Documents considered by the Committee on 13 November 2017 Contents

23Establishing a European Travel Information and Authorisation System

Committee’s assessment

Legally and politically important

Committee’s decision

(a) and (b) Not cleared from scrutiny; further information requested; drawn to the attention of the Home Affairs Committee and the Committee on Exiting the European Union

Document details

(a) Proposal for a Regulation establishing a European Travel Information and Authorisation System (ETIAS); (b) Proposal for a Regulation establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulation (EU) 2016/794

Legal base

(a) Articles 77(2)(b) and (d), 87(2)(a) and 88(2)(a) TFEU, ordinary legislative procedure

(b) Article 88(2)(a) TFEU, ordinary legislative procedure, QMV

Department

Home Office

Document Numbers

(a) (38261), 14082/16 + ADD 1, COM(16) 731;

(b) (38815), 9763/17 + ADD 1

Summary and Committee’s conclusions

23.1A spate of terrorist attacks in Europe and unprecedented pressures at the EU’s external borders have heightened concerns about security and cast doubt on the sustainability of open borders and mobility within the Schengen free movement area. In November 2016, the Commission published a proposal for an automated European Travel Information and Authorisation System (ETIAS). The proposed Regulation—document (a)—is intended to strengthen security, reduce the risk of irregular migration and protect public health by requiring nationals of around 60 countries who do not need a visa to visit the Schengen area for short stays of up to 90 days to complete an online application form and obtain authorisation before they travel.357 The information provided would be screened against a set of risk indicators and checked against a variety of EU migration and law enforcement databases, as well as an ETIAS “watchlist” of criminal suspects to be established by Europol. The ETIAS travel authorisation would cost €5 and be valid for three years and for multiple journeys.358 It would not guarantee entry to Schengen territory. The final decision on admission would continue to rest with national border control authorities applying the rules set out in the Schengen Borders Code. The Commission expects the ETIAS to be operational from 2020, after the expected date for the UK’s withdrawal from the EU.

23.2The UK is not entitled to participate in (and vote on) the proposed Regulation establishing the ETIAS, as it builds on parts of the Schengen rule book which do not apply to the UK, but is entitled to play a full part in negotiations. UK nationals will not need to obtain an ETIAS travel authorisation to travel to the Schengen area while the UK remains a member of the EU. Their immigration status once the UK leaves the EU is one of the issues to be resolved during the Article 50 exit negotiations.

23.3The Government told our predecessors that it was “too early to say how these proposals would impact on the UK once we have left the EU” but said it was exploring “a number of options as to how EU migration might work” following the UK’s exit and would seek to ensure “the best possible outcome for the British people” during Article 50 exit negotiations, whilst making clear that “it would be wrong to set out further positions at this stage”.359

23.4Our predecessors last considered the proposed ETIAS Regulation in April and noted that the options appeared to be very limited—either UK nationals travelling to the Schengen area post-Brexit would require a Schengen visa or an ETIAS travel authorisation. They asked the Government to indicate which of these options would represent “the best possible outcome” and said the Government should be far more transparent in explaining how the proposed ETIAS Regulation would play into the Article 50 exit negotiations. They also invited the Government to:

23.5The Justice and Home Affairs Council agreed a general approach on the proposed ETIAS Regulation—document (a)—on 9 June.360 It also agreed a general approach on a further proposal—document (b)—to amend the Europol Regulation. This proposal was deposited for scrutiny on 8 June and the Immigration Minister (Brandon Lewis) submitted his Explanatory Memorandum on 21 June. The proposal would amend Europol’s founding Regulation to enable Europol to develop, host and provide information to the ETIAS watchlist.

23.6As the Europol Regulation is not a Schengen measure, it cannot be amended by the proposed ETIAS Regulation which is a Schengen measure. The Commission has therefore proposed a separate amending Regulation which is subject to the UK’s Title V (justice and Home Affairs) opt-in, meaning that it will only apply to the UK if the Government decides to opt in. The UK participates fully in the current Europol Regulation (which took effect on 1 May). The Government’s decision to opt into that Regulation was debated and endorsed by the House last December.361

23.7The Minister’s Explanatory Memorandum on document (b) reiterates that the Government will “continue to negotiate, implement and apply EU legislation” for as long as the UK remains a member of the EU.362 The Minister makes no reference to the general approach agreed in June or the position taken by the UK at the June Council. He says he will confirm “in due course” the three month deadline for deciding whether or not to opt in.363 In reaching a decision, the Government will “undertake a full analysis of the advantages and disadvantages” of opting in and will have “particular regard to the operational benefits” for the UK and “the links between the [proposed] Regulation and Europol itself”.364

