Академический Документы
Профессиональный Документы
Культура Документы
Editors
Elspeth Guild
Kingsley Napley Solicitors, London,
Centre for Migration Law, Radboud University Nijmegen
Jan Niessen
Migration Policy Group, Brussels
The series is a venue for books on European immigration and asylum law and
policies where academics, policy makers, law practitioners and others look to
nd detailed analysis of this dynamic eld. Works in the series will start from a
European perspective. The increased co-operation within the European Union
and the Council of Europe on matters related to immigration and asylum requires
the publication of theoretical and empirical research. The series will contribute to
well-informed policy debates by analysing and interpreting the evolving European
legislation and its eects on national law and policies. The series brings together
the various stakeholders in these policy debates: the legal profession, researchers,
employers, trade unions, human rights and other civil society organisations.
By
Evelien Brouwer
LEIDEN BOSTON
2008
This book was edited by Hannie van de Put, Centre for Migration Law, Radboud
University Nijmegen.
The English text has been revised by Claire Singleton, translator, Los Alamos, United States.
ISSN 15682749
ISBN 978 90 04 16503 8
Copyright 2008 by Koninklijke Brill NV, Leiden, The Netherlands.
All rights reserved. No part of this publication may be reproduced, translated, stored in
a retrieval system, or transmitted in any form or by any means, electronic, mechanical,
photocopying, recording or otherwise, without prior written permission from the publisher.
Authorization to photocopy items for internal or personal use is granted by Brill Provided that the
appropriate fees are paid directly to The Copyright Clearance Center, 222 Rosewood Drive, Suite
910, Danvers, MA 01923, USA.
Fees are subject to change.
printed in the netherlands
Contents
Acknowledgments ........................................................................................xxiii
Abbreviations ................................................................................................ xxv
Chapter1 Introduction............................................................................. 1
1. The Schengen Information System and Other EU Databases:
Tools for Border and Immigration Control ................................................. 1
2. Problem ...................................................................................................... 2
3. A Right to Eective Remedies? .................................................................... 4
3.1. Questions ............................................................................................ 4
3.2. Criteria to Assess Availability of Eective Remedies............................. 5
4. Outline ....................................................................................................... 7
5. Denitions and Explanation of Used Terms ................................................ 7
6. Sources and Interviewees ............................................................................. 8
Part I Border Control and Data Surveillance in the EU
Chapter 2 Towards Schengen: The Abolition of
Internal Border Controls in Europe .......................................................... 13
1. Introduction: Abolition of Internal Border Controls ................................. 13
2. The Internal Market and the Free Movement of Persons:
Setting Goals ............................................................................................. 15
2.1. Between 1957 and 1985: From the Treaty of Rome to the
Commissions White Paper ................................................................ 15
2.2. The Commissions White Paper on the Completion of the
Internal Market ................................................................................. 17
3. From 1985 to the Completion of the
Single Market: Dening Powers ................................................................ 18
4. Intergovernmental Negotiations on the Abolition of
Internal Border Controls ........................................................................... 20
4.1. Other Examples: The Benelux, the Nordic Union, Ireland
and the United Kingdom .................................................................. 20
4.2. Between 1985 and 1989: The Schengen Negotiations ....................... 21
4.3. The Immigration Ad Hoc Group, Trevi, and
the Group of Co-ordinators .............................................................. 23
vi
Contents
Contents
vii
viii
Contents
Contents
ix
Contents
1. Introduction............................................................................................ 177
2. Development of National Data Protection Law:
Dierent Phases of Law-Making ............................................................. 178
3. Development of European Data Protection Law ..................................... 181
3.1. 1981: Data Protection Convention of the
Council of Europe ........................................................................... 181
3.2. 1990: Inclusion of Data Protection Provisions
in the CISA ..................................................................................... 183
3.3. 1995: Directive 95/46 on the Protection of
Personal Data .................................................................................. 186
3.3.1. Protecting Individuals and Free Movement of Data ............. 186
3.3.2. Scope and Applicability of Directive 95/46 .......................... 188
3.4. Regulation 45/2001/EC: Data Protection Applicable to
Community Institutions and Bodies ............................................... 190
3.5. Data Protection in the Third Pillar: A New Instrument ................... 191
3.6. Article 8 of the EU Charter: Data Protection
as a Human Right ........................................................................... 193
4. Unveiling Reasons for Data Protection .................................................... 194
4.1. Protecting the Individual: The Right to Privacy ............................... 196
4.1.1. From the Right to be Let Alone to the Right of
Personal Liberty ................................................................... 196
4.1.2. Informational Self-determination ......................................... 198
4.2. Protecting the Rule of Law .............................................................. 200
4.2.1. Balance of Powers ................................................................ 200
4.2.2. Informational Division of Powers......................................... 201
4.3. Data Protection as an Obligation for good administration ............. 202
5. Data Protection Principles ....................................................................... 204
5.1. The Principle of Purpose Limitation ................................................ 205
5.1.1. Ban on aimless data collection ........................................... 206
5.1.2. Legitimacy of Purpose .......................................................... 207
5.1.3. Use or Disclosure Limitation ............................................... 208
5.1.4. Time Limit on Storage of Data ............................................ 209
5.2. Transparency Purpose Specication .............................................. 211
5.3. Special Categories of Data: Extra Safeguards ................................... 212
Contents
6.
7.
8.
9.
xi
xii
Contents
1. Introduction............................................................................................ 275
2. Directive 2004/38/EC on the Right of Citizens and
their Family Members to Move and Reside Freely within the EU ............ 276
2.1. Protecting the Free Movement of EU Citizens and
their Family Members ..................................................................... 276
2.2. Extending the Scope of Protection: Cetinkaya and
Drr-nal ....................................................................................... 278
Contents
xiii
2.3. The Relationship between the VIS and SIS and the
Freedom of Movement of EU Citizens and Family Members .......... 279
2.3.1. Commission v. Austria ........................................................... 279
2.3.2. Commission v. Spain ............................................................. 280
3. Legal Remedies in Immigration and Asylum Law Based on
Title IV TEC........................................................................................... 281
3.1. Directive 2001/40/EC on Mutual Recognition of
Expulsion Decisions ........................................................................ 282
3.2. Directive 2001/55/EC on Minimum Standards for
Temporary Protection ..................................................................... 283
3.3. Directive 2003/9/EC on Minimum Standards for the
Reception of Asylum Seekers........................................................... 284
3.4. Directive 2003/109/EC on Long-Term Resident
Third-Country Nationals ................................................................ 285
3.5. Directive 2003/86/EC on the Right to Family Reunication .......... 286
3.6. Regulation 343/2003/EC (Dublin II) ............................................. 287
3.7. Directive 2005/85/EC on Minimum Standards for
Asylum Procedures .......................................................................... 288
3.8. Refusals at the Border...................................................................... 289
3.8.1. Regulation 562/2006/EC on the Rules Governing
the Movement of Persons at Borders
(Schengen Borders Code)......................................................... 289
3.8.2. The Inclusion of a Standard Refusal Form............................ 290
3.9. Proposal for a Directive on Returning Illegal Staying
Third-Country Nationals ................................................................ 291
3.10. Visas................................................................................................ 292
3.10.1. Schengen Common Consular Instructions ........................... 292
3.10.2. Draft Community Code on Visas ........................................ 292
4. Criteria for Eective Remedies in EC Immigration Law ......................... 293
4.1. Judicial or Non-Judicial Court? ....................................................... 293
4.1.1. Directive 2004/38 ................................................................ 293
4.1.2. EC Asylum and Immigration Law ....................................... 294
4.2. Accessibility..................................................................................... 294
4.2.1. Directive 2004/38/EC ......................................................... 294
4.2.2. EC Asylum and Immigration Law ....................................... 295
4.3. Scope of Review .............................................................................. 296
4.3.1. Directive 2004/38/EC ......................................................... 296
4.3.2. EC Asylum and Immigration Law ....................................... 298
4.4. Competence of Court or Authority ................................................. 299
4.4.1. Directive 2004/38/EC ......................................................... 299
4.4.2. EC Asylum and Immigration Law ....................................... 299
5. Summary: Dierent Laws, Dierent Regimes? ........................................ 300
xiv
Contents
Chapter 11
France................................................................................ 329
1. Introduction............................................................................................ 329
2. Parliamentary Involvement with CISA .................................................... 330
2.1. Schengen in General ....................................................................... 330
2.2. The NSIS ........................................................................................ 333
2.3. SIS I: Comments NGOs, Lawyers and Organisations ..................... 334
2.4. SIS II .............................................................................................. 335
3. Implementation of Article 96 CISA ........................................................ 336
3.1. Applicable Law ................................................................................ 336
3.2. National Criteria for Entering Third-Country Nationals
into the NSIS .................................................................................. 337
Contents
xv
xvi
Contents
1. Introduction............................................................................................ 383
2. Parliamentary Involvement with CISA .................................................... 384
2.1. Schengen in General ....................................................................... 384
2.2. The NSIS and Data Protection ........................................................ 386
2.3. SIS II .............................................................................................. 389
3. Implementation of Article 96 CISA ........................................................ 390
3.1. Applicable Law................................................................................ 390
3.2. National Criteria for Entering Third-Country
Nationals in NSIS ........................................................................... 391
3.2.1. General Rules....................................................................... 391
3.2.2. Persons to be Expelled, Removed or Deported ..................... 391
3.2.3. Unlawful Data Storage Regarding Rejected
Asylum Seekers .................................................................... 393
3.2.4. Registration Based on Public Order and
Security Grounds ................................................................. 394
3.3. In the Beginning: Storing Old Data in the NSIS ............................. 395
3.4. Authorities with Access to NSIS Data ............................................. 396
3.5. Functioning of SIRENE.................................................................. 397
Contents
xvii
xviii
Contents
Contents
Chapter 13
xix
1. Introduction............................................................................................ 445
2. Parliamentary Involvement with CISA .................................................... 446
2.1. Schengen in General ...................................................................... 446
2.2. Parliamentary Discussions on SIS .................................................... 448
2.3. Parliamentary Discussions on the SIS and the
Availability of Legal Remedies ......................................................... 449
2.4. Parliamentary Debate on SIS II ....................................................... 451
3. Implementation of the SIS and Registration of
Third-Country Nationals ........................................................................ 453
3.1. Sources of Immigration Law ........................................................... 453
3.2. Criteria for Registration in the NSIS ............................................... 455
3.2.1. Formal Residence Ban.......................................................... 455
3.2.2. Third-Country Nationals Reported as Unwanted ................. 457
3.3. Practical Implementation and Use of the NSIS ............................... 460
3.3.1. NSIS: Responsibility and Coordination ............................... 460
3.3.2. Procedure for Registration in the NSIS ................................ 460
3.3.3. Article 96 Hits and Internal and Border Controls ................ 462
3.3.4. Article 96 Hits and Visa Applications .................................. 464
3.4. NSIS and Article 96: Facts and Figures ........................................... 464
3.5. Audit Report By the Court of Auditors ........................................... 465
3.6. Audit Report of the Dutch Data Protection Authority .................... 467
4. Intermezzo: Dutch Policy with Regard to the Administration of
Data on Third-Country Nationals ........................................................... 468
4.1. General Administration of Immigrants............................................ 468
4.2. The Use of Biometric Data .............................................................. 470
4.2.1. Third-Country Nationals and their Biometrics..................... 470
4.2.2. Shared Use of Data on Criminals and Asylum Seekers ......... 471
4.2.3. Storing Biometric Data for Expulsion Purposes ................... 473
4.2.4. Biometrics and Passports and Identity Cards........................ 473
4.3. Immigration Files, Border Control and the
Fight against Terrorism.................................................................... 474
5. Rights and Legal Remedies for Individuals under
Data Protection Law ............................................................................... 475
5.1. Background to Dutch Data Protection Law .................................... 475
5.2. NSIS and the Applicable Rules on Data Protection ......................... 478
5.3. Duty to Inform the Data Subject .................................................... 479
5.4. Right to Access, Correction or Deletion of the NSIS Data .............. 481
5.5. Role of the Data Protection Authority ............................................. 482
5.6. Right to Legal Remedies.................................................................. 483
xx
Contents
Contents
xxi
Acknowledgments
I defended this study as my Ph.D, thesis on 1 October 2007 at the Radboud
University of Nijmegen. The research for this study was conducted at the Centre
for Migration Law under supervision of Prof. Mr. C.A. Groenendijk and Prof.
Dr. E. Guild. My research was partly funded by CHALLENGE - The Changing
Landscape of European Liberty and Security-: a very inspiring research project of
the 6th Framework Programme of the European Commissions Directorate-General
for Research.
The history of this book goes back almost as far as its subject: the Schengen
Information System, or SIS. In 1990, ve years before the SIS became operational, together with a group of students from the University of Tbingen, I visited Ruth Leuze, the rst Data Protection Commissioner of Baden-Wrttemberg.
She not only made us aware of the growing importance of data protection but also
triggered my curiosity and concerns with regard to the development of the SIS
and its consequences for individuals. While Ruth Leuze was perhaps my rst guide
to data protection law, Hanneke Steenbergen was certainly my rst and most
important guide to immigration law. Her involved way of teaching and her critical views inspired me to look further into the less privileged position of migrants
in the Netherlands and Europe. I miss her wise and warm words, especially now.
My rst opportunity to develop academic skills and to study the relation between
the rule of law and data protection principles was presented at the University of
Amsterdam, thanks to Egbert Dommering and Jan Kabel. Although I regret that
I was not ready at that time for a nal take-o , I always remember the friendly
and talented environment of the Institute for Information Law.
I owe the greatest thanks to Elspeth Guild and Kees Groenendijk. Their enthusiasm, knowledge and support are the most important building blocks of this
book. I am grateful that they oered me the chance to conduct research at the
Radboud University of Nijmegen: rstly, with regard to the development of
immigration law in the EU since 11 September 2001 and, secondly, since 2002,
to write this thesis on the legal position of third-country nationals reported in the
SIS. I admire the energy with which they make academic knowledge useful for
society and the legislative process and persuade others to do likewise. I will miss
our informal and cheerful trialogues and never forget the chances and lessons
they gave me. Apart from my formal promoters, I am grateful to Pieter Boeles
for his inspiration and many ideas concerning Schengen and the SIS.
xxiv
Acknowledgments
Abbreviations
AAH-SD
AB
AGDREF
AIVD
AWB
Az.
AZR
AZRG
Benelux
BDSG
Bf V
BGBl
BKA
BVerfG
BVerwG
BVV
CCTV
CDU
CE
CIS
CISA
CNIL
CSDA
CSIS
CSU
DDR
DNA
DPA
EAW
EC
ECJ
ECHR
Econ
xxvi
Abbreviations
ECR
ECtHR
EDPS
EEA
EJML
ELOI
EP
FAED
FDP
FPR
GBA
GISTI
HAVANK
ID
IND
InfAuslR
INPOL
IT
JHA
JO
JORF
JSA
JV
KLPD
LIFL
LJN
MEP
MR
MRAP
Mvv
NAV
NGO
NSIS
NStZ
OECD
OFPRA
OJ
OPS
OVG
Abbreviations
PWP SIS
QMV
RAF
Reports
RMV
RV
SEA
SIRENE
SIS
SPD
TBG
TBV
t.c.n.
TEC
TEU
UK
UN
UNESCO
US
VGH
VIS
VwGO
VwVfG
WBP
WBV
xxvii
Chapter 1
Introduction
1. The Schengen Information System and Other EU Databases:
Tools for Border and Immigration Control
This study concerns the right to eective remedies by third-country nationals
reported in the Schengen Information System, or SIS. The SIS nds its roots in
the Convention on the Implementation of the Schengen Agreement of 1990
(hereafter the CISA). It is one of the most important databases used for immigration and border control in the EU and it has always been presented as a compensatory tool for the abolition of internal border controls between the Schengen
states. When the SIS became operational in 1995, it was used by seven states: the
Benelux countries, France, Germany, Portugal and Spain. In 2006, the SIS was
in use by the 15 old EU Member States, except the United Kingdom and
Ireland and Norway and Iceland as non-EU Member States. By 2002, the SIS
included approximately 15 million reports on dierent categories of persons and
objects. These categories include stolen vehicles and lost or stolen identity papers,
as well as persons wanted for arrest for extradition purposes or for the purpose of
discreet surveillance, witnesses or other persons summoned to appear before the
judicial authorities. With regard to the purpose of border checks of persons, the
SIS facilitates what has been adequately described as, keeping the unwanted out
for example, undesirable aliens and preventing the wanted from leaving, chiey
those suspected of criminal oences.1
Since its launch in 1995, the majority of personal data held in the SIS concerns
third-country nationals to be refused entry on the basis of Article 96 CISA.2 The
decision to report a third-country national in the SIS is based primarily on a
national decision that this person is considered a threat to public order, public
1
House of Lords European Union Committee, 9th Report of session 200607, Schengen
Information System II. Report with Evidence, HL Paper 49, London: The Stationery Oce
Limited, published 2 March 2007.
On 1 January 2006, from the 882.627 records on persons held in the SIS, 751.954 (85 %) were
third-country nationals reported for the purpose of refusal of entrance. SIS Database Statistics,
5239/06, 12 January 2006.
Chapter 1
2. Problem
When an authority nds that a person is reported in one of these databases, this
may have immediate consequences for the legal position of third-country nationals. The VIS will be used primarily for repressive purposes rather than to improve
3
OJ L381/4, 28.12.2006.
Introduction
or accelerate visa procedures in favour of the visa applicants. According to the proposal by the European Commission in 2004, the central aim of the VIS will be,
to prevent threats to internal security and visa shopping, to facilitate the ght
against fraud and to assist in the identication and return of illegal immigrants.4
A hit based on data stored in Eurodac may result in the deportation or transfer
of an asylum seeker to another Member State. A person reported in SIS I or SIS II
may not only be refused entry or a visa, but he or she may also be detained or even
expelled.5 Where the use of these databases is focussed on controlling the movement of persons, it is questionable whether the EU Member States pay the same
attention to protecting the basic rights of these persons. What seems to be lacking
is the simultaneous development of a right to eective remedies for those individuals who are directly aected in their liberty to move, their personal freedom or
their privacy by decisions in matters of immigration and border control.6
Considering the use of databases such as SIS I, the rights of individuals are,
generally, covered by two elds of law: data protection law and immigration law.
On the one hand, a person facing a SIS alert may use his or her data protection
rights of access, correction or deletion of this information. National and supranational data protection authorities are empowered to supervise the protection of
these rights and the lawfulness of data processing in general. On the other hand,
a person who is refused entry or whose application for a visa or residence permit
has been rejected on the basis of a SIS alert will seek to use the available immigration
law procedures.
This study is based on the premise that both the data protection and the immigration law procedures have their own weaknesses aecting the legal protection
of the person involved. Firstly, it is questionable whether data protection law
oers individuals practical and eective legal protection or whether this only
concerns soft law or with other words rules which are non-binding. Access to
judicial courts is not always self-evident and can be made dependent on the
requirement that individuals should address data protection authorities rst.7
Furthermore, the decisions of these organisations often have no binding eect.
More importantly, however, a person generally will not be aware that he or she is
registered in the SIS I. This person will often nd out about the SIS alert when it
is too late, i.e. when he or she is denied entry at the external borders of the EU or
refused a visa in his country of origin. The procedure of trying to obtain access to
4
5
Chapter 1
the data or to apply for correction or deletion under data protection law may
then take too long, considering the reason for which this person wishes to visit
one of the EU Member States.
Secondly, in the eld of immigration law decisions, tension traditionally exists
between the rights of the individual and the principle of state sovereignty. Based
on their sovereignty, national governments claim to have a wide margin of appreciation in deciding who may enter the national territory and who may not.
Additionally, the right to legal remedies in immigration law procedures is not a
matter of course. Especially in visa procedures, national laws do not always provide for legal remedies. Finally, based on the principle of sovereignty, it has been
argued that national courts are not competent to decide on the lawfulness of
decisions made by foreign authorities, including the decisions to report thirdcountry nationals in the SIS.
Introduction
P. Boeles, Fair Immigration Proceedings in Europe, The Hague: Martinus Nijho Publishers,
1997.
This included the UN Declaration on Human Rights, the ECHR, the Convention on the Status
of Refugees and the Convention on the Status of Stateless Persons, the Convention on the Rights
of the Child, the ILO Convention on Migrant Workers, the European Social Charter, etc.
Chapter 1
the Treaty of the European Communities (TEC), the Treaty of the European
Union (TEU) and the relevant instruments of the Council of the Europe, including
the European Convention on Human Rights (ECHR).
Inspired by the criteria developed in Boeles research, I will use the following
questions to assess the applicable laws.
a)
b)
c)
d)
The rst criterion refers to the question whether the applicable law requires access
to judicial or non-judicial remedies. If the law only provides for access to nonjudicial authorities, for example data protection authorities, are these authorities
to be regarded as impartial and independent authorities?
The second criterion refers to the accessibility of the legal remedies in question. Does a person know that he or she may appeal against a negative decision,
or a ban on entry? What procedural guarantees should be in place to ensure that
a third-country national can use his right to legal remedies? Boeles third criterion, the right to legal and linguistic assistance, will not be dealt with separately,
but is considered as part of the accessibility of remedies.
With regard to the criterion of scope of review, I refer to what exactly can be
reviewed by the judicial or non-judicial authority. Can a court or authority review
every aspect of a national administrative decision, or are there certain limitations
based on the sovereignty of the administration involved? Does the court or
authority have the power to assess foreign decisions, including foreign decisions
to report a third-country national in the SIS?
Finally, I will question the competences of the court or authorities. This
includes the power to restore the rights of the applicants, as well as to issue nes
to the administration.
With the sole purpose of limiting the scope of this research, I chose not to deal
separately with the right to higher appeal. It is nonetheless beyond doubt that
the right to have ones case reviewed at a higher level is important for several reasons. On the one hand, the review of the judgment of a lower court by a higher
court could provide for more uniformity in law. On the other hand, for the
individual it includes a second chance of review which, under certain circumstances, might be crucial for the protection of his or her rights. In his study in
1997, Boeles concluded that the law of his Regional Acquis generally does not
require the possibility of appeal to a higher instance. One could however conclude with Boeles that on the basis of the principle of non-discrimination, if
national law oers a remedy to a higher court to its own citizens, under EU law
the legislator should provide equal protection to non-citizens.
Introduction
4. Outline
Part I of my study describes the impact of the SIS I on the legal position of thirdcountry nationals in the EU. I will rst give an historical overview of the abolition
of internal border controls and the freedom of movement of persons in the EU.
We will see how SIS I has been established as a compensatory tool for this abolition of internal border controls. Therefore, in Chapter 4, I will describe the development of the SIS II and the nal adoption of the SIS II Regulation 1987/2006 in
December 2006. In Chapter 5, I will compare the functioning of the SIS to other
EU databases such as Eurodac, and the proposed VIS. For what purposes are these
databases established, how are they used and what is their mutual relationship?
Part II of my study presents the institutional framework of my study: the protection of individual rights stemming from general principles of European law. Chapters
6 to 9 describe the sources of European law relevant to my subject: the right to eective remedies for third-country nationals reported in SIS I and other EU databases.
These sources include the ECHR and EU law, dealing with data protection law
decisions and immigration law decisions. In Chapter 10, I will consider whether a
right to eective remedies can be derived from the general principles of EU law.
Part III deals with the implementation of Article 96 CISA and the right to legal
remedies for third-country nationals reported in the SIS at national level. To
describe the implementation of the CISA and the rules on the SIS I, I have chosen
France, Germany and the Netherlands. Aside from practical reasons, this choice is
based on the fact that these countries have been involved in the development of the
Schengen cooperation and SIS I right from the start. The three countries provided
a signicant proportion of the Article 96 alerts in the SIS. In addition, these countries have a long history of developing data protection law and a developed system
of judicial remedies in immigration law. In the national Part, I will describe the
national criteria for reporting third-country nationals in the SIS I on the basis of
Article 96 CISA, and the provisions in national law with regard to the rights of the
persons concerned. Finally, an analysis will be made of the available case law to see
how the national courts and data protection authorities have dealt with individual
complaints with regard to the SIS.
Chapter 1
10
See for example ECJ, C-150/05 Van Straaten v. the Netherlands and Italy.
Introduction
10
Chapter 1
Part I
Border Control and Data Surveillance in the EU
Chapter 2
Towards Schengen: The Abolition of Internal
Border Controls in Europe
In order to eectively implement visa policy and the jointly dened controls along
our external borders, we feel it is essential that we should begin to exchange information about persons who must be refused access to the territories of one of our
Member States on the grounds that their presence there could threaten security or
public order in one of our states and we have decided to look into the best ways of
doing this, with special reference to computerisation.1
Declaration of the EC Ministers dealing with immigration matters, 15 December 1989, Press
90/02/02.
See, for the evolution and the meaning of the concept of frontiers: D. Bigo & E. Guild (eds.)
Controlling Frontiers. Free movement into and within Europe, Aldershot: Ashgate 2005, and
M. Anderson, D. Bigo, What are EU frontiers for and what do they mean?, in: K. Groenendijk,
E. Guild & P. Minderhoud, In Search of Europes Borders, The Hague/London/New York: Kluwer
Law International 2003, p. 725.
14
Chapter 2
See respectively the Europol Convention based on Article K.3 of the Treaty on European Union,
OJ C 316, 27.11.1995, the Council Decision 2002/187/JHA of 28 February 2002 setting up
Eurojust with a view to reinforcing the ght against serious crime OJ L 63/1, 6.3.2002 and the
Framework Decision on the Arrest Warrant of 13 June 2002, L190/1, 18.07.2002.
See the Naples Convention on mutual cooperation between customs authorities signed by six
EC Member States in 1967, which was repealed by the so-called Naples II Convention of 18
December 1997, OJ C 24, 23.01.1998. See also Council Regulation 2913/92 of 12 October
1992 establishing the Community Customs Code, OJ L 302, 19.10.1992.
See Regulation 539/2001 determining the countries whose nationals must have visas to cross
external borders of the Member States, OJ L 81, 21.3.2001, the Schengen Common Consular
Instructions, OJ L 176, 10.7.1999 and the Council Regulation 377/2004 of 19 February 2004
on the creation of an immigration liaison ocers network, OJ L 64, 2.3.2004.
Communication from the Commission to the Council, Reinforcing the management of the
European Unions Southern Maritime Borders, COM(2006) 733 nal, 30 November 2006.
To distinguish the original SIS from the second generation SIS or SIS II, to be discussed in
Chapter 4, I will refer further to SIS I.
15
2. The Internal Market and the Free Movement of Persons: Setting Goals
2.1. Between 1957 and 1985: From the Treaty of Rome to the
Commissions White Paper
When the European Economic Community was established by the Treaty of Rome
on 25 March 1957, the abolition of internal border controls was not one of its primary goals.8 The Treaty of Rome formulated the freedom of movement for goods,
services, capital and persons, but freedom of movement for persons only applied to
nationals of the Member States conducting any kind of economic activity, such as
workers, the self-employed and those providing services. Those privileged persons
could enter and leave the territory of Member States by showing their passport or
identity card.9 The application of these rules was gradually widened by the case-law
of the Court of Justice (ECJ).10 However, since the EU governments were reluctant
to change the impact of border controls on persons, the Council persisted in closely
linking the freedom of movement of persons to the economic activities of EC
nationals. Likewise, the Treaty did not include a substantive legal basis for
immigration and asylum policy with regard to third-country nationals.
The abolition of internal border controls did not reach the EC agenda until
1972, with the so-called Tindemans report.11 This report reected on the need to
9
10
11
Treaty establishing the European Economic Community entered into force on 1 January 1958
and was signed in 1957 by the Benelux countries, France, Germany and Italy.
Directives 68/360 of 15.10.1968, OJ 168 L 257/13, 73/148 21.05.1973, OJ 1973, L 172/14.
See, for example, the judgment of 27 April 1987, case C-321/87, Commission v. Belgium, ECR
[1989] 997, in which the Court accepted the Belgian practice of frontier spot checks on nonBelgian Community nationals to determine whether they were carrying their residence permits
was not contrary to the Community rules, as long these checks were not being carried out in a
systematic, arbitrary or unnecessarily constricting way.
J.P.H. Donner, Abolition of Border Controls, in: H.G. Schermers et al. (eds.), Free movement of
persons in Europe: legal problems and experiences, Dordrecht: Nijho 1993, p. 5.
16
Chapter 2
lift border controls as a measure to make the Community more real to its citizens.
Although the Tindemans report did not receive warm support from the dierent
Member States, it formed the basis for the further development of concepts such
as the Passport Union and a Europe of the citizen. In the same year the
Tindemans report was published, the EC was enlarged to nine countries.12 One
could say that this enlargement on the one hand strengthened the motivation of
Member States to establish an area in which the four freedoms of movement was
applied, while at the same time this hampered the achievement of political
agreement on the necessary measures.
The foundations of the notion of lifting internal border controls were laid at
the European Conference of the Heads of State at their meeting of 910
December 1974.13 At this meeting in Paris, the Council created a Working
Group to investigate the possibilities for establishing a Passport Union. This
Passport Union had to include a uniform passport for EC citizens. In the longer
term, this would lead to the harmonisation of immigration law and the abolition
of passport control at the internal borders. A year after this European Conference,
in July 1975, the European Commission published two reports. In the rst report
on the Passport Union, the Commission proposed not only the introduction of
a uniform passport and the lifting of passport controls at internal borders, but
also common control measures at external borders. The second report concerned
the granting of privileged rights to EC nationals, including political rights and the
right to gain access to public functions.14 A Commission proposal for a directive
on a uniform model for a passport was only accepted in the form of a resolution
by the Council of Ministers on 23 June 1981.15
Despite the continuing discussion on this subject, between 1974 and 1985 no
serious legislation on the abolition of internal border control was adopted within
the EC framework. In June 1984, the Council and the representatives of the
Governments only adopted a resolution on the simplication of border-crossing
formalities for EC nationals at internal frontiers.16 In Fontainebleau, at its meeting
of 2526 June 1984, the European Council adopted a declaration on the concept
of a citizens Europe. At the same time, the Council instructed the so-called
12
13
14
15
16
In 1973, the EC was joined by the Denmark, Ireland, and United Kingdom, OJ L 73, 27.3.1972.
Greece became an EC Member State in 1981 (OJ L 291, 19.11.1979) and Portugal and Spain
in 1986 (OJ L 302, 15.11.1985). Austria, Finland, and Sweden joined the EC in 1995 (OJ
C 241, 29.8.1994) 1.
See H. Verschueren, Vrij verkeer van personen in Schengen-Verdragen, in: C. Fijnaut, J. Stuyck,
P. Wytinck, Schengen: Proeftuin voor de Europese Gemeenschap?, Antwerp: Gouda Quint 1992,
p. 1354.
EC Bull. Suppl. 7/75.
See OJ 1981, C 241 and OJ 1982, C 179.
OJ C 159, 19.6.1984.
17
17
18
19
20
Ad hoc Committee set up for examining the creation of a peoples Europe, report published in
Bulletin of the European Communities, suppl. 7/85, 1985.
OJ 1985, C 47/5, 19.2.1985.This proposal was also a reaction to the Franco-German Agreement
of Saarbrcken of July 1984 (see below).
COM (85) 224 OJ C 131, 30.05.1985.
COM (85) 310, Brussels, 14 June 1985. On the same date, ve Member States signed the
Schengen Agreement which formed the cornerstone for further intergovernmental cooperation
in the same area, see further below.
18
Chapter 2
21
22
23
24
25
See Trsten Stein, in his statement for the British House of Lords: The decision to completely abolish
all border controls thus appears to be a political decision which one may welcome or not, but not a
decision which is dictated by Community law as it stands; House of Lords Select Committee on the
European Communities, 22nd Report 1992: Border Control of People, 7 November 1989, p. 7.
Germany and others v. Commission, 9 July 1987, ECR 3203. In its judgment, the Court denied
the absolute sovereignty of Member States on immigration policy. The Court did not accept the
French position that policy on foreign nationals involved questions of public security, for which
Member States were solely responsible. See for a more detailed analysis: E. Guild, European
Community Law from a Migrants Perspective, The Hague/London/Boston: Kluwer Law
International 2000, p. 210.
OJ L 169, 29.06.1987, p. 1.
In fact, Member States disagreed on the direct eect of this deadline, whether all internal border controls would have to be lifted by this date and on the interpretation of Article 8A. As we
will see below, this date became a crucial deadline for the development of Schengen as well.
In order to promote the free movement of persons, the Member States shall cooperate, without
prejudice to the powers of the Community, in particular as regards the entry, movement and
residence of nationals of third countries, OJ L 169, 29.06.1987, p. 26.
19
The Member States strongly disagreed with the Commission on the competence
of the Commission in the eld of immigration law. Illustrative of this ongoing
dispute is the general declaration which was added to the SEA with regard to the
right of the Commission to submit proposals on the basis of Article 8A and
100A TEC:
Nothing in these provisions shall aect the right of Member States to take such
measures as they consider necessary for the purpose of controlling immigration
from third countries and to combat terrorism, crime, trac in drugs and illicit trading in works of art and antiques.27
The governments held the view that the creation of the internal market would be
dependent on measures to be taken by the Council of Ministers.28 Another stumbling block for further negotiations within the EC framework was the disagreement between the Member States about the scope of the denition of internal
market and free movement of workers. In particular the UK, initially supported
by Greece and Denmark, believed that this free movement and the subsequent
abolition of internal border control only applied to EC workers. As a result, these
countries claimed, controls at the internal borders would have to remain, to
check whether someone is an EC national or a third-country national.
In 1988, the Commission published a Communication on the abolition of controls of persons at intra-Community borders.29 In this paper, the Commission called
for acceleration and a new political impetus with regard to decision-making in
this area. The Council should play a stronger role by co-ordinating negotiations
which, at that time, took place in various groups. According to the Commission,
this work needed to be speeded up in order to respect the 1992 timetable. The
Commission considered itself competent to come forward with proposals for
legislation if the intergovernmental framework failed to develop the necessary
instruments. Despite this statement, the Commission made no real progress in
law making. As the 1993 deadline approached, no real proposals in this eld
26
27
28
29
20
Chapter 2
30
31
32
33
34
21
internal borders ceased to exist as well for third-country nationals.35 The Benelux
Agreement was later used as a model for the Schengen treaties. The Nordic
Passport Union was established on 12 July 1957 between Denmark, Norway,
Sweden and Finland.36 Iceland acceded on 24 September 1965. The Nordic
Union included the abolition of passport control at the common internal borders. Between Ireland and the United Kingdom, limited border controls apply to
their mutual citizens and to third-country nationals.37 Furthermore, dierent
European countries have established bilateral agreements on the reduction of
controls at their mutual borders.38
4.2. Between 1985 and 1989: The Schengen Negotiations
Schengen is without doubt the most important example of intergovernmental
decision-making within the eld of police cooperation and border and immigration
policy. The Schengen cooperation has its roots in the Saarbrcken Agreement of
13 July 1984 between France and Germany. With this treaty, signed by the
Federal Chancellor of Germany, Helmut Kohl, and the President of France,
Franois Mitterrand, the two countries agreed to gradually abandon controls at
their mutual borders. This cooperation would provide the basis for the further
establishment of a Single Market between the European countries. One of the
more practical rather than ideological motives of this agreement was the need for
the French government to seek a solution to the ongoing strikes by French truck
drivers and customs ocials, protesting against the long queues at internal borders. Concerns for the economic consequences and the pressure from its international transport organisations also encouraged the Dutch government to start
negotiations with the German government in March 1984. At their meetings in
the autumn of 1984, the governments of the Benelux countries agreed to hold
35
36
37
38
See further, on the free movement of persons and Benelux, J.J.A.M. Van Winckel, Het personenverkeer in de Benelux, SEW 7/8, 1982, p. 552562.
The exemption from passport control for travel between the Nordic Countries included thirdcountry nationals travelling directly from one Nordic state to another, see K. U. Kjaer, How
Many Borders in the EU?, in: Groenendijk, Guild & Minderhoud (2003), p. 177. See also
J. Vedsted-Hansen, Abolition of Border Controls within the Nordic Region and Security of
Residence in Denmark, in: E. Guild & P. Minderhoud, Security of Residence and Expulsion:
protection of aliens in Europe, Leiden/Boston: Martinus Nijho Publishers 2001, p. 91102.
Because of the common travel area there are no immigration controls and crossing by vehicle
with simple visual check is normal. Select Committee on the European Communities, 1992:
Border Control of People, House of Lords, Session 198889, 22nd Report, p. 25.
See for example the Agreements between the Netherlands and Germany: with regard to the
joining of border controls and the establishment of mutual railway stations (Trb. 1958, 81); on
the regulation of border-related problems (Trb. 1960, 67, 68 and 69) and on small-vehicle
border trac (Trb. 1960, 162).
22
Chapter 2
40
41
42
See the preamble to the Schengen Agreement of 1985 and the Dutch parliamentary notes:
Handelingen Tweede Kamer (Procedures of Lower House) 19841985, 18 941, no. 1.
C.D. de Jong, Cooperation in the eld of Aliens Law, in: Schermers (1993), p. 192.
Dutch Treaty Series 1985, no. 102.
See, for instance, S. Lavenex, The Europeanisation of Refugee policies. Between human rights and
internal security, Aldershot: Ashgate 2002, p. 87 .
23
In the Annex to this report, the Commission stated that: The Schengen initiative may help to speed up the removal of controls throughout the community.
In the eyes of the Commission, the pilot function of the Schengen cooperation
was very important even if, in the end, measures would have to be taken within
the Community framework. Or, in the words of Commissioner Bangemann:
The success of the Schengen Project will demonstrate the feasibility of the goal
of the European Single Market, and the technical possibilities to solve all the
complementary problems.45
4.3. The Immigration Ad Hoc Group, Trevi, and the Group of Co-ordinators
Within the larger framework, even EC Member States rmly rejecting the idea
of a Europe without (internal) frontiers, felt the desirability for co-ordination
and cooperation in certain areas. This desire was not only a reaction to the process which had been initiated by the Schengen States, but also a response to current developments such as confronting terrorism in Europe and the growing
number of asylum seekers in the 1980s. Key actors in these intergovernmental
negotiations were three groups: the Trevi Working Group, the Ad Hoc Group on
Immigration and the Group of Co-ordinators.
The Trevi Working Group has been established back in 1975 following a meeting
of the European Council in Rome.46 The Group was composed of the EC
43
44
45
46
J. de Zwaan, Institutional Problems and Free Movement of Persons, in: Schermers (1993),
p. 336.
COM (88) 640 nal, see paragraph 12.
Response by European Commissioner Bangemann to the written question of E. Glinne, MEP,
No 431/89, OJ 1990, C 90/11.
According to the Dutch government (letter to Parliament, 19861987, 20031, 12, p. 31), this
group was named Trevi because its rst meeting was in Rome and the Dutch Director-General
of the Police and one of the main initiators was called Fonteijn. Only later the name was
explained as an abbreviation of Terrorisme, Radicalisme Et Violence Internationale.
24
Chapter 2
Ministers of the Interior and met twice a year. It was supported by national ocers
negotiating in special working groups. The Trevi Working Group was set up in
order to respond to the terrorist attacks occurring in the seventies. With regard
to these events, the politicians felt that the existing framework of the international police organisation, Interpol, did not operate correctly.47 Originally, the
Trevi Working Group concentrated only on the ght against terrorism. But soon,
the group was dealing with other topics as well, including public order, police
training and the ght against drugs and serious crime. In 1980, its domain was
extended to the policy on illegal immigration and asylum ows. In 1988, Trevi
1992 was created to study the consequences of the abolition of internal border
controls in the EC. Trevi 1992 was also responsible for co-ordinating the negotiations on Europol.48 During the meetings of the Trevi Working Group, which
were held behind closed doors, important preparatory work was done for subsequent European decision-making in the eld of police cooperation and the ght
against organised crime.
During the second half of 1986, at the initiative of the British Presidency, the
Council of Ministers set up the Ad Hoc Group of Immigration.49 This Ad Hoc
Group, which met every six months, consisted of high-level immigration policy
ocials from the Member States. The Group was divided into six sub-groups
dealing with asylum, external frontiers, forged papers, admissions, deportations
and information exchange. The Commission was invited to take part in these
meetings of the Ad Hoc Group and the secretariat was provided by the Council
secretariat. After 1989, asylum and external frontiers became key issues for the
Immigration Ad Hoc Group. One of the achievements of the Ad Hoc Group was
the drafting of the Dublin Convention on the responsibility of a member state for the
examination of an application for asylum which is submitted in one of the EC
Member States. The text of this Convention was based on earlier drafts on this
subject for the CISA.50 An important dierence between the two regulations was
the fact that the CISA was founded on the premise of the abolition of internal
border controls, while under the Dublin Convention internal border controls
were to be maintained. In a decision by the Schengen Executive Committee of 26
April 1994 (known as the Bonn Protocol) it was agreed that the asylum provisions
47
48
49
50
C.J.C.F. Fijnaut, Police cooperation in Western Europe, in: Schermers (1993), p. 7592,
see p. 79.
M. den Boer, Justice and Home Aairs: Cooperation without integration, in: H. Wallace &
W. Wallace, Policy-Making in the European Union, Oxford: Oxford University Press 1996,
p. 394, Trevi was dismantled in 1992.
See de Zwaan (1993), p. 339340.
Convention of 15 June 1990, OJ C 254, 1997.
25
of the CISA (Articles 2838) were to be replaced by the provisions of the Dublin
Convention, once this Convention had entered into force.51
In December 1988, the Rhodes European Council called for an intensication
of the eorts of the EC governments to proceed in the area of the free movement
of persons. To this end, the Council established a Group of Co-ordinators to
co-ordinate activities with regard to the achievement of the free movement of
persons within and outside the framework of the EC Treaty. This included the
work of the Trevi Working Group and the Immigration Ad hoc Group. The
Group of Co-ordinators drafted the so-called Palma document, subtitled Free
Movement of Persons.52 This document, adopted by the European Council of
Madrid in June 1989, included a rst detailed agenda and timetable for European
policy, to be discussed below.
51
52
SCH/Com-ex (94) 3. This Protocol is published in Tractatenblad (Dutch Treaty Series) 1994,
no. 185; see also the Decision of the Schengen Executive Committee of 22 December 1994,
OJ L 239/130, 22.9.2000.
The full text of the Palma Document is published in Guild & Niessen (1996), p. 443.
26
Chapter 2
many instruments in the eld of police cooperation and criminal law were proposed and adopted.53
In practice, the decision-making with regard to these compensatory measures
remained outside the Community framework. Measures in the eld of immigration
and asylum law were placed alongside intergovernmental cooperation on international fraud, terrorism and drug tracking. Important factors for achieving
consensus were the negotiations in the Trevi Working Group and those between
the Schengen states.54 The rst consolidated document on compensatory measures
was the aforementioned Palma Document. The Palma Document dierentiated
between ad intra and ad extra measures. Where the rst category included
cooperation in the eld of combating terrorism, drug tracking and judicial
cooperation, the latter involved the (tightening of ) controls at external frontiers.
According to the Palma Document, these measures implied legal, administrative
and technical instruments and the harmonisation of criteria for the treatment of
non-Community citizens. Aside from a common list of countries whose citizens
are subject to a visa requirement and the harmonisation of criteria for granting
visas and a European visa, it was also considered necessary to establish a common
list of persons to be refused admission. According to this Palma Document, the
establishment of a system for the exchange of information about persons who are
either wanted or inadmissible would be an essential measure, to be achieved by
the end of 1990. The computerisation of the exchange of information needed for
visa processing was considered desirable and to be achieved by the end of 1991.
The program in the Palma Document to some extent copied the measures
included in the Schengen Agreement.55
In a declaration of 15 December 1989, the twelve Ministers responsible for
immigration policy conrmed their shared commitment to implement the Single
European Act and to create a space with no internal frontiers by the end of
1992.56 Among the measures necessary to achieve this goal, this declaration
referred to the harmonisation of visa practices and rules on the responsibility of
Member States for asylum applications. The Ministers also referred to the need
to share information: In order to eectively implement visa policy and the
jointly dened controls along our external borders, we feel it is essential that we
should begin to exchange information about persons who must be refused access
to the territories of one of our Member States on the grounds that their presence
there could threaten security or public order in one of our states and we have
53
54
55
56
See A.H. Klip, Uniestrafrecht is op hol geslagen, NJB 11 April 1997, vol. 15, p. 663671.
Den Boer (1996), p. 390.
J.J.E. Schutte, Strafrecht in Europees verband, Justitile verkenningen, 1990, no. 9, p. 10.
Declaration by the ministers concerned with immigration, 15 December 1989, Press,
90/02/02.
27
decided to look into the best ways of doing this, with special reference to computerisation. According to this declaration, the exchange of information could
only be envisaged if the protection of individual liberties and privacy could be
guaranteed in advance.
In July 1998, the Austrian Council Presidency presented a condential Strategy
paper on immigration and asylum policy to the K4 Committee.57 In this socalled non-paper, the Austrian government proposed adopting a rm approach
towards asylum seekers and immigrants transiting or attempting to transit
through European territory. The paper focussed, among other things, on measures enabling the detection and removal of unwanted immigrants by controlling
every step taken by a third-country national from the time he begins his journey
to the time he reaches his destination (point 85).
5.2. Pre-Border Selection: Visa Policy
The power to decide which foreign nationals may enter a country and which
nationals may not, has always been among the competences of national states,
inherent to their national sovereignty. Regional agreements between European
states on the withdrawal of internal border control included cooperation in the visa
policy. However, this cooperation did not result immediately in common visa lists.
For example, Article 4 of the Benelux Agreement institutes a common visa policy
which led to agreements with third countries and (secret) ministerial visa instructions, but not to a common list. The preamble clause of the Nordic Passport
Control Agreement of 1957 included the governments intention to apply identical visa requirements and to aim for harmonised practices regarding the issue of
visas. Article 4 of the Nordic Agreement only prescribed consultation between the
Nordic states in the event of a change in visa requirements.
Within the Schengen framework, the participating states established a common
visa list for the rst time. This list included the third countries for which nationals
should obtain a visa before being allowed entry into the Schengen territory. With
regard to the general visa policy, Article 20 of the Schengen Agreement of 1985
provided that the Schengen states would seek the harmonisation of their visa
policies as one of the measures to be taken in the longer term. The Convention
on the Implementation of the Schengen Agreement of 1990 (or CISA, see further below) only provided for the harmonisation of the short-stay visa policy.
This resulted in the Common Visa Instruction, adopted in a decision of the
Executive Committee on 14 December 1993, with a (condential) annex containing a joint list of states whose citizens are required to hold a visa by all
57
1.7.98, 9809/98 CK4 27, ASIM 170, Limite; Second draft, 29 September, 9809/1/98, Rev. 1
Limite, CK4 27, ASIM 170.
28
Chapter 2
Schengen states (the so-called black list) and a list of countries whose nationals
did not require a visa (white list).58
The European Ministers responsible for immigration had been trying since 1987
to draw up a common list of countries whose nationals would require a visa before
entering a Member State. On 1 January 1988, the Trevi Group decided to introduce a visa obligation for the nationals of fty countries. The Ministers agreed that
harmonisation of the entry document should be based on solidarity, regardless of
whether a Member State was having a problem with a particular country or not.59
In deciding whether to place third countries on the black list, the Member States
used the following criteria: those countries which produced large numbers of
asylum seekers and illegal immigrants and those which posed a security problem.
It was also agreed that a list would be established of countries whose nationals did
not require a visa to enter one of the EU countries (the white list).
In 1993, on the basis of Article 100C TEC, the Commission submitted a proposal for a Regulation determining the third countries whose nationals must be
in possession of a visa when crossing external borders.60 Regulation 2317/95 was
adopted in September 1995.61 Whereas the draft proposal of the Commission
included 129 countries whose nationals must have a visa in order to enter a
member state, the list annexed to the nal Regulation reduced the number to
101 countries. In this Regulation visa is dened as: An authorisation given or a
decision taken by a Schengen state which is required for entry into its territory
with a view to an intended stay in that Schengen state of no more than three
months in all; or transit through that territory of that Schengen state or several
Schengen states except for transit through international zones of airports and
transfers between airports in a Schengen state.62 In 1995 a new Regulation
574/1999 on visa lists was adopted.63 This Regulation of 1999 was replaced in
2001 by Regulation 539/2001.64
5.3. Draft of an External Frontiers Convention
In June 1991, the Immigration Ad Hoc Group presented a draft for the External
Frontiers Convention. The central aim of this convention was to regulate joint
measures for external border control, a common visa policy and common rules on
access to the territories of the participating states. This draft Convention provided,
58
59
60
61
62
63
64
SCH/II-Visa (93) 11, 6th rev., corr. 4. These lists have been amended several times.
See Niessen (1996), p. 17 and 35.
OJ C 11/6, 15.01.1994.
Regulation 2317/95 of 25 September 1995, entering into force on 3 April 1996, OJ L 234.
See Article 5 repeated in the new Visa Regulation 2317/95, OJ L 234/1, 3.10.1995.
OJ 1999 L 72/2.
OJ L 81/1, 21.03.2001.
29
65
66
67
68
69
70
B. Melis, Negotiating Europes Immigration Frontiers, Deventer: Kluwer Law International 2001,
p. 139.
J.D.M. Steenbergen, De grenzen van Schengen, in: P.R. Giuseppin & W.A.M Jansen, Het
Akkoord van Schengen en vreemdelingen. Een ongecontroleerde grens tussen recht en beleid? Verslag
studiedag OSR 31 October 1996, Utrecht: NCB 1997, p. 19.
Answer of the Commission to written question no. 1137/92, published in Migration News Sheet,
March 1993, no. 120/93, p. 1.
OJ C 340, 10/11/1997. The Amsterdam Treaty will be dealt with further below.
House of Lords report on Border Control of People, November 1989.
See also section 7 below.
30
Chapter 2
71
72
73
OJ 1999, C 19/1.
A.H.J. Swart, Een ware Europese rechtsruimte, Deventer: Gouda Quint 2001, p. 7.
Conclusions 16 October 1999, Press: no. 200/1/99. The conclusions can be found on the web
site of the Council: http://www.consilium.europa.eu.
31
The European Council concluded that the legal status of third-country nationals
should be approximated to that of Member States nationals.74
Since 2000, the Commission has submitted so-called scoreboards, setting
timetables and giving details on the progress made in the legislative process.
On 4 November 2004, the European Council adopted The Hague programme,
setting out the objectives to be implemented in the area of freedom, security and
justice during the period 20052010.75 In this The Hague programme, under the
headings Management of migration ows and Strengthening Security, the use
of databases, biometrics and the exchange of information was given a central role
in forthcoming policies.76 This new emphasis on information policies will be
discussed further in Chapter 5.
5.5. Common Mechanisms for External Border Controls
The emphasis on border controls as a security mechanism has been reinforced
since the events of 11 September 2001 in the United States, as well as following
the terrorist attacks in Spain in 2004 and in the UK in 2005. In meetings after
11 September 2001, the European governments repeatedly expressed their will
to combat terrorism eectively. To this end, the EU Council adopted various
decisions, including measures in the eld of immigration and asylum.77 The
European Council underlined the importance of ecient external border controls in its meeting of December 2001, stating that:
Better management of the Unions external border controls will help in the ght
against terrorism, illegal immigration networks and the trac in human beings.
The European Council asks the Council and the Commission to work out arrangements for cooperation between services responsible for external border control and
74
75
76
77
This approximation is further elaborated in point 21: A person, who has resided legally in a
Member State for a period of time to be determined and who holds a long-term residence permit, should be granted in that Member State a set of uniform rights which are as near as possible
to those enjoyed by EU citizens; e.g. the right to reside, receive education, and work as an
employee or self-employed person, as well as the principle of non-discrimination vis--vis the
citizens of the state of residence.
The Hague Programme: Strengthening freedom, security, and justice in the European Union.
16054/04, 13.12.2004.
Section 1.7 and 2 respectively. See, for a more detailed analysis of The Hague Programme:
T. Balzacq & S. Carrera, Security versus Freedom? A Challenge for Europes Future, Aldershot:
Ashgate 2006.
An overview of the adopted and proposed measures in the rst six months after 11.09.2001 is
given in: E. Brouwer, P. Catz & E. Guild Immigration, Asylum and Terrorism. A Changing Dynamic
in European Law, Nijmegen: Recht & Samenleving, no. 19 2003. See also A. Baldaccini &
E. Guild Terrorism and the Foreigner A Decade of Tension around the Rule of Law in Europe,
Leiden: Martinus Nijho Publishers 2006.
32
Chapter 2
80
81
82
33
86
34
Chapter 2
35
89
See, for the eects of the CISA on the free movement of persons: J.D.M. Steenbergen, Schengen
and the movement of persons, and T. Hoogenboom, Free movement of non-EC nationals,
Schengen and beyond, both published in H. Meijers et al., Schengen Internationalisation of central chapters of the law on aliens, refugees, privacy, security and the police, Leiden: Stichting NJCMBoekerij 1992, pp. 57 and 74.
Lavenex (2002), p. 94.
36
Chapter 2
one exception to this obligation. According to Article 5 (2), a country may grant
a person entry to the territory of that particular country if this is considered necessary on humanitarian grounds, on grounds of national interest, or because of
international obligations.
6.2.2. Visa Rules
In 1993, on the basis of Article 132 CISA, the Schengen Executive Committee
adopted Common Consular Instructions regarding visas for the diplomatic and
consular posts of the Contracting Parties.90 Part V of these Instructions includes
basic criteria to be used by diplomatic missions or consular posts when examining
visa applications. These instructions make it clear that the main issues to be taken
into account by the national authorities when examining visa applications are
the security of the Schengen States and the ght against illegal immigration.
As far as security is concerned, national authorities are advised to check that the
necessary controls have been performed. These checks include searching the les
containing alerts (alerts for the purposes of refusing entry) in the Schengen
Information System and consultation with the central authorities of the countries subject to this procedure.
According to the instructions, the diplomatic missions and consular posts
carry full responsibility for assessing whether an immigration risk exists. These
instructions make it clear that visa policy is about making a distinction between
bona de persons and those posing a security or immigration risk. This can be
illustrated by comparing the reasons given by the Commission for the exclusion
and inclusion of certain countries on the visa lists in the explanatory memorandum
to EC Visa Regulation 539/2001.91 These criteria are grouped under three main
headings: illegal immigration, public policy and international relations. The
assessment of the applicability of these criteria by the sta members of consulates
or embassies should, on the one hand, be made on the basis of their own experience
in proling and by recognising the dierent categories of persons, using the visa
lists, including the risk countries. This proling, as pointed out by Guild, is thus
not based on individual characteristics, but on the nationality of the person concerned.92 On the other hand, this assessment should be made on the basis of the
exchange of information between consular posts and on the basis of information
90
91
92
Decision of 14 December 1993. The Common Consular Instructions were incorporated in the
Schengen acquis, listed in Annex A to Council Decision 1999/435/EC, OJ L 176, 10.7.1999.
See for amended version OJ C 313, 16.12.2002. The full text of the Instructions is published in
OJ C 326, 22.11.2005.
OJ 2001 L 81, 21.03.2001.
E. Guild, Moving the Borders of Europe, Inaugural lecture, Nijmegen: University of Nijmegen
2001.
37
systems such as the SIS I. In Chapter 5, we will see how the Visa Information
System has been developed for precisely this aim.
In 2006, Annex 12 of the Common Consular Instructions was amended by a
Council Decision increasing the amount fees to be charged corresponding to
the administrative costs of processing visa applications.93
6.2.3. Free Circulation
One of the important positive eects of the CISA for legally resident third-country nationals is of course their freedom of circulation94 and the abolition of visa
requirements for third-country nationals who travel from one Schengen country
to another.95 This free circulation is based on Article 19 of the Convention and
applies to third-country nationals who hold a uniform visa and who legally
entered the territory of one of the contracting parties. The right to free circulation applies only during the period of validity of their visas and does not apply to
persons whose visa is territorially limited to one country. Article 20 CISA regulates the free circulation of third-country nationals who are not subject to a visa
requirement: this right applies for a period no longer than three months. For
both categories, the requirements of Article 5 (a), (c), (d) and (e) must be fullled. This means that in accordance with Article 5 (d) ocials shall check
whether the person is enlisted in the SIS I for the purpose of refusing entry.
According to Article 21, third-country nationals with a valid residence permit for
one of the Schengen countries may travel freely within the Schengen territory for
up to three months. Here too, the conditions of Article 5 (a), (c), (d) and (e)
apply. This means that the right to free movement does not apply to third-country nationals who are registered in the SIS or a national list of alerts. An important restriction on this right of free circulation includes the obligation in Article 22,
which states that the third-country national should report to the appropriate
authorities within three days of arrival.
6.2.4. Priority of the Community Rules
Article 134 CISA conrms the priority of the Community rules: The provisions of
this convention shall apply only insofar they are compatible with Community law.
Finally, Article 142 states that the contracting parties shall agree on the conditions
93
94
95
OJ L 175/77, 29.06.2006.
Note the dierence in terms between free movement of persons, which applies only to EC
nationals and includes the right to reside, and freedom of circulation, which limits the right to
be admitted into one or more countries for a visit of no more than three months.
This was already included in Article 8 of the Benelux Treaty on the Transfer of Border Controls
to the External Borders of the Benelux Area.
38
Chapter 2
96
97
Italy signed on 27 November 1990, Spain and Portugal on 25 June 1991, Greece on 6 November
1992 and Austria on 28 April 1995.
See, for more details on the relationship between the Nordic countries and Schengen: Kim
U. Kjaer (2003), p. 169190.
39
25 March 2001, the Schengen acquis also became applicable in Denmark, Sweden,
Norway, Iceland and Finland.98
Denmark acquired a special position with regard to Title IV TEC, with the
signature of the Amsterdam Treaty. On the basis of a Protocol annexed to the
Amsterdam Treaty regarding the position of Denmark, Denmark participates
fully in the legislation based on Title VI TEU, but not in that of Title IV TEC.
Based on Article 5 of this Protocol, Denmark may decide whether the latter
measures will be transposed into its national laws within six months of its adoption by the Council. These measures included the instruments implementing or
amending the Schengen acquis which is incorporated into Title IV TEC. On 18
September 2000, the ve Nordic countries signed the Supplementary Agreement
to the Nordic Passport Control Agreement, which implemented both the
Schengen Protocol and the Association Agreement. This Supplementary
Agreement entered into force on 22 April 2001.
6.3.3. Position of UK and Ireland
The United Kingdom and Ireland originally took no part in the Schengen cooperation due to their strict interpretation of the denition of the internal market.99 The
UK government refused to agree to measures for the abolition of internal border
controls between the UKs borders and those of the European continent, claiming
that those borders remained their external borders. However, attracted by the benets
of the compensatory measures taken within the framework of Schengen, the general reservation of the UK was gradually replaced by an opt in/opt out system.
Ireland and the UK have the possibility, subject to the provisions of Articles 4 and 5
of the Protocol integrating the Schengen acquis into the framework of the European
Union (hereinafter referred to as the Schengen Protocol), to participate in some or
all of the provisions of the Schengen acquis and in proposals and initiatives concerning areas of cooperation which build upon the Schengen acquis. In a decision of
29 May 2000, the EU Council not only granted the UK and Ireland an opt-in position with regard to the measures based on Title IV TEC, but also agreed to the partial participation of the UK and Northern Ireland in some of the provisions of the
Schengen acquis.100 This included, among other things, the provisions of the CISA
98
99
100
Council Decision of 1 December 2000 on the application of the Schengen acquis in Denmark,
Finland and Sweden, and in Iceland and Norway, OJ 2000, L 309/24.
See also L. Pallett, The UK position. Implementing the Schengen Protocol, in: L. Marinho,
Asylum, Immigration and Schengen Post Amsterdam, Maastricht: EIPA 2001, p. 9195.
Council Decision 2000/365/EC of 29 May 2000 concerning the request of the United
Kingdom of Great Britain and Northern Ireland to take part in some of the provisions of the
Schengen acquis OJ L 131, 01.06.2000 pp. 43 47.
40
Chapter 2
101
102
103
41
Bulgaria also fullled the necessary conditions and were able to become EU
Member States as from 1 January 2007.104
42
Chapter 2
dening the rights and conditions under which third-country nationals legally
residing in one Member State may reside in other Member States as well.
The rules based on Title IV TEC were to be adopted in accordance with the
procedure in Article 67 TEC. This meant that, for a period of ve years, the decision would be taken unanimously by the Council with only a consultative role
for the European Parliament. After ve years, the Council would take a new
decision regarding whether and to which eld the co-decision procedure of
Article 251 would be applied. During the negotiations leading to the Treaty of
Nice of 2000, the Member States were unable to reach an agreement on the
applicable procedures (QMV or decision by unanimity) for all matters in the
eld of immigration and asylum law.106 However, the end of the transitional
period did immediately result in the exclusive right of the Commission to make
proposals and for QMV and co-decision for the EP with regard to most of the
visa rules.107 Since 1999, dierent instruments in the eld of immigration and
asylum law have been proposed and adopted on the basis of Title IV TEC.108
To summarise, even if the Amsterdam Treaty did not provide for the immediate
or full application of the community decision-making process, nor for the full power
of the European Court of Justice, the Treaty represented an important step in the
further democratisation and transparency of EU immigration and asylum law.
7.2. Incorporation of Schengen into EU Law: Marriage of Convenience
or Repairing the Democratic Decit?
The entry into force of the Amsterdam Treaty included the incorporation of the
so-called Schengen acquis on the basis of the Schengen Protocol which was
attached to the Amsterdam Treaty.109 This Schengen acquis includes not only the
Schengen Agreement of 1985 and the CISA, but also the accession protocols and
agreements and the decisions and declarations which were adopted by the
Schengen Executive Committee for the implementation of the CISA. Depending
on whether these instruments dealt with rst pillar or third pillar subjects, they
were brought within the scope of Community law (TEC) or the law of the
European Union (TEU). The Schengen Executive Committee was replaced by
106
107
108
109
See, in more detail, S. Peers, From Black Market to Constitution: The Development of the
Institutional Framework for EC Immigration and Asylum Law, in S. Peers & N. Rogers (eds.),
EU Immigration and Asylum Law: Text and Commentary, Leiden/Boston: Martinus Nijho
Publishers 2006, p. 19 .
Except for the measures on the visa lists (Regulation 2001/539) and the visa format, for which
the consultation procedure still applies.
These instruments will be discussed in Chapter 9.
Protocol integrating the Schengen acquis into the framework of the European Union. OJ
C 340/96. 10.11.1997.
43
111
112
Decision no. 1/1999 of the EU/Iceland and Norway Mixed Committee established by agreement concluded by the Council of the European Union and the Republic of Iceland and the
Kingdom of Norway concerning the latters association in the implementation, application and
development of the Schengen acquis of 29 June 1999 adopting its Rules of Procedure, OJ 1999
C 211/9, 23.07.1999.
M. den Boer & L. Corrado, For the Record or O the Record: Comments About the
Incorporation of Schengen into the EU, in: European Journal of Migration and Law, 1:397418
1999.
G. de Kerchove, Un espace de libert, de scurit et de justice, in: M. den Boer, A. Guggenbhl,
S. Vanhoonacker, Coping with Flexibility and Legitimacy after Amsterdam, Maastricht: EIPA
1998, p. 197204.
44
Chapter 2
only because it would aect the readability of the EU Treaties, but also because it
would hinder the uniform and equal application of EU law.
However, in general, Schengen gained transparency with its incorporation
into EC and EU law. One of the major objections against the Schengen cooperation was its secrecy of decision-making, the lack of democratic accountability and
the absence of any judicial control.113 The Schengen Agreement was not submitted to parliamentary control which allowed for signature without reservation concerning its ratication or approval.114 The negotiations in the working group and
sub-committees on the draft texts for the CISA remained secret and the decisions
which were taken by the Executive Committee on the application of the CISA
lacked any parliamentary scrutiny. The national parliaments (with a few exceptions) and the European Parliament were not involved or properly informed about
this decision-making. For example, the common visa instruction of 14 December
1993 including the list of countries for whose nationals a visa was required for the
Schengen territory remained secret until the Dutch Parliament explicitly requested
the publication of these lists. The publication of the whole Schengen acquis in
2000 was an important achievement for the transparency of the applicable rules,
despite the fact that some documents remained condential.115 Also, the Court of
Justice acquired competence to judge the implementation and application of
Schengen law. Depending on whether the law or decisions were incorporated into
Title IV TEC or Title VI TEU, the competence of the ECJ with regard to the
Schengen acquis is found in Article 68 TEC or Article 35 TEU respectively.116
114
115
116
117
Dealt with in Meijers (1992), as well as by D. OKeee, European Immigration Law and Policy,
in: A. Pauly (ed.), Les accords du Schengen: Abolition des frontires intrieures ou menace pour les
liberts publiques?, Maastricht: EIPA 1993, p. 174.
