D3.6: Study on ID Documents

Title: OVERVIEW OF LEGAL INSTRUMENTS

Eurodac

What

Eurodac is a computerised, central database set up to assist in determining which EU Member State is to be responsible for examining an application for asylum lodged in a Member State.

Eurodac has been established by Council Regulation (EC) 2725/2000 of 11 December 2000 concerning the establishment of “Eurodac” for the comparison of fingerprints for the effective application of the Dublin Convention.

The Dublin Convention aims at avoiding ‘orbiting’ asylum seekers and preventing asylum applications in different Member States. Principally, someone seeking asylum is required to apply in the Member State first entered. In principal, personal data in Eurodac may be processed only for the purpose set out in Article 15 (1) of the Dublin Convention: ‘Each Member State shall communicate to any Member State that so requests such information on individual cases as is necessary for: - determining the Member State which is responsible for examining the application for asylum, - examining the application for asylum, - implementing any obligation arising under this Convention.

The Eurodac system consists of a Central Unit - established within the Commission - that operates the central database and means of transmission between the Member States and the central database.

There are three categories of people (or data subjects), whose data are processed in Eurodac: (i) applicants for asylum, (ii) aliens apprehended in connection with the irregular crossing of an external border, and (iii) aliens found illegally in a Member State. The biometrical data processed are fingerprints.Given the specific purpose of the Dublin Convention, the purpose of processing and data retention periods are separately regulated for each of these categories.

Applicants for asylum

Each Member State shall promptly take fingerprints of all fingers of every applicant for asylum of at least 14 years and shall then promptly transmit the fingerprint data to the Central Unit together with gender and other data regarding the application. The Central Unit will record the data in the central database.

When the Central Unit records the transmitted fingerprint data in the central database, the fingerprints of the applicant for asylum will be compared with fingerprints already transmitted by the Member States and stored in the central database. The comparison covers only previously recorded fingerprints of applicants for asylum and of aliens apprehended in connection with irregular crossing of an external border: fingerprints taken from aliens found illegally in a Member State, are not recorded in Eurodac (see further).

The comparison will result in a hit or in a negative result. Only when there is a hit, all data corresponding to the hit will be transmitted to the Member State that transmitted the data for comparison. That Member State will check the comparison immediately and then a final identification will be made in cooperation with the Member States.

Aliens apprehended in connection with irregular crossing of external borders

Each Member State promptly takes the fingerprints of all fingers of every alien of at least 14 years who is apprehended by the competent control authorities in connection with the irregular crossing of a border of that Member State having come from a third country and who is not turned back. The Member State shall then promptly transmit the fingerprint data to the Central Unit together with gender and other data that relate to the fingerprint. The Central Unit will record the data in the central database.

The personal data of aliens apprehended in connection with irregular crossing of an external border, will be recorded for the sole purpose of comparison with data on applicants for asylum transmitted subsequently to the Central Unit. This means that the biometrics of apprehended aliens will - at the moment of transmittal- not be compared with any previously stored data. Their fingerprints will be used later, as a tool to identify future asylum seekers.

Aliens found illegally present in the territory of a Member State

Contrary to the imposed and promptly taking of fingerprints of applicants for asylum and of aliens apprehended in connection with the irregular crossing of an external border, the fingerprints of aliens illegally present, must not be promptly taken by the competent authorities: Member States may transmit to the Central Unit any fingerprint data relating to fingerprints which it may have taken of any such alien of at least 14 years.

Also contrary to the recording in the central database of fingerprint data of applicants for asylum and aliens apprehended in connection with the irregular crossing of an external border, fingerprint data of aliens found illegally may not be recorded in the central database. These fingerprint data may solely be transmitted to the Central Unit with a view to checking whether the alien found illegally has previously lodged an application for asylum in another Member State. Therefore, the fingerprint of the alien found illegally may only be compared with fingerprint data of applicants for asylum already recorded in the central database. They may not be compared with previously recorded fingerprint data of aliens apprehended in connection with irregular crossing of an external border.

Purpose of the database and access rights 

The Member States’ access rights to the data in the central database are limited: The Central Unit carries out the comparison. Member States can only transmit the data for specific purposes (see above) and only have access to the data when the Central Unit communicates there is a hit that occurred after a ‘lawful’ comparison. Member States always have access to all the data in the central database that they have transmitted by themselves to the Central Unit. They may never conduct searches in data transmitted by other Member States.

