Select Committee on European Union Minutes of Evidence

Memorandum by Jonathan Faull, Director General, Justice, Freedom and Security European Commission

  1.  The SIS is a vital tool for the smooth running of an area of freedom, security and justice. It contributes to the implementation of the provisions on the free movement of persons (Title IV of the EC Treaty) and to police and judicial cooperation in criminal matters (Title VI of the EU Treaty).


  2.  The Decision and Regulation on the development of a second generation of the SIS (SIS II) was taken by the Council in December 2001.[1] The Council[2] had in mind the enlargement of the Schengen Area to the Member States that were going to join the EU in May 2004 and which required a new SIS. In addition, the SIS II had also to benefit from the latest developments in the field of information technology. These legal acts also provided for the inclusion in the budget of the EU of the necessary appropriations for the development of such a system. It should be noted that the current SIS is funded on an intergovernmental basis.

  3.  This decision of the Council to develop a new SIS entrusting to the Commission the technical implementation was taken without prejudice to future legislation that would lay down in detail the operation and use of the system.[3] This was precisely the objective of the three proposals submitted by the Commission in May 2005 that shall govern the SIS II and that need to be adopted before the new SIS can start operations. Two out of these three proposals follow the co-decision procedure, which allows the European Parliament to play its role fully as legislator on this sensitive dossier.

  4.  The current SIS has proved its efficiency and added value for maintaining a high level of security in an area without internal border controls. The SIS II should offer at least the same services as the current SIS and shall include the possibility, if confirmed by the legislator, of providing some new services or functions. The underlying rationale and nature of the system will remain the same as the current SIS. An impact assessment and public consultation were, therefore, not necessary. However, when drafting its proposals the Commission took into account the comments made on the current SIS by national experts, the Schengen Joint Supervisory Authority and other organisations, and it formally consulted several bodies active in the field of data protection on the proposal adopted: the European Data Protection Supervisor, the Schengen Joint Supervisory Authority and the Article 29 Working Party.

  5.  The Commission started the technical implementation of the SIS II before the legal package was presented in order to keep the tight deadline for having the system in place, which will allow, if the other legal criteria are met, the enlargement of the area without internal border controls to the Member States that joined the EU on May 2004. However, the final decision as regards the operations, use and functionalities of the system, personal data protection and access rights lies exclusively with the EU legislator. The Commission is reviewing regularly the technical implementation of the SIS II to ensure that it is perfectly in line with the legal acts as being negotiated and to be adopted by Council and Parliament.


  6.  The Commission proposed that it should initially be responsible itself for the management of the SIS II because this would ensure continuity between the system's development and operational phases. However, it has become evident throughout the inter-institutional negotiations that it is not an option for the long-term that is acceptable to Member States or the European Parliament. In the light of the latest results of the negotiations, it seems that the management will be divided into two phases: an interim phase and a long-term phase. During the interim period the responsibility for the management will lie with the Commission, which will have the possibility to delegate operational management tasks to public authorities of Member States. The long-term management of the SIS II will be most likely given to a European Agency, although the Commission will carry out an impact assessment study to identify the best option.

  7.  Whatever solution is chosen for the management, it will have to guarantee a sufficient level of accountability and transparency. The Council and the European Parliament should have a say on the rules of functioning of the management body and it will function within the EU inter-institutional system of checks and balances. The management body will have to present regular reports on the technical functioning of the SIS II and the Commission shall produce and transmit to the Council and the European Parliament on a regular basis an overall evaluation of the central SIS II and the exchange of supplementary information between Member States. The evaluation will include examination of results against objectives, assessment of the validity of the underlying rationale, the application of SIS II legal instruments and any implications for future operations.


  8.  The possibility of processing biometric data (fingerprints and photos) was requested by the Council in its conclusions on the SIS II in 2003 and 2004. The intention is initially to store and retrieve this type of data for confirming identifications performed on the basis of an alphanumeric search. The photos and fingerprints would allow the police officer or border guard to verify whether the person being checked is the same as the one intended by the alert in the SIS. At a later stage fingerprints could be used for searching the database alone or in combination with the alphanumeric data.