Only in the Netherlands, the convention was subjected to parliamentary approval before it
entered into force, Tractatenblad (Dutch Treaty Series) 1986, No. 34. C. Elsen, Les structures
administratives de Schengen, in: Pauly (1993), p. 19.
The Schengen acquis is published in OJ L 239, 22.09.2000.
The rst judgment on a preliminary question concerning the national implementation of CISA
was given by the European Court of Justice on 11 February 2003 in the joint cases
C-187/01(Gztok) and C-385/01 (Brgge).
For example V. Hreblay, Les Accords de Schengen. Origine, Fonctionnement, Avenir, Brussels:
Bruylant 1998, p. 17: Lespace Schengen est considr comme le laboratoire de la libre circulation. See also Steenbergen (1997), p. 1825; H. Verschueren, Vrij verkeer van personen in
45
to be achieved. With regard to the goal of abolishing internal border controls, one
might wonder whether this has actually been achieved. For example, in the early
years, the abolition of internal border control between Schengen states did not
occur automatically: in France, border controls were maintained after terrorist
attacks in Paris, invoking Article 2 (2) of the CISA, allowing temporary security
controls.118 Later, at the Schengen Executive Meeting of April 1996, the French
government announced the reintroduction of internal border controls between
France and Belgium and Luxembourg because those countries were regarded as
transit countries for drugs leaving the Netherlands. Security checks, proposed
rstly as anti-terrorism measures and later because of the problems with the Dutch
soft policy on drugs, were temporarily maintained by the French government.119
In the Netherlands, special police units were established to check persons immediately inside internal borders in order to prevent illegal immigration. In practice,
internal border controls were simply replaced in this country by mobile police
units used to check immigrants within close proximity to internal borders.120 The
(re-)introduction of the national obligation to carry an identity card was another
measure to move border controls to the national territory.
From the perspective of third-country nationals, a positive achievement of the
Schengen cooperation has of course been the right of free circulation for thirdcountry nationals with a valid visa or residence permit within the Schengen territory, even if this only granted the right to a maximum stay for a period of three
months during the six months following the date of rst entry into the Schengen
area.121 On the other hand, Schengen did not include any provision to strengthen
further the legal position of admitted migrants or migrants seeking entry on lawful
grounds. On the contrary, with its focus on compensatory measures, including the
emphasis on public order and security as grounds for refusing entry to migrants,
the incorporation of Schengen into EU law also meant the incorporation of these
restrictive measures.
118
119
120
121
Schengen Verdragen, in: Fijnaut, Stuyck & Wijtinck (1992), p. 1354, and H.U. Jessurun
dOliveira, Schengen uitgerangeerd?, NJB, no. 4, 1990, p. 129131.
See, on the application of Article 2.2 CISA in practice, K. Groenendijk, Re-instatement of
controls at the internal borders of Europe: why and against whom?, European Law Journal 2,
2004, p. 150170.
A. Geddes, Immigration and European integration, Towards fortress Europe?, Manchester/
New York: Manchester University Press 2000, p. 83.
See K. Groenendijk, New Borders Behind Old Ones: Post-Schengen Controls Behind Internal
Borders and Inside the Netherlands and Germany in: Groenendijk, Guild & Minderhoud
(2003), p. 131146.
In the judgment of 3 October 2006, C-241/05 (Bot), the ECJ gave a more liberal interpretation of this freedom of circulation by refusing to narrow the denition of rst entry.
46
Chapter 2
126
127
128
Chapter 3
The Schengen Information System
The purpose of the Schengen Information System shall be in accordance with this
convention to maintain public policy and public security, including national security, in the territories of the contracting parties and to apply the provisions of this
convention relating to the movement of persons in those territories, using information communicated via this system.1
1
2
Article 93 CISA.
In this Chapter, I refer to SIS meaning SIS I; when I am dealing specically with SIS II, I will
use SIS II.
The (French and Dutch) texts of the dierent Benelux treaties can be found at: http://www
.benelux.be/fr/dos/dos_intro.asp or http://www.benelux.be/nl/dos/dos_intro.asp.
See, on the Benelux Agreement, A.H.J. Swart, De toelating en uitzetting van vreemdelingen,
Deventer: Kluwer 1978, p. 49 .
48
Chapter 3
an obligation. The Ministerial Working Group of the Benelux countries, responsible for the implementation of the Benelux Convention, adopted a decision
dening the situations in which a third-country national had to be considered
unwanted by all three countries. This included persons convicted of a crime for
which extradition would be possible and persons who, by their presence in the
Benelux area, would pose a danger to the public order or national security. Based
on this decision, a Minister of Justice in one of the Benelux countries, declaring
a person to be inadmissible, could request the Minister of Justice in another
Benelux country to declare this person inadmissible as well in the latter state.
Such a request could only be refused on special grounds, for example if the thirdcountry national was lawfully resident in one of the countries to which the
request was directed.
The diplomatic and consular posts of the Benelux countries used the common
Benelux lists of persons not to be granted a visa without prior authorisation from
the national authorities of the other Benelux partner declaring this person inadmissible or unwanted. These lists were considered necessary because, in many third
countries, the Benelux embassies and consulates of one state were empowered to
issue a visa for the other two Benelux states as well. The Benelux list of inadmissible persons for one of the Benelux countries was incorporated into the national
investigation records. The Benelux list was only used for visa applications. At a later
stage, the list was transferred to a microche le. This le was administered by the
Belgian government.5 For third-country nationals without a visa obligation, the
Benelux countries agreed upon the desirability of a comparable list as mentioned
above, but refrained from unilateral introduction, awaiting developments in the
Schengen framework.6
According to the Dutch government in a memorandum to its parliament in
1987, the ultimate goal of the Benelux Convention of 11 April 1960 was not reached
completely, mostly because of discrepancies in the application by the national
authorities of the applicable rules. These concerned the rules on the issue of a Benelux
visa, the decision to grant access to the Benelux territory, the decision to remove a
person from the Benelux territory and the declaration of a person as unwanted and
the decision to record a person as unwanted or inadmissible.7 Other failures in the
eyes of the Dutch government were the fact that the Benelux countries did not
harmonise national law in all the relevant elds and their failure to amend the
Convention in response to relevant social or international developments.
See the evidence of Professor Schermers before the Select Committee on the European
Communities, House of Lords, 1992: Border Control of People (1989), p. 58.
Answers of the Dutch government to the parliament, 19871988, 20031, no. 4, p. 6 under
point 43.
Handelingen Tweede Kamer 19861987, 20031, nos. 12, pp. 1415.
49
11
50
Chapter 3
from each Schengen state.12 In September 1990, also at the request of the PWP,
a Steering Group for the SIS was given the mandate to deal with legal, administrative,
nancial and organisational matters which were not dealt by the PWP.13
When the negotiations on the establishment of a shared information system
commenced, in early 1988, four of the ve Schengen states were already introducing information technology for the collection and exchange of data in the
police sector.14 These national experiences were important for the negotiations
on the technical and functional possibilities of a shared system. The feasibility
study by the PWP was presented by the Schengen Ministers and Secretaries of
State during the meeting of 12 December 1988. This study did not provide solutions which were immediately applicable. It only underlined the technical possibility of creating a shared information system. Furthermore, this study dened
the principles which were considered necessary for the establishment of such a
system. According to one of these principles, the only information that could be
recorded and exchanged was that which could lead to action by police authorities
or ocials responsible for border control.15 This remained one of the central
principles on which SIS I was based.
The feasibility study dierentiated between two categories of data: objects and
persons.
With regard to alerts concerning persons, the negotiators dened ve dierent
actions:
1.
2.
3.
4.
5.
In the feasibility study, dierent possible technical solutions were presented. These
included the establishment of one central system, forwarding all essential data to
the data systems of the participating states. Furthermore, the study considered the
need to transmit complementary information, not through the shared information
12
13
14
15
See J.W. Hoeksma, H.L. Rensen, SIS moet voldoende bieden, niet meer en niet minder,
Algemeen Politieblad, no. 8, 14 April 1990, p. 179183.
SCH/C.OR. SIS (90) 2. See L.M.N. Kroon, European information systems: beyond borders?
Barriers within the development process of the Schengen Information System and the Social Security
Network, Delft: Eburon 1997, p. 120.
J. Dumortier Het Schengen Informatie Systeem en de bescherming van persoonsgegevens in:
C. Fijnaut, J. Stuyck, P. Wytinck, Schengen: Proeftuin voor de Europese Gemeenschap?, Antwerp:
Gouda Quint 1992, p. 140141.
Hreblay (1998), p. 99100.
51
system, but through the dierent police organisations. The problems to be solved
were: choosing the location of the central system, legal questions such as the system
of data protection, and the arrangements which would be necessary for dividing
the nancial costs for the information system.
In 1989, in Bonn, the Ministers of the participating states decided to locate the
headquarters of the C-SIS in Strasbourg. Furthermore, the Ministers decided during this meeting that the ratication of the Council of Europe Convention on
Data Protection of 1981 would be a requirement for the participating states before
exchange of personal data could take place. Additionally, with regard to data protection, it was decided that national laws were to apply and national procedures
on complaints had to be envisaged.16 In October 1991, the PWP issued an open
tender for the development of the SIS computer technology. Initially, the choice
fell to the consortium between the US company Arthur Andersen and the French
computer group Bull. Politically, however, the governments opposed the idea of
placing the order for such a large IT project, which was also a symbol of European
cooperation, to a non-European company. Pressed by the German government,
the former Prime Minister of France, Edith Cresson, demanded that Bull withdraw from the consortium with Andersen, forcing the latter to renounce its bid.
Instead, the contract was give to a new consortium composed of the Anglo-French
rm SEMA, the Bull group, and Siemens-Nixdorf in Germany.17
One may wonder why there was a need for a Schengen Information System
with regard to police cooperation and the exchange of police information, when
the European States had already been cooperating since 1923 through Interpol,
the International Criminal Police Organisation.18 One of the reasons could be that
Interpol was not based on an international treaty, such as the Schengen cooperation. Therefore, implementation of the Interpol statute diered in the dierent
countries and the organisation was more of an assembly of national police ocers,
rather than a system which was organised and led by the national governments.
Also, the goals of Interpol were more limited than the cooperation envisaged by
the European governments. Even though its primary goals are comparable to those
of Schengen, such as the prevention and repression of criminal crimes, Interpol
does not concern itself with the implementation of the free movement of persons.
16
17
18
The national data protection regulations and the regulation in the CISA on data protection will
be dealt with in the next chapter.
European squabbling round after Schengen op, Fortress Europe? Circular letter (FECL),
March 1994. http://www.fecl.org/circular/2301.htm.
See E. Schlanitz, Lchange international dinformations de police dans le cadre des systmes
dinformation dInterpol et de Schengen, in: A. Pauly (ed.), Accords du Schengen: abolition des
frontires intrieures ou menace pour les liberts publiques?, Maastricht: EIPA, 1993, p. 3952.
52
Chapter 3
Secondly, Interpol explicitly excludes cooperation in the eld of crimes of a political, racial, militant or religious character. This statutory limitation in the operational eld of Interpol has also been one of the reasons why, in the 1970s and
1980s, the European ministers used the intergovernmental framework of Trevi and
not Interpol in their ght against terrorism.19 The CISA does not exclude political
facts as one of the goals of data exchange or police cooperation. On the contrary,
the desire to identify and exclude those known as security risks can be regarded
as one of the main incentives for the establishment of the SIS.20 As we will see
below, this goal of the SIS, the upholding of public policy and public security,
including national security, is explicitly dened in Article 93 of the CISA.
1.3. Structure
During the negotiations, the PWP seriously considered four options for data
exchange between Schengen states.21 In the rst place, the negotiators considered
the establishment of a direct connection between national databases in the
Schengen states. Objections raised to this option were that Luxembourg did not
then have a computerised database and the concern about dierences between the
content, the language, the concepts and the computer programs of the national
systems. Secondly, it was proposed that a Schengen Computer be established in
each of the Schengen states, which could be linked to all the others through a network. The main objections to this option were the high costs of this structure
and the necessity to maintaining many data connections. The third option was
the construction of one central database. This would however require the authorities in Schengen countries other than the country in which the database was
located to make an international connection for each individual check. This
would involve high costs and the need to establish an international administration to supervise such a central database. The PWP therefore chose a fourth
option: a system involving ve identical databases to be supplied with information through one central database. This included one central information system
(CSIS ) connected to the national information systems (NSIS ) in each of the
Schengen states. As long as the purpose of issuing these data and the content of
the data were in accordance with the criteria of the CISA, the national authorities had to submit their data to the CSIS. The data are forwarded by the CSIS to
each NSIS system in the dierent Schengen states.
19
20
21
C. Fijnaut, The Internationalization of Criminal Investigation in Western Europe, in: C. Fijnaut &
R. Hermans (eds.), Police Co-operation in Europe, Lochem: J.B. van den Brink, 1987, p. 3256.
Guild (2001), p. 22.
Dumortier (1992), p. 142.
53
Using this system, which has nally been adopted in the CISA, the contents of
each system, CSIS and NSIS, are exactly the same. The task of controlling
whether the data submitted to the CSIS by the national authorities comply with
the principles and criteria of the CISA has been assigned to a central oce at
national level: SIRENE. This organisation plays an intermediary role between
the NSIS and the CSIS.22
During the negotiations, the participating ocials made it clear that the SIS
should make it possible to identify persons or goods searched by the national
authorities of one of the Schengen states on an easy and fast manner, without
excessively hampering the circulation of travellers crossing external borders.
Therefore, the SIS would have to contain only the necessary information for the
requested action and the SIS terminals would have to be easy accessible, comparable to the national police systems already used in the dierent Schengen countries.
An ocer checking the system should also be clearly informed about the actions
to be taken. The problem of language and the use of dierent concepts was solved
by the introduction of a structure of limited categories of data to be stored in the
system, clearly describing clearly the actions to be taken each time a check on the
SIS resulted in a hit. One of the major advantages of this system would be that it
resolved the normal problems of translation, since each recipient could deduce all
the relevant information from the location of the data in the system.23
The Schengen Information System was further to be based on the so-called
ownership principle, according to which only the state storing the data in the
SIS would be responsible for the accuracy of these data and only this state could
change or delete these data in the SIS. Accordingly, changes to the SIS data could
only be forwarded to the central system by the state who owned the data.
As one of the consequences, it was decided that the issuing state is ultimately liable for any sums paid as compensation for an injury to a person, caused by the
use of the SIS (Article 116 CISA).
1.4. Final Purpose and Categories of Entries
At the beginning of the negotiations on the SIS, the participating states mainly
focussed on the use of such a system for security and police purposes. In a draft
text of 1988, the purpose of the information system was still described as to
guarantee public order and security and ght criminality on the territories of the
Contracting Parties, with the help of the information received by this system.24
22
23
24
This name is derived from the English description: Supplementary Information Request at the
National Entry.
Donner (1993), p. 14.
88 (SCH/1 (88) 7) 27.10.1988, para. 2.2.
54
Chapter 3
Later, at the initiative of the Dutch government, this was extended to the application of immigration law, including the rst visa issue procedure and later with
regard to the provisions on the movement of persons.25 The nal denition of the
purpose of the SIS, described in Article 93 CISA, includes a more general aim of
regulating the movement of persons in the Schengen area. Article 93 reads:
The purpose of the Schengen Information System shall be in accordance with this
convention to maintain public policy and public security, including national security,
in the territories of the contracting parties and to apply the provisions of this convention relating to the movement of persons in those territories, using information
communicated via this system.
According to Article 94 of the CISA, the SIS may only contain data as required
for one of the purposes mentioned in Articles 95100 of the CISA. The decision
regarding whether a certain case is important enough to warrant entering the
alert into the SIS is to be taken by the national authorities. We will see later that
the procedure of national decisions on entering data into the SIS is organised in
dierent ways in each of the contracting parties.
The Articles 95 to 100 provide for the following categories of persons to be
entered into the SIS:
1. Persons wanted for arrest for extradition purposes (Article 95);
2. Third-country nationals to be refused entry (Article 96);
3. Persons who have disappeared who need to be placed in a secure location to
protect their safety (Article 97);
4. Persons (such as a witness or a person being prosecuted) whose whereabouts
are sought by the judicial authorities during the course of a prosecution
(Article 98);
5. Persons (or objects) for the purpose of discreet surveillance or specic checks,
following indications that a person intends to commit, or is committing
numerous and extremely serious oences or where an overall evaluation of the
person, particularly his or her prior oences, gives reasons to suppose that he
or she will also commit extremely serious oences in future (Article 99).
Article 100 CISA concerns objects for the purposes of seizure or for evidence in
criminal proceedings. Whether a national authority has access to the SIS depends
on the grounds on which a person or object was entered into SIS. The appointment
of national authorities having access to the SIS is in principle a decision for the
national state. According to Article 101 (4), the contracting parties must however
send a list of the appointed authorities to the Executive Committee each year
and, since 1999, to the JHA Council.26 Also, Article 101 provides that only the
25
26
55
authorities responsible for border checks and other police and customs checks
carried out within the country may have access to the data entered into the SIS.
With regard to the data entered on the basis of Article 96 this is extended to authorities responsible for issuing visas, central authorities responsible for examining visa
applications and the authorities responsible for issuing residence permits and for
the administration of legislation in the context of the application of the provisions
of this convention relating to the movement of persons.
During the negotiations on the CISA, the French government insisted on the
inclusion of the possibility of a prior check regarding whether a request for a persons arrest was in compliance with French law.27 Based on this request, Article
94 (4) stipulates that it is possible to add a ag to an alert in the national section
of the SIS.28 This is a note, prohibiting the national authorities from arresting the
person on its territory. The ag subsequently allows the requested state 24 hours
to conduct the legal examination.
1.5. Problems During the Construction Phase
The date on which the SIS should have become operational was postponed several times. It should be noted that these deadlines were always set by the meetings of the Schengen Executive Committee and the Central Group and not by
the negotiating groups of national experts. For example, the rst deadline, to
have the SIS operational on the same date as the creation of the internal market,
1 January 1993, was based much more on the political will of the Schengen
Ministers than on the expertise of its ocials that such a date would be technically feasible. Only when it became clear that the deadline of 1 February 1994
could not be met either, by which time the Schengen governments were developing a phobia about mentioning dates, it was decided that no new deadline
would be set.29 Their negotiators in the PWP and Steering Group were given the
freedom to take those measures considered necessary for the functioning of the
SIS and to solve the remaining problems.
There were several reasons for postponing the start of the SIS, including legal,
technical, practical and political problems. One legal problem was for example
the national ratication procedures which were necessary for the implementation
of CISA. In some countries, the integration of CISA and the SIS required amendments to national law, such as in France and Germany. Technical problems during the construction phase were for example the delays in the delivery of products
by the consortium which was given the task of building the SIS. A practical
27
28
29
56
Chapter 3
problem causing delay was the fact that some countries did not come forward
with their lists of authorised end users of the SIS on the basis of Article 101
CISA. Finally, at the political level, there was the temporary reluctance of the
French government to proceed further with the SIS. To solve the various problems, the Central Group formulated seven conditions for the entry into force of
the CISA in its Madrid meeting of 30 June 1993. These included:
the implementation of external border control and the use of a common
handbook;
the regulation of common visa issue and common instructions for consular
and diplomatic posts;
a common treatment of asylum seekers;
the implementation of the CISA provisions on drugs policy; and
the regulation of freedom of movement of persons in airports.
In 1993, the process of negotiations on the SIS reached its lowest point, which
resulted in the establishment of a Crisis Team (cellule de crise) in November
1993.30 The German government threatened to walk out of the Schengen Group
if more demands were made to compensate for the removal of internal borders.
Furthermore, it stated that it would concentrate its eorts at the level of the
12 EU States. Then, in the Spring of 1994, the French government which did
not want to be seen as being responsible for a possible failure of the Schengen
initiative assured its partners of its commitment to work towards the abolition
of internal borders within the Schengen framework. That this commitment was
not without limitations can be illustrated by the fact that, in November 1994,
the same government stated before the French Parliament that it was out of the
question that France would suppress checks at French borders if a certain number
of obstacles were not removed, including the Dutch position on the control of
drugs tracking.31
The loading of data into the SIS started on 22 December 1994. On that same
date, at its meeting in Bonn, the Executive Committee of Schengen decided
that the irreversible implementation of the Convention would take place on
26 March 1995. This date was chosen to facilitate the technical separation of
travellers for the Schengen airports since, on 26 March, continental Europe
would switch over to summer time, which included the airlines changeover to
their summer timetables. Since the SIS became nally accessible for its end users
on 26 March 1995, this date is also regarded as the date of the entry into force of
the CISA. As we will see in Chapter 5, a comparable situation arose with regard
30
31
57
to the development of the SIS II. Similarly, based on technical problems and
delays with regard the measures to be taken in the dierent Member States, the
Commission announced in 2006 that the date for the operation of SIS II would
be postponed until the end of 2008.
2. Legal Basis
With the entry into force of the Amsterdam Treaty, the Schengen acquis was
incorporated into the EU framework. This incorporation included the need to
decide upon the precise legal basis of every legal instrument from the Schengen
acquis. This determination of the legal basis, whether in the EC or EU Treaty, was
unproblematic for most provisions and decisions.32 For dierent reasons, the EU
Schengen states were not able to reach agreement on the legal basis of the Schengen
Information System. As a result of this failure to reach a decision, for the time
being the SIS is considered as having its legal basis in the third pillar or Title VI of
the EU Treaty. Article 5 (2) of the Schengen Protocol implies that whenever legal
parts of the Schengen acquis are amended, the exact legal basis, EC or EU, needs
to be addressed.33 This means that whenever decisions on the use or functioning
of the SIS are to be made, the legal basis of the SIS has to be determined.
3. Participants
3.1. Nordic Countries
Article 6 of the Nordic Passport Control Agreement of 1957 includes a regulation on a joint negative list of third-country nationals who are to be refused
entry at the common Nordic external borders. This list was not computerised
until 1991, due to the fact that when the Nordic Passport Control Agreement
came to existence, information technology was still in its infancy.34
In 2000, the Nordic countries adopted a supplementary agreement to the
Nordic Passport Control Agreement to deal with the participation of the Nordic
32
33
34
Council Decision 1999/435 of 20 May 1999 concerning the denition of the Schengen acquis
and 1999/436 of 20 May 1999, determining the legal basis for each of the provisions or decisions which constitute the Schengen acquis, OJ 1999 L 176/1; see, for the publication of the
whole Schengen acquis, with exception of condential sections, OJ 2000 L 239/1, 22.09.2000.
N. Bracke, Flexibility, Justice Cooperation and the Treaty of Amsterdam, in Marinho (2001),
p. 59.
H. Fode, Nordic Experience on Criminal Law, in: Schermers (1993), p. 6169.
58
Chapter 3
39
59
have access to the data on third-country nationals to be entered into the SIS
by other countries. This would allow national authorities to compare national
alerts on third-country nationals with alerts in other countries. A Working
Group proposed a technical solution, according to which Article 96 data
would be ltered out, so that they would not be accessible to authorities of the
UK or Ireland, but this proposal was not further developed.40 During the
meeting of the JHA Council in June 2002, the EU Member States agreed on
the principle that the UK and Ireland could participate in the development of
SIS II.41
3.3. Switzerland
In October 2004, an Agreement was signed between the European Union, the
European Community and the Swiss Confederation on the association of the
Swiss Confederation with the implementation, application and development of
the Schengen acquis.42
In the Swiss referendum of 5 June 2005, the population of Switzerland agreed
to sign the CISA. The accession of Switzerland to the CISA is envisaged in 2008.
This will also grant access by the Swiss authorities to the SIS II.
3.4. Accession of New EU Member States
In 2004, the EU was enlarged by ten new Member States. In 2007, the EU was
joined by Bulgaria and Romania. As we saw in Chapter 2, Article 8 of the
Schengen Protocol stipulates that new EU Member States should accept in full
the Schengen acquis, including the measures adopted on the basis of the CISA.
This means that the new EU members must participate in the use of the SIS as
well. Depending on whether these countries provide for sucient technical and
legal guarantees, the new EU Member States are scheduled to gain access in 2008
to the second generation SIS.
60
Chapter 3
44
45
46
Note by the Dutch Delegation to Working Groups I and II, Brussels, 25 April 1988, SCH/I+IIimm+c.fr (88) 5.
The Dutch note even included the estimated numbers of persons to be entered into the NSIS
according to these criteria, including 2,000 persons with a formal residence ban, 2,000 reported
inadmissible persons, 6,015 visa applicants for whom prior approval would be necessary, and
10,675 rejected asylum seekers.
Working Group I, 7 August 1989, SCH/I (88) 7, 12th revision.
Article 2.5, Working Group I Police and Security, 16 November 1988, SCH/I (88) 7, second
revision.
61
62
Chapter 3
When a contracting party considers granting a residence permit to a thirdcountry national who is entered in the SIS for the purposes of refusing entry,
according to Article 25 (1) CISA it should rst consult the contracting party
issuing this alert. Only for substantive reasons, based on humanitarian grounds
or for reasons involving international commitments, the rst state may issue a
residence permit to the person concerned. If a residence permit is issued, Article
25 (2) states that the state issuing the alert should withdraw this alert from the
SIS. This state may put the third-country national on its national list.
As we will see in Chapter 4 on the development of SIS II, the text of Article
96 CISA is almost literally copied into the new text of the SIS II Regulation.
In 2006, the conditions of entry in Article 5 CISA have been replaced by the
almost identical provision of Article 5 in the Schengen Borders Code.47
4.3. Denition of inadmissible: Discretionary Power of National Governments
The denition of third-country nationals for the purpose of refusal of entry in
Article 96 CISA seems to be based on two concurring thoughts. On the one
hand, the criteria as stated in Article 96 (2) and (3) should prevent arbitrary
implementation with regard to the reporting of inadmissible aliens. On the other
hand, this provision should leave enough discretionary power to the national
authorities. An important incentive for a shared information system would have
been the acknowledgement that notions of public safety and security could not
be harmonised.48 This lack of harmonisation had to be resolved by establishing a
common list of inadmissible persons. However, the assumption that the criteria
on public safety and security could not be harmonised better describes the political rather than the legal reality. As we will see below, with regard to the protection
of the free movement of EU citizens and privileged non EU citizens, the ECJ
provided a denition of public order and security which could have been used
for a larger group of non-EU citizens.49 The participating states clearly preferred
an accumulation of their national public order criteria, rather than developing
harmonised, common criteria for the application of the SIS.
Articles 96 (2) and (3) are based on the general principle that whenever thirdcountry nationals meet the criteria listed in these provisions, this is sucient for
these persons to be regarded as a threat to public order and security, or as a risk to
illegal immigration. In other words, if the authorities decide to enter an individual into the SIS, they do not have to indicate the specic risk this person entails
47
48
49
63
50
51
52
A.H.J. Swart, De toelating en uitzetting van vreemdelingen, Deventer: Kluwer 1978, p. 67.
See also B. Puntervold B, The Use of Visa Requirements as a Regulatory Instrument for the
Restriction of Migration, in: A. Bcker et al., Regulation of Migration. International Experiences.
Amsterdam: Het Spinhuis Publishers 1998, p. 191202.
OJ 56, 4.4.1964. This Directive has been replaced by Directive 2004/38, see also Chapter 9.
64
Chapter 3
been further narrowed in the jurisprudence of the ECJ. In the Bouchereau case,
the ECJ formulated the well-known criteria that there must be a genuine and
suciently serious threat to the requirements of public policy aecting one of
the fundamental interests of society.53 For a long time, these ECJ criteria did not
seem to play an important role with regard to the national practice of reporting
third-country nationals into the NSIS. The European Commission however
repeatedly urged the Schengen partners to apply the criteria of Directive 64/221
to third-country nationals who are family members of EU citizens as well, in
order to guarantee to the latter the right to freedom of movement under the EC
Treaty. Responding to this pressure from the Commission, in 1996 the Schengen
Executive Committee adopted a declaration dening aliens as referred to in
Articles 1 and 96 of the CISA.54 According to this declaration, the general rule
should be that individuals, including third-country nationals, who are beneciaries of Community law are not to be reported into the SIS. Family members of
EU citizens who are third-country nationals and who have the right on the basis
of EC law to enter and to reside in a Member State, as well as nationals of Iceland,
Liechtenstein and Norway, and later Switzerland, may be entered into the SIS if
this entry would be compatible with Community law. If a beneciary of EC
law is entered into the SIS and this is not in accordance with Community law, he
or she should be deleted from the list.
As pointed out by Eicke, the declaration of 1996 does not comply fully with
the Courts criteria. The decision to exclude or expel a person from a national territory is only allowed based on the actual threat this person represents to this territory. In other words, being a threat to one Member State does not justify excluding
that individual from all other states.55 The ECJ made this clear in its rst judgment with regard to the SIS and the registration based on Article 96 CISA. In this
judgment, Commission v. Spain, of 2006, the ECJ ruled that registration in the
SIS of two non-EU citizens who were married to EU nationals could not automatically result in the decision of the Spanish authorities to refuse them a visa or
admission to Spanish territory.56 The judgment of the ECJ, and the point made by
Eicke, is very important considering the legitimacy of the principle on which the
functioning of the SIS is based. There is a clear tension between the principle of
the mutual recognition of national immigration decisions relating to public order
or security grounds on the one hand and, on the other hand, the protection of the
53
54
55
56
65
57
58
59
66
Chapter 3
Schengen Joint Supervisory Authority or JSA (see below, Chapter 7) published data
in its fourth and fth annual reports on the content of the SIS. However, no such
information was included in the sixth report of the JSA on 20022003. There are
some statistical data included in the Report of the ad hoc group for the study of 3rd
pillar information systems to the Council in 2003.60 In this report, the ad hoc
group compared the existing EU databases, including the SIS, Eurodac, the Customs
Information System (CIS), the Anti-Fraud Information System (AFIS), and the
databases of Europol. An important conclusion by this ad hoc group is that, at the
stage in its research, insucient information was available on the content and the
current usage of the systems. Only since 2005 has the Council Secretariat published
annual database statistics on the number of records registered into the SIS. These
publications can be retrieved from the public register of the Council.61
According to the report of the ad hoc group for the study of 3rd pillar information systems in 2003, the NSIS data could be consulted by approximately
125,000 terminals in the Schengen States. By 2005, the SIS included more than
15 million records on objects and persons.62 Approximately 6% of these records
concerned persons who were registered in the SIS for more than one purpose.
As we saw in section 1.4, the categories on persons include persons wanted for
arrest or extradition (Article 95 CISA); third-country nationals (non-EU and
non-EEA citizens) to be refused entry (Article 96 CISA); missing persons or
those to be placed under temporary police protection (Article 97 CISA); witnesses or other persons summoned to appear in court (Article 98 CISA); and
persons wanted for discreet surveillance or specic checks (Article 99 CISA).
5.1. Numbers of Persons Entered in SIS
With regard to the total number of records on persons in the SIS between 1999
and 2005, the following information can be derived from the above reports.63
Data for 1999 64
Total persons entered into SIS: 855,887
Article 95:
10,419
Article 96:
764,851
Article 97:
27,436
Article 98:
35,806
Article 99:
17,365
60
61
62
63
64
(89%)
67
65
66
67
68
69
23.05.2000, source: report C.SIS Exploitation team, 4th annual report Schengen Joint
Supervisory Authority.
28.02.2001, source: 5th annual report Schengen Joint Supervisory Authority.
Data on 5.03.05, described in doc. 8857/03. See also the Statewatch/Ben Hayes report 2004.
Report from the C.SIS Exploitation team, 01/01/2004 at 00.00 (unpublished).
Data from the C.SIS at 010/1/2005 at 00.00. SIS Database Statistics from the Presidency to the
SIS-TECH Working group, 8621/05, 2 June 2005.
68
Chapter 3
Article 97:
Article 98:
Article 99:
36,235
35,317
18,031
70
71
72
73
69
total. This in the rst place is due to the enlargement of the European Union,
following which the old Member States had to take the names of the nationals
of the new EU Member States o the SIS. Secondly, this drop could be explained
by the increasing percentage of hits based on the other categories of data stored
in the SIS. Relatively speaking, when comparing the numbers of hits with the
numbers of entries for each category, reports on third-country nationals to be
refused entry seem to be the least successful. This is illustrated by comparing the
gures for 2001, 2004 and 2006.74
Based on the above reports, in 2001 the following hits were recorded by the
SIRENE bureaux:
Article 95: 2,841 hits (24% of the total number of records on Article 95);
Article 96: 26,363 hits (3.7% of the total number of records on Article 96);
Article 97: 3,661 hits (6% of the total number of records on Article 97);
Article 98: 1,779 hits (12% of the total number of records on Article 98);
Article 99 (persons): 2,232 hits (10.2% of the total number of records on
Article 99).
The gures for 2004 show an even smaller percentage of hits on third-country
nationals, compared to the number of records based on Article 96 CISA in
the SIS:
74
Note that I compare the data on the number of records held in the SIS on the precise date of
1/1/2001, 1/1/2004 or 1/1/2006 with the total number of hits which were found the year after
that date. As the number of alerts change every day, this percentage only gives an estimate of the
exact percentage.
70
Chapter 3
Based on these statistical data, one could conclude that the registration of thirdcountry nationals in the SIS is in practice less eective, compared to the records
on persons stored in the SIS for other purposes. Even if information stored in the
SIS concerns predominantly third-country nationals to be refused entry, the
number of hits and, therefore, the actual eects of this storage are relatively small
compared to the number of hits for other categories of persons stored in the SIS.
On the other hand, the annual number of 21,000 to 25,000 hits on third-country
nationals is considerably high particularly when we consider that, based on these
hits, these persons have been stopped at the borders, refused a visa or even
expelled to a third country.
With regard to the development of the second-generation SIS, one would
expect the Commission or Council to have evaluated the use and eciency of
SIS I. To my knowledge, no such evaluation has taken place. Only the Schengen
Joint Supervisory Authority initiated a coordinated evaluation of the national
implementation of the Article 96 criteria in 2003, to be carried out by the
national data protection authorities. Based on this report and the available
national reports, it can be concluded that the Schengen authorities applied the
Article 96 criteria very dierently and the data stored in the SIS often did not
meet the criteria of Article 96.75 Furthermore, the national data protection
authorities discovered that the time limits for the storage of these data were frequently exceeded.76 The ndings of the JSA have been published in a report dated
20 June 2005. This report has not been ocially published but is only available
on request via the joint data protection secretariat of the Council.77
In the next Chapter, I will describe the development of the second-generation
SIS or SIS II, including the technical and functional amendments which were
proposed and adopted with regard to the SIS. Chapter 5 will examine other EU
databases which are directly or indirectly used for controlling immigrants within
or seeking admission to EU territory.
75
76
77
Chapter 4
New Functionalities for SIS
and the Development of SIS II
The Schengen Information System ended up by being the victim of its own success,
and it became imperative to increase its capacity and to introduce new possibilities
while taking advantage of the latest development of information technology.1
2
3
Carlos Coelho, Rapporteur for the LIBE Committee, Working Document on the Decision and
the Regulation on SIS II, 20.10.2005.
OJ L 239, 22.9.2000. See also section 3.1 in Chapter 3.
This decision on the development of SIS II has not been published, but is referred to in the decision of the Schengen Executive Committee of 25 April 1997 in which Portugal was given the
mandate to start a preliminary study for SIS II. SCH/Com-ex (97) 2 rev. 2, published in OJ L
239, 22.9.2000.
72
Chapter 4
measures to make the SIS ready for the new millennium. The same decision
emphasised that the parallel development of a renewed SIS, or SIS I, would not
aect the development of SIS II.4 The new extended SIS I (under the heading
SIS I+) should be accessible to 18 countries (15 operational States, the United
Kingdom and Ireland, plus one in reserve) while, in the longer term, the strategic objective of SIS II would remain unchanged.5 After the integration of the
Nordic countries into the SIS and the successful completion of the SIS I+
project in 2001, the governments continued their negotiations on SIS II.6 The
Council of Justice and Home Aairs or JHA Council (having replaced the
Schengen Executive Committee in 1999 on the basis of the Amsterdam Treaty)
conrmed, at its meeting of 2829 May 2001, that in view of the enlargement
of the EU, the development of SIS II by 2006 would be a priority.7 In December
2002, the JHA Council decided upon the implementation of the Schengen
acquis in the new Member States. The application of the full Schengen acquis
would make it necessary for those Member States to full all legal, organisational and technical pre-conditions (), especially the requirements linked to
the access to the Schengen Information System and the ecient controls at
external borders.8
Before discussing the developments of SIS II, the rst sections will describe
the decisions adopted to amend the use of SIS I. As we will see, many of these
earlier decisions inuenced the nal scope and use of SIS II.9 In section 6, I will
focus in particular on the (draft) Regulation on SIS II with regard to alerts on
third-country nationals to be refused entry or residence. I will not go into details
of the Decision on SIS II which applies to the use of SIS II within the third pillar
framework.
4
5
7
8
9
73
74
Chapter 4
15
16
17
18
19
20
75
would also be the state whose territory the person in question entered for the rst
time. However, when Eurodac (see Chapter 5) became operational, this proposal
disappeared from the agenda.
2.3. New Categories of Persons
During the discussions in the EU Council, Belgium, Spain and Portugal
supported registration in the SIS of two new categories of persons: persons prohibited to leave the Schengen area and potentially dangerous persons to be
banned from participating in certain events. With regard to the former category,
this was proposed in February 2001, by the Portuguese delegation.21 This category of persons would include a divergent group of persons, for example, children
who are at risk of being kidnapped by one of their parents when there is a dispute
over custody of the child. But it could also include detainees who are conditionally released. In June 2003, the JHA Council agreed to study the possibilities of
this new alert although, to my knowledge, no measure has been taken with regard
to this proposal.
The proposal to enter data into the SIS I on potentially dangerous persons to
be banned from participating in certain events was supported by the Spanish
and Belgian governments. In reaction to the events surrounding the EU summit
of Gothenburg, Sweden, the JHA Council of 13 July 2001 agreed on the need
for a structured exchange of data on violent troublemakers within the context of
meetings of the European Council and other, similar meetings.22 Based on these
conclusions, the Spanish government, during its Presidency in February 2002,
proposed studying the possibility of including data on violent troublemakers
[with respect to] in view of mass events to the SIS I.23 In the Spanish note, it
was recognised that such alerts could aect freedom of movement as protected
by EC Directive 64/221 (now Directive 2004/38) as well as other civil liberties
and data protection of the persons concerned. It was therefore suggested, since
these data would only be necessary for limited periods related to certain events,
that those data would not be made permanently visible or included in the SIS.
Meanwhile, the possibility for the police authorities to exchange information on
this category of persons was provided for in dierent bilateral agreements on
police cooperation between EU Member States.24 This meant that it was no
21
22
23
24
6577/01, 24 February 2001, see also the Swedish Presidency note on Requirements for SIS II,
6164/1/01 REV 1.
10608/01 (Presse 281).
Presidential note to the Working Party on SIS, 5968/02, 5 February 2002.
For example, the Treaty between Germany and the Netherlands of 2 March 2005, Tractatenblad
(Dutch Ocial Publications) 2005, no. 86 and the Benelux Treaty on border crossing police
cooperation (grensoverschrijdend politie-optreden) 8 June 2006, Tractatenblad 2005, no. 35.
76
Chapter 4
longer necessary to provide for this exchange of information through the SIS II.
Furthermore, the Treaty of Prm, adopted in 2005, provides for the exchange of
information during major events with cross-border dimensions, in particular
sport events, if any nal convictions or other circumstances give reason to
believe that the data subjects will commit criminal oences at the event or pose
a threat to public order and security, in so far as the supply of such data is
permitted under the supplying Contracting Partys national law (Article 14).25
These data subjects include both EU and non-EU citizens.
With regard to other categories of data, the JHA Council agreed in June 2003
to study the feasibility, usefulness and practical implementation of entering
them into the SIS I.26 Those categories included:
1.
2.
3.
4.
5.
6.
7.
At this same meeting of June 2003, the Council asked for a study of the
inclusion of SIRENE forms into the SIS and of which biometric data other
than photographs and ngerprints can be stored in the SIS I.
25
26
27
10900/05, 7 July 2005, published at www.libertsecurity.org. See for the Dutch version
Tractatenblad 2005, 197.
Meeting of 56 June 2003 of the JHA Ministers. Press release 9845/03 (Presse 150).
See, for early EU decision-making in response to 9/11: Brouwer, Catz & Guild (2003), p. 96 .
77
and Home Aairs Council urged the Member States to take certain measures
involving the use of the SIS I. Among other things, the JHA Council announced
that it would examine the possibility of granting other public services access to
the SIS, with regard to the cooperation between police and intelligence services.
The participating States were also invited to provide more systematic input into
the SIS of alerts under Articles 95, 96 and 99 of the CISA.28
The German government, in particular, proposed far-reaching measures with
regard to the use of personal information in the ght against terrorism. In a paper
dated 27 September 2001, Germany proposed enabling the interconnection of
data by allowing Europol, national Public Prosecutors Oces and immigration
and asylum authorities on-line access to the SIS.29 The German delegation also
called for enabling Europe-wide computerised prole searches, the establishment
of a common visa database and of a European central register of third-country
nationals present on EU territory. Furthermore, in this same note, Germany
advocated the use of Eurodac information for police purposes.
In October 2001, the Belgian Presidency of the EU issued a proposal to extend
Article 96 CISA to make it possible to check whether third-country nationals to
whom a visa is issued and whose visa has expired have actually left the Schengen
territory.30 Under this proposal, an alert would have to be automatically reported
into the SIS when a person does not leave the Schengen area within the period
stated in his or her visa. It was noted that when the proposal was to be incorporated into the SIS II, the nancial eects would be minor. As we will see in
Chapter 5, the idea of an entry-exit system was transferred to the proposal for
a separate Visa Information System.
In November 2001, the Belgian government forwarded another proposal to
record alerts more systematically in the SIS I.31 According to this note, data
should be recorded automatically in all cases once this entry into the SIS would
be allowed by national legislation. The entry of alerts could be improved by
issuing common recommendations or even setting common binding rules for
the entry of alerts. With regard to alerts on persons to be refused entry, the
authorities responsible for public security could be made (more) aware of the
possibility of entering alerts under Article 96 (2) (b) (i.e. aliens in respect of
whom there are serious grounds for believing that he has committed serious
criminal oences () or in respect of whom there is clear evidence of an
intention to commit such oences in the [Schengen] territory).
28
29
30
31
78
Chapter 4
33
34
35
36
79
39
40
41
80
Chapter 4
42
43
44
45
81
46
47
See the note from the Irish presidency to the Article 36 Committee, 6874/04, 27 February 2004.
Article 2 of the Regulation and the Decision allows the Council to set dierent dates of application. See Decision 2005/451 of 13 June 2005, OJ L 158, 21.6.2005, Decision 2005/728 and
Decision 2005/727 of 12 October 2005, OJ L 273, 19.10.2005 respectively. On 24 July 2006,
the JHA Council adopted two decisions setting two further dates of application (1 October and
1 November 2006) for Article 1(4) and Article 1(5) of the Regulation, 11556/06 (Presse 216).
82
Chapter 4
With the new Article 99 (4), the national authorities issuing an alert will only
have to inform other parties.48
4.1.2. Public prosecutors
Regulation 872/2004 includes an amendment to Article 101 (1) (b) CISA, based
on which the authorities responsible for police and customs checks carried out
within the country and the coordination of such checks have direct access to the
SIS, including alerts on third-country nationals to be refused entry. Based on the
amendment, direct access is made possible for national judicial authorities,
including those responsible for initiating public prosecutions in criminal proceedings and judicial inquiries prior to indictment, in the performance of their
tasks as set out in national legislations. The original text of the Spanish proposal
only envisaged adding to the provision of 101(1) (b), which reads as follows:
and the judicial supervision thereof .49 This proposed amendment was justied
by the fact that some Member States already granted access to the SIS to their
public prosecutors based on the words and the coordination of such checks in
Article 101 (1) (b).50 In October 2002, the French delegation proposed giving
national judicial authorities direct access to all SIS data, whereas the German
delegation proposed, for the initiation of public prosecutions in criminal
proceedings, giving national authorities only direct access to Articles 95, 98 and
100 data (persons wanted for arrest for extradition, witnesses, and objects for the
purposes of seizure or use as evidence for criminal proceedings respectively).51
In the nal decision on the proposed Regulation and Decision, the Council
chose a combination of both texts.
4.1.3. Authorities Responsible for Issuing or Examining Visa Applications
or for Issuing Residence Permits
A new Article 101 (2) has been inserted in the CISA, giving the authorities responsible for issuing visas or examining visa applications and the authorities issuing
residence permits and for the administration of legislation on aliens access to the
data on stolen, misappropriated or lost identity documents which are held in the
SIS on the basis of Article 100 (3) (d) and (e) CISA. Regulation 871/2004 further
allows national authorities to add information to the alerts stored in the SIS, for
example on whether a person has previously escaped from detention.
48
49
50
51
In its resolution of 17 December 2002, the EP advised maintaining the obligation of informing
the other parties beforehand, A5-0436/2002.
OJ C 160, 4.7.2002.
5968/1/02, 19 March 2002, see also the Report of Carlos Coelho of the LIBE Committee,
A5-0436/2002, 4 December 2002, explanatory statement, p. 22.
9407/2/02, 17 October 2002.
83
4.1.4. Duty to Report all Transmission of Data and a Legal Basis for SIRENE
Although the Spanish proposal focussed on extending the use of the SIS for the
ght against terrorism, the opportunity to change current provisions regarding
the SIS has also been used to improve some data protection provisions. Both in
the Regulation and in the Decision, a duty has been added for national authorities to make a record of every case of the transmission of personal data, instead of
every tenth transmission (as provided for in the original text of the CISA). This
provides an extra safeguard with regard to the lawful use of SIS information.
Finally, the Regulation and the Decision provide for an explicit legal basis in
the CISA for the functioning of SIRENE. Article 92 paragraph 4 provides that
Member States will, in accordance with their national legislation, exchange
through SIRENE all supplementary information necessary in connection with
the entry of alerts and for allowing the appropriate action to be taken in cases
where data concerning persons and objects have been reported in the Schengen
Information System and these are then found as a result of searches made
within the System. The information exchanged through SIRENE may only
be used for the purpose for which it is transmitted. This latter restriction of the
further use of SIRENE data had been advocated by the EP in its resolution of
17 December 2002.52
4.2. Framework Decision 2002/584 on the European Arrest Warrant
Article 9 (2) of the Framework Decision 2002/584 on the European Arrest
Warrant provides that judicial authorities may issue an alert in the SIS on
requested persons for the purpose of a surrender procedure.53 As dened in the
Framework Decision, a European Arrest Warrant (EAW) is a judicial decision
issued by a Member State with a view to the arrest or surrender by another
Member State of a requested person. This request for arrest or surrender is possible for the purposes of conducting a criminal prosecution, executing a custodial
sentence or executing a detention order. In general, based on the double criminality rule, a Member State may subject the request from another Member State
to surrender a person to the condition that the act for which surrender is
requested should also constitute an oence under the law of the executing
Member State. However, with regard to 32 oences listed in the Framework
Decision, this double criminality rule does not apply. If punishable in the issuing
Member State by imprisonment of at least three years, the requested State must
surrender the person without verifying the double criminality of the oence at
stake. The oences listed in the Framework Decision include, among others,
52
53
A5-0436/2002.
The Framework Decision was adopted on 13 June 2002, OJ L 190, 18.7.2002.
84
Chapter 4
54
55
56
57
This (partial) abolition of the double criminality rule and the abolition of the prohibition on
surrendering ones own nationals have been criticised. See: http://www.eurowarrant.net.
This was agreed upon during the informal meeting of the JHA Council in February 2002,
see doc. 5065/03, 20 January 2003.
See, for analysis of some of these judgments: E. Guild (ed.), Constitutional challenges to the
European Arrest Warrant. A challenge for European Law: the merging of international and external
security. Nijmegen: Wolf Legal Publishers 2006.
Common Position 2005/69 on exchanging certain data with Interpol, OJ L 27/62, 29.1.2005.
85
so that the information at stake is no longer available for EU Member States only,
but also for the police organisations of non-EU States participating in Interpol.
4.4. Regulation 1160/2005 on Access to the SIS
by Vehicle Registration Authorities
In June 2005, the Council adopted Regulation 1160/2005 on the basis of which
the vehicle registration authorities gained access to data reported in the SIS on
stolen cars.58 This measure, provided in the new Article 102A CISA, should prevent vehicles reported by one Member State from being licensed in another
Member State. It should also increase the possibility of nding stolen vehicles.59
The Regulation applies with eect from 11 January 2006. According to Article
102A (4), the Council must submit a report to the EP on the implementation of
this provision, each year, after seeking the opinion of the Schengen Joint
Supervisory Authority. This report shall include information and statistics relating to the use and results of the implementation of this Article and shall state
how the data protection rules were applied.
The sections above, describing the amendments with regard to SIS I, make it
clear that the Member States were already extending the scope and use of this database. The multiple use of the SIS was invoked by giving new authorities, including Europol, Interpol, national vehicle registration authorities, national judicial
authorities and Eurojust access to the information held in the SIS I. During the
discussions on these amendments of the CISA provisions, the negotiators paved
the way for a new, enlarged concept for the second generation SIS, or SIS II.
5. SIS II
5.1. Legal Basis for SIS II
Regulation 2001/2424 and Decision 2001/886 on the development of the second
generation Schengen Information System (SIS II), adopted on 6 December 2001,
provided the legal basis for the further development of the SIS II.60 On the basis
of these instruments, the Commission was empowered to take the necessary
implementing measures, in accordance with the Council Decision on the procedures for the exercise of implementing powers conferred on the Commission.61
58
59
60
61
OJ L 191/18, 22.07.2005. Council minutes of 23 June 2005, doc. 8849/05. This decision of
the Council is based on a proposal by the European Commission, COM (2003) 510 and takes
into account three amendments by the European Parliament. See doc. 8524/05.
Based on a Belgian proposal, 8835/99 and 12793/01.
Regulation 2001/2424 and Decision 2001/886 published in OJ L 328, 13.12.2001.
Decision 1999/468/EC of 28 June 1999, OJ L184, 17.7.1999.
86
Chapter 4
The Decision provides for a comitology procedure, in which both the Commission
as the Council are involved.
The question of the appropriate legal basis and the nancing of SIS II was
controversial because of the legal basis of the current SIS. As we have seen in
Chapter 3, at the time of the integration of the Schengen acquis into the EU
Treaties, the Member States were unable to agree on the appropriate legal basis
for the SIS, recognising that some parts of the SIS fell within the scope of
Title IV TEC, while other parts were covered by Title VI TEU. To solve this
problem, the Council appointed Title VI as the legal basis for the whole SIS.
With regard to the legal basis of SIS II and the proposals which were necessary
for the development of SIS II, it was recognised that SIS II should be regarded
as having a dual legal basis. In its Communication on the Development of SIS II of
18 December 2001, the Commission had already underlined the dual function
of the SIS. With regard to Article 96 CISA, the Commission held that this would
have to be based on Articles 62, 63, and 66 of the EC Treaty. According to the
Commission, although an alert referred to in Article 96 may contribute towards
preserving public order, it sometimes entails action that does not amount to a
form of police cooperation within the meaning of Title VI of the EU Treaty
(or Title III Police and security of the CISA). Therefore, an alert for purposes
of refusing entry entails measures that fall under the heading of entry and residence of foreigners, whether they involve refusing a person a visa, removing them
to an external frontier or deporting them. The Regulation on the development
of the SIS II was based on Article 66 TEC and the Decision on Articles 30 (1) a
and b and 31 a, 34 (2) c TEU.62 With regard to the nancing of SIS II, the JHA
Council could not reach unanimity on the decision to nance SIS II through
intergovernmental funding. The Ministers agreed in their meeting of 29 May
2001 that the expenditure should be charged to the EC budget as from 2002.63
On 31 May 2005, the European Commission published three legislative proposals on the second generation SIS.64 The proposal for the Regulation on SIS II
was explicitly based on Article 62 (2) (a) TEC (external border controls) and
Article 66 TEC (administrative cooperation).65 By using Article 62 (2) (a) as legal
62
63
64
65
87
basis for this Regulation, the Commission paved the way for qualied majority
voting and a co-decisive right for the European Parliament.
5.2. Developing SIS II as a exible tool
Although the formal reason for SIS II was the technical need to make the SIS
applicable to a larger group of states, from an early stage the development of SIS
II has been used in political discussions on the proposals for new functions of the
SIS.66 Even in July 2000, the French Presidency submitted a detailed overview,
on the basis of preparatory work carried out over several years by the SIRENE
Working Party, of the dierent proposals to extend the use of SIS II.67 This list
of proposals would be regularly updated in subsequent years.68 During the discussions on the anti-terrorism policy following 11 September 2001, Member
States forwarded dierent proposals on extending the use of the SIS. Whereas,
several of these proposals were implemented with regard to the current SIS
(for example, access by Europol and Eurojust), others were gradually incorporated in the draft texts on SIS II. Although the Regulation and Decision on the
development of SIS II did not directly refer to possible extended functions,
preamble 7 explicitly states that these instruments are without prejudice to the
adoption of future legislation on the use and operation of SIS II. The purpose of
allowing for a multipurpose tool was more explicitly referred to in the earlier
drafts of these instruments, forwarded by the Swedish and Belgian governments.69
In Article 1 of the proposed Regulation, the future goal of SIS II was described as
the need for Member States to have in place a joint information system enabling
the authorities designated by them to have access, by means of an automated
search procedure, to alerts on third-country nationals for the purpose of checks
to be carried out at external borders and elsewhere in their territory, and for the
purpose of examining visa applications and applications for residence. Article 1
of the proposed Decision referred to the goal of maintaining public policy and
security and enabling designated authorities to have access to alerts on persons
and objects for the purposes of police and customs checks at the borders and
elsewhere within their territory. According to Article 2 of both proposals, SIS II
would have to allow for certain new functions to be carried out taking into
account new IT developments. Since these functional changes would require
amendments to the CISA which were not feasible in the short term, these broad
66
67
68
69
See also Statewatch, Schengen Information System: SIS II: technical innovation pretext for
more data and control, Statewatch bulletin, JanuaryFebruary 2001 (Vol. 11, no. 1), p. 2425.
Requirements for SIS II, 10353/00. 13 July 2000.
See, for example 6164/5/01, 6 November 2001 and 5968/02, 5 February 2002.
OJ C 183/12, 29.6.2001.
88
Chapter 4
descriptions of the new functions of the SIS were deleted in the nal texts,
adopted on 6 December 2001.70 Despite these legal obstacles, at this meeting of
6 December 2001, the Council agreed to study dierent options to expand the
use of SIS II. In June 2002, the Econ Council reached formal agreement on
new functions for SIS II with a view to ensuring greater eectiveness in combating terrorism.71 These functions included, among others: the inclusion of
biometric data, the addition of new categories of data, the possibility of interlinking dierent alerts and the possibility of running searches on the basis of
incomplete data. As we will see below, except for the function of searching the
SIS II on the basis of incomplete data, these functions are included in the current
texts of the Regulation and Decision on SIS II.
In 2003, it was decided to instruct IT companies developing SIS II to design
SIS II so as to allow for new requirements whenever these become necessary.72
This would make it possible to develop SIS II as a exible tool that will be able
to adapt to changed circumstances and full, within reasonable time and without major additional costs and eorts, user requests made during its lifecycle.
Based on this decision, SIS II was technically developed to allow for various new
functions, even if at political level the decisions on the nal functions of SIS II
were yet to be taken.
At its meeting of June 2003, the JHA Council concluded that the new SIS II
should remain a hit/no hit system allowing for information exchange with a
view to policing the free movement of persons as well to maintaining public
security, and in particular assisting national authorities in the ght against transnational crime, in the context of the EU objective to maintain and develop the
Union as an area of freedom, security and justice. Considering the current decisions taken with regard to SIS II, (see below) we may wonder whether the
description of hit/no hit system still applies.
5.3. The Position of the UK and Ireland with Regard to Access to SIS II
Parallel to the discussions on the new functions of the SIS, negotiations took
place on possible access by the UK and Ireland to the SIS. Based on Council
Decisions 2000/365/EC and Council Decision 2002/192/EC respectively, both
70
71
72
Press release 14581/01 (Presse 444). See also the Note Requirements for SIS from the Belgian
Presidency, 13269/01 SIS 95 COMIX 693 and updated in 14790/01 SIS 107 COMIX 767,
which was used as a basis for the discussions in the Council.
Council Conclusions 10089/02 (Presse 181) based on the Presidential note to the Council,
9773/02, of 7 June 2002.
Meeting of 56 June 2003 of the JHA Council. Press release 9845/03 (Presse 150). These conclusions were based on the Commission Sta working paper on the development of the second
Generation Schengen Information System (SIS II) of 19 February 2003, SEC(2003)206.
89
countries only take part in the provisions of the Schengen acquis on police and
judicial cooperation.73 Despite this outsider status, the UK was actively involved
in the discussion on the new functionalities of SIS II, including the use of data
on third-country nationals to be refused entry. In dierent notes to the SIS/
Sirene Working Group, the UK presented its opinion regarding the proposed list
of functions for SIS II.74 In a note of 2003, the UK government justied the
extended use of the SIS by referring to the Tampere Conclusions of 1999 (conclusion no. 43) according to which: Maximum benet should be derived from
cooperation between Member States authorities when investigating cross-border
crime in any Member States.75 Aiming for a more exible use of the data that
will be held on SIS II, the UK referred to the two categories of Article 96 data:
data concerning people who have been refused entry to the Schengen area because
they constitute threats to public order, national security and safety and data concerning people refused for immigration or visa oences. According to the UK
proposal, the rst category of data should be accessible by law enforcement and
immigration ocers, since their registration would not only be used for refusing
entry, but also for law enforcement purposes such as preventing and detecting
crime. The second category should only be accessible by immigration ocers for
the purposes of refusing entry. From this proposal, as well as from other proposals
forwarded by the UK delegation, it is clear that the UK envisaged altering the
functioning of the SIS signicantly. From a merely administrative system, used
to prevent a dened group of third-country nationals from entering the Schengen
territory, the SIS had to change into an intelligence system, using which the
same group of persons could be traced for prosecution and law enforcement
purposes. In February 2003, the UK government proposed amending the denition of the purpose of the SIS as described in Article 92 CISA to allow for SIS II
to be shaped into a robust system that, rstly, assists national authorities in the
ght against transnational organised crime, secondly, facilitates ecient border
controls and, thirdly, provides a technologically advanced tool for the investigation
and rapid identication of suspect persons.76
Illustrative of the UKs view with regard to the utility of the SIS is also the
consideration of the UK delegation in a note of 2002 to the Schengen Acquis
Working Group in which it advocated access by UK immigration and visa
authorities to data in the SIS on stolen or lost passports.77 According to this note,
the priority for the UK would be to ensure that suspected criminals and terrorists
73
74
75
76
77
90
Chapter 4
are identied and arrested before they have the opportunity to commit further
crimes in the EU. Our immigration service has extended experience, considerable
technical skill and state of the art forgery detection equipment which ensures
a high success rate in identifying forged passports and other travel documents.
It would therefore be a benet of all Schengen Members if UK immigration and
visa authorities as well as the police could access this data directly.
In 2005, the Legal Service of the Council submitted its advice to the Council
with regard to the request from the UK and Ireland to grant their asylum authorities access to SIS II data on third-country nationals to be refused entry.78 The
UK and Ireland justied this request with their participation in the Dublin II
Regulation. Based on the fact that these countries do not take part in the
Schengen acquis with regard to immigration and border control, the Legal Service
however concluded that their authorities could not have access to Article 96 data
or, with regard to SIS II, Article 15 data.79 The reason I refer to this advice is the
additional consideration of the Legal Service, according to which the provisions
of the Dublin II Regulation did not prevent the UK and Ireland from requesting
information and personal data from the other Member States on asylum seekers,
including the information and personal data those states acquired through their
right to access to the SIS II alerts on the refusal of entry. This explicit recommendation of the Legal Service to the authorities of UK and Ireland makes it
clear that, in practice, on a bilateral or cross-organisational basis ocials are able
to obtain all the information they are seeking, whether this is provided for in the
applicable rules or not.
5.4. Involvement of the European Parliament
The EP has been involved in the development of the SIS and SIS II at dierent
times. Between 2001 and 2006, Carlos Coelho, Member of the European
Parliament (MEP) was, with few exceptions, the regular rapporteur with regard
to issues of the SIS and SIS II.
In principle, the EP had only a co-decisive role in the Regulation on SIS II and,
with regard to the SIS II Decision and other third pillar measures changing the
use and architecture of SIS II, it should merely have been consulted. In practice,
however, based on an agreement with the Council and the Commission, the EP
was allowed to consider the SIS II Regulation and Decision as a package deal.
78
79
15058/05, 12 December 2005. This advice is only partially accessible via http://register.consilium
.europa.eu (in fact, the whole content of the legal advice has been deleted). The author has a
Dutch version.
Decisions 2000/365 and 2002/192.
91
82
92
Chapter 4
According to them, the denitions of new functions for the Schengen Information
System and ght against terrorism were used as pretext both for extending
access to the SIS (and its successor SIS II) by Europol, Eurojust and the authorities dealing with residence permits, and for eroding citizens guarantees regarding
the processing of their personal data and the exchange of such data with third
countries. The Council should be called upon to make the SIS more reliable by
harmonising and improving the quality of the data reported at national level
by the SIRENE oces. According to this minority report, data currently reported
by SIRENE are often incorrect or inaccurate and reported on the basis of dierent
national legal systems, a practice which jeopardised the rights of both European
and third-country citizens. Furthermore, the two MEPs underlined in their
minority report the need to provide binding guarantees regarding the processing
of personal data under the third pillar.
On 20 November 2003, the EP adopted a recommendation on SIS II.83
In general, the (plenary) EP agreed upon the need to extend the use of SIS II and
even its inter-operability with other databases such as VIS and Eurodac, and the
inclusion of biometric data (see Chapter 5). However, it did criticise the so-called
salami tactic or piecemeal approach of the Council with regard to current decisionmaking on the SIS, since this would hamper a general understanding of the real
implications of the decisions taken. Rapporteur Coelho referred to the dierent
ideas pursued in dierent forums and with a dierent legal status. He emphasised the need to distinguish the technical development of SIS II as such, the
Spanish initiatives concerning the introduction of some new functions for the
SIS (including those in the ght against terrorism), the occasional legislative
proposal emerging from the political discussions and closely-related questions
such as the procedure to amend the SIRENE manual or the practical implementation of the European Arrest Warrant through the SIS.84 Coelho described this
approach as very opaque, dicult to follow even by experts and completely
incomprehensible for normal people. The rapporteur further held that it is not
very democratic since formal legislative proposals only see the light of the day
after years of discussion in various Council working groups and only when a
consensus among Member States is reached. Furthermore, his recommendation
also supported the proposal, as mentioned above, to adopt binding rules on data
processing under the third pillar. In an eort to involve a wider audience in the
development and decision-making regarding SIS II, the LIBE Committee of the
EP organised a meeting on SIS II on 6 October 2003.
83
84
93
86
87
European Parliament legislative resolution on the proposal for a Council decision and Regulation
on the establishment, operation and use of the second generation Schengen information system
(SIS II), adopted on 25 October 2006. Based on the reports of EP rapporteur Coelho,
A6-0353/2006 and A6-0355 of 13 October 2006.
For example, with regard to the limitation of the conservation periods of alerts in the SIS, the
lifting of the territorial limitation in the right to legal remedies, and the refusal to allow internal
security agencies access to SIS II, see further below.
OJ L 381/4, 28.12.2006.
94
Chapter 4
89
90
Recital 10 of the draft Regulation, COM (2005) 236, 31 May 2005 and the Opinion of the JSA
on the proposed legal basis for SIS II, 27 September 2005, p. 22.
See the Discussion note 8537/06, 20 April 2006, p. 5 and the Austrian proposal 5709/06,
27 January 2006.
Note of the Austrian Presidency, 5596/06 27 January 2006.
95
into SIS II on the basis of a national alert resulting from a decision taken by the
competent administrative authorities or courts in accordance with the rules of
procedures laid down by national law.
