Eurodac: Biometrics, Facial Recognition, and the Fundamental Rights of Minors

Since its establishment in 2003, Eurodac (European Dactyloscopy System) has played a fundamental role in the digitisation of migration management and border security in the EU. The Eurodac database contains the fingerprints of all asylum applicants and migrants apprehended in connection with an irregular border crossing. Under proposed reforms to the Eurodac database, its scope is to be expanded to aid authorities in facilitating returns, tackling irregular migration and collecting individuals’ facial images with a view to future facial recognition technology.  The recently amended Eurodac proposal released in September 2020 as part of the New Pact on Migration and Asylum (analysed previously on this blog) also proposes to lower the age for biometric data collection from 14 to 6 years old.

This contribution notes the current role of Eurodac and highlights the proposed changes to the system as they relate to minors and their fundamental rights as enshrined in the Charter of Fundamental Rights of the European Union (Charter). The EU asylum acquis, particularly Directive 2011/95/EU (Qualification Directive), considers minors as being children before being migrants. Within this category, unaccompanied minors are understood as a non-EU national or stateless person below the age of 18 who arrive on the territory of EU States unaccompanied by an adult. The challenges raised by the proposed expansion of Eurodac are analysed in the context of its impacts on both unaccompanied and accompanied minors arriving in the EU. Whilst many of the challenges identified affect all minors, the focus is on those faced by minors below the age of 14, who are considered to be a particularly vulnerable group and targeted by the extension of the current Eurodac system.

The proposal to lower the age for biometric data collection of minors from 14 to 6 years old poses significant risks to their right to human dignity (Article 1 Charter), their right to the integrity of person (Article 3 Charter), the rights of the child (Article 24 Charter), and the right to respect for private life (Article 7 Charter).  These challenges are further complicated by efforts to introduce the interoperability of EU-wide databases, forming an increasingly complex and opaque ecosystem of biometric data processing, profiling and automated decision-making. Considering the inherent sensitivity of biometric data, as highlighted below, and the vulnerable position of minors crossing EU borders, this post also focuses on the right to protection of personal data (Article 8 Charter), especially as elaborated through the principles and rights enshrined in Regulation (EU) 2016/679 (GDPR).

Continue reading

“You Cannot Change the Rules in the Middle of the Game” – An Unconventional Chapter in the Rule of Law Saga (Case C-824/18 A.B. and others v the KRS)

In what seems like a breath of fresh air for the Polish constitutional landscape, the Court of Justice recently reaffirmed its vital role in safeguarding the founding principles of EU law in its judgment in C-824/18 A.B. and others v the KRS. On 2 March 2021, the Grand Chamber delivered another verdict that touches upon the rule of law crisis which has been going on in Poland since at least December 2015. This time, the Court was given an opportunity to reflect on the interpretation and the scope of application of the second subparagraph of Article 19(1) TEU with regards to the substantive conditions and procedural rules for the appointment of the members of the Polish Supreme Court. Furthermore, the Court of Justice’s verdict concerns Article 267 TFEU and Article 4(3) TEU and the attempts of the Polish legislature to prevent a national court from referring questions to the CJEU. Continue reading

’In view of the exceptional and unique character’ of the EU-UK Trade and Cooperation Agreement – an Exception to Separation of Powers within the EU?

Introduction

The Trade and Cooperation Agreement between the EU and Euratom, of the one part, and the UK, of the other, was signed on 30 December 2020 (EU-UK TCA). At the stage of opening the negotiations, as is usual, the option of concluding it as mixed agreement was left open. However, the TCA was signed as an EU-only agreement, based on the argument that the EU had exclusive competence for part of the agreement (Common Commercial Policy (CCP)) and ‘potential competence’ (shared competence that the EU exercises for the first time) for the rest. At present, the EU-UK TCA is provisionally applied and the European Parliament is planned to give its consent in the plenary session starting on 26 April 2021.

The decision to sign the agreement as an EU-only agreement was taken in a hasty written procedure between Christmas and New Year. The Council relied on a confidential but leaked opinion by the Council Legal Service (CLS), which ‘does not provide an in-depth examination of all of its aspects, nor does it provide a comprehensive and detailed competence analysis.’ The Opinion is indeed strategically selective. At the same time, the Member States, who were not involved in the negotiations, are unlikely to have had the necessary time to analyse the competence question in any depth. To what extent their parliaments – whose prerogatives are fundamentally affected by the choice for an EU-only agreement – were involved in approving the Council decision depends on national constitutional provisions and the limited time window. 

The EU-only nature of the agreement, or if you like, the choice against mixity strikes us as an unusual choice. Agreements negotiated by the EU that include provisions outside its exclusive competences are generally concluded as mixed agreements. 

The EU-UK TCA departs from this practice by referring to the exercise of a ‘potential non-exclusive competence’ by the Union. The CLS explains this as a ‘political choice’ that ‘does not prevent Member States from continuing to exercise their national competences vis-à-vis other third countries’. We doubt whether the matter really is this simple. 

