250 likes | 260 Views
Schengen Cross-National Surveillance and Data Protection. Erasmus/LLM Lecture 03.04.2008 Stephen K. Karanja Senior Researcher Norwegian Centre for Human Rights (NCHR) University of Oslo Faculty of Law s.k.karanja@nchr.uio.no http://www.folk.uio.no/stephenk/. Introduction.
E N D
Schengen Cross-National Surveillance and Data Protection Erasmus/LLM Lecture 03.04.2008 Stephen K. Karanja Senior Researcher Norwegian Centre for Human Rights (NCHR) University of Oslo Faculty of Law s.k.karanja@nchr.uio.no http://www.folk.uio.no/stephenk/
Introduction • Origins & Development of the Schengen Co-operation • Objectives of the Schengen Co-operation • The Schengen Information System • Surveillance in Society • Data protection issues in the Schengen • New Legislation in the Area
Origins & Development of Schengen co-operation • What is Schengen? • Area of free movement of persons • Origins of Schengen • Intergovernmental co-operation • Schengen Agreement – 1985 • Schengen Convention - 1990 • Five original members • 1995 implementation of Schengen commenced • 15 members – 13 EU member States and 2 Non-EU member States • United Kingdom and Ireland – participate partially • Switzerland admitted also • Membership expanded to 30 with admission of new EU members • Incorporation to EU Law • Amsterdam Treaty 1997 • Title IV TEC (1st Pillar) External borders: Immigration, visa & asylum co-operation • Title VI TEU (3rd Pillar) police, crime and judicial co-operation • Area of Freedom, Security and Justice • EU Constitution • Abolishes the Pillar system - Article 1-7 on legal personality
Schengen Surveillance System • Objectives of Schengen Convention • Free movement – Removal of internal border control • Enhance Security – compensatory measures • After Amsterdam: Area of Freedom, Security and Justice • Targets in Cross-National Border Surveillance • Persons – wanted and unwanted • Objects – lost, stolen, seized, etc. • Surveillance and Border Control Policies • Enhancement of External Border Policy • Immigration (Visa) Policy • Asylum/Refugee Policy • Police Co-operation and exchange of information Policies • Justice and Criminal Co-operation Policy • Implementation of Surveillance Policies • Schengen Information System - (SIS) - SIS II • Related Border Surveillance Systems
Changes in places of control • External borders • Internal borders • Transfer of controls to the external border. • Spreading of controls inside the Schengen area. • Transfer of controls outside Schengen area
SIS & Related Border Surveillance Systems SIS Europol Eurodac EVIS CIS Interpol
Proposed New Systems • Entry and Exit Register • Target non-European Visitors not requiring a visa to enter EU bloc • EUROSUR • European Border Surveillance System • For all land and maritime borders • To detect unauthorized border crossing • Reduce death of illegal immigrants at sea • Increase internal security of the EU • ETA – Electronic Travel Authorization • Applicable to TCN not subject to the visa obligation • PNR – European Passenger Name Record • In-flying airlines required to give access upon request to data processed by their reservations and departure control system esp. PNR • API – Advanced Passenger Information • Pan-European system for exchanging passenger information
The Schengen Information System • Search database (Alerts) • Persons – wanted and unwanted • Objects – lost, stolen, etc • Purpose Art. 92 • Enhancing co-operation between border control authorities: police, immigrations and customs authorities Art. 92(1). • Specific purpose Art. 93 • Maintaining public policy, public security and national security • Control of Crime • Controlling movement of persons • Immigration control
Technical Aspects & Functioning SIRENE NSIS CP-B • CP-A – Contracting Parties A • NSIS – National Schengen Information System • CSIS – Central Schengen Information System • Flow of Data • Search NSIS CP-A CSIS NSIS CP-C NSIS CP-D
Access Point in a Member State (NI-SIS) Central SIS (CS-SIS) NationalSystem (NS) CommunicationInfrastructure Search Technical Aspects & Functioning – SIS II
Surveillance in Society • Definition of Surveillance and Control • Surveillance - systematic or continuous observance • Any form of systematic attention to whether rules are obeyed, to who obeys and who does not, and to how those who deviate can be located and sanctioned. (James Rule) • Control – not systematic but specific. • The application of concrete measures to forestall or discourage disobedience. (James Rule) • Is Surveillance and Control Necessary? • Protection of Society • From Criminal Elements – Terrorism 11 September 2001, 11 March 2004 and London 7 July 2005 • To ensure rules are obeyed – visa, asylum rules etc. • What Level of Surveillance and Control is Acceptable? • Total Surveillance and Control • Big Brother - George Orwell -1984 ? • Panaopticon – Jeremy Bentham & Michel Foucault? • No or no adequate safeguards • Democratic Control and Surveillance? • Democratic Society • Control & safeguards
Surveillance in a Democratic Society • The Concept of “Democratic Society” • Human Rights Understanding of “Democratic Society” – Art. 29 (2) UDHR • By a democratic society is meant a state governed by rule of law and respect for human and individual rights. i.e there is a democratically elected parliament that makes laws that respect human rights and judicial institutions that supervise the respect for rule of law. (Karanja) • Klass & Others v. Germany (1983) 18 EHRR 305 § 49 • the European Court of Human Rights (ECtHR) stated that, “a law may pose danger of undermining or even destroying democracy on the ground of defending it”. • The mere existence of a measure is enough for a violation of the Convention. The implementation of the measure is not necessary.Amann v. Switzerland Judgment 16.02.2002 • It affirmed that “the Contracting Parties may not, in the name of the struggle against espionage and terrorism, adopt whatever measures they deem appropriate. • the Court further observed, “the Court must be satisfied that, whatever system of surveillance is adopted, there exist adequate and effective guarantees against abuse.”