Data retention periods for the central database

Data relating to applicants for asylum are stored for a period of ten years from the date on which the fingerprints were taken. They will be deleted earlier when the applicant acquired citizenship of a Member State. Data relating to persons that are recognised and admitted as a refugee in a Member State, will be blocked until another regulation amends the Eurodac Regulation. Until then, the Central Unit will return hits concerning recognised and admitted refugees as negative results.

Data relating to aliens apprehended in connection with the irregular crossing of an external border will be stored in the central database for two years from the date on which the fingerprints were taken and will be deleted earlier when the alien obtained a residence permit, left the territory of the Member States or acquired citizenship of any Member State. Data relating to aliens found illegally are not stored: they will only be used for comparison purposes and will be erased immediately once the results of comparison have been transmitted

Data controllers and responsibilities

The Member States are responsible data controllers as regards to the lawful taking of fingerprints, the lawful transmission of accurate and up-to-date personal data to the Central Unit, the lawful use of the results of the fingerprint comparison and the final identification of the data subject upon the results of the fingerprint comparison. They are responsible for the confidentiality and security of the national installations and of the data before and during transmission and after receipt of the data.

The Commission (the Central Unit) is responsible for the lawful recording, storage, correction and erasure of the data in the central database. It is also responsible for the confidentiality and security of the Central Unit and the central database.

The rights of the data subjects 

The data subjects’ rights, elaborated in the European Data Protection Directive 95/46 (see further), are applicable: the data subjects must be informed of the identity of the controller and of his representative, the purpose of processing within Eurodac, the recipients of the data from Eurodac, the obligation to have the fingerprints taken (except for aliens found illegally present in a Member State – see above) and the existence of the right to access and rectify data concerning him or her. The data subjects’ rights include tthe right to obtain from the controller knowledge of the logic of the processing involved, at least in the case of ‘automated decision taking’ takes places and the right to request that ‘factually’ inaccurate or unlawfully recorded data be corrected, respectively erased by the Member State that transmitted the data.

The future of Eurodac 

On 24 November 2005, the Commission sent a Communication to the Council and the European Parliament on improved effectiveness and enhanced interoperability among European databases. As regards Eurodac, the Commission concluded that the Eurodac database has been under-exploited because the quantity of the data to be transmitted to Eurodac is a ‘surprisingly low fraction of the total migratory flow’; that too many data in [Eurodac] increase the probability of incorrect results and wrong identification; that many apprehended illegal immigrants have no valid id document so that the identification process is time-consuming and expensive. On the other hand, however, the Commission concludes that the Member States have no means to check whether an asylum applicant has had a (valid) visa issued and that the absence of access by internal security authorities to Eurodac data is ‘considered by the law enforcement community to be a serious gap in the identification of suspected perpetrators of a serious crime’.

Consequently, the Commission defines ‘ further possible developments’ for Eurodac and lists amongst others more comprehensive access to Eurodac by authorities responsible for internal security in well-defined cases ‘when there is a substantiated suspicion that the perpetrator of a serious crime has applied for asylum’ 

The European Visa Information System (VIS)

What 

On 28 December 2004, the Commission proposed for a Regulation constituting the establishment and the legal framework of the VIS for the exchange of data between Member States on short stay-visas. The establishment of the VIS has been introduced as a key factor for the European Union to achieve a common policy on the exchange of visa data between Member States, to guarantee the free movement of persons and to abolish checks at internal borders. This would prevent people from filing several visa applications in different Member States and would allow visa authorities to check the visa history of the person concerned. But also other finalities can be found in the VIS Proposal that allows indeed different authorities to access the system for different purposes than visa policies only.

The VIS consists of a central database under the responsibility of the Commission (CS-VIS) that connects through a communication infrastructure with the different national interfaces of and under the responsibility of the Member States (NI-VIS).  

Photographs and fingerprints in a central database 

The people or data subjects concerned are third country nationals filing applications for a visa. Citizens from 134 countries in the world require a visa to enter the EU. All these application data will be processed in the central database of VIS.

The categories of personal data processed are alphanumerical data on the applicant together with his photograph and fingerprint as biometrical data. The personal data are collected upon lodging the application for a visa and are linked to other visa applications (to applications by members of the same travelling group or to former applications of the same applicant).

