Schengen CrossNational Surveillance and Data Protection LLM JUR

Schengen Cross-National Surveillance and Data Protection LLM JUR 5630 Lecture 19. 03. 2009 Stephen K. Karanja Senior Researcher Norwegian Centre for Human Rights (NCHR) University of Oslo Faculty of Law s. k. karanja@nchr. uio. no http: //www. folk. uio. no/stephenk/ Stephen K. Karanja - NCHR

Introduction • Origins & Development of the Schengen Cooperation • Objectives of the Schengen Co-operation • The Schengen Information System • Surveillance in Society • Data protection issues in the Schengen • New Legislation in the Area Stephen K. Karanja - NCHR

Aims of the Lecture • Understanding control and surveillance policies under the Schengen/EU regimes • The role of information technology in this • The level of acceptable surveillance and control in a democratic society • How data protection regulation mitigates the negative effects of surveillance and control through adequate and effective safeguards Stephen K. Karanja - NCHR

Origins & Development of Schengen cooperation • What is Schengen? – • Origins of Schengen – – – • Intergovernmental co-operation • Schengen Agreement – 1985 • Schengen Convention - 1990 Five original members 1995 implementation of Schengen commenced 15 members – 13 EU member States and 2 Non-EU member States • United Kingdom and Ireland – participate partially • Switzerland admitted also Membership expanded to 30 with admission of new EU members 24 Member States implementing Schengen from 2008 Incorporation to EU Law – • An area of free movement of persons Amsterdam Treaty 1997 • Title IV TEC (1 st Pillar) External borders: Immigration, visa & asylum cooperation • Title VI TEU (3 rd Pillar) police, crime and judicial co-operation • Area of Freedom, Security and Justice EU Constitution – Abolishes the Pillar system - Article 1 -7 on legal personality Stephen K. Karanja - NCHR

Schengen Surveillance System • Objectives of Schengen Convention – Free movement – Removal of internal border control – Enhance Security – compensatory measures • Targets in Cross-National Border Surveillance – Persons – wanted and unwanted – Objects – lost, stolen, seized, etc. • Surveillance and Border Control Policies – – – Enhancement of External Border Policy Immigration (Visa) Policy Asylum/Refugee Policy Police Co-operation and exchange of information Policies Justice and Criminal Co-operation Policy • Implementation of Surveillance Policies – Schengen Information System - (SIS) - SIS II – Related Border Surveillance Systems Stephen K. Karanja - NCHR

Changes in places of control • • • External borders Internal borders Transfer of controls to the external border. • • Spreading of controls inside the Schengen area. Transfer of controls outside Schengen area Stephen K. Karanja - NCHR

SIS & Related Border Surveillance Systems SIS CIS Stephen K. Karanja - NCHR Europol EVIS Eurodac Interpol

Proposed New Systems • Entry and Exit Register – Target non-European Visitors not requiring a visa to enter EU bloc • EUROSUR – – – European Border Surveillance System For all land maritime borders To detect unauthorized border crossing Reduce death of illegal immigrants at sea Increase internal security of the EU • ETA – Electronic Travel Authorization – Applicable to TCN not subject to the visa obligation • PNR – European Passenger Name Record – In-flying airlines required to give access upon request to data processed by their reservations and departure control system esp. PNR • API – Advanced Passenger Information – Pan-European system for exchanging passenger information Stephen K. Karanja - NCHR

The Schengen Information System • Search database (Alerts) – Persons – wanted and unwanted – Objects – lost, stolen, etc • Purpose Art. 92 – Enhancing co-operation between border control authorities: police, immigrations and customs authorities Art. 92(1). • Specific purpose Art. 93 – Maintaining public policy, public security and national security • Control of Crime – Controlling movement of persons • Immigration control Stephen K. Karanja - NCHR

Technical Aspects & Functioning SIRENE NSIS CP-A NSIS CP-B CSIS NSIS CP-D – CP-A – Contracting Parties A – NSIS – National Schengen Information System – CSIS – Central Schengen Information System – Flow of Data – Search Stephen K. Karanja - NCHR NSIS CP-C

