
• Maintaining public policy, public security and
  national security
• Control of Crime
• Controlling movement of persons
• Immigration control

9
Technical Aspects Functioning

• CP-A Contracting Parties A
• NSIS National Schengen Information System
• CSIS Central Schengen Information System
• Flow of Data
• Search

SIRENE
NSIS CP-B
NSIS CP-A
CSIS
NSIS CP-C
NSIS CP-D
10
Technical Aspects Functioning SIS II
11
Surveillance in Society

• Definition of Surveillance and Control
• Surveillance - systematic or continuous
  observance
• Any form of systematic attention to whether rules
  are obeyed, to who obeys and who does not, and to
  how those who deviate can be located and
  sanctioned. (James Rule)
• Control not systematic but specific.
• The application of concrete measures to forestall
  or discourage disobedience. (James Rule)
• Is Surveillance and Control Necessary?
• Protection of Society
• From Criminal Elements Terrorism 11 September
  2001, 11 March 2004 and London 7 July 2005
• To ensure rules are obeyed visa, asylum rules
  etc.
• What Level of Surveillance and Control is
  Acceptable?
• Total Surveillance and Control
• Big Brother - George Orwell -1984 ?
• Panaopticon Jeremy Bentham Michel Foucault?
• No or no adequate safeguards
• Democratic Control and Surveillance?
• Democratic Society
• Control safeguards

12
Surveillance in a Democratic Society

• The Concept of Democratic Society
• Human Rights Understanding of Democratic
  Society Art. 29 (2) UDHR
• By a democratic society is meant a state governed
  by rule of law and respect for human and
  individual rights. i.e there is a democratically
  elected parliament that makes laws that respect
  human rights and judicial institutions that
  supervise the respect for rule of law. (Karanja)
• Klass Others v. Germany (1983) 18 EHRR 305 49
• the European Court of Human Rights (ECtHR) stated
  that, a law may pose danger of undermining or
  even destroying democracy on the ground of
  defending it.
• The mere existence of a measure is enough for a
  violation of the Convention. The implementation
  of the measure is not necessary. Amann v.
  Switzerland Judgment 16.02.2002
• It affirmed that the Contracting Parties may
  not, in the name of the struggle against
  espionage and terrorism, adopt whatever measures
  they deem appropriate.
• the Court further observed, the Court must be
  satisfied that, whatever system of surveillance
  is adopted, there exist adequate and effective
  guarantees against abuse.

13
Safeguards in Klass Others v. Germany

• Safeguards are relative and depend on all the
  circumstances of the case such as-
• The nature, scope and duration of the possible
  measure
• The grounds required for ordering such measures
• The authorities competent to permit, carry out
  and supervise such measure and
• The kind of remedy provided by the national law.
• Other Cases
• Leander v. Sweden (1987) Series B, No. 99
• Amman v. Switzerland (above)
• The authorities did not destroy the information
  when it emerged that no charge was being prepared
  against the applicant.
• Rotaru v. Romania ( judgment of 04.05.2000)
• Information affecting national security may be
  gathered, recorded and archived in secret files
• There was no limit on the exercise of those
  powers
• i.e. What kind of information that may be
  recorded, the kind of people targeted.
• Circumstances in which the measures may be taken
  and the procedure to be followed.
• No limits on the age of information held or the
  length of time for which it may be kept
  (Deletion).

14
Schengen Safeguards Against Surveillance - I

• Minimum Data Protection Level
• National Data Protection Law
• 1981 Council of Europe Convention
• Recommendation R (87) 15 for exchange of data on
  police work
• EC Directive 95/46 not applicable - But SIS II
  partially
• Data Registered in the SIS
• Strict categories of data stated
• On Persons Art. 94 (3)
• On Objects Art. 99 (4) 100
• SIS II to expand on data to be entered
• Photographs,and Fingerprints
• Linking of Alerts
• Visa database for visas used (granted refused)
  (VIS)
• Visa to contain biometric data
• Consequences increase of registered data
  number of persons registered increase of
  surveillance in society

15
Safeguards Against Surveillance - II

• Principles of Data Protection in the Schengen
• Purpose Limitation Principle Arts. 95 -100
  102
• Data Quality Principle
• Duration for Storage of Data Arts. 112 113
• Correctness, up-to- datedness, lawfulness of data
  Art. 105
• Security Principle Arts. 101, 102, 103 118
• Data Subject Participation
• Right of Access Art. 109
• Rights of Correction Deletion Article 110
• Right to Request Verification of Data Art. 114
  (2)
• Sensitive Data
• Registration prohibited Article 94
• External Control
• Supervision National Joint (JSA)
• Judicial Control National courts, ECJ ECHR
• ECJ - Judgement 31 January 006 in Case C-503/03,
  Commission v. Spain
• Parliamentary Control National EP

16
Finalities (purpose) for Recording Personal Data
Arts. 95 - 100

• arrest in view of extradition - Art. 95
• foreign nationals to be refused entry - Art.
  96SIS expansion to include Registers on all
  foreign nationals protestors
• search in case of disappearance Art. 97
• arrest in view of appearance in court of justice
  e.g. witnesses - Art. 98
• Discreet surveillance - Art. 99
• Objects sought for purposes of seizure or
  evidence in criminal proceedings - Art. 100
• New alerts under SIS II

17
Recent Database Statistics 01.01.2008
18
Distribution of WP Main Records by Article
01.01.2008
19
Adequacy and Effectiveness of safeguards I

