Let's imagine a six-year old child that has crossed the Mediterranean Sea in an inflatable boat, fleeing the horrors of war, and safely arriving on the coasts of the EU. It's hard to tell what will await her here. We don't know whether she will be allowed to stay, and if she stays where she will go or whether she will escape xenophobia. But one thing is certain. Irrespective of whether she will be allowed to stay or not, it seems that the child will have to give her fingerprints to be registered as an asylum seeker as soon as she arrives.
A six year old child, fleeing from war, surviving the sea, will be fingerprinted and entered into a database to which all EU Member States have access - if the current plans to reform Eurodac press ahead. Collecting and storing a person’s biometric data is a matter of fundamental rights – to which persons seeking asylum in the EU are entitled as much as any EU citizen.
The analysis of measures proposed by the reform of Eurodac clearly revolves around the concepts of necessity and proportionality of such measures. Necessity and proportionality are paramount to any limitations of the exercise of a fundamental right, including the right to data protection.
Before adopting a measure, we should ask ourselves if its purpose is legitimate and if there is a pressing social need that it will actually address, whether there is objective and relevant evidence to support the link between the measure and its purpose and ultimately whether the same objective could not be achieved by other less intrusive means. Such a detailed analysis is needed.
It's often easy to forget that the protection of personal data is about actual individuals (and not the abstract category of 'data subjects') and that it is ultimately about protecting all their rights, including those of our six-year-old child fleeing war and seeking asylum.
Fair and lawful processing of personal information is not only the core of a self-standing fundamental right, but it contributes to the respect of other fundamental rights, such as the right to privacy or the right to non-discrimination. Data protection plays an important, albeit less visible, part even in the migration debate.
The fact that the right to privacy and the right to data protection are close, but distinct rights is already a given and I will not dwell on this.
However, I will point out one thing they have in common: their global dimension. We have learned a lot in the past couple of years about the need to participate in a global conversation in order to find effective and comprehensive answers to the challenges posed by instant communication of data in the networked world. The appointment of a UN Special Rapporteur for privacy stands as evidence of the need to have a universal response to current challenges for data protection and privacy.
While the focus has recently been on the transatlantic dialogue - looking at personal data transfers between the EU and the US, both in the private sector (see the debate surrounding the Privacy Shield) and in the law enforcement area (the recent signature of the EU-US Umbrella Agreement for transfers of data between authorities for law enforcement purposes), we should keep in mind that transfers of personal data occur every day in all corners of the world.
We have learned and we are still learning valuable lessons from this exercise that will be useful for all future global partnerships aimed at protecting the fundamental rights of individuals when processing their personal data.
This post also appears on the blog of the Fundamental Rights Agency (FRA) as part of the contributions for The Fundamental Rights Forum 2016.