What is new compared to Article 96 CISA is the provision in Article 24 (1),
according to which a national decision to issue an alert should be taken on the
basis of an individual assessment.91 In a draft of the Regulation regarding SIS II
of June 2006, this new condition was provided in a separate sentence: The decision may only be taken on the basis of an individual assessment. The nal text
of Article 24 states that a SIS II alert shall be based on a national alert resulting
from a decision taken by the competent administrative authorities or courts in
accordance with the rules of procedure laid down by national law taken on the
basis of an individual assessment. Even if the formulation of the nal text of
Article 24 is less clear, this does not mean that the new requirement of an individual assessment for each national decision on which an alert can be issued is
any less imperative. This new provision makes it clear that national authorities cannot report third-country nationals automatically on the basis of another decision
which is taken with regard to this person , for example an expulsion decision. For
each individual case, the national authorities will have to consider whether the
national criteria and the criteria of the Regulation are met and whether the
reasons at stake merit registration in SIS II.
This individual assessment requirement should be read together with the
so-called proportionality clause in Article 21 of the SIS II Regulation (and SIS II
Decision). This provision goes further than the clause which was included in
Article 94 (1) CISA. As we have seen above, according to this latter provision
Member States issuing an alert should determine in advance whether the case is
important enough to warrant the entry of the alert in the SIS. The new Article 21
provides: Before issuing an alert, Member States shall determine whether the
case is adequate, relevant and important enough to warrant entry of the alert in
SIS II. With the addition of the criteria of adequacy and relevance, the new
provision makes it clear that the importance of the case or matter for which a
person is to be reported is not enough. There should be a direct relationship
between the reason for which a person is to be reported in SIS II and the added
value or eect the registration will have for the reporting national authorities.
Both rules the individual assessment requirement and the proportionality
clause are important limitations on the power of national administrations to
enter information on third-country nationals (or other persons, when dealing
with the Decision on SIS II) into SIS II.
As in Article 96 CISA, Article 24 (2) of the Regulation includes two main
categories of reasons for which an alert as understood in this provision can be
91
96
Chapter 4
registered in SIS II. Firstly, alerts may be reported in SIS II when the decision is
based on a threat to public policy or public security or to national security, which
the third-county national on national territory may pose. This situation shall
arise in particular (italics mine) in cases of:
a. a third-country national who has been convicted of an oence by a Member
State, carrying a penalty involving imprisonment of at least one year;
b. a third-country national in respect of whom there are serious grounds for
believing that he has committed a serious criminal oence or in respect of
whom there are clear indications of an intention to commit such oences on
the territory of a contracting party.
Where Article 96 (2) (b) requires that a decision to report a person in the SIS
should be based on a clear evidence, Article 24 (2) (b) of the SIS II Regulation
only refers to clear indications of an intention to commit such oences. This
means that under the new provision, the clear indication of such intention is
considered sucient for registration in SIS II. What exactly will fall under clear
indications is not further specied. As in the former Article 96 CISA, the criteria
as mentioned above are not limitative. Therefore, third-country nationals may also
be registered in SIS II for other reasons based on public order or security grounds.
Secondly, an alert can be registered in SIS II when the decision referred to in
the rst paragraph of Article 24 was based on the fact that the third-country
national was subject to measures involving expulsion, refusal of entry or removal
which have not been rescinded or suspended, including or accompanied by a ban
on entry or, where applicable, a ban on residence based on a failure to comply
with national regulations concerning the entry or residence of third-country
nationals. These criteria are the same as provided for in Article 96 (3) CISA
except that, with regard to this category as well, the new criterion mentioned
above applies, stating that national decisions to issue an alert may only be taken
on the basis of an individual assessment.
To compensate for the lack of harmonised criteria in the current provision of
Article 24 of the SIS II Regulation, the Commission and the EP insisted upon
the inclusion of a sunset clause in Article 24 (5). This requires the Commission
to evaluate the application of this provision, three years after the date of its
application. On the basis of that review, the Commission shall, using its right of
initiative under the EC Treaty, make the necessary proposals to modify the provisions of this Article to achieve a greater level of harmonisation of the criteria for
entering alerts.
6.2.3. SIS II and Terrorist Lists
The Regulation on SIS II provides for a new category of third-country nationals
to be refused entry or stay. Article 26 provides that a third-country national may
97
Directive 2004/38 provides rules on the freedom of movement of EU citizens and their family
members (dealt with in Chapter 9).
98
Chapter 4
the nal text no longer includes the obligation, as proposed by the Commission,
also to erase the data on third-country nationals who become family members of
EU citizens. The registration of this category of persons may lead to situations
which are in breach with the Directive 2004/38. This has been claried by the
ECJ in 2006 in the case Commission v. Spain.93 In this judgment, the ECJ ruled
that the refusal of entry or a visa to a third-country national who is a family
member of an EU citizen infringes upon the rights of these persons under EC
law when this measure is solely based on the listing in the SIS.
6.4. Inclusion of Biometrics in SIS II as an Identication Tool
As far back as October 2000, the SIS Working Group discussed the possibility of
adding DNA proles and/or ngerprints to the reports held in SIS II.94 During
the Econ Council of 20 June 2002, it was agreed that identication material,
notably photographs and ngerprints, could in principle be incorporated into
alerts on persons, but that a technical feasibility study would be awaited.95
Whether on the basis of the outcome of this (unpublished) study or not, the
JHA Council nally decided at its meeting of 56 June 2003 that SIS II should
allow for the storage, transfer and possible querying of biometric data, especially
photographs and ngerprints.96
Initially, in a note of July 2004, the Dutch Presidency conrmed that biometric
identiers would only be used for verication purposes.97 This note dealt specically with the question of whether the SIS II would become a tool for investigative
purposes, acknowledging that, so far, this subject (the purposes of SIS) had only
been dealt with using a piecemeal approach. The European Data Protection
Supervisor and the Article 29 Working Party, an independent EU advisory body
on data protection and privacy, criticised the use of biometric identiers because
technological reliability would not allow for secure and reliable identication.98
Despite these critical observations by both data protection authorities and IT
93
94
95
96
97
98
31 January 2006, C-503/03. See, further on this judgment, Chapter 9, section 2.3.2.
12400/00.
9773/02, see p. 4, the conclusions of which were adopted by the Econ Council, 10089/02
(Presse 181).
9845/03 (Presse 150).
11055/04.
Opinion of the European Data Protection Supervisor on VIS, Brussels, 23 March 2005 (also
referred to in Chapter 7) and Opinion 6/2005 on the Regulation and Decision on SIS II of the
Article 29 Data Protection Working Party Data, 25 November 2005. See also the earlier opinions of this Working Party with regard to the use and storage of biometric data available at:
http://ec.europa.eu/justice_home/fsj/privacy/workinggroup/index_en.htm.
99
experts, it became clear during the negotiations that the majority of Member
States favoured the use of biometrics as a primary search tool.99
Initially, Article 22 (b) of the SIS II Regulation only allows for the use of photographs and ngerprints to conrm the identity of a third-country national who
has been located as a result of an alphanumeric search of SIS II. Article 22 (c) of
the Regulation does however include the option that, in future, as soon as this
becomes technically possible ngerprints may be used as sole identier.100 SIS II
will then be searchable solely on the basis of ngerprints without the need for
further information, such as rst name or surname. Apparently, under pressure
from the EP, the nal text includes the condition that before this option is
implemented, the Commission has to report to the Council and the EP on the
availability and readiness of the required technology.
During the negotiations on the development of SIS II, some Member States
decided to start exchanging ngerprints and photographs, as supplementary
information to the SIS information. For the exchange of these photographs and
ngerprints, the law enforcement authorities in the SIRENE oces use the socalled SIRPIT method (SIRene PIcture Transfer). Participation in the project is
voluntary and in 2006 it was only used by a limited group of Member States.
In June 2006, the Council for Justice and Home Aairs agreed upon a recommendation to extend the use of this method to other Member States as well.101
6.5. Authorities Allowed Access to SIS II
According to the original proposal by the Commission of May 2005, information on third-country nationals stored in the SIS would only be accessible to the
authorities responsible for border controls and to authorities issuing visas. The
nal text of the Regulation on SIS II more or less follows the former provision
included in Article 101 CISA.
Article 27 (1) of the SIS II Regulation states that access to data entered in SIS II
and the right to search such data directly or in a copy of SIS II data:
shall be reserved exclusively (italics mine) for the authorities responsible for the
identication of third-country nationals for the purposes of:
99
100
101
100
Chapter 4
102
103
104
105
Community Code on the rules governing the movement of persons across borders, OJ L 105,
13.4.2006.
5709/6/06. See also the draft of the Austrian Presidency of January 2006 which, for the rst
time, included this extended use of data on third-country nationals, 5709/06, 27 January 2006.
12260/06, 21 August 2006.
Conclusions of the Council, 6811/05. See below, Chapter 5, section 3.2.
101
106
107
Press release JHA Council, 1213 June 2007, 10267/07 (Presse 125), p. 15.
12573/2/04, 12 November 2004.
102
Chapter 4
108
See also the Commission Sta Working Paper of February 2003, COM SEC (2003) 206
attached to 6615/03, 28.2.2002.
103
partial copy of the data held in the reference database of CS-SIS. A communication infrastructure exists between CS-SIS and NI-SIS which allows, among
other things, for information exchange between the national SIRENE oces.
The new structure means that the original choice of a central SIS with exact
copies at national level has been abandoned. However, as previously mentioned,
Member States may choose to maintain national copies of SIS for their own
account. The information stored in SIS II will be searchable either through the
uniform national interfaces in each Member State, or using the so-called
national copies. Whether this change will improve accessibility and the exchange
of information through SIS II in practice is unclear.
The location of the Central SIS II remains in Strasbourg, France. For security
reasons, a back-up CS-SIS is provided in Sankt Johann im Pongau, Austria
(Article 4 (3) of the SIS II Regulation).
6.8. Establishment of the Management Authority
In the original proposal by the Commission (COM (2005) 236) it was envisaged
that the Commission itself would be responsible for the operational management
of the SIS II. Since the negotiating Member States feared that this would give the
Commission too much power to control the management of SIS II, the Council
proposed the establishment of a so-called Management Authority. The proposal
to establish this Management Authority was rst mentioned in May 2006 in the
Austrian Presidency note on the issue of the long-term management of SIS II.109
Article 15 of the SIS II Regulation provides for the creation of this Management
Authority. This Authority also will have responsibility for the EU data systems
VIS and Eurodac (see Chapter 5). This Management Authority will be responsible for the operational management of the Central SIS II, for the supervision,
security and the coordination of relations between Member States and the
provider. The Commission remains responsible for all other tasks relating to the
Communication Infrastructure including the implementation of budgetary and
contractual matters. The SIS II Regulation does not include further rules on the
composition of the Management Authority or how it will be appointed. In a joint
declaration annexed to the Regulation, the EP, the Council and the Commission
agreed upon the swift adoption of the legislation necessary for the establishment
of this Authority.
6.9. Evaluation and Publication of Statistics on SIS II
According to Article 50 (3) of the Regulation on SIS II, the Management
Authority is to publish statistics each year showing the number of records per
109
104
Chapter 4
category of alert, the number of hits per category of alert and how many times
SIS II was accessed. Two years after the start of SIS II, the Management Authority
will have to submit a report on the technical functioning of the Central SIS II
and on the bilateral and multilateral exchange of supplementary information
between the Member States (Article 50 (4)). Three years after SIS II becomes
operational and every four years thereafter, the Management Authority is to produce an overall evaluation of Central SIS II and the bilateral and multilateral
exchange of information between Member States.
The duty to provide statistics on the use of SIS II is an important tool in
assessing the added value of SIS II. However, according to the current text, neither the statistics from the Management Authority nor the evaluation by the
Commission will include information on the authorities which gained access
to SIS II, the nationalities of the persons stored in SIS II or the decisions or
measures based on which a national alert was registered in SIS II.
I will describe the provisions concerning the rights of third-country nationals
and the legal remedies in Chapter 7, section 8.4 and 8.5. For now, it is relevant
to note that according to Article 43 (3) of the Regulation on SIS II, it is stipulated that the Commission must evaluate the rules on remedies as provided in
this Article by 17 January 2009.
110
105
Working Paper on SIS II.111 According to this paper, the SIS should be developed
into an information system which would have to be a new, exible system based
on new technology, which would not only enable the further integration of new
users and functions but also, in the light of events such as those of 11 September,
would not require too long implementation time frames in the future.
During the discussions on new functionalities for SIS, the Member States
seemed less concerned with the benets of a restricted function of the SIS and
proposed not only new categories of data to be registered but also new users.
These proposals were often initiated on the basis of current developments or
demands from national authorities. Initially, Member States were slow to reach
agreement on these proposals because this would require time-consuming
amendments to the CISA. After 11 September 2001, the decision-making process was speeded up because the new proposals on extending the use of the SIS
were deemed necessary to combat terrorism and to detect possible terrorists at an
early stage. The changed attitude of the Member States towards the new functions of the SIS and SIS II were of course also inuenced by the progress which
had been made in the use of technology, allowing for the storage of increasingly
detailed information. The multiple use of SIS is especially invoked by increasing
the range of authorities with the right to access SIS information, including
Europol, Interpol, national vehicle registration authorities and Eurojust. Despite
the numerous proposals which have been made by national delegations, compared to the current SIS, the categories of data to be registered in SIS II remained
almost unchanged. The most important changes in this regard are the addition of
information on the person or object registered in SIS II, including information
on other alerts in SIS II and, with regard to persons in SIS II, the inclusion of
photographs and ngerprints.
In Chapter 3 we saw that the general goal of the current SIS, described in
Article 93, is to maintain public order and safety, including State security, and to
implement the provisions of this Convention concerning the movement of persons in the territory of the Member States concerned by means of information
transmitted via this system. During the discussions on the new functionalities of
the SIS, Member States referred to this broad purpose to justify the extension of
the use and storage of information in the SIS. However, this denition of the
purpose of SIS I must be read in combination with the purposes for which
each category of objects or persons are registered in the SIS, as described in
Articles 95100 CISA. This structure of SIS I provides for restricted categories of
111
See the Commission Sta Working Paper on the development of the second generation Schengen
Information System, 2002 Progress Report, 18.2.2003, SEC (2003) 206, which is attached to
the Council document 6615/03, 28 February 2003.
106
Chapter 4
persons and objects stored in SIS; this information is, in principle, only accessible to limited categories of users. This explicit restriction of the scope of SIS I
was based, among other things, on the need to keep the information system
accurate and workable.
With regard to SIS II, the close relationship between the general purpose of
SIS II and the purposes as dened for each category of alerts, seems to have
been abandoned. The rules on the dierent categories of data as provided for in
the Regulation and the Decision on SIS II do not explicitly require the registration of these data to be for the sole use or purpose as dened in that provision.
This broadening of the future use of data recorded in SIS II is also implied by
the possibility of linking dierent categories of SIS II alerts. As we have seen
above, this allows national authorities to check whether an alert on a person or
object registered in SIS II is somehow related to another person or object in SIS
II, registered for another purpose. This power to create links between dierent
categories of data held in SIS II will undoubtedly increase the investigative use
of the SIS.112
The combination of the possibility of creating links, the (future) use of biometric data as sole identier and the access granted to other authorities such as
Europol, as well as national law enforcement authorities, has actually changed the
original function of SIS. From a hit/no hit database, SIS II has been transformed
into a general search or intelligence tool.
7.2. Changes with Regard to the Storage and Use of Data
on Third-Country Nationals
Aside from the general changes to the functioning of SIS II, an important change
with regard to SIS II alerts on third-country nationals is the increase in the range of
authorities with access to these data. Article 96 alerts in SIS I were only accessible to
national authorities responsible for border, immigration or visa control. Compared
to the extended discussions which took place regarding the decision to grant access
to Europol, Eurojust and other authorities to SIS in general, the amendments with
regard to the alerts on third-country nationals received little attention. Article 27 of
the Regulation 1987/2006 allows police and customs authorities nd national
judicial authorities to have access to data on third-country nationals in SIS II.
The access for judicial authorities was already provided for in Regulation 871/2004
extending the use of SIS I. The information stored in the SIS II may be used for
checks within the country and, for judicial authorities, during their research for the
initiation of public prosecutions in criminal proceedings.
112
107
The text of the SIS II Regulation also seems to imply access for national
security agencies. Article 27 (1) (b) grants access to authorities responsible for
the identication of third-country nationals for the purpose of police and
customs checks, and the coordination of such checks by designated authorities.
As mentioned above, during the negotiations on VIS and its use by internal security agencies, in the nal decision the denition internal security agencies has
been replaced by designated authorities. Although this text of Article 27 has
been approved by the European Parliament, this extension of the use of data on
third-country nationals would run counter to the explicit refusal of the European
Parliament to grant national intelligence services access to SIS II.
What is also new is the provision in the SIS II Regulation according to which
a third-county national listed on a UN terrorist list based on Member States
notications may be registered in SIS II for the purpose of refusal of entry or
residence. Although, as we saw in Chapter 3, this already had been achieved in
practice with regard to SIS I on the basis of an informal agreement, the new
explicit provision may give rise to a more extended application of this option.
Considering the legal protection of third-country nationals, an important
improvement is the new requirement for national authorities to make an individual assessment before reporting a third-country national in SIS II. Together with
the proportionality clause in Article 21, these provisions, if applied correctly,
must be interpreted as an important limitation of the power of national authorities to list third-country nationals in SIS II for refusal of entry or residence.
There remains however a striking contradiction between the requirement of
individual assessment and the proportionality clause, on the one hand, and an
agreement by the Member States reached during the discussions on SIS II and
the ght against terrorism on the other hand. Based on this latter agreement,
national authorities were invited to enter data into SIS II systematically or, in
other words, to enter data as automatically as possible, requiring no additional
operation by the national authority concerned (see section 3.1. above). In Part
III we will see that this systematic approach with regard to the use of the SIS
and SIS II is also advocated by governments at the national level.
108
Chapter 4
Annex I to Chapter 4
Commission Proposal for a Regulation on SIS II, COM (2005) 236
Proposed Article 15 on the conditions for issuing alerts on refusal of entry or stay
of the:
1. Member States shall issue alerts in respect of third-country nationals for the purpose
of refusing entry into the territory of the member states on the basis of a decision
dening the period of refusal of entry taken by the competent administrative or
judicial authorities, in the following cases;
a. If the presence of the third-country national in the territory of a Member state
represents a serious threat to public policy or public security of any Member
state based on an individual assessment, in particular if;
i. The third-country national has been sentenced to a penalty involving deprivation of at least one year following a conviction of oence referred to in
Article 2 (2) of Council Framework decision 2002/584/JHA on the
European arrest warrant and the surrender procedures between member
states;
ii. The third-country national is the object of a restrictive measure intended to
prevent entry into or transit through the territory of member states, taken
in accordance with Article 15 of the EU Treaty.
b. If the third-country national is the subject of a re-entry ban in application of a
return decision or removal order taken in accordance with Directive 2005/XX/
EC [on Return].
Regulation 1987/2006 on the Establishment, Operation and Use of SIS II:
Article 21 Proportionality
Before issuing an alert, Member States shall determine whether the case is adequate,
relevant and important enough to warrant entry of the alert in SIS II.
109
110
Chapter 4
2. Article 23 shall not apply in respect of alerts entered on the basis of paragraph 1 of
this Article.
3. The Member State responsible for entering, updating and deleting these alerts on
behalf of all Member States shall be designated at the moment of the adoption of
the relevant measure taken in accordance with Article 15 of the Treaty on
European Union.
111
Annex II to Chapter 4
A. Adopted Law with regard to SIS I and SIS II
SIS I
13 June 2002
Council
OJ L190/1,
18.07.2002
29 April 2004
JHA Council
OJ L 162.
30.04.2004
25 February 2005
JHA Council
OJ L 68/44,
25.03.2005
SIS II
19 December 1996 Schengen
Executive
Committee
29 May 2000
Council
JHA Council
Framework decision
on the European Arrest
Warrant: authorising
judicial authorities to
issue alerts on persons
in SIS for the purpose
of surrender procedures.
Regulation 871/2004
and Decision concerning
the introduction of some
new functions for the
Schengen Information
System, including in the
ght against terrorism.
Council Decision
2005/211 concerning
the introduction of
some new functions for
the Schengen Information
System, including in the
ght against terrorism.
unpublished
Decision 2000/365
OJ L 131 1.6.2000
9118/01
(Presse 203)
112
Chapter 4
6 December 2001
JHA Council
20 June 2002
56 June 2003
JHA Council
9845/03
(Presse 150)
56 October 2006
JHA Council
13086/06
(Presse 258)
OJ L 381/4
28.12.2006
OJ L 381/1
28.12.2006
Regulation 2424/2001and
Decision 2001/886 on the
development of the
second generation
SIS (SIS II).
Agreement on
principle of entering
identication material,
notably photographs and
ngerprints into SIS.
Agreement on principle of
allowing access to data in
SIS on the basis of
incomplete data.
Final decision on SIS II
allowing for storage,
transfer and possible
querying of biometric
data, especially
photographs and
ngerprints.
Adoption of revised
implementation schedule
for SIS II, deciding that
SIS II should be
operational by June 2008.
Adoption of Regulation
1987/2006 on the
establishment, operation
and use of SIS II.
Adoption of Regulation
1986/2006 regarding
access to SIS II by the
services responsible for
issuing vehicle registration
certicates.
113
European
Council
31 May 1999
SIS Working
Party
German
delegation
20 August 1999
13 July 2000
French
Presidency
Vienna Action
Plan Conclusion
43 (c)
8835/99
10629/99
10353/00 Note
on new
functionalities
SIS II
11538/00
27 October 2000
SIS Working
Party
Portugal
12400/00
Sweden/
Belgium
OJ C 183/12
29.6.2001
24 February 2001
19 June 2001
6577/01
114
Chapter 4
11895/01
2001
15 October 2001
Belgian
Presidency
12813/01
29 October 2001
UK
13530/01
115
Spanish
Presidency
5968/02
28 May 2002
Italy
9358/02
25 March 2003
UK
7786/03
56 June 2003
JHA Council
9845/03
(Presse 150)
116
Chapter 4
Commission
COM (2005)
236, 230,
and 237
28 March 2006
Italy
15 May 2006
Presidency
7867/1/06,
9696/06
9169/06
Chapter 5
Other EU Databases Used in the Field of
Immigration Control: Eurodac and VIS
As regards the better identication of wanted persons whilst the storage of personal
data in criminal databases is justied due to past and real or suspected behaviour of
the individual (which must be substantiated), this is not the case for EURODAC or
VIS. Neither the claiming of asylum nor a visa application indicates in any way that
a hitherto innocent individual will commit a criminal or terrorist act.1
1. Introduction
The focus of this study lies on SIS, SIS II and the registration of inadmissible
third-country nationals. Aside from SIS II, two other large-scale information
systems provide for the exchange of information on third-country nationals:
Eurodac and VIS. For several reasons, I consider it important to describe these
databases which have been established within the framework of the EU law.
Firstly, both VIS and Eurodac are used for immigration control and only include
data on third-country nationals. Therefore, the same problems which arise for
persons reported in SIS or SIS II, may also arise in relation to Eurodac and VIS.
Secondly, the use of VIS and Eurodac is closely related to the use of SIS II. Based
on the so-called principle of interoperability, the EU policy-makers envisage
interlinking these databases with SIS II. The interoperability of the dierent EU
databases is facilitated by the inclusion of biometric data not only in the data
systems, but also in the EU passport and other travel documents. The development
of Eurodac and VIS and the use of biometrics will be covered in the following
sections. Finally, I will highlight the most important dierences and similarities
between VIS and Eurodac, on the one hand, and SIS II on the other.
Communication of the European Commission on improved eectiveness, enhanced interoperability and synergies among European databases in the area of Justice and Home Aairs, COM
(2005) 597, 24.11.2005.
118
Chapter 5
2. Eurodac
2.1. Development and Central Purpose of Eurodac
Eurodac is the rst EU Automated Fingerprint Identication System. It includes
the ngerprints of asylum seekers and immigrants crossing the external borders of
that Member State irregularly. Eurodac, which became operational on 15 January
2003, is based on Regulation (EC) No. 2725/2000 concerning the establishment of
Eurodac for the comparison of ngerprints for the eective application of the Dublin
Convention of 11 December 2000.2 The purpose of Eurodac is to facilitate the
application of the Dublin Convention of 1990 to establish which state is responsible for an asylum application.3 Meanwhile, the Dublin Convention has been
replaced by Council Regulation 343/2003 (Dublin II) of 18 February 2003.4 The
Dublin Regulation includes a list of criteria to establish which Member State is
responsible for the examination of an asylum application submitted in one of
the Member States.5 Among other things, the Dublin Regulation stipulates
that the Member State where the asylum seeker rst entered the EU or the
Member State issuing a visa or residence permit to the asylum seeker is responsible
for the application. The Dublin Regulation is based on the so-called single application principle. The application of this Regulation should prevent a person from
applying for asylum in more than one country (known as asylum-shopping). It
also seeks to ensure that asylum applications submitted by dierent members of
one family are examined whenever possible by the same Member State. Finally,
the implementation of the so-called Dublin criteria should guarantee that at least
one Member State deals with the application of an asylum seeker, in order to
prevent the problem of refugees in orbit.
One of the practical reasons submitted by national governments for the need
to establish a central registration system for ngerprints was the fact that asylum
seekers would often destroy all their documents, such as identication cards and
2
3
4
OJ L 316, 15/12/2000. See, for the decision on the operability of Eurodac: OJ C 5/2,
10.1.2003.
Convention of 15 June 1990, OJ C 254, 1997, entered into force on 1 September 1997.
OJ L 50/1, 25.2.2003, based on a proposal of the Commission COM (2001) 447, 26 July 2001,
OJ C 304, 30.10.2001.
See, for a critical assessment of the principle of the Dublin II Regulation: H. Battjes, A Balance
between Fairness and Eciency? The Directive on International Protection and the Dublin
Regulation, EJML, 4: 2002, p. 159192; U. Brandl, Distribution of Asylum Seekers in Europe?:
Dublin II Regulation Determining the Responsibility for Examining an Asylum Application, in:
C. Dias Urbano De Sousa & Philippe De Bruycker (eds.), The emergence of a European asylum
policy/Lmergence dune politique europenne dasile, Brussels: Bruylant 2004, p. 3369; A. Hurwitz,
The 1990 Dublin Convention: A Comprehensive Assessment, International Journal of Refugee
Law 1999 11 (4), p. 646677.
119
travel documents, upon arrival in one of the Member States. This would make it
dicult for the authorities not only to identify the person, but also to establish
the route travelled and to nd out if the person had already applied for asylum in
the same or another state. This problem was only partly solved by the existing
obligation that travel agencies and carrier organisations keep or copy the identity
papers or travel documents of passengers on certain ights. Back in 1991, when
the Immigration Ministers met on 2 December, it was agreed that a feasibility
study would be launched regarding a European system to compare dactyloscopic
data of asylum seekers. This feasibility study was presented to the Ministers during their meetings of 30 November and 1 December 1992, on the basis of which
they decided to investigate the needs and requirements of Eurodac.6 In February
1993, the Legal Service of the Council was asked to give advice on the question
of whether Article 15 of the Dublin Convention could be used as the legal basis
for the creation of Eurodac.7 This provision envisaged the exchange, upon
request, of individual data necessary for the examination of an application for
asylum, for the establishment of the Member State which is responsible for such
an application and for other obligations resulting from the Convention.8 The
Legal Service conrmed in its advice of 18 March 1993 that Article 15 provided
an adequate legal basis for the establishment of Eurodac.9 However, the Legal
Service explicitly stated that Eurodac should not be used for other purposes, such
as the functioning of other international instruments or starting criminal
investigations against asylum seekers.
Concluding that the exchange of asylum seekers ngerprints through Eurodac
was technically and legally feasible, the Council of Justice and Home Aairs
(JHA) decided on 23 November 1995 to start the legislative work.10 In a discussion paper from 1995, the Council conrmed that the recording of ngerprints in
a database, to be called Eurodac, should prevent asylum seekers from applying in
more than one state by changing their names or by throwing away their travel and
identity papers.11 At the time of the negotiations on Eurodac, ten of the 15 EU
Member States were already ngerprinting asylum seekers and storing these
ngerprints in national registers.12 For several reasons, it took another ve years
6
7
8
9
10
11
12
120
Chapter 5
before the Eurodac Regulation was nally adopted. One of these reasons was that
the organisation of Eurodac was not strongly supported by all Member States.
Only a few Member States, such as Germany, the Netherlands and Austria, were
especially interested in the distribution mechanism of the Dublin Convention.
Southern Member States, such as Italy and Greece, which were often the rst
country of arrival for asylum seekers, were less interested in the functioning of
Eurodac to support this mechanism.13
At the initiative of the Luxembourg Presidency, a draft Eurodac Convention
was forwarded to the European Parliament in 1997. This meant that, in anticipation of the entry into force of the Amsterdam Treaty, the EP was for the rst time
given the opportunity by the Council to advise on asylum and migration matters.
The EP adopted a resolution on the draft Convention in January 1998.14 In this
resolution, the EP especially emphasised the necessity of the limited use of
Eurodac, the inclusion in the Convention of a reference to the ECHR and the
Geneva Convention on the protection of refugees; these proposals were followed
by the Council. The advice of the EP to include an explicit obligation to delete
the data of asylum seekers who obtain refugee status within one month was,
however, ignored. The JHA Council agreed on the text of the Eurodac Convention
at its meeting of 34 December 1998. In March 1999, the Council agreed upon
a protocol to the Eurodac Convention on the inclusion of the ngerprints of
illegal immigrants (see below). In the light of the forthcoming entry into force of
the Amsterdam Treaty, according to a plan by the Austrian government, it was
decided to freeze these texts in anticipation of a new EC instrument to be
presented by the Commission.
On 26 May 1999, shortly after the entry into force of the Amsterdam Treaty,
the European Commission forwarded a proposal for a Eurodac Regulation.15
This proposal, including a protocol on illegal immigrants, was based on the
frozen texts of the Council. Unlike the Council texts, the Commission proposal
referred to the direct applicability of EC Directive 95/46 on data protection.
Furthermore, the Commission proposal, in a departure from the Council text,
conferred certain powers to adopt the implementing rules upon the Commission
itself. This proposal to limit the implementing powers of the Council met
with strong opposition from the Member States and in 2000 the Commission
was forced to forward a new proposal, involving a weaker position for the
13
14
15
See, on the political debate on Eurodac, Jonathan P. Aus, Eurodac: A Solution Looking for a
Problem?, Working Paper no. 9, Centre for European Studies, University of Oslo, May 2006,
available at: http://www.arena.uio.no/publications/.
A4-0402/97 15.1.1998.
COM (1999) 260 n., OJ 2000 C 337.
121
Commission.16 The European Parliament was consulted again and again, but
now on the basis of Article 63 (1) TEC.17
The Eurodac Regulation was the rst instrument adopted on the basis of
Title IV of the EC Treaty. The Regulation applies to all EU Member States,
including United Kingdom and Ireland; these countries, in accordance with
Article 3 of the Protocol on the position of the United Kingdom and Ireland
annexed to the EU Treaties, have given notice of their wish to take part in the
adoption and application of this Regulation. On the basis of the Council Decision
concerning the signing of the Agreement between the EC, Norway and Iceland
regarding the responsibility for asylum applicants, Norway and Iceland are
required to apply the Eurodac Regulation.18 Denmark automatically opted out in
accordance with Articles 1 and 2 of the Protocol on the position of Denmark
annexed to the EU Treaties but, based on an agreement signed between the EU
and Denmark on 10 March 2005, now also takes part in the Eurodac Regulation.19
The Eurodac Regulation immediately applied to the ten new EU Member States
which joined the EU in 2004. One month after their accession, the number of
transactions to Eurodac and hits based on this system increased signicantly.20
Finally, based on an agreement between the European Communities and
Switzerland of 26 October 2004, and a Protocol to this agreement between these
latter parties and Liechtenstein, Eurodac will be used by Switzerland and
Liechtenstein, depending on a positive evaluation of the application of the
Schengen acquis by those states.21 In 2006, Eurodac was used by 27 European
states, including the 25 EU Member States, Norway and Iceland.
2.2. Collection, Transmission and Comparison of Fingerprints
The Eurodac Regulation is based on the premise that, in principle, each Member
State has to take the ngerprints promptly from every applicant for asylum
aged at least 14 years old and transmit these data promptly to the Central Unit
16
17
18
19
20
21
COM (2000) 100, 15 March 2000. See further, on this competency dispute between the
Commission and the Council: S. Peers, Key Legislative Developments on Migration in the
European Union, EJML 3/2 (2001), p. 235; E. Brouwer, Eurodac: Its Limitations and
Temptations, EJML 4 2002, p. 234, and J.P. Aus (2006), p. 2324.
The EP adopted two resolutions, A5- 0059/19990, 18 November 1999, and A5-0219/2000,
21 September 2000.
15 March 2001, OJ 93/38, 3/4/2001.
See the Council Decision of 21 February 2006 on the conclusion of this Agreement between
Denmark and the European Community, OJ L 66/38, 8.3.2006.
Second annual report on Eurodac, Commission Sta Working Paper SEC (2005) 839, 20.06.2005.
See for the Protocol between EC, Switzerland, and Liechtenstein, COM (2006) 753. I did not
nd any ocial publication of the Dublin/Eurodac agreement between Switzerland and the
EC of 26 October 2004.
122
Chapter 5
National authorities should forward to the Eurodac Central Unit the ngerprints
of all individuals aged 14 and over who apply for asylum or who were apprehended while illegally crossing borders. The Central Unit will check whether the
ngerprints forwarded by the national authority are already stored in the system.
If so, the national state will be informed of this match and of the Member State
which previously forwarded the ngerprints. States may also forward ngerprints
of persons found illegally present within their country. Based on a request from
a Member State, the Central Unit can compare the ngerprints with data previously transmitted by the same Member State. This means that Eurodac can also
be used by a Member State to check whether a person has previously applied for
asylum on its own territory.
Only the Member State of origin can have access to the data which it transmitted to Eurodac and only this Member State can have these data corrected
(Article 15 (1) and (3) of the Eurodac Regulation). If the Member State of origin
22
123
recorded the data directly in the central database, it may also amend or erase the
data directly. Otherwise, the data are amended or erased by the Central Unit
(Article 15 (6) Eurodac Regulation).
According to Article 6 of the Regulation, data on asylum seekers are to be
stored for 10 years from the date on which the ngerprints were taken. Only if
the person concerned has acquired the citizenship of one of the Member States
before this time limit expires, the data are to be deleted as soon as the Member
State of origin becomes aware that the person has acquired such citizenship
(Article 7).
2.3. Extension to Illegal Immigrants
Not until a later stage in the Eurodac negotiations was it agreed to extend the
Eurodac Regulation to ngerprinting illegal immigrants.23 In response to the
arrival of a large number of (Kurdish) immigrants from Northern Iraq in Europe
in 1997, the Northern European countries in particular pressed for this extension. In December 1997, the Schengen Executive Committee concluded that it
could be necessary to take the ngerprints of every illegal immigrant whose identity could not be established without doubt and to store this information for
exchange with other Member States.24 In point 46 of the Action Plan of the EU
Council of 26 January 1998 (Inux of migrants from Iraq and the neighbouring
region) the taking of ngerprints from illegal immigrants was deemed necessary,
to curb the entry into the EU of illegal refugees. Point 17 urged the Member
States to examine without delay whether Eurodac should be extended to illegal
immigrants. On 21 April 1998, under strong pressure from the German delegation, the Schengen Executive Committee adopted a formal decision with regard
to the ngerprinting of every foreign national entering the Schengen area illegally whose identity cannot be established with certainty on the basis of valid
documents.25
The extension to illegal immigrants was to be based on Article 15 (1), Article 10 (1c)
and (1e) of the Dublin Convention. As we have seen above, Article 15 of this
Convention prescribed the exchange of individual information in application of the
Dublin Convention. Article 10 (1c) and (1e) of the Convention referred to the obligation of a Member State to readmit an asylum seeker who has formerly applied for
asylum on its territory and whose application is either being processed or has been
rejected and who is later found illegally on the territory of another Member State.
Whether these provisions included an accurate basis for the ngerprinting of persons
23
24
25
124
Chapter 5
who do not apply for asylum has been called into question.26 In a report to the
Council in 1998, the Legal Service of the Council concluded that the inclusion in
Eurodac of data relating to persons who legitimately crossed the external frontiers of
a Member State, but had later been found residing unlawfully in a Member State
cannot be justied.27
The current text of the Eurodac Regulation distinguishes two categories of
illegal immigrant: rstly, third-country nationals who are apprehended by the
competent control authorities in connection with irregular crossing by land, sea
or air of the border of that Member State, having come from a third country and
who are not turned back (Article 8) and, secondly, third-country nationals found
illegally present on the territory of a Member State (Article 11).28
Data on persons who cross an external border irregularly are recorded for the
sole purpose of comparison with data on applicants for asylum subsequently
transmitted to the Central Unit.29 The Central Unit may not compare this data
with any data previously recorded in the central database, nor with data subsequently transmitted to the Central Unit pursuant to Article 8. According to
Article 10, ngerprints of third-country nationals apprehended in connection
with the illegal crossing of external borders shall be stored in the central database
for only two years from the date on which the ngerprints of the alien were
taken. Upon expiry of this period, the Central Unit shall automatically erase
the data from the central database. Article 10 (2) of the Eurodac Regulation
further provides that this data has to be deleted immediately if the Member State
of origin becomes aware that the person concerned has left the territory of
the Member States, has been issued with a residence permit, or has acquired the
citizenship of any Member State. This is thus a more stringent provision with
regard to the deletion of data, compared to the rule which applies to the storage
of ngerprints of asylum seekers; see above.
The ngerprint data on persons found illegally present within the territory of
a Member State (the second category) are only to be transmitted to the Central
26
27
28
29
125
Unit for the purpose of comparison with the ngerprint data of applicants for
asylum transmitted by other Member States and recorded in the central database. These ngerprints shall not be recorded in the central database at all, nor
shall they be compared with the data transmitted to the Central Unit pursuant
to Article 8 (rst category).
2.4. Functioning of Eurodac: Annual Reports of the Commission
A rst annual report on Eurodac was published by the Commission on 5 May
2004.30 According to this report, in the period from 15 January 2003 to
15 January 2004, 271,572 ngerprints were successfully transmitted to the
central authority. Of a total of 246,902 asylum applications recorded by Eurodac,
17,287 concerned persons who had previously made an asylum application in
another contracting state or in the same state. In other words, 7% of the cases
recorded in Eurodac would include multiple asylum applications. According to
the second annual report on Eurodac, published on 20 June 2005, of the total of
232,205 asylum applications recorded by Eurodac in 2004, 31,307 cases show
that the same person had already made at least one previous asylum application
in the same or another Member State.31 This means that the percentage of
multiple asylum applications detected by Eurodac increased from 7% in 2003 to
13.5% in 2004. In September 2006, the European Commission published its
third Annual Report on Eurodac.32 According to this report, of a total of 187,223
asylum applications recorded by Eurodac in 2005, 31,636 cases show that the
same person made at least one previous asylum application, thus 16% of the
asylum applications were repeat (second or subsequent) asylum applications.33
The Eurodac annual reports do not provide information on whether these
hits lead to the transfer of persons to the Member State which is responsible for
asylum application and thus whether, using Eurodac, the goals of this system are
actually achieved. Whereas the rst report did not include any information on
this question, the Commission concluded in the second report that Eurodac has
demonstrated its eciency and quality in terms of speed, output, security and
cost-eectiveness.34 The Eurodac system would be functioning well in terms
of the number of requests to take back or to take charge of an asylum seeker
submitted by one Member State to another. The second report did not include
30
31
32
33
34
126
Chapter 5
See also E. Guild, Unreadable Papers? The EUs rst experiences with biometrics: Examining
Eurodac and the EU Borders, in: Lodge (2007).
127
purposes as well. In the second annual report, the Commission reports that the
number of special searches in Eurodac increased signicantly, mainly due to
two Member States while a few other Member States continued to apply this
provision frequently. According to the third annual report, the Commission
services would have alerted the European Data Protection Supervisor to further
clarify this use of special searches by some Member States.36
In 2006, the European Data Protection Supervisor (EDPS) published a press
release about its rst inspection report on the security of the Eurodac central
unit.37 The EDPS expressed its general satisfaction with the level of security and
stated that it had issued certain recommendations. As a result of the sensitivity
of some of the information in the report, the inspection report by the EDPS has
not been made publicly available.38
38
39
40
41
128
Chapter 5
After the events of 11 September 2001, the proposal for a visa information
system was again placed on the EU agenda. In the Conclusions of the JHA
Council of 20 September 2001, the Council requested the European Commission
to come forward with proposals for the establishment of a network for information exchange concerning visas issued by Member States.42 In a paper to the EU
Visa Working Party of 26 November 2001, the Italian delegation emphasised
that the events of 11 September demonstrated that visas are not just about controlling immigration but are above all an issue involving EU Member States internal
security.43 According to this paper, the most immediate objective should be to set
up a genuine European database for collecting the names both of individuals
issued with a visa and of those denied a visa and perhaps other relevant information. The second objective should be to set up fully-edged (sic) common visa
oces, in order to increase the overall capacity of the Member States and the
European Union regarding the ght against terrorism.
A policy questionnaire on the needs for a future database for visas, set up by
the Spanish delegation in December 2001, included the following list of possible
objectives:44
contribute to improving local consular cooperation;
distinguish better between the identity of the holder and the carrier of the
visa at external border checkpoints or at immigration or police checkpoints;
facilitate the application of the Dublin Convention regarding asylum;
by archiving the visa le, assist (directly/indirectly) in the identication and
documentation of illegal immigrants and therefore the readmission of illegal
immigrants;
contribute to combating terrorism and organised crime;
respond to the nature of the visa, which is described as an instrument of
prevention and channelling of legal movements of persons.
The paper proposed that the following data be included in the visa database: visa
issued; visas formally refused; visa requested; visa annulled, revoked or extended;
and visa stickers misappropriated or lost. The Spanish note dealt further with
questions such as which authorities should obtain access to the database, the
period for which the data should be retained before being archived and which
other databases should be directly accessible to the consular posts. Finally, the
note raised the question of whether the database should be incorporated into SIS
and, if so, which role would be given to SIRENE.
42
43
44
129
45
46
47
48
49
50
51
The European Council of 14 and 15 December 2001, Laeken, see Conclusion 42, SN 300/1/01
REV 1, p. 12.
OJ 2002, C 142.
See the roadmap of 16 October 2001, 12800/01.
See, for example, the roadmap of 09/04/02, 7686/02.
COM (2001) 577, 9.10.2001.
COM (2001) 672, 15.11.2001.
COM (2002) 175, 10.4.2002.
130
Chapter 5
During the informal JHA meeting of 1415 February 2002, further discussions
took place on whether a European visa database should contain not only information on issued visas, but also on visas applications and on visa denials.52 A majority
of the Member States seemed to favour such an extension, though it was noted that
it was unclear how much information should be includedonly substantial grounds
for rejection or rejections based on the inadmissibility of the application as well.
The guidelines for the establishment of the Visa Information System as
approved during the meeting of 13 June 2002 of the JHA Council, describe the
following goals of VIS:
These goals are comparable to the list in the Spanish note of 2001 mentioned
above, but also include internal security and the ght against fraud. At this meeting of June 2002, it was further decided that the European Visa Information
System should have a similar structure as was chosen for SIS, including a Central
Visa Information System (CS-VIS) and a National Visa Information System
(NI-VIS) in each Member State. Furthermore, the Council invited the European
Commission to prepare a feasibility study on the setting up of such a database.
In June 2004, the Council adopted the decision on the establishment of the
Visa Information System.54 This Decision enabled the Commission, even though
the political decision-making on the use and the content of VIS was still ongoing,
to start the technical preparations for the establishment of VIS.
3.2. The VIS Regulation: Purpose and Content of VIS
In December 2004, the Commission presented a proposal for a Regulation concerning the Visa Information System (VIS).55 The adoption of the VIS Regulation
was foreseen for mid-2006 and VIS was planned to be operational in 2007.
52
53
54
55
See the letter from the Dutch Minister of Justice to the parliament, Handelingen Tweede Kamer
20012002, 23 490, no. 226.
See the Press release of the JHA Council, 9620/02 (Presse 175). See, for the draft guidelines,
7309/02, 4 April 2002 and 9615/02, 5 June 2002.
Council Decision 2004/512, 8 June 2004, OJ L 213, 15.6.2004.
COM (2004) 835.
131
56
57
58
59
60
See, for a consolidated version of the VIS, draft Regulation 11632/06, 13 July 2006. This
includes a three-column table showing the Commission proposal, the Presidency compromise
and the amendments as proposed by the European Parliament.
JHA Council, Press release 1213 June 2007, 10267/07 (Presse 125), p. 15, see for the latest
version of the Draft Regulation, 9753/07, 19 June 2007.
Not including the Palestinian Authority and Taiwan, whose nationals need a visa as well.
Council Regulation 539/2001 of 15 March 2001, listing the third countries whose nationals
must be in possession of visas when crossing the external borders and those whose nationals are
exempt from that requirement, OJ L 81 of 21 March 2001 (modied by Regulation 2414/
2001, OJ L 327, 12.12.2001, Regulation 453/2003, OJ L 69, 13.3.2003 and Regulation 851/
2005, OJ L 141, 4.6.2005). See also the information in OJ C 311, 19.12.2006.
Commission Sta Working Document on VIS including an Extended Impact Assessment, SEC
(2004) 1628, 28 December 2004, pp. 20 and 25. See also the Study for the Extended Impact
Assessment of the Visa Information System. Final Report, December 2004, Brussels: European
Policy Evaluation Consortium (EPEC), December 2004, p. 4.
Estimated data stored in VIS cover 20 million visa applications on an annual basis, which would
result in 70 million records to be stored into the system for the ve-year term.
132
Chapter 5
63
64
65
66
133
67
68
69
70
71
See, for example, the German government during a meeting of 27 September 2001, 13176/01,
24.10.2001.
COM (2005) 597, 24 November 2005.
COM (2005) 597, para. 4.
Ibid., para. 4.1.
The Commission envisages the following possibility for access to Eurodac: Authorities responsible for internal security could thus have access to EURODAC in well-dened cases, when
there is a substantiated suspicion that the perpetrator of a serious crime has applied for asylum.
This access should not be direct but through the authorities responsible for EURODAC.
Para. 5.2.3 of the Communication on interoperability COM (2005) 597.
134
Chapter 5
72
73
74
See also P. de Hert & S. Gutwirth, Interoperability of Police Databases within the EU:
An Accountable Political Choice?, International Review of Law Computers & Technology, Vol. 20,
Nos. 1 & 2, p. 2135, March-July 2006.
COM (2003) 771.
Council Decision 2004/512, 8 June 2004, OJ L 213, 15.6.2004.
135
75
76
77
136
Chapter 5
This Regulation does not apply to national identity cards or to temporary passports. According to Article 1 of this Regulation, Member States must include in
their passports and travel documents a storage medium containing a facial image
in accordance with the security standards set out in the Annex of this Regulation.
Furthermore, Member States must include ngerprints in interoperable formats.
The data are to be secured and the storage medium should have sucient capacity
and capability to guarantee the integrity, authenticity and condentiality of the
data. According to Article 6 of the Regulation, the digitised facial image has to
be implemented into the passports before 28 August 2006 and the ngerprints
before 28 February 2008. The scope of harmonisation is limited to the security
features containing biometric identiers: the designation of the authorities and
bodies that will be allowed access to the data in the storage medium of the issued
document remains a matter of national legislation.
Despite the negative advice on this matter from the European Parliament,
Regulation 2252/2004 allows for the central storage of biometric data. The technical requirements for the machine-readable passport and the storage medium
for the biometric data (so-called contactless chip) are provided in a Decision of
the European Commission dated February 2005.78
The EU Member States reached political agreement on the draft Regulation
amending the uniform visa and residence permits to include biometric data.79
Furthermore, in 2006, the Commission forwarded a proposal for a Regulation
providing rules for consulates and embassies with regard to the use of biometrics
during reception and processing of visa applications.80 In its Communication on
The Hague Program on the implementation of the principles of Freedom, Security
and Justice, the Commission stated that biometrics allows the storage and exchange
of information on the entry and exit of third-country nationals into and out of
the Schengen territory. The Commission acknowledged that these systems would
have considerable impacts in technical, nancial and data protection terms.81
78
79
80
81
137
83
Articles 2 (10) and 2 (11) of the VIS Proposal dene the meaning of verication and identication: Verication is the process of comparison of sets of data to establish the validity of a claimed
identity (one-to-one check). Identication is dened as the process of determining a persons identity through a database search against multiple sets of data (one-to-many check).
Only nationals of EEA countries + Switzerland can apply for an iris scan chip card. According to
information issued by the Privium company, third-country nationals holding a permanent residence permit of one of those countries are for the time being, unfortunately excluded from
this service, in accordance with the restrictions imposed by national law. Annual costs are 99
to 119. See http://www.schiphol.nl, visited in September 2006.
138
Chapter 5
Note from the Italian Presidency to the Visa Working Party of the Council describes in detail
the possibilities for using VIS, biometrics and contactless microchip technology. 10857/03,
24 June 2003.
139
would allow the control of every alien. The extra costs of the introduction of
these technologies for the Member States could be passed on to the visa applicants.85 As we now know, this is what actually happened on the basis of the
Council Decision 2006/440 of June 2006, following which the fee for visa applications was raised from 35 to 60.86 According to recital (4) of this Decision,
the amount of 35 would no longer cover current visa application processing
costs, particularly because the consequences of the introduction of the European
Visa Information System (VIS) and the biometrics required to introduce VIS in
the visa application examining process should be taken into account.
Choices with regard to the introduction of biometrics as described above are
important, not only for the rights of the individual concerned (which will be
discussed in Part II), but also for the social acceptance of the use of biometrics.
For example, when a person knows that his data are only held on a personal
secure ID card and not in a central register, he may more easily accept the use of
this kind of control mechanism.87
5.4. Reliability of Biometrics
Technical specialists and (national and EU) Data Protection Authorities have
repeatedly expressed their concerns about the reliability of systems using
biometric data. The EDPS emphasised the technical imperfection of biometrics
in its opinion on the proposal for VIS, opposing the use of biometrics as a
primary search key.88 An important question for validating the choice of this
technology in EU measures is whether there is an acceptable balance between the
so-called false acceptance rate (FAR) and false rejection rate (FRR). According to
the EDPS, it is estimated that 5% of individuals are unable to enrol because
they have no readable ngerprints or no ngerprints at all. This would mean,
with regard to the use of VIS, which is expected to include data on 20 million
applicants by 2007, that 1 million persons cannot be checked using the normal
85
86
87
88
10857/03 Add 1, 18 September 2003. Other countries, including Finland, expressed their
doubts on the cost-eectiveness of the use of this technology. See Council doc. 12171/03,
8 September 2003.
Decision 2006/440/EC of 1 June 2006 amending Annex 12 to the Common Consular
Instructions and Annex 14a to the Common Manual on the fees to be charged corresponding to
the administrative costs of processing visa applications OJ L 175, 29.6.2006.
See also the report by J. Ashbourne, Societal Implications of the Wide Scale Introduction of
Biometrics and Identity Management, Background paper for the Euroscience Open Forum ESOF
2006 in Munich, July 2006, downloadable from http://www.statewatch.org/news/2006/jul/
biometrics-and-identity-management.pdf.
Opinion of the European Data Protection Supervisor on VIS, Brussels, 23 March 2005, see:
http://www.edps.europa.eu/12_en_opinions.htm.
140
Chapter 5
90
91
92
93
J. Wayman, Linking Persons to Documents with Biometrics. Biometric systems from the 1970s
to date, Keesing Journal of Documents & Identity, Issue 16, 2006, p. 14.
See further De Hert, Schreurs & Brouwer (2006).
L. Kirk, E-passports waste of money, says security expert, 7 August 2006, http://euobserver. com/.
9672/05, 2 June 2005.
COM (2006) 359, 4.7.2006.
141
One of the options to be dealt with in the forthcoming preparatory work is the
possibility of adding a biometric search engine to allow for general searches on
biometrics.
142
Chapter 5
97
98
99
143
In practice, the majority of persons inviting the visa applicants will hold the
nationality of a third-country state or will originate from a third-country.
The selection of states to be placed on the visa lists can be compared with the
national decision to enter a record of a person as inadmissible into SIS. Whereas
the reporting of individuals in SIS is based on a prole of individual behaviour,
the EU visa list is based on a prole of countries. Is the country in question to be
considered a risk country with regard to illegal immigration or with regard to
the internal security of the Member States?100 In practice, the majority of the
individuals recorded in VIS will not imply any security risk at all.
6.3. Intelligence Tool or Administrative File?
SIS I was not set up for intelligence purposes unlike, for example, the Europol
databases. The SIS includes limited categories of personal data and, depending
on the aim for which the data are stored, these categories are only accessible to
the administrations which were authorised to use these data for their public tasks.
Secondly, the current SIS operates on a hit/no hit basis. This means that when
governmental administrations check whether a person has been reported to SIS,
they will in the rst place only obtain information on whether this is the case or
not. If the person is in SIS, the authorities can directly view, depending on the
reporting category, which action is to be taken. Although the EU Ministers
conrmed in June 2003 that this hit/no hit basis would be maintained for SIS,
we saw in Chapter 4 that the decisions adopted since then show that SIS II has
developed into a database for general intelligence purposes.
The primary function of Eurodac is purely administrative; it monitors only
when and in which country an asylum seeker has entered or applied for asylum.
Its purpose is to establish which country is responsible for the examination of the
application of an asylum seeker. Nevertheless, in combination with the other
European databases, Eurodac and the use of the ngerprints stored therein can
be easily used for other purposes as well.101
According to the plans for the European Visa Information System (VIS), this
will be a multifunctional system. The Commission and the Member States
100
101
144
Chapter 5
Part II
Eective Remedies under European Law
Chapter 6
Data Processing and the Right to Privacy:
The Importance of Article 8 ECHR
The right to privacy is a widely recognized opacity tool to prohibit certain uses of
power. It may not be the strongest human right enlisted in the ECHR and it may
also well be that the reign of privacy in discourse is over, but nevertheless the right
is there and has its proper place: prohibiting the uses of powers in spheres intimately
linked with the development of the individual and especially when these powers
make use of new technology.1
1. Introduction
When considering the storage and use of personal information, the rights of
individuals are generally dened in terms of data protection and privacy.
Although these rights are closely related, I prefer to describe the right to privacy
or private life separately from the right to data protection. The following sections
examine the jurisprudence of the European Court of Human Rights (ECtHR)
on Article 8 of the European Convention on Human Rights (ECHR), dealing
with the claim that data processing measures or the use of databases may interfere
with the right to privacy.
In this Chapter, I will not try give a detailed analysis of the content of the
right to privacy.2 The purpose of the following sections is merely to describe
the general criteria resulting from the jurisprudence of the ECtHR on Article 8
P. de Hert & S. Guthwirth, Making sense of privacy and data protection: a prospective overview
in the light of the future identity, location-based services and virtual residence, Annex 1 to the
report Security and Privacy for the Citizen in the Post-September 11 Digital Age: A Prospective
Overview, Technical Report Series, Institute for Prospective Technological studies, EUR 20823
EN, July 2003, p. 144.
For this purpose, I refer to general literature: P.H. Blok, Het recht op privacy. Onderzoek naar de
betekenis van het begrip privacy in het Nederlandse en Amerikaanse recht, The Hague: Boom
Juridische Uitgevers 2002; E. Barendt (ed.), Privacy, Aldershot: Ashgate 2001; F. Rigaux, La
protection de la vie prive et des autres biens de la personnalit, Brussels: mile Bruylant 1990;
P. Kayser, La protection de la vie prive, Marseille: Presse universitaires dAix-Marseille 1990.
148
Chapter 6
L.F.M Verhey, Privacy aspecten van de uitvoeringsovereenkomst van het akkoord van Schengen,
NJB 31 January 1991, no. 5, p. 217.
Handelingen Tweede Kamer (Dutch Lower House of Parliament), 19911992, 22 140, no. 11, p. 35.
149
CISA, the Schengen States would have checked each alert to see whether the
criteria were in conformity with the principle of necessity.5
During the development of the second generation SIS, the right to privacy
was only marginally discussed and mostly the rights of individuals were considered in terms of data protection. Not until 2004, in a discussion paper concerning the opinion of the Joint Supervisory Authority on the development of SIS II,
did the Dutch government, as EU Council president, propose facilitating a
debate on the future purpose of the SIS. In this paper, the Dutch Presidency
explicitly referred to issues of transparency and privacy and questioned whether
the other Member States considered it necessary to incorporate a privacy assessment into the development of SIS II.6 To my knowledge, this inquiry has never
been followed up and, at least in the accessible documents, the issue of privacy
has never been dealt with further. With regard to the use of biometrics in SIS II,
we have seen above that the negotiating partners even explicitly refused to have a
general discussion on the impact of the use of biometric data.7
2.2. Eurodac
Comparable with the development of SIS I and SIS II, the discussions on the
necessity for individual protection at international level concerning Eurodac were
limited to data protection issues. However, at the national level, more attention
has been paid to the relationship between Eurodac and the right to privacy.8
NGOs in particular raised concerns both over the fact that Eurodac implied the
ngerprinting of a large and specic group of people and that the persons to be
registered were entirely innocent and not suspected of any crime. In the United
Kingdom, the application of Article 8 ECHR was raised by the organisation
Justice in its comments to the protocol extending the use of Eurodac to illegal
immigrants.9 In the report on Eurodac of 1999, the Select Committee of the
House of Lords made it clear that there was little doubt about that compulsory
ngerprinting interferes with the right to respect for private life in Article 8 (1) of
the European Convention on Human Rights.10 The Select Committee especially
6
7
8
9
10
Cited in the comments of the NGO, the Dutch Commission of Lawyers for Human Rights
(Nederlands Juristen Comit voor de Mensenrechten, NJCM), Spring 1992 (authors archive).
11055/04, 5 July 2004.
9672/05, 2 June 2005, referred to in Chapter 5.
In literature, the application of Article 8 ECHR has been raised in: Birgit Schrder, Das Fingerabdruckvergleichssystem Eurodac, ZAR 2/2001, p. 7176. See also my article, Eurodac: Its
Limitations and Temptations, EJML 4, 2002, p. 231247.
JUSTICE, Letter of 3 March 1999.
House of Lords, Select Committee on European Communities (Sub-Committee E), Tenth
Report, Fingerprinting Illegal Immigrants: Extending the Eurodac Convention. 8 June 1999, p. 21.
150
Chapter 6
questioned the justication for the ngerprinting and whether the governments
had suciently established the need and proportionality of this ngerprinting
(including the ngerprinting of illegal immigrants). In this report, the Select
Committee emphasised the Europe-wide impact of Eurodac, partly because of the
fact that ngerprinting is compulsory for the persons concerned.
During the parliamentary discussions in the Netherlands on Eurodac, the question of whether there was a breach of Article 8 ECHR was dealt with on the basis
of comments by the Dutch NGO, the Meijers Committee.11 According to this
NGO, there were no legitimate grounds for the general ngerprinting of every asylum seeker and illegal immigrant as provided in the Eurodac Convention. During
the parliamentary questions, the Minister of Justice argued that since ngerprinting
was desirable for the purposes of the Dublin Convention (see above), this measure
would be in accordance with the grounds for limitations in Article 8 (2) ECHR.12
It should be noted here that it is doubtful whether the criterion desirable meets
the criterion of necessary for a democratic society.
2.3. VIS
During the development of the Visa Information System (VIS) an assessment of
the impact on privacy and human rights was included in the Extended Impact
Assessment published in 2004, together with the proposal for a VIS Regulation.13
To compare the costs of the alternative policy options with regard to the establishment of VIS, this report described the impact on privacy and human rights
alongside nancial costs, opportunity costs, retaliation costs and reductions
in business travel and tourism. Both with regard to the option of an entry/exit
system based on VIS (checking persons whenever they enter or leave the territory)
and the establishment of VIS including biometrics, the Impact Assessment study
emphasised their extensive impact on the protection of the right to privacy:
Impact on privacy and human rights would be extensive, and there would be a
substantial need to meet personal data requirements. The collection, storage and
use of highly personalised and sensitive data, such as biometrics of all travellers
applying for a visa to enter the territory of the Schengen states, would raise concerns over the proper use and protection of personal data of travellers on such a
massive scale.14 According to the Extended Impact Assessment on VIS, The
principles of proportionate and fair use of personal data and high security in the
11
12
13
14
Letters to the Dutch Parliament and the Minister of Justice on the Eurodac Convention, CM98026, 24 February 1998 and CM98-094, 18 June 1998.
Handelingen Tweede Kamer, 19971998, 23 490, nos. 92 and 97.
SEC (2004) 1628, 28 December 2004, EPEC Final report, December 2004.
See p. 37 and 45.
151
system would have to be considered carefully. In particular, the principles of proportionality and the necessity for storage and processing would have to be implemented in full.15 Furthermore, according to this report, the impact on privacy will
depend on what biometrics are taken, for how long they are stored and which
authorities will have access to the data. The drafters of the Impact Assessment
Report did not refer to Article 8 ECHR.
The Commission, when publishing the proposal on the VIS Regulation,
seemed not to take into account the concerns on the possible impact of VIS,
including biometrics, for the right to privacy as mentioned in the Extended
Impact Assessment Study. In the proposed preamble (20) to the proposal for the
VIS Regulation, it was only stressed that the Regulation respects the fundamental rights and observes the principles recognised in particular by the Charter of
Fundamental Rights of the European Union.16 In the explanatory memorandum,
the Commission did not mention the right to privacy, but only considered that
in view of the related sensitive issues for the protection of personal data, inter
alia the consultation of the Article 29 Working Party is required. With this conclusion, the Commission disregarded the fact that the specic concerns mentioned in the impact assessment were already based on an earlier and critical
opinion expressed by the Working Party on the use of biometrics.17
In their opinions on the development of VIS and related issues, the EDPS and
the Article 29 Working Party explicitly considered the impact of these developments on the right to privacy. The EDPS referred to Article 8 ECHR when considering the purpose and proportionality of the VIS. According to the EDPS, in
the light of Article 8 ECHR and the general data protection framework, the purpose of VIS would be of crucial importance and all the elements of the VIS
must be necessary and proportional instruments to reach this policy goal in the
interest of the common visa policy. Although the EDPS dened safeguards
regarding the use of VIS and especially the incorporation of biometrics, it did
not give any detailed analysis on the criteria derived from Article 8 ECHR.
The Article 29 Data Protection Working Party considered more elaborately
the scope and applicability of Article 8 ECHR with regard to the establishment
of VIS.18 This Data Protection Working Party was especially concerned about the
far-reaching consequences of the large-scale collection and processing of personal
15
16
17
18
Study for the Extended Impact Assessment of VIS, SEC (2004) 1628, 28 December 2004,
EPEC Final report, December 2004. p. 45.
COM (2004) 0287, 28.12.2004.
The Article 29 Working Party is an independent European advisory body on data protection.
See the Working Document on biometrics, WP 80, 1 August 2003. http://europa.eu.int/
comm/justice_home/fsj/privacy/workinggroup.
Opinion 1022/05/EN, WP 110, 23 June 2005.
152
Chapter 6
data on individual human rights, in particular the right to privacy. The Working
Party criticised the multipurpose structure of VIS, including the use of biometrics, and questioned whether this would meet the criteria of proportionality and
necessity on the protection of the right to privacy as developed by the European
Courts, in this case both the ECtHR and the European Court of Justice (ECJ).
In their opinions, both the EDPS and the Working Party referred to the judgment of the ECJ in the case of sterreichischer Rundfunk and others.19 In this
judgment, the ECJ explicitly applied Article 8 ECHR in application of EC
Directive 95/46 on the protection of personal data. The ECJ conrmed that the
processing of personal data may constitute an interference with the right to private life as protected by Article 8 of the ECHR; this interference must be in
accordance with the law and necessary in a democratic society for a legitimate
aim. According to the ECJ, where the provisions of the EC Directive allow for a
limitation of the rights of the data subjects, the criteria of Article 8 ECHR (and
their interpretation by the ECtHR) should be applied to assess rstly whether
the applicable legislation interferes with the right to private life and, if so, whether
that interference is justied from the point of view of Article 8 ECHR.