Safeguards in Klass & Others v. Germany • Safeguards are relative and depend on all the circumstances of the case such as:- • The nature, scope and duration of the possible measure; • The grounds required for ordering such measures; • The authorities competent to permit, carry out and supervise such measure; and • The kind of remedy provided by the national law. • Other Cases • Leander v. Sweden (1987) Series B, No. 99 • Amman v. Switzerland (above) • The authorities did not destroy the information when it emerged that no charge was being prepared against the applicant. • Rotaru v. Romania ( judgment of 04.05.2000) • Information affecting national security may begathered, recorded and archived in secret files • There was no limit on the exercise of those powers • i.e. What kind of information that may be recorded, the kind of people targeted. • Circumstances in which the measures may be taken and the procedure to be followed. • No limits on the age of information held or the length of time for which it may be kept (Deletion).
Schengen Safeguards Against Surveillance - I • Minimum Data Protection Level • National Data Protection Law • 1981 Council of Europe Convention • Recommendation R (87) 15 for exchange of data on police work • EC Directive 95/46 – not applicable - But SIS II partially • Data Registered in the SIS • Strict categories of data stated • On Persons – Art. 94 (3) • On Objects – Art. 99 (4) & 100 • SIS II – to expand on data to be entered • Photographs,and Fingerprints • Linking of Alerts • Visa database for visas used (granted & refused) (VIS) • Visa to contain biometric data • Consequences – increase of registered data & number of persons registered – increase of surveillance in society
Safeguards Against Surveillance - II • Principles of Data Protection in the Schengen • Purpose Limitation Principle – Arts. 95 -100 & 102 • Data Quality Principle • Duration for Storage of Data – Arts. 112 & 113 • Correctness, up-to- datedness, lawfulness of data Art. 105 • Security Principle – Arts. 101, 102, 103 & 118 • Data Subject Participation • Right of Access – Art. 109 • Rights of Correction & Deletion – Article 110 • Right to Request Verification of Data – Art. 114 (2) • Sensitive Data • Registration prohibited Article 94 • External Control • Supervision – National & Joint (JSA) • Judicial Control – National courts, ECJ & ECHR • ECJ - Judgement 31 January 006 in Case C-503/03, Commission v. Spain • Parliamentary Control – National & EP
Finalities (purpose) for Recording Personal Data Arts. 95 - 100 • arrest in view of extradition - Art. 95 • foreign nationals to be refused entry - Art. 96SIS – expansion to include Registers on all foreign nationals & protestors • search in case of disappearance Art. 97 • arrest in view of appearance in court of justice e.g. witnesses - Art. 98 • Discreet surveillance - Art. 99 • Objects sought for purposes of seizure or evidence in criminal proceedings - Art. 100 • New alerts under SIS II
Adequacy and Effectiveness of safeguards I • Finalities wide & vague – arts. 96 & 99 • Lack of clear criteria & guidance for registration • Stephanie Mills’ case - Art. 96 • Mrs Forabosco case – refusal of asylum • EU citizens registered under Art. 96 – Feb. 2006 figures 503 persons • Lack ofclear criteria & guidance for search • Tribunal Administratif de Paris v. Saïd 1996 Art. 96 • Art. 99 (3) can be used for political reasons • e.g. surveillance on trade unionists, demonstrators, political opponents etc. • Esp. EU summits & International meetings in Europe • Need for harmonization in use of Article 99 at national level • Sensitive Data to be recorded Art. 93 para. 2 • Individual Participation • Few exercise the right – • Lack of information • Administrative obstacles • Difficult to know whether one is registered • No means of exercising it from the country of origin • Difficulty to obtain reasons • Lack of prior notification of an entry
Adequacy and Effectiveness of safeguards II • Security of data • Access to data • Appr. 125,000 terminals in 2004 (18 Members States) • To increase with new EU Members admission (12 more Member States) • Number of persons with access authority enormous • The lists of national authorities differ • Belgian scandal • Regulation left to national law where the Convention is silent • Clear source for divergence • Supervision inadequate • National supervisory authorities have different rules, budgets and powers • Joint Supervisory authority lacks independent budget and investigative powers • International Judicial control • ECJ - lack of individual complaint • ECHR exhaustion of national remedies required • supplementary data exchange – SIRENE • Legal basis doubtful • Clearer under SIS II legislation • National law