Continue reading

Corona Reconstruction Fund stopped for the time being

On March 26, 2021, the German Federal Constitutional Court (GCC) held that the Own Resources Resolution Ratification Act (ERatG) must not be executed by the Federal President for the time being. In doing so, it temporarily averts the danger of taking a path to a fiscal union that as will be argued in this post, is contrary to EU law. What is behind this, and what is to be thought of the questions of EU law raised in this procedure?  The article addresses whether the European Own Resources System and the Corona Reconstruction Fund conform with EU law. As will be shown in this post, the EU may have acted ultra vires (i.e., outside its authority). In particular, the possibly insufficient earmarking of the Own Resources System and the Corona Reconstruction Fund, as well as the high-liability risk for the member states, are problematic. If such an ultra vires act were to exist, the GCC would, under its established case law and the German constitution, deny this EU program its effect in Germany and thus, in effect, finally stop the entire Corona Reconstruction Fund.

More on the domestic constitutional problems of the case can be found in the article from Verfassungsblog, which deals in particular with the violation of Germany’s constitutional identity.

The subject of the summary proceedings is the Own Resources Decision Ratification Act. This is the German law approving the financing of the European Union until 2027. It is the legal basis for the entry into force of the current Own Resources Decision of the European Union of December 14, 2020. The Own Resources Decisions of the European Union are based on Article 311 (3) TFEU and, in addition to other revenue, serve to finance the EU budget. The current Own Resources Decision enables the European Commission in Article 5 (1a) to take out loans of up to 750 billion euros with a term of up to 38 years. With these funds, the European Union intends to temporarily use 750 billion euros within the framework of its NextGenerationEU economic stimulus package to repair the immediate economic and social damage caused by the Corona pandemic. The most important instrument in this stimulus package is the Recovery and Resilience Facility, which will provide 627.5 billion euros in loans and grants to support reforms and investments in the countries of the European Union. Implementation of the economic stimulus packages by the European Union is only possible once all Member States have ratified the Own Resources Decision (Article 311 (3) sentence 3 TFEU).

The German Bundestag approved the Own Resources Ratification Act on March 25, 2021. The vote was preceded by a heated debate, during which the Minister of State at the Federal Foreign Office described the Own Resources System “as a necessary and overdue step towards a fiscal union”.

Continue reading

European Law Blog Lunch Seminar on Data Retention: How to Follow-up on the Court of Justice’s Recent Case Law?

Organiser: European Law Blog (https://europeanlawblog.eu)

Date: 19 April 2021, 12h-14h (Central European Time)

Venue: Online (via Zoom)

Registration: free but mandatory (max. 50 participants) – via this link: https://bit.ly/2POdq6n

Summary

The issue of data retention has been at the centre of much legal reflection ever since the Court of Justice of the European Union (CJEU) invalidated the 2006 Data Retention Directive in C-293/12 Digital Rights Ireland. While this annulment was very much welcomed by the data protection community and civil society, police and judicial authorities have expressed strong concerns about the impact on criminal enforcement; concerns that have resulted in several court proceedings at national and EU level.

In three recent rulings (C-623/17 Privacy International, C-511/18 La Quadrature du Net e.a. and C-746/18 Prokuratuur), the CJEU has tried to further clarify unsettled questions. Nevertheless, in doing so, the Court has most likely raised more questions than answers and has definitely complicated the way forward for EU and national legislators. Consequently, judicial authorities as well as intelligence agencies are still in search of clarity, while citizens and businesses remain confronted with a lack of legal certainty. 

The editors of the European Law Blog are pleased to invite you to the Blog’s first online seminar, which will focus on these tffopical issues. During this seminar, four eminent speakers will take the floor to analyse the current legal situation, in the light of the CJEU’s recent case law, and to reflect on future solutions for what seem nearly inextricable problems.

Panel

  • Moderator: Vanessa Franssen, Professor University of Liège, Affiliated Senior Researcher KU Leuven, and Editor European Law Blog
  • Speakers:
    • Anna Buchta, Head of Policy and Consultation Unit, European Data Protection Supervisor
    • Jarek Lotarski, Legal Service of the Council of the EU (previously Policy Officer European Commission, DG Home)
    • Nóra Ní Loideain, Director, Information Law & Policy Centre, Institute of Advances Legal Studies, University of London
    • Christian Svanberg, General Counsel, Danish Defence (previously Head of Center for Data Protection and DPO, Danish National Police)

Squaring the Circle? International Surveillance, Underwater Cables and EU-US Adequacy Negotiations (Part 2)

Part 2: On Double Standards and the Way Forward

In Part 1 of this article, published yesterday here, I explained how the US government tries to exclude Executive Order 12333 and international surveillance from the scope of the EU/US adequacy negotiations and I presented four possible responses to the US arguments. In this second Part, I will enter into a critical approach of the EU position on the relevance of the ECHR and I will argue that the US could reasonably put forward an equally strong and legitimate number of counter-arguments. I will also present a series of thoughts and proposals that could help to get out of this mess without endangering the continuity of protection of EU personal data required by the GDPR.