19
20
Rechnungshof v. sterreichischer Rundfunk and Others (also referred to as Rechnungshof case), Joint
Aairs C-465/00, C-138/01 and C-139/01, ECR I-4989 7183. See further Chapter 7.
See also L.A. Bygrave, Data Protection pursuant to the Right to Privacy in Human Rights
Treaties, International Journal of Law and Information Technology, 1998, vol. 6, p. 247284.
153
a clear-cut denition of the right to private life is impossible: private life should
be considered as a broad term which is not susceptible to an exhaustive denition.21 In general, the ECtHR made it clear that one of the purposes of the right
to private life is to protect the right to identity and personal development. This
protection should not be limited to the private sphere or the home of the individual since, in the words of the ECtHR, Article 8 ECHR also protects the right to
establish and develop relationships with other human beings and the outside
world and it may include activities of a professional or business nature.22
In dierent judgments, the ECtHR concluded that the right to private life was
infringed by the collection, registration or use of personal information. With
regard to public registrations, the ECtHR considered elements such as gender
identication, name, sexual orientation and sexual life as important elements of
the personal sphere protected by Article 8. However, it is clear that this is not
meant to be a limitative list.23 In the following sections, I will apply the scheme
which is generally used by the ECtHR to establish whether, when dealing with
data processing, there is a breach of Article 8 ECHR: is there an interference
with the right to private life; is the interference in accordance with the law, and is
this interference necessary in a democratic society? Only when it is established
that Article 8 ECHR applies and there is an infringement of someones right to
private life, can we consider which legal remedies should be provided for by the
national legislator.
3.1. Secret Police and Security Files: Leander and Segerstedt-Wiberg
The rst case in which the ECtHR was asked to rule on the relationship between
the recording of personal data by the government and the right to private life is
the Leander v. Sweden judgment of 26 March 1987.24 This case dealt with information stored in secret police les, which was used by the applicants employer,
the board of the Naval Museum, where he was temporarily hired as a museum
technician. Based on this information, Mr. Leander was told to leave his work
before the expiry of his contract. Leander, who had previously been a member of
the Swedish Communist Party and of a soldiers union, was not informed of the
reasons for this decision. The ECtHR found it uncontested that the secret police
le contained information relating to the applicants private life. Both the storage
and release of data concerning his private life in a secret police le and communication of these data to employers, coupled with the refusal to allow the applicant
21
22
23
24
In P.G. and J.H. v. the United Kingdom, 25 September 2001 no. 44787/98, 56, Reports 2001IX and also Peck v. UK, 28 January 2003, appl. no. 44647/98, Reports 2003-I. 57.
Niemietz v. Germany, 16 December 1992, appl. no. 13710/88, Series A, no. 251-B, 29.
P.G. and J.H. v. the United Kingdom, 56 and Peck v. United Kingdom, 57.
Leander v. Sweden, 26 March 1987, appl. no. 9248/81, Series A, no.116.
154
Chapter 6
27
Leander v. Sweden, 48. As we see below, the ECtHR did not nd any breach of Article 8 ECHR.
Segerstedt-Wiberg and others v. Sweden, 6 June 2006, appl. no. 62332/00. Published in EHRC
2006, 89 with annotation of Jan Peter Loof.
Rotaru v. Romania, 4 May 2000, appl. no. 28341/95, Reports 2000-V.
155
its earlier conclusions in Niemietz v. Germany, the ECtHR made it clear that
respect for private life must also comprise, to a certain degree, the right to establish and develop relationships with other persons.
3.2. Child care Records, Health and Gender Information:
Gaskin, Z and Goodwin
In 1989, the ECtHR applied Article 8 ECHR for the second time directly to
personal data les in the public sector in the case Gaskin v. the United Kingdom.28
This case concerned the question of whether the right to private life as protected
in Article 8 ECtHR included the right to have access to his or her personal information. In his youth, Mr. Gaskin was in the care of the Liverpool City Council.
During his procedure before the national authorities and, nally, before the
ECtHR he complained about the refusal by the local authorities to give him
access to information concerning his youth. The municipal child care organisation which held this information made access to this le dependent on the
authorisation of the applicants mother. The government justied the refusal to
give Gaskin access to his information by stating that these les also contained
information on other persons whose privacy had to be protected. In its judgment, the ECtHR referred to the earlier conclusion of the Commission that the
les at stake unquestionably contained information concerning highly personal
aspects of the applicants childhood, development and history and thus could
constitute his principal source of information about his past and formative years.
The ECtHR conrmed the importance for the applicant to have access to the
les concerning his youth ( 37). The ECtHR made it clear that this conclusion
applied only with regard to this specic case and the ECtHR did not intend to
formulate a more general principle. Despite this restriction, the judgment has
been considered an important development in the recognition of the right to
access as one of the positive duties of governments with regard to the application
of Article 8 ECHR to public les.
In Z v. Finland (1997), the ECtHR dealt with the appeal of Z. against the disclosure of his health records, including information on his HIV infection.29 This
information was revealed during court proceedings without the applicants consent. In this judgment, the ECtHR referred for the rst time explicitly to the
obligations of the Data Protection Convention of 1981. The ECtHR concluded
there was a breach of 8 ECHR, especially based on the fact that this case concerned the disclosure of medical les, including the information on the applicants HIV infection. According to the ECtHR, the protection of personal data,
not least medical data, is of fundamental importance to a persons enjoyment of
28
29
Gaskin v. the United Kingdom, 7 July 1989, appl. no. 10454/83 Series A, 160.
Z v. Finland, 25 February 1997, appl. no. 22009/93, Reports 1997-I, 95100.
156
Chapter 6
his or her right to respect for private life and family life as protected in Article 8
of the Convention. In this conclusion, the ECtHR referred to the more general
function of condentiality in the health sector, by stating that the reason for this
protection and the respect for condentiality is not only to protect the privacy of
the person concerned, but also his or her condence in the medical profession
and in the health services in general.
Finally, at this point, one could refer to the jurisprudence of the ECtHR with
regard to claims from transsexuals to have the information concerning their sex
changed in public les, as well as birth certicates, identity cards or driving
licences. Initially, the national authorities were given a wide margin of appreciation because of the lack of general consent in the European States with regard to
the acceptance of transsexuality.30 Since 1986, the ECtHR, having regard to scientic and societal developments, emphasised the need to keep appropriate legal
measures under review.31 In 2002, in Goodwin v. UK, the ECtHR considered
that, on the basis of more current developments, the duties of a national state to
recognise and legalise a change of sex in governmental les on transsexuals could
be more strictly dened.32
Although the type of information dealt with in the case law described above
does not directly relate to the subject of my research, these judgments illustrate
the close relationship between the storage or disclosure of personal information
and the individual right to respect for private life. In these judgments, the ECtHR
emphasised the special responsibility of public authorities with regard to the storage and processing of sensitive information such as medical data or gender information. As we will see in Chapter 7, section 5.3, data protection law includes
extra safeguards with regard to the processing of sensitive data or special categories of data, such as data on ethnicity, gender, sexual life, political opinions or the
religion of the person. The special responsibility of the data processor towards sensitive data can be explained rstly by the fact that the information at stake, for
example medical data, as well as information about a persons youth, as in the
Gaskin case, belongs to the core of a persons private life. It is exactly this kind of
information that individuals generally do not wish to disclose to others. The other
30
31
32
Rees v. the United Kingdom, 17 October 1986, appl. no. 8532/81, Series A, 106; Cossey v. the
United Kingdom, 27 September 1990, appl. no. 10843/84, Series A, 184 (the latter judgment
contained a very strong dissenting opinion by Judge Martens).
Sheeld and Horsham v. the United Kingdom, 30 July 1998, appl. no. 22985/93; 23990/94,
Reports 1998-V, 60.
Christine Goodwin v. the United Kingdom, 11 July 2002, appl. no. 28957/95 (unreported), see
93: Since there are no signicant factors of public interest to weigh against the interest of this
individual applicant in obtaining legal recognition of her gender re-assignment, it reaches the
conclusion that the fair balance that is inherent in the Convention now tilts decisively in favour
of the applicant.
157
reason why sensitive information needs extra protection is that the use of this
information more easily results in discrimination against the person concerned. It
is no coincidence that the principle of non-discrimination in Article 14 ECHR or
Article 13 of the EC Treaty includes more or less the same grounds as a basis for
prohibiting discrimination. In my view, it is clear that this special responsibility of
national authorities for certain categories of data also concerns the use of biometrics and data on the nationality and the ethnic origin for the purposes of identity
controls or visa applications.
3.3. Systematic Collection and Storage of Personal Information
by Public Authorities: Amann and Rotaru
In several judgments, the ECtHR applied Article 8 ECHR on the basis of the criterion that there is systematic collection and storage of data. One very important
decision is the judgment of 16 February 2000 in Amann v. Switzerland, since this
gives a broad interpretation of Article 8 with regard to les held by the government.33 In this interpretation, Article 8 applies to the storage of information
relating to an individuals private life by a public authority, regardless of the sensitivity of the data and regardless of the use that is eectively being made by third
parties.34 In this case, the ECtHR again referred to the Data Protection
Convention. The applicant in this case was a Swiss salesman of depilatory appliances, which he advertised in magazines. In 1981, a woman telephoned from
the Soviet embassy in Bern to order one of his items: the Perma Tweez appliance. This telephone call was intercepted by the Federal Public Prosecutors Oce
(Bundesanwaltschaft) in Switzerland. Later, the Public Prosecutors Oce drew up
a card on the applicant for its national security card index on the basis of the particulars provided by the police of the Canton of Zrich. When, in 1990, the public was informed of the existence of the card index held by the Public Prosecutors
Oce, many people, including the applicant, asked to see their cards. On 9 March
1992, the applicant led an administrative law procedure with the Federal Court,
claiming compensation from the Confederation of 5,000 Swiss francs for the
unlawful registration of his particulars in the card index held by the Public
Prosecutors Oce. He also requested that his le and card be sent immediately
to the Federal Archives with a ban on making any copies and that the authorities
be ordered to store the information under lock and key and not to disclose any of
it without his agreement. His application was rejected by the Federal Court but,
in 1996, the applicants card was removed from the card index and transferred to
the Federal Archives, where it cannot be consulted for fty years.
33
34
158
Chapter 6
In this judgment, the ECtHR gave a broad interpretation of the right to private life, by explicitly rejecting the reasons given by the Swiss government for
limiting the scope of Article 8 ECHR. In the rst place, the ECtHR emphasised,
by referring to its earlier conclusions in the Niemietz case, that there is no reason
in principle to justify excluding activities of a professional or business nature
from the notion of private life. Since the right to respect for private life comprises the right to establish and develop relationships with other human beings,
this right should inherently be extended to the public sphere. The ECtHR explicitly concludes that such a broad interpretation corresponds to that of the Council
of Europes Data Protection Convention of 28 January 1981. Secondly, the
ECtHR rejected the submission of the Swiss government that the le in question
did not contain sensitive data. In fact, the card only included the information
that the applicant had contact with the Russian embassy and was doing
business of various kinds with the [A.] company. However, other (censored)
information which was held on the card was not disclosed to the applicant.
Furthermore, the applicants lawyers submitted that the codes used on the card
(1153: 0) (614) referred to the meaning communist country (1), Soviet
Union (153), espionage established (0) and various contacts with the Eastern
bloc (614) (see 22 of the judgment). Thirdly, the Swiss government contended that the applicants private life would not in any way have been inconvenienced as a result of the creation and storage of his card, which in all probability
[has] never been consulted by a third party. The ECtHR countered this
argument, noting that it is not for the ECtHR to speculate as to whether the
information gathered on the applicant was sensitive or not or as to whether the
applicant had been inconvenienced in any way. The Strasbourg Court found it
sucient to nd that data relating to the private life of an individual were stored
by a public authority in order to conclude that the creation and storage of the
impugned card amounted to an interference within the meaning of Article 8,
irrespective of whether this information was subsequently used.35
The refuted practices of the Swiss authorities in the Amann case can be compared with the practice of data proling or the collection of data on a group of
persons based on certain common criteria rather than based on their individual
behaviour. In the case of Amann, the extra surveillance measures by the Swiss
authorities and the creation of a card were only based on two suspicious facts.
Firstly, the Swiss authorities were monitoring all phone lines from the (former)
Soviet embassy. Secondly, the Swiss authorities suspected the content of the
phone call, unfamiliar as they were with the Perma Tweez appliance in which
the applicant was trading. The ECtHR made it clear that the creation of the card
35
Ibid., 6970.
159
le, regardless of whether or not the information was subsequently used, must be
considered a breach of Article 8 ECHR.
In its judgment Rotaru v. Romania, the ECtHR referred more explicitly to the
criterion of systematic collection and storage.36 According to the ECtHR, even
public information may fall within the scope of private life when it is systematically collected and stored in les held by the authorities. This would be all the
more true when such information concerns a persons distant past. With regard
to this particular case, the ECtHR noted that the refuted letter from the
Romanian Security Agency contained various pieces of information about the
applicants life, in particular his studies, his political activities and his criminal
record, some of which had been gathered more than fty years earlier. In the
ECtHRs opinion, such information, when systematically collected and stored in
a le held by agents of the State, falls within the scope of private life for the
purposes of Article 8 (1) ECHR. According to the ECtHR, this was all the more
true since the information at stake had been declared false and was likely to
damage the applicants reputation.
The criterion that even information belonging in the public domain may fall
within the protection of a persons private life, once systematically stored, was
also used in the judgment in P.G. and J.H. v. UK (see below) and in SegerstedtWiberg v. Sweden.37
3.4. Recording of Voices and Video Images Collected
in the Public Domain: P.G. and J.H. v. UK
In the case of P.G. and J.H. v. UK, a conversation between the two applicants had
been recorded secretly while they were being charged at a police station and after
they had refused to provide voice samples voluntarily. In this case, the UK government submitted that the subject of these recorded conversations did not contain any private or substantive information and, therefore, the recording did not
include any infringement of the right to private life. This argument was rejected
by the ECtHR, considering that there is a zone of interaction between a person
and others, even in a public context, which may fall within the scope of private
life. Even if the applicants only answered formal questions in a place where police
ocers were listening to them, the recording and analysis of their voices on this
occasion was, according to the ECtHR, still to be regarded as the processing of
36
37
Rotaru v. Romania, 4 May 2000, appl. no. 28341/95, Reports 2000-V, 4344. See further
section 6.4.2 below.
P.G. and J.H. v. the United Kingdom, 25 September 2001, appl. no. 44787/98, Reports 2001-IX,
11. See also Perry v. the United Kingdom, 17 July 2003, appl. no. 63737/00, Reports 2003-IX,
38 and Segerstedt-Wiberg, 72.
160
Chapter 6
personal data about the applicants.38 Referring to its earlier judgments (including
the Rotaru and the Amann cases), the ECtHR held that private life considerations may arise once any systematic or permanent recording comes into existence of such material of the public domain. Furthermore, the ECtHR held that
even if information has not been gathered by any intrusive or covert method,
Article 8 ECHR would still apply.
Both in the Perry v. UK and Peck v. UK judgments, the ECtHR dealt with the
recording and storage of video images by the police and the question of whether
these practices constituted an infringement of an individuals right to private life.
The Perry v. the United Kingdom judgment concerned a claim by a person who
had been arrested and charged with robbery.39 During his interrogation at the
police station, the police authorities had lmed him secretly after he had refused
to participate in an identication parade. This lming using custody suite
camera was then shown to the witnesses at the identication parade. The permanent recording of the footage and its inclusion in a montage for further use was
regarded as the processing or collecting of personal data about the applicant.
As we will see below, its subsequent unforeseen use was considered in breach of
Article 8 ECHR. In Peck v. United Kingdom (see below), the ECtHR concluded
that the further use of video surveillance by the police also violated the right to
private life of the applicant.40
3.5. Administrative Data: Malone
In Klass v. Germany, the ECtHR ruled that telephone calls fall within the meaning of private life and correspondence of Article 8 ECHR.41 In the Malone case,
the ECtHR went further by nding that not only the content of telephone calls,
but also the administrative data concerning telephone calls (number dialled,
duration and costs of call) form an integral part of the protected telephone communication.42 Therefore, according to the ECtHR, communication of these data
without the prior consent of the person concerned also caused a breach of the
right protected in Article 8 ECHR.
3.6. Use of Information Beyond What is Normally
Foreseeable: Perry, Peck and Lupker
In cases where the data had not been obtained voluntarily or in circumstances
where it could reasonably be anticipated that it would be recorded and used for
38
39
40
41
42
161
identication purposes, the ECtHR concluded there was interference with the
applicants right to respect for private life.43 The ECtHR referred in this judgment to decisions of the Commission in Lupker v. the Netherlands and Friedl v.
Austria, dealing with the unforeseen use by the authorities of photographs which
had previously been voluntarily submitted by the applicants.44 According to the
Commission in the Lupker case, the question of whether photographs were
legally used by the police in identication albums depended on whether they
were obtained voluntarily or under circumstances were it could reasonably be
anticipated that they would be recorded and used for identication purposes.
In the case of Perry v. the UK, neither the applicant nor his solicitor was
informed of the making of this video, nor of the fact that this video was shown
to witnesses during an identication parade. According to the ECtHR, the
ploy adopted by the police went beyond the normal or expected use of this
type of camera (security cameras). In the judgment Peck v. United Kingdom of
28 January 2003, the applicant complained about the publication in the media
of police video images, which were recorded by CCTV cameras on the street.45
This video surveillance had actually saved the life of the applicant, since it
resulted in the involvement of the police which prevented him committing suicide. The ECtHR decided that the disclosure of these records to the media was
beyond what was normally foreseeable and therefore interfered with his right to
private life.
3.7. Passports and Identication Measures: Smirnova and letmi
Finally, I refer to two judgments in which the ECtHR dealt with the withdrawal
of passports. Although the considerations of the Strasbourg Court on the consequences of the withdrawal of identication papers on the individual right to private life are not directly related to the issue of data processing, they become
relevant when the use of large EU databases is closely, not to say inextricably,
linked to identication measures.
The rst judgment, Smirnova v. Russia, concerned the case of Russian twin sisters who were prosecuted and charged with fraud by the Moscow authorities.
After being discharged, they complained about the violation of their rights under
both Article 5 and Article 6 (1) ECHR with regard to the way they were treated
43
44
45
162
Chapter 6
during the criminal proceedings.46 One of the sisters also lodged an appeal on the
basis of Article 8 ECHR, for the fact that during the proceedings between 1995
and 1999, her passport was withheld by the Russian authorities. The authorities
justied withholding the passport by the fact that the twins had used their similar appearance several times to confuse the investigating authorities. After recalling that private life is a broad term not susceptible to exhaustive denition, the
ECtHR concluded in this judgment that the conscation of the passport constituted continuing interference with the applicants private life ( 97). The ECtHR
underlined the direct relationship between the obligation upon citizens to identify themselves at various moments and locations with the right to private life.
Even if the applicant could not substantiate one specic event which would have
constituted disrespect for her private life, the ECtHR considered that it was
established that the applicants private life was infringed by a number of everyday inconveniences taken in their entirety which lasted between 1995 and 1999
( 96). The ECtHR considered explicitly that in their every day life, Russian
citizens have to prove their identity unusually often, even when performing such
mundane tasks as exchanging currency or buying train tickets, but also that a
national passport was required for more crucial needs such as nding employment or receiving medical care. Taking these facts together, the ECtHR concluded that conscation of her passport included continued interference with
the applicants private life.
The withdrawal of a passport was also dealt with in letmi v. Turkey, concerning a Turkish national who had lived in Germany since 1975.47 In 1984, the
Turkish government launched an investigation into the applicant, accusing him
of separatist activities. These procedures were based on the applicants aliations to Kurdish organisations. During his visit to Turkey in 1992, the applicant
was arrested and detained and the Turkish authorities conscated his passport.
After six days he was released but his passport was not given back to him. For
seven years letmi was not permitted to leave Turkey. His family (spouse and
two children) therefore chose to join him and to live in Turkey. Not until 1999
was the applicant nally acquitted of the charge of separatist activities and, after
his passport was returned to him, the applicant and his family were able to
return to Germany. Aside from the conclusion that his right to a fair trial under
Article 6 (1) ECHR had been violated by the Turkish authorities, the ECtHR
also held unanimously that the conscation of his passport represented a breach
of his right to private life. For this conclusion, the ECtHR reasoned that in an
age when the freedom of movement, especially across borders, was considered
46
47
Smirnova v. Russia, 24 July 2003, appl. no. 46133/99 and 48183/99, Reports 2003-IX.
letmi v. Turkey, 6 December 2005, appl. no. 29871/96 (unreported).
163
essential for the full development of private life, especially for people like the
applicant, having family, occupational and economic ties in more than one
country, denial of that freedom by the State without any good reason constituted a serious failure on its part to discharge its obligations to those under its
jurisdiction ( 50). According to the ECtHR, the continued application of
the prohibition on leaving Turkish territory no longer corresponded to a pressing social need and was therefore disproportionate to the aims permitted by
Article 8. In this judgment, the ECtHR explicitly connected the freedom of
movement with the right to private life in Article 8 ECHR. According to the
ECtHR, even though Article 2 of the fourth Protocol to the Convention (signed
but not ratied by Turkey) also protects the freedom of movement, this would
not mean, as suggested by the Turkish government, that one and the same fact
may fall foul of more than one provision of the Convention and Protocols.48
The Smirnova v. Russia and letmi v. Turkey judgments are important for our
subject because they highlight the relationship between, on the one hand
(repeated) identity controls and the right to private life and, on the other hand,
freedom of movement and the right to private life. The former relationship is at
stake when a person or a specic group of persons is repeatedly confronted with
identity checks based on the use of data systems or data proling. The Smirnova
judgment illustrates, in my view, that the right to private life is at stake when a
person is repeatedly stopped at borders because he or she is listed in one of the
EU databases, or because he or she belongs to a group of persons which is under
extra surveillance by the government on the basis of data proling. The considerations of the ECtHR in the letmi judgment, in my view, apply to a person who
is listed in SIS or SIS II, when the fact of this registration in practice results in a
restriction of his freedom of movement and therefore also his right to private life
as protected in Article 8 ECHR.
48
50. See, also Airey v. Ireland, 9 October 1979, appl. no. 6289/73, Series A, 32, p. 17, 3133.
164
Chapter 6
sta in sectors aecting national security cannot be the same as in many other
elds. Thus, it cannot mean that an individual should be enabled to foresee precisely what checks will be made in his regard by the Swedish special police service
in its eorts to protect national security. Nevertheless, the ECtHR added that
in a system applicable to citizens generally, as under the Personnel Control
Ordinance, the law has to be suciently clear in its terms to give them an adequate indication as to the circumstances in which and the conditions on which
the public authorities are empowered to resort to this kind of secret and potentially dangerous interference with private life.49
In Malone v. UK, dealing with secret telephone tapping, the ECtHR stated
that in accordance with the law refers not only to the availability of domestic
law, but also to the quality of the law, requiring it to be compatible with the
rule of law.50 The requirement of quality of law is further specied in Huvig and
Kruslin v. France.51 These cases concerned the claims based on Article 8 ECHR of
Mr. and Mrs. Huvig and Mr. Kruslin, whose phones were tapped during criminal proceedings by the French authorities. The question in these cases was not so
much whether this telephone tapping constituted an interference with the applicants right to private life, but whether the applicable French law was clear and
foreseeable. The ECtHR held that, where tapping and other forms of telephone
conversation represent a serious interference with private life and correspondence,
this must be based accordingly on a law that is particularly precise. According to
the ECtHR, clear, detailed rules on the subject are essential, especially since the
technology available for use is continually becoming more sophisticated, as in
the case in question. Since French law, written and unwritten, did not indicate
with reasonable clarity the scope and manner of exercise of the relevant discretion conferred on the public authorities, the ECtHR found a breach of Article 8
of the Convention.52
In the Huvig and Kruslin judgments, the ECtHR further dened a set of criteria for lawful telephone tapping which should have been provided for in
French law. These criteria included the categories of persons liable to have their
telephones tapped by judicial order and the nature of the oences which may
give rise to such an order; the lack of an obligation to set a limit on the duration
of telephone tapping; the circumstances under which recordings may or must
be erased or the tapes destroyed, in particular when an accused party has been
49
50
51
52
165
166
Chapter 6
Protection Convention. These provisions deal with the quality of data, the
protection of sensitive data and the legitimate exceptions to these safeguards.58
When it comes to national security or the prevention of disorder or crime, the
ECtHR normally leaves a wider margin of appreciation to the national authorities to assess the necessity of the interference with the right to private life for the
pursued goals, than it would in regular cases. This is especially underlined in
Klass v. Germany and Leander v. Sweden.59 In the Leander judgment, the
Strasbourg Court recognised that the national authorities enjoy a margin of
appreciation, the scope of which will depend not only on the nature of the legitimate aim pursued but also on the particular nature of the interference involved.
According to the ECtHR, the interest of the respondent State in protecting its
national security must be balanced against the seriousness of the interference
with the applicants right to respect for his private life. For this purpose of protecting national security, the ECtHR accepted the need for Contracting States to
have laws empowering national authorities, rstly, to collect and store in registers not accessible to the public information on persons and, secondly, to use this
information when assessing the suitability of candidates for employment in posts
of importance for national security. However, in both the Klass and Leander
judgments, the ECtHR made it clear that the power of the national police
authorities to collect and store personal information should be counterbalanced
by procedural guarantees. The considerations of the ECtHR in the Klass judgment (and repeated in Leander v. Sweden) that Contracting States do not enjoy
unlimited discretion to subject persons within their jurisdiction to secret surveillance have been much quoted. The Court, being aware of the danger such a law
poses of undermining or even destroying democracy on the ground of defending
it, arms that the Contracting States may not, in the name of the struggle against
espionage and terrorism, adopt whatever measures they deem appropriate.60
Whatever system of surveillance is adopted, the ECtHR ruled that adequate
and eective guarantees against abuse must be in place. At the same time, in
these judgments, the ECtHR referred to the relative meaning of the assessment
of the safeguards at stake. This would depend on all the circumstances of the
case, such as the nature, scope and duration of the possible measures, the grounds
required for ordering such measures, the authorities competent to permit, carry
out and supervise such measures, and the kind of remedy provided by national
law. In the Leander case, the ECtHR was satised with the dierent safeguards
which were provided under Swedish law and the supervision eected by the
58
59
60
167
168
Chapter 6
62
63
64
65
169
66
67
See also Malone v. the United Kingdom, judgment of 2 August 1984, Series A 82, p. 3233,
6768, reiterated in Amann, cited above, 56, and in Rotaru, cited above, 55.
Klass, 67.
170
Chapter 6
relevant Convention complaint and to grant appropriate relief .68 In this case,
the ECtHR found that there was no evidence that Romanian law provided for an
eective remedy with regard to the holding of information on the applicants private life by intelligence services or for refuting the truth of such information.
Therefore, the ECtHR found there was a violation of Article 13.
In Leander v. Sweden, the ECtHR considered the powers of the Swedish
Parliamentary Ombudsman, tasked with the supervision of secret police les.
This supervision included the power to decide whether the information in these
les was to be released to requesting authorities. In the view of the ECtHR, this
direct and regular control over the most important aspect of the register the
release of information provided a major safeguard against abuse.69 Also in the
Leander judgment, the ECtHR referred to the power of the Swedish Parliamentary
Ombudsman to lodge criminal proceedings or disciplinary measures against an
ocial who has committed an oence by departing from the obligations inherent in his ocial duties as an adequate safeguard. With regard to the eectiveness
of the power of the Ombudsman to give non-binding advice, the Strasbourg
Court gave a rather vague criterion: whether the advice of this institution would
have any practical eect would depend on his ability to convince the decisionmaker or authority in question. Although the ECtHR explicitly recognised the
weaknesses in the control aorded by the Parliamentary Ombudsman and the
Chancellor of Justice, since neither authority could render a legally binding decision, this necessarily limited eectiveness was inherent to any remedy available
to the individual concerned in a system of secret security checks.
Interestingly in the Segerstedt-Wiberg judgment of 2006 which, as we saw above,
involved a comparable case, the Strasbourg Court was more critical of the competence of the Swedish Parliamentary Ombudsman. As we have seen, the ECtHR
found a breach of Article 8 ECHR only with regard to four of the ve applicants.
However, with regard to all the applicants, the ECtHR held that there was a
breach of their right to eective remedies under Article 13 ECHR.70 The very fact
that the Parliamentary Ombudsman lacked the power to render a legally binding
decision was one of the grounds on which the ECtHR concluded that the applicants had no eective remedies. Furthermore, the ECtHR observed that the
Records Board, a body specically empowered to monitor data processing by the
Secret Police on a daily basis, had no power to order the destruction, deletion or
rectication of the information kept in the les. Equally important are the considerations of the ECtHR in the Segerstedt-Wiberg v. Sweden judgment on the powers
68
69
70
171
of the Swedish Data Protection Authority (Data Inspection Board), with which
individuals could lodge a complaint. The ECtHR concluded that it had not been
shown that the available procedure carried out by the Data Inspection Board
oered an eective remedy in practice with regard to an application for deletion
of the data ( 120). While it found the processing unlawful, the Data Inspection
Board could order the processor to stop further data processing (blocking of
data) upon penalty of a ne. But it was not empowered to order the deletion of
unlawfully stored information. It could only make an application for such a measure to the County Administrative Court. According to the ECtHR, no information had been furnished to shed light on the eectiveness of the Data Inspection
Board in practice. On the contrary, during this procedure, the applicants alleged
that during its 30-year existence, the Data Inspection Board had never performed
a substantial review of the les held by the Security Police.
From the Segerstedt-Wiberg judgment, it is clear that in the light of Article 13
ECHR, national remedies should be eective not only on paper but also in practice. This principle also follows on from judgments in which the ECtHR dealt
with the requirement that individuals should exhaust the available national remedies on the basis of Article 26 ECHR before addressing the case to the
Commission. In Akdivar v. Turkey, the ECtHR made it clear that this requirement (exhaustion of national remedies) does not imply that individuals are
obliged to have recourse to remedies which are inadequate or ineective.71
According to the ECtHR, if a government claims that national remedies have
not been exhausted, it is the duty of the government to satisfy the ECtHR that
the remedy was eective and available in theory and in practice at the relevant
time. The remedy should be capable of providing redress in respect of the applicants complaints and oer reasonable prospects of success.
6.4.2. Article 8 ECHR and the Right to Financial
Compensation under Article 6 ECHR
An important issue with regard to the future use of EU databases is the possibility of lodging a claim based on Article 6 ECHR for damages which are caused by
the use of information or data processing by governmental organisations in
breach of Article 8 ECHR. This applicability of Article 6 ECHR with regard to
damage caused by government information les is recognised by the ECtHR in
the judgment in Rotaru v. Romania.72 As we have seen above, this case concerned
the complaint by Mr. Rotaru with regard to the information stored about him
71
72
Akdivar v. Turkey, 16 September 1996, no. 21893/93, Reports 1996-VI, 6768, see also Salah
Sheekh v. the Netherlands, 11 January 2007, no 1948/04, referred to in Chapters 8 and 13.
Rotaru v. Romania, 7479.
172
Chapter 6
since 1948 by the Romanian Intelligence Services. After nding that there had
been a violation of his right to private life, as laid down in Article 8, the ECtHR
dealt with the Mr. Rotarus claim on the basis of Article 6 ECHR. Rotaru held
that the refusal of the Romanian courts to consider his applications for costs and
damages was in breach of his right to a fair trial. While the Commission decided
to consider the complaint only under the more general obligation of Article 13
ECHR, the ECtHR observed that that there was no remedy for the applicant
involving making an application for amendment or destruction of the le containing information about him ( 61). According to the ECtHR, there was no
doubt that the applicants claim for compensation for non-pecuniary damage
and costs was a civil claim within the meaning of Article 6 (1) ECHR and that
the Bucharest Court of Appeal would have had jurisdiction to deal with it. The
Court of Appeals failure to consider the claim in this case therefore violated the
applicants right to a fair hearing within the meaning of Article 6 (1).73
6.5. Non-discrimination
On the basis of Article 14 ECHR, the right to privacy should apply indiscriminately to everyone, without distinguishing on grounds such as nationality, race,
language, religion, etc As we have seen above, in the eld of the protection of
internal security, the ECtHR acknowledged the necessity of secret surveillance
and thus privacy-infringing measures. One could argue that in these elds, limitations on the right to private life aect some groups of persons more than others.
With regard to those persons who are specically aected by surveillance measures by national authorities, one cannot say that the right to privacy applies to
them indiscriminately.
73
The Court refers to the judgment in Ruiz Torija v. Spain, 9 December 1994, Series A, 303A, 30.
173
criteria, the ECtHR seemed to recognise the broader function of the right to privacy in the relationship between citizens and the government. According to the
jurisprudence of the ECtHR, Article 8 ECHR is at stake when it concerns the
collection, storage, or use of personal information in the following situations:
secret police or secret service les (Leander, Segerstedt-Wiberg, Rotaru);
public les irrespective of the nature or the sensitivity of the information
stored in them (Amann);
health records (Z v. Finland);
child care records (Gaskin);
public les (Goodwin);
records of voices (Peck), photographs (Commission: Lupker and Friedl ), and
video surveillance images (Perry);
administrative data on telephone calls (Malone);
birth certicates, identity cards or driving licences (Goodwin); and
passports (Smirnova and Iletmi).
In order to establish whether an interference with the right to private life has
occurred, the ECtHR based its conclusions on the following circumstances and
methods of data processing:
the public circumstances in which the information was collected (Perry,
P.G. and J.H.);
whether it concerns the systematic collection and storage of personal information (Rotaru, Amann, Segerstedt-Wiberg, and P.G. and J.H.);
whether the information concerns the persons past (Rotaru);
whether the information was provided voluntarily or not (Lupker, cited in
Perry);
whether the person has given his or her prior consent to the further communication of personal data (Malone);
whether the further use of the information stored goes beyond the normally
foreseeable use (Peck, P.G. and J.H., Perry);
the consequences (of deprivation of passport) on everyday life (Smirnova);
whether there is a limitation on the freedom of movement (by conscation of
passport) (Iletmi); and nally,
whether the information is subsequently used in practice is not relevant
(Amann).
Considering our subject, the registration of third-country nationals in the EU
databases, it can be concluded that the criteria formulated by the ECtHR are
applicable on several grounds. In the rst place, the ECtHR emphasised that the
systematic collection and storage of personal information by governments falls
within the scope of protection under Article 8 ECHR. Secondly, it is clear that
174
Chapter 6
175
Concluding, the jurisprudence of the Strasbourg Court makes clear that, if the
impact of the use and storage of personal information by public authorities on
the private life of individuals is overlooked, we will lose an important mechanism for controlling governmental powers. In its case law on Article 8 ECHR
and the use of personal information by public authorities, the ECtHR did not
doubt the importance of an independent supervisory mechanism. The ECtHR
consistently stressed the need for an independent control mechanism when it
comes to the infringement of an individuals right to private life caused by the
use of personal information by public authorities. The ECtHR gave dierent
grounds for motivating this need for the right to an independent supervisory
mechanism. In the rst place, the ECtHR emphasised the need for an independent supervisory authority as a mechanism for the protection of the rule of
law and to prevent the abuse of power, especially in the case of secret surveillance systems (for example in the Klass, Leander and Rotaru judgments). In other
cases, the ECtHR demanded the availability of an independent mechanism,
where specic sensitive data were at stake or where the case concerned a claim to
access to such data (for example medical data or data about the applicants
youth, in Z v. Finland and Gaskin v. the United Kingdom respectively). In these
cases, access to an independent control mechanism was not only considered
important because it clearly dealt with an infringement of someones right to
respect for his private life, but also because of the need to balance the dierent
interests at stake.
In its judgments, the ECtHR established a preference for access by judicial
authorities because it gave the best guarantees of independence, impartiality
and a proper procedure.74 However, in dierent judgments (for example,
Gaskin, Leander) it was explicitly stated that a non-judicial supervisory mechanism could be appropriate. The general conclusion that legal remedies should in
the rst place be practical and eective, has been armed in Segerstedt-Wiberg v.
Sweden. In this judgment, the ECtHR explicitly questioned the practical meaning of the (non-judicial) authorities with which individuals could lodge a complaint. In particular, the consideration of the ECtHR in this judgment, in which
it required proof of evidence regarding the eectiveness of the Swedish Data
Protection Authority in practice, is meaningful when assessing the meaning of
data protection law. As mentioned above, the general criteria concerning the
competence or powers of independent authorities as developed by the ECtHR
in its jurisprudence on Article 6 and 13 ECHR will be dealt with further in
Chapter 8.
74
Klass, 56.
176
Chapter 6
Finally, I have pointed out the importance of Article 6 ECHR with regard to the
right to compensation. In Rotaru v. Romania, the ECtHR acknowledged the right
of individuals to nancial redress for damages based on a breach of Article 8 ECHR
caused by the data processing activities of public authorities. This means that Article 6
ECHR may be invoked by an individual when his or her civil liberties or rights are
infringed by an administrative decision based on data processing activities.
Chapter 7
Eective Remedies under Data Protection Law
Article 1 of the Council of Europes Data Protection Convention of 1981:
The purpose of this convention is to secure in the territory of each Party for every
individual, whatever his nationality or residence, respect for his rights and fundamental freedoms, and in particular his right to privacy, with regard to automatic
processing of personal data relating to him (data protection).
1. Introduction
Data protection law regulates the various stages involved in the processing of data
(or information) on individual, physical persons (and sometimes groups and
organisations of such persons).1 These stages include the collection, registration,
storage, use and dissemination of data. In Europe, the most important instruments concerning data protection law are the Data Protection Convention of
1981 of the Council of Europe and the EC Directive 95/46 on the protection of
personal data. Whereas the EC Directive only applies to data processing within
the scope of community law, the rules of the Data Protection Convention also
apply to certain so-called third pillar measures within the EU, dealing with data
processing in the eld of police or justice, for example the Europol Convention.
Accordingly, the use of VIS and Eurodac is covered by the rules of Directive 95/46
whereas, as we will see below, the CISA refers with regard to the use of SIS I to the
applicability of the Data Protection Convention. With regard to the use of the
second generation SIS, or SIS II, both instruments will apply. Regulation
1987/2006 on the use of SIS II for the registration of third-country nationals
refers to Directive 95/46.2 The Decision on the use of SIS II for political and
L.A. Bygrave & J.P. Berg, Reections on the rationale for data protection laws in: J. Bing,
O. Torvund (eds.), 25 Years Anniversary Anthology, Tano: Norwegian Research Center For
Computers and Law 1995, p. 3 . See also L.A. Bygrave, Data Protection Law: approaching its
rationale, logic and limits, The Hague: Kluwer Law International 2003.
Regulation 1987/2006, OJ L381/4, 28 December 2006.
178
Chapter 7
J.B. Rule, Private Lives and Public Surveillance, 1974, p. 270 . and 308; A.F. Westin, Privacy and
Freedom (1967), p. 158 .; Bygrave and Berg (1995), p. 7 .
179
A relatively short time passed between the introduction of information technology and the development of data protection rules.4 The Council of Europe
played a major role in this development by establishing, at a very early stage, the
rst framework for legal instruments. At the national level, for example, in the
German federal state of Hessen, in Sweden and in the Netherlands, we see that
during large automation projects the legislators were urged to adopt or at least to
think about the adoption of data protection laws.5 These projects included the
establishment of a central population register and the electronic implementation
of the census. In several countries, the governments installed special committees
to investigate the need for new regulations. The rst data protection law in
Europe, the Datenschutzgesetz in Hessen, was adopted in 1970 together with the
introduction of the Hessian central population register. This law only applied to
data processing in the public sector and provided for the establishment of an
ombudsman-like independent data protection authority. The data protection
authority was responsible for ensuring the security of state les and for advising
on the impact of new data processing techniques. The Hessian data protection
law played an important exemplary role for the development of other national
laws. In 1973 the Data Act was adopted in Sweden, in 1974 the Privacy Act in
the United States and, in 1977, the Federal Data Protection Law in Germany.
In 1978 the rst French Law on data processing, les and individual liberties
followed and, in Norway, the Personal Data Registers Act.
In describing the history of data protection law in Europe, one may distinguish
dierent phases of law-making.6 Generally, the basic principles of data protection
were formulated in the period between 1970 and 1981. During this period, the
pioneers of data protection were based on a mechanism of prior control of databases, including prior registration or a licensing system. The second period,
between 1981 and 1988, marked the end of an isolated national legislation process. Concerns about data protection on the one hand and the free ow of information on the other hand resulted in the adoption of the OECD Guidelines in 1980
and of the Data Protection Convention of the Council of Europe in 1981. The
general principles of these international instruments were taken as an example in
countries which still had to adopt their rst data protection laws. The legislator in
See, for a general history of data protection law: D.H. Flaherty, Protecting Privacy in Surveillance
Societies. The Federal Republic of Germany, Sweden, France, Canada and the United States, Chapel
Hill and London: University of North Carolina Press 1989, and F.W. Hondius, Emerging Data
Protection in Europe, Amsterdam-Oxford: North-Holland Pub. Company 1975.
Staatscommissie bescherming persoonlijke levenssfeer in verband met persoonsregistraties KB
[Royal Decree] 21 February 1972, no. 70, Stcrt. 1972, no. 43.
See S. Simitis (ed.) Bundesdatenschutzgesetz, sixth edition, Baden-Baden: Nomos 2006.
180
Chapter 7
the UK passed its rst data protection law in 1984 and, in Ireland and the
Netherlands, the rst laws were adopted in 1988. An important goal of the socalled second generation law was to reduce the administrative obligations for data
holders. In the third period, between 1988 and 1995, a rst revision of the dierent national laws took place. These amendments emphasised self-regulation and
the withdrawal of bureaucratic rules. The fourth period, between 1995 and 2000,
was marked by the implementation of EC Directive 95/46 on data protection.
The implementation of the new rules in the Directive resulted, in the so-called
rst generation countries (France and Germany), in the second revision of their
data protection laws. The requirement that this Directive be implemented before
October 1998 forced some countries, for example Greece and Italy, to adopt their
rst data protection laws. In these latter countries, the establishment of the SIS
was another important incentive for the nal adoption of data protection law. As
we will see below, before being allowed to use this system, the Schengen States
were obliged to adopt national data protection provisions in accordance with the
rules of the Data Protection Convention of 1981 (Article 117 CISA). Finally, the
period since 2000 could be described as a new phase in data protection history.
On the one hand we see the introduction of new information technologies
including the use of biometrics, large-scale databases, machine-readable documents and the eorts of national legislators to respond to these developments. On
the other hand, as we will see in section 3.6, this period has been marked by the
recognition of data protection as an independent human right in the Charter on
the Fundamental Rights of the EU.
During these periods of development of data protection laws, dierent models
of regulation have been applied by national legislators. In a publication from
1992, Bennett distinguished between the voluntary control model, the subject
control model, the licensing/registration model and, nally, the data commissioner
model.7 The rst voluntary control model, chosen in particular in the United States
and generally in the Netherlands, emphasised self-regulation and self-surveillance,
including the appointment of data protection ocials within the private organisation. The second subject control model focused on the rights of the data subject
with regard to his or her data. Initially, the German data protection law especially
emphasised the rights of data subjects but data subjects rights, including the
right to have access to information, have now been inserted into every national
law. Thirdly, the licensing and/or registration model included the involvement of a
separate institution for the authorisation of new databases in either the public or
See, on the divergences and convergences of data protection policy: C.J. Bennett, Regulating
Privacy. Data Protection and Public Policy in Europe and the United States, Ithaca and London:
Cornell University Press 1992, p. 116 .
181
the private domain. In the UK, authorities or organisations were obliged to register their new databases with the national data protection authority. Sweden and
Norway operated a licensing system which meant that the database would have
to be authorised by the data protection authority. In France and the Netherlands,
both the licensing and the registration models applied, depending on the nature
of data processing. Fourthly, one could distinguish the data commissioner model
in which the controlling authority plays a central role with regard to the protection of secure and lawful data processing (Germany). Furthermore, a distinction
is made between countries with generally applicable laws (Germany, Austria) and
countries with a sectoral approach (for example the US and, to a certain extent
the Netherlands).
Gradually, however, the states adopted laws with a mixture of the above
elements. This mixture includes administrative rules (licensing system, administrative ne), a civil law approach including contractual agreements and informed
consent, and criminal law measures such as the ban on holding a personal le or
sanctioning the infringement of data protection rules. One important development in data protection law is the fact that the bureaucratic requirement of prior
registration and authorisation of personal les has been more or less abandoned.
The new laws contained more powers of self-regulation for the data processing
authorities and also provided for more detailed rules for the dierent sectors.
This development is to a large extent the result of a long period of trans-border
exchanges of experiences. Since the 1970s, there has been regular cross-border
exchange of ideas and solutions between national data protection experts.
However, the development of international standards and the obligation to adapt
national legislation to those standards also had a harmonising eect on national
laws. In particular, the implementation of EC Directive 95/46 reduced the
divergence between European countries.
Recommendation 509.
182
Chapter 7
10
11
Resolution (73) 22 on the protection of the privacy of individuals vis--vis electronic databanks in
the private sector and Resolution (74) 29 on the protection of the privacy of individuals vis--vis
electronic databanks in the public sector.
Bennett (1992), p. 137.
See the explanatory report to the Convention.
183
Four months after the adoption of the OECD Guidelines, the Convention for
the protection of individuals with regard to the automatic processing of personal data
was signed by the Committee of Ministers of the Council of Europe on 28
January 1981.12 The Convention entered into force on 1 October 1985. Although
the Convention in principle applies only to the automatic processing of personal
information, according to Article 3 States may, at the time of signature or later,
give notice by declaration that the Convention will also apply to non-automated
data processing. According to Article 1, the purpose of this Convention is to
secure, on the territory of each Party the rights and fundamental freedoms of
every individual and especially the right to privacy. Another important goal of
the Convention, only mentioned in the preamble, is the aim of safeguarding the
free ow of information. To reach this goal the Convention aimed to provide
harmonised rules to prevent national data protection laws from causing limitations on the free ow of information. Article 12 of the Convention explicitly forbids the State Parties from limiting trans-border data ow solely on the basis of
data protection principles.
In the framework of the Council of Europe, several recommendations were
adopted for more specic elds, for example the Recommendation regarding the
police sector of 1987 and Recommendation on the use of personal les in the
public sector of 1991.13 In 2001, the Committee of Ministers of the Council of
Europe adopted an additional protocol to the Data Protection Convention
regarding the role and powers of supervisory authorities and trans-border data
ows.14 With regard to the use of SIS, Article 117 CISA refers explicitly to the
applicability of the Data Protection Convention of the Council of Europe and to
the Recommendation of the Council of Europe on the use of personal data in
the police sector. This provision obliges the Schengen States to adopt the necessary national provisions in order to achieve a level of data protection law at least
as equal to the principles included in these instruments.
3.2. 1990: Inclusion of Data Protection Provisions in the CISA
The drafting of the CISA took place between 1987 and 1990. At that time
Germany, Luxembourg and France were the only Schengen countries which both
12
13
14
European Treaty Series (ETS), no. 108, Strasbourg 1982. Ratied by France, Germany and the
Netherlands on 24 March 1983, 19 June 1985 and 24 August 1993 respectively. Entered into
force for Germany and France on 1 October 1985, for the Netherlands on 1 December 1993.
Recommendation on the use of personal data in the police sector, No. R (87) 15 and
Recommendation on the communication of personal data held by public bodies, No. R (91) 10.
ETS no. 181, 8 November 2001, eective 1 July 2004.
184
Chapter 7
ratied the Data Protection Convention of 1981 and adopted national data protection laws. In the Netherlands, a general data protection law was adopted in
December 1988, but there was still no law on police les. The Dutch government only ratied the Data Protection Convention in 1993. Belgium and Italy
had no legislation, nor had they ratied the Convention. Finally, Spain ratied
the Convention in 1984 but has not yet adopted a data protection law. Politicians
in France and Germany in particular regarded this lack of data protection law in
some of the Schengen states as a problem for the establishment of SIS and the
exchange of police information as envisaged in the draft CISA. In May 1988, the
Central Group decided that it was necessary for the Permanent Working Group
on SIS to have contact with experts on data protection, in order to take into
account the legal conditions on SIS. This resulted in the establishment of the
Privacy Ad Hoc Group.15
The work of this Privacy Ad Hoc Group made the European data protection
authorities aware of the development of SIS. Since then, these authorities
expressed on several occasions their concerns about the lack and, later, incompleteness of data protection rules in the draft CISA.16 Initiated by the Luxembourg
data protection authority, the existing Schengen data protection authorities met
in 1988 and 1989 to discuss SIS and its consequences for data protection.
At their second meeting of 17 March 1989, the French, Luxembourg and
German data protection authorities adopted a declaration on the minimum
standards which should be fullled before SIS could become operational.17
In this declaration, the data protection authorities stated rst of all that the provisions regarding SIS should contain a clear, restrictive and denitive denition
of the content of the database, its purpose and use. Furthermore, they required
that each individual should have access to his or her data in every contracting
state and the right to correct wrong or delete inaccurate data. The processing and
use of the SIS data in each national state should be supervised by an independent
authority. A common data protection authority, composed of representatives of
the national data protection authorities of each Schengen state, would have
to supervise the general functioning of SIS and nd harmonised solutions to
15
16
17
185
18
19
SCH/I (88) 7th rev. (Dutch version). See also the draft of 16 November 1988, SCH/I (88) 7,
2nd revision (Dutch version).
SCH/I (88) 7, 12th revision (Dutch version).
186
Chapter 7
the use of data for purposes other than those provided by law would constitute a
criminal act. These proposals were not included in the nal text.
With regard to the exchange of personal information outside the scope of SIS,
as provided for in Title VI, the CISA includes its own set of rules on data protection.20 These provisions deal with the exchange of information for policy and
security purposes.
3.3. 1995: Directive 95/46 on the Protection of Personal Data
3.3.1. Protecting Individuals and Free Movement of Data
Initially, the incentive for the European Commission to develop data protection
law was related more to the concerns about the development of a European data
processing industry able to compete with the US industry, than to the protection
of individual rights.21 For example, in the communication on Community Policy on
Data Processing: Development of EC data processing industry of 1973, the Commission
stated that the development of this new industry in the EC could be impeded by
national solutions with regard to the protection of individuals.22 Before 1989, the
Commission did not forward any proposal in this eld but merely awaited the
developments on the Data Protection Convention of the Council of Europe. The
European Parliament, expressing its concerns about the rights of individuals,
repeatedly urged the European Commission to come forward with a legislative
proposal.23 The need for communitarian rules was emphasised by MEP Lord
Manseld in a speech given in 1974 stating that data processing would not stop
at the borders.24 In 1976, the European Parliament adopted a resolution demanding the development of community law to protect individual rights from technological developments. According to the European Parliament, a directive would be
absolutely necessary to guarantee maximum privacy protection and to prevent the
20
21
22
23
24
See, for a general analysis of these rules: J. Dumortier, Protection of Personal Data in the CISA,
International Review of Law, Computers & Technology 11 (1997) 93; L.F.M. Verhey, Privacy
aspects of the Convention, in H. Meijers et al., Schengen. Internationalisation of central chapters
of the law on aliens, refugees, privacy, security and the police, Leiden: NJCM 1992.
See S. Simitis, Datenschutz und Europischen Gemeinschaft, RDV 1990, No. 1, p. 323, and
R. Ellger, Datenschutz und Europischen Binnenmarkt (part I), RDV 1991, No. 2, p. 5765.
SEC (73) 4300.
See A.C.M. Nugter, Transborder Flow of Personal Data within the EC. A comparative analysis of
the privacy statutes of the Federal Republic of Germany, France, the United Kingdom and the
Netherlands and their impact on the private sector. Deventer: Kluwer Law and Taxation Publishers
1990, p. 30 .
OJ 1974, parliamentary sessions, no. 179, p. 60, cited in R. Ellger (1991), p. 59.
187
25
26
27
28
29
30
OJ C 100/27, 3.5.1976
OJ C 140/34, 5.6.1979.
Recommendation of 29 July 1981. OJ L 246/31, 29.8.1981.
OJ C 87/39, 5.4.1982.
Proposal of 27 July 1990, COM (90) 314 SYN 287. OJ C 277, 5.11.1990.
See, on the role of this case for the development of EC law, B.J. Boswinkel, De privacyrichtlijn
begrensd, SEW Sociaal Economisch Weekblad 7/8 (1993), p. 551 and S. Simitis, Datenschutz
und Europische Gemeinschaft, RDV (Recht der DatenVerarbeitung) 1990, No. 1, p. 11.
188
Chapter 7
Convention and French law.31 The fact that a national data protection authority
forced companies to reach a contractual agreement before trans-border data ows
could be allowed received much attention. The case was used to demonstrate the
consequences of having divergent levels of data protection in EC countries and
the need for more harmonised rules.
The rst draft of the EC Directive on data protection was criticised by a powerful lobby of private organisations and companies. These organisations considered
the Directive too restrictive and too impractical for implementation.
An amended proposal was submitted in 1992, taking into account the amendments of the European Parliament. The nal Directive was adopted by the Council
on 24 October 1995.32 This Directive 95/46 was to be implemented by the Member
States before 1 October 1998. This deadline for implementation was exceeded by
several countries and the European Commission started proceedings on the basis
of Article 226 EC Treaty against Germany, France, Ireland, Luxembourg and the
Netherlands.33 In other countries, such as Italy (1996) and Greece (1997), the
obligation to implement the EC Directive coupled with their desire to accede to
the Convention Implementing the Schengen Agreement forced the legislators to
proceed with the adoption of their rst national data protection laws. With regard
to the enlargement of the EU by Central and Eastern European states, it was agreed
in the so-called Copenhagen criteria of 1993 that these candidate states were
committed to having Directive 95/46 transposed into their national laws by the
time of their accession. In the rst evaluation report on the Directive of 2003, the
European Commission concluded that all candidate member states, except Turkey,
had passed legislation in the eld of data protection.34
3.3.2. Scope and Applicability of Directive 95/46
In the 2003 evaluation report on the implementation of Directive 95/46, the
Commission recognised that some provisions of the EC Directive were not clear
31
32
33
34
189
35
36
37
190
Chapter 7
38
39
40
Amendments will only enter into force after acceptance by all Parties to the Convention. See:
http://www.coe.int/T/E/Legal_aairs/Legal_co-operation/Data_protection/Documents/.
Source: Treaty Oce Council of Europe: http://conventions.coe.int (consulted in June 2007).
OJ L 008, 12.01.2001.
191
41
42
43
44
45
192
Chapter 7
46
47
48
49
50
10968/00, 30 August 2000, see for the statement of reasons: 10968/00 ADD 1 of 31 August
2000.
See 6316/01, 16 February 2001 and 6316/2/01, 12 April 2001.
Working document, no document number, see Conclusions Meeting JHA Council, 56 June
2003, 9845/03 (Presse 150), p. 32.
Spring Conference of European Data Protection Authorities, Krakow, 2526 April 2005.
COM (2005) 475 n. See also, on this proposal, the Working Document of the rapporteur
Martine Roure of the LIBE Committee of the European Parliament, 7.2.2006.
193
Crime of the EU Council.51 In December 2006 the JHA Council discussed a new
text proposal by the Finnish Presidency.52 In conclusion, one could say that the
original proposal of 1998 to provide for a data protection tool for the third pillar
resulted in a new instrument which extended the powers of national authorities to
exchange personal information.
3.6. Article 8 of the EU Charter: Data Protection as a Human Right
An important milestone in the development of data protection law has been the
inclusion of data protection as a fundamental right in Article 8 of the EU Charter
of Fundamental Rights of the European Union of 2000.
Article 8 EU Charter reads:
1. Everyone has the right to the protection of personal data concerning him
or her.
2. Such data must be processed fairly for specied purposes and on the basis of
the consent of the person concerned or some other legitimate basis laid down
by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectied.
3. Compliance with these rules shall be subject to control by an independent
authority.
Before 2000, few attempts were made to insert data protection as a new fundamental right into the ECHR. In 1979, the International Union of Lawyers
adopted a resolution which proposed adding a regulation on the exercise of
Article 8 ECHR in the eld of automated data processing.53 In February 1980,
the Parliamentary Assembly of the Council of Europe recommended that the
Committee of Ministers study the option of including a provision in the Human
Rights Convention on the protection of personal data, either by amending
Article 8 or Article 10 or by including a new Article.54 This initiative was
supported by the European Parliament.55
51
52
53
54
55
This was also stressed by Lord Avebury, speaking at the Joint Parliamentary Meeting on EU
developments in the area of freedom, security and justice at the European Parliament, 3 October
2006, published at: http://www.statewatch.org.
13246/4/06. See also the version of 24 April 2007, 7315/1/07, referred to below, in section 8.8.
Hondius (1975), p. 179.
Recommendation 890 (1980), 31st Session Document 4472, Document 4484.
Sieglerschmidt report of 8 March 1982, 19811982, Document 1548/81.
194
Chapter 7
At a national level, the right to data protection was only directly or indirectly
protected by the constitution in a few countries. The Portuguese Constitution of
1976 provided for a right of knowledge regarding the automated processing of
personal data and a ban on the use of personal ID numbers. In other countries,
the right to data protection remained closely linked to the constitutional right to
privacy. As we will see in Chapter 12, in Germany, the informational self determination right acquired constitutional protection with the Census judgment of
1983. Furthermore, the so-called Verfassungsbestimmung in the Austrian Data
Protection Law of 1978 referred to the right of everyone to the condentiality of
his or her personal data, especially concerning his or her private or family life.
Both the Spanish Constitution of 1978 and the Dutch Constitution, since its
revision in 1983, attributed the constitutional task to the legislator of regulating
the use of information technology and the protection of private life.56
The inclusion of the right to data protection as a fundamental right in the EU
Charter of 2000 conrms that data protection is not merely a code of conduct,
but an individual right to be considered independently of the right to private life
laid down in Article 7 of the EU Charter. According to the Commission, the
incorporation of the right to data protection in the EU Charter also gives added
emphasis to the fundamental rights dimension of EC Directive 95/46 on data
protection.57 In June 2006, in the judgment on the Family Reunication Directive
2003/86, the ECJ emphasised that Member States themselves declared that they
are bound to observe the principles as recognised in the EU Charter, including the
right to private life protected in Article 7.58 The ECJ referred to the second recital
of the preamble to the Family Reunication Directive in which the EC
legislator stated that the principles of the Charter should be observed. Secondly,
the ECJ pointed to the fact that the Charter is a rearmation of the constitutional
traditions and international obligations common to the Member States.
56
57
58
195
provide a clear-cut denition of the rights and interests of the individual concerned. In 1992, Bennett described privacy as a notoriously vague, ambiguous,
and controversial term that embraces a confusing knot of problems, tensions,
rights and duties.59 According to Bennett, in both English-speaking and other
countries, the word privacy (or informational privacy) has long been used to
add popular appeal to statutes that essentially perform the same functions as
European data protection laws. Laws regulating the processing and use of
personal information were therefore generally presented as privacy laws. On the
other hand, the word data protection has been criticised as well for being too
technical and esoteric, a word which would mean little to the average citizen.60
For example, data protection would not explain that the goal of this law is to
protect persons instead of data.61 To distance themselves from the conceptual
problems of both privacy and data protection, commentators advocated the use
of fair data processing principles, fair use of personal information or IT principles of fair administration as more adequate denitions. As long ago as 1972, the
Younger Committee in its report on Privacy in Great Britain recommended the
adoption of fair information principles.62 In 1973, the American Committee
on Automated Personal Data Systems, in its report Records, Computers and
Rights of Citizens conrmed the necessity for fundamental principles of fair
information practice.63
A brief analysis of the main goals of data protection can be useful in explaining the central principles of data protection implemented in national and
European data protection law. These principles will then be elaborated in
section 5. Although I realise that other goals could be dened as well, in my view
data protection law in general serves three goals. The rst goal is the protection
of the individual and, more specically, the protection of his or her right to privacy. This right includes the right to be left alone, the right to liberty and the
right to informational self-determination. The second goal of data protection has
a much broader scope and includes the protection of the rule of law. For this
purpose, the concept of the rule of law should be interpreted widely, similar to
the German and Dutch concepts of Rechtsstaat. In this meaning, the rule of law
refers to a legal order in which the powers of the state (and possibly of civil
59
60
61
62
63
196
Chapter 7
actors) are constrained for the protection of rights and liberties and the equality
and legal security of individuals.64 This concept of the rule of law includes the
principle of division or balancing of powers, the protection of human rights and
a democratic legal order. By emphasising this goal separately, it becomes clear
that data protection law not only protects the individual, but also the community of individuals as a whole. The third goal of data protection law is, in my
view, the safeguarding of the principles of good governance or good administration. This goal protects the interests of both the data subject and the data
controller.
4.1. Protecting the Individual: The Right to Privacy
4.1.1. From the Right to be Let Alone to the Right of Personal Liberty
In the early discussions, in the 1970s and 1980s, dialogue on the issue of data
protection often began with a reference to an article by Samuel Warren and Louis
Brandeis in the Harvard Law Review in 1890.65 This essay, in which the two
American judges commented on the intrusive practices of newspaper reporters,
provided a rst doctrinal elaboration of the defence of privacy and portraiture
with regard to slander and intrusive press publications. Their considerations on
the right to privacy or the right to be let alone and their proposals for individual redress for invasions of this right formed a basis for the development of a
legal right of individuals for the protection of their personal information.
As we have seen in Chapter 6, the ECtHR applied the right to private life as
protected in Article 8 ECHR to assess the lawfulness and proportionality of data
processing and for protecting the individual against unlawful intrusion by
governmental authorities. With regard to the relationship between citizens and
government, it is clear that this right not only entails protection of the secrecy of
private life, but also the liberty of ones private life.66 In the Klass case of 1978,
concerning secret surveillance measures by the German government, the ECtHR
explicitly referred to the relationship between Article 8 ECHR and the freedom
64
65
66
Ph. Kunig, Das Rechtsstaatsprinzip: berlegungen zu seiner Bedeutung fr das Verfassungsrecht der
Bundesrepublik Deutschland, Tbingen: Mohr (Siebeck) 1989; M. Burkens (et al.), Beginselen van
de democratische rechtsstaat, Alphen aan den Rijn: Kluwer 2006, and D.J. Elzinga, De democratische rechtsstaat als ontwikkelingsperspectief. Over machtsregulering als ontwikkelingslijn, in:
J.W.M. Engels, E.M. Middel (eds), De rechtsstaat herdacht, Zwolle: W.E.J. Tjeenk Willink 1989.
S.D. Warren and L.D. Brandeis, The Right to Privacy, Harvard Law Review, Vol. IV,
15 December 1890, no. 5. Downloadable from http://www.lawrence.edu/fast/boardmaw/
Privacy_brand_warr2.html.
See also P. Kayser, La protection de la vie prive, Marseille: Economica Presses Universitaires
dAix-Marseille 1990, p. 17 .
197
of communication.67 In both the Niemietz and the Rotaru cases, the Court
emphasised that the right to private life must also to a certain extent include the
right to establish and develop relationships with other human beings.68
In the judgment Rechnungshof v. sterreichischer Rundfunk and Others (see further below), the ECJ explicitly stated that EC Directive 95/46 must be interpreted in accordance with the right to private life as protected in Article 8
ECHR.69 According to the ECJ, if national courts were to conclude that the
national legislation with regard to the processing of personal data is incompatible
with Article 8 of the Convention, that legislation would also be incapable of satisfying the requirement of proportionality in Articles 6(1)(c) and 7(c) or (e) of
Directive 95/46.70 In the same paragraph, the ECJ ruled that each of the exceptions included in Article 13 of that Directive must comply with the requirement
of proportionality with respect to the public interest objective being pursued. In
the words of the ECJ: that provision cannot be interpreted as conferring legitimacy on an interference with the right to respect for private life contrary to
Article 8 of the Convention.
In the famous population Census decision or Volkszhlungsurteil of 1983, the
German Constitutional Court also emphasised this more external aspect of
private life.71 In this judgment, which has been extremely important for the
discussions at international level and in other countries, the German Court
emphasised the need for data protection to protect individual liberty. The
Constitutional Court made it clear that even a persons awareness that his or her
movements are being watched could aect his or her freedom to move or act. In
the words of the Constitutional Court: Anyone who is uncertain whether his or
her deviating behaviour will always be noted and recorded, used or transmitted
in the longer term, will try to not attract attention by such behaviour. Anyone
who is concerned, for example, that his participation in a gathering or civil action
67
68
69
70
71
Judgment of 6 September 1978, appl. no. 5029/7. Compare the Pfeifer vs. Austria case concerning the right of correspondence of detained persons, 25 February 1992, Series A, no. 227, in
which the Court conrmed the link between privacy and the individuals liberty, stating that the
protection of secrecy of communication in Article 8 ECHR protects not only the content of this
correspondence, but also the freedom to correspond.