Enhancing Safeguards in Schengen - I • SIS II Proposed Legislation -2005 • Regulation • Decision
Enhancing Safeguards in Schengen - II • Proposal of a Council Framework Decision on the protection of personal data in the framework of police and judicial cooperation in criminal matters – 2005 • The protection of personal data in Title VI of the EU-Treaty – Third Pillar • In many aspects, the revised proposal even falls below the level of protection afforded by Convention -108 • The text is vague. It is not drafted clearly, simply and precisely, which makes it difficult for the citizens to identify their rights and obligations unambiguously • The exchange of personal data between pillars. From first pillar to third pillar (PNR) and vice versa e.g. ‘no fly lists’, common visa. Consequently, data protection principles in the first pillar must apply also to the third pillar • Member States' given full discretion in the application of uniform data protection principles. • Article 3 is far too broad and does not cover an appropriate limitation of the purposes for storage. • Article 12 of the proposal lays down a very broad and not clearly defined series of derogations to the purpose limitation principle in the context of personal data received from or made available by another Member State. • The need to ensure an adequate level of protection when personal data are transferred to third countries or international organizations, and that mechanisms ensuring common standards and coordinated decisions with regard to adequacy are put in place. • Transfer of personal data to private parties or non law enforcement authorities - has no specific guarantees. • The current proposal does not provide for any specific guarantees on access and further use by law enforcement authorities of personal data collected by private parties. • The current proposal fails to comply with the principles of Recommendations No R (87) 15 and to address the fundamental issue of access and further use by law enforcement authorities of personal data controlled by private parties. • It does not provide for specific safeguards with regard to biometric data and DNA-profiles.
Effects of Cross-border Surveillance • Increase in surveillance • Presences of many personal information databases • Sharing of data possible • Interpol and SIS share motor vehicle data • Call for more data sharing • New technologies for collecting personal information – biometrics • Face recognition – passports and visas • Fingerprints – passports and visas • Iris recognition - airports • New laws that allow for increased processing of personal data • 9/11 Report calls for data sharing • After 11/4 Madrid • calls for data sharing legislation • Interoperability of databases (SIS, Eurodac, Interpol & VIS) • Schengen III (Prum) – Convention for sharing police data among CP. • The Hague Program – Availability of data principle – calls for intense exchange of personal data among Member States • Must be justified • In accordance with the law • Legitimate aims • Necessary in a democratic society
Conclusion • Schengen and cross-border surveillance system should be brought under stringent democratic control, data protection and human rights compliance, in order to avoid the pitfalls of total surveillance and maintain an acceptable level of surveillance in society
References • Stephen Kabera Karanja:The Schengen Co-operation: Consequences for the Rights of EU Citizens.Published in "Mennesker og rettigheter Årgang 18 Nr. 3 2000." 215 - 222. • Stephen Kabera Karanja:The Schengen Information System in Austria: An Essential Tool in Day to Day Police and Border Control Work?Published in Journal of Information, Law and Technology (JILT) 20 March 2002 Issue 1.http://www2.warwick.ac.uk/fac/soc/law/elj/jilt/2002_1/karanja/ • Stephen Kabera Karanja:SIS II Legislative Proposals 2005: Gains and Losses!Published in George Philip Krog og Anne Gunn B. Bekken (Red.): Yulex 2005 (ISBN 82-7226-094-8) Institutt for rettsinformatikk og Unipub forlag. 2005: 81-103. • http://folk.uio.no/stephenk/pub/