as well as for the ECJ
while developing the fundamental right to data
Even though these provisions were recently added to the primary legislation,
the status of data protection as a fundamental right remains unclear.
addition has even made matters more complicated, since it is far from clear that
the multi-tiered European court system will manage to interpret those multi-
tiered and diﬀerently facetted provisions coherently.
Since the secondary law also contains a number of data protection provi-
sions, matters become even more complicated: A ﬁrst layer consists of general
EU data protection rules contained either in the EU data protection directive
95/46 – which regulates data processing by member states and which is
currently under reform – or in the EU regulation on the protection of indivi-
duals with regard to the processing of personal data by EU institutions (reg.
45/2001). These acts are complemented by the Convention 108 of Council of
Europe concerning the Protection of Individuals with regard to Automatic
Processing of Personal Data, an act of international law which is referred to by
a number of EU legal acts within the framework of the area of freedom, security
and justice like for instance the Convention for implementing the Schengen
Agreement, i.e. the legal basis of the Schengen Information System SIS. Finally,
05 – Gillan and Quinton on police search competences; for a systematic overview see: Siemen,
Datenschutz als europäisches Grundrecht [“data privacy protection as an European
fundamental right”], Berlin 2006, pp. 51–211; see also Albers, Informationelle
Selbstbestimmung [“informational self-determination”], 2005, pp. 290–297.
6 ECJ, C-465/00 et. al. – ORF, ECR 2003, I-4989, para 72 et seqq.; C-92/09 et al. – Schecke,
para 52, 59, 72, 87; see also CFI, T-194/04 – Bavarian Lager, ERC 2007, II-4523, para 111 et
seqq.; Advocate General Léger, C-317/04 – PNR, ECR 2006, I-4722, para 210; Advocate General
Sharpston, C-92/09 et al. – Schecke, para 72; Britz, Europäisierung des grundrechtlichen
Datenschutzes? [“Europeanization of data privacy protection in the margin of fundamental
rights”], Europäische Grundrechte Zeitung 2009 (1), pp. 6–7; Albers, Umgang mit
personenbezogenen Informationen und Daten [“handling of individual-related information and
data”], in: Wolfgang Hoﬀmann-Riem/Eberhard Schmidt-Aßmann/Andreas Voßkuhle (eds), see
supra note 3, § 22 para. 44; Siemen, see supra note 5, pp. 251–279.
7 Thus there are still no changes in the analysis of Albers, see supra note 5, p. 352.
8 cf. Britz, see supra note 6, pp. 2 et seqq.; see also J.-P. Schneider, Rechtsstaatliche
Sicherheit in der europäischen Informationsgesellschaft am Beispiel der
Vorratsdatenspeicherung [“Protecting the rule of law in European information society using the
example of Data Retention”], in: Osnabrücker Jahrbuch Frieden und Wissenschaft 16/2009,
Neue Fragen an den Rechtsstaat – Wie begegnen Politik, Recht und Exekutive aktuellen
Friedensgefährdungen? [“Osnabrück annual on peace and science 16/2009, New issues
concerning the rule of law”], 2009, p. 179 (pp.185 et seqq.).
European Information Systems and Data Protection
a number of sector-speciﬁc provisions on data protection have to be taken into
So what Wolfgang Hoﬀmann-Riem (a former judge responsible for data
protection cases within the German Federal Constitutional Court) once said
about German data protection law also holds true for data protection law on the
European level: “Since even experts have a hard time understanding and apply-
ing it, laymen have even a harder time adhering to it. Due to the number and
inconsistencies of data protection provisions, data protection law at least par-
tially fails to achieve its goals”.
This is a thought I am going to pick up later.
C. The Schengen Information System and new
legal arrangements for integrated data bases
Though it would be possible to address the aforementioned questions on an
abstract level, I have chosen a more empirical approach here. Thus, I am going
to present two case studies which show how an adequate level of data protection
can be reached in praxis.
My ﬁrst example for this will be the Schengen Information System (SIS). In
order to present some innovative legal arrangements governing intensively inte-
grated information systems, I am going to focus on the system’s function in the
European migration administration.
The SIS enables the participating national
agencies to issue alerts for the purposes of refusing entry for migrants to the
Schengen area. Such an alert has a trans-national eﬀect:
Someone who is subject
to an alert entered into the SIS will be unable to obtain a Schengen-visa from any
Schengen state and thus will not be allowed to enter and/or stay in the Schengen-
area (Art. 5 (1) lit. d, 15 Convention implementing the Schengen Agreement).
9 Hoﬀmann-Riem, Informationelle Selbstbestimmung in der Informationsgesellschaft
[“informational self-determination in information society”], in: Archiv des öﬀentlichen Rechts
123 (1998), p. 513 (p. 516).
10 cf. Laas, Die Entstehung eines europäischen Migrationsverwaltungsraumes [ “ Formation of
an European Area of migrational administration”], 2008, pp. 105 et seqq.; von Bogdandy, see
supra note 3, § 25 para. 81 ﬀ.
11 Laas, see supra note 10, p. 106.
380 Jens-Peter Schneider
I. Trans-national representative action and substitutional
This leads to the question of how such an alert can be legally challenged. Take
the example of a Tunisian businessman whose application for a Schengen-visa is
refused in France due to an erroneous alert – eventually based on a confusion of
names with a criminal – issued by German authorities.
The rules on information management and remedies within the SIS combine
decentralized and intensively integrated structures. Although only the state
issuing an alert can change, amend or remove the entry to the SIS (Art. 106 (1)
Convention implementing the Schengen Agreement), a “blacklisted” individual
may sue for rectiﬁcation, deletion or disclosure of information (and also for
damages) any member state using the SIS (Art. 111 (1) Convention implementing
the Schengen Agreement).