Niemietz v. Germany, judgment of 16 December 1992, Series A, 251B, Rotaru v. Romania,
4 May 2000, appl. no. 28341/95, Reports 2000-V. See also Chapter 6.
Rechnungshof v. sterreichischer Rundfunk and Others, Joint Aairs C-465/00, C-138/01 and
C-139/01.
C-465/00, para. 91.
Judgment of 15 December 1983, 1 BvR 209/83, BVerfGE 65. To be discussed further in
Chapter 12 on Germany.
198
Chapter 7
could be recorded by the government and that this will involve risks for him,
may refrain from exercising his constitutional rights. () This would not only be
detrimental to the possibilities for individual self-development, but also to the
public interest [common well-being], because individual self-determination is a
basic condition for the functioning of a democratic society, based on the freedoms
of citizens to act and to cooperate.72
Individual liberty, as one of the rights to be protected by data protection law,
is also incorporated into the French data protection act, to be described in
Chapter 11. According to Article 1 of this French law, information technology
should not infringe upon human rights, including the right to privacy and
individual or public liberties.
Looking at the principles of data protection law described in section 5, the
right to privacy is reected, for instance, in the principle of purpose limitation
which protects an individual from unauthorised access to his or her data.
Furthermore, it is protected by the special safeguards with regard to sensitive
data and by individual participation rights.
4.1.2. Informational Self-determination
Since the 1960s, new theories have emerged on the relationship between an individual and his or her personal information, which go beyond the protection of
secrecy and liberty of ones private life. In his Privacy and Freedom, published in
1967, the American author Westin gave a new denition of privacy which
implied the right of an individual to control the further dissemination of his or
her personal information. Westin described privacy as the claim of individuals,
groups, or institutions to determine for themselves when, how, and to what
extent information about themselves is communicated to others. Westins publication was inuential in the discussions on data protection law, not least because
it described general developments in (American) society posing a risk to personal
privacy. These developments included new practices of eavesdropping, the experiments at that time with polygraphs or lie detectors, the new use (including by
private corporations) of personal testing for employment purposes and the
expanding practice of large-scale data collection, facilitated by the automation of
data processing. In the European discussion, Westins publication was especially
important because of his more active approach of the individual and his rights to
deal with the new problems caused by automated data processing.
In its jurisprudence, the ECtHR recognised the right of individuals to
control to a certain extent the use and registration of their personal information.
72
199
These conclusions dealt not only with claims for the deletion of personal data
from public les (for example, Leander or Segerstedt-Wiberg), but also with the
right to have access to personal les (Gaskin). The Court also recognised the
right of persons to have their personal data in public les changed in accordance
with their feelings or wishes.73 In Germany and, to some extent, in other countries too, the right to informational self-determination became embedded in
the aforementioned Volkszhlungsurteil of the Constitutional Court. The Court
described the so-called informationeller Selbstbestimmungsrecht as the power
of individuals to decide in principle about the providing and use of his or her
personal data.
At national level, governments adopt an ambivalent attitude towards this concept of informational self-determination. In the Netherlands, for example, the
government explicitly rejected the recognition of a constitutional right to informational self-determination, fearing that such a right would tilt the balance
between the individual and the state too far in favour of the data subject.74 On
the other hand, the concept of autonomy and the right of individuals to control
their own data was later used in order to justify governmental plans for multifunctional ID cards. These cards, to be used in health care, were linked to several
proposals from the right for individuals to control the use of their personal information.75 In 2001, a digital locker was even proposed, enabling each citizen to
decide which information could be forwarded to which authority.76
The right to informational self-determination should be distinguished from the
so-called ownership principle, giving individuals an unlimited and absolute right
regarding their data.77 Such a right, similar to a right of copyright or property, has
been advocated especially in the eld of private relations, for example with regard
73
74
75
76
77
For example, in Goodwin v. UK (dealt with in Chapter 6, section 3.2) with regard to the
registration of a transsexual who wanted to have the information about his sex changed in the
governmental les.
Handelingen Tweede Kamer (proceedings of Dutch lower house), 19971998, 25 892, no. 3,
p. 9, cited in P. Blok, De splitsing van privacy. Advies over het grondrecht op privacy in het digitale tijdperk, Ars Aequi 50 (2001) 6, p. 438.
Commissie ICT en Overheid (Commissie Docters van Leeuwen), Burger en overheid in de informatiesamenleving: de noodzaak van institutionele innovatie, The Hague: 2001.
Adviescommissie Modernisering GBA (Commissie Snellen), GBA in de toekomst: Gemeentelijke
basisadministratie als spil voor toekomstige identiteitsinfrastructuur, The Hague: 2001.
The ownership theory is formulated by the French author P. Catala in: Ebauche dune thorie
juridique de linformation, Revue de droit prospectif, 1983, no. 1. An analysis of the discussions
on this ownership principle is given in: K. Benyekhlef, La protection de la vie prive dans les
changes internationaux dinformations, Montral: Ed. Thmis 1993, p. 38 .
200
Chapter 7
to the commercial use of personal information or the right to publicity in the eld
of media law.78 However, in general, an unlimited interpretation of the ownership
principle has not been considered realistic.79 It would for example not be feasible
for a data user to be obliged to seek approval from the data subject for every use of
his or her data, since this would ignore the fact that such relations are not (always)
free interaction or communication.80
The data protection provisions on the right of access, correction and deletion
of personal data, to be discussed below, can be considered an example of the
implementation of the right of an individual to control ones data or the right to
informational self-determination. This right is also reected in the principle of
the prohibition of automated decision-making.
4.2. Protecting the Rule of Law
4.2.1. Balance of Powers
According to the preamble to the Data Protection Convention, the rule of law is
one of the goals of data protection law. The explanatory memorandum to this
Convention explicitly refers to the necessity of data protection as a tool of balancing powers. As far back as 1967, in his Privacy and Freedom, Westin pointed out
the consequences of the new developments on the automation of databases for the
balance of powers between citizen and government.81 According to Westin, the
increased collection and processing of information for diverse public and private
purposes, if not carefully controlled, could lead to a sweeping power of surveillance by government over individual lives and organisational activity. His view
that data protection is a necessary instrument to ensure the balance of powers or
equality of arms (Waengleichheit) is still or perhaps even more true for the use of
information technology in the 21st century. The importance of protecting the
individual against any misuse of powers by the government was emphasised by
78
79
80
81
J.C.S. Pinckaers, From privacy toward a new intellectual property right in persona: the right of publicity (United States) and portrait law (Netherlands) balanced with freedom of speech and free trade
principles, The Hague: Kluwer Law International 1996.
See also L.A. Bygrave, Privacy Protection in a Global Context - A Comparative Overview,
Scandinavian Studies in Law, 2004, vol. 47, p. 324.
Y. Poullet, Data Protection between Property and Liberties. A Civil Law Approach, in:
H.W.K Kaspersen and A. Oskamp (eds.), Amongst Friends in Computers and Law. A Collection
of Essays in Remembrance of Guy Vandenberghe, Deventer/Boston: Kluwer Computer/Law Series
1990, p. 161 .
Westin (1967), p. 158.
201
82
83
84
202
Chapter 7
change in the distribution of powers among governmental bodies. Later, the principle of informational division of powers became more important for protecting
the rights of individuals, rather than those of the lower governments. On a political level, the choice in favour of decentralised public administrations was especially meant to alleviate citizens fears of central databases. German scholars
advocated a more general theory of prohibition to exercise control through the
use of information beyond organisational borders.85 Such an informational division of powers was however contrary to the constitutional principle of Amtshilfe
obliging public authorities to cooperate and exchange information, under certain
circumstances, with other governmental authorities (Art. 35 GG).86 In the Census
case or Volkszhlungsurteil of 1983, the German Constitutional Court however
acknowledged the importance of an informational division of powers.87 The
Court held in this judgment that the public administration does not constitute
one informational unit (Informationseinheit) in which personal data can be
freely exchanged. According to the Court, it is the task of the legislator to provide
guarantees against alienation of purpose or Zweckentfremdung.88
The informational division of powers is mainly reected in the data protection
principle of purpose limitation. This, as we will see below, obliges authorities to
dene the purpose of their data processing. In principle, the use or disclosure of
information for anything other than the original purpose is limited.
4.3. Data Protection as an Obligation for good administration
The principle of good administration or governance refers to the duty of administrative authorities to take measures aimed at protecting data les from unauthorised
access, or security measures which should prevent the loss or destruction of stored
information. Generally, of course, this principle applies to the relationship between
enterprises and their clients or employees as well but, for our purposes, I focus on
the relationship between the government and its citizens. The goal of good administration is related to the abovementioned concepts of fair information principles
or fair use of personal information.
Good administration serves in the rst place the interests and rights of individuals or the data subjects. The right to good administration is included as
85
86
87
88
203
204
Chapter 7
to the success of the police and judicial cooperation itself. In many aspects, both
public interests go hand in hand.89
The goal of good administration is ensured rstly by the data protection principles of security and accountability. However, the accuracy and reliability of
data processing is also served by the rights of individuals to apply for access,
correction or deletion of their personal data.
89
90
In its opinion of 19 December 2005 on the draft Framework Decision for Data Protection in
the third pillar, OJ C 47/27, 25.2.2006, consideration 5.
See, for example the six core fair information principles of Bennett: principles of openness,
individual access and correction, collection limitation, use limitation, disclosure limitation and
security, Bennett (1992), p. 101 .
205
7. security;
8. accountability;
9. non-discrimination.
Considering recent proposals or comments on data protection, one will see that
the principles developed more than twenty-ve years ago are still the guiding
standards. For example, the explanatory memorandum to the proposal for a
Framework Decision on data protection in the third pillar refers to the general
rules on the lawfulness of processing of personal data, including not only the
principles mentioned above, but also emphasising the liability of data controllers
and the possibility of imposing sanctions by supervisory authorities.91
Furthermore, the European Data Protection Supervisor repeatedly refers to the
general data protection principles.92 In the following sections, I will consider
whether these principles have been incorporated into the CISA. The right of
access to legal remedies under data protection law is discussed separately in
section 7 of this Chapter.
5.1. The Principle of Purpose Limitation
Purpose limitation is one of the central principles of data protection. According
to Article 6.1 (b) of EC Directive 95/46, personal data must be collected for
specied, explicit and legitimate purposes and must not be further processed in a
way incompatible with those purposes. As we will see below, this principle
includes dierent layers of protection. Firstly, it prohibits the collection of personal data for unknown or unspecied purposes. Secondly, it prohibits the use or
disclosure of personal information for purposes other than the specic purpose
for which the data have been collected. Thirdly, the principle of purpose limitation provides that data should not be retained any longer than is necessary for the
specied purpose. Purpose limitation is closely linked to the principle of purpose
specication (see section 5.2) which implies that data holders should specify and
make transparent the purposes of the relevant data processing. Both the purpose
limitation and the purpose specication principle reect the idea that data
processing should be foreseeable for the data subject and should not go beyond
the reasonable expectations of the person concerned.93 As we have seen above, in
91
92
93
206
Chapter 7
its jurisprudence on the protection of the right to private life, the ECtHR explicitly emphasised the importance of foreseeability with regard to the processing
of personal data by governmental authorities.94
5.1.1. Ban on aimless data collection
The ban on aimless data collection or Verbot pragmatikloser Datensammlung as
dened by Podlech, refers to the principle that personal data should not be collected or stored without the prior specication of the goal of this data processing.95
According to this principle, the gathering of information just to keep these data
in stock for future unspecied purposes is prohibited. The ban on aimless data
collection is closely linked to the principle of purpose specication, described
below. In the Council of Europe Recommendation R (87) on police les, this
principle is explicitly included with regard to data processing for criminal investigation procedures. According to principle 2.1 of the Recommendation on police
les, the collection of personal data for police purposes should be limited to such
as is necessary for the prevention of a real danger or the suppression of a specic
criminal oence. The Recommendation therefore prohibits the general collection
of data, unrelated to any specic criminal investigation. The importance of the
principle of if there is no crime, there is no investigation, was conrmed in the
second evaluation of the Recommendation R (87) in 1998.96 This evaluation
describes the matching of police data gathered in the course of criminal investigations based on vast numbers of persons, completely unrelated to any crime.
According to the conclusions of this evaluation, these general data surveillance
checks should be limited to specic cases described in national criminal law and
be granted on the basis of a specic mandate from the judiciary.
The purpose of the SIS is described in Article 93 CISA, in conjunction Articles
95 to 99.97 Where Article 93 includes the general goal of SIS, Articles 95 to 99
give for each category of data to be stored in SIS the purpose for which these
data are to be used. According to Article 93, the purpose of the Schengen
Information System is to maintain public policy and public security, including
94
95
96
97
207
national security, in the territories of the contracting parties and to apply the
provisions of this convention relating to the movement of persons in those territories, using information communicated via this system. This purpose, which is
very broadly dened, makes it clear that SIS was intended rstly as tool for the
police for maintaining the public order and security and, secondly, as a tool to
control the movement of persons across borders. What is important is the general principle of Article 94 CISA, which states that SIS should only include such
data as are necessary for the purposes of Articles 95 to 100. This explicit requirement is important because it forces the contracting parties, forwarding data, to
investigate whether the interest of the case justies registration in the SIS.
5.1.2. Legitimacy of Purpose
The principle of purpose limitation not only requires the availability of a specic
goal for data processing, but also implies the legitimacy of this goal. This principle of a legitimate purpose is included in Article 5 of the Data Protection
Convention. EC Directive 95/46 goes further, with the inclusion of a limitative
enumeration of purposes for which personal data may be processed. According
to Article 7 of the EC Directive, data processing is legitimate if:
the data subject has given his consent;
the data processing is necessary for a contract to which the data subject is a
party;
the processing is necessary for compliance with a legal obligation to which
the controller is subject;
it is necessary in order to protect the vital interests of the data subject; or
for the performance of a task in the public interest or in the exercise of an
ocial authority vested in the controller or in a third party to which the data
are disclosed and, nally;
when processing is necessary for the legitimate interests of the controller or
the third party to whom the data are disclosed, except where such interests are
overridden by the fundamental rights and interests of the data subject.
According to these criteria, it is not always necessary for data processing by
public authorities to be explicitly provided for by law. For example, a legal basis
is not required if data processing is necessary to protect the vital interests of the
data subject or if this is necessary in the public interest or in the exercise of an
ocial authority vested in the controller or in a third party to whom the data
are disclosed. The general provision in Article 6 (1) (a) of the EC Directive only
requires that data must be processed fairly and lawfully. This does not mean
that data processing always must have a legal basis, but only that it should not
be fair and not in breach of the applicable law. However, as we have seen in
Chapter 6, in its jurisprudence on Article 8 ECHR, the ECtHR dened more
208
Chapter 7
stringent criteria with regard to the legal basis of data processing, for the
purpose of transparency and to ensure the accessibility of legal remedies.98
With regard to the legitimacy of the purpose of SIS, Article 93 CISA provides
that the use of SIS should be in accordance with the provisions of the CISA.
With regard to the more specic criteria, as provided in Articles 95 to 99, these
provisions only include the criterion that the decision to report somebody in SIS
should be in accordance with the national laws.
Article 94 CISA further includes the rule that if a contracting party considers an
alert entered in SIS based on Article 95, 97 or 99 in breach of its national law, international obligations or other prevailing national interests, this country may mark
this alert to prevent action on the basis of this alert occurring on its own territory.
5.1.3. Use or Disclosure Limitation
The principle of use or disclosure limitation implies that personal data should
not be used or transmitted for purposes other than the initial purpose dened at
the time of data collection or storage. In general, this purpose limitation principle is not very strictly dened. For example, Article 6 (1) (b) EC Directive 95/46,
allows for the use or disclosure of information for purposes which are not
incompatible with the initial purposes. Of course, this criterion can be applied
in various ways. It allows data holders to dene very broadly the purposes of
their databases or the authorities or users who have access to them. In practice, it
will often be dicult for individuals and data protection authorities to enforce or
control this principle. For example, it is not always easy to establish which use of
the information at stake is incompatible with the original purposes.
Considering the general goals of data protection, including the protection of the
rule of law and preventing the concentration of power, the principle of use or disclosure limitation is closely linked to the prohibition of dtournement de pouvoir in
administrative law. In their relations with governments, in particular, persons
should have a guarantee that information given to one authority is not automatically available to other authorities as well. In other words, this principle should to a
certain extent safeguard the informational division of powers, as described above.
Articles 101 and 102 CISA are the central provisions regulating the authorities potential access to the data in SIS. Article 101 provides that access to the data
entered in SIS and the right to search data directly shall be reserved exclusively
for the authorities responsible for either border checks or other police and customs checks carried out within the country and the coordination of such checks.
98
209
99
See the lists of competent authorities which are authorised to search the data contained in the
Schengen Information System directly, pursuant to Article 101(4) of the CISA, at the public
register of the Council: http://register.consilium.eu.int/utfregister/frames/introfsEN.htm,
July 2003, 5002/00; 11788/01; 6265/03.
210
Chapter 7
The CISA provides for dierent time limits for the storage of data in SIS,
depending on which category of data this concerns. According to Article 112
CISA, personal data for the purpose of tracing persons may only be kept for the
time required to meet the purposes for which they were supplied. For this category of data, the authority which issued the alert is obliged to review the necessity
of further storage no later than three years after they were reported to SIS.100
If the issuing state does not explicitly state that further storage is necessary, the
data will automatically be deleted after this period of three years. For persons
whose data are stored for the purposes of Article 99 (discreet surveillance or
prosecuting criminal oences, prevention of threat to public order) this review
period is xed at one year. The time limit for the storage of data on objects is
10 years (Article 113). The provisions in CISA do not restrict the number of times
the storage of data in SIS may be extended. In practice, this allows the participating
states to keep data on individuals in SIS on a permanent basis. Another loophole
with regard to the time limits applicable to SIS is caused by the practices of
national SIRENE oces. As described above, the functioning of SIS is complemented by SIRENE bureaux, which hold additional information les alongside
the SIS alerts. According to the SIRENE manual, if a SIS alert is deleted from
SIS, the corresponding dossier with SIRENE should be destroyed as well, at least
as far as possible. This latter exception has been used by Schengen states to keep
SIS information in their local intelligence les, even after its removal from SIS.
Article 102 (2) CISA precludes alerts issued by one state from being copied from
the NSIS to the national les of another state. However, issuing states can, even
when data are removed from SIS, preserve those data in their national les.
With regard to SIS II, the German government proposed in 2000 replacing the
maximum time limits for the storage of data by time limits for reviewing the need
of further storage.101 In a meeting of 20 June 2002, the Econ Council concluded
that there should be no extension of the duration of alerts and no replacement of
the maximum deadlines by review deadlines.102 The Council recommended
however that where national law allows such extension of time limits, this should
be done via national technical procedures. One year later, the JHA Council,
in their meeting of 56 June 2003, decided that the applicable time limits had to be
100
101
102
According to Article 113, for data other than referred to in Article 112, data may kept for a
maximum of ten years, with the exception of identity papers and suspect banknotes, which
may be kept for ve years, and data on motor vehicles, trailers and caravans, to which a time
limit of three years is applicable.
11538/00, 20 September 2000.
10089/02 (Press 181).
211
modied without specifying how.103 The original proposal of the Commission for
the SIS II Regulation provided for automatic erasure after ve years. This has been
changed in the nal text of the Regulation 1987/2006. According to Article 29 (2),
Member States issuing an alert must review the need to keep it within three years of
its entry in SIS II. Furthermore, Article 29 (3) provides that where appropriate
Member States must set shorter review periods. Important is the new provision in
Article 29 (4) stating that a decision to keep an alert longer in SIS II must be based
on a comprehensive individual assessment. This assessment must be recorded.
The principle of time limits must be distinguished from rules stating that personal data have to be deleted from certain les after the change of status of the person concerned. For example, Article 7 and 10 of the Eurodac Regulation 2725/2000
provides that, when an asylum seeker acquires citizenship of any of the Member
States or has been issued a residence permit, his or her data have to be deleted from
Eurodac as soon as the Member State of origin becomes aware that this person
acquired such citizenship or residence permit. As we have seen above, a similar rule
has been included in Article 30 of the Regulation 1987/2006 on SIS II.104
5.2. Transparency Purpose Specication
One of the most important clues for legal protection for individuals is knowing
which authority or organisation is collecting and using their personal information.
This transparency is secured, rstly, by the obligation upon data owners to
publish the fact of data processing by any means: legal basis, registration with the
data protection authority, or submitting written information to the data subject.
This principle is laid down in Article 5b Data Protection Convention which states
that personal data undergoing automatic processing shall be stored for specied
purposes. This is further explained in consideration no. 42 of the explanatory
report to the Convention, which states that the reference to purposes in Article
5 indicates that data should not be stored for undened purposes; however, the
way in which the legitimate purpose is specied may vary in accordance with
national legislation.
The principle of purpose specication is also included in Article 6 (1) (b) of
EC Directive 95/46, stating that personal data must be collected for specied,
explicit and legitimate purposes. Purpose specication is also secured by the right
of data subjects to be informed before, during or after the collection of personal
information of the purpose for which the data are stored and of the recipients of
this information (see section 5.5).
103
104
212
Chapter 7
213
105
106
S. Simitis, Revisiting Sensitive Data. Review of the answers to the Questionnaire of the
Consultative Committee of the Convention for the Protection of Individuals with regard to
Automatic Processing of Personal Data (ETS 108), Strasbourg, 2426 November 1999.
See L.F. Verhey, Privacy aspects of the Convention in: H. Meijers (1992).
214
Chapter 7
107
215
216
Chapter 7
108
Draft document of 7 August 1989, SCH/I (88) 7 12th revision (Dutch version); see also
Dumortier (1992), p. 160.
217
This information must be provided in writing, together with a copy of or a reference to the national decision giving rise to the alert in SIS II. Article 42 (2) of
the SIS II Regulation allows for exceptions to this right of information, which
go further than those provided in the EC Directive 95/46. Firstly, the information must not be provided where (i) the personal data have not been obtained
from the third-country national in question; and (ii) the provision of the information proves impossible or would involve a disproportionate eort. Secondly,
the information must not be provided where the third country national in question already has the information. Thirdly, there is no duty to inform the data
subject where national law allows for the right of information to be restricted,
in particular in order to safeguard national security, defence, public security and
the prevention, investigation, detection and prosecution of criminal oences.
5.5.2. Right to Request Correction, Deletion or Blocking of Further Processing
Article 8 of the Data Protection Convention of 1981 includes the right of a data
subject to obtain the correction or erasure of personal data if the data have been
processed contrary to the national law implementing the data protection principles. Article 12 (b) of Directive 95/46 includes, aside from the rights of rectication and erasure, also the right to ask for blocking of data. This includes the right
to demand that the data are not further processed or transmitted to other parties
if the data processing does not comply with the provisions of the Directive.
Article 12 (b) of the EC Directive provides that the data controller may be asked
to notify third parties to whom the data are disclosed of any rectication or erasure on behalf of the person concerned unless this proves impossible or involves
a disproportionate eort.
Article 14 EC Directive further gives individuals the right to object to data
processing on compelling legitimate grounds relating to his particular situation.
According to this provision, this right applies at least with regard to data
processing as described in Article 7 (e) and (f ) of the Directive. These provisions
refer, respectively, to data processing necessary for the performance of a task carried out in the public interest or in the exercise of ocial authority and processing by the controller or third party or parties to whom the data are disclosed, for
the purposes of their legitimate interest. Furthermore, Article 14 gives individuals
the right to object, upon request and free of charge, to data processing for the
purposes of direct marketing. Only with regard to this latter objection, the
Directive requires Member States to take the necessary measures to ensure that
data subjects are aware of their right of objection. In practice, it will be dicult
for an individual to apply this right of objection with regard to data processing by
public authorities. This requires not only that an individual be aware of this right,
but also that he or she be able to put forward compelling grounds, based on
which his or her personal data should not be processed further.
218
Chapter 7
109
219
5.7. Security
The duty to secure personal information against destruction, loss or unauthorised access is not new. Even with regard to manual les and archives containing
personal information, it is generally accepted that the person, organisation or
authority holding these les should take precautionary measures to protect the
information. Especially in certain elds such as in health care or the police sector,
it is considered as normal for these les to be kept in special safe-deposit boxes.
What actually changed is that the introduction of information technology
requires new technical and organisational safeguards. Article 7 of the Data
Protection Convention obliges the state parties to ensure that data holders are
taking the appropriate security measures to protect against accidental or unauthorised destruction or accidental loss, as well against unauthorised access, alteration or dissemination. Article 17 of EC Directive 95/46 refers to the duty of
appropriate technical and organisational measures. These rules do not include
details on which kind of measures should be taken. It is therefore unclear when
data processors or data controllers can be held responsible or accountable (dealt
with in section 5.8) for damages due to faulty or inadequate security measures.
With regard to the use of SIS, Article 118 CISA describes certain security
measures which should be implemented by the contracting parties. For instance,
it stipulates that the states should take appropriate measures to prevent access
by unauthorised persons to the systems used for the SIS and to prevent
unauthorised access, change, deletion or use of the data stored.
In its annual reports, the Joint Supervisory Authority (JSA) devoted much
attention to the necessary safeguards to protect the security of CSIS and SIRENE
oces. Responding to an incident in 1997, when an ocer at the Belgian
SIRENE oce leaked personal information to criminal organisations, the JSA
decided at its meeting of 12 December 1997 to investigate the security measures
taken in the dierent countries.110 Based on the reports forwarded by the national
authorities, the JSA concluded that complementary measures were still necessary.
Among other things, the JSA advised the authorities to take the following
measures: encryption of information which is kept on data carriers; intensication of the measures to guarantee that only authorised ocials are gaining access
to the information in SIS; check the reasons for SIS inquiries at regular intervals;
appointment of an ocial responsible for security, and the adoption of security
measures which should be identical for each national SIRENE bureau.
110
Third activity report of the JSA, March 1998March 1999, Brussels, 9 March 1999, SCH/
Aut-cont (99) 8.
220
Chapter 7
In 2006, the European Data Protection Supervisor (EDPS) completed its rst
inspection report of the Central Unit of Eurodac.111 This inspection focused on a
number of security aspects, including risks and incident management, security of
communications and physical access control. According to the press release, the
EDPS was generally satised with the level of security at the Central Unit. The
inspection report itself was held condential.112
5.8. Accountability
The data owner or controller is in principle responsible for possible damage
caused by illegal or inaccurate data processing. This principle of liability is not
explicitly regulated by the Data Protection Convention of 1981 or by
Recommendation R (87). Although the latter Regulation uses the denition of
responsible body which refers to the controller of the le which has ultimate
responsibility for the le, the only consequence it attaches to this responsibility is
the duty to notify the supervisory body of the existence of a particular le.
The liability of the data owner is regulated by Article 23 of the EC Directive:
this entails an obligation for Member States to specify that any person who has
suered damage as a result of an unlawful processing operation, or any act incompatible with the national provisions adopted in accordance with the Directive, is
entitled to receive compensation from the controller for the damage suered.
According to Article 108 of CISA, the contracting states must appoint
national authorities which are responsible for the smooth operation of the
national section of SIS. This authority should take the necessary measures to
ensure compliance with the provisions of CISA. The liability of the Schengen
States for injuries caused by the use of SIS is provided for in Article 116 CISA.
According to this provision, each contracting state is liable for injury caused to
individuals by the use of national sections of SIS. This includes injury caused by
an issuing state which has entered factually inaccurate data or stored data unlawfully in NSIS. This provision is important because it enables individuals to forward their claims to every Schengen State, irrespective of whether this is the
issuing state or not. On the basis of Article 116 (2), if the state against which
the action has been brought is not the issuing state, the latter should reimburse
the sum paid by the former. This rule does not apply if the former state used the
information in SIS in breach of the provisions in this convention.
111
112
See the Annual Report of the EDPS on 2006, p. 38, http://www.edps.europa.eu. See further
below, section 7.2.1.
See for a critical review of this report: E. Guild, Unreadable Papers? The EUs rst experiences
with biometrics: Examining Eurodac and the EU Borders, in: J. Lodge (ed.), Are you who you
say you are? Liberty and security in the EU, Nijmegen: Wolf Legal Publishers 2007.
221
113
222
Chapter 7
223
any national provision based on the limitations must be interpreted in accordance with the right to private life in Article 8 of the ECHR.114
Article 52 (1) of the EU Charter includes a general limitation which also
applies to Article 8 on the right to data protection. According to this provision,
any limitation on the exercise of the rights and freedoms recognised by this
Charter must be provided for by law and respect the essence of those rights and
freedoms. Subject to the principle of proportionality, limitations may be made
only if they are necessary and genuinely meet objectives of general interest recognised by the Union or the need to protect the rights and freedoms of others.
Both the denition of this Article 52 and the explanation to Article 9 of the
Data Protection Convention referred to above make it clear that governments
cannot simply invoke the legitimacy of its purposes when restricting the rights to
data protection. These limitations are only lawful if governments can establish
that such limitations are necessary, proportional and genuine or that they are
eective for the purposes to be achieved. It should be noted that according to
Article 52 (3) of the EU Charter, in so far this Charter contains rights which
correspond with the rights protected in the ECHR, the meaning and the scope
of the rights in the Charter shall be the same as the rights of the ECHR. However,
Union law may provide more extensive protection.
According to Article 102 CISA, data entered in SIS may only be used for the
purposes laid down for each category of alert referred to in Articles 95100.
However, paragraph 3 of this provision allows deviation from this principle when
this is justied by the need to prevent an imminent serious threat to public policy
and public security, on serious grounds of national security or for the purposes of
preventing a serious criminal oence. Although this requires prior authorisation
from the state issuing the alert to be obtained for another purpose, the Convention
does not provide any prior, independent, supervisory control of the necessity of
this deviation from the purpose limitation principle.
Rechnungshof v. sterreichischer Rundfunk and Others, 20 May 2003, Joint Aairs C-465/00,
C-138/01 and C-139/01 para. 91.
224
Chapter 7
115
ETS No. 181, 8 November 2001. This Protocol entered into force on 1 July 2004. Of the 47
Member States of the Council of Europe only 16 States (of which 13 EU Member States) ratied
this Protocol, including France, Germany, and the Netherlands, http://conventions.coe.int
(consulted in June 2007).
225
116
226
Chapter 7
117
118
119
OJ L 316, 15.12.2000.
Draft of 10 May 2007, 9423/07.
OJ L 008, 12.01.2001.
227
120
121
122
123
124
Article 286 (2) TEC, which is the legal basis for this Regulation, also provided for the establishment of an independent supervisory body which should be responsible for monitoring the
application of data protection rules by the Community institutions and bodies.
Decision no. 1247/2002 of 1 July 2002, OJ L 183, 12.07.2002.
OJ L 183, 12.07.2002.
Decision of the European Parliament and of the Council of 22 December 2003 appointing the
independent supervisory body provided for in Article 286 of the EC Treaty (European Data
Protection Supervisor), OJ L 12/47, 17.01.2004.
According to the Annual Report on 2006 (p. 30), the EDPS dealt in 2006 with 52 complaint of
which only 10 were declared admissible: see http://www.edps.europa.eu.
228
Chapter 7
125
126
See the Annual Reports on 2004 (p. 24) and 2006 (p. 17), http://www.edps.europa.eu.
Policy Paper, The EDPS as an advisor to the Community institutions on proposals for legislation
and related documents, Brussels, 18 March 2005, p. 5.
229
measures which relates to the processing of personal data and the rights of individuals, including possible amendments to the EC Directive. According to
Article 30 of the Directive, the Working Party may make recommendations on
its own initiative and forward these to the Commission. On several occasions,
the Working Party has used this power and published critical reports on specic
but also more general developments within the EU.127 These recommendations
are not binding. The Commission should inform the Working Party on the
action it has taken in response to these opinions and recommendations, but it is
not obliged to implement them. The Working Party has no competence to consider individual complaints.
7.3. Schengen Joint Supervisory Authority
7.3.1. Tasks and Powers
The inclusion of a provision in the CISA on the establishment of a supranational
data protection authority was strongly advocated by the national data protection
authorities in existence at that time (Germany, France and Luxembourg). The
task and powers of the Joint Supervisory Authority (JSA) are regulated in Article
115 CISA. According to this provision, the JSA performs its controlling tasks in
accordance with the Data Protection Convention and Recommendation R (87)
on the use of police les. According to Article 115 CISA, the JSA is responsible
for more general tasks. These include the interpretation of the CISA rules and
the supervision on the operation and security of the CSIS. According to Article
115 (3), the JSA is also responsible for studying any problems that may occur
with the exercise of independent supervision by the national supervisory authorities of the contracting parties or in the exercise of the right to access to the
system. This could be interpreted to mean that the JSA also has the task of dealing with individual complaints with regard to national supervisory authorities,
or the exercise of an individuals right of access. However, to my knowledge, the
JSA has so far not dealt with any individual complaints.
The JSA, which consists of two representatives from each national supervisory
authority, is assigned the task of monitoring the technical support function of
SIS, in other words the CSIS located in Strasbourg. Furthermore, the JSA is also
127
For example, the Working Party twice published a critical letter on the transfer of passenger
data by European air line companies to the US, which had been authorised by the European
Commission, although this would be in breach of EC Directive 95/46. Furthermore, in August
2003 it published a memo on the use of biometric data.
230
Chapter 7
responsible for the examination of diculties arising from application or interpretation, which may arise during the operation of SIS, or with regard to the
exercise of the supervisory tasks of national authorities, or regarding the right of
access to the system. According to 115 (3), the JSA should draw up harmonised
proposals for joint solutions for existing problems.
7.3.2. Activities of the JSA
In the annual reports, the JSA often referred to the weaknesses of its own position.
In the rst place, the organisation regularly complained about the lack of nancial, human and technical resources required for the performance of its tasks. In its
reports, the JSA may only submit its analysis of the problems and make its recommendation to the authorities concerned. These recommendations are not binding,
nor has the JSA any enforcement powers. Initially, the JSA itself looked for ways
to strengthen its position, for example by contacting the media and publishing its
annual reports. For example, by way of illustration, the JSA sought publicity for
two incidents, both of which occurred in 1997. Firstly, the press was informed
about the problems the JSA encountered with the French authorities during its
inspection of the CSIS. Secondly, in a press release, the JSA expressed its concern
about the lack of security of SIS, when printouts of certain SIS data were found at
a Belgian railway station and, later, also at the house of an employee of the Belgian
Ministry of Justice.128 In 1996, the JSA issued a recommendation that the number
of super-users be reduced. These are users who have privileged access to CSIS and
who may not only have access to the information included in SIS, but also be
permitted to amend these data and to delete all traces of the activities performed.
In its fth annual report of 1999, the JSA noted that the number of these superusers had dropped.129 In 1997, the JSA requested the contracting parties to ensure
that information leaets (drafted by the JSA) were distributed at external borders,
more specically at airports. According to the fourth annual report (March 1999
February 2000) of the JSA, the number of requests from individuals for access to
SIS information would have had increased since the dissemination of information;
according to the JSA, this should be attributed to the success of the information
campaign. Between 1999 and 2000, the JSA asked the Article 36 Committee
(Coordinating committee of senior representatives of the governments under the
TEU) whether the list of authorised users could be submitted to the JSA.
128
129
231
The Article 36 Committee approved giving the JSA these lists after they were submitted to the JHA Council.130
In it its most recent years of activity, the JSA has not sought much publicity or
attention for its work. There is a long delay in publication of its latest annual
report and the information on its website is outdated. Illustrative of this lack of
publicity is the fact that the 2005 report of the JSA on the national implementation of Article 96 CISA was never ocially published by the JSA. The report has
only been accessible through the website of the Danish data protection authority
and the NGO Statewatch. This passive attitude might be explained by the fact
that the JSA was overshadowed by its communitarian counterparts, the Article
29 Working Party and the EDPS. Another reason for this lack of activity could
be the fact that, with the establishment of SIS II, the functioning of the JSA
would be taken over by the EDPS.
130
See fourth annual report JSA, March 1999February 2000, SCHAC 2533/1/00 REV 1 (Dutch
version), p. 14.
232
Chapter 7
131
132
133
134
233
In this case, the ECJ found that the disclosure of names by the public bodies
of the state implied interference with the right to private life as protected by
Article 8 ECHR. Concluding that the interference at stake was in accordance
with national law, the Court of Justice explicitly stated that it is the task of
national courts to ascertain whether this interference with the right of private life
meets the requirements of foreseeability and whether the interference is necessary to protect legitimate aims.135 With this wide interpretation, the ECJ did
not follow the opinion of the Advocate General Tizzano on this case. Tizzano not
only gave a narrow interpretation of the scope of Community law, but also
held that the safeguarding of human rights would not be an independent
objective of the Directive.
As we have seen above, Articles 10 and 11 of EC Directive 95/46 force the data
controller to inform the data subject of the existence of the right to access and to
rectify the data concerning him. This obligation, together with other data protection provisions on informed decision-making, the right to receive information
about the data processing and the rights of access, correction and deletion can be
seen as important tools for safeguarding the accessibility of remedies. Even if the
data protection law does not itself include a duty to inform the data subject of the
availability of (judicial) remedies, these information rights are important with
regard to the accessibility of remedies for the data subjects concerned.
8.3. Regulation 45/2001: EDPS
Article 32 of the Regulation contains provisions on the remedies which should
be available to data subjects whose rights under Article 286 of the EC Treaty
have been infringed. This includes the right of any person who has suered damage because of an unlawful processing operation or any action incompatible with
this Regulation to have the damage made good in accordance with Article 288 of
the Treaty. Furthermore, individuals may bring an action against decisions of the
European Data Protection Supervisor before the Court of Justice. The Court of
Justice also has jurisdiction to hear disputes which relate to the provisions of this
Regulation, including claims for damages.
8.4. SIS I: Article 111 CISA
Pressed by the national data protection authorities during the negotiations on the
draft text of the CISA (see above), the Schengen States inserted a provision in
the CISA on the right of access to courts or independent authorities with regard to
135
234
Chapter 7
the alerts held in SIS. This provision, included in Article 111, is based on Articles 8
and 10 of the Data Protection Convention. This Article 111 CISA reads:
1. Any person may, in the territory of each Contracting Party, bring before the
courts or the authority competent under national law an action to correct,
delete or obtain information or to obtain compensation in connection with
an alert involving them.
2. The Contracting Parties undertake mutually to enforce nal decisions taken
by the courts or authorities referred to in paragraph 1, without prejudice to
the provisions of Article 116.
Article 111 CISA provides for the right of a person, in the territory of each contracting party, to bring before the courts or the authority competent under national
law an action to correct, delete or obtain information or to obtain compensation
in connection with an alert involving him or her. The choice of authority that is
competent to assess the individual claim and the scope of the available remedies
has been left to the scrutiny of each Schengen State. Nevertheless, the explicit
reference to a right to legal remedies, with the possibility of compensation, has
been very important in the development of rights with regard to SIS. The meaning of this provision has been enhanced by Article 111 (2) of the CISA, according
to which the nal decisions of national courts should be enforced by the national
authorities of other contracting parties. This provision had to be inserted because
the use of SIS is based on the principle that only the contracting state issuing the
alert can modify, add to, correct or delete the data in SIS (Article 106 CISA).
Article 116 provides that each Schengen State is liable, in accordance with its
national legislation, for any injury caused to a person through the use of the national
data le of the Schengen Information System. This also applies to injury caused by
the Contracting Party issuing the alert, where the latter entered factually inaccurate
data or stored data unlawfully. Exceptionally, if the State against which an action is
brought is not the State issuing the alert, Article 116 (2) provides that the latter
shall be required, upon request, to reimburse the sums paid out as compensation
unless the data were used by the requested State in breach of the rules of the CISA.
Article 111 CISA gives each individual the right to seek access to a competent
court or authority, in every State which applies the CISA. Thus, the individual is
not obliged to address the court in the country of his nationality, nor in the country
where the person discovered use of his or her personal le from SIS. In one of the
earliest drafts, such a limitation was proposed by the Dutch government, according
to which the person could only submit his or her complaint about an SIS alert to
the competent judge or authority of the state which entered the alert in the SIS.136
136
235
Furthermore, Article 111 (2) obliges each contracting party mutually to enforce
the nal decisions of the national courts or authorities concerning SIS. This
implies, in my view, the power of national courts to consider the lawfulness of foreign SIS reports. Another interpretation of this provision would render
meaningless the rule inserted into Article 111 (2).137 I will come back to this point
in the Chapters on France, Germany and the Netherlands, and in Chapter 14.
8.5. SIS II Regulation 1987/2006
Article 30 of the Commission proposal for a SIS II Regulation included an
explicit right to judicial remedies, granting any person in the territory of any
Member State the right to bring an action or a complaint before the courts of
that Member State if refused the right of access to or rectication or erasure of
his data or the right to obtain information or reparation with regard to the
processing of his data.138 On the one hand, the Commission proposal included
an important addition to Article 111 CISA, granting a person the right to appeal
against a decision of a national authority to store his information into SIS.
According to Article 15 (3) of the draft Regulation, a third-country national
would have the right to a review by or an appeal to a judicial authority against a
decision to issue an alert taken by an administrative authority of a Member
State. On the other hand, the Commission proposal seemed to include a territorial limitation by granting only those in the territory of any Member states the
right to bring an action or complaint. In my view, the use of commas in Article
111 (1) of CISA makes clear that this provision does not include a territorial
limitation but implies that the individual has the right to forward its action in
any of the Member States.
A new proposal on SIS II was proposed by the Austrian Presidency in January
2006.139 In this new text, the explicit right to judicial remedies with regard to the
decision to issue an alert in Article 15 (3) from the Commission proposal was
deleted. The explicit duty to provide for a right to a judicial remedy if person is
refused access or rectication of his data, was changed into: any person may bring
before the courts or the authorities an action to correct or delete, or obtain
information or to obtain compensation . According to this proposal, access to
137
138
139
A similar conclusion can be drawn from the judgment of the ECJ, C-150/05, Van Straaten v.
the Netherlands, on the basis of which a Dutch lower court was considered competent to assess
the lawfulness of an Italian alert in the SIS. The alert was based on Article 95 CISA. See
section 7.6, Chapter 13.
COM (2005) 236, 31 May 2005, including a draft Regulation on the establishment, operation,
and use of second generation SIS (SISII).
5709/06, 27 January 2006.
236
Chapter 7
judicial courts would not be required, but also Member States would not be
obliged to provide for legal remedies if somebodys request for access or erasure is
refused.
In the nal text as adopted in Regulation 1987/2006 on SIS II, the EU legislator chose for almost exactly the same wordings as in Article 111 CISA, except for
the addition of an evaluation clause in Article 43 (3) according to which the
Commission should evaluate the rules on remedies before 17 January 2009.
Furthermore, the new text in the SIS II Regulation does not include the territorial limitation which was implied in the Commission proposal with the phrase
in the territory of the Member State.140 This means that, dierent from the
Commission proposal, access to remedies is not dependent on whether the person actually is within the territory one of the EU Member States. Especially
where it concerns the use of SIS II for the refusal of entry or a visa, it would have
been problematic if a third country national would not be able to remedy the
wrongful use or registration of his or her personal information if he or she would
be outside the EU territory.
Article 43 of the Regulation 1987/2006 reads:
1. Any person may bring an action before the courts or the authority competent
under the law of any Member State to access, correct, delete or obtain information or to obtain compensation in connection with an alert relating to him.
2. The Member States undertake mutually to enforce nal decisions handed
down by the courts or authorities referred to in paragraph 1, without prejudice
to the provisions of Article 48.
3. The rules on remedies provided for in this Article shall be evaluated by the
Commission by 17 January 2009.
Article 48 of the SIS II regulation includes a comparable provision on liability as
included in Article 116 CISA. It provides that each Member State shall be liable
in accordance with its national law for any damage caused to a person through
the use of NSIS II. This shall also apply to damage caused by the Member State
which issued the alert, where the latter entered factually inaccurate data or stored
data unlawfully. If the Member State against which an action is brought is not
the Member State issuing the alert, the latter shall be required to reimburse, on
request, the sums paid out as compensation unless the use of the data by the
Member State requesting reimbursement infringes this Regulation. Furthermore,
Article 48 (3) provides that if any failure of a Member State to comply with its
obligations under this Regulation causes damage to SIS II, that Member State
can be held liable for such damage, unless and insofar as the Management
140
This territorial limitation was deleted in the draft of 6 June 2006, 5709/6/06.
237
Authority or another Member State participating in SIS II failed to take reasonable steps to prevent the damage from occurring or to minimise its impact.
Finally, Article 49 of the SIS II Regulation provides that Member States must
ensure that any misuse of data entered in SIS II or any exchange of supplementary information contrary to this Regulation is subject to eective, proportionate
and dissuasive penalties in accordance with national law.
8.6. Eurodac
As in CISA, the Eurodac Regulation includes a two-fold mechanism of protection for individuals. On the one hand, individuals can seek protection from
supervisory national authorities on the basis of Article 18 (10), as discussed
above. On the other hand, Article 18 (11) and (12) of the Eurodac Regulation
gives the data subject the right to bring an action or a complaint before the competent authorities or courts of the State if his or her right of access, correction or
erasure is denied according to the laws, regulations and procedures of that State.
Finally, according to Article 68 of the EC Treaty, the Court of Justice is
competent to consider prejudicial questions from (nal) national courts on the
explanation of the Eurodac Regulation according to the procedure of
Article 234 EC.
8.7. VIS Proposal
Article 33 (1) of the Commission proposal for a VIS Regulation included the right
that in each Member State any person would have the right to bring an action or a
complaint before the competent courts of that Member State if he is refused the
right of access to or the right of correction or deletion of data relating to him.141
In the nal text for a VIS Regulation, based on a compromise between the European
Parliament and the Council, the provision on remedies has been changed.142 In the
rst place, as in Article 43 of the SIS II Regulation, the new provision allows
Member States to provide only for the right to bring action to non-judicial authorities. Secondly, in the new text, the right to remedies can only be invoked against
the authority or court of that Member State by which his right of access, correction, or
deletion has been refused. Other than Article 43 of the SIS II Regulation (and 111
CISA), the VIS Regulation does not provide that a person can invoke his right in
any Member State, regardless of which Member State refused his request.
141
142
238
Chapter 7
143
144
239
9. Conclusions
9.1. The Value of Data Protection
In this Chapter, I have tried to make it clear that data protection protects not
only privacy and that data protection principles such as purpose limitation, data
quality or security cannot solely be explained by the need to protect the right to
privacy.146 The need to observe central data protection principles can only be
understood by dening and eventually rethinking the dierent goals of data protection. By focussing on the real goals of data protection, one may prevent data
protection issues from being too easily brushed aside as minor or relatively
insignicant matters.
It could be argued that data protection law includes procedural norms, rather
than substantial criteria. For example, data protection laws force the authorities
responsible for data processors to report certain data les to the data protection
authorities, to dene in advance the purpose for which the data is collected or
used and to give individuals the opportunity to apply for the right to access,
correct or delete personal information. However, as we have seen above, these
procedural rules are closely tied to substantial criteria. For example, the principle
145
146
Compare to the text of Article 27 in the version of November 2006, which referred to: the
right of every person to a judicial remedy for any breach of the rights guaranteed to him by the
applicable national law pursuant to this Framework Decision to the processing in question.
13246/5/06, 22 November 2006.
See De Hert & Guthwirth (2003), p. 111 .
240
Chapter 7
241
147
148
242
Chapter 7
is applying the CISA. This improves the accessibility of legal remedies as the
individual may choose in which country he or she addresses the national court or
authority. This right to apply to the court or authority of any Member State is
repeated in Article 43 of the SIS II Regulation.
9.2.3. Scope
According to Article 22 of the EC Directive 95/46, individuals have a judicial
remedy for any breach of the rights guaranteed him by the national law
applicable to the processing in question. This means that the scope of judicial
review by the national courts includes every right following from this Directive
as implemented in the national law. This goes beyond the scope of the remedies
as dened in the Eurodac Regulation and the proposed VIS Regulation which
only oer a legal remedy with regard to a refusal of the right to access, correction,
or deletion of data.
As we have seen above, Article 111 CISA (and Article 43 of the SIS II
Regulation) provides for a right for an action to correct, delete, or obtain information or to obtain compensation in connection with an alert involving them. This
implies a much broader scope of remedies, including every use of the information
held in the SIS or SIS II causing harm to the applicant.
9.2.4. Competences
In the EC Directive 95/46, the powers of national courts include the power to
order nancial repair (Article 23 EC Directive) or to impose sanctions in case of
infringement of national provisions implementing data protection law (Article 24
EC Directive).
Article 116 CISA (and Article 48 of the SIS II Regulation) provides that each
Schengen State is liable in accordance with its national law for any injury caused
to a person through the use of the national data le of the Schengen Information
System. This also applies to injury caused by the Contracting Party issuing the
alert, where the latter entered factually inaccurate data or stored data unlawfully.
Only, if the State against which an action is brought is not the issuing State, the
latter must, in principle, reimburse the sums paid out as compensation.
National data protection authorities mainly have an advisory function.
Formally, these authorities are empowered with more coercive powers, including
the power to order the blocking, erasure or destruction of data, of imposing a
temporary or denitive ban on the data processing. However, in practice these
powers seem to be rarely used. With regard to SIS II, VIS and Eurodac, the powers of national data protection authorities are not very clearly dened and seem
to be limited to assist and advise the person concerned in exercising his or her
rights. An important provision in the draft VIS Regulation and SIS II Regulation
is the obligation for Member States to ensure that their national data protection
243
149
Article 25 Eurodac Regulation, Article 49 Regulation 1987/2006 on SIS II, and Article 36 of
the proposed VIS Regulation (version of June 2007).
Chapter 8
Eective Remedies in Immigration Procedures: ECHR
Even where an allegation of a threat to national security is made, the guarantee of
an eective remedy requires as a minimum that the competent independent appeals
authority must be informed of the reasons grounding the deportation decision,
even if such reasons are not publicly available. The authority must be competent to
reject the executives assertion that there is a threat to national security where it
nds it arbitrary or unreasonable.1
1. Introduction
In the last two Chapters, I have dealt with the availability of and criteria for
eective remedies in the eld of the right to privacy and data protection law. In
this Chapter and Chapter 9, I focus on the right to legal remedies in immigration
law procedures. It is clear that the use of SIS, as well as the use of Eurodac and
VIS, involve decisions in the eld of immigration law. The information stored in
these databases may lead to the refusal of admission or a visa, the detention of the
immigrant, or even his or her expulsion. Considering this use of databases for border and immigration control, the following sections will explore which criteria
apply to the remedies in immigration law procedures. Which human rights as
protected in the ECHR and the annexed protocols are relevant for the individual
at stake and when does this imply a right to a fair trial or eective remedies?
In the following sections, I will give only a brief overview of the case law of the
ECtHR with regard to the underlying subject. I will not examine substantial criteria which have been formulated by the ECtHR with regard to decisions on the
admission, expulsion or detention of third-country nationals. For a more elaborate
study of these matters, I refer to other publications.2
1
European Court of Human Rights, Al-Nashif v. Bulgaria, 20 June 2002, no. 50963/99, 137,
Jurisprudentie Vreemdelingenrecht 2002/239, annotation Elspeth Guild.
P. van Dijk, Protection of Integrated Aliens against Expulsion under the European Convention
on Human Rights, and C. Harvey, Promoting Insecurity: Public Order, Expulsion and the
European Convention on Human Rights, both published in: Guild & Minderhoud (2001),
p. 23 . and p. 41 .; N. Blake and R. Husain, Immigration, Asylum and Human Rights, Oxford/
246
Chapter 8
Article 6 (1) ECHR codies the basic principle according to which individuals
have the right of access to judicial remedies. The scope of this provision is limited
by the words in the determination of his civil rights or of any criminal charge
against him. Article 6 (2) and (3) include specic safeguards for criminal law
procedures, including for example the right to be informed promptly or to have
the free assistance of an interpreter. Although this was disputed until the mid
1980s, it is now clear from various judgments by the ECtHR that Article 6 (1)
applies to administrative procedures when the rights of the individual under civil
or criminal law are at stake.3
With regard to immigration law procedures, the ECtHR has so far been reluctant to apply the standards of Article 6 (1) ECHR. In the Maaouia case of 2000, by
a majority of fteen votes to two, the ECtHR explicitly concluded that Article 6
ECHR does not apply to immigration law decisions.4 This case concerned the
appeal of a Tunisian national in France, married to a French national, who was
sentenced in 1988 to six years imprisonment for armed robbery and assault. After
his imprisonment, the French authorities issued a deportation order against him.
The applicant was never informed of this deportation order. He was confronted
with this order for the rst time on 6 October 1992 when he attended the Nice
Centre for Administrative Formalities in order to regularise his status. When he
refused to travel to Tunisia he was prosecuted again, this time for failing to comply
with a deportation order. In November 1992, he was sentenced by the Nice
New York: Oxford University Press 2003; N. Blake, Developments in the Case Law of the
European Court of Human Rights in: B. Bogusz, R. Cholewinski et al. (eds.), Irregular
Immigration and Human Rights: Theoretical, European and International Perspectives, Leiden/
Boston: Martinus Nijho Publishers 2004, p. 431 .
See Benthem v. the Netherlands, 23 October 1985, no. 8848/80, Series A, 97 and Geoure de la
Pradelle v. France, 16 December 1992, no. 12964/87, Series A, 253.
Maaouia v. France, 5 October 2000, no. 39652/98, ECHR 2000-X, 40.
247
5
6
Nicholas Blake and Raza Husain, Immigration, Asylum and Human Rights (2003), p. 241248.
S.N. v. the Netherlands 4 May 1999, no. 38088/97, and J.E.D. v. the United Kingdom, 2 February
1999, no. 42225/98.
248
Chapter 8
249
his claim at a national level for compensation of his costs and the non-pecuniary
damage he suered based on the infringement of his right to private life.7
By recognising the claim for nancial compensation as a civil right within the
meaning of Article 6 (1) ECHR, the ECtHR concluded that the applicant should
have had access to a fair trial in accordance with the criteria of this human right.
The right to nancial compensation as a civil right within the meaning of
Article 6 (1) ECHR may also arise with regard to national decisions involving
immigration law. Individuals may suer (non-pecuniary) damage caused by
administrative measures or decisions, including detention or expulsion or the
refusal of to grant admission, a visa or a residence permit. This damage may
consist of physical or mental harm caused by expulsion or detention, travel costs
or loss of income when, for example, the purpose of travel was employment or
business-related. If the detention measures or expulsion measures are unlawful
or if the refusal of a visa is in breach of the right to family life protected by
Article 8 ECHR, a person should have the right to lodge a claim for nancial
compensation. As we will see in the Chapter on the Netherlands, in some judgments the Dutch courts granted nancial redress with regard to (wrongful)
decisions in the eld of immigration law.
The (indirect) application of Article 6 ECHR in immigration law procedures
can be illustrated by the Coorplan-Jenni and Hascic v. Austria judgment (2006), in
which the ECtHR applied Article 6 (1) with regard to the refusal of the Austrian
government to issue an employment permit to a national of Bosnia-Herzegovina.8
In this judgment, the ECtHR rejected the submission of the Austrian government, according to which the decision regarding the issue of an employment permit to a third-country national did not concern a civil right within the meaning
of Article 6 ECHR. For the conclusion of the ECtHR, it was relevant in this case
that both the foreign employee and his employer had applied for an employment
permit. The fact that only the refusal to issue the employment permit to the
employer made it impossible for the employee to obtain this job was grounds for
the ECtHR to conclude that the refuted decision by the Austrian government was
decisive for the civil rights of both the employer and the employee.
2.3. (Non-)Registration and the Right to Financial Compensation
The Rotaru judgment established that the registration of personal data may cause
nancial harm, and thus a civil right in the sense of Article 6 (1) ECHR, if the
registration infringes the right to private life as protected in Article 8 ECHR.
However, the (non-) registration of personal data may also result in a claim for
7
8
Rotaru v. Romania, no. 28341/95, 4 May 2000. See Chapter 6, section 6.4.2.
Coorplan-Jenni and Hascic v. Austria, 27 July 2006, no. 10523/02.
250
Chapter 8
a civil right even if the protection of Article 8 ECHR is not involved. This has
been illustrated in two cases dealt with by the ECtHR, where the applicants complained about the refusal of authorities to include them on a list or in a le. The
rst case, Chevrol v. France, concerned a French national who had qualied as a
doctor in Algeria and whose repeated applications to be registered as a member of
the Medical Association (Ordre des mdecins) were refused by the French
authorities.9 The ECtHR considered that the procedure launched by the applicant
in France was a dispute over a civil right. The fact that the applicant submitted
reasonable grounds to show that, according to French law, she should have
been aorded the right to be registered as a member of the Ordre des mdecins, was
sucient grounds for the ECtHR to consider Article 6 (1) applicable in this case.
In the second comparable case, Buzescu v. Romania, the ECtHR dealt with the
complaint of a Romanian lawyer against the annulment by the Romanian
authorities of his registration at the Constana Bar.10 The authorities also refused
to renew his registration at the Bucharest Bar, after he had stayed and worked for
several years in the United States. In its judgment, the ECtHR found a breach of
Article 6 (1) with regard to the proceedings applying to Mr. Buzescus claim for
registration at the Bucharest Bar ( 74). The ECtHR accepted that the annulment of the applicants registration at the Consanta Bar had led to a loss of clientele and thus to a loss of income. This loss of income was recognised as an
interference with his right to the peaceful enjoyment of his possessions and in
breach of Article 1 of the 1st Protocol to the ECHR on the protection of property ( 98). Applying Article 41 of the Convention, which includes the ability
for the ECtHR to aord just satisfaction to the injured party, the ECtHR
repeated its earlier conclusions that, for the acceptance of the applicants claim
for pecuniary loss, a clear causal connection between the damage claimed by the
applicant and the violation of the Convention should be established. In this case,
the ECtHR found that there had been an unjustied interference with the applicants possessions, owing to the disproportionate consequences of the invalidation
of his status as a lawyer by the Romanian authorities ( 106).
The reason I consider these latter judgments important is that they establish
the link between being registered (or not) in public les and the possibility for
individuals to exercise their rights. In these judgments, the ECtHR conrmed
the relation between a decision of the authorities to refuse a persons registration
9
10
Chevrol v. France, 13 February 2003, no. 49636/99 ECHR 2003-III. The applicant held, among
other things, that on the basis of a French Declaration on an agreement between Algeria and
France, her Algerian diplomas should have been recognised in France. The Conseil dtat refused
to judge the applicability of this regulation, relying on the declaration of the French Minister of
Foreign Aairs that it was not applicable.
Buzescu v. Romania, 24 May 2005, no. 61302/00 (unreported).
251
and the loss of income and nancial damage caused by this refusal. The judgments in the cases of Chevrol and Buzescu make clear that the fact of (non-)
registration may also involve a civil right, even if there is no breach of the right
to private life. According to the criterion of the ECtHR, cited in the aforementioned Buzescu v. Romania case, a clear causal connection must exist between
the damage claimed and the violation of the individuals right under the ECHR.
As we have seen above, the registration in the SIS for the purpose of non-admission
means that third-country nationals are not allowed to enter the EU territory.
This may include persons who were previously issued a long-term residence permit by one of the EU Member States. The consequence of registration in SIS
(or VIS or Eurodac) could therefore be that the person concerned is restricted
in the performance of his work, which results in the loss of income. If it can be
established that the SIS alert is unlawful or inaccurate or, for example, in breach
of the individuals right of freedom of movement on the basis of the EC Treaty
(see Chapter 9), this may give rise to a claim for nancial damage or loss of
income based on the registration in the SIS, under Article 6 (1) ECHR.
12
See, for a more extended review of the meaning of Article 5: Boeles (1997), p. 226 and
G. Cornelisse, Human Rights for Immigration Detainees in Strasbourg: Limited Sovereignty or a
Limited Discourse? in: European Journal of Migration and Law, Vol. 6, no. 2, 2004, p. 93110.
onka v. Belgium, 5 February 2002, no. 51564/99, ECHR 2001-I.
252
Chapter 8
concerned the arrest and detention of a group (rejected) Romany asylum seekers
by the Belgian authorities with the aim of expelling them.
13
14
15
16
Protocol no. 7 to the ECHR, 22 November 1984, ETS no. 117, eective 1 November 1988.
See Pieter Boeles, (1997), p. 286288.
The UK also did not sign this protocol. See http://conventions.coe.int. Status as of June 2007.
Lupsa v. Romania, 8 June 2006, no. 10337/04, Jurisprudentie Vreemdelingenrecht 2006/311,
annotation Rick Lawson. Kaya. v. Romania, 12 October 2006, no. 33970/05 (unreported).
253
authorities against a Yugoslavian national. Kaya v. Romania concerned the expulsion of a Turkish national from Romania on the basis of a decision by the
Romanian authorities to declare him inadmissible for 15 years. In this latter case,
the authorities justied the decision to declare the applicant inadmissible on the
basis of sucient and serious information that he was planning activities which
would endanger the national security. In both cases, the ECtHR found that the
expulsion constituted a breach of both Article 8 ECHR and Article 1 of the 7th
Protocol. With regard to the infringement of Article 1 of the 7th Protocol, the
ECtHR held that the legal basis for the expulsion did not meet the procedural
guarantees under that Article 1, since the law was not suciently accessible and
foreseeable (see further section 6.2 below).17
But even for those countries which did not ratify this Protocol, on could argue
that the rules included in Protocol no. 7 are not without relevance. Firstly, as
pointed out by Lawson in his annotation to the Lupsa judgment, the EU Member
States conrmed the applicability of the principles of the ECHR in the preamble
to Directive 2003/109 on the protection of long-term resident third- country
nationals.18 This would imply the principles which are included in the annexed
Protocols to the ECHR. Secondly, as we saw above, the ECtHR explicitly referred
in the Maaouia judgment to the 7th Protocol to justify the non-application of
Article 6 (1) ECHR. It does not make sense to restrict the application of Article 6
ECHR because the contracting parties already included necessary safeguards in the
Protocol no. 7, if these latter rules are not binding for the non-ratifying States.
17
18
254
Chapter 8
or when his expulsion or detention infringes one of the human rights protected
in the ECHR, the limited possibilities for challenging such a refusal may violate
the right to an eective remedy under Article 13 ECHR.19 With regard to immigration law decisions, Article 13 ECHR has been applied in conjunction with
Article 8 ECHR with regard to refusal of admission or an expulsion order in
breach of the applicants right to family life (Sen, ner); with Article 3 in expulsion cases (Al-Nashif, onka, Chahal ); with Article 4 of Protocol no. 4 on the
prohibition of collective expulsion (onka), and even regarding the freedom of
speech protected in Article 10 ECHR (Piermont).20 In the following sections,
I will focus on the jurisprudence of the ECtHR with regard to refusal of admission and with regard to expulsion or expulsion orders.
It is important that for the application of Article 13 ECHR, the ECtHR does
not nd it necessary to establish the violation of such a right either by national
courts or by the ECtHR. It is sucient for the applicant to have an arguable
claim that there has been a breach of one of the right or freedoms of the
Convention.21 Furthermore, the ECtHR emphasised in several judgments that
the right to eective remedies should be interpreted in a exible manner and
without excessive formalism.22 The ECtHR therefore accepted that, during the
national procedures, the claimant did not refer explicitly to his or her right under
the ECHR which was allegedly infringed. If the content of the claim covers this
breach of human rights, this is sucient according to the case law of the ECtHR.
5.2. Admission of Third-Country Nationals
The ECtHR has recognised, under certain circumstances, the positive obligation
of governments with regard to the admission of a person when this is considered
necessary for the protection of the applicants family life. The positive duty of a
government to give leave to enter to its national territory or to issue a residence
permit was acknowledged for the rst time in Abdulaziz, Cabales and Balkandali v.
the United Kingdom.23 Although, in this case, the ECtHR found no breach of
19
20
21
22
23
See also R. Cholewinski, No Right of Entry, in: Groenendijk, Guild & Minderhoud (2003),
p. 108109.
Piermont v. France, 27 April 1995, no. 15773-74/89, Series A, 314. The other judgments referred
to are dealt with below.
Silver and others v. the United Kingdom, 25 March 1983, no. 5947/72; 6205/73; 7052/75;
7061/75; 7107/75; 7113/75; 7136/75 Series A 61.