• Finalities wide vague arts. 96 99
• Lack of clear criteria guidance for
  registration
• Stephanie Mills case - Art. 96
• Mrs Forabosco case refusal of asylum
• EU citizens registered under Art. 96 Feb. 2006
  figures 503 persons
• Lack of clear criteria guidance for search
• Tribunal Administratif de Paris v. Saïd 1996 Art.
  96
• Art. 99 (3) can be used for political reasons
• e.g. surveillance on trade unionists,
  demonstrators, political opponents etc.
• Esp. EU summits International meetings in
  Europe
• Need for harmonization in use of Article 99 at
  national level
• Sensitive Data to be recorded Art. 93 para. 2
• Individual Participation
• Few exercise the right
• Lack of information
• Administrative obstacles
• Difficult to know whether one is registered
• No means of exercising it from the country of
  origin
• Difficulty to obtain reasons

20
Adequacy and Effectiveness of safeguards II

• Security of data
• Access to data
• Appr. 125,000 terminals in 2004 (18 Members
  States)
• To increase with new EU Members admission (12
  more Member States)
• Number of persons with access authority enormous
• The lists of national authorities differ
• Belgian scandal
• Regulation left to national law where the
  Convention is silent
• Clear source for divergence
• Supervision inadequate
• National supervisory authorities have different
  rules, budgets and powers
• Joint Supervisory authority lacks independent
  budget and investigative powers
• International Judicial control
• ECJ - lack of individual complaint
• ECHR exhaustion of national remedies required
• supplementary data exchange SIRENE
• Legal basis doubtful
• Clearer under SIS II legislation
• National law

21
Enhancing Safeguards in Schengen - I

• SIS II Proposed Legislation -2005
• Regulation
• Decision

22
Enhancing Safeguards in Schengen - II

• Proposal of a Council Framework Decision on the
  protection of personal data in the framework of
  police and judicial cooperation in criminal
  matters 2005
• The protection of personal data in Title VI of
  the EU-Treaty Third Pillar
• In many aspects, the revised proposal even falls
  below the level of protection afforded by
  Convention -108
• The text is vague. It is not drafted clearly,
  simply and precisely, which makes it difficult
  for the citizens to identify their rights and
  obligations unambiguously
• The exchange of personal data between pillars.
  From first pillar to third pillar (PNR) and vice
  versa e.g. no fly lists, common visa.
  Consequently, data protection principles in the
  first pillar must apply also to the third pillar
• Member States' given full discretion in the
  application of uniform data protection
  principles.
• Article 3 is far too broad and does not cover an
  appropriate limitation of the purposes for
  storage.
• Article 12 of the proposal lays down a very broad
  and not clearly defined series of derogations to
  the purpose limitation principle in the context
  of personal data received from or made available
  by another Member State.
• The need to ensure an adequate level of
  protection when personal data are transferred to
  third countries or international organizations,
  and that mechanisms ensuring common standards and
  coordinated decisions with regard to adequacy are
  put in place.
• Transfer of personal data to private parties or
  non law enforcement authorities - has no specific
  guarantees.
• The current proposal does not provide for any
  specific guarantees on access and further use by
  law enforcement authorities of personal data
  collected by private parties.
• The current proposal fails to comply with the
  principles of Recommendations No R (87) 15 and to
  address the fundamental issue of access and
  further use by law enforcement authorities of
  personal data controlled by private parties.
• It does not provide for specific safeguards with
  regard to biometric data and DNA-profiles.

23
Effects of Cross-border Surveillance

• Increase in surveillance
• Presences of many personal information databases
• Sharing of data possible
• Interpol and SIS share motor vehicle data
• Call for more data sharing
• New technologies for collecting personal
  information biometrics
• Face recognition passports and visas
• Fingerprints passports and visas
• Iris recognition - airports
• New laws that allow for increased processing of
  personal data
• 9/11 Report calls for data sharing
• After 11/4 Madrid
• calls for data sharing legislation
• Interoperability of databases (SIS, Eurodac,
  Interpol VIS)
• Schengen III (Prum) Convention for sharing
  police data among CP.
• The Hague Program Availability of data
  principle calls for intense exchange of
  personal data among Member States
• Must be justified
• In accordance with the law
• Legitimate aims

24
Conclusion

• Schengen and cross-border surveillance system
  should be brought under stringent democratic
  control, data protection and human rights
  compliance, in order to avoid the pitfalls of
  total surveillance and maintain an acceptable
  level of surveillance in society

25
References

• Stephen Kabera Karanja The Schengen
  Co-operation Consequences for the Rights of EU
  Citizens. Published in "Mennesker og rettigheter
  Årgang 18 Nr. 3 2000." 215 - 222.
• Stephen Kabera Karanja The Schengen Information
  System in Austria An Essential Tool in Day to
  Day Police and Border Control Work? Published in
  Journal of Information, Law and Technology (JILT)
  20 March 2002 Issue 1. http//www2.warwick.ac.uk/f
  ac/soc/law/elj/jilt/2002_1/karanja/
• Stephen Kabera Karanja SIS II Legislative
  Proposals 2005 Gains and Losses! Published in
  George Philip Krog og Anne Gunn B. Bekken (Red.)
  Yulex 2005 (ISBN 82-7226-094-8) Institutt for
  rettsinformatikk og Unipub forlag. 2005 81-103.
• http//folk.uio.no/stephenk/pub/