EURODAC: JUST THE FIRST STEP TOWARDS LIMITLESS FINGERPRINTING?
Originally, EURODAC, the EU's planned common automated fingerprint register, was to be limited to contain the fingerprints of asylum seekers only (see FECL No.46: "Eurodac computer to hold fingerprints of all asylum seekers"). According to the Draft EURODAC Convention, the system is to be used for no purposes other than defining the country responsible of examining an asylum application. Yet, while the Convention has not yet been signed, the Council is already considering extending EURODAC to include fingerprints of other categories of aliens. Whose fingerprints will be stored next?
Extension of Eurodac not excluded by draft Convention
According to a draft of 24 November, submitted to the JHA Council by the then Luxembourg Presidency, the only purpose of Eurodac is to enable the determination, in accordance with the Dublin Convention, of the member state responsible for examining, an asylum application made on the territory of the EU. The storage of fingerprints for other purposes is not allowed.
However, draft Article 19 provides for amendments of the Convention. Amendments, it is true, must be decided unanimously by the Council and are subject to approval by each member state according to their constitutional law. Nonetheless, Article 19 provides for the gradual extension of the scope of the Eurodac system.
In this context it is also noteworthy that the draft Convention does not explicitly limit participation in Eurodac to member states of the Union.
Lack of judicial control
Legally speaking, Eurodac is not designed as a common supra-national data base, but a centralised automated system made of "national files" of each of the currently 15 EU-member states. This means that each member state "owns" the data it has sent to Eurodac and is responsible for their correct use in compliance with its own national legislation. Consequently, member states may use their "own" fingerprints in Eurodac for other purposes than those named in the Convention.
A Central Unit (CU) will process the data stored in a central data base "on behalf of" the member states concerned. The national law of the host country (the member state where Eurodac will have its seat) will apply for the operation of the CU. Thanks to this "smart" legal construction the authors of the draft saw no need to design a common supra-national Court with powers to handle complaints by individuals. In practice, this will make it difficult for persons, whose rights have been violated by Eurodac, to seek legal remedy. It is not clear from the draft Convention how persons in one member state will be able to force the deletion or correction of faulty information sent to Eurodac by another member state, or how they will be able to effectively seek legal remedy. According to a pro memoria of the Swedish government, as late as November no agreement had been reached on this quite fundamental question.
According to the draft, the European Court of Justice will have jurisdiction to settle disputes between the member states (provided the dispute is not settled by the Council within 6 months) and to give preliminary rulings on the interpretation of the Convention, upon request of national Courts. The ECJ will not deal with individual complaints.
Mandatory fingerprinting
Agreement has been reached over the principle that every person applying for asylum in an EU-member state will have his or her fingerprints taken and stored in Eurodac. Only the Netherlands appear to have maintained reservations with regard to the planned registration of children as young as 14 years old.
Mandatory fingerprinting implies the use of constraint, when an asylum seeker objects to his being fingerprinted. In a number of member states critics have stressed that such forcible fingerprinting of innocent persons could breach constitutional law.
Member States have agreed that a person's fingerprints will be automatically deleted 10 years after their latest entry. Exception to this rule is made only with regard to persons who have been granted citizenship by a member state. Their files are to be deleted - not immediately, but "as soon as the member state of origin [the country who sent the fingerprints in question to Eurodac] has been informed that the person concerned has been granted citizenship in a member state".
No agreement appears as yet to have been reached on how to handle information in Eurodac concerning asylum seekers who have been granted refugee status (under the 1951 Geneva Convention) or permanent stay on other grounds. Germany and the UK have been advocating the deletion of information concerning these categories of persons, while a vast majority of member states seems to be opposed to this. Late last year, the Luxembourg Presidency proposed the following compromise formula: the fingerprints of Convention refugees are kept in Eurodac for 10 years, but access to these data is "blocked" upon instruction of the member state who "owns" the data in question. After the first five years of operation of Eurodac, the Council decides by unanimity (or by 2/3 majority):
XXad whether the data are to be stored in the original way;
XXad whether they should be deleted; or
XXad whether access should be blocked for another 5 year period.
The decision of the Council should be based on reliable statistics, drawn up by the CU, on persons who have applied for asylum in a member state after having obtained refugee status in another. According to a draft Council declaration, the statistics should include
XXad the number of persons with refugee status in more than one member state,
XXad the member states in which Convention refugees have made a second application for asylum and the number of such applicants, as well as
XXad the number of asylum seekers in each member state who have already been granted refugee status in another member state and the number of such applications in each member state.
Under the above formula, the CU would continue to match the "blocked" fingerprints and attach a "flag" to the file in the event of a hit, but would not communicate its findings to the member states concerned.
Data protection?