Cardot v. France, 19 March 1991, no. 11069/84, Series A, 200, 34, Castells v. Spain, 23 April
1992, no. 11798/85 Series A, 236, 27, Geoure de la Pradelle v. France, 16 December 1992,
no. Series A, 253-B, 26.
Abdulaziz, Cabales and Balkandali v. the United Kingdom, 28 May 1995, no. 9214/80; 9473/81;
9474/81 Series A 94.
255
Article 8 ECHR, it conrmed that the refusal to give spouses of legally resident
third-country nationals leave to enter or to remain in the UK could aect the
right to respect for family life under Article 8. The ECtHR rejected the governments view that Article 8 ECHR would not apply at all to immigration control,
by conrming the earlier statement by the Commission that the right of a foreigner
to enter or remain in a country is not guaranteed as such by the Convention, but
that immigration controls had to be exercised in accordance with the Convention
obligations and the exclusion of a person from a state where members of his family
were living might raise an issue under Article 8 ( 59).
In both Gl v. Switzerland and Ahmut v. the Netherlands, the ECtHR held that
a refusal to permit the applicants to remain in the country did not constitute
interference with the exercise of their right to respect for their family life.24
However, the ECtHR ruled that, based on the positive obligation of States to
respect the family life of the individual a fair balance has to be struck between
the competing interests of the individual and of the community as a whole.
Recognising a certain margin of appreciation for the State and balancing the
dierent interests at stake, the ECtHR found no violation of Article 8 ECHR in
the Gl and the Ahmut judgments.
The obligation of States, under certain circumstances, to admit relatives of settled
immigrants to their territory based on the right to family life protected in Article 8
ECHR, was cited in Sen v. the Netherlands.25 This case concerned the refusal by the
Dutch authorities to admit the daughter of Turkish parents who lived in the
Netherlands. The ECtHR ruled that, based on the positive obligations of Article 8
ECHR, the Dutch administration should have granted entry to a 13-year-old
daughter because of the major obstacles to her parents return to Turkey, their
country of origin. This decision on the positive implications of Article 8 ECHR
implies that third-country nationals applying abroad for a residence permit or a
visa for another State are entitled to a remedy against the denial of this request
when this denial is regarded as violating their right to family life.26 If, under certain
circumstances, the duty to respect the right to family life of Article 8 ECHR obliges
a State to admit a person to its territory, a refusal of admission (including refusal at
the border, of a visa or a long-term residence permit) should be considered a breach
24
25
26
Gl v. Switzerland, 19 February 1996, no. 22676/93 Reports 1996-I, 3238, Ahmut v. the
Netherlands, 28 November 1996, no. 21702/93 Reports 1996-V, 63.
Sen v. the Netherlands, 21 December 2001, no. 31465/96, Jurisprudentie Vreemdelingenrecht
2002/30 annotation S.K. van Walsum.
The ECtHR based its decision that the most appropriate place for exercising the right to family
life was in the Netherlands, in particular on the circumstances that her parents were settled in
the Netherlands and had been legally resident for years, and that two younger children had been
born in the Netherlands, the younger siblings attending school in the Netherlands.
256
Chapter 8
of the right under Article 8 ECHR. A procedure in which the individual seeks
remedy against this refusal therefore falls within the scope of Article 13 ECHR and
should meet the criteria developed under this right to eective remedies.
5.3. Expulsion and Expulsion Orders
In several cases, the ECtHR has dealt with the applicability of Article 13 ECHR
with regard to the expulsion of third-country nationals. In these judgments,
Article 13 was applied in combination with either Article 8 ECHR, where the
applicant claimed that the expulsion was in breach of his right to family life, or
Article 3 ECHR on the right not to be subjected to torture or inhuman or
degrading treatment or punishment. With regard to the right to family life, the
ECtHR allows Member States a certain margin of appreciation to consider
whether the expulsion infringes the rights of the third-country national in
question.27 However, as we will see in the sections below, with regard to claims
based on the protection of Article 3 ECHR, the ECtHR formulated more
stringent criteria with regard to the availability of eective remedies than in its
case law concerning the right to private or family life under Article 8 ECHR.
One of the earliest decisions on the expulsion of third-country nationals was
the case of Moustaquim v. Belgium.28 In this case, the ECtHR dealt with the
claim by a Moroccan national residing legally in Belgium that his expulsion by
the Belgian authorities infringed his right to family life. The applicability of
Article 13 ECHR was not raised during this trial, but the ECtHR found that the
deportation of Moustaquim was not necessary in a democratic society and therefore violated his right to respect for his private life under Article 8 ECHR. The
Al-Nashif v. Bulgaria judgment concerned the detention and deportation to Syria
of Mr. Al-Nashif, a stateless person of Palestinian origin, based on national security grounds.29 Aside from his complaint on the basis of Article 5 (4) ECHR with
regard to his detention, Al-Nashif and his children claimed that his expulsion
was in breach of his right to family life under Article 8 ECHR. In this judgment,
the ECtHR found that no eective remedy existed against this interference with
his right to family life and therefore that both Article 8 and Article 13 ECHR
were breached (see further below).
27
28
29
See M. Fasti, The restrictive approach taken by the European Court of Human Rights: deportation of long-term immigrants and right to family life (Parts 1 and 2), in: Tolleys Immigration,
Asylum and Nationality Law, Vol. 16, nos. 3 & 4, 2002.
Moustaquim v. Belgium, 18 February 1991, no. 12313/86, Series A, 193, 46. See also Nasri v.
France, 13 July 1995, no. 19465/92 Series A 320-B.
Al-Nashif v. Bulgaria, 20 June 2002, no. 50963/99, Jurisprudentie Vreemdelingenrecht 2002/239,
annotation E.Guild.
257
In its Vilvarajah judgment, the ECtHR applied Article 13 together with Article
3 ECHR. This case dealt with the expulsion of a Tamil family to India by the UK
authorities.30 The applicants claimed that their deportation to India violated their
right under Article 3 ECHR to be protected from inhuman and degrading
treatment. A comparable case was dealt with in the case of Chahal v. the United
Kingdom, concerning Indian asylum seekers (Sikhs) to be expelled to India on
national security grounds.31 In the Chahal judgment, the applicants invoked the
grounds that their lives were in danger in India and that the expulsion would be
in breach of Article 3 ECHR. Also, in Jabari v. Turkey, the ECtHR applied Article
13 together with Article 3 ECHR, to assess whether the judicial review proceedings which would have been available to the applicant in Turkey satised the
requirements of eective remedies.32 In this case, the applicant whose application
for asylum had been rejected claimed that her life would be at risk if she were
deported to Iran.
In several judgments, the ECtHR had to deal with an individual claim against
an expulsion order, where the applicant claimed that this order would infringe his
right to family life as protected in Article 8 ECHR. In the case of Boultif v.
Switzerland the ECtHR dened relevant criteria to use in order to assess whether
a residence ban or expulsion measure is necessary in a democratic society and
proportionate to the legitimate aim pursued.33 These criteria, repeated by the
ECtHR in ner v. the Netherlands,34 include:
the nature and seriousness of the oence committed by the applicant;
the length of the applicants stay in the country from which he or she is to be
expelled;
the time elapsed since the oence was committed and the applicants conduct
during that period;
the nationalities of the various persons concerned;
the applicants family situation, such as the length of the marriage, and other
factors expressing the eectiveness of a couples family life;
whether the spouse knew about the oence at the time when he or she entered
into a family relationship;
30
31
32
33
34
Vilvarajah and others v. the United Kingdom, 30 October 1991, no. 13163/87, Series A, 215,
117 to 127.
Chahal v. the United Kingdom, 15 November 1996, no. 22414/93, Reports 1996-V.
Jabari v. Turkey, 11 July 2000, no. 40035/98, ECHR 2000-VIII.
Boultif v. Switzerland, 2 August 2001, no. 54273/00, ECHR 2001-IX. This case concerned the
claim an Algerian national married to a Swiss national whose residence permit was not renewed
after a criminal conviction.
ner v. the Netherlands, 18 October 2006, no. 46410/99, 57, Jurisprudentie Vreemdelingenrecht
2006/417, annotation P. Boeles.
258
Chapter 8
whether there are children of the marriage, and if so, their age; and
the seriousness of the diculties which the spouse is likely to encounter in
the country to which the applicant is to be expelled.
As a national expulsion order is one of the grounds to report a third-country
national in the SIS, the criteria as dened by the ECtHR in Boultif and ner are
important tools to assess the legitimacy of these SIS reports as well.
35
36
Belilos v. Switzerland, 29 April 1988, no. 10328/83, Series A, 132 and Oberschlick v. Austria (I),
23 May 1991, no. 11661/85, Series A, 204.
See Al-Nashif 132.
259
see below, in those cases the independent authority must be able to deal with the
substance of the complaint and it should be able to grant the applicant appropriate relief.37 In the Chahal judgment, the ECtHR held that the question of whether
the national remedy is eective before an authority would depend on the powers
and guarantees granted to this authority.38 On the other hand, the ECtHR made it
clear that if judicial remedies are available, this does not mean that these remedies
should automatically be considered eective. Especially if there is a real risk of
treatment in breach of Article 3 ECHR, it must be established that the independent
authority or judicial court oers sucient eective protection.39
6.2. Accessibility of Eective Remedies
Article 6 (1) ECHR
Article 6 (1) provides that an individual should have access to a court within a
reasonable time.40 Article 6 (1) ECHR, when applied to civil law procedures, does
not compel the State to provide for the assistance of a lawyer or legal aid. Only
when this proves indispensable for eective access to court, for example in complex procedures, the ECtHR held that the availability of a legal representative is a
necessary requirement. According to the jurisprudence of the ECtHR, national
law should provide a clear and coherent system of legal protection to enable an
individual to make use of his right to have an eective remedy before a court. This
requirement of a clear, practical, and eective opportunity to challenge an administrative act was stressed by the ECtHR in the Geoure de la Pradelle case.41 With
regard to the accessibility of the trial, Article 6 (1) may sometimes compel the
State to provide for the assistance of a lawyer or legal aid when this proves indispensable for eective access to court. In the Airey judgment, the ECtHR found
that this might be the case, either because legal representation is rendered compulsory, as in the domestic law of certain Contracting States for various types of litigation, or by reason of the complexity of the case procedure.42 The availability of a
legal representative is however not a prerequisite. For example, in McVicar v. the
United Kingdom, the ECtHR considered that a procedure in which the applicant
had represented himself had been in accordance with Article 6 (1) provided
37
38
39
40
41
42
260
Chapter 8
national law allowed for this self-representation and provided the applicable law
was not too complex.43 It is important to note at this point that, when applying
Article 6 (1) criteria to civil law procedures, the ECtHR uses less strict criteria
than those dened for criminal law procedures. The aforementioned cases concerned civil law procedures. It seems reasonable that, when applying Article 6 (1)
to administrative law procedures, the ECtHR would dene more stringent criteria
with regard to the accessibility of procedures.
Article 5 (1) and 5 (4) ECHR
Article 5 (4) ECHR requires that national governments should provide access
to courts speedily or within specic time limits. Applying the criteria of
Articles 5 (1) f and 5 (4) ECHR, the ECtHR identied a number of factors in the
onka case which undoubtedly aected the accessibility of the remedy which the
Government claim was not exhausted.44 One of these factors was that the information on the available remedies handed to the applicants on their arrival at the
police station was printed in tiny characters. Furthermore, the text was written in
a language they did not understand and only one interpreter had been available to
a large number of Romany families. In its assessment of whether the deprivation
of liberty was in conformity with Article 5 ECHR, the ECtHR criticised the reliability of the communications sent to the applicants. According to the ECtHR this
information should be accurate irrespective of whether the recipients are lawfully
present in the country or not. Based on these considerations, the ECtHR concluded that the applicants had not had access to eective remedies. In Amuur v.
France, the ECtHR extended the scope of protection oered by Article 5 ECHR
to the transit zones of national airports.45 According to the conclusions of the
ECtHR in this judgment, States cannot argue that asylum seekers held in a transit
zone at an airport are at any time free to leave the territory and therefore not
deprived of their liberty. The ECtHR also refused to accept the argument that the
international zone where the asylum seekers were to remain could not be considered the territory of the contracting state. The legitimate concern of States to foil
the increasingly frequent attempts to circumvent immigration restrictions should
not, according to the ECtHR, deprive asylum seekers of the protection aorded
by the ECHR. With regard to the availability of remedies against prolonging the
detention, the opportunity of a speedy review should be available. Furthermore,
the legal basis for the detention should be suciently accessible and precise as to
avoid all risk of arbitrariness. In the case at stake, the text in French law would not
43
44
45
McVicar v. the United Kingdom, 7 May 2002, no. 46311/99, ECHR 2002-III.
onka v. Belgium, 5 February 2002, no. 51564/99, ECHR 2001-I 44.
Amuur v. France, 25 June 1996, no. 19776/92, Reports 1996-III, detention of asylum seekers at
Orly airport, see 4348.
261
allow national courts to review the conditions of detention and therefore the
ECtHR found a breach of Article 5 (1) ECHR.46
Article 1 (1) of Protocol No. 7, ECHR
With regard to the application of Article 1 (1) of Protocol no. 7, the ECtHR
considered in Lupsa v. Romania and Kaya v. Romania (see above), that the applicants were not given any eective chance to refute the expulsion decision before
a national court.47 The authorities failed to provide the applicants with the
slightest indication of the oence of which they were suspected and the public
prosecutors oce did not send the order issued against the applicants until the
day of the only hearing before the Court of Appeal. Furthermore, the ECtHR
observed that the Court of Appeal dismissed all requests for an adjournment,
thus preventing the applicants lawyer from studying the aforementioned order
and producing evidence in support of her application for judicial review of it.
Articles 13 and 8 ECHR
In the Al-Nashif case, the decision to deport the applicant was taken without
disclosing any reasons to the applicant, to his lawyer, or to any independent body
competent to examine the matter. This, according to the ECtHR, precluded the
applicant from having an eective opportunity to challenge the deportation or
refusal-of-residence order.48 In the Al-Nashif judgment, the ECtHR also applied
the criteria of Article 8 ECHR concerning whether the interference with this
right was suciently clear and foreseeable.49 This right included, according to
the ECtHR, the need for safeguards to ensure that the discretion left to the
authorities is in accordance with the law and without abuse. In the refuted case,
under Bulgarian law, the Ministry of the Interior was competent to issue
deportation orders interfering with human rights without following any form of
adversarial procedures, without giving any reasons and without any right of
appeal to an independent authority.50 Therefore, the ECtHR concluded that
there was a breach of Article 13 ECHR.
Accessibility of Right Under Article 34 ECHR
Article 34 ECHR provides individuals with the right to submit a request to the
ECtHR for an interim order if, during the national procedures, his or her rights
under this Convention are at risk of being violated by the refuted decision or
46
47
48
49
50
262
Chapter 8
51
52
53
54
Mamatkulov and Abdurasulovic v. Turkey (I), 6 February 2003, no. 46827/99 (unreported) 96.
Albert and Le Compte I and II, 10 February 1983, no. 7299/75 and 7496/76, Series A, 58.
Belilos, l.c., 7072.
Chevrol v. France, 13 February 2003, no. 49636/99 ECHR 2003-III, 8283.
263
55
56
57
58
59
See also Beaumartin v. France 24 November 1994, no. 15287/89, Series A, 296B.
Obermeier v. Austria, 28 June 1990, no. 11761/85, Series A, 179.
See Chahal 127.
Chahal 121122.
See Hatton and others v. the United Kingdom, 8 July 2003, no. 36022/97 ECHR 2003-VIII.
264
Chapter 8
with the requirements of Article 13. In the Vilvarajah case, mentioned above, the
applicants criticised the marginal role of the national courts in the UK.60 They
submitted that national courts did not ascertain whether the administration issuing the expulsion order (Secretary of State) was correct in assessing the risk to
which the applicants would be exposed when returned back to Sri Lanka. The
ECtHR, however, found that the national court had stressed its special responsibility to subject administrative decisions to the most anxious scrutiny in cases
where an applicants life of liberty would be at stake. Therefore, the ECtHR concluded that the powers of the national courts in this case provided an eective
degree of control over the decisions of the administrative authorities in asylum
cases and were sucient to satisfy the requirements of Article 13 ECHR.61
In the Al-Nashif case, the ECtHR emphasised that the right to an eective
remedy protected under Article 13 ECHR required that an individual be able to
challenge the executives assertion that national security is at stake.62 There should
be some form of adversarial proceedings, if necessary through a special representative after security clearance. The consideration of the ECtHR in the Al-Nashif
case is important, namely that governments may not, simply by invoking the
goals of national security, ignore the essential safeguards provided in the ECHR.
Even where an allegation of a threat to national security is made, the guarantee of
an eective remedy requires as a minimum that the competent independent
appeals authority be informed of the grounds for the deportation decision, even
if such reasons are not publicly available. National courts should be able to assess
the credibility of the governments assertion that the national security is at
stake. In other words, the authority must be competent to reject the executives
assertion that there is a threat to national security, where it nds this arbitrary or
unreasonable.
In Chapter 6, we saw that the ECtHR had held in the Leander and Klass judgments that, in these cases, a remedy that was as eective as can be would be sucient under circumstances where national security considerations did not permit
the divulging of certain sensitive information.63 In the Chahal judgment, the
ECtHR ruled that this criterion of as eective as can be would not be appropriate
in respect of a complaint that a persons deportation will expose him or her to a real
risk of treatment in breach of Article 3 ECHR: In such cases, given the irreversible
nature of the harm that might occur if the risk of ill-treatment materialised and the
60
61
62
63
Vilvarajah and others v. the United Kingdom, 30 October 1991, no. 13163/87, Series A, 215,
117 to 127.
Vilvarajah 125126.
Al-Nashif 137.
See the judgments in Klass and others v. Germany, 6 September 1978, no. 5029/71, Series A, 28,
69 and Leander, 26 March 1987, no. 9248/81, Series A, no. 116, 78.
265
64
65
66
Chahal, 150151.
Al-Nashif 137.
Salah Sheekh v. the Netherlands, 11 January 2007, no. 1948/04, 119127. See also Azdivar v.
Turkey, 16 September 1996, no. 21893/93, dealt with in Chapter 6, section 6.4.1.
266
Chapter 8
6.4. Competences
Article 6 (1) ECHR
In Hornsby v. Greece, the ECtHR made it very clear that, in order to meet the criteria
on the eectiveness of legal remedies, the execution of a judgment given by any court
must be regarded as an integral part of the trial for the purposes of Article 6 (1)
ECHR.67 Or, in other words, if national administrations could simply ignore the decisions of their national courts, the available procedures cannot be said to be eective.
The Hornsby case concerned a British couple applying for authorisation from the
Greek authorities to start a private school (frontistirions) in Rhodes. This authorisation
was refused on the grounds that only Greek nationals could be granted such permission. According to the applicants, their right to eective remedies had been violated
by the Greek authorities because they failed to comply with two positive (to the applicants case) judgments by the Greek Supreme Administrative Court.68 The ECtHR
criticised the fact that the Greek authorities did not consider themselves bound by the
decisions of the Supreme Administrative Court. In the words of the ECtHR, it would
be inconceivable that Article 6 (1) should describe in detail procedural guarantees
aorded to the litigants that are fair, public and expeditious, without protecting the
implementation of judicial decisions. In the view of the ECtHR, the protection of
Article 6 (1) ECHR should therefore not be limited to access to a court or the conduct of proceedings as this could lead to situations incompatible with the principle of
the rule of law.
Article 5 (1) and 5 (4) ECHR
The text of Article 5 (4) is clear, stating that the court should be able to order the
individuals release if the detention is not lawful.
Article 13 ECHR
In Iatridis v. the United Kingdom, the ECtHR ruled that the availability of eective
remedies as such is not enough.69 Using motivation comparable to the Hornsby case
with regard to Article 6 (1), the ECtHR held in this case that eective remedies
according to Article 13 ECHR can only be eective if the national authorities comply
with the judgments reached by the courts during the procedure. In the words of
67
68
69
267
the ECtHR, the remedy required by Article 13 must be eective in practice as well
as in law, in particular in the sense that its exercise must not be unjustiably hindered
by the acts or omissions of the authorities of the respondent State.
In the onka case, the ECtHR claried with regard to decisions on the expulsion of third-country nationals that, the notion of an eective remedy under
Article 13 requires that the remedy may prevent the execution of measures that
are contrary to the Convention and whose eects are potentially irreversible.70
Consequently, it would be inconsistent with Article 13 for such measures to be
executed before the national authorities have examined whether they are compatible with the Convention. The ECtHR stressed that the requirements of Article 13
should take the form of guarantees rather than a mere statement. It is important
to note that the ECtHR explicitly rejected the statement by the Belgian government in which the excessive workload of the Conseil dtat was presented as an
excuse for the failing system of legal remedies. It is the duty of a State to organise
its judicial system such that it is able to manage the available procedures.71
The need for courts to have the ability to suspend measures with irreversible
eects was also covered in Jabari v. Turkey.72 In this judgment on the decision of
the Turkish authorities to expel an Iranian woman to Iran, the ECtHR ruled that
the notion of an eective remedy under Article 13 requires independent and rigorous scrutiny of a claim that substantial grounds exist for the fear of a real risk
of treatment contrary to Article 3 ECHR. National courts should therefore have
the ability to suspend the implementation of the impugned measures. In this
conclusion, the ECtHR emphasised the importance of Article 3 ECHR and
the irreversible nature of the harm that might occur if the risk of torture or illtreatment alleged materialised. Along the same lines, as we have seen above, the
ECtHR held in Mamatkulov v. Turkey that Contracting States are obliged to
respect an interim measure of the ECtHR in order to avoid irreparable harm
and to abstain from any act or omission that might prejudice the integrity and
eectiveness of the ECtHRs nal judgment.73
onka v. Belgium, 5 February 2002, no. 51564/99, ECHR 2001-I, see 79.
onka 8384.
Jabari v. Turkey, 11 July 2000, no. 40035/98, ECHR 2000-VIII, 50.
Mamatkulov and Abdurasulovic v. Turkey (I), 6 February 2003, no. 46827/99.
268
Chapter 8
74
75
76
269
courts and alleged abuse of national procedures would allow for fewer procedural
guarantees, the ECtHR made it clear that these grounds are unacceptable.77 This
is also evident from the judgment in the Amuur case, where the ECtHR refused to
accept the concern of States to address increasingly frequent attempts to circumvent immigration restrictions as grounds for depriving asylum seekers of the protection aorded by the ECHR. In Ludescher v. Austria, the ECtHR was not
persuaded by the Governments explanation that the delay before the Administrative
Court was caused by a rise of applications between 1990 and 1995. According to
the ECtHR, it is for Contracting States to organise their legal systems in such a
way that their courts can guarantee the right of everyone to obtain a nal decision
on disputes relating to civil rights and obligations within a reasonable time.78
78
Compare to the Salesi judgment, 26 February 1993 Series A 257E, in which Italys claim with
regard to the nancial implications of the application of Article 6 was also rejected by the Court.
Ludescher v. Austria, 20 December 2001, no. 35019/97 23.
270
Chapter 8
ECHR applies, the judicial remedies are not considered an absolute requirement.
However, from the judgments at stake, one can conclude that the ECtHR applies
the same or comparable criteria when considering the eectiveness of the competent authorities. The question of whether the national procedure is in accordance with Article 13 ECHR depends on whether the competent authority has
sucient powers and guarantees to oer eective remedies. As we have seen, in
the judgments of Chahal and Al-Nashif, the ECtHR explicitly stated that the
requirement of a remedy which is as eective as can be is not appropriate in
respect of a complaint that a persons deportation will expose him or her to a real
risk of treatment in breach of Article 3.
The case law of the ECtHR also reveals that, for the purposes of the ECHR, the
dierentiation between judicial and non-judicial remedies is not always relevant.
From the above judgments, we learn that even if judicial remedies are available,
the ECtHR is not automatically satised that these remedies provide eective
protection for the individual. In each case, but especially if it concerns the protection under Article 3 ECHR in expulsion cases, it must be established that the
independent authority or judicial court oers sucient eective protection.
8.2. Accessibility
From the jurisprudence of the ECtHR, one can deduce the following requirements for the accessibility of remedies with regard to detention measures:
the legal basis of detention should be suciently accessible and precise (Amuur);
the detained person should have access to speedy review (Amuur);
the person should be given legible and understandable information about the
available remedies (onka);
the information provided should be accurate (onka);
the reasons for detention should be properly communicated to the detainee
(onka); and
the person should have access to an interpreter (onka).
With regard to deportation or expulsion, the ECtHR formulated the following
criteria:
the authorities should disclose the reasons for deportation(Al-Nashif );
the person should be given sucient time and the necessary facilities to prepare
his or her case (Mamatkulov).
8.3. Scope
In its jurisprudence based on both Article 13 and Article 6 (1) ECHR, the ECtHR
paid much attention to the scope of review of national courts. The ECtHR
emphasised that, in order to meet the requirements of eective remedies,
271
272
Chapter 8
In both Hornsby v. Greece, based on Article 6 (1), and Iatridis v. the United
Kingdom (Article 13), the ECtHR found that with regard to the question of
whether remedies are eective, it is necessary to establish that governments are
obliged to comply with the decisions of independent courts or authorities. This
requirement of binding (judicial) decisions can be considered an important criterion to be taken into account when assessing the eectiveness of remedies within
the framework of the use of the SIS or other EU databases. As far as I know, the
ECtHR did not deal with the need for compliance by national governments with
the judicial decisions of foreign courts.
8.5. Non-application of Article 6 (1) ECHR to Immigration Law Procedures:
Failure or No Loss?
It has been argued that, for the current law on eective remedies, the applicability
of Article 6 (1) ECHR on immigration procedures would not lead to greater procedural protection in immigration procedures.79 Based on Article 13 and other
provisions, the ECHR oers other mechanisms which provide for access to judicial courts in immigration cases. However, considering the criteria for a fair trial
given in Article 6 (1) and its further development by the ECtHR, Article 6 (1)
sometimes includes stricter rules than Article 13 ECHR, for example with regard
to the requirement of a judicial review and speedily access to courts of the claim
in question.
Other, more urgent reasons exist to explain why it could be desirable for the
ECtHR to reconsider its interpretation of Article 6 (1). For example, it is doubtful whether the classical arguments for the dierentiation between civil and
criminal law procedures on the one hand and immigration law procedures on
the other hand still apply. As we have seen above, the ECtHR has already rejected
the argument of force majeur as a reason why lesser procedural guarantees should
apply to immigration law procedures. Furthermore, the claim of state sovereignty
does not seem to be a strong argument to justify the non-application of Article 6
in this eld. Considering the legal Schengen framework and the legislative powers
based on Title IV TEC (see Chapter 9), it can no longer be said that immigration
policy is matter of state sovereignty only.80
Secondly, the current standards of immigration procedural law cannot be
regarded as a matter of course. As we will see in Part III, the acquired procedural
rights of immigrants can be withdrawn or limited whenever this is considered
79
80
Nicholas Blake and Raza Husain, Immigration, Asylum and Human Rights, Oxford/New York:
Oxford University Press, 2003, p. 241
M. Kuijer, annotation to the Maaouia judgment, NJCM Bulletin 2001, no. 6, p. 762779.
273
81
82
P. van Dijk and F. van Hoof, Theory and Practice of the European Convention on Human Rights,
Antwerpen/Oxford: Intersentia 2006, p. 538.
Goodwin v. the United Kingdom, 11 July 2002, no. 28957/95, 74 and 8485.
Chapter 9
Eective Remedies under EC Immigration Law
Even though the constitutional traditions of all Member States and the jurisprudence
of both the Strasbourg and Luxembourg courts underlines that the right to an eective remedy for all within the jurisdiction of Member States (which includes decisions
made in embassies and consulates) is an important legal and human right, it would
appear that the preference is to pay lip-service to important principles and cite relevant human rights instruments rather than to move towards the construction of a
modern legal framework guaranteeing the application of the rule of law in the enlarged
EU of the 21st century.1
1. Introduction
The Treaty of Maastricht of 1992 added a new objective of the Union to Article
2 of the EU Treaty (hereafter TEU): to maintain and develop the Union as an
area of freedom, security and justice, in which the free movement of persons is
assured in conjunction with appropriate measures with respect to external border
controls, asylum, immigration and the prevention and combating of crime.2
One of the central goals of this Area of Freedom, Security and Justice is to safeguard the legal protection of individuals.3 In the Tampere Conclusions of 1999,
including a ve-year programme for the Area of Freedom, Security and Justice,
the European Council stated that this freedom should not be regarded as the
exclusive preserve of the Unions own citizens. According to the heads of states, it
would be in contradiction with Europes traditions to deny such freedom to
those whose circumstances lead them justiably to seek access to our territory.4
The Tampere Conclusions further state that common policies on asylum and
immigration must be based on principles which are both clear to our own citizens
2
3
R. Cholewinski, The Need for Eective Legal Protection in Immigration Matters, EJML, 7,
2005, p. 237262.
Article 2 of the TEU, OJ C 325, 24.12 2002.
Communication of the Commission, Towards an Area of Freedom, Security and Justice, COM
(1998) 459, July 1998.
Recital 2 of the Tampere Conclusions.
276
Chapter 9
and also oer guarantees to those who seek protection in or access to the European
Union.5 With this phrase, the European Council explicitly recognised the obligation of the EU legislator to provide procedural guarantees not only for those
residing lawfully in the EU, but also for those applying for a residence permit or
visa in one of the EU Member States. What has been achieved since the Tampere
Conclusions with regard to the right of judicial protection in the dierent instruments adopted in the eld of immigration and asylum law?6 Do individuals have
a right to access to courts with regard to immigration law decisions, which applies
indiscriminately to third-country nationals residing in or seeking access to the
EU? Or it is fair to state, in the words of Cholewinski, that compared to EU citizens and their family members, third-country nationals are still subject to an
underdeveloped legal regime at the EU level?7
This Chapter describes to what extent the right to eective remedies is
embedded in EC immigration law. Does this right apply indiscriminately to
third-country nationals residing legally on the territory of one of the EU
Member Sates or seeking access to the EU, or is there dierentiation between
dierent categories of persons? To answer these questions, I will describe in the
following sections the relevant provisions of the dierent immigration law instruments adopted on the basis of Title IV TEC and compare these provisions with
the rules which apply to more privileged categories of persons, including EU citizens and their family members and Turkish migrant workers.8
7
8
the European Court of Justice (ECJ), it has been recognised that, in order to
enable EU citizens to enjoy their freedom of movement, this protection should
also apply to their family members who hold a third-country nationality.10 Based
on these rules and the criteria as developed by the ECJ, the power of Member
States to restrict the right of free movement and residence of EU citizens and
their family members is limited. One of the most important criteria as dened
by the ECJ is that Member States may, only in exceptional situations, invoke reasons of security, public order or health grounds to oppose the residence of EU
citizens and family members. According to established case law, their right to
enter the territory of another Member State, to stay there and to move within it
may only be refused when this person represents a genuine and suciently
serious threat aecting one of the fundamental interests of society.11 In the judgment MRAX v. Belgium, the ECJ ruled that a Member State may neither refuse
to issue a residence permit to a third-country national married to a national of a
Member State, who entered the territory of that Member State lawfully, nor issue
an order expelling him from the territory, solely on the grounds that his visa
expired before he applied for a residence permit.12
On 30 April 2006, Directive 64/221 was replaced by a new Directive 2004/38/
EC on the rights of citizens and their family members to move and reside freely
within the territory of the Member States.13 This Directive codies the principles
as formulated by the ECJ on the basis of the former Directive 64/221. It also
integrates the dierent existing instruments with regard to the protection of EU
citizens under community law.14 As in the former Directive 64/221, Directive
2004/38 also grants benecial rights to the spouse and family members of EU
citizens. In the new Directive, this also includes the partner with whom the EU
citizen has a durable relationship, duly attested (Article 3).
For our purposes, the relevant provisions of Directive 2004/38 are Articles 30
and 31. These provisions describe the procedural guarantees with regard to the
right to legal remedies against decisions concerning entry or the refusal to issue
or renew a residence permit, or to expulsion decisions. Compared to the rules in
Articles 8 and 9 of the former Directive 64/221, the new rules enhance the procedural rights of EU citizens and their family members. Among other things,
10
11
12
13
14
See the judgments of the ECJ in C-60/00, Carpenter, ECR [2002] I-6279 and C-459/99,
Mouvement contre le racisme, lantismitisme et la xnophobie ASBL (MRAX) v. Belgium, [2002]
ECR I-6591.
C-36/75, Rutili, [1975] ECR 1219, 28 and C-30/77, Bouchereau, [1977] ECR 1999, 35.
C-459/99 91.
Adopted on 29 April 2004. OJ L 229/35, 29.06.2004.
See also S. Carrera, What Does Free Movement Mean in Theory and Practice in an Enlarged EU?,
CEPS Working Document No. 208/October 2004, available at http://www.ceps.be.
278
Chapter 9
by Community law and the ability to invoke these rights before a court. The ECJ
concluded that in order to ensure the eectiveness of the substantive rights as
protected in Decision 1/80, it is essential to grant those workers and their family
members the same procedural guarantees as those granted by Community law to
nationals of Member States.17 This means that those workers should be granted
the same guarantees laid down in Articles 8 and 9 of Directive 64/221. On the
basis of the reasoning of the ECJ in these judgments, it is to be expected that the
ECJ will continue the same reasoning with regard to Directive 2004/38.
Therefore, Member States will have to apply the procedural guarantees included
in this Directive to Turkish migrant workers and their family members as well.18
The consequence of this was that the rights of workers from a country whose
accession to the EU is far from being accomplished were better protected than
those of nationals of other third countries, such as Bulgaria and Romania in the
years before their accession to the EU. The EU signed association agreements
with those countries as well, but in these treaties the principle of equality with
EU citizens was deliberately omitted. However, as we will see in Chapter 10, this
dierential treatment became less relevant following the Panayotova judgment of
2004 of the ECJ. In this judgment, which concerned the rights of Bulgarian
nationals under the Association Agreement between the EC and Bulgaria, the
ECJ applied its more general approach on eective remedies with regard to rights
as protected under Community law to the area of visa and residence rights.
2.3. The Relationship between the VIS and SIS and the Freedom of Movement
of EU Citizens and Family Members
2.3.1. Commission v. Austria
With regard to the availability of remedies against the refusal to issue a visa to
family members of EU citizens, in 2005 the Commission brought an interesting
claim against Austria before the ECJ.19 The Commission claimed that Austria
had failed to implement the provisions of Directive 64/221, considering that
Austrian law lacked certain procedural guarantees such as motivated decisionmaking or the right to appeal against the refusal. In the rst place, the Austrian
government failed to inform the visa applicant of the full and detailed reasons for
17
18
19
Drr-nal 67.
K. Groenendijk, Citizens and Third-country nationals: Dierential Treatment or Discrimination?,
in: J.Y. Carlier and E. Guild, The Future of Free Movement of Persons in the EU, Brussels: Bruylant
2006, p. 99. See also his annotation to the Drr-nal judgment, published in JV 3 August
2005, no. 276, p. 926.
Action brought on 13 May 2005, C-209/05, OJ C171/10, 9.07.2005. The case was removed
from the ECJ register on 29 June 2006.
280
Chapter 9
the visa refusal. Secondly, the government did not grant the visa applicant the
same legal protection against this visa refusal as aorded to its own citizens in
administrative law procedures. The reaction of the Commission is noteworthy,
with regard to the claim by Austria that the refusal of legal remedies did not
harm the interests of the applicant because submitting a new application is a
quicker means of reaching ones goal than pursuing a legal remedy against the
decision. The Commission explicitly disagreed with this argument, stating that
submitting a renewed application entails the risk that the objectively incorrect
decision may simply be repeated. The Commission withdrew this claim once
Austria fullled its obligations under EU law. However, it would have been interesting to see how the ECJ would have dealt with the underlying questions. It is
not clear whether the Commission was actually thinking about the future registration of (positive and negative) visa decisions in the EU database, VIS. However,
it is precisely this point, the risk that wrongful decisions will be simply repeated,
which emphasises the importance of eective legal protection against decisions
registered in SIS, VIS or Eurodac.
2.3.2. Commission v. Spain
In the important judgment Commission v. Spain to which I already referred in
Chapters 3 and 4, the ECJ dealt explicitly with decisions based on the SIS.20
In this judgment, the ECJ declared that Spain infringed the right of free movement
of family members of EU citizens by refusing to issue a visa and allow the entry of
two nationals of a third country who are family members of European Union citizens solely on the basis of a SIS alert. The ECJ observed that their visa and entry
had been refused solely on the grounds that they were persons for whom alerts
were entered in SIS for the purposes of refusal of entry. By failing to give adequate
reasons for refusing a visa or allowing entry and without rst verifying whether the
presence of those persons constituted a genuine, present and suciently serious
threat aecting one of the fundamental interests of society, Spain did not full its
obligations under Articles 1 to 3 and 6 of the Council Directive 64/221.
During this case, the Spanish government argued that there was no obligation
for the Member States to consult the reporting State to check whether the entry
is compatible with EC law. The Spanish government referred to the Declaration
of 18 April 1996, in which the Contracting States accepted the principle that the
names of persons covered by Community law may be entered and kept in the
SIS only if that entry is compatible with Community law.21 Therefore, according
to the Spanish government, the existence of such an entry may reasonably be
20
21
regarded as evidence of a genuine and serious threat. This view was not shared by
the ECJ. The ECJ conrmed that the inclusion of an entry in the SIS in respect
of a third-country national who is the spouse of a EU national does indeed constitute evidence that there is a reason to justify refusing him entry into the
Schengen Area. However, according to the ECJ, such evidence must be corroborated by information enabling a Member State which consults the SIS to establish, before refusing entry into the Schengen Area, that the presence of the person
concerned in that area constitutes a genuine, present and suciently serious
threat aecting one of the fundamental interests of society. The ECJ explicitly
referred to Article 94 of the CISA which expressly authorises the reason for the
alert to be stated.22
Even if the Schengen acquis is based on the principle of genuine cooperation, the ECJ ruled that each State consulting the SIS should give due consideration to the information provided by the State which issued the alert. This also
implies that the latter should make supplementary information available to the
consulting State to enable it to gauge, in the specic case, the gravity of the
threat that the person for whom an alert has been issued is likely to represent.
The ECJ pointed out that exactly for this purpose the Schengen States had established the network of national SIRENE oces. It is important that the ECJ
explicitly refers to this existence of SIRENE oces and the duty of States to consult each other by using the SIRENE network. In the words of the ECJ: The
network of SIRENE Bureaux was set up specically to provide information to
national authorities faced with diculties in enforcing an alert. According to
Paragraph 2.2.1 of the SIRENE Manual, the system put in place must enable
requests for information made by the other contracting parties to be answered as
soon as possible, and the response must be given within 12 hours.23
282
Chapter 9
25
26
27
28
States will rely on foreign expulsion decisions and their compatibility with
human rights standards.29
Interestingly, the legal procedure in the expelling state will have to deal with
the question of whether the criteria of Article 3 (1) apply: is the expulsion decision still in force and has it not been suspended? Furthermore, the national court
or authority involved will have to assess whether the national law of the issuing
state has been correctly applied. This means that the national court or authority
of the expelling state will have to rule on the legality of the decision of a court or
authority of the issuing state.
3.2. Directive 2001/55/EC on Minimum Standards for Temporary Protection
Council Directive 2001/55/EC of 20 July 2001 includes minimum standards for
providing temporary protection in the event of a mass inux of displaced persons.30
This Directive has its origins in the attempt by Member States to deal with
humanitarian crises outside the EU and with large numbers of persons seeking
asylum within the EU. By giving these persons temporary protection, Member
States tried to avoid overburdened refugee determination and asylum procedures.
The Directive seeks to harmonise the national programmes for temporary protection and to create a basis for nancial burden-sharing between Member States
with regard to the reception of these persons.31 On the basis of Article 29 of this
Directive, persons who have been excluded from the benet of temporary protection or family reunication by a Member State have the right to mount a
legal challenge in this Member State. The Directive does not include any further
rules or procedural guarantees for such remedies.
The Directive on temporary protection provides that persons enjoying temporary protection in a Member State must be able to apply for asylum any time in
that Member State (Article 17). The Directive does not include rules on the asylum procedure, nor on the availability of legal remedies against the refusal of
asylum, because the rules of the Directive on minimum standards for asylum
procedures will apply (see below section 3.7). Nor does the Directive include an
explicit right to legal remedies in the situation that a person is enforced to return
when his or her temporary protection has been ended. Article 22 (1) only provides that Member States must take the necessary measures to ensure that the
enforced return of persons whose temporary protection has ended and who are
not eligible for admission is conducted with due respect for human dignity.
29
30
31
See the legal analysis of Directive 2001/40 in Peers & Rogers (2006) p. 791.
OJ L 212, 7.8.2001. Implementation date for this Directive elapsed on 31 December 2002.
Whether this attempt has been successful is questionable: see Peers & Rogers (2006),
p. 453485.
284
Chapter 9
freedom of movement, EB) which aect asylum seekers individually may be the
subject of an appeal within the procedures laid down in the national law.
According to the same provision, the Member States must at least in the last
instance grant the asylum seeker the right of appeal or review before a judicial
body. This means that the Member States must provide for a right to apply for
review or appeal in last instance, but may also provide for more levels of remedies. According to Article 21 (2), the national legislator must also provide for
procedures for access to legal assistance.
3.4. Directive 2003/109/EC on Long-Term Resident Third-Country Nationals
In 2003, the Council adopted Directive 2003/109/EC concerning the status of thirdcountry nationals who are long-term residents.33 This Directive dierentiates between
expulsion decisions and decisions concerning applications for long-term residence
permits. Article 20 (2) of this Directive provides that, with regard to the refusal of
long-term resident status, the withdrawal of a status or the refusal to renew a residence permit, the person should have the right to mount a legal challenge in the
Member State concerned. It is unclear what precisely is meant by legal challenge. The Member States adopting this text apparently wanted to maintain the
option of procedures other than judicial redress. They rejected the earlier proposal
by the Commission, which included an explicit right of access to courts.34 A later
draft of the Council of 2002 referred to the right to apply to the administrative
bodies and courts of the Member States concerned.35 This option was then
replaced by the much vaguer denition of the right mount a legal challenge.
Only with regard to expulsion decisions, the Directive on long-term residents
explicitly requires the availability of judicial remedies. According to Article 12 (4)
of the Directive, Member States should ensure that, in cases where an expulsion
decision has been adopted, a judicial redress procedure is available to the longterm resident in the Member State concerned. With regard to expulsion decisions,
Article 12 (5) explicitly provides for a right to legal aid for long-term residents
lacking adequate resources on the same terms as nationals of the Member State in
which they reside. The importance of reinforced protection of long-term residents
against expulsion is also conrmed in recital 16 of the preamble to this Directive.
Referring to the decisions of the ECtHR, this recital urges Member States to
provide for eective legal redress in order to ensure this protection.
33
34
35
286
Chapter 9
37
38
OJ L 251/1218, 03.10.2003. The implementation deadline was 3 October 2005. The legality
of this Directive has been challenged by the European Parliament before the ECJ. See the judgment of the ECJ of 27 June 2006, in the case C-540/03, European Parliament v. the Council.
See further Chapter 10.
See Article 16 of the initial proposal by the Commission, COM (1999) 638 of 11 January
2000, OJ C 116 E/66, 26.4.2000 and Article 18 of the amended proposal COM (2002) 225,
Council doc. 10857/02, 9 August 2002.
See former draft of 9 August 2002, 10857/02.
39
40
C-540/03, 106.
OJ L 50/1, 25.02.2003.
288
Chapter 9
42
facts and points of law.43 Furthermore, the initial proposals included the obligation to grant, under certain circumstances, suspensive eect to the appeal proceedings.44 The LIBE Committee of the European Parliament proposed that legal
remedies against a refusal of asylum should always have the eect of allowing the
applicant to remain in the Member State pending its outcome.45 According to
the LIBE Committee, the suspensive eect of asylum appeals would be a critical
safeguard, since many refugees are only recognised during the appeal process and
an erroneous determination in the rst instance would have serious consequences.
The current text of Article 39 (2) leaves it to the discretionary power of Member
States to decide whether and in which situations the asylum seeker is allowed to
remain on the territory of the Member State, pending the outcome of his or her
asylum procedure. The only condition formulated in Article 39 (2) is that these
rules should be in accordance with their international obligations.
With regard to decision-making, Article 38 (2) of the Directive on asylum
procedures states that the decision to withdraw refugee status should include the
reasons for this refusal and information about how to challenge this decision.
The decision and the information referred to should be given in writing.
3.8. Refusals at the Border
3.8.1. Regulation 562/2006/EC on the Rules Governing the Movement of
Persons at Borders (Schengen Borders Code)
Regulation 562/2006/EC on the Community Code governing the movement of persons at the borders (Schengen Borders Code) replaces the Schengen Common
Manual on Border Control.46 The Schengen Borders Code was adopted by a
decision of the Council on 21 February 2006. It includes rules on the measures
and powers of authorities controlling the movement of persons at the external
borders of the EU. The adopted text is entirely based on the proposal which was
agreed upon in spring 2005 by the European Parliament (EP), the Commission
and the Council on the basis of the co-decision procedure of Article 251 TEC.
Close coordination between the three institutions or the tripartite agreement
which was reached during negotiations on the Schengen Borders Code, made
it possible to adopt the Regulation during its rst reading in the Council.47
43
44
45
46
47
See Article 38 of proposal COM (2000) 578 and Article 38 of proposal COM (2002) 326.
Article 33 of proposal COM (2000) 578 and Article 39 (3) and (4) of proposal COM (2002) 326.
See the Report A6-0222/2005 of 29 June 2005, amendment 45.
Regulation 562/2006 of 15 March 2006, OJ L 105/1, 13.4.2006. Eective as from 13 October
2006. Hungary voted against and Slovenia abstained.
See, for the Commission proposal: COM (2004) 391, 26.05.2004. The report as adopted by
the European Parliament concerns A6-0188/2005, 13 June 2005.
290
Chapter 9
During these negotiations in 2005, the rapporteur of the EP, Mr. Cashman,
dropped some of his initial amendments which would have improved the legal
status of persons across EU borders. On the other hand, other proposals by MEP
Cashman extending the rights of individuals were accepted by the Council and
the Commission.
The right to remedies against refusals at borders is included in Article 13 of
the Regulation 562/2006. On the basis of Article 13 (2), a third-country
national who is refused entry based on the criteria of this Directive may only be
refused entry by a substantiated decision, stating the precise reasons for the
refusal. This decision must be taken by an authority empowered by national law
and shall take eect immediately. The decision should be given using a standard
form, as set out in Annex V, Part B, to the Regulation (to be examined in the
next section). This standard form must be handed to the third-country national
concerned, who must acknowledge receipt of the decision to refuse entry by
means of that form.
According to Article 13 (3) of the Regulation, persons refused entry shall have
the right to appeal in accordance with national law. For this purpose, third-country nationals should be given a written indication of contact points able to
provide information on legal representatives competent to act on behalf of a
third-country national. Considering the reluctance of Member States to place
persons seeking entry at their external borders in a very strong position, this right
to appeal, proposed on behalf of the EP, is a very important achievement which
survived the negotiations between the three EU institutions. A proposal to
include, in the Schengen Borders Code, a right to obtain nancial compensation
has however been deleted from the nal text.48 This proposal included the right
to nancial compensation for possible damage suered as a result of ill-founded
refusals. The EP further proposed adding the ability for Member States to suspend the entry into force of a refusal of entry if they consider it appropriate to do
so. This proposal was also rejected. Article 13 (3) now even states that initiating
an appeal process shall not suspend the decision to refuse entry.
3.8.2. The Inclusion of a Standard Refusal Form
By a Council Decision of 2004, a standard refusal form was included in the former
Common Manual on Border Control.49 This decision has been incorporated into
part B of the Schengen Borders Code of 2006, mentioned above. As from 1 June
2004, border guards are obliged to issue a refusal form to third-country nationals
48
49
Draft report, provisional version 2004/0127 (COD), 15.3.2005. This included a right to nancial compensation in the case of a wrongful decision.
Council Decision 2004/574/EC, OJ L261/36, 6.8.2004.
refused entry at the borders. The decision on the standard refusal form is
important for two reasons. Firstly, the text of the standard refusal form explicitly
states that the third-country national may appeal against the refusal of entry as
provided for in national law Secondly, according to the refusal form, Member
States should substantiate the refusal decision and indicate references to national
legislation with regard to the available remedies. The refusal grounds are listed in
the standard refusal form from A to I. These grounds include, for example, the
lack of valid travel documents, visa or residence permits, the fact of carrying a
false or falsied visa or residence permits, public order and security grounds, as
well as registration in the European database, SIS, or a national database for the
purpose of refusal of entry. The limitative enumeration of refusal grounds makes
it clear to both the border authorities and the third-country national that a refusal
at the borders cannot be based on other grounds. This gives the person concerned a right to refute the reasons for refusal and subsequently to appeal against
this decision.
3.9. Proposal for a Directive on Returning Illegal Staying Third-Country Nationals
In September 2005, the European Commission published a proposal for a
Directive on returning illegally staying third-country nationals.50 Article 12 of this
proposal includes the right to an eective judicial remedy before a court or tribunal to appeal against or to seek review of a return decision and/or removal
order. According to this proposal, the remedy must either have suspensive eect
or include the right of the third-country national to apply for the suspension of
enforcement of the return decision or removal order. Furthermore, the proposal
includes the right to obtain legal advice, representation and, where necessary, linguistic assistance. In addition, the proposed Article 12 (3) provides that legal aid
shall be made available to those who lack sucient resources insofar as such aid
is necessary to ensure eective access to justice.
Taking into account the experiences with regard to the adoption of the other
instruments described above, the principles as included in this proposal will
probably be watered down during the negotiations in the Council legislation
process. The report on one of the rst discussions of the Council Working Party
dealing with this proposal supports this expectation.51 According to this report,
the Dutch delegation, supported by the delegations of Greece, Denmark, Italy
and Poland, has expressed the view that the Commission proposal grants thirdcountry nationals who are subject to return procedures excessive rights and
guarantees.
50
51
292
Chapter 9
3.10. Visas
3.10.1. Schengen Common Consular Instructions
The rules to be applied by EU consulates and embassies with regard to visa
applications have been laid down in the Schengen Common Consular Instructions
for diplomatic missions and consular posts of 14 December 1993.52 These instructions, as amended by a decision of the Executive Committee on 28 April 1999,
only became public when they were incorporated into the Schengen acquis. The
Instructions include procedural provisions with regard to the refusal of a visa
application at the consulates or embassies of the Schengen States. These provisions do not oblige Member States to provide for remedies against a visa refusal,
nor to motivate this decision. Exceptionally, if national law provides for the duty
to motivate a visa refusal, the Instructions require that this refusal refer to the
reasons for this refusal as listed in Article 15 in conjunction with 5 of the
Convention Implementing the Schengen Agreement (CISA).
In 2002, the EU Presidency forwarded a questionnaire to the Member States
in order to obtain information on the available visa procedures in the dierent
EU Member States, including the rules on notication, the grounds for visa
refusals and legal remedies.53 The object of this questionnaire was to establish
whether there was any need for harmonisation in this eld. The answers from the
Member States revealed many dierences in the applicable rules.54 According to
these answers, in some Member States a visa refusal should be in writing, in
other States not and in some Member States no reason is given at all. The answers
to the questionnaire further established that when a visa is refused on the basis of
a foreign SIS report based on Article 96 CISA, most of the Member States do not
inform the visa applicant as to which Member State reported this person to SIS.
With regard to the available remedies against visa refusals, two Member States
said they had no procedures at all for appealing against visa refusals.
3.10.2. Draft Community Code on Visas
In July 2006, the European Commission proposed a draft Regulation including a
Community Code on Visas which should replace the Schengen Common Consular
Instructions.55 Article 23 (3) of the draft proposal includes, for individuals whose
52
53
54
55
The Common Consular Instructions of 14 December 1993, amended and incorporated into
EU law, Council Decision 1999/435/EC, OJ L 176, 10.07.1999. See, for an amended version
OJ C 313, 16.12.2002 and OJ 2004 L 5/74.
See, for the answers, Council doc. 8929/02, VISA 69 COMIX 319 (21 May 2002).
R. Cholewinski (2005), p.258.
Draft proposal for a Regulation establishing a Community Code on Visas, COM (2006) 403,
19 July 2006.
visa has been refused, the right to appeal. The rules on this appeal are, however,
still within the competence of the Member States. Contrary to the Schengen
rules, Article 23 (2) of the proposal states that the decision of the visa refusal
should state the precise reasons for the refusal, given using the standard form set
forth in the Annex to the proposal. This form should also be used when a visa is
refused at the border. The draft further stipulates that the applicants must receive
written information about the contact points able to provide information on
representatives competent to act on behalf of the applicants in accordance with
national law. The draft Regulation does not oblige Member States to provide for
legal remedies against a decision rejecting a request to extend a visa or a decision
annulling or revoking a visa.
294
Chapter 9
we have seen above that Member States should oer the procedural guarantees of
Article 9 of the Directive. The ECJ made it clear in its case law based on Article
9 that the available legal remedies should at least include two important safeguards: the court or tribunal must be independent and the court or authority
should have full competence.56
The provisions of Articles 30 and 31 of Directive 2004/38 are, unlike Directive
64/221, not explicitly based on the principle of non-discrimination compared to
nationals of the host Member States concerned. However, it is doubtful whether
this implies that Member States are no longer obliged to provide the same legal
remedies as those available to their own nationals to those falling within the
scope of this Directive. Such a limited interpretation seems contrary to the
inclusion of the non-discrimination principle in preamble 20 of the Directive.
4.1.2. EC Asylum and Immigration Law
In the asylum and immigration law instruments adopted under Title IV TEC,
the EC legislator explicitly granted Member States the choice of providing nonjudicial remedies. For example, the Directive on long-term residents, the
Directive on family reunication and the Directive on temporary protection only
refer to the availability of a right to mount a legal challenge in the Member State
concerned. According to these texts, the implementation of the right to remedies is left to the scrutiny of the national legislator. Likewise, it is not clear
whether a person should have access to a judicial court. With regard to expulsion
decisions only, the Directive on long-term residents explicitly requires the person
to be expelled to have the right to judicial redress against this decision. In Chapter
10, I will argue that, despite these vague norms, the national legislators are bound
by other, more stringent rules.
4.2. Accessibility
4.2.1. Directive 2004/38/EC
Compared with the former Directive 64/221, Article 30 of Directive 2004/38
puts more emphasis on procedural guarantees improving the accessibility to legal
remedies. Article 6 of Directive 64/221 obliged Member States to inform the
person concerned about the reasons of public order, security or health underlying the refuted decision. According to Article 7, the refusal to issue or renew a
residence permit or the expulsion decision should be communicated to the
person concerned. This information should include the time limit within which
the person concerned should leave the country. In its jurisprudence, the ECJ did
56
See Boeles (1997), p. 383384. He refers to the judgments in Adoui and Cornuaille, C-115 and
116/81 [1982] ECR 1710, and Pecastaing, C-98/79 [1980] ECR 691.
57
58
C-115/81 and 116/81, Adoui and Cornuaille, [1982] ECR -1665, 13.
C-459/99 MRAX v. Belgian State [2002] ECR I-6591.
296
Chapter 9
decisions should include the reasons of rejection. As we have seen above, the
instruments adopted in the eld of asylum law also provide for informed decision-making, including the obligation to inform the person concerned of the
available remedies. Based on an amendment in 2004 to the Common Manual
applicable to border control, border ocials refusing a person entry at the border
are obliged to issue a standard refusal form which includes the obligation to
inform the person of the available remedies. The Schengen Borders Code of 2006
further requires that entry shall only be refused by a substantiated decision,
which should state the procedures for appeal.
4.3. Scope of Review
4.3.1. Directive 2004/38/EC
Article 31 (3) of Directive 2004/38 explicitly requires that the redress procedures
shall allow for an examination of the legality of the decision, as well as of the
facts and circumstances on which the proposed measure is based. The procedure
should further ensure that the decision is not disproportionate, particularly in
view of the requirements laid down in Article 28. This latter provision deals,
as we have seen above, with the decision to expel a person. This means that the
new Directive explicitly obliges Member States to provide for legal remedies in
which courts (or competent authorities) are able to examine the substance of the
case and to weigh the dierent interests at stake. With regard to EU citizens and
their family members, Article 28 (1) of the Directive obliges Member States to
take into account dierent considerations before reaching an expulsion decision.
This means that the new Directive explicitly obliges Member States to provide
for legal remedies in which courts (or competent authorities) are able to examine
the substance of the case and to weigh the dierent interests at stake with regard
to decisions regarding the expulsion of EU citizens and their family members.
These considerations include, for instance, how long the EU citizen has resided
in the other Member State, his or her age, state of health and his or her social and
cultural integration. The practical meaning of this provision very much depends
on how Member States will apply these criteria. In particular, the criterion of
social and cultural integration may lead to diverging policies in the individual
Member States.
As mentioned above, in its jurisprudence with regard to the Directive 64/221,
the ECJ made it clear that, in order to provide an eective remedy, the competent court or authority should be able to assess the substance of the refuted
decision by the national authorities. As far back as the Santillo case of 22 May
1980, dealing with the expulsion of an EU citizen by another Member State, the
ECJ held that a national court or authority should take into account the positive
developments and elimination of a real threat if, between the date of the decision
to expel and the date of judicial scrutiny of that decision, a long period has
elapsed.59 This requirement was repeated in the Orfanopoulos case of 2004 in
which the ECJ emphasised the necessity for substantial scrutiny by the courts
during the judicial procedure.60 In this judgment, the ECJ declared that the
intervention on the part of the competent authority mentioned in Article 9(1)
of the former Directive 64/221 must make it possible for an exhaustive examination to be made of all the facts and circumstances, including the expediency of
the measure in question, before the decision is denitively adopted. According to
the ECJ, a balance should be struck between the legitimate interests of the
authorities and the special legal position of the person concerned taking into
account the fundamental character of the free movement of persons. Furthermore,
the ECJ held that national procedures would infringe the procedural guarantees
of Directive 64/221, if the courts would not consider facts which occurred after
the last government decision to expel the person concerned.
In Radiom and Shingara, the ECJ dealt with decisions by the UK authorities by
which two EU citizens, Radiom and Shingara, were refused entry on the basis of
public order and public security grounds.61 The rst applicant held both Irish and
Iranian nationalities, the second was a French national. The ECJ held that decisions prohibiting EU citizens from one Member State entering another Member
State derogate from the fundamental principle of freedom of movement. Therefore,
such a decision could not be of unlimited duration. Furthermore, the ECJ
conrmed that a Community national should be entitled to apply, under Articles
8 and 9 of Directive 64/221, to have his or her situation re-examined if he considers that the circumstances justifying the denial of his entry into the country no
longer exist. The duty of national courts to assess the compatibility of national
measures with EC law was rearmed in the Olazabal case.62 This case concerned
the territorial ban aecting a Spanish worker in France, who was suspected of having ties with the Spanish group ETA and, for this reason, convicted in Bilbao. In
this judgment, the ECJ considered whether this territorial ban was in breach of
EC law laying down the principle of free movement of workers. According to the
Court, the measure must be appropriate to secure the achievement of the objective goals which it pursues and must not go beyond what is necessary. In this case,
the ECJ made clear that it is for the national courts to determine whether the
measures taken in this case do in fact relate to individual conduct which constitutes
59
60
61
62
C-131/79.
Judgment of 29 April 2004, C-482/01 and C-493/01, 75 and 82. See also the associated
cases 115/81 and 116/81, Adoui and Cornuaille, [1982] ECR 1665, para.15.
Judgment of 17 June 1997, C-65 and C-111/95, see 4044.
26 November 2002, C-100/01, 4344.
298
Chapter 9
a genuine and suciently serious threat to public order or public security, and
whether they comply with the principle of proportionality.
In conclusion, based on the jurisprudence of the ECJ regarding Directive
64/221 and according to the new Directive 2004/38, national courts have the
explicit task of assessing the lawfulness and proportionality of the measures or
decisions at stake. In particular, with regard to the protection of family members
of EU citizens residing in or seeking access to a EU Member State, the ECJ
developed important criteria for balancing the dierent interests at stake.
4.3.2. EC Asylum and Immigration Law
The instruments of asylum and migration law adopted under Title IV TEC do
not include an explicit obligation for national courts to assess the substance of
the refuted administrative decisions or to balance the interests at stake. However,
these instruments do include substantial criteria for the decision-making of
national authorities with regard to the issue, renewal or withdrawal of residence
permits and with regard to decisions to expel a third-country national. When a
person asserts his or her right of appeal against any of the decisions referred to
above, the competent court or authority should assess whether the decision is
taken in accordance with the criteria of the instruments in question. Furthermore,
national courts or authorities should observe the protection of human rights as
protected in the ECHR, discussed in Chapter 8.
In the judgment European Parliament v. the Council, concerning Directive
2003/86 on family reunication, the ECJ made it clear that Member States are
bound to observe the principles as recognised in the EU Charter, including the
right to family life as protected in Article 7.63 The ECJ referred in this judgment to the fact that, in the second recital of the preamble to this Directive,
the EC legislator itself acknowledged the importance of the Charter. In the
preambles both to the Directive on family reunication and to the Directive
on long-term residents, the Member States acknowledged the obligation to
respect fundamental rights as protected in the ECHR and the Charter of
Fundamental Rights of the EU when adopting measures on the basis of these
directives.
Article 3 (2) of the Directive on mutual recognition of expulsion decisions
provides for an explicit obligation to respect human rights and fundamental
freedoms. National courts should therefore consider whether measures taken on
the basis of these instruments interfere with the human rights of the person
concerned.
63
Case C-540/03, European Parliament v. the Council (not yet reported but see information in
OJ C 190/1, 12.08.2006), 38 and 58.
64
65
Drr-nal, 4857.
Drr-nal, 6768.
300
Chapter 9
66
See E. Guild, The Legal Framework: Who is Entitled to Move?, in Bigo & Guild (2005).
the right to a legal remedy in these dierent elds of law can no longer be
overlooked by the national legislators of the EU Member States. A second
achievement is the obligation of informed decision-making in the dierent
instruments discussed above. The Schengen Borders Code, as well as other EC
instruments of asylum and immigration law stipulate that national authorities
should inform the person concerned in writing, providing him or her with the
reasons for the decision. Some provisions even require that this decision should
inform the person of the remedies which are available and of the applicable time
limits within which the appeal has to be lodged.
In conclusion, the EC instruments on immigration and asylum law do not
provide explicit guarantees with regard to scope of the available remedies and the
competences of the courts or independent authorities involved. Procedural and
substantial guarantees for the remedies at stake seem to be left to the scrutiny of
the national legislator. In the following Chapter, I will consider how the lack of
specic safeguards in EC immigration and asylum law relates to the general
principles of EU law on the right to eective remedies.
Chapter 10
Eective Remedies in the EU: A Matter
of Basic Principles
Individuals are [] entitled to eective judicial protection of the rights they derive
from the Community legal order, and the right to such protection is one of the general principles of law stemming from the constitutional traditions common to the
Member States. That right has also been enshrined in Articles 6 and 13 of the
European Convention for the Protection of Human Rights and Fundamental
Freedoms.1
1. Introduction
In Chapters 6 to 9, I described the legal framework with regard to the availability
of and criteria for eective remedies in the eld of data protection and immigration law. In this Chapter I will argue, on the basis of three basic principles of EU
law, that the national legislators are generally obliged to include in their immigration law procedures eective remedies for third-country nationals when
implementing EU or EC law. I will try to convey how this obligation goes beyond
the often vague and open norms included in data protection law and the instruments based on Title IV TEC described in Chapter 9. Finally, in section 6, I will
formulate minimum criteria for eective remedies which, in my view, can be
derived from the law described in this and the previous Chapters of Part II.
C-50/00, Unin de Pequeos Agricultores, [2002] ECR I-6677, 39. See also P. Boeles, Fair and
Eective Immigration Procedures in Europe?, EJML 7, 2005, p. 213218.
304
Chapter 10
based on both the jurisprudence of the ECJ and the amended texts of the EU
Treaties, there can no longer be any doubt that the contemporary EU is based on
the rule of law and respect for human rights, as protected in the European
Convention on Human Rights (ECHR).2 The emphasis on human rights and
the rule of law in the judgments of the ECJ is generally seen as an answer to the
concerns of Member States with regard to the protection of human rights within
the legal order of the Communities.3 Safeguarding human rights and the rule of
law is considered a prerequisite for the legitimacy of the European Union and the
loyalty of its Member States towards this legal framework.
