Data governance should not only be considered regarding legal requirements for the system at hand and corresponding responsibilities distribution but from the managerial side, focusing on end users’ role in administering sensitive data. All in all, there is a significant margin for improvement regarding privacy by design, and Eticas will continue pushing in this direction.
New mechanisms aimed at ensuring smooth processing of (personal) data at the border with identification or control processes are being developed. The extension of the so-called eborder in Europe entails new risks for the rights to privacy and integrity. Our research reveals the importance of integrating privacy by design into the processes of technological adoption and implementation to ensure these rights.
In this regard, three aspects can be stressed:
- Most analyzed solutions can efficiently fulfil their purposes by using less data than initially expected, which calls developers, authorities, and researchers to observe the principle of data minimization.
- This purpose-driven approach to technological adoption has implications for the desirability of new systems and reveals the need for ensuring that data security is assessed from all angles, including the role of hardware and software providers.
- Data management’s procedural and contextual dimension is often understood as an additional requirement to be integrated into the process once a technology is ready to be used.
Current European border policies
The set of policies and legal provisions established by EU institutions have addressed many dimensions of border policies, including border surveillance, control and intelligence (Jeandesboz 2008). In the last decade, the European Union (EU) has broadened its external border control resources and competencies while diversifying the Schengen borders’ surveillance mechanisms (Köning, 2016). Information management has transformed into an essential dimension of EU border policies to monitor around 500 million border crossings yearly and more than 1800 Border Crossing Points both on land and seaports.
The “Smart Borders” Package, proposed by the European Commission in February 2013, advanced in the development of an Entry/Exit System (EES) and a Registered Traveller Programme (RTP). The European Border Surveillance System (EUROSUR), established the same year, combines different data collection and processing systems to detect and track irregular immigration into the European Union member states. These include drones, reconnaissance aircraft, offshore sensors, satellite remote sensing and communication platforms. Member States -and Norway- have established National Coordination Centres (NCCs) to participate in and provide information to the system network. This data is used by each country and the European Border and Coast Guard Agency (FRONTEX), through its Frontex Situation Centre (FSC). FRONTEX, aimed at the European Schengen Area’s border control (2004), develops strategic plans and establishes a situational picture based on this information. In 2015, the agency mandate was widened, also increasing its resources. The following year the European Parliament approved the development of the European Border and Coast Guard.
Furthermore, in 2016, the revised Smart Borders regulation was adopted by the European Commission, including a Regulation for establishing an Entry/Exit System and a proposed amendment to the Schengen Borders Code to integrate the technical changes needed for the Entry/Exit System. Since then, new measures taken concerning the control of border crossers’ identity and statuses, such as the new system coordinating the databases for Schengen Information System (SIS), Visa Information System (VIS), and Eurodac, have been accompanied by the development of new land border physical and digital surveillance mechanisms.
As part of this process, “digital borders”, based on large centralized databases and algorithmic data analysis, are enlarging the gap between EU internal mobility and external securitization (Brouwer, 2008; De Rousi, 2018). Modern surveillance tendency towards massive data storage seems to be reproduced within EU borders control policies (Aas, 2011;Jenkins, 2012). Lyon (2003) underlined the profiling dimension in surveillance policies, which are increasing their capacity to identify and categorize individuals. To capture these transformations, new border control policies and configurations have been defined as “biometric border” (Amoore, 2006), “iBorder” (Pötzsch, 2015) or “digital border” (Broeders, 2007).
One of the challenges for these new surveillance policies is to respect the current data protection framework and good governance for border control while ensuring integrating best privacy by design practices into new technological design. In this paper, we examine this tension under the light of Eticas research conducted within three frameworks. Firstly, FOLDOUT, a multisensor system aimed at detecting border crossers and people in need of aid in EU external land borders. Secondly, ABC gates for Europe, a project developing integrated, interoperable and citizen’s rights respectful ABC systems at the EU level. Lastly, “Under Watchful eyes”, a research on the use of biometric identification technologies in EU borders and its human rights implications, conducted by Eticas for the EU Fundamental Rights Agency.
Digitalization of the EU border and privacy by design: the cases of ABC, FOLDOUT and FRA research
Eticas has assessed many kinds of EU border control technologies, offering PbD solutions and recommendations for their remodelling to align them with EU data protection law and values. In this section, we analyze three of these assessments and their results.