It is not clear whether the ECHR is really applicable to international surveillance

As discussed in Part 1, the US argues that direct or non-compulsory access to data should be excluded from the scope of EU-US adequacy negotiations because “EU Member State direct access measures are not subject to EU law at all” and “a data exporter would have no comparative standard by which to assess whether privacy protections offered by a destination country for the same type of activities are “essentially equivalent” to protections required by EU law”. I argued that this statement, formulated in such broad terms, seems to be wrong, because the ECHR is binding upon all EU Member States and thus offers such a “comparative standard” in relation with direct or non-compulsory access. However, the point that I will make here is that such a “comparative standard” only exists in relation with domestic surveillance activities of European States. The assumption that the ECHR is applicable in a situation in which international surveillance is being conducted, is far from what you would call an axiom.

Claiming that the ECHR applies to surveillance activities undertaken outside the territory of the state parties, raises the crucial question of whether the ECHR has extraterritorial application. Article 1 of the ECHR lays down the principle that “[t]he High Contracting Parties shall secure to everyone within their jurisdiction the rights and freedoms defined in Section I of this Convention” (emphasis added). In its case law the ECtHR has stressed that the critical test to determine whether the ECHR has extraterritorial application is that of “effective control”, which can be exercised by a State party in the territory under consideration. In the famous Loizidou v. Turkey judgment of 1995, for instance, the Court held Turkey accountable for violations of the Convention that took place outside Turkey’s territory on the basis that these violations were the “result of the continued occupation and control of the northern part of Cyprus by Turkish armed forces”.

Continue reading

Squaring the Circle? International Surveillance, Underwater Cables and EU-US Adequacy Negotiations (Part 1)

Part 1: Countering the U.S. Arguments

As the United States (US) and the European Union (EU) “intensify” negotiations to reach a new adequacy decision following the invalidation of Privacy Shield by the Court of Justice of the European Union (CJEU) in its July 16, 2020 Schrems II judgment (discussed here, here and here), one pressing question is what should be included and what should be excluded from the scope of the negotiations. It went unnoticed, but the US submissions to two recent European public consultations (one by the European Commission and another one by the European Data Protection Board (EDPB)) on post-Schrems II developments provide a glimpse of what could become a thorny issue during the ongoing EU-US negotiations for a successor to Privacy Shield.

More precisely, this thorny issue is whether international surveillance, conducted by US intelligence agencies outside the territory of the US on the basis of Executive Order 12333 (EO 12333)[i], should be (or not) part of the adequacy assessment. The EU seems to consider that excluding international surveillance and EO 12333 from the scope of the successor to the Privacy Shield adequacy decision would be problematic and could give the impression of trying to “re-litigate” the Schrems II judgment, with all the risks that this could involve for a future invalidation by the CJEU of a new adequacy decision in a “Schrems III” case. The US, in contrast, disputes this approach, talks about “double standards” and seems to consider that EU demands about US international surveillance limitations go far beyond what is required by EU law and what is practiced by EU Member States themselves in their international surveillance activities.

This article will be published in two successive parts.

In Part 1, published here, I will present the US arguments which intend to exclude from the scope of the EU-US negotiations all “direct access” to data by US intelligence agencies. I will explain that what is basically at stake here is international surveillance and the effort to exclude Executive Order 12333 from the scope of the adequacy assessment. I will then present four possible responses to the US arguments, based especially on the role that the European Convention of Human Rights (ECHR) could play in this field and on a teleological interpretation of the General Data Protection Regulation (GDPR).

Continue reading

Supercharging Energy Solidarity? The Advocate General’s Opinion in Case C-848/19 P Germany v Poland

Solidarity in the European Union’s energy policy is not merely a wishful thought but a justiciable principle of EU primary law. This is according Advocate General (AG) Campos Sánchez-Bordona, who on 18 March 2021 delivered his Opinion in Case C-848/19 P Germany v Poland. In his submission, the AG thus advises the Court of Justice to uphold the General Court’s ruling in Case T-883/16 Poland v Commission. Should the CJEU follow the AG’s opinion, this case has the potential to have far-reaching consequences for Union policy on gas imports and the infrastructure that facilitates them, but also for EU energy and climate law and policy more broadly. In this blog post, I explore some of the aspects of the AG’s Opinion that will make the Court’s judgment one to look out for.

1. The General Court Case and the Appeal

Before analysing the AG’s opinion, it is first necessary to give a brief overview of the proceedings before the General Court. Case T-883/16 concerned a dispute about capacity allocation in the OPAL natural gas pipeline. This pipeline connects to the offshore Nord Stream pipeline near Greifswald in North-East Germany and is a principal avenue for the distribution of Russian gas throughout central Europe. In 2016, the European Commission approved a decision by the German network operator that would have allowed Gazprom, a Russian supplier that is majority-owned by the Russian government, to expand its use of the OPAL pipeline’s capacity potentially far beyond the 50% it had been allowed to use so far under third-party access rules. Fearing that such an increase could endanger its security of supply, Poland brought a case before the General Court.

Continue reading

X