European Information Systems and Data Protection as Elements of the European Administrative Union (2/3) – The Right to Privacy in the Light of Media Convergence –

as well as for the ECJ
6
while developing the fundamental right to data
protection.
Even though these provisions were recently added to the primary legislation,
the status of data protection as a fundamental right remains unclear.
7
Their
addition has even made matters more complicated, since it is far from clear that
the multi-tiered European court system will manage to interpret those multi-
tiered and dierently facetted provisions coherently.
8
Since the secondary law also contains a number of data protection provi-
sions, matters become even more complicated: A rst layer consists of general
EU data protection rules contained either in the EU data protection directive
95/46 which regulates data processing by member states and which is
currently under reform or in the EU regulation on the protection of indivi-
duals with regard to the processing of personal data by EU institutions (reg.
45/2001). These acts are complemented by the Convention 108 of Council of
Europe concerning the Protection of Individuals with regard to Automatic
Processing of Personal Data, an act of international law which is referred to by
a number of EU legal acts within the framework of the area of freedom, security
and justice like for instance the Convention for implementing the Schengen
Agreement, i.e. the legal basis of the Schengen Information System SIS. Finally,
05 Gillan and Quinton on police search competences; for a systematic overview see: Siemen,
Datenschutz als europäisches Grundrecht [data privacy protection as an European
fundamental right], Berlin 2006, pp. 51211; see also Albers, Informationelle
Selbstbestimmung [informational self-determination], 2005, pp. 290297.
6 ECJ, C-465/00 et. al. ORF, ECR 2003, I-4989, para 72 et seqq.; C-92/09 et al. Schecke,
para 52, 59, 72, 87; see also CFI, T-194/04 Bavarian Lager, ERC 2007, II-4523, para 111 et
seqq.; Advocate General Léger, C-317/04 PNR, ECR 2006, I-4722, para 210; Advocate General
Sharpston, C-92/09 et al. Schecke, para 72; Britz, Europäisierung des grundrechtlichen
Datenschutzes? [Europeanization of data privacy protection in the margin of fundamental
rights], Europäische Grundrechte Zeitung 2009 (1), pp. 67; Albers, Umgang mit
personenbezogenen Informationen und Daten [handling of individual-related information and
data], in: Wolfgang Homann-Riem/Eberhard Schmidt-Aßmann/Andreas Voßkuhle (eds), see
supra note 3, § 22 para. 44; Siemen, see supra note 5, pp. 251279.
7 Thus there are still no changes in the analysis of Albers, see supra note 5, p. 352.
8 cf. Britz, see supra note 6, pp. 2 et seqq.; see also J.-P. Schneider, Rechtsstaatliche
Sicherheit in der europäischen Informationsgesellschaft am Beispiel der
Vorratsdatenspeicherung [Protecting the rule of law in European information society using the
example of Data Retention], in: Osnabrücker Jahrbuch Frieden und Wissenschaft 16/2009,
Neue Fragen an den Rechtsstaat Wie begegnen Politik, Recht und Exekutive aktuellen
Friedensgefährdungen? [Osnabrück annual on peace and science 16/2009, New issues
concerning the rule of law], 2009, p. 179 (pp.185 et seqq.).
European Information Systems and Data Protection
379
a number of sector-specic provisions on data protection have to be taken into
account.
So what Wolfgang Homann-Riem (a former judge responsible for data
protection cases within the German Federal Constitutional Court) once said
about German data protection law also holds true for data protection law on the
European level: Since even experts have a hard time understanding and apply-
ing it, laymen have even a harder time adhering to it. Due to the number and
inconsistencies of data protection provisions, data protection law at least par-
tially fails to achieve its goals.
9
This is a thought I am going to pick up later.
C. The Schengen Information System and new
legal arrangements for integrated data bases
Though it would be possible to address the aforementioned questions on an
abstract level, I have chosen a more empirical approach here. Thus, I am going
to present two case studies which show how an adequate level of data protection
can be reached in praxis.
My rst example for this will be the Schengen Information System (SIS). In
order to present some innovative legal arrangements governing intensively inte-
grated information systems, I am going to focus on the systems function in the
European migration administration.
10
The SIS enables the participating national
agencies to issue alerts for the purposes of refusing entry for migrants to the
Schengen area. Such an alert has a trans-national eect:
11
Someone who is subject
to an alert entered into the SIS will be unable to obtain a Schengen-visa from any
Schengen state and thus will not be allowed to enter and/or stay in the Schengen-
area (Art. 5 (1) lit. d, 15 Convention implementing the Schengen Agreement).
9 Homann-Riem, Informationelle Selbstbestimmung in der Informationsgesellschaft
[informational self-determination in information society], in: Archiv des öentlichen Rechts
123 (1998), p. 513 (p. 516).
10 cf. Laas, Die Entstehung eines europäischen Migrationsverwaltungsraumes [ Formation of
an European Area of migrational administration], 2008, pp. 105 et seqq.; von Bogdandy, see
supra note 3, § 25 para. 81 .
11 Laas, see supra note 10, p. 106.
380 Jens-Peter Schneider
I. Trans-national representative action and substitutional
liability
This leads to the question of how such an alert can be legally challenged. Take
the example of a Tunisian businessman whose application for a Schengen-visa is
refused in France due to an erroneous alert eventually based on a confusion of
names with a criminal issued by German authorities.
The rules on information management and remedies within the SIS combine
decentralized and intensively integrated structures. Although only the state
issuing an alert can change, amend or remove the entry to the SIS (Art. 106 (1)
Convention implementing the Schengen Agreement), a blacklisted individual
may sue for rectication, deletion or disclosure of information (and also for
damages) any member state using the SIS (Art. 111 (1) Convention implementing
the Schengen Agreement).