Technical Aspects & Functioning – SIS II National System (NS) Access Point in a Member State (NI-SIS) Communication Infrastructure Search Stephen K. Karanja - NCHR Central SIS (CS-SIS)

Surveillance in Society • Definition of Surveillance and Control – Surveillance - systematic or continuous observance • Any form of systematic attention to whether rules are obeyed, to who obeys and who does not, and to how those who deviate can be located and sanctioned. (James Rule) – Control – not systematic but specific. • The application of concrete measures to forestall or discourage disobedience. (James Rule) • Is Surveillance and Control Necessary? – Protection of Society • From Criminal Elements – Terrorism 11 September 2001, 11 March 2004 and London 7 July 2005 • To ensure rules are obeyed – visa, asylum rules etc. • What Level of Surveillance and Control is Acceptable? – Total Surveillance and Control • Big Brother - George Orwell -1984 ? • Panaopticon – Jeremy Bentham & Michel Foucault? • No or no adequate safeguards – Democratic Control and Surveillance? • Democratic Society • Control accompanied by adequate and effective safeguards Stephen K. Karanja - NCHR

Surveillance in a Democratic Society • The Concept of “Democratic Society” – Human Rights Understanding of “Democratic Society” – Art. 29 (2) UDHR – By a democratic society is meant a state governed by rule of law and respect for human and individual rights. i. e there is a democratically elected parliament that makes laws that respect human rights and judicial institutions that supervise the respect for rule of law. (Karanja) • European Court for HR case law - Criteria • • In accordance with the law – legality principle Legitimate aims Necessary in a democratic society Klass & Others v. Germany (1983) 18 EHRR 305 § 49 – the European Court of Human Rights (ECt. HR) stated that, “a law may pose danger of undermining or even destroying democracy on the ground of defending it”. – The mere existence of a measure is enough for a violation of the Convention. The implementation of the measure is not necessary. Amann v. Switzerland Judgment 16. 02. 2002 – It affirmed that “the Contracting Parties may not, in the name of the struggle against espionage and terrorism, adopt whatever measures they deem appropriate. – the Court further observed, “the Court must be satisfied that, whatever system of surveillance is adopted, there exist adequate and effective guarantees against abuse. ” Stephen K. Karanja - NCHR

Safeguards in Klass & Others v. Germany • Safeguards are relative and depend on all the circumstances of the case such as: - – The nature, scope and duration of the possible measure; – The grounds required for ordering such measures; – The authorities competent to permit, carry out and supervise such measure; and – The kind of remedy provided by the national law. • Other Cases – Leander v. Sweden (1987) Series B, No. 99 – Amman v. Switzerland (above) • The authorities did not destroy the information when it emerged that no charge was being prepared against the applicant. – Rotaru v. Romania ( judgment of 04. 05. 2000) • Information affecting national security may be gathered, recorded and archived in secret files – There was no limit on the exercise of those powers – i. e. What kind of information that may be recorded, the kind of people targeted. – Circumstances in which the measures may be taken and the procedure to be followed. – No limits on the age of information held or the length of time for which it may be kept (Deletion). Stephen K. Karanja - NCHR

Schengen Safeguards Against Surveillance - I • Minimum Data Protection Level – National Data Protection Law – 1981 Council of Europe Convention – Council of Europe Recommendation R (87) 15 for exchange of data on police work – EC Directive 95/46 – not applicable - But SIS II partially • Data Registered in the SIS – Strict categories of data stated • On Persons – Art. 94 (3) • On Objects – Art. 99 (4) & 100 – SIS II – to expand on data to be entered • Photographs, and Fingerprints • Linking of Alerts • Visa database for visas used (granted & refused) (VIS) – Visa to contain biometric data • Consequences – increase of registered data & number of persons registered – increase of surveillance in society Stephen K. Karanja - NCHR