23.8In his letter of 6 September, the Minister tells us that the UK did not take part in the vote on the proposed amending Regulation—document (b)—in June as the Government had not decided whether or not to opt in. The opt-in deadline began to run from 22 May, the date on which the proposal was brought forward, and expired on 21 August. The Government has decided not to opt in “at this time” because it “had concerns about the number of unknowns that there still are with regard to how the watchlist will be hosted by Europol and how it will function” and because it was unclear “what obligations opting-in might place on the UK”.

23.9The Minister says that the Government has not made any interventions on Article 55 of the proposed ETIAS Regulation concerning third country access to ETIAS data, but adds that changes have been made to the Commission’s original proposal to allow the transfer of data to third countries under closely circumscribed conditions. He sheds little light on the possible mechanisms for future data-sharing arrangements but makes clear that they will be “an important consideration as part of the process of leaving the EU, as we look to establish a new relationship”. He adds:

“The Government has been clear that the detail of some future arrangements may require the negotiation of a separate agreement with the EU alongside the withdrawal agreement. The withdrawal agreement, alongside any other agreements between the UK and the EU, will therefore set out the full scope of our future relationship.”

23.10The Minister tells us that the proposed amending Regulation—document (b)—was brought forward on 22 May, triggering the three month opt-in deadline. We ask him to explain:

23.11We note the reasons given for the Government’s decision not to opt into the proposed amending Regulation. The decision has both practical and legal consequences. In practical terms, the Government will be unable to vote on any changes agreed during negotiations which might reduce “the number of unknowns” about the functioning of the watchlist and the obligations it creates for Member States. In legal terms, the UK will be bound by the Europol Regulation adopted in May 2016 but not by this subsequent amending proposal. Article 4a of the UK’s Title V (Justice and Home Affairs) opt-in Protocol contemplates, in these circumstances, that the Commission and other Member States may eject the UK from the Europol Regulation if they consider that the UK’s decision not to participate in the ETIAS watchlist would make it “inoperable”. We ask the Minister:

23.12We find it difficult to reconcile the Minister’s assurance that the exchange of border information and the sharing of data for the purposes of cross-border law enforcement cooperation will be “an important consideration” in the UK’s exit negotiations with the Government’s failure to make any interventions on Article 55 of the proposed ETIAS Regulation which sets out restrictive conditions for the sharing of ETIAS data with third countries. We ask the Minister whether the Government intends to seek law enforcement access to ETIAS data as part of the “strategic agreement” with the EU envisaged in its future partnership paper, Security, law enforcement and criminal justice. Does he consider that the provisions of such a framework agreement dealing with cross-border data sharing and transfers for law enforcement purposes would take precedence over incompatible provisions in EU secondary legislation, such as the proposed Regulation? If not, is he content with the restrictive conditions on access to ETIAS data set out in Article 55 of the Council general approach?

23.13The Minister says he has no reason to doubt the adequacy of the safeguards for protecting personal information provided as part of the ETIAS application process. Nonetheless, given the possibility that the personal data of a large number of British nationals may be stored in the ETIAS Central System once the UK leaves the EU and be checked against other EU databases, as well as the ETIAS watchlist, we urge the Minister to press for extremely robust safeguards and effective enforcement mechanisms. We ask him to provide regular progress reports on this and other aspects of the negotiations.

23.14Pending further information, the proposed Regulation remains under scrutiny. We draw this chapter to the attention of the Home Affairs Committee and the Committee on Exiting the European Union.

Full details of the documents

(a) Proposal for a Regulation establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 515/2014, (EU) 2016/399, (EU) 2016/794 and (EU) 2016/1624: (38261), 14082/16 + ADD 1, COM(16) 731.

(b) Proposal for a Regulation establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulation (EU) 2016/794: (38815), 9763/17 ADD 1.

Background

23.15Our predecessors’ earlier Reports listed at the end of this chapter provide a detailed overview of the proposed ETIAS Regulation—document (a)—and the Government’s position.