I would like to call this special legal arrangement
trans-national representative action [transnationale Prozessstandschaft].
ﬁctional Tunisian businessman mentioned above could sue in France – in the
language he probably is more familiar with. The resulting judgment would also
be binding on (and would have to be enforced mutually by French and) German
authorities (Art. 111 (2) Convention implementing the Schengen Agreement).
Unfortunately, until today it is unclear how this mutual enforcement is supposed
to work in practice.
No such enforcement problems apply to claims for damages caused by a
wrongful alert. Art. 116 Convention implementing the Schengen Agreement
provides that any member state is directly liable to a damaged person. If the state
against which an action is brought is not the state issuing the alert, the latter
shall be required to reimburse, on request, the sums paid out as compensation
12 See also Art. 36 Council Regulation (EC) 515/97 concerning the Customs Information
System (CIS). Compare Art. 18 Council Regulation (EC) 2725/2000 concerning the
establishment of “Eurodac” for the comparison of ﬁngerprints for the eﬀective application of
the Dublin Convention, Oﬃcial Journal L 316 (15.12.2000), p. 1: While data subjects may ask
any member state to provide information, accept their requests to correct or erase data and
assist him/her in exercising their rights (sections 2, 3, 9–11 and 12 s. 2), only the member
state which transmitted the data may correct or erase data (sections 5 and 6). Actions and/or
complaints may also only be brought before the competent authorities of the member state
which transmitted the data (section 12 s. 2).
13 Schneider, Verantwortungszurechnung bei vernetzten Verwaltungsverfahren nach
deutschem und europäischem Recht [“Accountability in networked administrative processes
according to German and European law”], in: Hill/Schliesky (eds), Herausforderung e-
Government [“challenges of e-government”], 2009, pp. 89 et seqq.
European Information Systems and Data Protection
unless the data were used by the requested state in breach of the Convention. I
term this special legal arrangement substitutional liability [Stellvertreterhaftung].
II. Administrative duties to control quality of data entered into
The rights of “blacklisted” individuals (at least those falling under the principle of
the freedom of movement – e.g. our Tunisian businessman only if he is married to
an EU Citizen) were bolstered by the ECJ in a judgment from 2006 which seriously
limited the trans-national binding eﬀect of SIS alerts.
In this judgment, the ECJ
established an administrative duty to control quality of data entered into the SIS
[Pﬂicht zu einer interadministrativ nachvollziehenden Amtsermittlung
So even though the member states may still treat an alert in the SIS as
evidence during the visa proceedings, they may not rely on it blindly. The ECJ
ruled that since an institutional structure exists capable of providing background
information on alerts on short notice (the so-called SIRENE-agencies)
members states are obligated to assess applications for Schengen-visa by them-
selves without solely referring in their decisions to the alerts issued by other
This shows that EU information systems must not only be considered as
threats to the protection of an individual’s personal data, but can also provide
an infrastructure strengthening individual rights and tightening administrative
duties to improve the quality of the data used for their decisions.
14 ECJ C-503/03, ECR 2006, I-1097 – Commission/Spain; on this Laas, see supra note 10,
pp. 107 et seqq.
15 A similar concept has been established with regard to the privatisation of fact ﬁnding in
administrative proceedings like the environmental impact assessment: Schneider,
Nachvollziehende Amtsermittlung bei der Umweltverträglichkeitsprüfung [“implementing ex
oﬃcio examination on the environmental impact assessment”], 1991, pp. 126 et seqq.
16 von Bogdandy, see supra note 3, § 25 Rn. 83.
382 Jens-Peter Schneider
D. Privacy by design in European information
systems: the case of the Internal Market
Information System (IMI)
My second case study will present the concept of “privacy by design” and its
implementation in the Internal Market Information System (IMI). Since this
information system links many government agencies on diﬀerent administrative
levels (including local trade control agencies as well as governmental ministries)
and connects them to an information exchange system spanning the whole EU,
the IMI is to be considered as an especially comprehensive information system.
In contrast to the SIS, the IMI currently isn’t designed to serve mainly as a
comprehensive database containing long-term information,
but as a mechan-
ism enabling national authorities to exchange information with limited maxi-
mum storage time.
It also allows direct access to a common database only in a
very limited ﬁeld of application. Thus the IMI is not to be categorized as an
information system strictu sensu but as an intensiﬁed informational arrange-
ment (information system in a wide sense).
One of its central features is the ability to alleviate the cross-border (and
cross-language) information exchange between national agencies by providing
not only a multilingual interface with pre-translated standardized questions
(and answers) in every language used in the EU, but also by enabling an agency
to monitor the status of its inquiries (tracking mechanism).
This example shows that information systems can also contribute to the
eﬀectiveness of administrative processes by addressing seemingly trivial issues
(like language issues). But how the use of standardized question/answer patterns
(and the use automatic translation systems for non-standard questions)
inﬂuence the rationality and the error rate of administrative decisions is rather
17 There exists nevertheless a continual database on national authorities with responsibilities
concerning service providers.
18 Commission Recommendation of 26.3.2009 on data protection guidelines for the Internal
Market Information System (IMI), C(2009) 2041, p. 5.
19 COM (2011) 75, p. 5, 9; for a demonstrative description of the translation function by use of
standard modules of communication see: Commission Staﬀ Working Paper SEC (2011) 206,
pp. 2 et seqq.
20 The use of the machine-translation tool ECMt has been suspended by the Commission
following the judgment of the General Court in case T-19/07, 16.12.2010 – Systran: IMI Annual
Report 2010, p. 2 note 2.
European Information Systems and Data Protection