A Joint Control Authority (JCA) is to monitor the correct processing of personal data in Eurodac by the CU in compliance with the rights of the persons concerned. The JCA will further check the lawfulness of the transmission by the CU of person-related data to member states. However, while the JCA will have rights to "monitor", "control" and "examine" the operation of Eurodac, as well as to report to the Council (not to the European Parliament) and make "suggestions for improvement", it will have no powers to sanction practices in breach of the Convention or of international obligations with respect to the protection and security of personal data. In view of the problems encountered by the corresponding Schengen body in carrying out its tasks (see FECL No. 51: "Schengen data protection authority: no phone number, no secretariat, no powers") it is also doubtful whether the JCA, with only two representatives per member state, will be in a position to ensure effective control.
Sources: Draft Convention on Eurodac, Brussels, 24.11.97, 10191/3/97, Rev 3, limite, Asim 160 (the quotations above are our translations from the German version); Swedish Foreign Affairs Department, pro memoria re Eurodac, 23.11.97; Report of the German Federal Interior Ministry to the Home Affairs Committee (Innenausschuss) of the Bundestag, Doc Bundestag 13/149, 1.10.97).Comment
From a democratic-constitutional point of view, the problem with Eurodac lies in the very nature of the planned registering activities. The purpose of the system is to enable compulsory registration of the fingerprints of an entire social group. All asylum seekers will be subjected to a treatment widely regarded as a humiliating interference with people's privacy and personal integrity - not because of their individual behaviour but because of their life situation. A whole category of people is to be subjected to a treatment once reserved to criminal suspects. The message to the public is clear: asylum seekers are suspected swindlers. Gone is all the equality of all persons before the law, gone the presumption of innocence. The fact that, for the time being, the use of Eurodac is limited to "only" asylum seekers" changes nothing with respect to the fundamental defect inherent in the very conception of Eurodac. Once you accept the very principle, you have also accepted its steady expansion.
By adopting the report of Ms Hedi d'Ancona, MEP, approving the setting up of Eurodac1), the European Parliament (EP) has missed what might soon prove to have been the only occasion to take a credible stand against an ever more unrestrained use of fingerprinting. Making proposals (which the Council is unlikely to bother about) for changes of a somewhat fortuitous selection of particularly questionable provisions of the draft Convention, as the EP does in its Resolution on Eurodac, amounts to little more than putting a wooden leg in plaster.
Indeed, how will the European Parliament be able to credibly argue against extending the scope of Eurodac to ever wider groups of people, innocent under the law, once it has accepted compulsory fingerprinting of asylum seekers?
Obviously, the idea of registering fingerprints as a safe way to establish people's identity must be very tempting for many public authorities other than those dealing with asylum. In certain cases, quick identification may benefit the people concerned. Thus, advocates of Eurodac like to point out that the use of the system will help "genuine" asylum seekers to prove their claims. Yet, in a societal context where the main purpose of registration increasingly has become to formally establish people's exclusion rather than facilitating their access to rights, the risks inherent in the increasing use of technologies of control should be obvious.
Two years ago, the Swedish government, in its zeal to fulfill in advance future obligations under the Eurodac Convention, presented a bill (since adopted) providing for compulsory fingerprinting of all asylum seekers in Sweden. I still remember a young government official justifying the need for the planned national fingerprint data base at a seminar. He stressed that limiting fingerprinting only to asylum seekers with false or doubtful identity documents, would amount to their being discriminated against. In his opinion, compulsory fingerprinting of all asylum seekers was in the interest of "equal treatment of all asylum seekers". Asked why the fingerprints of persons who have been granted permanent stay were to be kept in the register, he answered quite frankly that the storage of their fingerprints could prove useful in the future, considering the higher than average crime rate among Sweden's immigrant population.
This little anecdote illustrates all the risks with Eurodac. First, the plan to set up Eurodac is serving as a justification for national governments to introduce compulsory catch-all fingerprinting of asylum seekers in their respective countries. Second, once authorities have got hold of your fingerprints on one specific ground, they will find all sorts of plausible reasons to keep them for further use for other purposes. Third, registers on asylum seekers are likely to gradually develop into registers on third-country nationals. Finally, arguments such as "equal treatment" and purported general inclination to fraudulent or otherwise criminal behaviour, used to justify catch-all fingerprinting of asylum seekers, could just as well be used in arguing for the systematic fingerprinting of any other category of persons regarded by some silent majority as generally inclined to misbehaving. Considering the higher crime rate of young males, why not have their fingerprints taken? Why not fingerprint all unemployed people applying for social welfare benefits? Why not all gypsies?
In its Resolution on Eurodac, adopted on 16 January, the European Parliament demanded that a special provision be included in the Convention explicitly prohibiting for all time any extension of the categories of persons and the types of personal data that may could be stored and processed in the Eurodac system1). Just ten days later, on 26 January, the EU Ministers agreed to examine "without delay" whether Eurodac could be extended to comprise the fingerprints of all third-country nationals having entered EU territory "illegally", irrespective of whether they apply for asylum or not2). Eurodac might become the EU's all-purposes fingerprint register sooner than we may imagine.
N.B.
1. European Parliament, Report on Eurodac and proposal for a Resolution, by Hedi d'Ancona, MEP, adopted 16.1.98. 2. EU Action Plan: Influx of migrants from Iraq and the neighbouring region, 5573/98, adopted 26.1.98 by the General Affairs Council.