The ETIAS “watchlist” and proposed changes to the Europol Regulation—document (b)

23.16The proposed Regulation would amend the current Europol Regulation to give Europol the necessary powers to:

23.17The new tasks given to Europol draw on the powers it has under Article 18(2)(a) of the Europol Regulation which allow Europol to process personal data for the purposes of “cross-checking aimed at identifying connections or other relevant links” between individuals suspected of having committed serious crimes or considered likely to do so.

23.18The ETIAS watchlist is intended to help identify individuals who have committed, or are suspected of having committed, a serious criminal offence, as well as individuals for whom “there are factual indications or reasonable grounds to believe that they will commit serious criminal offences”.365 It will be based on information provided by Member States and Europol and contain the following personal data: name (including aliases); date, place and country of birth; sex; nationality; details of travel documents; contact details (home, e-mail and phone); and IP address. The information contained in each application for a travel authorisation will be screened against a set of indicators designed to reveal any security, illegal immigration or public health risk associated with specific groups of travellers, and cross-checked against the ETIAS watch list and data held in various EU and Interpol databases.

23.19The proposed Regulation would also give the European Border and Coast Guard, the EU Agency hosting the ETIAS Central Unit, limited access to Europol’s databases for the purpose of establishing whether they contain relevant information on convicted offenders or criminal suspects.

The Minister’s Explanatory Memorandum of 21 June 2017 on document (b)

23.20The Minister notes that the creation of an ETIAS watchlist would involve Europol in a new task and necessitate changes to the 2016 Europol Regulation. He raises no concerns about the substance of the proposed amending Regulation and makes clear that the Government supports the use of watchlists as a means of improving the security of the EU’s external borders. He explains that the proposal is subject to the UK’s Title V (Justice and Home Affairs) opt-in, adding:

“The Government is committed to taking all opt-in decisions on a case-by-case basis, putting the national interest at the heart of the decision making process. We will undertake a full analysis of the advantages and disadvantages of this Regulation to the UK in making our opt-in decision. The Government will have particular regard to the operational benefits to the UK opting in and the links between the Regulation and Europol itself, of which the UK remains a full member.”366

23.21The Minister recognises that the proposed Regulation “creates a new database for Europol to maintain” and engages rights protected by Articles 7 and 8 of the EU Charter of Fundamental Rights (respect for private and family life and the protection of personal data). He considers the use of personal data contained in the ETIAS watchlist for border control purposes to be “proportionate given the seriousness of the criminality for which Europol is competent and the strict data protection controls that it has in place”.367

The Minister’s letter of 6 September 2017

23.22The Minister confirms that the June Justice and Home Affairs Council agreed a general approach on documents (a) and (b). He explains that Europol will create and host the ETIAS watchlist and that this necessitates a further Regulation—document (b)—to amend the Europol Regulation:

“As the Europol Regulation is not part of the Schengen acquis and may not be amended by an act developing the Schengen acquis, it was necessary to split the original proposal into two texts to enable a separate instrument to amend the Europol Regulation to reflect this new function.”

23.23The Minister notes that the UK’s Title V (Justice and Home Affairs) opt-in applies to the proposed amending Regulation. As the Government had not decided whether or not to opt in by the time of the June Council, the UK did not participate in the vote on the general approach. He continues:

“I can confirm that the opt-in deadline was triggered on 22 May when the amending proposal was brought forward. This means that the Government was required to take an opt-in decision by 21 August. In considering this decision, the Government had concerns about the number of unknowns that there still are with regard to how the watchlist will be hosted by Europol and how it will function. As such, it’s not clear what obligations opting-in might place on the UK and for this reason, the Government decided not to opt-into the amending Regulation at this time.”

23.24Turning to negotiations on document (a), our predecessors asked the Government whether it had made any interventions specifically on Article 55 of the proposed Regulation which prohibits direct third country access to personal data stored in the ETIAS Central as well as indirect access via a Member State.