  9.  Identification by using biometric data has not only proven its reliability in national police systems but also in EU large-scale IT systems such as EURODAC for the identification of asylum seekers and it is also an intended functionality for the Visa Information System (VIS). This use of biometric data should not imply any change in the nature of the system since the legal framework clearly limits the use of the system. In practice this new functionality would mean, for instance, that a border guard when checking a person against alerts for refusal of entry at the external border will not only use the name, date of birth or other alphanumeric data, but can also collect the biometric data from the person or from the passport in order to perform the identification.

  10.  In general the use of biometric data should increase the quality of the database and of the searches leading to more reliable identification. This should also improve the situation of people suffering the consequences of misidentification performed by the current SIS based on simple alphanumeric searches.


  11.  Links between alerts should only be introduced when there is a clear and well-defined relationship between them. They will not affect the specific action to be taken on the basis of each of the linked alerts or their conservation periods. Moreover, they will not affect access rights to the alerts since a link will be only seen by the authorities having access to both of the linked alerts.

  12.  As this will be a new functionality it is difficult to anticipate the use that Member States will make of it. The intention is to draw the attention of the officer who has spotted a person or an object in the SIS to other possible alerts in the system that would allow him or her to take another action.


  13.  The Commission proposed to harmonise further the conditions or criteria for entering alerts in the SIS II for the purpose of refusing entry given the diverging practices of the Member States. This has been confirmed not only in reports of the Schengen Joint Supervisory Authority or independent human rights reports, but also in meetings of national experts. However, the two main criteria proposed for issuing such an alert—threat to public policy or security and illegal immigration—remain the same as in the current Schengen Convention.

  14.  The Commission has added to these two basic criteria a new one targeted at third country nationals who are subject to restrictive measures intended to prevent entry or transit through the territory of the Member States in accordance with Article 15 of the EU Treaty.

  15.  Council and Parliament seem to agree on the aim to achieve a higher level of harmonisation regarding the criteria for issuing these alerts although this level will remain lower than the Commission proposed initially. The legislators seem also to agree that the Commission shall review the application of the provisions concerning the issuing of these alerts in view of achieving a higher level of harmonisation in the future.


  16.  Schengen cooperation must be fully compatible with EU/EC law. The European Court of Justice has stressed this fundamental point in its recent judgment of 31 January 2006 (Case C-503/03, Commission v Spain). The ECJ ruled that Spain breached Community law by refusing entry to two Algerian nationals, spouses of EU citizens, solely on the grounds that an alert for refusing entry has been issued for them in the SIS by another MS. The Court stated that closer cooperation in the Schengen field must be conducted within the legal and institutional framework of the European Union and with respect for the Treaties. Since the concept of public policy within the meaning of the Directive 64/221/EEC does not correspond to that in the Schengen Convention, a Member State which consults the SIS must be able to establish, before refusing entry to the person concerned, that his or her presence in the Schengen area constitutes a genuine, present and sufficiently serious threat affecting one of the fundamental interests of society in accordance with the aforementioned directive. The existence of an alert in itself is not sufficient to establish this.

  17.  The Commission proposed initially to exclude family members of EU citizens from the scope of the Regulation. However, Member States, fearing that it could undermine security in the area without internal borders, prefer to have the possibility to introduce alerts on third-country nationals even if they are family members of EU citizens. In the event that this option will be accepted by the Council and the European Parliament, it has to be accompanied by appropriate safeguards guaranteeing that EU legislation on free movement is respected.


  18.  The Commission intended to improve the current rules regarding the collection of data, in particular the conditions for issuing the alerts in the SIS. The general conditions that are part of the basic legal framework will be completed with implementing measures containing technical rules for entering and searching the data in the SIS II. These rules should improve the overall quality of the database and increase transparency regarding the functioning of the system.

  19.  Access rights to data must be provided following the purpose of the alert. It is clear that the access to data for refusal of entry could only be provided in the context of the Regulation which regulates the use of the SIS in the control of external borders, visa issuing or more in general immigration control or policing.

  20.  The SIS II legal acts do not appoint the authorities with right of access; they provide for access rights to the SIS II on the basis of the tasks to be carried out. For example, if the police in a Member State has responsibilities for border checks or immigration control then it shall have access to the alerts for the purpose of refusal of entry. However, if the access to these alerts is performed for the purposes of the prevention, detection and investigation of criminal offences such a use must be regulated in the third pillar act—Decision—with a bridging clause in the Regulation that will make the immigration data available for purely police purposes.

