European Data Protection Supervisor
European Data Protection Supervisor

Migration, security and fundamental rights: A critical challenge for the EU

Migration, security and fundamental rights: A critical challenge for the EU


Migration, security and fundamental rights: A critical challenge for the EU

As the EU searches for the best approach to secure its borders, the European Data Protection Supervisor (EDPS) said that citizens must be assured that the proposals put forward are effective, but that they also respect data protection laws. In his Opinions on the Common European Asylum System (CEAS) and the Smart Borders Package, he said that it is vital that the reform of the EU’s border policy be further assessed to ensure its full consistency with the respect for the fundamental rights of those who enter and leave the EU.

Giovanni Buttarelli, EDPS, said: “The EDPS understands the need for the EU to better address the challenges of migration, borders and refugees. However, we recommend considering additional improvements in the revised proposals which will involve a significant collection of data concerning non-EU nationals whose freedoms, rights and legitimate interests may be significantly affected. Border management and law enforcement are distinct objectives and need to be more clearly distinguished. Refugees, asylum seekers, illegal immigrants and ordinary travellers may require separate considerations.

The reforms proposed by the European Commission are designed to fill gaps in the EU’s current border management policy and both the CEAS and Smart Borders package also provide for access for law enforcement purposes. While it is important that EU countries strengthen security by stepping up intelligence cooperation and data sharing, the EDPS cautions that Europe’s freedoms and fundamental rights are fully respected in practice in the process.

The EDPS recommendations to enhance data protection in these proposals relate in particular to retention periods, the collection of the facial images of travellers requiring visas, the use of sensitive information such as biometric data, and to security measures.

In his Opinions, the EDPS draws attention to the role of eu-LISA and Frontex performing specific processing operations such as those related to statistics, as well as to the situations of minors when subject to the collection of fingerprints.  

The EDPS recognises the need for better information sharing in order to manage migratory challenges and tackle terrorist and crime-related issues and emphasises that efficiency and security of the EU’s information systems are key. The EDPS will publish his comments on the Commission’s plans to improve the interoperability of the variety of existing platforms and databases in the next few months.

Background information

The rules for data protection in the EU institutions, as well as the duties of the European Data Protection Supervisor (EDPS), are set out in Regulation (EC) No 45/2001. The EDPS is a relatively new but increasingly influential independent supervisory authority with responsibility for monitoring the processing of personal data by the EU institutions and bodies, advising on policies and legislation that affect privacy and cooperating with similar authorities to ensure consistent data protection.

Giovanni Buttarelli (EDPS) and Wojciech Wiewiórowski (Assistant EDPS) are the members of the institution, appointed by a joint decision of the European Parliament and the Council. Assigned for a five year term, they took office on 4 December 2014.

Eurodac: is the European fingerprint database for identifying asylum seekers and irregular border-crossers. The database helps to determine whether asylum seekers have already applied for asylum in another EU member state or have illegally transited through another EU member state.

The Smart Borders Package is designed to give the EU greater control over its borders.  As part of this, the European Commission proposes the establishment of an Entry/Exit System (EES) to record the entry and exit of every non-EU citizen visiting the EU.

Personal information or data: any information relating to an identified or identifiable natural (living) person. Examples include names, dates of birth, photographs, video footage, email addresses and telephone numbers. Other details such as IP addresses and communications content - related to or provided by end-users of communications services - are also considered as personal data.

Privacy: the right of an individual to be left alone and in control of information about him or herself. The right to privacy or private life is enshrined in the Universal Declaration of Human Rights (Article 12), the European Convention of Human Rights (Article 8) and the European Charter of Fundamental Rights (Article 7). The Charter also contains an explicit right to the protection of personal data (Article 8)

Purpose Limitation: Personal information must only be used in line with the purpose for which it has been collected.

Impact assessments: examine whether there is a need for EU action and analyse the possible impacts of legislative and non-legisative proposals. These are carried out during the preparation phase, before the Commission finalises a proposal for a new law. They provide evidence to inform and support the decision-making process.