The European Union is rolling out new border databases and expanding others to make use of "controversial" new technology, as well as more error prone and potentially discriminatory risk-assessments of millions of travellers, according to a new report from civil liberties group Statewatch.
Chris Jones, who specialises in policing, migration and security technologies at Statewatch, explained some of the key findings of his new report Automated suspicion: The EU's new travel surveillance initiatives.
Sputnik: What are the new database systems and why have you described the technologies that they will be using as “controversial”?
Chris Jones: The EU is introducing a host of new databases as part of its efforts to increase migration control and improve security. This report mainly looks at two of them: the Visa Information System (VIS), which has existed for many years but is being reinforced, and the European Travel Information and Authorisation System (ETIAS), which is a new system currently under construction. The VIS is used to store data on all short-stay Schengen visa applications and in the future will also hold some data on long-stay visa applications (although we do not examine long-stay visas in the report). The ETIAS will store data on all travel authorisation applications - this is part of a new requirement similar to USA's ESTA system.
The technologies that these systems will use to screen travellers are controversial for a number of reasons. By interconnecting a range of different databases - part of a project known as "interoperability" - personal data will be cross-checked, compared and made accessible to a wider array of authorities than ever before, multiplying the risk of errors and of people not really being able to know who is doing what with their personal information. Both visa and travel authorisation applicants will be subject to automated profiling with the aim of trying to detect previously unknown 'persons of interest'. Using automated profiling systems is inherently risky, due to its potential for discrimination against people on prohibited grounds such as ethnic origin or nationality. Despite stern warnings from fundamental rights and data protection specialists such as the FRA and the EDPS, EU law-makers went ahead and introduced a profiling system anyway.
Sputnik: You have warned about a new “pre-crime watchlist” that is being implemented. Can you explain how it will work and what your concerns are with them?
Chris Jones: The "watchlist" was established through the ETIAS legislation, but will also be used for screening visa applicants in the future. It will be operated by Europol, the EU's policing agency. The watchlist will hold data on two categories of people - those who are believed or suspected to have committed serious criminal or terrorist offences, and those who it is believed may do so in the future. Data will be added to the list by member state authorities and Europol.
One concern relates to the future-oriented nature of the list. Who gets to decide who may commit a criminal offence in the future, and will these people be able to have their names removed from the list if they are included erroneously? The legislation provides for the rights to access, correction and deletion of data, where appropriate, but having your rights set down on paper is something quite different to exercising them in practice. Non-EU nationals who are wrongly included on the list will have to navigate foreign legal systems in a language they may not understand, and data protection laws provide numerous exemptions for law enforcement agencies that may impede people's ability to have data on them corrected or deleted.
Sputnik: How would you respond to those who might argue that these measures are necessary and proportionate to prevent and detect crime?
Chris Jones: The EU already has numerous systems for exchanging information on suspected criminals and potential 'future' criminals. The Schengen Information System, a giant database holding data on hundreds of thousands of people, exists for precisely this purpose. There are also separate lists of people subject to sanctions for their involvement in terrorism. Adding another new system on top of that seems more likely to increase the risk of data overload for the authorities, whilst making it more difficult for people to exercise their right to a remedy.
Sputnik: To what extent will the average person be affected by these new systems and will UK citizens be among those who are affected?
Chris Jones: Almost any non-EU citizens who wishes to visit the Schengen area - whether for a holiday, to see friends, or for business - will be affected by these new measures. While there are some exemptions for certain categories of non-EU nationals, such as those with family members who are EU citizens, they effectively introduce blanket screening of all non-nationals. As we argue in the report, this places them all under a veil of suspicion and subjects them to untested, controversial technologies.
The EU has confirmed that after Brexit, UK citizens will not need visas to visit the EU. However, they will have to acquire travel authorisations, when the travel authorisation system comes into use, which is effectively a type of 'visa-lite'. So, if you want to go on holiday in Spain, Italy, or anywhere else in the EU or the Schengen area, you will have to hand over a lot of personal data, including fingerprints and a photograph, to EU authorities.
Sputnik: What, if any, policy recommendations are you making?
Chris Jones: The report does not make any policy recommendations. Its aim is to provide a clear explanation and critique of these new systems, with the aim of spurring further investigation, inquiry and action by journalists, civil society organisations, and others with an interest in the topic. Most of the legislation concerning these new systems, and others that are being introduced alongside them, is already in place. What seems important now is for there to be a better understanding of these new technologies and their implications for ordinary travellers.