12
I would like to call this special legal arrangement
trans-national representative action [transnationale Prozessstandschaft].
13
So the
ctional Tunisian businessman mentioned above could sue in France in the
language he probably is more familiar with. The resulting judgment would also
be binding on (and would have to be enforced mutually by French and) German
authorities (Art. 111 (2) Convention implementing the Schengen Agreement).
Unfortunately, until today it is unclear how this mutual enforcement is supposed
to work in practice.
No such enforcement problems apply to claims for damages caused by a
wrongful alert. Art. 116 Convention implementing the Schengen Agreement
provides that any member state is directly liable to a damaged person. If the state
against which an action is brought is not the state issuing the alert, the latter
shall be required to reimburse, on request, the sums paid out as compensation
12 See also Art. 36 Council Regulation (EC) 515/97 concerning the Customs Information
System (CIS). Compare Art. 18 Council Regulation (EC) 2725/2000 concerning the
establishment of Eurodac for the comparison of ngerprints for the eective application of
the Dublin Convention, Ocial Journal L 316 (15.12.2000), p. 1: While data subjects may ask
any member state to provide information, accept their requests to correct or erase data and
assist him/her in exercising their rights (sections 2, 3, 911 and 12 s. 2), only the member
state which transmitted the data may correct or erase data (sections 5 and 6). Actions and/or
complaints may also only be brought before the competent authorities of the member state
which transmitted the data (section 12 s. 2).
13 Schneider, Verantwortungszurechnung bei vernetzten Verwaltungsverfahren nach
deutschem und europäischem Recht [Accountability in networked administrative processes
according to German and European law], in: Hill/Schliesky (eds), Herausforderung e-
Government [challenges of e-government], 2009, pp. 89 et seqq.
European Information Systems and Data Protection
381
unless the data were used by the requested state in breach of the Convention. I
term this special legal arrangement substitutional liability [Stellvertreterhaftung].
II. Administrative duties to control quality of data entered into
the SIS
The rights of blacklisted individuals (at least those falling under the principle of
the freedom of movement e.g. our Tunisian businessman only if he is married to
an EU Citizen) were bolstered by the ECJ in a judgment from 2006 which seriously
limited the trans-national binding eect of SIS alerts.
14
In this judgment, the ECJ
established an administrative duty to control quality of data entered into the SIS
[Picht zu einer interadministrativ nachvollziehenden Amtsermittlung
15
].
So even though the member states may still treat an alert in the SIS as
evidence during the visa proceedings, they may not rely on it blindly. The ECJ
ruled that since an institutional structure exists capable of providing background
information on alerts on short notice (the so-called SIRENE-agencies)
16
, the
members states are obligated to assess applications for Schengen-visa by them-
selves without solely referring in their decisions to the alerts issued by other
member states.
This shows that EU information systems must not only be considered as
threats to the protection of an individuals personal data, but can also provide
an infrastructure strengthening individual rights and tightening administrative
duties to improve the quality of the data used for their decisions.
14 ECJ C-503/03, ECR 2006, I-1097 Commission/Spain; on this Laas, see supra note 10,
pp. 107 et seqq.
15 A similar concept has been established with regard to the privatisation of fact nding in
administrative proceedings like the environmental impact assessment: Schneider,
Nachvollziehende Amtsermittlung bei der Umweltverträglichkeitsprüfung [implementing ex
ocio examination on the environmental impact assessment], 1991, pp. 126 et seqq.
16 von Bogdandy, see supra note 3, § 25 Rn. 83.
382 Jens-Peter Schneider
D. Privacy by design in European information
systems: the case of the Internal Market
Information System (IMI)
My second case study will present the concept of privacy by design and its
implementation in the Internal Market Information System (IMI). Since this
information system links many government agencies on dierent administrative
levels (including local trade control agencies as well as governmental ministries)
and connects them to an information exchange system spanning the whole EU,
the IMI is to be considered as an especially comprehensive information system.
In contrast to the SIS, the IMI currently isnt designed to serve mainly as a
comprehensive database containing long-term information,
17
but as a mechan-
ism enabling national authorities to exchange information with limited maxi-
mum storage time.
18
It also allows direct access to a common database only in a
very limited eld of application. Thus the IMI is not to be categorized as an
information system strictu sensu but as an intensied informational arrange-
ment (information system in a wide sense).
One of its central features is the ability to alleviate the cross-border (and
cross-language) information exchange between national agencies by providing
not only a multilingual interface with pre-translated standardized questions
(and answers) in every language used in the EU, but also by enabling an agency
to monitor the status of its inquiries (tracking mechanism).
19
This example shows that information systems can also contribute to the
eectiveness of administrative processes by addressing seemingly trivial issues
(like language issues). But how the use of standardized question/answer patterns
(and the use automatic translation systems for non-standard questions)
20
might
inuence the rationality and the error rate of administrative decisions is rather
17 There exists nevertheless a continual database on national authorities with responsibilities
concerning service providers.
18 Commission Recommendation of 26.3.2009 on data protection guidelines for the Internal
Market Information System (IMI), C(2009) 2041, p. 5.
19 COM (2011) 75, p. 5, 9; for a demonstrative description of the translation function by use of
standard modules of communication see: Commission Sta Working Paper SEC (2011) 206,
pp. 2 et seqq.
20 The use of the machine-translation tool ECMt has been suspended by the Commission
following the judgment of the General Court in case T-19/07, 16.12.2010 Systran: IMI Annual
Report 2010, p. 2 note 2.
European Information Systems and Data Protection
383