On 27 July 2021, the EDPS published his Opinion on the European Commission’s proposed Regulation establishing an evaluation and monitoring mechanism to verify whether the rights and obligations related to Schengen are applied (Schengen evaluations). The Schengen area includes most EU Member States and several non-EU countries, and enhances the freedom of movement for millions of individuals. EU Member States are responsible for upholding the rights and obligations related to Schengen, which include measures on border management, the Schengen visa, police cooperation and data protection, for example.
The Commission’s proposal, repealing Regulation (EU) 1053/2013, has several objectives, such as streamlining the verification procedures of the Schengen evaluations to increase their effectiveness and efficiency. The EDPS welcomes that the proposal seeks to strengthen EU Member States’ involvement in the Schengen evaluation and monitoring mechanism (Schengen evaluations), as well as greater cooperation between the European institutions, bodies and agencies (EUIs) that are involved in the application of the rights and obligations related to Schengen.
In his Opinion, the EDPS supports, in particular, the reform’s goal to put in place measures ensuring that individuals’ fundamental rights are protected when verifications occur.
Wojciech Wiewiórowski, EDPS, said: “The Schengen area is one of the most significant and notable achievements of the European Union. One of its key building blocks is the protection of fundamental rights, including the protection of personal data. As the data protection authority of EUIs, the EDPS will continue to support their efforts to ensure that these rights are protected. The EDPS will also continue to cooperate with EU Member States to guarantee a robust and smooth functioning of the Schengen area, based on the full respect of the fundamental rights of individuals.”
The EDPS takes positive note of the enhanced transparency when it comes to sharing the Schengen evaluations’ outcome. The EDPS also welcomes the strategic approach to the Schengen evaluations and the proposed synergy with other evaluation and monitoring mechanisms, which will contribute to upholding the rights and obligations related to Schengen.
Nevertheless, the EDPS recommends that the proposed Regulation clearly defines the scope of the Schengen evaluations by drawing up a non-exhaustive list of relevant policy fields that would be subject to evaluation. The reformed evaluation and monitoring mechanism (Schengen evaluations) should also continue to provide for evaluations dedicated to data protection, carried out by data protection experts.
The proposed Regulation should also demarcate the roles and responsibilities of the EUIs involved in the Schengen evaluations to ensure legal certainty, as well as guaranteeing the EDPS’ independence when he performs his supervisory tasks in this context.
The rules for data protection in the EU institutions, as well as the duties of the European Data Protection Supervisor (EDPS), are set out in Regulation (EU) 2018/1725.
The EDPS is the independent supervisory authority with responsibility for monitoring the processing of personal data by the EU institutions and bodies, advising on policies and legislation that affect privacy and cooperating with similar authorities to ensure consistent data protection. Our mission is also to raise awareness on risks and protect people’s rights and freedoms when their personal data is processed.
Wojciech Wiewiórowski (EDPS) was appointed by a joint decision of the European Parliament and the Council to serve a five-year term, beginning on 6 December 2019.
Processing of personal data: According to Article 3(3) of Regulation (EU) 2018/1725, processing of personal data refers to “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”. See the glossary on the EDPS website.
Personal data: any information relating to an identified or identifiable natural (living) person. Examples include names, dates of birth, photographs, video footage, email addresses and telephone numbers. Other details, such as IP addresses and communications content - related to or provided by end-users of communications services - are also considered as personal data.
Privacy: the right of an individual to be left alone and in control of information about his or herself. The right to privacy or private life is enshrined in the Universal Declaration of Human Rights (Article 12), the European Convention of Human Rights (Article 8) and the European Charter of Fundamental Rights (Article 7). The Charter also contains an explicit right to the protection of personal data (Article 8).
The legislative consultation powers of the EDPS are laid down in Article 42 of Regulation (EU) 2018/1725 which obliges the European Commission to consult the EDPS on all legislative proposals and international agreements that might have an impact on the processing of personal data. Such an obligation also applies to draft implementing and delegated acts. The statutory deadline for issuing an EDPS opinion is 8 weeks.