The application file in the VIS database will contain other personal information such as the grounds for refusal, annulment, revocation or extension of the visa. 

The storage medium for the biometrical data will be a centralised database (VIS). At the moment, the biometrical data will not be stored on the visa sticker (‘uniform format for visas’) accompanying the valid travel document because this may lead to possible technical conflicts of ‘collision’ between too many biometrical identifiers in one document, for example a travel document containing a passport identifier together with identifiers of visa issued by other countries. Consequently the visa holders do not have the biometrics on their documents.

Purpose of the database and access rights 

The access right for entering, amending or deleting data in the VIS is reserved to duly authorised staff of the visa authorities.

The access rights for consulting data in the VIS are in the first place reserved to duly authorised staff of visa authorities for the purpose of examining applications, of consultation and request for documents and of reporting and statistics. The access rights for consulting data in the VIS are also reserved to duly authorised staff of other authorities that are competent for activities beyond a common visa policy. Inherently, they access the VIS for different purposes. This means that the following authorities can have access to at least the alphanumerical data provided for in article 6(4)(a) and to the biometrics (photograph and fingerprints) of the applicant:

1. Competent authorities for carrying out checks on visas at external borders and within the territory of the Member State for the sole purpose of verifying the identity of the person and/or the authenticity of the visa (Article 16).

2. Competent immigration authorities for the sole purpose of identification and return of illegal immigrants (Article 17).

3. Competent asylum authorities for the sole purpose of determining the Member State responsible for examining an asylum application and for the purpose of examining an application for asylum (Article 18 & 19).

In other words: VIS will not only be accessed for examining applications but also for improving administration of the common visa policy and consular cooperation in order to prevent threats to internal security and ‘visa’ shopping; facilitate the fight against fraud; assist in the identification and return of illegal immigrants and facilitate application of the Dublin II Regulation. The Commission will table a proposal allowing Europol and internal security authorities to access VIS for clearly defined purposes.

Data retention periods for the central database

The data retention period for each application file is established at maximum five years starting at the last expiry date of the visa or on the date of the creation of the application file in the VIS if the visa is not issued. The application file will be deleted earlier when the data appear to be inaccurate or processed in the VIS contrary to this Regulation or if the applicant acquired the nationality of a Member State.

Data controllers and responsibilities 

The Member States are data controllers responsible for the lawful processing of the data, for the lawful collection and transmission of the data to the VIS in accurate and up-to-date form, for the confidentiality and the security of the data before and during the transmission to NI-VIS and after receiving data from the VIS. The Commission is responsible for the confidentiality and security of the CE-VIS and the communication infrastructure between CE-VIS and NI-VIS.

The rights of the data subjects 

The visa applicants have the right to be informed by the responsible data controller of the controller’s identity, the purpose of processing within the VIS, the recipients of the data, the mandatory character of collecting the data, the existence of the right to access and correct. They have the right to access, correct and delete the data.

The future of the Visa Information System 

In the aforementioned Communication of the Commission, the absence of access to VIS by internal security authorities has been considered as a serious gap in the identification of suspected perpetrators of a serious crime. Intelligence communities have also considered as a ‘shortcoming’, the fact that VIS only deals with third country nationals, under visa obligation: ‘The control of the identity or the legality of the entry of other categories of third-country nationals (…) e.g. holders of a long-stay visa or a residence permit (…) could also be more efficient. Finally, the fact that VIS cannot identify persons that remain illegally in the EU, has been considered as ‘incomplete monitoring of entry and exit of third country nationals’.

As regards VIS, the Communication described as ‘further development of existing systems and planned systems’: i) more comprehensive access by asylum and immigration authorities; ii) extending access to authorities responsible for internal security for the purposes of the prevention, detection and investigation of terrorist offences, and iii) access to the systems for contributing to the identification of disaster victims and unidentified bodies.

Finally, the Commission stated that ‘the development of a service-oriented architecture of European IT systems would help maximise synergies’ and ‘is a way of sharing functions in a flexible and cost-efficient way without merging existing systems. The Commission even gives an example that we integrally quote here: “In concrete terms, one example would be to use the highly performing future Automated Fingerprinting Identification Systems (AFIS) part of the VIS to deliver AFIS–related services (i.e. a biometric search for other applications, such as EURODAC or, possibly, a biometric passport register). Data storage and data flow could still be strictly separated”.

