On Wednesday, 17 September, the European Data Protection Supervisor (EDPS) published an opinion on the negotiating mandate for a framework agreement between the EU and the United States on the exchange of information for the purpose of security screenings and identity verifications.
“While border security is a legitimate aim, the seriousness of the interference with the fundamental rights to data protection and privacy, resulting from the proposed sharing of personal data with a third country for the purposes of border and immigration control, should be considered as comparable to the interference caused by the exchanges of data for law enforcement purposes”, points out the EDPS.
It concludes “Therefore, it is of utmost importance to provide comprehensive and effective safeguards with regard to the protection of personal data and other fundamental rights and freedoms of the concerned individuals, regardless of their nationality and place of residence”.
The proposal for a recommendation that the European Commission quietly adopted on 23 July aims to define the legal framework and the conditions under which the competent authorities of the Member States and the United States can share information.
Each Member State would be empowered to sign bilateral agreements on exchanging data from its national systems; this is linked with the obligation to join the US Visa Waiver Program and to sign an “Enhanced Border Security Partnership” with the US Department of Homeland Security.
Otherwise, the visa-free system could be abolished for the 24 Member States that currently enjoy its privileges.
The EDPS notes that, once finalised, the agreement would set “an important precedent, as it would be the first agreement concluded by the EU to entail large-scale sharing of personal data, including biometric data (fingerprints), for the purpose of border and immigration control by a third country”.
It is thus calling for the scope of the envisaged sharing to be defined as precisely as possible.
It stresses, “Moreover, taking into account the specific prohibitions on certain data transfers laid down in EU law, any direct or indirect sharing and transfer of data from the EU large-scale IT systems in the area of justice and home affairs and in particular from those related to migration and asylum, must be strictly excluded”.
Link to the European Commission’s recommendation: https://aeur.eu/f/ihy
Link to the EDPS’s opinion: https://aeur.eu/f/ii2 (Original version in French by Solenn Paulic)