Safeguards Against Surveillance - II • Principles of Data Protection in the Schengen – Purpose Limitation Principle – Arts. 95 -100 & 102 – Data Quality Principle • Duration for Storage of Data – Arts. 112 & 113 • Correctness, up-to- datedness, lawfulness of data Art. 105 – Security Principle – Arts. 101, 102, 103 & 118 – Data Subject Participation • Right of Access – Art. 109 • Rights of Correction & Deletion – Article 110 • Right to Request Verification of Data – Art. 114 (2) – Sensitive Data • Registration prohibited Article 94 • External Control – Supervision – National & Joint (JSA) – Judicial Control – National courts, ECJ & ECHR • ECJ - Judgement 31 January 006 in Case C-503/03, Commission v. Spain – Parliamentary Control – National & EP Stephen K. Karanja - NCHR

Finalities (purpose) for Recording Personal Data Arts. 95 - 100 • arrest in view of extradition - Art. 95 • foreign nationals to be refused entry - Art. 96 SIS – expansion to include Registers on all foreign nationals & protestors • search in case of disappearance Art. 97 • arrest in view of appearance in court of justice e. g. witnesses - Art. 98 • Discreet surveillance - Art. 99 • Objects sought for purposes of seizure or evidence in criminal proceedings - Art. 100 • New alerts under SIS II Stephen K. Karanja - NCHR

Recent Database Statistics 01. 2008 Type Number of valid records (not expired) BK (banknotes) 177 327 DB (blank documents) 390 306 FA (firearms) 314 897 ID (issued documents) 17 876 227 VE (vehicles) Main 3 012 856 VE (alias) 2 984 WP (wanted persons) Main 859 300 WP Alias 299 473 Total 22 933 370 Stephen K. Karanja - NCHR

Distribution of WP Main Records by Article – 01. 2008 Article of the Convention Number of Valid Records (Not Expired) 95 Wanted for arrest/extradition 19 119 96 Unwanted alien 696 419 97 Adult missing person 24 594 97 Minor missing person 22 907 98 Localization 64 684 99. 2 Check/observation 31 568 99. 3 Check/observation 9 Stephen K. Karanja - NCHR

Adequacy and Effectiveness of safeguards I • Finalities wide & vague – arts. 96 & 99 – Lack of clear criteria & guidance for registration • Stephanie Mills’ case - Art. 96 • Mrs Forabosco case – refusal of asylum • EU citizens registered under Art. 96 – Feb. 2006 figures 503 persons – Lack of clear criteria & guidance for search • Tribunal Administratif de Paris v. Saïd 1996 Art. 96 – Art. 99 (3) can be used for political reasons • e. g. surveillance on trade unionists, demonstrators, political opponents etc. • Esp. EU summits & International meetings in Europe • Need for harmonization in use of Article 99 at national level • Sensitive Data to be recorded Art. 93 para. 2 • Individual Participation – Few exercise the right – • Lack of information • Administrative obstacles • Difficult to know whether one is registered • No means of exercising it from the country of origin • Difficulty to obtain reasons • Lack of prior notification of an entry Stephen K. Karanja - NCHR

• Adequacy and Effectiveness of safeguards II Security of data – Access to data • Appr. 125, 000 terminals in 2004 (18 Members States) – To increase with new EU Members admission (12 more Member States) • Number of persons with access authority enormous • The lists of national authorities differ • Belgian scandal • Regulation left to national law where the Convention is silent • • Clear source for divergence Supervision inadequate – National supervisory authorities have different rules, budgets and powers – Joint Supervisory authority lacks independent budget and investigative powers – International Judicial control • National courts decision not binding in other Schengen member countries • ECJ - lack of individual complaint • ECHR exhaustion of national remedies required • supplementary data exchange – SIRENE – Legal basis doubtful • Clearer under SIS II legislation – National law Stephen K. Karanja - NCHR

