Allowing EU IT systems to communicate and share information can help address current migration and security challenges. However, in the drive to be more efficient and effective, people may find that their personal data has been shared without them knowing or they may be considered suspicious due to data errors. The latest Opinion from the EU Agency for Fundamental Rights (FRA) examines current proposals and suggests how the EU could ensure people’s rights are respected.

There are EU proposals to make more intelligent and targeted use of the information available in the existing and future systems. This will allow national authorities make best use of existing data, detect multiple identities and counter identity fraud, and to carry out rapid and effective checks.

They propose creating a European search portal to provide a ‘one-stop shop’ for searching across multiple systems. There will be a way to search existing databases and match biometric data, such as fingerprints or facial images. A common identity repository will pool basic biographical and biometric information, such as names and dates of birth of non-EU citizens, so that they can be reliably identified. In addition, a multiple-identity detector will flag cases where one person has different identities across the different systems.

To explore the impact of such systems, the European Parliament asked the Agency to provide its Opinion on the fundamental rights implications of the proposed interoperability Regulations. The suggestions include:

Ensuring a clear legal basis (‘legal foreseeability’): This applies to using the common identity repository to check people’s identity. Why these police checks need to be carried out, and how, must be clearly defined at EU level.

This applies to using the common identity repository to check people’s identity. Why these police checks need to be carried out, and how, must be clearly defined at EU level. Controlling law enforcement access : Law enforcement authorities are allowed to access EU databases to fight terrorism and serious crime. This is meant to allow them to check if people are in the systems. However, police databases should always be checked first and then clearance from an independent verifier should be sought before queries to EU databases.

: Law enforcement authorities are allowed to access EU databases to fight terrorism and serious crime. This is meant to allow them to check if people are in the systems. However, police databases should always be checked first and then clearance from an independent verifier should be sought before queries to EU databases. Improving data quality : Data entry or processing errors can lead to discrimination, mistaken identity or accusations that people are hiding their identity. Member States should be obliged to correct mistakes and flag inconsistencies. The EU should also establish an EU-wide handling mechanism for accessing, correcting and deleting inaccurate personal data.

: Data entry or processing errors can lead to discrimination, mistaken identity or accusations that people are hiding their identity. Member States should be obliged to correct mistakes and flag inconsistencies. The EU should also establish an EU-wide handling mechanism for accessing, correcting and deleting inaccurate personal data. Limiting the scope of use: The future European Criminal Record Information System for non-EU nationals (ECRIS-TCN) proposes including the fingerprints of all those who are guilty of offences. Depending on each Member State’s national law, these range from serious crime to misdemeanors. Such data should not be in the common identity repository as it appears to go beyond the scope of use of data stored in ECRIS-TCN system.

The future European Criminal Record Information System for non-EU nationals (ECRIS-TCN) proposes including the fingerprints of all those who are guilty of offences. Depending on each Member State’s national law, these range from serious crime to misdemeanors. Such data should not be in the common identity repository as it appears to go beyond the scope of use of data stored in ECRIS-TCN system. Informing people : With interoperable systems it is more complex to inform people if and how their data are being used. The proposals should strengthen the right to information, including making the information child-friendly and in a language the person affected understands.

: With interoperable systems it is more complex to inform people if and how their data are being used. The proposals should strengthen the right to information, including making the information child-friendly and in a language the person affected understands. Mainstreaming fundamental rights: Interoperability may pose fundamental rights challenges that will become known only during implementation. Therefore, monitoring and impact evaluations should explicitly also cover fundamental rights.

The EU already has a number of large-scale border management IT systems with plans to create more. Some are being revised. They help deal with visas, asylum applications, as well as internal security to track those who have been refused entry into the EU or are linked to criminal offences.

This Opinion advises the EU on how to avoid potential fundamental rights pitfalls in the proposed Regulations. It encourages respect for the core data protection principles of only sharing as much data as is needed and of limiting how such data are used. It also underlines the wider impact on other rights which should be recognised in the proposals. These include access to justice, the right to asylum and child rights as well as non-discrimination which is already covered.

FRA issues Opinions on specific thematic topics, following requests for advice from the European Parliament, the EU Council or the European Commission. These Opinions are part of the Agency's fundamental rights assistance and expertise that it provides to EU institutions and Member States.