ABC gates for Europe
The ABC4EU project aimed at identifying the requirements for an integrated and interoperable ABC system at the EU level. It took into account the experience gained from the previous ABC pilots and projects and future needs derived from the Smart Border and other EU and national initiatives while ensuring citizens’ rights, privacy, and other related ethical aspects. ABC4EU focused on the need for harmonization in the design and operational features of ABC Gates, considering especially the full exploitation of the EU second-generation passports and other accepted travel documents. In addition, Registered Traveller Programme (RTP) and Entry Exit System (EES) were specifically tested to assess their feasibility and an EU level border management C4I concept will be developed for end-user assessment.
To deliver on their promise of convenience, ABC gates should be designed to minimize data intensiveness (in terms of the amount of processing) and be designed in an accessible fashion from the beginning. By making data collection and passage minimal and convenient, many types of users (e.g. people with disabilities) could more easily use the ABC system, thereby facilitating higher and faster traveller flows. Eticas addressed several privacy-by-design questions during the research project: to what extent are proposed ABC gates amenable to having privacy designed in? Is this option user-friendly and does it keep data secure by default? What design steps have been taken to minimize data needs? Will the technology designed be privacy-enhancing as part of its functioning and function well with privacy-enhancing technologies?
Based on its work and analysis of ABC subsystems, Eticas recommendations included:
- securing passenger history information to prevent any undesired leakage,
- monitoring fingerprints data quality at the physical border, or
- reducing biometrics used for identity authentication at airports.
FOLDOUT multi-sensors system
FOLDOUT technology focus is on through-foliage detection in the inner and outermost regions of the EU. Detecting people through dense foliage in extreme climates with only a penetration technology is prone to high fault rates. By addressing foliage penetration of unreliable detections in such harsh environments, the system expects to reduce border guards’ workloads, border control costs and save people at the border, including border crossers or victims of trafficking. The FOLDOUT combines various sensors and technologies and intelligently fuses these into an effective and robust intelligent detection platform. The events will be analyzed with machine learning tools to continuously increase the system’s detection and tracking capability. This allows to increase detection effectiveness and reduce false positives.
However, once implemented, the system might affect the privacy and security of border crossers, national citizens and border control workers, who may be subjected to different detection tools with identification capabilities, such as cameras. In this context, Eticas produced a PbD assessment focused on the system architecture and data management mechanisms, identifying and tackling possible data protection risks.
The FOLDOUT system does not require personal identifiers for its functioning (such as faces, body traits, or voice) since its focus is on differentiating humans from objects or animals. In this context, Eticas recommendations focused on:
- reducing or eliminating any personal identifiers from sensors used by the system by
- blocking of microphones used by some cameras used for image detection,
- reducing captured data quality for some sensors or
- establishing the system Manual with clear instructions for border guards’ data management
Fundamental rights project on biometrics at the border
This research conducted by Eticas and CSIC on behalf of the FRA addressed the impact of large-scale EU information technology systems (IT systems) in the areas of migration and security on fundamental rights. It offered comprehensive research on how these systems affect individual rights, focusing on fundamental rights implications of collecting, storing and using biometric and other data in EU IT systems in the area of asylum and migration.
The research reveals how large-scale EU information technology systems are frequently utilized beyond the original asylum and migration management purposes to serve internal security. The research also showed that ensuring purpose limitation if IT systems are made interoperable involves particular challenges. Data protection by design and by default continue to be relevant in developing technical solutions for IT systems. Additional safeguards limit the data that can be searched and employ the cascading system, which requires other databases to be checked before consulting Eurodac, EES and ETIAS.
Eticas, together with the CSIC, contributed to the research design and identification of the above issues. On the basis the Fundamental Rights Agency produced the following summary of (privacy by design) recommendations for the implementation of biometric systems at the EU border: Ensure that industry uses fundamental rights expertise in the design of new solutions through for example embedding data protection into their products and services; provide strong safeguards to prevent unlawful access to data (this includes the use of strong firewalls to prevent private companies for example seeing information they are not meant to see. Monitoring access through log files should also continue to be reinforced. prohibit the transfer of data to non-EU countries especially in cases where asylum applications are still ongoing); improve data quality and accuracy of the records stored in IT systems; allow people to access their personal data and have the data corrected and deleted if inaccurate (this could be helped by simplified procedures, information campaigns on how to exercise this right and dedicated training for lawyers so they can offer relevant help).