Enhancing Safeguards in Schengen - I • SIS II Proposed Legislation -2005 – Regulation – Decision Strength - New legal basis for immigration data - Keeping of all data logs - Data dealing with misidentifi- cations of persons - New Supervisory authority (EDPS) - Right of information - Right of access to data no exception Stephen K. Karanja - NCHR Weakness Dual legal basis: Council of Europe Convention 1981 applicable - Extension of data retention periods from 5 yrs to 10 yrs - New data categories - Linking of alerts - Copying of data to the NS - Omission of ban on sensitive data - Data access given to new authorities - Vague and wide data entry criteria - Transfer of personal data to third parties - Right of information vague and with exceptions

Enhancing Safeguards in Schengen - II • Council Framework Decision on the protection of personal data in the framework of police and judicial cooperation in criminal matters – 2008 – First proposed in 2005 – Adopted by Council on 30 December 2008 – First horizontal data protection instrument in the field of personal data used by police and judicial authorities and Third Pillar – Establishes a common level of privacy protection and a high level of security when exchanging personal data – Applicable to cross-border exchanges of personal data within the framework of police and judicial cooperation – EDPS - unfortunately, the level of data protection achieved in the final text is not fully satisfactory – It does not apply to Member State domestic data – It only covers police and judicial data exchanged between Member States, EU authorities and systems, which explicitly excludes such exchanges as the transfer of Passenger Name Records (PNR) data to US authorities – The Decision needs to be implemented by the EU member countries by 27 November 2010 – It allows the EU states to have higher-level safeguards for protecting personal data than those established in this act Stephen K. Karanja - NCHR

Effects of Cross-border Surveillance • Increase in surveillance – Presence of many personal information databases • Sharing of data possible • Interpol and SIS share motor vehicle data • Call for more data sharing – New technologies for collecting personal information – biometrics • Face recognition – passports and visas • Fingerprints – passports and visas • Iris recognition - airports – New laws that allow for increased processing of personal data • 9/11 Report calls for data sharing • After 11/4 Madrid – calls for data sharing legislation – Interoperability of databases (SIS, Eurodac, Interpol & VIS) • Schengen III (Prum) – Convention for sharing police data among CP. • The Hague Program – Availability of data principle – calls for intense exchange of personal data among Member States • Must be justified – In accordance with the law – Legitimate aims – Necessary in a democratic society Stephen K. Karanja - NCHR

Conclusion Schengen and cross-border surveillance system should be brought under stringent democratic control, data protection and human rights compliance, in order to avoid the pitfalls of total surveillance and maintain an acceptable level of surveillance in society Stephen K. Karanja - NCHR

References • • • Stephen Kabera Karanja: The Schengen Co-operation: Consequences for the Rights of EU Citizens. Published in "Mennesker og rettigheter Årgang 18 Nr. 3 2000. " 215 - 222. Stephen Kabera Karanja: SIS II Legislative Proposals 2005: Gains and Losses! Published in George Philip Krog og Anne Gunn B. Bekken (Red. ): Yulex 2005 (ISBN 82 -7226 -094 -8) Institutt for rettsinformatikk og Unipub forlag. 2005: 81 -103. http: //folk. uio. no/stephenk/pub/ Stephen Kabera Karanja: The Schengen Information System in Austria: An Essential Tool in Day to Day Police and Border Control Work? Published in Journal of Information, Law and Technology (JILT) 20 March 2002 Issue 1. http: //www 2. warwick. ac. uk/fac/soc/law/elj/jilt/2002_1/karanja/ Stephen Kabera Karanja, (2008) Transparency and Proportionality in the Schengen Information System and Border Control Co-operation. Leiden. Boston: Martinus Nijhoff Publishers Inside Story - The Schengen Agreement - 31 Mar 08 - Part 1 http: //www. youtube. com/watch? v=z. Hf 0 Iuw. WVcs&feature=Play. List&p =EAE 19 C 92 EEAFAC 18&playnext=1&playnext_from=PL&index=62 – You. Tube Inside Story - The Schengen Agreement - 31 Mar 08 - Part 2 http: //www. youtube. com/watch? v=t 68 r. Ddk. D 5 JA&feature=related - You. Tube Stephen K. Karanja - NCHR