The European Passport

What  

Although Member States already issue passports with biometrics, the EU is currently heading for a far-reaching development of biometrical passports and travel documents for the EU citizen.  

After having introduced minimum-security requirements for travel documents and for passports of Member States in 2000, the European Union upgraded, standardised and harmonised the minimum-security features and included biometrical requirements for passports and travel documents by Council Regulation 2252/2004.

The minimum level of security for Member States’ passports and travel documents is laid down in the Annex of the Regulation and relates to the specific materials used, the machine-readable biographical data page, printing techniques, protection against copying, issuing techniques. With regard to the standards for the biometrical features, Regulation 2252/2004 states that these must comply with the standards laid down by the International Civil Aviation Organization (ICAO) in ICAO Document 9303.

The biometrics for passports and travel documents were introduced by this Regulation ‘in order to render the travel document more secure and to establish a more reliable link between the holder and the passport and the travel document’. So, at first sight, the use of biometrics aims at verifying the validity of a claimed identity instead of establishing a person’s identity. The main provisions of Council Regulation 2252/2004 are the following:

Facial image and fingerprints stored on an RFID chip 

Passports and travel documents issued by the Member States must include a storage medium that contains a facial image. Member States shall also include fingerprints in interoperable formats.

The Regulation states expressly that no information in machine-readable form shall be included in the passport or travel document unless this is foreseen in the Regulation or mentioned in the passport or travel document by the issuing Member State.

The storage medium, which must have sufficient capacity and capability to guarantee the integrity, the authenticity and the confidentiality of the data, is a RFID chip. This was decided by the Commission in February 2005.

The important issue whether the biometrical data - taken upon the application for a passport or travel document and stored in the passport or travel document - are also stored in a central database, is not handled in Regulation 2252/2004. Consequently, the option to import the biometrics in a central database has been left to the Member States. In other words: there is no special provision imposing or forbidding the storage of the biometrics in a central database.

Purpose of the biometric features 

The biometric features in passports and travel documents shall, for the purpose of the Council Regulation, only be used for verifying the authenticity of the document and the identity of the holder by means of directly available comparable features when the passport or travel document is required to be produced by law.

The rights of the data subjects 

Persons to whom a passport or travel document is issued will - without prejudice to data protection rules - have the right to verify the personal data contained in the passport or travel document and, where appropriate, to ask for rectification or erasure.

Limited scope and implementation 

Council Regulation 2252/2004 applies not to national identity cards or to temporary passports and temporary travel documents having validity of 12 months or less. The scope of harmonisation is also limited to the security features including biometric identifiers: the designation of the authorities and bodies that will be allowed access to the data in the storage medium of the issued document, remains a matter of national legislation.

Member States must implement the digitalised facial image into the passports before 28 August 2006 and the fingerprints before 28 February 2008.

Comparison with Eurodac and VIS  

Contrary to Eurodac and VIS at the moment, biometrical passports and travel documents are physical documents assigned to people. People with the biometrical passport carry the biometrics with them. Eurodac and VIS are databases and do not require a document for verification or identification. They simply use the human body as a tool for identification.

The fact that EU Regulation 2252/2004 does not deal with the issue of a central database (this has been left to the Member States) can have important consequences in the sense of privacy and data protection. The (disputable) safeguards that are laid down in connection with VIS and Eurodac (defined access rights, responsibilities, confidentiality and security and data subjects’ rights) are consequently not present for the EU passports.  

Future of the Passport 

There are some signals on EU level that encourage the creation of a central database on the national level for EU passports and travel documents. In the Communication of the Commission it is remarked that ‘there is no comprehensive database which would allow for the identification of disaster victims and unidentified bodies’: this sounds like a (quite far-fetched) argument to open doors for interconnected and interoperable EU passport databases. Also, the intention to interlink national DNA databases shows that authorities that combat crime and terrorism have indeed a real desire for an umbrella network of interlinked databases.

Finally, the Commission’s Communication already reveals that ‘most Member States will have a central repository of issued documents and biometric identifiers linked to a certain identity’ but seems to regret that ‘a query of that central repository only allows a check as to whether in that same Member State a document has been previously issued to the same person under another name. In addition, it is currently not possible to launch a query on a person who is, say, wanted for a terrorist crime on the basis of whether this person has ever been issued with a travel or ID document. The Commission even concludes that this ‘gap in the fight against identity theft (…) substantially damages the European economy’.