Privacy watchdog warns of 'fuzzy' data sharing plans

The EDPS is Peter Hustinx, the person responsible for monitoring the processing of personal data by the Community institutions and bodies. His 26-page opinion on three proposals related to the Second Generation Schengen Information System, known as SIS II, was published today.

Hustinx welcomed some aspects of the proposals, including measures in favour of victims of identity theft and a better definition of the grounds for alerting individuals for the purpose of refusing entry to a country.

But he commented that "additional safeguards" were necessary to balance the new functionalities and widened access introduced by the Commission proposals. "It is essential that a consistent and high level of data protection is ensured, thereby providing legal certainty to all people concerned," he said.

SIS is the system that currently enables competent authorities to obtain information regarding certain categories of persons and property in relation to the free movement of people and police cooperation. SIS II will replace the current intergovernmental Schengen Information System with EU legislation and enable the enlargement of the Schengen area to the new Member States.

The three proposals provide for a complex framework in which one single information system – the SIS II – will rely on different legal bases. The data protection regime therefore becomes highly complex. The proposals are also linked to legislation which is not yet adopted. Hustinx warned that this results in a legal uncertainty which is unacceptable for the people concerned.

"Given this legal context and the great impact of the proposals for the people concerned, it is regrettable that the European Commission has not elaborated an explanatory memorandum or a proper impact assessment study," he wrote.

The SIS II proposals, just as the Proposal for a Visa Information System (VIS), provide for the possibility to process biometric data (fingerprints and photographs). The EDPS notes again that the reliability of biometrics seems to be overestimated. The possibility to process biometric data requires a careful consideration of the risks involved as well as specific safeguards which can match those risks, he argued.

Access is currently based on the principle that only an (authorised) authority is granted access in order to perform an (authorised) action. However, the proposed rules may also provide for access to data by an authority which is not competent to take the action foreseen in the alert, and thus only 'for information'. This constitutes a fundamental change to the current system and increases the risks of abuse, which necessitates even more stringent safeguards.

Another element of the proposals that increases the risks for the data subjects is the interlinking of alerts. Although this may be a useful investigation tool, it may also lead to incorrect conclusions and unfair treatment of innocent persons. In no case should the introduction of SIS II result in the situation whereby the national provisions on access to data are diluted: if, for instance, a police officer in a Member State is currently refused access to immigration data, he or she shall not be granted it by the introduction of SIS II.

The question of data quality deserves particular attention. The Joint Supervisory Authority of Schengen has reported that during investigations in some Member States, it emerged that more than 30% of the immigration data was incorrect or outdated. Adequate rules on the rights of the data subject are crucial in this respect, said Hustinx.

Finally, he found that the supervisory tasks of the national data protection authorities with respect to SIS II are not fully consistent.

"There is some fuzziness in the attribution of competences between Member States and the Commission," he wrote. "Clarity is paramount as it is not only necessary for the smooth running of the system, but also a basic requirement to ensure a comprehensive supervision of the system."