  21.  In its proposal the Commission has also provided for access for asylum authorities to alerts for refusal of entry for two different purposes. The first purpose is the application of the Dublin Regulation[4] which reflects the practice of some Member States where these authorities have access (direct or indirect) to these alerts. The objective is to identify whether another Member States is responsible for an asylum application based on the responsibility for the illegal entry or stay of the asylum applicant in a Member State. The second purpose relates to the application of the Directives on minimum standards on procedures in Member States for granting and withdrawing refugees status and on minimum standards for the qualification and status of third country nationals or stateless persons as refugees or as persons who otherwise need international protection.[5] The intention is to ensure via the SIS an efficient exchange of information between Member States for performing security checks on asylum applicants and to facilitate the implementation of provisions contained in the aforementioned Directives concerning exclusion from refugee status or the possibility of launching an accelerated or prioritised examination procedure.

  22.  In any case it must be underlined that in the context of asylum the fact that the person is found in the SIS can never immediately or automatically lead to a refusal of refugee status or to a transfer of the asylum seeker to another Member State in accordance with the Dublin mechanism. The alerts in the SIS only constitute INDICATIVE information that will allow the competent authority to make a more informed decision and, therefore, to apply Community rules more effectively.


  23.  With regard to the first-pillar Regulation, EC data protection rules will apply, in particular Directive 95/46/EC and Regulation No 45/2001. With regard to the third pillar Decision, the Council of Europe Convention of 28 January 1981 for the protection of individuals with regard to automatic processing of personal data will apply. It will be replaced by the Framework Decision on data protection in the third pillar after the adoption of this proposal.

  24. In its proposal the Commission excluded the transfer of data to third parties with some limited exceptions. The SIS II draft Decision provided for transfer of data to third countries or organisations in the framework of an EU agreement with third parties guaranteeing an adequate level of protection of the transferred personal data and with the consent of the Member State that entered the data.

  25.  From the ongoing discussions it has become clear that the scope of the exception from the general rule of not transferring the data will be even more limited. The only exception would be exchange of data on passports with third countries via Interpol with appropriate data protection safeguards.


  26.  From a technical perspective "Interoperability" is the ability of IT systems and of the business processes they support to exchange data and to enable the sharing of information and knowledge. This is disconnected from the question of whether the data exchange is legally or politically possible or required.

  27.  The Commission's Communication on improved effectiveness, enhanced interoperability and synergies among European databases in the area of justice and home affairs presents different scenarios on how the existing large-scale IT systems could, in addition to their existing roles, more effectively underpin the policies linked to the free movement of persons and contribute to the fight against terrorism and organised crime. The aim of the Communication was to provide a global picture and start a general debate at Council and Parliament on possible developments in this field. Following this debate and after a careful assessment, in particular from a fundamental rights perspective, more concrete steps could be taken in order to promote interoperability and ensure the flawless exchange of data between the existing or even future IT systems in the field. These concrete steps would also include the relevant impact assessment and legislative proposals amending the legal framework of the existing IT systems.


  28.  The SIS is essential for maintaining a high level of security in an area without border controls. Following the UK's request, the Council decided on the participation of the UK in the Schengen Acquis limited to the aspects linked to the police and judicial cooperation in the criminal field. This has excluded the UK from participating in the exchange of information performed via the SIS aiming at the control of external borders or issuing of visas since it does not participate in these common Schengen policies. Therefore, the UK has no access to alerts for the purpose of refusing entry.

  29.  Access for the UK asylum authorities to alerts for the refusal of entry for the implementation of the aforementioned asylum directives, similar to that available to other Member States, is excluded since, as explained above, the UK is not taking part in the SIS II Regulation. An ad hoc solution allowing an indirect access for UK authorities could be examined once the SIS II legal acts, including the provisions on access rights and purposes, have been adopted.

28 July 2006

1   Council Decision 2001/886/JHA and Council Regulation 2424/2001 of 6 December 2001. Back

2   cf recitals 2, 3 and 4 of both legal acts. Back

3   cf recital 7 of the aforementioned legal acts. Back

4   Council Regulation (EC) No 343/2003 of 18 February 2003 establishing the criteria and mechanisms for determining the Member State responsible for examining an asylum application lodged in one of the Member States by a third-country national Official Journal L 050, 25/02/2003. Back

5   Directive 2005/85/EC and Directive 2004/83/EC. Back

previous page contents next page

House of Lords home page Parliament home page House of Commons home page search page enquiries index

© Parliamentary copyright 2007