This document is an excerpt from the EUR-Lex website
Document 52017XX0112(01)
Summary of the Opinion of the European Data Protection Supervisor on the first reform package on the Common European Asylum System (Eurodac, EASO and Dublin regulations)
Summary of the Opinion of the European Data Protection Supervisor on the first reform package on the Common European Asylum System (Eurodac, EASO and Dublin regulations)
Summary of the Opinion of the European Data Protection Supervisor on the first reform package on the Common European Asylum System (Eurodac, EASO and Dublin regulations)
IO C 9, 12.1.2017, p. 3–5
(BG, ES, CS, DA, DE, ET, EL, EN, FR, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)
12.1.2017 |
EN |
Official Journal of the European Union |
C 9/3 |
Summary of the Opinion of the European Data Protection Supervisor on the first reform package on the Common European Asylum System (Eurodac, EASO and Dublin regulations)
(The full text of this Opinion can be found in English, French and German on the EDPS website www.edps.europa.eu)
(2017/C 9/04)
Since several years, Europe is faced with a pressing migration and refugee crisis, which became even more challenging in 2015. Therefore, the Commission proposed to reform the Dublin Regulation in order to adapt it to the current situation. This reform is combined with a Proposal for the creation of a European Union Agency for Asylum, to assist Member States to perform their duties regarding asylum.
Since it was established, Eurodac has served the purpose of providing fingerprint evidence to determine the Member State responsible for examining the asylum application made in the EU.
A recast of the Eurodac Regulation was also proposed by the Commission. The main change in this Regulation is the extension of the scope of Eurodac to register the third country nationals illegally found in a Member State or apprehended in connection with the irregular crossing of a border of a Member State with a third country.
The EDPS recognises the need for more effective management of migration and asylum in the EU. However, he recommends important improvements to better consider the legitimate rights and interests of the relevant individuals who may be affected by the processing of personal data, in particular of vulnerable groups of people requiring specific protection such as migrants and refugees.
In his Opinion, the EDPS recommends, among others, the following main points:
— |
mentioning in the Dublin Regulation that the introduction of the use of unique identifier in the Dublin database may not, in any case, be used for other purposes than the purposes described in the Dublin Regulation; |
— |
the performing of a full data protection and privacy impact assessment in the Eurodac recast 2016 in order to measure the privacy impact of the new text proposed and of the extension of the scope of Eurodac database; |
— |
conducting an assessment of the need to collect and use the facial images of the categories of persons addressed in the Eurodac recast 2016 and on the proportionality of their collection, relying on a consistent study or evidence-based approach; |
— |
conducting a detailed assessment of the situation of minors and a balance between the risks and harms of the procedure of taking fingerprints of the minors and the advantages they can benefit, in addition to the Explanatory Memorandum. |
The Opinion further defines other shortcomings of the different proposals and identifies additional recommendations in terms of data protection and privacy that should be taken in consideration in the legislative process.
I. INTRODUCTION AND BACKGROUND
1. |
On April 2016, the Commission adopted a Communication entitled ‘Towards a reform of the Common European Asylum System legal avenues to Europe’ (1), defining priorities for improving the Common European Asylum System (CEAS). In this context, on 4 May 2016, the Commission issued three proposals as part of a first package of reform of the CEAS:
|
2. |
The EDPS was consulted informally before the publication of the Eurodac Recast and the EASO Proposal and communicated informal comments to the Commission on both texts. |
3. |
The EDPS understands the need for the EU to address the challenges of the migration and refugee crisis since 2015, as well as the need to have an effective and harmonised EU policy to tackle irregular immigration that occurs within the EU as well as to the EU. In full respect for the role of the legislator in assessing the necessity and the proportionality of the proposed measures, the EDPS, in his advisory role, will provide in this Opinion some recommendations in terms of data protection and privacy, in order to help the legislator to meet the requirements of Articles 7 and 8 of the Charter of Fundamental Rights regarding the rights to privacy and data protection and Article 16 of the Treaty on the Functioning of the EU. |
4. |
The EDPS will first address the main recommendations regarding the three proposals. These main recommendations represent the major issues observed by the EDPS and that should in any event be addressed in the legislative process. Additional recommendations are the points identified by the EDPS as requiring clarification, additional information, or minor modifications. This distinction should help the legislator to give priority to the major issues addressed by this Opinion. |
IV. CONCLUSION
68. |
The EDPS welcome the efforts in terms of data protection in the different texts. He can see that the culture of data protection is becoming part of the legislative process and can also be observed in the drafting of the proposals. |
69. |
In full respect for the role of the legislator in assessing the necessity and the proportionality of the proposed measures, the EDPS, in his advisory role, provides in this Opinion some recommendations in terms of data protection and privacy with regard to the three proposals examined. |
70. |
Regarding the Dublin Proposal, the EDPS expresses concerns about the fact that the unique identifier might be used for other purposes, for example for identifying the individuals in other databases, making the comparison of databases easy and simple. The EDPS recommends specifying that any other use of the identifier should be prohibited. |
71. |
Regarding the Eurodac recast Proposal, the EDPS considers that extension of the scope of Eurodac raises concern regarding the respect of the purpose limitation principle as enshrined in Article 7 of the Charter of Fundamental Rights of the EU. The EDPS also recommends further specifying the types of measures other than removal and repatriation that could be taken by the Member States on the basis of the Eurodac data. The EDPS recommends that the Commission make available a full data protection and privacy impact assessment of the Eurodac recast 2016 in order to measure the privacy impact of the text proposed. |
72. |
The EDPS is also concerned about the inclusion of facial images: the Regulation does not refer to any assessment of the need to collect and use the facial images of the categories of persons addressed in the Eurodac recast Proposal. Moreover, the EDPS considers that Proposal should clarify the cases in which a comparison of fingerprints and/or facial images shall take place, since the drafting of the recast Proposal seems to imply that such a comparison should take place systematically. |
73. |
The EDPS also recommends that a detailed assessment is made available with regard to the situation of minors, the balance between the risks and harms of such procedure for the minors and the advantages they can benefit from, in addition to the Explanatory Memorandum. In this context, the regulation should further define (i.e. in a recital) the meaning of taking the fingerprints of minors in a child-friendly manner. |
74. |
Concerning the retention period, which will be in principle of five years, the EDPS recommends giving more details and explanation why and how a data retention period of five years was considered as necessary in this context to achieve the new purposes of the Eurodac database. Moreover, the EDPS recommends reducing the retention period to the actual length of the entry ban upon a specific individual. Finally, the EDPS recommends specifying in the Proposal that the starting point of the retention period will be the date of the first fingerprinting processed by a Member State. |
75. |
Finally, the EDPS recommends blocking of all data for law enforcement purposes after three years, and stop making a difference between different categories of non-EU individuals with this respect. |
76. |
In addition of the main shortcomings identified above, the recommendations of the EDPS in the present Opinion concern the following aspects:
|
Brussels, 21 September 2016.
Giovanni BUTTARELLI
European Data Protection Supervisor
(1) COM(2016) 197 final.
(2) COM(2016) 270 final.
(3) COM(2016) 271 final.
(4) COM(2016) 272 final.