In an Opinion published last week, the European Data Protection Supervisor (EDPS) has raised data protection concerns regarding the Commission proposals to reform the Dublin Regulation, the Eurodac Regulation and the establishment of an EU Agency for Asylum. The opinion stresses that the proposals need to be further assessed to ensure the respect for the fundamental rights of people entering and leaving the EU.

The EDPS finds that the proposed expansion of Eurodac to cover irregular migration and return purposes is unclear, while no data protection and privacy impact assessment has been made prior to the proposal. To that end, the Supervisor requests a detailed impact assessment to ensure that the expansion of the database is necessary and proportionate to meet its stated objectives.

“The EDPS understands the need for the EU to better address the challenges of migration, borders and refugees,” stated the Supervisor Giovanni Buttarelli. “However, we recommend considering additional improvements in the revised proposals which will involve a significant collection of data concerning non-EU nationals whose freedoms, rights and legitimate interests may be significantly affected. Border management and law enforcement are distinct objectives and need to be more clearly distinguished.”

A detailed impact assessment is also recommended for measures concerning children, as well as the collection of facial images, which the proposal has not demonstrated as necessary and proportionate to be in line with human rights. The Supervisor also criticises the lengthy retention period of five years for data stored in the database for the purpose of returning people.

ECRE has raised similar questions relating to data protection in its Comments on the Eurodac proposal, finding the expansion of the database contrary to the fundamental rights to privacy and data protection, while also voicing concerns on the introduction of new biometrics, longer periods of retention of data, and sanctions against individuals who refuse to give fingerprints or facial images.

The Opinion of the EDPS also mentions specific data protection concerns relating to the Dublin proposal. The EDPS recommends clarifying that the unique identifier for each asylum seeker in the Dublin database may only be used for the purposes of the Dublin Regulation.

For further information:


This article appeared in the ECRE Weekly Bulletin of 30 September 2016. You can subscribe to the Weekly Bulletin here.