23.25The Minister confirms that the UK has been participating in discussions on the ETIAS but “has not made an intervention on this specific point”. He explains that the general approach agreed by the Council in June makes a number of changes to Article 55 :

“The current text now provides that data accessed from the ETIAS Central System may be transferred to a third country in individual cases if necessary for the purpose of return, on the condition that the Commission has adopted a decision on the adequate protection of personal data in that third country in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679), or where a readmission (or similar) agreement is in force between the EU or a Member State and that third country, or where Article 49(1)(d) of the General Data Protection Regulation applies (i.e. that transfer is necessary for important reasons of public interest). The Member State is to inform the third country of the obligation to use the data only for the purposes for which it was provided and the data must be transferred or made available in accordance with the relevant provisions of Union law (in particular readmission agreements and transfer of personal data) and the national law of the providing Member State (including legal provisions relevant to data security and data protection). Data may also be transferred to a third country upon request in cases of exceptional urgency where there is an immediate and serious threat of a terrorist offence or other serious criminal offences as defined in the text. The transfer must be carried out in accordance with the applicable conditions set under the Data Protection Directive (Directive (EU) 2016/680) and the requesting third country should reciprocate with any information held in their own travel authorisation systems. Transfers will be documented and the documentation made available to the supervisory authority on request.”

23.26Our predecessors asked whether it was the Government’s position that all data sharing arrangements in the field of security and law enforcement cooperation should be dealt with in the EU-UK withdrawal agreement (or any EU-UK future relations and/or transitional agreements) and that this agreement or agreements should take precedence over any explicit provisions on data sharing in EU secondary legislation, such as the proposed ETIAS Regulation to the extent that there is any incompatibility.

23.27The Minister responds:

“The exchange of border information and the question of how the UK will share data with the EU for the purposes of cross-border cooperation on security and law enforcement will be an important consideration as part of the process of leaving the EU, as we look to establish a new relationship. Until exit negotiations are concluded, the UK remains a full member of the EU and all the rights and obligations of EU membership remain in force. During this period the Government will continue to negotiate, implement and apply EU legislation.

“The exact nature of our future relationship with the EU on data sharing in the field of security and law enforcement will be determined over the course of negotiations. The Government has been clear that the detail of some future arrangements may require the negotiation of a separate agreement with the EU alongside the withdrawal agreement. The withdrawal agreement, alongside any other agreements between the UK and the EU, will therefore set out the full scope of our future relationship.”

23.28Our predecessors reiterated their request for an assessment of the adequacy of the safeguards proposed by the Commission in relation to the protection of personal information provided as part of the ETIAS application process, noting that this assessment could be updated to take account of any significant changes resulting from the opinion issued by the European Data Protection Supervisor or the progress of negotiations. The Minister says that the Government has “followed discussions in this area”, adding:

“While we have made no formal assessment of the safeguards proposed, we have no reason to believe they would be inadequate.”

23.29Finally, our predecessors highlighted the difficulties likely to be involved in seeking redress in a foreign jurisdiction for the refusal of an ETIAS travel authorisation (if the ETIAS were to apply to the UK in future) and sought a more informed view of the potential practical and legal obstacles which UK nationals might encounter post-Brexit. The Minister responds:

“Where a travel authorisation has been refused, the applicant will receive a notification via email which will include the travel authorisation application number, the national unit that refused the travel authorisation and its location, the ground(s) for refusal and information on the procedure to be followed for an appeal. Article 31 states that appeals shall be conducted in the Member State that has taken the decision on the application and in accordance with the national law of that Member State.”

Previous Committee Reports

For document (a), see our Fortieth Report HC 71–xxxvii (2016–17), chapter 18 (25 April 2017); Thirty-fifth Report HC 71–xxxiii (2016–17), chapter 7 (15 March 2017); Thirty-first Report HC 71–xxix (2016–17), chapter 12 (8 February 2017);and Twenty-fifth Report HC 71–xxiii (2016–17), chapter 12 (11 January 2017).


357 See the European Commission’s factsheet on the ETIAS.

358 The Commission’s original proposal stipulated that the travel authorisation would be valid for five years. This has been reduced to three years in the general approach agreed by the Council.

359 See para 24 of the Explanatory Memorandum of 30 November 2016 submitted by the then Immigration Minister (Mr Robert Goodwill) and his letter of 26 January 2017 to the Chair of the European Scrutiny Committee.

360 See the press release issued by the Council on 9 June.

361 See chapter 0.11 (38252) of this Report on the Europol Regulation.

362 See para 14 of the Minister’s Explanatory Memorandum on document (b).

363 The three month period starts to run from the date on which the last language version of the proposed Regulation is published.

364 See para 16 of the Minister’s Explanatory Memorandum on document (b).

365 See Article 29 of the Council’s general approach on the proposed ETIAS Regulation.

366 See para 16 of the Minister’s Explanatory Memorandum on document (b).

367 See para 11 of the Minister’s Explanatory Memorandum on document (b).




20 November 2017