THE INTEROPERABILITY OF EU INFORMATION SYSTEMS AND FUNDAMENTAL RIGHTS CONCERNS

Abstract

In early 2019, the Council of the European Union, together with the Parliament, adopted Regulation 2019/817 on establishing a framework for interoperability between EU information systems in the field of borders, visa and law enforcement. This is the first legislative act ever adopted creating such a large-scale interoperable framework. Until recently, the different EU information systems were strictly separated, fragmented and disconnected. By establishing interoperability, national authorities are now able to access data on the identity of persons fast and easy without major bureaucratic or administrative hurdles. By establishing such a framework it is now possible to better prevent potential terrorist threats and migration-related crimes, such as human trafficking. At the same time it gets more and more obvious that individuals, especially third-country nationals, are increasingly becoming transparent. While the prevention of terrorism and the maintenance or re-establishment of internal security clearly constitute legitimate interests of society, establishing interoperability between EU information systems raises fundamental rights concerns, especially with regard to data protection and the right to privacy. When the European Commission adopted its final proposal for the aforementioned regulation in 2018, the Fundamental Rights Agency (FRA) was asked to evaluate the text with regard to potential fundamental rights violations. Furthermore, the European Data Protection Supervisor (EDPS) and the Data Protection Working Party (WP29) analyzed the proposal from a legal perspective and scrutinized it carefully. It turned out that especially the law on data protection, as well as the case law provided by the ECJ had significant impact on Regulation 2019/817 and the way in which it had been finally formulated. Overall, the criticism expressed by the FRA, the EDPS and the WP29 has been taken seriously by the Council and the Parliament respectively. Nevertheless, account shall be taken of the fact that a general trend within the EU can be observed of granting authorities access to different systems and databases which were originally established for different purposes. This development makes it all the more important to be particularly cautious when it comes to adopting and formulating EU legislation.