The rst judgment in which the ECJ explicitly established that the implementation of Community law should respect fundamental human rights was the
Stauder v. City of Ulm case in 1969.4 In this judgment, the ECJ made its famous
reference to the meaning of human rights principles for EU law: Interpreted
this way the provision at issue contains nothing capable of prejudicing the fundamental human rights enshrined in the general principles of Community law
and protected by the Court. One year later, the ECJ repeated this general principle in the Internationale Handelsgesellschaft judgment.5 In this judgment, the
ECJ explicitly referred to the constitutional traditions of the Member States as
the inspiration for the protection of these rights. In the Nold II case of 1974, the
ECJ went further by stating that, apart from the constitutional traditions of the
Member States, international treaties for the protection of human rights should
also be used as guidelines for the interpretation of Community law by the ECJ.6
With this judgment, the ECJ conrmed the applicability of the ECHR within
the legal framework of the Communities.
With the Treaty of Maastricht of 1992, the binding role of human rights as
protected in the ECHR and the importance of constitutional traditions in the
Member States for EU law were explicitly recognised in the EU Treaty.7 The new
Article F (2), the current Article 6 (2), of this Treaty stated that The Union shall
respect fundamental rights, as guaranteed by the European Convention for the
4
5
6
7
T.C. Hartley, The foundations of European Community Law, Oxford: Oxford University Press
2003 (fth edition).
See, for a detailed analysis of the relationship between the EU and human rights: R. Lawson, Het
EVRM en de Europese Gemeenschappen, Europese Monograen no. 61, The Hague: Kluwer
1999, and Ph. Alston (ed.), The EU and Human Rights, Oxford: Oxford University Press 1999.
Judgment of 12 November 1969, C-29/69, Stauder, [1969] ECR 419.
Judgment of 17 December 1970, C-11/70, Internationale Handelsgesellschaft, [1970] ECR 1146.
Judgment of 14 May 1974, C-4/73, Nold II, [1974] ECR 507.
OJ C 191, 29.7.1992.
305
8
9
10
11
12
13
306
Chapter 10
14
15
16
17
C-222/84 Johnston [1986] ECR 1651, 18. See also C-294/83, Les Verts v. European Parliament,
[1986] ECR 1339, 23.
Article 6 reads: Member States shall introduce into their national legal systems such measures
as are necessary to enable all persons who consider themselves wronged by failure to apply to
them the principle of equal treatment within the meaning of Articles 3, 4 and 5 to pursue their
claims by judicial process after possible recourse to other competent authorities.
Johnston, 17.
Johnston, 18.
307
the ECHR, including Articles 6 and 13, within the legal system of the EU and
its Member States.
In its Heylens judgment, the ECJ applied the principle of eective remedies
directly to the right to freedom of movement of workers.18 The Heylens case concerned the refusal of the French authorities to recognise the foreign diploma of a
Belgian football trainer, which prevented him from working for a French football
club. According to the ECJ, the existence of a remedy of a judicial nature against
any decision of a national authority refusing the benet of the right to free access
to employment is essential in order to secure for the individual eective protection for his right. Recalling its earlier conclusion in the Johnston case that this
requirement reects a general principle of Community law, the ECJ conrmed
that this would be a fundamental right which the Treaty conferred individually
on each migrant worker in the Community. In the Heylens judgment, the ECJ
also conrmed the obligation for national authorities to state the reasons for
national decisions aecting the fundamental rights of individuals conferred by
the EC Treaty.19 This latter requirement is repeated in later judgments.20
3.2. Applying the Johnston Principle to EC Immigration Law:
The Panayotova Case
In the Panayotova judgment of 16 November 2004, the ECJ made it clear that
the general principle of eective remedies in relation to Community rights also
applies to immigration law procedures. This case concerned the Dutch immigration law system in which the granting of a residence permit is made dependent
on a long-term visa to be obtained before the person concerned enters the Dutch
territory (known as the mvv-vereiste).21 The question arose of whether this
Dutch requirement could be invoked against the applicants, who were Bulgarian
nationals, enjoying special protection under the Association Agreement between
the EC and Bulgaria of 1994. The ECJ concluded that in principle the Association
Agreements (including the Agreements with Poland and Slovakia) did not preclude a system of prior control on the issue of a residence permit. However, this
would depend on whether the procedural rules governing the issuing of such a
temporary residence permit would not make the exercise of the rights conferred
by the Association Agreements impossible or excessively dicult. Referring to its
18
19
20
21
308
Chapter 10
earlier ruling in the Johnston case, the ECJ added the more general consideration
that, Community law requires eective judicial scrutiny of the decisions of
national authorities taken pursuant to the applicable provisions of Community
law.22 In this Panayotova judgment, the ECJ further stated that the scheme
applicable to such long-term visas must be based on a procedural system which
is easily accessible and capable of ensuring that the persons concerned will have
their applications dealt with objectively and within reasonable time, and refusals
to grant a permit must be capable of being challenged in judicial or quasi-judicial
proceedings.
It is important to stress that, in its earlier judgments in the Drr-nal and
Cetinkaya cases, described in Chapter 9, the ECJ derived the right to legal remedies from the principle of freedom of movement and the principle of equality.
On the basis of these principles, Member States are obliged to grant Turkish
migrant workers the same procedural guarantees as those granted to EU citizens
by the former Directive 64/221. The importance of the Panayotova case lies in
the fact that in this judgment the right to accessible and eective remedies is
directly based on the constitutional principles of EU law, including the rights of
the ECHR.23 The ECJ extended the scope of this general right to individuals
who claim to have rights under EC law.
3.3. Article 47 of the EU Charter
In 2000, the European Council adopted the EU Charter of Fundamental
Rights.24 This Charter provides, in Article 47, for a general right to eective judicial remedies, which incorporates the jurisprudence of the ECJ described above.
Article 47 states:
1. Everyone whose rights and freedoms guaranteed by the law of the Union are
violated has the right to an eective remedy before a tribunal in compliance
with the conditions laid down in this Article.
2. Everyone is entitled to a fair and public hearing within a reasonable time by
an independent and impartial tribunal previously established by law. Everyone
shall have the ability of being advised, defended and represented.
3. Legal aid shall be made available to those who lack sucient resources insofar
as such is necessary to ensure eective access to justice.
Article 47 is important because it combines the criteria of Article 6 and Article 13
ECHR. As we have seen in the previous Chapter, in the Maaouia judgment
22
23
24
Panayotova 27.
Compare 6465 of the Drr-nal judgment and 27 of the Panayotova case.
OJ C 310, 16.12.2004.
309
25
26
27
310
Chapter 10
the ECJ28, the Charter is quoted in judgments of the Court of First Instance
(CFI) and the ECJ.29 In the judgments of the CFI, this Court not only referred
to the earlier jurisprudence of the ECJ with regard to the right to eective remedy as a general principle of Community law, but also to Article 47 of the EU
Charter. In June 2005, the LIBE Committee of the European Parliament referred
to Article 47 of the EU Charter to support its proposal to include the suspensive
eect of the proceedings in the draft Directive on minimum standards in asylum
procedures.30
In its judgment European Parliament v. the Council dealing with the Family
Reunication Directive 2003/86, the ECJ ruled that Member States are bound
to observe the principles which are recognised in the EU Charter, including the
right to family life of Article 7.31 The ECJ explicitly referred to the second recital
of the preamble to the Family Reunication Directive, where the EC legislator
itself acknowledged the importance of the EU Charter of Fundamental Rights.
In this judgment, the ECJ also emphasised that the Charter is to be regarded as
the codication of general principles of EU law and the constitutional traditions
of the Member States.32
After lengthy debates to overcome the institutional impasse of the EU caused
by the outcome of the referenda in France and the Netherlands, the EU head of
states nally decided at their summit of June 2007 that the Constitutional Treaty
would be replaced by a Reform Treaty.33 This Treaty, to be adopted at the end
of 2007, will amend the current EC and EU Treaties. In its conclusions, the
European Council decided that Article 1 of the EU Treaty will contain a cross
reference to the Charter on Fundamental Rights giving it legal binding value and
setting out the scope of its application.
3.4. Relationship Between the General Principle and Secondary EC Legislation
The principle that the enjoyment of Community rights requires Member States to
provide for eective judicial scrutiny of decisions aecting those rights is important
for the assessment of the national implementation of the EC immigration and
asylum law. The mere availability of legal remedies will not be sucient to meet
28
29
30
31
32
33
311
the criteria set by the ECJ and included in Article 47 of the EU draft Constitution.
The general principle of and criteria for eective remedies will overrule the
provisions in specic EC instruments if these latter instruments oer less protection to the individual concerned. This was claried by the ECJ in the Siples judgment of 2001. This case concerned the interpretation of Article 243 of the
Community Customs Code (Regulation 2913/92).34 This provision conferred the
power to suspend implementation of contested decisions made by national customs authorities exclusively upon the national customs authorities; national courts
did not have the power to grant interim relief. The ECJ concluded that these
weaker provisions in the EC Customs Code should be interpreted in accordance
with the more general principle of legal protection. In its judgment, the ECJ
explicitly stated that the provision in the Community Code cannot limit the
right to eective judicial protection. According to the ECJ, a court asked to
decide on a dispute governed by Community law must be in a position to grant
interim relief in order to ensure the full eectiveness of the judgment to be passed
on the existence of the rights claimed under Community law.
At this point it also important to refer to the judgment in the case Kbler v.
Austria, in which the ECJ conrmed that Member States are obliged to make
good damage caused to individuals by infringements of Community law for which
they are responsible.35 According to the ECJ, this principle also applies where the
alleged infringement stems from a decision of a court adjudicating at last instance
where the rule of Community law infringed is intended to confer rights on individuals, the breach is suciently serious and there is a direct causal link between
that breach and the loss or damage sustained by the injured parties.36 In this judgment, the ECJ declared that it is up to the legal system of each Member State to
designate the court competent to determine disputes relating to that reparation.
34
35
36
312
Chapter 10
against whose decisions no judicial remedy is possible, should in this case, based
on Article 234 (2), always forward a preliminary request to the ECJ if such a
question is raised. Article 68 (1) TEC, which applies to the instruments adopted
under Title IV TEC, provides that a court against whose decision no judicial
remedy is possible is obliged to forward a preliminary question to the ECJ when
it considers this necessary for the judicial sentence in the case concerned.
This system of preliminary references guarantees a clear and coherent interpretation of Community law. On the one hand, this system requires the ECJ to
analyse the legal problems under Community law submitted by national courts
and to provide a generally applicable interpretation. On the other hand, it places
an obligation on national courts to ensure that when an issue of Community law
is at stake and needs to be claried, this issue is to be forwarded to the Community
Court. For national courts, this principle of eectiveness means a duty to ensure
full application and uniform interpretation of Community law and to eliminate
the unlawful consequences of a breach of Community law either directly or by
ensuring eective compensation for the damage resulting from it.37
The legal system as envisaged in Article 234 also implies the duty of Member
States to establish a system of legal remedies and procedures which ensures
respect for the right to eective judicial protection. In the judgment in Unin de
Pequeos Agricultores (25 July 2002), the ECJ explicitly ruled that the communitarian system of judicial review, in which national courts can or should refer a
preliminary question to the ECJ regarding the validity of acts of the institutions,
requires Member States to provide for legal remedies and procedures.38 Referring
to the provisions in Article 173 (now Article 230 TEC) and Article 184 (now
Article 241 EC) on the one hand, and Article 177 (now Article 234 TEC) on
the other hand, the ECJ reasoned that the Treaty has established a complete
system of legal remedies and procedures designed to ensure judicial review of
the legality of acts of the institutions and has entrusted such review to the
Community Courts. This obligation upon both national courts and authorities
to ensure that this system of legal remedies described by the ECJ works can also
be based on the principle of cooperation provided for in Article 10 TEC
(formerly Article 5).39 According to Article 10 TEC, Member States should take
all appropriate measures to ensure fullment of the obligations arising from the
Treaty or resulting from action taken by the institutions of the Community and
to facilitate the achievement of the Communitys tasks.
37
38
39
John Temple Lang, The Principle of Eective Protection of Community Law Rights, in: David
OKeee, Judicial Review in European Union Law, The Hague: Kluwer Law International 2000,
p. 235.
C-50/00, Unin de Pequeos Agricultores, [2002] ECR I-6677.
C-213/89, Factortame and Others, [1990] ECR I-2433, 19.
313
40
41
OJ L 326/13, 13.12.2005.
See, for example, C-195/98, sterreichischer Gewerkschaftbund, [2000] ECR I-10497, C-54/96,
Dorsch Consult, [1997] ECR I-4961, and C-407/98, Abrahamsson, [2000] ECR I-5539.
314
Chapter 10
The reference to court or tribunal in Article 234 TEC does not imply that
only judicial courts meet the aforementioned criteria. For example, in the case
of Jia v. Migrationsverket, the ECJ dealt with the preliminary request from
the Swedish immigration board, referring to this authority as referring court.42
In his opinion to this case, Advocate General Geelhoed explicitly armed the
competence to refer preliminary questions from the Swedish Utlnningsnmnden
on the basis of the consideration that this is an administrative body with quasijudicial powers, hearing appeals from decisions taken by the Swedish immigration board (Migrationsverket).43 On the other hand, in Commission v. Austria,
where the refuted decision by the Austrian authorities was only reviewed by an
independent advisory board of experts, the ECJ concluded that the criteria
of Article 234 were not met because this board lacked true decision-making
powers.44
In various judgments, the ECJ has held that national courts should be able to
suspend the refuted national measure when the legality of this measure is challenged through preliminary proceedings: The coherence of the system of interim
legal protection requires that national courts should also be able to order suspension of enforcement of a national administrative measure based on a Community
Regulation, the legality of which is contested.45
In my view, the above criteria for court or tribunals within the meaning
of Article 234 TEC must be applied with regard to the question of whether an
individual has access to eective remedies.
42
43
44
45
315
nationals registered in these databases and against whom decisions or measures are
taken on the basis of the stored information? To answer these questions, I recall the
dierent decisions at stake. For this purpose, I have made a distinction between
so-called data protection law decisions and immigration law decisions. Data protection law decisions deal with the collection, storage and processing of data, or the
refusal of the right of access, correction, or deletion. Immigration law decisions
include, on the one hand, immigration law decisions which result in reporting
a third-country national in a database, for example decisions to declare a person
inadmissible or expulsion decisions. On the other hand, they include decisions
based on these registrations such as the refusal of entry on the basis of a SIS alert.
As we have seen above, the applicable rules of data protection law and the EC
immigration and asylum law instruments provide rather open norms with
regard to the right to legal remedies, including the right to mount a legal challenge or the right to bring an action before court or authority. In this Chapter,
I tried to establish that such norms should not be considered an empty box,
but must be implemented in accordance with the general principles of EU law.
The rst of these principles is based on the incorporation of human rights and, in
particular, the ECHR within the legal framework of the EU. The standards
developed by the ECtHR on the right to eective legal remedies, which have
been incorporated in Article 47 of the draft Constitutional Treaty, apply to the
implementation of EC immigration and asylum law whenever human rights
are at stake. Secondly, we have seen that in its case law, the ECJ explicitly linked
the right to judicial protection to the principle that individuals should be able to
enforce their rights of Community law. To recall the conclusion of the ECJ in
the Panayotova case, Member States should therefore provide for eective
judicial scrutiny of the decisions of national authorities taken pursuant to the
applicable provisions of Community law. Thirdly, the ECJ associated the legal
system of the Community, including the system of preliminary references, with
the need for eective judicial procedures in order to enable both national courts
and the ECJ to guarantee a coherent and clear interpretation of Community law.
The criteria developed on the basis of these general principles go much further
than the rules adopted in the dierent instruments at stake. National legislators
should take these criteria into account, not the vague wordings in the Title IV
instruments, when implementing EC law or adopting new measures.
5.2. Criteria for Eective Remedies
5.2.1. Judicial or Non-Judicial Authority?
In its case law with regard to Article 8 ECHR, the right to private life, the ECtHR
ruled that judicial review aords the best guarantees of independence, impartiality
and a proper procedure. However, looking at the jurisprudence more generally,
the ECtHR has held that an independent countervailing mechanism other than
316
Chapter 10
5.2.2. Accessibility
The jurisprudence of both the ECtHR and the ECJ is clear with regard to the
criterion of the accessibility of legal remedies. If a national decision or measure
interferes or is at risk of interfering with the rights protected in the ECHR or in
the EU immigration and asylum law, the person concerned should be informed
of his or her rights to lodge an appeal. In the eld of data protection law, the general standard is that the data subject should be informed of the fact and purpose
of data processing and that he or she also has the right to apply for access, correction or deletion of his or her data. These rights, included in EC Directive 95/46,
may however be limited on dierent grounds. In addition, with regard to the
protection of the right to private life, included in Article 8 ECHR, the ECtHR
accepted that, under specic circumstances, persons must not be informed of
surveillance measures. Only once the use of secret surveillance measures is suspended should the authorities notify the person concerned, so as to enable him
to seek eective remedies before the courts. Considering the general principles of
EU law dealt with above, one could formulate the following four criteria:
a. written and informed decision-making including information on the reasons
for the decision, the authority which issued the decision and on the available
remedies and the time limits to be applied;
b. legal remedies should be available within a reasonable time;
c. fair and public hearing;
d. ability to be advised, defended and represented, including legal aid for those
who otherwise would have no sucient means of nding access to legal
remedies.
317
These criteria should be seen against the background of the important consideration
of the ECJ in the Panayotova case, according to which Member States must not
establish procedural thresholds impeding the accessibility of eective remedies.
5.2.3. Scope of Review
National courts or independent authorities should be able to make a substantial
review of both legal and factual issues. In data protection law, this concerns the
question of whether the administrative authorities acted in conformity with the
following principles: the purpose limitation principle; the applicable time limits;
the limitation of use and disclosure of information, etc. At rst sight, these principles do not seem to include substantial norms. However, they oblige the data
processing authority to satisfy these norms, for example, the purpose of data
processing, for how long the data will be processed and which authorities may
have access to the information. Based on these rules, which are to be dened in
advance, the national court or authority has a tool for assessing the lawfulness
and proportionality of the refuted measure.
When implementing immigration law, national decisions on expulsion, detention or refusal of entry should be in conformity with the obligations regarding
human rights in the ECHR and the right to eective remedies in EU law. With
regard to the scope of EC immigration law, the Title IV instruments described
above include specic rights for third-country nationals, for example, the right to
free movement in Directive 2004/38, or the Directives on long-term residents
and family reunication. Both EU law and the human rights protected in the
ECHR give national courts substantial criteria for assessing the lawfulness of
administrative decisions. In both EU law and with regard to the human rights in
the ECHR, the principle of proportionality plays an important role.46 To summarise,
this principle of a substantial review requires that the competent court or other
national body should be able to:
a.
b.
c.
d.
5.2.4. Competences
Eective remedies include the power of the courts to prevent execution of measures
that are contrary to the ECHR. Therefore, national courts or tribunals should
46
Compare the proportionality test as used in the Berrehab judgment of the ECtHR, (appl. no.
10730/84) and in Commission v. Spain by the ECJ (C-503/03).
318
Chapter 10
third-country
national with long
term residence
third-country
national migrant
workers within
scope of
association
agreements
third-country
national family
members of EU
citizens
EU citizens
Jurisprudence ECJ:
Johnston, Heylens,
Olazabal, RadiomShingara Carpenter,
MRAX, Panayotova,
Drr-nal
Article 30 and 31
Directive. 2004/38
Sources
right to mount a
legal challenge
against decisions of
refusal long term
residence status,
renewal, or
withdrawal
judicial- quasi
judicial
Judicial/
non judicial
remedies
with regard to
expulsion decisions
motivated decision
specifying possible
redress procedures
and time limit for
taking action
compliance with
criteria Directive
2003/109
no suspensive
eect against
decision of refusal,
refusal to renew
or withdrawal
of residence
permit
suspensive eect of
remedies against
expulsion decisions
proportionality
and necessity
of decision,
particularly in
view of expulsion
decisions
interim order
to suspend
enforcement
decision
Competences of
court or tribunal
legality of decision,
facts and
circumstances
decision is based
Scope of review
written notication
of any decision
restricting rights of
entry or residence
Accessibility of
remedies
Criteria for eective remedies in immigration and data protection law procedures
Annex to Part II
right of appeal or
review only if
provided for in
national law,
eective remedy
before a court or
tribunal
Article 19
Regulation
343/2003
(Dublin II)
Article 39 Directive
minimum
standards on
asylum procedure
2005/85
asylum seekers
right to mount a
legal challenge
against rejection of
application for
family reunication
informed decision,
if necessary
translation,
information how
to challenge
decision
motivated decision
written decision
including reasons
of rejection
judicial redress
procedure against
decisions of
expulsion
Article 18 Directive
2003/86
Accessibility of
remedies
Judicial/
non judicial
remedies
third-country
national with a
right to family
reunication
Sources
compliance with
criteria Directive
343/2003
compliance with
criteria Directive
2003/86
Scope of review
suspensive eect of
appeal under certain
circumstances
no provision on
suspensive eect
suspensive eect of
remedy against
expulsion order
Competences of
court or tribunal
320
Chapter 10
Article 13
Regulation
562/2006
(Schengen
Borders Code)
Article 4 Directive
2001/40 on mutual
recognition of
expulsion decisions
third-country
national at the
borders
third-country
national to be
expelled based
on decision of
another EU
Member State
Sources
right to appeal
Judicial/
non judicial
remedies
no provision
standard refusal
form including
reasons for decision
and available
remedies
Accessibility of
remedies
Scope of review
no suspensive eect
no suspensive eect
of appeal against
refusal at the
border
Competences of
court or tribunal
rights and
freedoms
guaranteed by
EU law
Dierentiation by rights
Jurisprudence ECJ:
Les Verts v. European
Parliament Kbler,
Siples Srl.
Article 47 EU
Charter, Article
234 TEC
Sources
independent and
impartial tribunal,
permanent
institution
Judicial/
non judicial
remedies
ability of being
advised, defended
and represented
within reasonable
time
Accessibility of
remedies
Community EU
law rights,
fundamental
human rights,
legality acts of
institutions
Scope of review
order governments
to make good
damage caused by
infringements of
Community law
for which they
are responsible
appropriate
sanctions and
remedies for
violations of
domestic data
protection law
grant interim
relief in order to
ensure full
eectiveness of
judgment
Competences of
court or tribunal
322
Chapter 10
data protection
rights
Jurisprudence ECJ:
sterreichischer
Rundfunk case
Article 22 EC
Directive 95/46
Article 8 EU
Charter on
Fundamental
Rights
Article 8 Data
Protection
Convention 1981
Sources
emphasis on
independence
judicial remedies,
national data
protection
authorities, and
supranational
data protection
authority (EDPS)
control by an
independent
authority
remedies according
to national law,
independent
supervisory
mechanism
Judicial/
non judicial
remedies
accountability data
owner for unlawful
data processing
courts have to
ascertain whether
interference meets
requirement of
foreseeability and
necessary to protect
legitimate aims
compliance with
rules of Article 8
of the Charter
right to be
informed
right of access to
personal data
purpose
specication data
processing, rights
of access to data
legitimacy of
registration
procedural
guarantees
Scope of review
principle of
transparency and
purpose
specication
Accessibility of
remedies
data protection
authorities: order
blocking, erasure or
destruction data,
temporary ban
ensure compliance
with rules of
Article 8 Charter
Competences of
court or tribunal
right to private
life, including
protection of
personal
infomation and
protection of
family life
Abdulaziz, Ahmut,
Sen,
Jurisprudence
ECtHR: Klass,
Gaskin, Leander,
Huvig- Kruslin
Articles 8, 13, 6
ECHR
Sources
non judicial
remedies accepted
if sucient
safeguard against
abuse or
independent
controlling
mechanism by
which conicting
interests at stake
could be balanced
independent and
impartial tribunal
(judicial court)
judicial control
aords best
guarantees of
independence,
impartiality and a
proper procedure
Judicial/
non judicial
remedies
notication of
secret surveillance
measures once these
measures have been
suspended access
within reasonable
time access to legal
aid and assistance
of a lawyer if
indispensable for
eective access to
court
general criteria of
quality of law:
foreseeability and
clarity with regard
to scope and
manner of exercise
of competences
and powers of
authorities
Accessibility of
remedies
balance of dierent
interests at stake
necessity and
proportionality of
measures at stake
Scope of review
compensation of
non-pecuniary
damages and costs
adequate and
eective remedies
appropriate relief
Competences of
court or tribunal
324
Chapter 10
Articles 3, 13
ECHR
right of
protection
against
refoulement
and torture
Jurisprudence
ECtHR:
Chahal. Al-Nashif
Vilvarajah
Article 5 (1)
and (4) ECHR
Jurisprudence
ECtHR:
onka
Chahal
Jurisprudence
ECtHR: Rotaru,
Buzescu, Chevrol
Article 6 (1)
ECHR
procedural rights
detainees
civil rights
Sources
independent
authority
access to courts
Judicial/
non judicial
remedies
speedily access
clear written
information on
available remedies
in language
understandable
to applicants
disclosure of
reasons
Accessibility of
remedies
substance of
Convention rights,
assessing risk at
stake, credibility
of governmental
motive of national
security
lawfulness of
detention
protection against
arbitrariness of
detention
Scope of review
power to prevent
execution of
measures causing
irreparable harm
powers to order
interim orders or
suspensive measures
power to order
release if detention
is unlawful
nancial repair
Competences of
court or tribunal
Part III
Implementation at the National Level
Chapter 11
France
Il ne faut pas ignorer non plus que ce chage informatique de grande ampleur a aussi
valeur de test lgard de tous pas seulement des trangers car ce que lon teste sur
les plus vulnrables, on peut aussi penser ltendre par la suite dautres. Nen doutons pas : lavenir dun certain fonctionnement dmocratique europen dpend des
rponses que lon apportera en terme dexercice des droits et des recours accords aux
personnes, trangres ou non, dans le cadre de ces grands systmes informatiques.1
1. Introduction
As we have seen above, the Saarbrcken Agreement of 13 July 1984 on the
abolition of internal border controls between Germany and France formed the
basis for the Schengen treaties of 1985 and 1990. This Saarbrcken Agreement
was an initiative of German Chancellor Kohl and French President Mitterrand.
As result, right from the start France was in the centre of the political negotiations leading to the Convention on the Implementation of the Schengen
Agreement (CISA). Initially, French politicians and public ocials were not
really aware of the practical implications of the Schengen cooperation. It was
only during the negotiations leading to the CISA that the French administration
and, in particular, Minister of the Interior Pasqua, who became Minister in
March 1986, expressed their reservations with regard to freedom of movement
and the lifting of internal border controls. Many of these reservations concerned
the consequences of Schengen for French immigration policy. French policymakers also criticised the potentially negative eects of lifting internal border
controls with regard to the more liberal Dutch approach on soft drugs. Other
reservations expressed by France concerned the right of hot pursuit of suspected
criminals by other Schengen States on French territory, as provided for in Article
40 CISA. The reluctance of French politicians to begin implementation of
Schengen can also be illustrated by the fact that, although the CISA ocially
entered into force on 26 March 1995, following a French request, there was a
1
S. Preuss-Laussinotte, Les chiers et les trangers au cur des nouvelles politiques de scurit, Paris:
Librairie gnrale de droit et de jurisprudence, E.J.A. 2000, p. 153.
330
Chapter 11
probationary period of three months. After this period, France extended this for
several additional six-month periods, in order to be able to maintain internal
border controls with Belgium on the basis of Article 2.2 CISA.2
French political motives also played a crucial role with regard to the
development and use of the NSIS. During the negotiations, the French government questioned the public order criteria, with regard to denition of persons to
be registered in the NSIS on public order grounds (Articles 99 and 96). The
French government was concerned about the fact that French ocials would be
obliged to take measures against persons who, according to French criteria, were
not considered a danger to national security (for example, the Palestinian leader
Arafat). This problem was solved by the French proposal to insert the option of
adding a ag to SIS records. This ag would indicate to the national authorities
that, during the rst 24 hours of storage, the SIS alert is not to be implemented
on the territory of the agging state. Other examples of Frances strong position
in the negotiations are the nal inclusion of data protection principles in the
CISA, the choice of headquarters for CSIS (which is in Strasbourg) and the
choice of the IT company that was commissioned to develop the NSIS.3
Despite Frances concerns and the inclusion of French goals into the Schengen
treaties, the CISA and the establishment of the NSIS has led to important amendments to French law and policy. After 1986, the French legislator had to amend
its visa rules and was forced to delete some countries from the list of countries
whose nationals needed a visa to enter France and, at an early stage, the French
immigration rules were amended in order to implement the Schengen rules.
As we will see in the following sections, France has much jurisprudence with
regard to the use of the NSIS in immigration and visa law cases. This jurisprudence gives us a valuable insight into the main legal issues and practical problems
with regard to the use of the NSIS in French immigration policy.
2
3
See, on the reintroduction of border controls after 1995: Groenendijk (2004), p. 150170.
As we saw in Chapter 3, the order to develop SIS was nally given to a consortium of the AngloFrench SEMA group, the French rm Bull and the German company Siemens-Nixdorf.
The text of the Schengen Agreement was published in the Journal Ociel (hereafter JO)
5 August 1986. French ocial documents and jurisprudence can be obtained from http://www
.legifrance.gouv.fr and http://www.ladocumentationfrancaise.fr.
France
331
before this Agreement was signed seemed to be accepted by the members of the
Assemble Nationale on the basis of the reasoning that this Treaty would only
aect internal decision-making and not involve the adoption of formal laws.5
To the French Senate, the government justied this secrecy by referring to the
diplomatic character of the negotiations on the Schengen Agreement.6
However, the lack of information with regard to the negotiations on the CISA
between 1985 and 1990 received critical reactions. In 1988, Julien Dray,
a member of the Assemble Nationale, questioned the government about the
intergovernmental negotiations on the harmonisation of European immigration
and asylum law. He focussed on which criteria would apply to establishing which
country would be responsible for examining an asylum application.7 Answering
his question, the government informed the French parliament that, in order to
harmonise the policy on the movement of persons and to establish compensatory
measures for lifting internal border controls, the Schengen governments were
still discussing the measures requiring regulation in an international treaty. In
1989, members of the Assemble Nationale complained that the government had
failed to inform the parliament of the planned signature of the CISA. The only
available information came from the press, foreign parliaments and NGOs.
During the discussions, one member of the French parliament stated that, in
order to be informed of the content of this second Schengen treaty, it was necessary to read the Dutch newspapers because the Dutch government informed its
parliament on a regular basis.8 It was only after the Schengen states had signed
the CISA that the Senate established, on 26 June 1991, a special control committee for examining the implementation and operation of the CISA. In its
report of 11 December 1991, this committee was critical of the secrecy
surrounding the Schengen negotiations.9 The report referred to a Dutch spokesman according to whom the French government apparently urged the Dutch
government not to disclose information to its parliament during the Schengen
negotiations because this would run the risk of constituting a precedent and
could be used as a basis for identical demands from the French parliament.10
5
6
7
8
10
Puisque ses dispositions touchent seulement au domaine de rglement et non celui du loi. Report
of a meeting of the Commission on Foreign Aairs of the Assemble Nationale, 25 May 1989,
Assemble Nationale, Bulletin des Commissions, 10, p. 863. Parliamentary documents are to
nd at http://recherche.assemblee-nationale.fr.
Snat, Bulletin des Commissions, 11 December 1989, p. 1049.
Question of 24 October 1988, Assemble Nationale, 27 February 1989, no. 4406.
Assemble Nationale, 29 June 1989, p. 2613. See also Assemble Nationale, 30 June 1989 and
12 December 1989, p. 6399 and 6401.
Snat, Report no. 167 of the Senate by Xavier de Villepin (rapporteur) and P. Masson (president
of the Senate), 19911992 (I have used the English translation which was produced by the
French Senate).
Snat, Report no. 167, 19911992, p. 8.
332
Chapter 11
During the discussions on the act to approve the CISA, the French parliament
was especially concerned about the transfer of sovereignty with regard to the
French powers of border and immigration control. On the basis of Article 61 of
the French Constitution 1958, the French parliament forwarded the ratication
act of the CISA to the French Constitutional Council (Conseil Constitutionnel ).
This Council is a body which examines the compatibility of proposed laws with
the French Constitution.11 In their request, the members of parliament rst questioned whether the decision-making powers of the Schengen Executive
Committee, as provided in the CISA, would not mean a transfer of sovereign
powers which would interfere with the Constitution. The constitutional appeal
also concerned the non-applicability of the CISA to the overseas territories of
France (DOM-TOM countries) and the fact that this would result in dierent
treatment being given to French nationals living in France and those living in the
overseas countries. In its decision of 25 July 1991, the Constitutional Council
dismissed the parliamentary arguments, deciding that the content of the CISA
did not entail any transfer of powers.12 In its opinion, the crossing of internal
borders without controls on persons, was not the same as the lifting or changing
of borders which would legally limit the powers of a national state. The
Constitutional Council therefore concluded that the CISA was not in breach of
the French Constitution.
Members of the French parliament further criticised the proliferation of
bureaucratic bodies within the Schengen central negotiating group and the
absence of consultation with national parliaments. They also expressed their fear
of an increasing number of asylum seekers coming to France, caused by the
constitutional protection of the right to apply for asylum in Germany.
France was the rst Schengen state to ratify the CISA, on 30 July 1991.13 The
text of this Convention was published only ve days before the Treaty entered
into force.14 After the ratication and the implementation of the CISA, the French
11
12
13
14
In France, the Constitutional Council can be requested by a group of interested persons, the
parliament or other institutions, to give its opinion on the constitutionality of a legal proposal,
if they claim that the proposed law is (partly) in breach of the constitution. This scrutiny takes
place before the law enters into force.
Decision no. 91294, JO 27 July 1991.
Loi 91737, 30 July 1991, JO 1 August 1991.
Dcret 95304 du 21 mars 1995 portant publication de la convention dapplication de lAccord
de Schengen du 14 juin 1985 entre les gouvernements des Etats de lUnion conomique
Benelux, de la Rpublique fdrale dAllemagne et de la Rpublique franaise relatif la suppression graduelle des contrles aux frontires communes, signe Schengen le 19 juin 1990,
JO no. 69, 22 March 1995.
France
333
16
17
18
19
20
334
Chapter 11
22
23
24
France
335
25
26
27
28
29
30
336
Chapter 11
In reply to this question, the French Minister of European Aairs gave a general
description of the state of aairs and the reasons for the development of SIS II.
In January 2006, the committee dealing with legal issues within French
Snat adopted a resolution on the development of SIS II.31 In this resolution, the
government was asked rstly not to agree to the proposal of the European
Commission to transfer primary responsibility for the practical operation of SIS
II from the French government to the European Commission. Secondly, the
committee opposed the proposed harmonisation of the criteria for recording
third-country nationals in SIS II and asked its government to insist upon maintaining the current criteria. The parliamentary committee was also concerned
about the possibility that national security agencies would no longer have access
to the data about inadmissible third-country nationals in SIS II during their
checks within the national territory. Furthermore, the authors of this report were
concerned that the Commission proposal would aect the eciency of the use of
SIS II in the ght against irregular immigration because 40% of identity checks
involving irregular immigrants would take place within the territory of France,
not at the borders.
In its report of April 2006, the Assemble Nationale repeated most of the points
expressed by the Senate.32 Stressing the general need for the development of SIS
II and the extension of its functionalities, the French parliament advocated maintaining the primary responsibility of France for the operation of the central part
of SIS II, not amending the criteria on inadmissible third-country nationals and
ensuring access by internal security authorities to data on third-country nationals.
With regard to the issue of data protection, this report by the French parliament
only referred to the conclusions formulated by the Article 29 Working Party and
the Joint Supervisory Authority of Schengen in their comments on the development of SIS II. The French government was asked to take into account these
conclusions to ensure an appropriate balance between the right to privacy and
the protection of the public order.
32
Rapport no. 174 (20052006) de M. Richard Yung, for the parliamentary law committee
(commission des lois), 25 January 2006 http://www.senat.fr/rap/l05174/l05174.html.
Rapport dInformation, 12 April 2006, Document E 2897, 2898, 2899.
France
337
Act of 1945 for the implementation of the CISA.33 This amendment included
the penalisation of carriers transporting third-country nationals without a valid
visa or residence permit and the expulsion of third-country nationals refused
entry on the basis of the criteria in Article 5 of the CISA. This amendment also
included the provision from (the former) Article 26 bis of the Immigration Act,
which empowered French administrative authorities to expel third-country
nationals to the borders on the basis of an Article 96 report in the NSIS (reconduite la frontire, this is now Article L. 5231, see the following section).
Measures for control and identication are regulated by a formal law of 10
August 1993.34
Based on a governmental decision of 6 August 1993, the Minister of the
Interior was authorised to start creating the national section of the Schengen
Information System.35 The general purpose and use of the French NSIS were laid
down in a ministerial decree (Ministry of the Interior) of 6 May 1995.36 A decree
of 23 March 1995 provided for the legal basis for the installation of the national
SIS database at the French Ministry of the Interior and for the establishment and
tasks of the French SIRENE oce.37 The implementation and use of the French
NSIS were further regulated in several circulars from the Minister of the Interior.
The circulars of 17 and 23 March 1995 on the implementation of the CISA
describe the situations in which the French authorities are obliged to consult the
NSIS. They also conrm the direct eect of a SIS alert on an inadmissible alien,
even if this alert has been forwarded by another Schengen State.38
3.2. National Criteria for Entering Third-Country Nationals into the NSIS
There is no formal law or decision which describes the criteria on the basis of
which French authorities may report third-country nationals in the NSIS for the
purpose of refusal of entry. Only the aforementioned decree of 6 May 1995
33
34
35
36
37
38
Loi no. 92190, 26 February 1992, amending the French Immigration Act or Ordonnance no
452658, de 2 novembre 1945 relative aux conditions dentre et de sjour des trangers en
France.
Act no. 93992, 10 August 1993, JO 11 August 1993.
Arrt du 6 aot 1993, JO 19 August 1993.
Dcret no. 95577 du 6 mai 1995 relatif au systme informatique national du systme
dinformation Schengen dnomm N-SIS, JO 7 May 1995, p. 7420.
Dcret 95315, JO 24 March 1995. See also Arrt 31 July 2001, JO 5 August 2001.
Circulaire du 17 mars 1995 du ministre de lIntrieur ayant pour objet la mise en uvre de la
convention dapplication de laccord de Schengen, and Circulaire du 23 mars 1995 relative la
mise en uvre de la convention dapplication de laccord de Schengen signe le 19 juin 1990
(dispositions autres que lasile), both published in Textes de rfrence JORF, entered into force
8 March 1996. As I was unable to retrieve a published version of these circulars, I had to rely on
the description given in: S. Preuss-Laussinotte (2000), p. 138.
338
Chapter 11
denes the categories of data to be recorded into the NSIS and the authorities
with access to the NSIS. With regard to the data to be entered into the NSIS,
this decree generally follows the categories as described in Articles 95 to 99 CISA.
More specically, with regard to Article 96, Article 3 of this decree refers to
third-country nationals reported for the purposes of refusing entry on the basis
of an administrative or judicial decision. Aside from this circular of 6 May 1995,
there is no formally published information on the criteria used for the application of Article 96 CISA. I therefore had to rely on the information which has
been forwarded to me by the persons I contacted or interviewed during this
research.39 In general, there are three categories of decision based on which thirdcountry nationals are reported in the NSIS for the purpose of refusal of entry.
Firstly, a person will be registered in the NSIS on the basis of an administrative expulsion decision, based on a decision by the Ministry of the Interior (arrt
dexpulsion) or the local prefects (arrt prfectoral de reconduite la frontire,
AFPR). These decisions normally relate to the irregular stay of the third-country
national concerned or the withdrawal of his or her residence permit. This category of registration thus corresponds to the criteria of Article 96 (3) CISA. The
expulsion decision (known as E12 les) should be notied to the person in question. It is unclear whether this notication includes the information that the person will be automatically registered in the FPR and NSIS les. Informal gures
for 2004 establish that 60% of the data in this category had been forwarded by
the Ministry of the Interior and 40% by the prefectures.40
Secondly, a third-county national may be reported in the French NSIS on the
basis of a decision by the Ministry of the Interior, more precisely the Direction of
Public Liberties and Legal Aairs (Direction des liberts publiques et des aaires
juridiques), establishing that the entry or residence of the person concerned in
France is a danger to the public order (menace lordre public). The specic
motivation for such a decision regarding these les in the NSIS (le TE02 or
opposition entre en France) is secret. The legal basis for this decision is included
in L 2131 of the French Immigration Act 2006.
Thirdly, a SIS registration may be based on a judicial decision implying a ban
on entry (Interdiction du territoire franais or ITF, or le IT01). A French court
may issue such a formal ban on entry in conjunction with the criminal conviction
of a third-country national.41 This formal ban decision has two eects: it forbids
39
40
41
This information was given by persons from the police, CNIL and CIMADE.
According to a report forwarded by CNIL in 2005 to the Schengen Joint Supervisory Authority,
in reply to a questionnaire to the Schengen Joint Supervisory Authority on the implementation
of Article 96 CISA.
The amendment of the Immigration Act in 2003 (Loi Sarkozy) was aimed at limiting the use of
this double punishment (double peine); see further section 6.1.
France
339
the alien from remaining on (or re-entering) France and, secondly, it empowers
the French authorities to expel this person. These two latter categories of criteria
can be regarded as the implementation of Article 96 (2) CISA.
In practice, registration in the NSIS follows the prior registration of thirdcountry nationals in the French police information system: Fichier des Personnes
Recherches (FPR, see section 4.1 below). The authority responsible for the information held in FPR is the central criminal documentation service (service central
de documentation criminelle), which is a branch of the Ministry of the Interior.
In general, for the three categories of les mentioned above, the data forwarded
to FPR will automatically be recorded in the NSIS. If the forwarding authorities
do not want to have this data stored in the NSIS, they have to declare this explicitly to the authorities responsible for this le. If a le is deleted from FPR, the le
will automatically be deleted from the NSIS as well. However, deletion from the
NSIS does not mean that the data will automatically be deleted from FPR.
Theoretically, if a person has been expelled on the basis of an expulsion decision
(reconduite la frontire), his or her data should be deleted from the NSIS. In
practice, it has been established that such data were maintained in the NSIS on
the basis of the second category: the ministerial decision establishing that the
person concerned is a danger to the public order.42
To summarise, the authorities competent to decide whether a person may be
recorded in the NSIS for the purposes of Article 96 CISA are the French Ministry
of the Interior, the heads of the French dpartements or the prefectures (les prfectures) and the courts ordering a formal ban on entry. The authorities authorised
to forward information to the NSIS are the French national police, the French
military police (la gendarmerie) and the judicial authorities. A coordinating role
is assigned to the central department of border police within the French Ministry
of the Interior (Direction Centrale de la Police aux Frontires or DCPAF) with
regard to the decisions on inadmissibles and thus the registrations in the NSIS on
the basis of Article 96 CISA. This department was established in 1999, replacing
the former central department on immigration control and the ght against
illegal immigration (DICCILEC).43
In his circular of 17 March 1995, the Minister of the Interior stressed the
responsibility of the French authorities with regard to protecting the public order
of the other Schengen partners, when implementing Article 96 CISA.44 According
to the Minister in the same circular, for national authorities this registration in
42
43
44
340
Chapter 11
the CISA would imply a predetermination mechanism (dispositif de prdtermination) for inadmissible persons. This would imply that, in general, an alert in
the SIS on the basis of Article 96 CISA should result in the automatic refusal of
entry to the person concerned.
France
341
47
48
49
Circular of 12 May 1995 on the consultation of SIRENE France with regard to the application
of the Schengen Convention, Textes de rfrence JORF, entered into force on 8 March 1996.
Assemble Nationale, 10 June 1999, no. 1690, p. 38.
Circular 23 March 1995: Cest le cas pour la procdure de dlivrance des titres de sjour et
pour lloignement, et donc pour la vrication de la situation du SIS de tout tranger qui se
prsente vos guichets, ou qui est interpell par la police ou dont vous avez traiter le dossier au
regard du sjour ou dun loignement ponctuel. Cited in Preuss-Laussinotte (2000), p. 138.
342
Chapter 11
52
53
54
55
France
343
56
57
58
59
60
61
62
The rules of the CISA with regard to visa applications were implemented in the ministerial
circular of 23 March 1995 mentioned above.
See also C. Saas, Les refus de dlivrance des visas fonds sur une inscription au Systme
Information Schengen, Cultures & Conits 4950, 2003.
See the parliamentary report on visa policy (sur les moyens des services des visas) of Yves
Tavernier, member of the Assemble Nationale, no. 1803, 8 September 1999. According to
Tavernier, this increase in administrative appeals cannot be explained solely by the new obligation
of informed decision-making, but also, paradoxically, because of the more liberal visa policy: in the
light of this liberalisation, persons refused a visa would be more reluctant to accept this refusal.
Total amount of Article 96 reports in 2003 was 778,886 (source: Statewatch report April 2005).
Source: Statewatch website, news April 2005.
Source: report C SIS Exploitation team 01/01/2005.
Report, Assemble Nationale, no. 2095. See Preuss-Laussinotte (2000), p. 82.
344
Chapter 11
of alerts on persons and objects entered by the French authorities was one million,
147,000 of which were alerts involving individuals. In the same year, 52,398 or
35.6% of these reports involving persons concerned third-country nationals to be
refused entry. In 2005, the total number of French alerts involving persons had
dropped to 103,084, of which 53,487 or 51.9% concerned Article 96 alerts.
French reports on inadmissibles travelling in other Schengen countries led to
a relatively small number of hits. In 2002, only 257 hits occurred in other
Schengen countries on the basis of a French Article 96 registration (0.5%). The
French authorities recorded 3,027 hits on third-country nationals based on a
foreign (mostly German) report.63
France
345
1982 by the French government for the purpose of issuing residence permits.65
This system was modernised in 1993, allowing for a more complete management
of les on foreigners and, especially, for the ecient registration of legally resident
third-country nationals. AGDREF is maintained under the responsibility of the
Ministry of the Interior. According to the ministerial decree of 29 March 1993,
the goals of this system are:66
a. to improve procedures with regard to the legal and administrative situation of
foreigners;
b. to ensure the delivery of residence permits and applications for a residence
permit or renewal and administration, avoiding the risks of falsication;
c. to allow verication by the French authorities of the residence status of thirdcountry nationals, and;
d. to allow the compilation of statistics for use by the Ministry of the Interior.
The information to be stored in AGDREF includes, among other things, the
nationality, civil status, profession, identication number, visa and other conditions of entry of the foreigner concerned. AGDREF also includes information
about the residence permits issued to EU and EEA nationals, although other
rules apply with regard to which categories of data are to be stored.67
As mentioned above, the French authorities competent to deal with immigrants have simultaneous access to FPR, AGDREF and the NSIS.
4.3. Database with Regard to the Issuing of Visas
Following the introduction of a general visa obligation in September 1986, the
French government established a worldwide visa information network for use by
the embassies and consular posts abroad (Rseau Mondial Visa or RMV). There is
no formal legal basis for this network, only a decision (arrt) by the Ministry of
Foreign Aairs of 20 June 1989 providing for the creation of this system.68 The
goal of this French system is to improve visa application procedures, allowing for
the exchange of information on visa applicants between the dierent French
authorities concerned. This visa network in fact contained dierent les, including a le on the information as forwarded by visa applicants and the so-called
65
66
67
68
346
Chapter 11
69
70
71
France
347
72
73
74
75
348
Chapter 11
76
77
78
79
80
France
349
81
82
83
84
http://www.gisti.org/doc/actions/2006/eloi/index.htm.
CE Decision of 13 March 2007, no 297888, 297896, 298085.
Loi no 7817 of 6 January 1978 relative linformatique, aux chiers et aux liberts. Last
amendment by Loi no 200664 of 23 January 2006, JO 24 January 2006. An English version
can be downloaded from http://www.cnil.fr.
See also A.C.M. Nugter, Transborder Flow of Personal Data within the EC. A comparative analysis of
the privacy statutes of the Federal Republic of Germany, France, the United Kingdom and the Netherlands
and their impact on the private sector, Deventer: Kluwer Law Taxation Publishers 1990.
350
Chapter 11
draft bill.85 This draft included a proposal for the establishment of a national
Commission on Information Technology and Liberties (Commission Nationale
Informatique et Liberts, hereafter referred to as the CNIL) to be assigned supervisory, consultative and regulatory functions. Due to amendments required by
the French Senate, this Commission was to be partly composed of members of
the parliament. The Senate amended the original legislative proposal in order to
extend the scope of applicability to non-automated les. Instead of Loi relatif
linformatique et aux liberts, the French data protection law became the Loi relatif
linformatique, aux chiers et aux liberts.
Article 1 LIFL includes the general principle which lies at the heart of French
data protection law:
Information technology should be at the service of every citizen. Its development
shall take place within the context of international co-operation. It shall not violate
human identity, human rights, privacy or individual or public liberties.86
This principle illustrates the broader scope and goals of the French data protection
law, compared to other national laws. On the one hand, it arms that data
processing, in the rst place, should serve every citizen and should not be in
breach of the citizens rights, private life or his human identity. This positive
motivation for data processing would explain why the explanatory memoranda
to bills introducing new databases always emphasise the positive eects for individuals as well. For example, Articles 8.3 and 8.4 of the French Immigration Act
dealing with the registrations of third-country nationals start with the sentence:
To ensure a better protection of the rights of residence of third-country nationals
in a regular situation.87 On the other hand, this general principle conrms the
importance of international cooperation in this eld. The French law emphasises
the liberties of citizens, whereas the German law and, later, the Dutch law, are
more focussed on the protection of privacy or personality.
Since 1978, the French Data Protection Act has been amended several times,
including amendments to adapt the LIFL to the current provisions and standards of EC Directive 95/46 on the protection of personal data. Although the
French Data Protection Act was a model for this Directive, the French legislator
was obliged to rephrase its national principles in accordance with the wordings
chosen in the Directive. For example, the former Article 2 of LIFL included the
85
86
87
France
351
352
Chapter 11
to individual liberty and the guarantees as provided by the French Data Protection
Act and, on the other hand, the requirement of the proportionality between the
infringement of this liberty and the proposed police ngerprinting measures. As
we saw in section 4.4, the Constitutional Council decided with regard to this proposal that ngerprinting in general was not disproportionate. However, the proposed access by security agents to the les of the French authority responsible for
asylum applications (OFPRA) was rejected, since this access would deprive asylum seekers and refugees of their constitutional protection to asylum which
includes the condentiality of their data.91
5.3. NSIS and Applicable Rules
In general, the French Data Protection Act applies to the management and use of
the NSIS. However, there are certain exceptions or limitations concerning the
applicability of LIFL.92 For example, according to Article 7 of the decree on the
NSIS of 6 May 1995, the right of opposition or the right to demand the prohibition of further processing of ones personal data does not apply to the NSIS.
In the following sections, I will describe other exceptions to the rights and legal
remedies of third-country nationals stored in the NSIS.
5.4. Duty to Inform the Data Subject
Article 32 . LIFL provides for the duty of responsible persons or authorities to
inform the data subject of the purpose, consequences and destination of personal
information held. The person should also be informed of his or her rights. This
duty does not apply, on the basis of Article 32 V and VI, to les used on behalf
of the State for the purpose of national security, defence and public order, or for
the purpose of the enforcement of criminal convictions or security measures if
this exception is necessary for the purpose pursued. Moreover, data processing
for the purpose of the prevention, investigation, establishment or pursuit of
criminal facts does not fall within the duty to inform the data subject. From this
general rule, one could deduce that the authorities are not obliged to inform
third-country nationals of their registration in the NSIS for the purpose of nonadmission because these reports are generally justied by the authorities as serving
to maintain the public order.
5.5. Right to Access, Correct or Delete Data
5.5.1. Direct and Indirect Access
The French Data Protection Act distinguishes between direct and indirect access
by individuals to their personal information held in data les. Article 39 .
91
92
France
353
LIFL describes in general the right of access. With regard to data processing in
the interests of national security, defence or public order, the individual request
for access has to be addressed to the French Data Protection Authority or the
CNIL (see the following section), in accordance with Article 41 LIFL. This
Authority will then appoint one of its members to begin the necessary investigation and procedures. The CNIL has to inform the person that a member of the
CNIL has started the verication procedure.
With regard to the right of access to the data held in the NSIS, Article 6 of the
NSIS decree of 6 May 1995 stipulates that the right to access is to be exercised in
conformity with Article 39 (now 41) of the LIFL. This means that the right of
access has to be asserted through the CNIL.93 Based on a theory of indivisibility
of data les, it was generally accepted that if a public le contains information
which should be kept secret in the interests of national security, direct access to
the whole le should be denied. Before 2002, with regard to a request for access
to the NSIS, the NSIS was considered an indivisible le. In the light of the
partial use of the NSIS for national and public security purposes, both the government and the CNIL considered the procedure of indirect access applicable.
In a judgment of 6 November 2002, the highest French administrative court
(Conseil dtat) departed from its earlier jurisprudence on indivisibility with
regard to information stored on the basis of Article 96 CISA.94 In this case,
Moon, the head of a religious movement, applied for access to the information
entered in the NSIS on behalf of the German authorities on the basis of Article
96 CISA. Mr. and Mrs. Moon are South Korean nationals, who are resident in
the United States and leaders of the religious organisation known as the
Unication Church.95 The reason for this (extended) registration is based on
German concerns that the visit by Mr. and Mrs. Moon (born in 1920 and 1942
respectively) would pose a threat to the public order. Mr. Moon and his wife
started procedures in dierent EU Member States in order to be granted access
to one of those countries, despite the German alert.
In its judgment, the Conseil dtat explicitly distinguished between, on the
one hand, information held in the NSIS, communication of which would aect
the interests of national security, defence or public order and, on the other hand,
93
94
95
354
Chapter 11
information which would not aect these interests if communicated. With regard
to the second category, the highest administrative court decided that the responsible authorities, or the CNIL with the consent of these authorities, would have
to communicate these data to the person concerned. In order to implement the
consequences of this judgment, the French legislator amended Article 39 LIFL.96
Based on this amendment, information can be communicated directly by the
CNIL to the person concerned, if the CNIL concludes that the communication
of the personal data to the data subject does not interfere with the interests of
national security, defence or public order. The amendment also made it possible
for the regulation which is the basis for the data processing in the eld of security, defence or public order, to provide for the possibility of giving the person
concerned direct access to his or her data, if this does not interfere with the
goals of the les.
With regard to the information held in the NSIS, this means that the right to
indirect access still applies. Only if this would be provided for in a special regulation, a right to direct access would be possible but, so far, such a regulation has
not been adopted.97 In 2005, the extended power of the CNIL to communicate
insensitive information directly to the person concerned was restricted again.
Based on a decree from 2005, this information may not be communicated by the
CNIL if this is prohibited by the authority responsible for the data processing.98
This means that it is no longer the CNIL which decides whether the information
can be directly communicated or not.
Notably, with regard to the establishment of the French visa information system,
or RMV2 (see above), the legislator has chosen for a mixed right to access in
Article 6 of the decree of 22 August 2001.99 With regard to the information recorded
in respect of visa applications, the applicants can assert their rights to access directly
with the consulate or embassy where the visa application was lodged, however, information which has been recorded in attention les (chiers dattention) which is likely
to pose a risk to state security, defence or public security, is only accessible thro ugh
the right of indirect access, which is through the mediation of the CNIL.
5.5.2. Application for a Right to Access and Time Limits
The LIFL itself does not include a time limit within which the CNIL has to deal
with the request from the data subject. More specic rules for the implementation
96
97
98
99
France
355
of LIFL are laid down in the ministerial decree of 20 October 2005.100 Articles
8687 of this decree deal with the right to access to les relevant to state security,
defence or public security. In accordance with Article 87, the CNIL should
respond within four months to an application for access (this means informing
the applicant of the facts discovered by the CNIL). Within this period of four
months, the national authority to which the CNIL has forwarded the individual
application has a period of three months within which to respond. If the CNIL
is to collect information from a data protection authority in another EU Member
State or a third country, this period of four months will not commence, according
to Article 87 (3), until the CNIL receives the information from these authorities.
This means that persons applying for information about their record in the NSIS
can face lengthy delays before the Data Protection Authority will respond to
their application. Especially in the case of third-country nationals threatened
with expulsion based on information stored in the NSIS, the road to the CNIL
will often prove ineective.101
The length of the procedures of indirect access through the CNIL can be illustrated by a case which was brought before the Conseil dtat in 2004.102 This case
concerned an individual who applied to the CNIL for the right to indirect access
to his data, held in the NSIS. He was informed by the CNIL on 28 November
1997 that a member of the CNIL had started investigations. By a decision of the
administrative court in Paris of 26 May 1999, the CNIL was ordered to reply
within two months. Almost four year later, during which time the CNIL did not
respond, the CNIL was again ordered to reply, this time by the highest administrative court, in a judgment of 12 February 2003. Finally, in an answer of
17 November 2003, nine months later, the CNIL informed the applicant about
his NSIS report. In its judgment of 5 July 2004, when the case was again brought
before this court, the Conseil dtat did not refer to the length of time within
which this procedure took place. The Court only established that the CNIL did
nally respond to the request from the applicant which would have rendered
null and void the application for the annulment of the CNIL acts.103
5.6. Composition, Tasks and Powers of the French Data
Protection Authority (CNIL)
The French Data Protection Authority (CNIL) consists of 17 members: four
Members of the French Parliament (two from the Senate and two from the
100
101
102
103
356
Chapter 11
National Assembly); two members of the Economic and Social Council (Conseil
conomique et social ); two members or former members of the Council of State
or Conseil dtat; two members or former members of the Cour de Cassation; and
two members or former members of the French Court of Auditors (Cour des
Comptes). Only ve persons are designated as members for the CNIL because of
their knowledge of information technology or questions with regard to individual liberties. Three of these ve specialists are assigned by the government and
two by the French parliament. The composition of the CNIL has changed over
the years. An important role was lled by Jacques Fauvet, who was chairman of
the CNIL between 1984 and 1999 and who, as we saw above, criticised the
development of the SIS.
The CNIL has primarily advisory tasks. Article 25 LIFL describes the data les
which require a positive opinion from the CNIL before their installation. Since
the French Data Protection Act was amended in 2004, Article 26 LIFL provides
for an important exception to this principle of prior authorisation by the CNIL.
Files in the interests of national security, defence or public security, or les used
for the prevention, investigation, establishment and pursuit of criminal oences
or the enforcement of criminal punishments or security measures no longer
require prior approval. According to Article 26 LIFL, these measures only need a
motivated and published opinion from the CNIL. This means that police forces
can establish new les, even if the CNIL has given a negative opinion on the proposal concerned. For example, in early 2005, the legislator proposed the reinstallation of a database on people accommodating third-country nationals (chier
relative aux hbergeants). This le has a long history within the French administration and has been previously withdrawn. The proposal for re-installation was
criticised by the CNIL. In its opinion of March 2005, the organisation criticised
the extended scope of the information to be held in this le.104 The conclusions
in this opinion were only partially followed by the legislator when adopting the
nal decree on the database.105
Initially, the CNIL had only limited powers. On the basis of Article 45 . LIFL,
the French Data Protection Authority can issue a warning against the responsible
organisation or authority failing to comply with the rules of the French Data
Protection Act. If this organisation or authority does not act upon this warning,
the CNIL may impose a nancial penalty or order the blocking of the data
processing. Since the amendment of LIFL in 2004, the CNIL has had the option
of imposing nancial sanctions if the authority or organisation concerned does
104
105
CNIL, Dlib. no. 2005052, 30 March 2005, see Bulletin Dictionnaire Permanent Droit des
trangers, no. 137, September 2005, p. 6818.
Decree no. 2005937, 2 August 2005, JO 6 August 2005.
France
357
not observe the sanctions issued by the CNIL.106 These sanctions may include
nes up to a maximum of 150,000 for the rst oence, up to a maximum of
300,000 in case of repeated oences within ve years of the rst sanction by the
CNIL becoming denitive. This new competence means an important extension
of the powers of the CNIL.107 In June 2006, the CNIL used this new competence
for the rst time and imposed a ne of 45,000 on the French bank Crdit
Lyonnais. The bank was ned following repeated complaints from customers who
were wrongfully registered in central databases of this company.108
In addition to this power of the CNIL to impose sanctions, new oences have
been added to the criminal code, punishable by nes of between 100,000 and
300,000 or even three to ve years of imprisonment.109 These oences include, for
example, failure by the authority or person responsible for the data processing to
inform the individual of the purpose and use of the le and of his rights. Also, if the
data processor exceeds he applicable time limits for the storage of information or is
keeping data for purposes other than prescribed, this person or organisation risks a
ne or imprisonment. The CNIL may submit such cases to the public prosecutor if
it nds that the rules of the French Data Protection Law have been breached.
During the period under study, the CNIL had only ve ocials available for its
control and investigative functions. This means that systems such as the NSIS,
AGDREF and the visa les were rarely, if ever, properly checked. In a press statement in 2005, Alex Trk, president of the CNIL, referred to the increasing number
of applications for access to police les which were received by the CNIL.110
According to this statement, this increase was directly related to the dierent new
measures which had recently been taken by the French government in the ght
against terrorism. In the same statement, the president of the CNIL stressed that
the organisation was no longer equipped to handle the large volume of individual
requests and that, therefore, new nancial resources would be necessary.
5.7. Practical Information on the Right to (Indirect)
Access to NSIS Information
The annual reports of the CNIL oer valuable statistical information on the use
of the individual right of (indirect) access to data held by government
106
107
108
109
110
358
Chapter 11
111
112
113
114
France
359
conformity with the provision of Article 22 of EC Directive 95/46 on the protection of personal data or Article 111 CISA. Article 22 requires national law to provide for judicial remedies, even if administrative procedures before the national
data protection authority are available. However, the general rules of administrative law apply to decisions by the public authorities. This also applies to decisions
by the CNIL, which is an administrative authority. An individual may therefore
lodge an administrative appeal against the decisions of the CNIL.115
115
116
117
See, for example, the judgment of the Conseil dtat, CE 5 July 2004, no. 210185, referred to
in section 5.5.2 above.
See http://www.ladocumentationfrancaise.fr/rapports-publics/994001043/index.shtml.
Code de lentre et du sjour des trangers et du droit dasile. Loi no 2003-1119, JO 27
November 2003.
360
Chapter 11
The Immigration Act 2003 included certain amendments to the law on residence
permits, with the stated aim of improving the integration of legally resident foreigners. For example, the Loi Sarkozy limited the possibility of the so-called
double punishment (double peine) whereby a judge in a criminal court could
order, in addition to the imprisonment of a convicted foreigner, his expulsion
upon release.118 Commentators criticised this so-called lifting of the double peine,
arguing that the Loi Sarkozy only modied the applicable rules and in fact
extended its application to new oences.119
In 2004, French immigration law had been re-codied to produce a more
readable text.120 Only two years later, the second immigration law reform project
of Minister Sarkozy was adopted by the French parliament. This Loi Sarkozy
2006 or the Law on Immigration and Integration (Loi relative limmigration et
lintgration) included stricter rules for the admission of third-country nationals,
including in the eld of family reunication, and provided for less stringent rules
with regard to the admission of certain categories of migrants, including labour
migrants, students and researchers.121 In the following sections, I will refer to this
new law as Immigration Law 2006.
6.2. Amendments to French Immigration Law and the NSIS
Some of the amendment projects described above included changes with regard
to the applicable law on the use of the NSIS and the availability of legal remedies.
The most important amendments which are relevant to the use of the NSIS, concern the (re-)introduction of the duty to motivate visa refusals, the establishment
of a special commission responsible for re-examining visa applications after a
refusal by the consul, and the various amendments withdrawing or reintroducing
the suspensive eect of an appeal against an expulsion.
Below, I will describe the relevance of the interim procedures before the
administrative court with regard to immigration law procedure, as provided in
Articles L. 521-1 and 5212 respectively of the Code de Justice Administrative.
These remedies include the so-called rfer-suspension and rfer-libert. As we will
118
119
120
121
See D. Turpin, Les nouvelles lois sur limmigration et lasile dans le contexte de lEurope et la
mondialisation, Revue critique de droit international priv, 93 (2) avril-juin 2004, p. 311393.
