The mass-migration crisis has highlighted a number of problems related to the use of information systems in the EU’s Area of Freedom, Security, and Justice (AFSJ). Some of these problems, such as states avoiding the registration of asylum-seekers in the Eurodac fingerprint database to avoid responsibility for examining their applications, resulted from structural weaknesses of EU migration policy. Others concern the weaknesses of the infrastructure itself, including information gaps in existing databases, low-quality data (e.g., photography), or the fragmented architecture of data management.
In April 2016, the EC presented a communication on stronger and smarter information systems for borders and security. The next step was a series of legislative proposals aimed at the optimisation and modernisation of the existing databases, the creation of new ones, and the development of interoperability between information systems.
Modernisation of Existing Systems
Considering the political priority of combating the secondary movement of migrants within the EU, the EC in 2015 issued guidelines for countries to facilitate the systematic fingerprinting of people applying for asylum. Then, as part of the Union’s asylum reform package, the Commission presented a draft of the new Eurodac regulation. Its purpose is to extend the application of the system to third-country nationals or stateless persons who have not applied for international protection and are staying illegally in the EU. This change is meant to facilitate the return of irregular migrants to their countries of origin. The project also foresees a reduction in the minimum age of people whose fingerprints can be taken, from 14 to 6 years old. The EC’s change of age is motivated by the need to fight child smuggling, which intensified during the crisis. The reforms are also intended to enable the collection of additional biometric data (in addition to fingerprints), including a facial image and alphanumeric data, such as name, age, date of birth, and citizenship.
Another EC initiative for the modernisation of migration-related information infrastructure concerns the largest database of people and objects used by law enforcement authorities—the Schengen Information System II (SIS II). In December, the EC presented a package of three legislative proposals. The proposed changes are related to the introduction of an obligation to register in the database those who do not leave as required, as well as those who have been refused entry to Schengen territory. Agreement on the reform was reached in June and full implementation is planned by 2021.
In May 2018, the EC also proposed reform of the Visa Information System (VIS), which allows Schengen states to exchange data on short-stay visas. According to the EC’s proposals, information about people requesting long-term visas should be included in the system. The catalogue of collected data now also will include in the database copies of visa applicants’ travel documents.
New Information Systems
Apart from the modernisation of the Eurodac, SIS II and VIS systems, there has been a marked acceleration in the creation of new AFSJ IT systems, the full start of which is planned by 2021.
One of them is the Entry/Exit System (EES). The EC started preparations of this system in 2013 as part of the Smart EU borders project. The preparations were resumed in April 2016 and finally, in November 2017, the EES regulation was adopted. The new system will assist with registration of biometric data and the time and place of entry and exit of foreign nationals admitted for a short-term stay in the EU. Thanks to automation, the EES is also intended to calculate the length of travellers’ stays in the Member States. Its use should reduce delays in border checks, facilitate the identification of over-stayers, and support the fight against crime and terrorism.
The next AFSJ information system to be implemented is the European Travel Information and Authorisation System (ETIAS). The system will allow for the collection of data on third-country nationals from states whose citizens do not need a visa to enter the Schengen zone. According to the EC proposal presented in November 2016, before visiting the EU, they will be obliged to obtain ETIAS authorisation. Before its release, ETIAS will be used to check travellers in the EU information systems to make sure they are not a security threat.
In June 2017, the EC also presented a proposal for a regulation establishing a new European Criminal Records Information System on Third Country Nationals (ECRIS-TCN). This system supplements the ECRIS system, operating since 2012, allowing the exchange of information on criminal convictions handed down against EU citizens. ECRIS-TCN will apply to third-country nationals. The system will contain both personal data and the fingerprints of all third-country nationals and stateless persons convicted in EU countries.
Interoperability and the Role of eu-LISA
To achieve a synergistic effect, the EC presented draft regulations establishing a framework for interoperability between EU IT systems in the field of justice and home affairs. The reform provides for the creation of a European search portal, a shared biometric matching service, a common identity repository, and a multiple identity detector. These components are designed to allow authorised authorities to search different systems at the same time, thus facilitating the acquisition of relevant data.
Reform of the European agency for the operational management of large-scale AFSJ IT systems (eu-LISA) is meant in turn to help with the implementation of the new IT structure. In line with the EC proposal, the agency, operating since 2012 and currently managing the Eurodac, SIS II, and VIS systems, now will be entrusted with the implementation and operational management of the new EES, ETIAS, and ECRIS-TCN systems. The agency is also to be responsible for the development of interoperability and the improvement of the quality of data available in them. It will also support Member States in implementing systems at the national level.
The Effects of the Reforms
Accelerated by the mass-migration crisis, the development of AFSJ information systems raises both opportunities and risks for security and fundamental rights. With the development of infrastructure, the scale of collected and exchanged personal data systematically increases, and their scope also widens. On the one hand, it strengthens migration management in the EU, reducing the risk of repeating the events observed during the crisis in 2015. Quick identification can contribute to accelerating the procedures for granting asylum and decisions on the return of those not entitled to protection in the EU. It also allows detection of a number of crimes, including those related to identity theft and human trafficking. On the other hand, due to the scale and nature of the data being processed, any security breaches (e.g., data theft) or errors in the systems (e.g., incorrect data) can risk the fundamental rights of the people concerned.
The challenge for the EU institutions involved in the development of AFSJ information systems (mainly eu-LISA, Frontex, and Europol) and the national authorities that use them, therefore, remains to ensure the reliability and high quality of data processed, adequate security of access to data, and control of their use. The costs related to the development of infrastructure and the adaptation of national structures to it will be covered from the EU budget (both the current multiannual budget and future ones), as well as by the Member States.