F. Julien-Laferrire, La loi no. 2003-1119 du 26 Novembre 2003 relative la matrise de
limmigration, au sjour des trangers en France et la nationalit, in Carlier & De Bruycker (2005),
p. 530558, and C. Saas, Exceptionalism and the rule of law in the EU: The changes in laws on
immigration and asylum in France in response to terrorist fears, paper for Elise, 2003. Published at:
http://www.libertysecurity.org; also published in Baldaccini & Guild (2006), p. 233 .
Code de lentre et du sjour des trangers et du droit dasile (Loi Reseda), Ordonnance no.
2004-1248, 24 November 2004, JO 25 November 2004.
Loi no 2006-911 of 14 July 2006, JO 25 July 2006.
France
361
see in the following sections, these remedies are especially important with regard
to expulsions based on NSIS reports.122 To use this procedure, two requirements
have to be fullled: rstly, the urgency of the case must justify suspensive
measures and, secondly, serious doubt must exist with regard to the lawfulness of
the decision. An appeal for a suspensive measure based on L. 521-1 should be
preceded by a procedure on the merits of the case.
Finally, for our subject it is important to refer to the French law on the rights
of citizens in their relations with the administration.123 According to Article 4 of
this law, each administrative decision should indicate the author of the decision.
Also, this law states that if the administrative authorities do not reply to an individuals application within two months, this silence is to be considered a refusal
of the application.
6.3. Duty to Motivate Decisions
Article 5 of the Immigration Act as amended in 2003 states that the access to
French territory may be refused to an alien whose presence would pose a threat
to the public order. Before 1986, these refusals had to be given in a written,
motivated decision. This requirement was based on the general principle in
French administrative law of 11 July 1979 that negative administrative decisions
should always be motivated.124 Since 1986, with the amendment of the French
Immigration Act (Loi Pasqua 1986, not to be confused with the Pasqua laws of
1993), decisions to refuse visas have been excluded from this general
requirement.125
In 1997, it was ruled that the aforementioned amendment would be contrary
to the obligations deriving from the French Data Protection Act with regard to
visa refusals based on information recorded in the NSIS. If the authorities were
not obliged to justify such decisions, data subjects would not be able to assert
their rights of access to the data le in accordance with the LIFL. This argument
had been forwarded by Patrick Weil in his report to the French legislator of
31 July 1997: it is necessary to provide the motivation for visa refusals in the case
of registration in the NSIS, to allow the person concerned to apply his right of
122
123
124
125
The availability and meaning of these suspensive procedures in immigration law are extensively
dealt with in the report of GISTI, Utiliser le rfr administrative pour la dfense des trangers,
Paris, November 2005, see http://www.gisti.org.
Act of 12 April 2000. Loi no 2000-321 relative au droits des citoyens dans leurs relations avec les
administrations. JO 13 April 2000. Entered into force on 1 November 2000.
Law on Administrative Justice of 11 July 1979, Code de Justice Administrative.
Article 16 of the Law no. 86-1 025, 9 September 1986, amending the French Act no. 79587
of 11 July 1979 with regard to the motivation of administrative acts.
362
Chapter 11
access through the CNIL.126 This consideration resulted, in 1998, with the
amendments of the Loi Chevnement, in the reintroduction of the duty of motivation with regard to certain categories of visa refusal.127 Since this amendment to
Article 5 (1) of the Immigration Act in 1998, the French authorities are obliged to
provide grounds for the reasons for the refusal of a visa in eight situations, except
if considerations of national security would prevent this motivation. One of these
situations is when the decision to refuse a visa is based on the fact that this person
has been reported in the NSIS for the purpose of refusal of entry.128
During the parliamentary debate, Minister Chevnement stressed the limited
scope of this duty to motivate.129 According to the Minister, this would not oblige
the authorities to disclose the real motives for the registration in the NSIS since
these motives could be kept condential. The only information to be communicated to the person concerned would be the fact he or she is registered and by
which country or countries. To nd out the reasons for the NSIS alert, the person
concerned would have to address these other countries.
According to the French Member of Parliament, Mr. Tavernier, this duty to
motivate visa refusals based on a registration in the NSIS would have led to an
explosive increase in judicial proceedings before the French Conseil dtat. This
jurisprudence will be dealt with in section 7.
6.4. Legal Remedies
6.4.1. The Position of the Administrative Court in Immigration Law
To understand the role of the court in French immigration law, it is necessary to
take into account several developments. Traditionally, French administrative
courts have only had a marginal role with regard to the functioning of the administration and the denition of law. This was a consequence of the general and,
perhaps, compared to other countries, stricter view with regard to the separation
of powers. It was held that the function of administrative courts was to ensure
the correct application of the law and not to dene the law, since this latter task
126
127
128
129
France
363
belonged to the sovereign power of the legislator. This exclusive role for the
legislator particularly concerned French immigration law. Applying judicial selfrestraint, administrative courts generally respected this discretionary power of
the administration. Since the late 1970s, the administrative courts, led by the
Conseil dtat, have started to play a more extensive role with regard to the eld
of immigration law. Their scope of review extended to dierent administrative
decisions relating to third-country nationals, including regulations, ministerial
circulars and individual expulsion orders. An initial reason for this extended role
by the administrative courts was the case law of the Strasbourg Court with regard
to the European Convention on Human Rights. On the basis of this case law,
it became clear that with regard to immigration measures too, the national
authorities should respect human rights as protected in the European Convention.
Another important role was played by the French NGOs. Civil rights organisations, such as GISTI, started a test case against the French government on behalf
of immigrants with regard to important institutional questions. Thirdly, the recognition of an extended role for the administrative courts was supported in different decisions of the Constitutional Council. This Council, established by the
French Constitution of 1958 as an advisory institution, departed in its conclusions from the traditional distinction between judicial and administrative courts
( juges judiciaire and juges administratives). In Article 66 of the Constitution, the
juge judiciaire was opposed to the juge administrative, declared the guardian of
individual liberties. In various opinions, the Constitutional Council emphasised
that this constitutional protection of individual liberty applies to foreigners as
well.130 Despite the wording of Article 66, the Constitutional Council seemed to
favour the competence of the administrative courts with regard to the protection
of the rights and liberties of foreigners. In its decision on the Act to adopt the
CISA, the Constitutional Council explicitly referred to the guaranties in this
Treaty with regard to the protection of the respect for personal liberty.131 Since
these guarantees are to be provided by the French Data Protection Authority,
which is an administrative authority, the Constitutional Council implicitly
accepted the power of the administrative court in this matter.
Finally, one could refer to another important development with regard to the legal
protection of individuals under administrative law, which is the introduction of the
possibility of an application for interim relief before the administrative courts.132
As mentioned above, this new law provided the possibility for administrative courts
130
131
132
364
Chapter 11
133
134
France
365
Debr in 1997, the Loi Chevnement re-installed a new Commission, now called
the Commission du titre du sjour. However, its practical meaning remains
relatively weak.
6.4.3. Legal Remedies Against the Refusal of a Visa
Before 2000, third-country nationals whose visas had been rejected could lodge
an appeal against this refusal with the Conseil dtat as a court of rst and last
instance. Since 1 December 2000, visa applicants now rst have to address a
special commission of appeal (Commission de recours contre les dcisions de refus de
visa). Only when this commission sustains the administrative negative decision,
the person concerned may apply to the administrative court.135 The establishment of this special commission of appeal has been justied by the French legislator because of the enormous caseload weighing on the administrative court
with regard to decisions regarding visa refusals. As mentioned in section 6.3, this
increase in judicial procedures against visa refusals based on the NSIS, is said to
be linked to the new requirement of motivated decision-making as provided for
in the Loi Chevnement of 1998.136
This commission for appeals against visa decisions should be addressed within
two months of the individual having been notied of the refusal. The Commission,
which falls under the organisation of the French Ministry of Foreign Aairs, has
only an advisory role. When it advises the Ministry of Foreign Aairs to issue the
visa, the Ministry is allowed to uphold its initial negative decision. After having
applied to this Commission, the applicant is allowed to lodge an appeal with the
administrative court. The applicant may appeal against the negative advice of the
commission, or the renewed negative decision of the Ministry of Foreign Aairs.
Despite the compulsory procedure before this Commission, in an urgent situation
it is still possible for the applicant to lodge an appeal for a suspensive measure before
an administrative court in accordance with Article 521-1 of the French Administrative
Act. Although the administrative court applies strict criteria to assess the urgency of
the situation, the suspension of a visa refusal has been ordered in cases where this
measure seemed necessary to oer the applicant the possibility of caring for minor
children, a spouse or family members in need of help.137
135
136
137
Dcret no. 2000-1093, 10 November 2000, JORF. See further GISTI, Les visas en France,
La rglementation, les recours, les textes, Les Cahiers Juridiques, Paris: GISTI, May 2003 and its
updated version: Les Visas, Les Cahiers Juridiques, Paris: GISTI, September 2006.
See P. Hubert, De Schengen Amsterdam: Questions juridiques et solutions institutionnelles,
in: K. Hailbronner, P. Weil (eds), From Schengen to Amsterdam. Towards a European Immigration
and Asylum Legislation, Trier ERA Series of Publications, Vol. 29, 1999, p. 6573.
See, for the criteria as developed by the Conseil dtat, the report of GISTI, Utiliser le rfr
administrative pour la dfense des trangers, Paris, novembre 2005, p. 2021.
366
Chapter 11
The French law on visas is almost silent with regard to which criteria apply to
visa refusals or to the issue of visas. Therefore, traditionally, the administrative
court has only a marginal role in assessing the lawfulness of decisions by the
French authorities to refuse visas. Only if the court establishes that there has
been a manifest error of evaluation (erreur manifeste dapprciation) can the
administrative decision be annulled. The jurisprudence on visa refusals and the
NSIS, described in section 7, show that the Conseil dtat used this marginal role
on a regular basis to quash refusals of visas. Generally, these annulations are based
on the grounds that the third-country complied with all the general visa
conditions or that the visa refusal is in breach with his right to family life.138
6.4.4. Legal Remedies Against Expulsion
French law distinguishes between two categories of expulsion. The rst category
concerns the decision to expel foreigners who reside legally on French territory and
who are ordered to leave France for reasons of public order or national security.
This category of expulsion is regulated by Article L. 521-1 . of the French
Immigration Act 2006. The second category concerns the decision of the French
authorities to expel a person to the external border (reconduite la frontire), based
on the fact that this person is in France illegally. This expulsion decision is provided
for in Articles L. 511-1 and L. 5313 of the Immigration Act 2006.
Both decisions (expulsion and reconduite la frontire) can be issued by the local
prefects or by the Minister of the Interior. After 2001, the Minister of the Interior
addressed the local prefectures on several occasions, demanding a more active
expulsion policy with regard to unwanted or illegal third-country nationals.
In 2005, the Minister of the Interior published a report according to which,
between 2001 and 2005, the number of current expulsions increased by 68.6%.139
Procedures against expulsions in the rst category have no suspensive eect
(Article L. 523-1), however these persons are to be informed and heard in
advance. Only procedures against an expulsion in the second category (arrts
reconduite la frontire) will automatically suspend the decision for the rst
48 hours, unless this person is registered in the NSIS on the basis of a nal decision (dcision excutoire) by one of the other Schengen States, or if the expulsion
is based on a foreign expulsion decision.140 This latter exception was added by an
amendment to the Loi Sarkozy of 2003 and is based on Directive 2001/40 on
the mutual recognition of expulsion decisions.
The lack of suspensive remedies with regard to expulsion orders on the basis of
a foreign SIS report has been questioned in the French Parliament. In reply to
138
139
140
France
367
these questions, the Minister of the Interior made it clear that foreign decisions
to register a third-country national in the NSIS are to be considered denitive
decisions. The Minister added that hypothetically it may be presumed that this
foreign decision is notied to the person concerned and that the applicable time
limits for appeal have expired.141 This presumption would, according to this
Minister, justify immediate expulsion since the person concerned would already
have had the possibility to appeal against the decision which forms the basis for
the SIS report.142 This presumption is, however, wrong because Article 96 CISA
does not include the requirement that the alert can only be based on a nal decision by national authorities. In practice, in France, but also (as we will see in the
next Chapters) in Germany and the Netherlands, third-country nationals do not
always have the right to appeal against the decision which forms the basis for
their registration in SIS.
As mentioned above, the persons to be expelled may invoke the suspensive
remedies as based on Articles L. 521-1 and L. 5212 of the French Administrative
Act. Both the rfr-suspensive and the rfr-libert could be relevant for a person
to be expelled on the basis of a SIS report, if the court is convinced of the need to
suspend the possible expulsion, or to order the liberation of this person if he is
detained in one of the French detention centres.143
7. Case Law
7.1. Introduction
Since the NSIS became operational, French case law with regard to the use of the
NSIS in immigration law has been steadily generated. Just one week after the
NSIS became operational, the administrative court of Strasbourg issued the rst
judgment on the NSIS, in which the court annulled a decision to expel a thirdcountry national on the basis of a SIS entry.144 The most important judicial
141
142
143
144
le signalement ne fait donc que rappeler lexistence dune dcision excutoire prise par un
autre membre, donc par hypothse, notie et dont les dlais de recours sont expirs. See the
ministerial answer to the question of Vuilque, no. 54624: JO 28 November 2004, p. 10386
and JO 22 February 2005, p. 1959.
Le signalement justie donc une reconduite sans dlai et sans recours suspensif ds lors que
lintress a dj eu la facult dexercer un recours contre la dcision excutoire qui est lorigine
de ce signalement.
See further the GISTI report of 2005, pp. 5960.
TA Strasbourg, 3 April 1995, M. Igel c/Prfet de la Moselle. See, for an overview of this early jurisprudence on NSIS, E. Aubin, Le juge administrative franais face lapplication de la Convention
de Schengen dans ses dispositions sur le droit dasile. Bilan juridictionnel de lapplication en
France des accords de Schengen, Revue de droit Public no. 32000, p. 829862.
368
Chapter 11
procedures involving Article 96 CISA are the procedures against expulsion orders
and the decisions based on which visa applications have been rejected. Other
procedures, which resulted in a lesser volume of case law, concern the refusal of
entry or a residence permit based on an Article 96 report.
Important milestones in the jurisprudence, even internationally, were the
Hamssaoui and Forabosco judgments by the Conseil dtat in June 1999.145 In the
rst judgment, which dealt with the refusal of short-stay visas, the court ruled on
the duty of the French authorities to inform data subjects on the State or authority issuing a SIS alert. In the second judgment, the court annulled the refusal of a
long-term visa, acknowledging the power of national courts to assess the legitimacy
of foreign decisions to report a third-country national in the NSIS.146
7.2. Duty to Inform the Data Subject
The duty of the French authorities to motivate their decisions based on registrations in the NSIS has been a regular subject of the decisions by administrative
courts in immigration law. With regard to refusals of visas, as well as with regard
to expulsion decisions or refusals of entry to the territory, the courts did not
accept the mere reference by French authorities to the existence of the SIS report.
In 1999, in the famous Hamssaoui judgment, the Conseil dtat ruled that decisions refusing a visa to a person, based on the fact that this person is registered in
the NSIS, should indicate the foreign state which entered the applicant in the
NSIS.147 The Court referred in this decision directly to the statements by Minister
Chevnement during the parliamentary debate on the amendments providing
for this duty to motivate certain categories of visa refusals. In its judgment, the
Conseil dtat uses the words state and authority. One could therefore argue
that, according to this Court, the authorities have to inform the visa applicant
not only of which State, but also of which specic authority within this State
reported the person into the NSIS . However, given the fact that the Court refers
to the parliamentary history of this provision (during which reference is only
made to the foreign state) and the fact that the Court does not give any other
explanation, it does not seem that the Court actually meant to extend the duty of
information in this way. In later judgments, the Conseil dtat refers only to the
State which reported the person in the NSIS (ltat auteur du signalement).148
145
146
147
148
CE 9 June 1999, Mme. Hamssaoui, no. 198344, 9 June 1999, and CE 9 June 1999, M. et
Mme. Forabosco, no. 190384.
See, for an extended analysis of these and other French judgments on SIS, Elspeth Guild,
Adjudicating Schengen: National judicial control in France, European Journal of Migration and
Law, 2000/1, p. 419439.
Decision of 9 June 1999, no. 198344.
CE 20 February 2002, Boucetta, no. 220420.
France
369
The Conseil dtat established further in the Hamssaoui judgment that the duty
to inform the applicant as mentioned above cannot be replaced by referring to the
possibility for the applicant to apply to the French Data Protection Authority for
his or her right of indirect access to the information.149 The same conclusion was
reached by the administrative court of appeal of Paris with regard to the decision
to refuse entry.150 This case concerned a third-country national, Minin, who had
been refused access to French territory based on a registration in the NSIS. During
the procedures of this case, the Minister of the Interior had argued several times
that the application for entry by Minin had to be considered a request for access
to his information. Therefore, according to the Minister, the applicant had to
apply to the French Data Protection Authority for his right of indirect access. The
higher court of Paris explicitly stated that such a reference could not replace
the obligation to motivate the decision to refuse entry in question.151
French jurisprudence is not clear on whether an administrative decision based
on the SIS information forwarded by other Schengen states should indicate the
reasons for these foreign reports. In a judgment of 20 February 2002, the Conseil
dtat decided that a French decision rejecting a visa, based on a SIS report,
should indicate the State forwarding this report to the NSIS, but not the reasons
for this report.152 A broader interpretation of the duty of motivation was given in
the aforementioned judgment in the Minin case. Here, the Paris court considered that the mere reference in the decision to the fact that Minin was a danger
to the public order, without mentioning any facts of circumstance, did not full
the legal obligations regarding motivation (as provided in the general administrative law of 1979, see section 6.3). In a decision of 2004, the administrative tribunal of Pau held that a decision by a prefect to expel a person on the basis of a
German SIS report was unlawful because the prefect failed to indicate the date
on which the German authorities had forwarded this report to the NSIS.153
An interesting issue was dealt with in the judgment of the Conseil dtat in the
Joorawon case of 10 January 2003.154 This case concerned the question of whether
the sole fact of being registered in the NSIS for the purpose of refusing entry to a
third-country national was sucient motive for the refusal of a visa, even if the
provisions of the CISA did not apply to the French overseas department, whose
149
150
151
152
153
154
370
Chapter 11
consulate (at Port Louis, Mauritius) had refused the visa application. The
government, reasoned during this case, that even if the CISA did not apply to
the consulate concerned, the entry of the person into France would be contrary
to the public order of France, considering that the record in the NSIS was justied by the grave oences of which the applicant was accused. The Court rejected
this separate meaning or eect of a SIS report. Since the consulate erroneously
motivated the decision to refuse a visa, solely on the basis of the fact that the
applicant was reported in the NSIS for the purpose of being refused entry, the
consulate committed a legal error (une erreur de droit). This error could not be
replaced by the argument of the Minister of Foreign Aairs that, based on the SIS
report, the entry of the person could be regarded as a danger to the public order.
Even if this latter ground could have been a legally justied ground for refusal of a
visa application, this did not legitimise the refuted decision, which was taken solely
and mistakenly on one ground. In later judgments, the French Conseil dtat did
however accept this so-called substitution of motivation, in which the government replaced the initial (unlawful) motivation for a negative decision during the
proceedings for a lawful motivation.155
7.3. Assessing the Validity of Foreign SIS Reports
In general, French law includes the principle that an administrative decision can
be annulled by the court if this decision is based on prior, unlawful decisions.
In 1994, the Conseil dtat ruled that French courts were not competent to assess
the legality of foreign decisions.156 However, in its Forabosco judgment of 9 June
1999, the Conseil dtat departed from this line.157 In this decision, the Conseil
dtat explicitly conrmed the competence of the administrative courts to deal
with the question on the lawfulness of a foreign report in the NSIS based on
Article 96 CISA. The case concerned a Romanian national, Ms. Forabosco, who
was married to a French national; both were resident in France. Planning to stay
with her husband, she applied for a visa for a longer stay at the French consulate
in Bucharest. This visa was refused on the basis of the German registration of
Ms. Forabosco in the NSIS. In its judgment, the Court explicitly stated that, it
is the task of the administrative court, dealing with an individual appeal against
an administrative decision which is based on a report for non-admission, to
155
156
157
France
371
consider the legitimacy of this report, even if it is made by a foreign administrative authority.158 The Conseil dtat established that the motive of the German
report was based solely on a decision which had denied Ms. Forabosco asylum in
Germany. According to the Conseil dtat, this motive did not fall within the
limitative grounds mentioned in the second and third paragraphs of Article 96
CISA. Therefore, the Court considered that there were justied grounds for
annulling the refusal of the visa.159 The Conseil dtat repeated this conclusion
with regard to the unlawfulness of German decisions to report rejected asylum
seekers in the NSIS in later judgments.160
Another German motive for registration in the NSIS was rejected in a decision by the Conseil dtat of 13 December 2002. In this case, an Algerian national,
Kouchi, had obtained refugee status in Germany, but was reported by the
German authorities in the NSIS because he had left Germany without informing
the German authorities.161 As a result of this entry, Kouchi had been refused a
short-stay visa by the French consulate in Algiers. The French Court ruled that
these motives did not full the criteria of Article 96 CISA and annulled the
refusal of the visa.
In a case where it became evident that a German decision to report a person in
the NSIS was not based on a refusal to grant asylum, but on a removal decision
against this person, which was neither reported nor suspended, the highest
French administrative court found this motive in conformity with the criteria of
Article 96 (3) CISA.162
In a judgment from 2003, the Conseil dtat explicitly dealt with the (limited)
power of the French administrative courts to assess the lawfulness of foreign decisions based on which the foreign authorities issue a SIS alert.163 This case concerned the application by a Romanian national, Mr. Gheorghita, for a short-stay
visa for France. This application had been rejected by the French visa authorities
158
159
160
161
162
163
Mais considrant quil appartient au juge administratif, saisi de conclusions diriges contre
une dcision administrative fond sur le signalement dune personne aux ns de non-admission, de se prononcer sur la bien-fond du moyen tir du caractre injusti de ce signalement
alors mme quil a t prononc par une autorit administrative trangre.
The fact that a visa had been issued to Ms. Forabosco, before this judgment, did not prevent
the Court annulling the former decision by which the visa was refused.
CE 9 July 2001, Matumona, no. 209037; CE 11 July 2001, M. and Mme. Iqbal, no. 206644;
CE 15 March 2002, Krouf, no. 221818. See also C. Saas, where she describes French jurisprudence with regard to the German criteria on the input of rejected asylum seekers into NSIS:
Les refus de dlivrance des visas fonds sur une inscription au Systme Information Schengen,
Cultures & Conits 4950, 2004.
CE 13 December 2002, Kouchi, no. 224877.
CE 29 July 2002, X, no. 236190.
CE 23 May 2003, no. 237934, Mr. Gheorghita Catrina.
372
Chapter 11
because of an Italian Article 96 alert based on a previous illegal stay by the applicant in Italy. The appeal of Mr. Gheorghita against this visa refusal was then
rejected by the special commission of appeal against refusals of visas. Dealing with
the appeal against the decision of this commission, the Court repeated its earlier
conclusion that the French administrative courts are competent to assess the lawfulness (caractre injusti) of foreign reports in the NSIS. However, the Court
added that these courts were not competent to assess the lawfulness (lgalit) of
the foreign decisions which formed the basis of the SIS reports.164 Therefore, the
Court reasoned that the applicant, who did not refute the fact that the residence
ban by the Italian authorities was one of the motives as provided in Article 96,
could not eectively establish (ne saurait utilement se prvaloir ) that the Italian
residence ban would have been irregularly imposed or would have been disproportionate to the oences committed by the applicant. The Court argued that
even if this Commission had made a legal error by basing the conclusion that the
applicant would pose a threat to the public order solely on the SIS report by
Italian authorities, the instructions deriving from Articles 5 and 96 CISA, notably, would have led to the same decision: that is refusal of the visa. The highest
French administrative court seemed to refer to the impossibility for national
courts to assess whether decisions by foreign authorities are taken in conformity
with their foreign legislation. The competence for national courts is restricted to
the assessment of whether a SIS alert and the motivation for this alert are in
accordance with the provisions of the CISA. This latter assessment is much easier
to make than the assessment of whether a foreign alert is in accordance with the
law of a foreign State which requires knowledge of this foreign law.
Finally, in the case of Mr. Moon (see also section 5.5.1), dealing with an application for access to the NSIS data now submitted by the spouse of Mr. Moon,
the Conseil dtat also seemed reluctant to assess the lawfulness of the German
reasons for reporting Mr. and Mrs. Moon in the NSIS.165 In the new judgment,
the Conseil dtat upheld the decision of the CNIL not to forward information
on the NSIS report to Mrs. Moon. The Court argued that, based on the information submitted by the German government with regard to the reasons for her
report in the NSIS, the French authorities were justied in deciding, without
making a manifest error of appreciation, that the German SIS report was not
based on any legal or factual error. Therefore, the application to annul the refusal
of rectication made by the CNIL was rejected.
164
165
il nest en revanche pas comptent pour statuer sur la lgalit des dcisions des autorits des
autres Etats parties qui fondent ce signalement.
CE 2 June 2003, no. 219588, Hak Ja Han M (Mrs. Moon).
France
373
166
167
168
169
374
Chapter 11
weighed by the courts when assessing a visa refusal on the basis of a SIS report.
In 2003, the Conseil dtat decided on a case where the French consul in
Casablanca rejected the application by a Moroccan national for a long-term visa
on the basis of an Article 96 SIS report. The person was reported by the Italian
authorities based on the persons non-compliance (non-respect ) with the Italian
immigration law. In its judgment, the Court annulled the decision of the
Commission de recours contre les dcisions de refus de visa by which the applicants
appeal against the decision of the consul was rejected. According to the Conseil
dtat, the decision of this Commission was based on a manifest wrong appreciation (une erreur manifest dapprciation). The Conseil dtat emphasised that
the applicant stayed and worked on a regular basis in France between 1993 and
2000 and that he could not be regarded as a danger to the public order solely on
the basis of the fact that he acted in breach of the Italian immigration law.170
In some cases, the Conseil dtat accepted that the authorities did not make
any attempt to balance interests. For example, this was the case in a judgment of
29 July 2002, dealing with a Cameroon national whose short-stay visa had been
rejected, based on a German report in the NSIS for refusal of entry.171 The applicant maintained that he previously resided in Germany as the spouse of a German
national but that, during this period, he had never posed a threat to the public
order. The Conseil dtat rejected his appeal, arguing that these circumstances did
not aect the lawfulness of the decision by the French embassy, since this decision
was in conformity with the provisions of the CISA.
In another judgment of 4 November 2002, the Conseil dtat accepted a period
of seven years between the date when this person was reported in the NSIS and
the date when the French authorities had refused him a visa based on this
report.172 Without going into the interests of the individual concerned, the Court
found the visa refusal justied provided the applicant did not reveal that the
report had been withdrawn by the foreign states. This case concerned an Algerian
national who had been reported by both German and Spanish authorities in the
NSIS because he had failed to comply with the national regulation on the entry
or residence of third-country nationals. In a comparable case brought before the
Conseil dtat in 2003, the Court upheld the decision by the special Commission
on visa applications in which (in 2001) an Algerian national had been refused a
visa on the basis of a report entered in the NSIS by the German authorities,
based on an expulsion order from 1993.173
170
171
172
173
France
375
174
175
176
177
178
179
180
See, with regard to the suspension of expulsion: TA Nice, 16 July 2002, no. 023061, Barzilay;
TA Lille, 16 May 2002, no. 021741, Valencia. See for the use of the rfr-libert: TA Pau,
31 May 2002, no. 02820, Mejri. Described in GISTI (2005), p. 5960.
CE 6 December 2002, Sahin, no. 206277.
CE 6 October 1999, M. Bafandi, no. 186082.
CE 11 March 2002, Abdelli, nos. 222137222258.
On the basis of Article L. 761-1 of the French administrative law (Code de Justice Administrative).
See for example CE 6 December 2002, M. et Mme. Amouche, no. 238288; CE 15 November
2006, M. A et Mme A, no. 276829; and CE 27 November 2006, M. et Mme A, no. 298660.
See also GISTI (2006), p. 29.
CE 10 November 2006, Mbow, no. 298272.
376
Chapter 11
181
182
183
France
377
this requires that checking the accuracy of the SIS report should be performed
in close coordination with the other data protection authorities. The French
administrative court found that, where the CNIL only relied on this single
answer from the German authorities and had not asked for further information
to support this answer, it had failed to act in accordance with the criterion of in
close coordination. Therefore, the decision by the CNIL whereby the applicant
was informed that his procedure had been closed, was annulled.
Notably, in this procedure, the claim against the French government was
dropped because the applicant had been informed by the French Minister of the
Interior, one year after the rst decision by the CNIL, that this alert would be
blocked (suppression) for the French part of the SIS.
7.6.3. Power of Foreign Data Protection Authorities
In a decision of February 2006, the Conseil dtat dealt indirectly with the powers
of national data protection authorities to order foreign authorities to delete a
wrongful SIS alert. This case concerned the case of Mr. Cherney, an Israeli
national living in Israel, reported by the French authorities in the NSIS.184
On the basis of this French alert, the applicant had been refused entry to French
territory in 2000. In 2004, a visa had been refused by the Austrian authorities.
The applicant appealed against both negative decisions. In 2001, the decision of
the refusal of entry was annulled by the administrative court of Cergy-Pontoise.
The claim by Mr. Cherney before the Conseil dtat concerned the fact that the
CNIL failed to reply for more than two months to his request to have his data
rectied in the SIS. In its decision, the Conseil dtat considered the possibility
that the applicant had been reported in the NSIS on national security grounds
and that these grounds could not to be communicated to the applicant. However,
the Conseil dtat concluded that, during the procedure, it had not been provided with sucient information by the CNIL to assess the reasons for the SIS
report in question, nor with the opportunity to assess the lawfulness of the refusal
of the CNIL to rectify or delete the data in question. Therefore, the CNIL was
ordered to provide this information within two months.
The reason I mention this judgment by the Conseil dtat at this point is because
it handled an earlier decision by the Austrian Data Protection Authority, declaring
the French alert unlawful. In this decision, the Austrian Data Protection Authority
ordered the French authorities to delete the alert concerning this person. This
caused a small diplomatic uproar and the French authorities refused to delete the
data from the SIS. The Conseil dtat refers in its judgment to the decision of the
Austrian Data Protection Authority only with regard to the question of whether
184
378
Chapter 11
such an earlier decision could give grounds for concluding that the French alert
was unlawful. The Conseil dtat refers, for this question, to the rule in Article 106
CISA, according to which a national data protection authority, if it considers a
SIS report by a foreign country erroneous or unlawful, may issue advice to foreign
authorities. According to the Conseil dtat, this advice, dealing with a French
alert, may possibly be grounds for these authorities to give an order to the French
authorities; however, this order does not inuence the lawfulness of the refuted
decision.185 Unfortunately, the Conseil dtat does not refer to the meaning of
Article 111 (2) CISA, on the basis of which Schengen States are obliged to enforce
the nal decisions of courts or authorities dealing with individual SIS alerts (see
Chapter 7, section 8.4).
8. Conclusions
8.1. Implementation of Article 96 CISA
French statutory law does not provide a detailed regulation implementing the
Article 96 criteria for the registration of third-country nationals in the NSIS.
In general, there are three categories of decision on the basis of which a thirdcountry national may be reported in the NSIS for the purpose of refusal of entry.
Firstly, this report may be based on a courts decision including a formal residence ban (interdiction du territoire franais). Secondly, this may be based on an
expulsion decision issued by the local prefecture or the Ministry of the Interior.
This decision is generally based on an illegal stay or the withdrawal of a residence
permit from the person concerned. Thirdly, a SIS report can be based on a decision to prohibit entry by the Ministry of the Interior, based on public order
grounds. The criteria used for taking these decisions are not public and, in the
latter category of decisions, even secret. This lack of information makes it dicult to obtain a clear picture of the reasons why third-country nationals may be
reported as inadmissibles by the French authorities. It is also dicult to nd out
whether, with regard to the second category of decisions, the dierent prefectures
in France all apply the same criteria. From the available information, it cannot be
deduced that the French administration applies a strict interpretation of the
criteria as mentioned in Article 96 CISA.
Since 2001, the French government has been developing large information
systems, allowing for the use of biometrics and the networking of dierent
185
que si lavis de la Commission dinformation et des liberts dAutriche en date du 7 juin 2005
est ventuellement susceptible de fonder, sagissant dun signalement franais, une saisine des
autorits franaises par les autorits de ce pays, il na pas, par lui-mme, dincidence sur la lgalit
de la dcision attaque.
France
379
186
This latter assumption however seems unlikely because, as we have seen above, almost twothirds of the applicants requesting verication of their data were not registered in NSIS.
380
Chapter 11
France
381
it was not competent to assess whether the decision forming the basis for the
foreign SIS report is in accordance with the law of the reporting state.
With regard to the scope of review of the CNIL, in 2004 its position was
weakened by an amendment to the LIFL, on the basis of which the CNIL no
longer has an approval role with regard to the establishment of government les
in the interests of state security, defence and public order, or for the purposes of
criminal investigation and prosecution or security.
8.3.4. Competences
The recognition by the Conseil dtat of the inherent power of the national courts
to demand further information from the French administration concerning the
reasons for a SIS alert is important. If these authorities do not provide the court
with this information or the court nds this information insucient, this may
be grounds for annulling the refuted decision.
In general, procedures against an expulsion order will suspend the refuted
decision for the rst 48 hours. An important limitation regarding the right to
legal remedies against decisions based on a foreign SIS alert is that this remedy
has no automatic suspensive eect if this alert is based on a foreign expulsion
decision. This is based on what I believe to be the wrongful presumption of the
French government that these foreign reports are to be considered nal decisions
and that the person concerned could have lodged an appeal in the country forwarding this report. A third-country national, threatened with expulsion on the
basis of such a SIS alert, could invoke the suspensive remedies as provided under
administrative law. However, French courts apply strict criteria with regard to
the required urgency for the use of this procedure.
French administrative courts may condemn the State to repair damage which
is caused by unlawful measures or decisions, including decisions based on SIS
alerts. The Conseil dtat used this power on a regular basis when dealing with
unlawful visa refusals.
Due to the large workload of the CNIL and the lack of sucient nancial and
personal resources, it is questionable whether this organisation is able to perform
its supervisory function very actively with regard to the NSIS. An important
tool used by the CNIL is the power to issue nes up to a maximum of 300,000
if a data processing authority acts in breach of the rules of the French Data
Protection Act. To my knowledge, this power has not yet been used with regard
to SIS alerts. In general, we have seen that it is dicult for third-country nationals to assert their rights to (indirect) access because of the lengthy procedures
before the CNIL. Particularly in the case of third-country nationals threatened
with expulsion based on information stored in the NSIS, the road to the CNIL
will often prove ineective. These persons may have been long expelled before it
is established whether the NSIS data are wrong or unlawful.
Chapter 12
Germany
Nur durch die Lschung unzulssig gespeicherter Daten kann sicher gestellt
werden, da diese Informationen nicht in fr den Betroenen negativen
Entscheidungen bercksichtigt werden. Angesichts des strengen rechtlichen
Bindungen, denen die Auslnder unterworfen sind, wre es im Interesse der
Waengleichheit unverantwortlich, die wenigen datenschutzrechtlichen Regelungen
auer Acht zu lassen, welche die Auslnderverwaltung frmlich binden.1
1. Introduction
As one of the initiators of the Schengen Agreements, Germany played an important role in the development and the architecture of Schengen, especially the
Schengen Information System. During the negotiations, the German government was, on the one hand, urged by their police organisations to seek the further
development of international judicial and police cooperation, including the sharing of information. On the other hand, German data protection authorities and
specialised lawyers urged the German government to support the inclusion of
data protection rules in the draft Convention Implementing the Schengen
Agreement (hereafter CISA). As we have seen above, this only happened in a late
stage of the negotiations.
It is not easy to describe the implementation of the CISA in Germany and,
especially, the practical operation of the NSIS and the registration of thirdcountry nationals, because of the federal structure of Germany. The authorities
in the dierent German states (Lnder), including police forces and data protection authorities, function quite autonomously. Providing a complete picture of
the German implementation of Schengen law would require thorough research
of data and case law in each of the German Lnder. The following sections should
not be considered such a complete overview. They will give, rst and foremost,
384
Chapter 12
a general description of the general rules and principles which are applicable
throughout the federal state. From the laws and the case law I have found,
I will try to deduce general rules on the registration and use of data concerning
inadmissible aliens in the NSIS, especially concerning their legal protection.
Despite the fact that the autonomy and multitude of the organisations involved
render it more dicult to draw general conclusions, the federalisation of German
law and administration has also its advantages for this research. As we will see
in the following sections, the annual reports by the dierent Data Protection
Authorities of the German provide us with considerably more information on
the practical and legal issues of the NSIS, compared to the reports of their
centralised counterparts in France and the Netherlands.
Law on the CISA 15 July 1993, Bundesgesetzblatt (Federal Law Gazette, hereafter BGBl.)
1993 II, p. 1010 . Entry into force notied on 20 April 1994, BGBl. II, p. 631.
This includes the Bundestag and Bundesrat. However, when referring below to Parliament,
I will generally mean the Bundestag only.
Parliamentary questions: Bundestag Drucksache 11/3104, 12.10.1988; answers by the federal
government: Bundestag Drucksache 11/3594, 30.11.1988.
Germany
385
Schengen, other members of parliament were able to quote from the draft
provisions of the CISA.5
The debate in the Federal Parliament became more lively in 1989, after the fall
of the Berlin Wall. This event, on 9 November 1989, was the reason for postponing the signature of the CISA. Members of the German parliament pressed their
government not to sign the CISA in December 1989 before the issues with regard
to its application in the former DDR had been resolved. Without extending the
application of the CISA to the territory of the former DDR, former DDR nationals would still need a visa to enter the Schengen territory. Initially, the other
Schengen partners did not accept the German proposal to attach a statement,
implying that the former DDR would not be considered a third country with
regard to the application of the CISA by (West) Germany.6 But, in May 1990, the
German government was able to inform its parliament that the other partners had
agreed to lift the visa requirement for DDR citizens and to postpone the entry
into force of the CISA until the date of the formal reunication of Germany.
When it was nally signed on 19 June 1990, the CISA was the rst international
treaty which recognised the reunication of the former East and West Germany.
New and more in-depth discussions with regard to the content and consequences of the Schengen cooperation took place during the parliamentary
debate on the act to ratify the CISA on April 1992.7 An important and controversial issue dealt with during these debates was the proposed amendment of
the right to asylum as protected in the German Constitution (Grundgesetz).
There was clear tension between, on the one hand, former Article 16 of the
German Constitution which protected the right to asylum and the duty deriving from this right to consider every asylum application and, on the other hand,
the one-chance only principle which was included in the CISA.8 A draft proposal to amend the German constitutional right to asylum resulted in long and
tense parliamentary discussions on the values of the German asylum policy.9
See the request from the Greens: Bundestag Drucksache 11/5245, 26.09.2989, and the parliamentary debate of 18.09.1989, 11/12277.
Frankfurter Rundschau, 14.12.1989, Bonn will DDR bei Unterzeichnung des Schengener
Abkommens mit einbeziehen. FAZ 16.12.1989, Kohl will Schengener Zusatzabkommen im
Frhjahr unterzeichnen.
Gesetz zum Schengen bereinkommen, Bundestag Drucksache 12/2453, Bundestag Drucksache,
12, Wahlperiode, 89 Sitzung, Bonn, 30 April 1992.
See, for an extended review of the consequences of this Europeanisation on German and French
asylum policies: S. Lavenex, The Europeanisation of Refugee Policies. Between human rights and
internal security, Aldershot, Hampshire: Ashgate 2001, see p. 154 .
Draft proposal, Amendment Article 16 of the Constitution, Bundestag Drucksache 12/2112,
18 February 1992.
386
Chapter 12
10
11
12
See Bundestag Drucksache 12/160. The draft bill was published in Bundestag Drucksache
12/4152.
Stellungnahme von Amnesty International zum Gesetzentwurf des Bundesregierung zu dem
Schengener bereinkommen vom 19 Juni 1990. Letter of 27.03.1992.
Bundestag Drucksache 12/14034, 17.6.1993.
Germany
387
13
14
15
388
Chapter 12
should apply as minimum standards. Finally, the SPD members emphasised that
there should be no exchange of information though the NSIS before these data
protections standards had been implemented. The parliamentary members of the
other parties and the representative of the Government described these proposals
by the SPD as outdated. The proposed standards were based on the conclusions
of the meeting of the data protection authorities of Germany, France, and
Luxembourg in March 1989. Therefore, the other parties argued, they had
already been taken into account by the Schengen negotiators.16
Another important issue during the debate on data protection standards, as
well as during the debate on the ratication act of the CISA in 1993, were the
concerns of the German members of parliament with regard to the level of data
protection in the other Schengen states. One member referred to the fact that
Belgium had no data protection law at all and Luxembourg and the Netherlands
no law on police les.17 The fact that Schengen implied that the other Schengen
states were obliged to adopt data protection laws as well, was considered an
important positive side-eect of the Schengen cooperation.18
In October 1989, during a conference of the Federal Data Protection
Commissioner and the data protection authorities of the Lnder, these authorities expressed their concerns with regard to the level of data protection in the
CISA applicable to the conventional exchange of personal data, taking place
outside the scope of the NSIS.19
It is interesting that, during the ratication debate in 1993, a member of the
liberal party, Wolfgang Lder, expressed his concerns about the plans of the
German Minister of the Interior to establish an automated border control
mechanism.20 He quoted from the annual report of the Federal Data Protection
Authority in which the Ministers plans were cited. These plans would include
the inclusion of biometric data in travel documents. Lder made it clear that
central police registration at the borders, including data on the movement of
travellers, would be unacceptable to the liberal party. Ten years later, politicians,
including the liberals, were less reluctant towards the use of central databases and
biometrics at the borders.
The German parliament discussed the NSIS only occasionally once it had become
operational. In 1997, based on the rst report of the Joint Supervisory Authority,
16
17
18
19
20
Germany
389
members of parliament questioned the functioning and especially the lack of a legal
basis for the SIRENE organisation.21
2.3. SIS II
To my knowledge, before 2004, the German parliament did not make any
substantial inquiry into the development of the second-generation SIS. In
1999 and 2001, the German parliament was informed of the development of
SIS II in the annual reports of the Federal Data Protection Commissioner.22
However, the questions and concerns raised in these reports were not followed
by parliamentary questions.
In November 2004, the German government was questioned not only about
the exchange of information between internal security agencies in the EU, but
also on the future development of the SIS.23 These questions concerned the
content of political discussions at EU level with regard to SIS II and, especially,
the proposals on the interoperability and synergy between SIS II and VIS. The
questions about SIS I and SIS II concentrated on the possibility of increasing the
eciency of SIS II, but did not deal at all with the current deciencies of SIS I or
the legal protection of data subjects.
In March 2006, members of the German parliament referred to the lack of any
substantial debate with regard to the development of SIS II.24 Quoting from the
reports of the German data protection commissioners (see below), they expressed
their concerns about the current problems with regard to the reliability of the
information in SIS II and the lack of data protection rules. Answering these questions, the government forwarded data on the current use of SIS, including the
number of reports registered by the German and other Schengen authorities in
the SIS, the number of hits and the number of terminals in Germany giving the
authorities access to the SIS. In these answers, the government stressed that SIS II
would remain basically a search tool (Fahndungssystem) and denied that the current goal of SIS would be changed by the development of SIS II. According to the
government in this same response, the right to data protection and informational
self-determination (see below) would be suciently guaranteed.
21
22
23
24
390
Chapter 12
26
27
With the Immigration Act of 30 July 2004 (Zuwanderungsgesetz) the former Aliens Act
(Auslndergesetz) was replaced by the Residence Act (Aufenthaltsgesetz). BGBl. 2004, Teil I, nr.
41, 5 August 2004. The full title of the Immigration Act 2004 is: Act to control and restrict
immigration and to regulate the residence and integration of EU citizens and foreigners.
An ocial English translation of this law is available at http://www.bmi.bund.de.
Law changing the name of Bundesgrenzschutz into Bundespolizei, 21.06.2005, BGBl. 2002,
I, p. 1818.
No ocial publication available: published in G. Renner (introduction) Verwaltungsvorschriften
zum Staatsangehrigkeits- und zum Auslnderrecht, Baden-Baden: Nomos Verlaggesellschaft
2001, p. 575 .
Germany
391
28
29
30
392
Chapter 12
31
32
Germany
393
33
34
35
394
Chapter 12
36
37
38
Germany
395
39
40
41
396
Chapter 12
were registered in the NSIS for oences which occurred more than ten years ago
and for reasons which were not envisaged in the CISA. As a result, Germany was
for a long time responsible for the majority of data in the NSIS, compared to the
other Schengen states. On 1 January 1997, of the 536,022 Article 96 reports in
the SIS, 444,019 were submitted by German authorities.42 A large clean-up
operation was performed by BKA in 1997. This resulted in the deletion of
207,000 records on third-country nationals to be refused entry and, on 1 January
1998, of the 603,497 reports in the NSIS, only 289,993 came from the German
authorities.
Another, smaller clean-up operation took place in 1998 on the basis of the
three-year time limit of Article 112 CISA, which forced the German authorities to
check the need for further storage. This and further clean-up operations after 1999
resulted in a further decrease in German reports on third-country nationals in the
NSIS. On 1 January 2005, 176,392 reports on third-country nationals were
reported in the NSIS by the German authorities.43
3.4. Authorities with Access to NSIS Data
According to the annual report from the SIRENE Working Party to the Council,
the following German authorities are authorised to have direct access to the category of Article 96 CISA (data on third-country nationals to be refused entry):
the police forces of the Lnder ;
the Federal Criminal Police Department (BKA);
the Federal Police (former Border Guard or Bundesgrenzschutz);
the immigration oces of the Lnder;
the Federal Oce for the Recognition of Foreign Refugees (Bundesamt fr die
Anerkenning Auslndische Flchtlinge, or BAMF);
the diplomatic and consular posts; and
the parliamentary committee on police and security matters.44
In 1998, the German authorities consulted the NSIS 65 million times; 52%
were accounted for by the German border police.45 In 2000, 14,000 police agencies had access to the NSIS, performing more than 5 million checks each month.46
In 2005, according to information submitted by the government to the parliament,
42
43
44
45
46
Germany
397
47
398
Chapter 12
Article 5 of the CISA. This means that the refusal of entry based on an Article 96
(3) alert is only imperative if it is based on the re-entry ban of 11 (1) of the
Residence Act. This is also laid down in 5.1.3.1 AAH-SD.
3.6.2. Expulsion of Aliens on the Basis of an Article 96 CISA Hit
Based on the rather complicated regulation of 5.1.3.2 and 5.1.3.3 AAHSD, a third-country national can only be directly expelled on the basis of an
Article 96 (3) alert by German authorities. A person cannot be immediately
expelled on the basis of 96 (3) alerts which are reported by other Schengen
States, nor on the basis of Article 96 (2) alerts reported by German and foreign
authorities. This means that, in these latter situations, a German ocial can
only remove or refuse this person entry at the borders (Zurckschiebung) but not
expel him once he is in the country. In these situations, the German ocial will
have to issue a separate administrative decision. The BKA has criticised this regulation (which only applies in Germany), since this would mean that German
ocers whenever they obtain a hit in the SIS on a person during a check
within the German territory cannot expel this person immediately. In the
situation where persons have been reported to the NSIS by German authorities
on the basis of 96 (2), they will also be stored for the purpose of arrest in
INPOL. So, in this situation this problem would not arise.
3.6.3. Article 96 Hits and Visa Applications
Based on 6 of the German Residence Act, a visa can only be issued if the applicant meets (among other things) the requirements of the CISA. This means,
in accordance with Article 5 CISA, if the person has been recorded in the NSIS for
the purpose of refusal of entry, embassies and consular posts are obliged to refuse
this person a visa. Each visa application is checked against data stored
in the AZR and in the NSIS on the basis of Article 96 CISA. German consulates
and embassies have no on-line access to the NSIS.48 Every visa application is
through a German electronic network, submitted to the Ministry of Foreign Aairs
and from this organisation to the Federal Administration (Bundesverwaltungsamt).
This organisation, responsible for the Central Aliens Administration or the AZR
(see below), will check by consulting the AZR, as well as the SIS and other databases such as the German police le INPOL, whether the person in question is
reported as inadmissible. If the person is reported as such, this information will be
forwarded to the consulate or embassy involved. On the basis of this information,
the visa application will be automatically rejected without further inquiry.
48
Germany
399
49
50
51
52
53
Gesetz ber die Errichtung des Bundesverwaltungsamtes, BGBl. I, p. 829, 6: The Federal
Administration Oce holds for the purpose of the administration the Central Administration
on Aliens [AZR] on the aliens residing in Germany.
Bundestag Drucksache 10/5859, 16.07.86.
BGBl. I, 2265; Bundestag Drucksache 12/6938, 12/7520. Further rules are included in
Verordnung zur Durchfhrung des AZR-Gesetzes (AZRG-DV) vom 17. Mai 1995 (BGBl. I,
p. 695) und der Verwaltungsvorschrift zum AZR-Gesetz (AZR-VV) vom 4. Juni 1996 (GMBl.
1996, p. 334).
A. Schriever-Steinberg, Das Auslnderzentralregistergesetz, NJW 1994, Heft 50, p. 3276 and
Th. Weichert, Auslndererfassung in der Bundesrepublik. Die informationellle Sonderbehandlung
von Immigrantinnen und Flchtlingen, Brgerrechte & Polizei-CILIP 45 (2/1993).
9 and 10 March 1994, http://www.lfd.m-v.de/beschlue/ent47.html.
400
Chapter 12
57
58
Germany
401
59
60
61
62
According to the Federal Data Protection Commissioner in its 20. Ttigkeitsbericht 20032004
para. 6.1.4. I found no further information on this procedure.
Case C-524/06, Heinz Huber v. Germany.
BGBl. 2002 I, 361. This law entered into force on 9 January 2002. See, for a general overview of
this legislation: E. Brouwer, Germany: Controlling Data, in: Brouwer, Catz & Guild (2003),
p. 27 . See also: U. Davy, Immigration, Asylum, and Terrorism: How do they relate in
Germany?, in: Baldaccini & Guild (2006), p. 177 .
Speech of 16.10.2001, cited in the position of the German Data Protection Association of
25.09.2001.
402
Chapter 12
63
64
This new provision has been described as a useless, even dangerous provision by Th. Weichert,
Datenschutz fr Flchtlinge nach der Anti-Terror-Gesetzgebung, Asylmagazin 4/2002, p. 49.
German Data Protection Association (Deutsche Vereinigung fr Datenschutz) with relation to
the provisions in the draft TBG, which especially relates to the data protection of foreigners,
15 November 2001.
Germany
403
66
67
68
19 of the implementing rules to the AZRG (Verordnung zur Durchfhrung des Gesetzes ber
das Auslnderzentralregister - AZRG-DV), Act of 14.10.2005, I 2982.
See the 20th Report of the Federal Data Protection Commissioner, 20032004, para. 6.2.4.
19th Report 20012002, Federal Data Protection Commissioner, p. 41.
Literally, Rasterfahndung means raster or grid search. Based on the assumption that specic criteria apply to the searched person or group of persons, information on large numbers of persons
is further reduced by deleting those persons who do not meet all of these criteria.
404
Chapter 12
69
70
Germany
405
71
72
73
406
Chapter 12
74
75
76
77
Germany
407
78
79
80
81
82
408
Chapter 12
83
84
Germany
409
The Court concluded that such a measure could only be justied on the basis of
a specic threat of an attack which would cause substantial harm, where the
threat is based on concrete facts. Finally, the German Constitutional Court found
that the general situation of threat prevailing since the events of 11 September
2001 or the threat of terrorist attacks apparently caused by current foreign policy
positions or military operations were not sucient reasons to justify this practice
of data proling.
4.4. Biometrics and Border Control
Long before the discussions started at EU level, the use of biometrics for the
purposes of identity and immigration control was already on the agenda of the
German government. In 1993, during the discussions in the German Parliament
with regard to the NSIS, a member of the Liberal Party (FDP) refers to the plans
by the German Minister of the Interior to establish partly automated border
control (teilweise automatisierten Grenzkontrolle).86 These plans were to include
the use of biometric data (ngerprints and length of hand) in travel documents,
to be stored in a database.87 Since that time, the use of biometrics has regularly
reappeared on the German political agenda. After the terrorist attacks in the US
and, later, in Madrid and London, the former Minister of the Interior, Mr. Schily,
pursued a dynamic approach to the projects involving the use of biometrics for
security purposes. For example, the insertion of biometric data into the residence
permit was envisaged in the new Residence Act of 2004. Based on Article 78 (3)
of the Residence Act, a residence permit may include: a photo, biometric
85
86
87
Para. 110112. Translation Claire Singleton (Die Rasterfahndung begrndet fr die Personen,
in deren Grundrechte sie eingreift, ein erhhtes Risiko, Ziel weiterer behrdlicher
Ermittlungsmanahmen zu werden. Dies hat etwa der Verlauf der nach dem 11. September 2001
durchgefhrten Rasterfahndung gezeigt. () Ferner kann die Tatsache einer nach bestimmten
Kriterien durchgefhrten polizeilichen Rasterfahndung als solche - wenn sie bekannt wird - eine
stigmatisierende Wirkung fr diejenigen haben, die diese Kriterien erfllen. () So fllt etwa
fr die Rasterfahndungen, die nach dem 11. September 2001 durchgefhrt wurden, im Hinblick
auf deren Eingrisintensitt ins Gewicht, dass sie sich gegen Auslnder bestimmter Herkunft
und muslimischen Glaubens richten, womit stets auch das Risiko verbunden ist, Vorurteile zu
reproduzieren und diese Bevlkerungsgruppen in der entlichen Wahrnehmung zu
stigmatisieren.)
Wolfgang Lder (FDP) in Deutscher Bundestag, 12. Wahlperiode, 163. Sitzung Berlin, 17 June
1993, 14016.
See also 14th Report of the Federal Data Protection Commissioner.
410
Chapter 12
data: ngerprints, hands or face and possibility of encrypted storage. The use of
an automatic reading zone (including data on name, date of birth, gender,
nationality and residence permit) allows the German authorities to record, transmit and use these data from the automatic reading zone in the performance of
their tasks.
On 12 February 2004, the Minister of the Interior launched a pilot project on
automatic border control supported by the use of biometrics.88 The purpose of this
project, for which 8,600 persons volunteered, was to check the reliability of iris recognition for verication and identication purposes. With regard to the latter, the
test was also intended to check whether the inclusion of biometrics in travel documents could be used to search for wanted persons recorded in police les, such as
INPOL and the NSIS. In 2005, a pilot project was launched with regard to the use
of biometrics at the German embassies and consular posts abroad.
The German parliament (Bundestag) agreed in May 2007 with the amendment
of the German passport law (Passgesetz) providing for the registration of biometrics into the German passports.89 During the parliamentary discussions, the
government and its coalition parties justied this proposal by stressing the obligation to implement EC law on biometric passports. They did not mention that
during the negotiations at the EU level, it was the German government which
actively supported the use of biometrics. Because of general objections in German
policy against the central storage of biometric data, the amended passport law
explicitly provides that the passport data will not be stored into a central, federal
database. The digital photographs and ngerprints only will be inserted into the
chip included in the passport. Furthermore, the amended text provides that only
in emergency cases, law enforcement authorities will have online-access to the
passport data (Eilfall ).
88
89
Germany
411
Wird jemand durch die entliche Gewalt in seinen Rechten verletzt, so steht ihm
der Rechtsweg oen. Soweit eine andere Zustndigkeit nicht begrndet ist, ist der
ordentlichen Rechtsweg gegeben ().
90
91
92
412
Chapter 12
The Constitutional Court set this argument aside as irrelevant, stating explicitly
that the right to oer the court the possibility of access to the information during
the judicial process had nothing to do with data protection rights or the right to
self-determination, but everything to do with the applicants right to eective
judicial protection.
Finally, the Constitutional Court stressed, in its case law the importance of the
possibility for courts to grant a temporary injunction (vorlugen Rechtschutz93 or
zeitgerechten Rechtschutz94). According to the Court, this should as far as possible
eliminate the risk of irreparable damage being caused by the immediate execution
of the administrative measure.
Another important provision in the German Constitution is Article 103 (1),
which states that everybody has the right to be heard before a court.95 This provision and the general rule in Article 19 (4) are the basic principles with regard
to the right to eective remedies and have been further developed in the jurisprudence of the Federal Administrative Court and other courts.96 The criteria
developed on the basis of these principles are also relevant to immigration and
data protection law.
5.2. The Klass Case Before the German Constitutional Court
As we saw in Chapter 6, in the Klass judgment of 1978 the ECtHR dealt with
the relationship between the right to privacy as protected in Article 8 ECHR
and the interests of the State to protect internal security. Before this case was
brought before the Strasbourg Court, the German Constitutional Court was
questioned in 1970 on the legitimacy of the disputed legislation on eavesdropping. This practice was based on an amendment to the German Constitution of
1968, permitting wiretaps and other interferences with private letters and telephone conversations, if necessary to combat foreign and domestic enemies.97
The amendment stipulated that recourse to the courts shall be replaced by a
review of the case by bodies and auxiliary agencies to be appointed by parliament. A constitutional complaint regarding this amendment was forwarded
by several German citizens, among them a senior state prosecutor, Gerhard
Klass.98 These applicants complained, rstly, about the lack of judicial review
93
94
95
96
97
98
Germany
413
99
100
Paras. 2728.
BVerfGE 92, 2777 .; BVerfG 65, 1 [44], BVerfG 23, 1333.
414
Chapter 12
101
102
103
104
K. Hailbronner in: J.A. Frowein, Torsten Stein (eds.), Die Rechtsstellung von Auslndern nach
staatlichem Recht und Vlkerrecht, Berlin/Heidelberg: Springer Verlag 1987, Teil 1, p. 387.
Act of 21 January 1960, BGBl. 1960, 17.
BGBl. I 1976, 1253.
See for a general description: H. Maurer, Allgemeines Verwaltungsrecht, Mnchen: Beck 2002.
Germany
415
105
106
416
Chapter 12
right to submit a claim on the basis of 123 VwGO. This has been conrmed by
the administrative court of Giessen, when granting a temporary injunction on
the basis of 123 to ban the further communication of data concerning the
applicant by the university to the police.107 Since there was no (public) administrative decision allowing this communication of data, the applicant had no
possibility of lodging an application against an administrative act itself.
5.5. Applicability of 6 ECHR
In a decision of 2002, the Federal Administrative Court (Bundesverwaltungsgericht)
emphasised the applicability of the criteria of Article 6 (1) ECHR on eective
remedies in procedures based on asylum and immigration law.108 The case concerned a Turkish Kurd threatened with expulsion to Turkey after his asylum request
had been rejected. The applicant claimed that this constitutional right to be heard
had been breached during the procedure before the German Court of Appeal. The
case dealt with the question of whether the applicable German rules on accelerated
procedure required the applicant to have been orally heard. The Federal
Administrative Court referred, in its conclusion, to the explanatory memorandum
of the legislator to the new amendments to this procedure. In this explanatory
memorandum, it was explicitly stated that the criteria of Article 6 ECHR apply.
The Court concluded that German administrative procedural laws had to be interpreted in accordance with this Article 6 ECHR orientation by the legislator. For
this interpretation, it was irrelevant whether the procedure dealt with civil rights
or not. Since the higher court in this case reached a decision without giving the
applicant the opportunity to submit to oral examination, the decision was in
breach of the applicable rules.
107
108
109
Germany
417
protection laws took place between 1970 and 1992. As we saw in Chapter 7, the
Hesse law of 1970 was actually the rst data protection law in Europe.
The Federal Data Protection Law, amended in December 1990, included a
more practical application of data protection rules by reducing the administrative
obligations compared to the rst law.110 In 2001, the Federal Data Protection Law
(Bundesdatenschutzgesetz 2001, hereafter BDSG 2001) was amended again, this
time as a result of the necessary implementation of the EC Directive 95/46.111
Unlike the Dutch history of data protection law, in Germany the right to
privacy was never considered the starting point for this eld of legislation. The
right to privacy played an important role with regard to the balancing of
interests, but was not seen as an appropriate basis for a general and preventive
regulation, such as data protection rules.
6.2. Constitutional Right to Informational Self-determination
6.2.1. The Mikrozensus Urteil
In the Mikrozensus Urteil of 1969, the Constitutional Court ruled for the rst
time on the constitutionality of the federal law on the census population.112
In 1960, this law was amended to require additional information on vacations
and recreational trips by household residents. A person, who had been ned
100 DM for refusing to supply his information, lodged a constitutional appeal
with the Constitutional Court. He contested in his claim that this compulsory
disclosure of private information, even if for statistical purposes, violated his
constitutional right to human dignity under Article 1 of the German Constitution.
In this judgment, the Constitutional Court gave its famous denitions of inner
space or Innerbereich of the right to self-determination, not to be intruded upon
by the state. Dealing with the collection of the information described above, the
Court however held that this did not aect the most intimate realm into which
a state may not intrude.
6.2.2. The Volkszhlungsurteil
Fourteen years later, the Constitutional Court dealt again with the German census
act in its judgment of 15 December 1983, the so-called Volkszhlungsurteil.113
The population census, as envisaged in this Act and to be held in 1981,
110
111
112
113
418
Chapter 12
caused a general protest movement. Unlike the situation at the time of the
Mikrozensus Urteil, information technology had developed. As in the Netherlands
ten years later, the combination of a general overall collection of personal information from the population, combined with the extensive use of computers, caused
a general feeling of concern. The extended possibilities of the use of information
technology also played an important role in the considerations of the Court. The
case concerned the collective claim before the Constitutional Court of a group of
persons, including lawyers, against the new German Act on the population census
which was adopted on 25 March 1982.114 The claimants argued that the implementation of this law would be in breach of their general right to privacy (allgemeines Persnlichkeitsrecht) as protected under Article 2 (1) in conjunction with
Article 1 (1) of the German Constitution. The applicants claimed, among other
things, that the law did not adequately guarantee that the information collected for
statistical purposes would be stored anonymously and remain so, taking into
account the new possibilities of modern information technology. They further
argued that the provisions of this law, which included the possibility of forwarding
the data collected for other purposes, was in breach of the constitutional principle
of legality (verfassungsrechtliches Bestimmtheitsgebot). The Constitutional Court only
conrmed the latter claim, but did not consider the general aim and purposes of
the Volkszhlungsgesetz in breach of the Constitution. Nevertheless, these specic
considerations in which the Court described the scope and value of the general
right to privacy have been extremely important for subsequent developments with
regard to the rights of data subjects.115
First of all, the Constitutional Court armed in this case that data protection
or the right to informational self-determination (informationelles Selbstbestimmungsrecht) based on the general right to privacy (Persnlichkeitsrecht) is a constitutional right. The Court derived the right of individuals to be protected from
unlimited collection, storage, use, and transmission of personal data as a condition
of the development of his or her free personality under the modern conditions of
data processing directly from the rights as protected in Article 2 (1), in conjunction
with Article 1 (1), of the German Constitution.
Secondly, the Court described in a clear and comprehensive way the new
relationship between individuals and their government resulting from the
extended powers of the latter, based on the use of information technology. The
Court pointed out certain general problems or risks resulting from the use of
information technology and the gathering of personal information. These considerations are still valid, or even more so, with regard to current developments.
114
115
Germany
419
For example, the Court emphasised that, the use of networks, information
shared by dierent authorities, could lead to the situation that individuals have
no control on the use and accuracy of their data. The Court further referred to
the danger of building integrated information systems using which an overall
personality picture (Persnlichkeitsbild ) could be compiled of individuals, without giving this individual the opportunity to check the accuracy or use of this
picture. In Chapter 7, section 4.1.1, I already cited the important paragraphs in
which the Constitutional Court referred to the risk of an individual who, knowing that his participation in an assembly or civil action could be registered by the
government, will refrain from exercising his constitutional rights. This eect
would not only aect the individuals chances of development, but also the common well-being: according to the Court, self-determination is a prerequisite for
a free democratic society, based on its citizens freedom to act and cooperate.
Thirdly, the judgment is important because, recognising that the right to
informational self-determination is not unlimited, the Court dened specic
guarantees which should be oered by the legislature, including organisational
and procedural measures designed to safeguard the individual from infringement
of his right to personality. One of these guarantees is the prohibition, as formulated by the Court, on collecting personal information by anticipation or stockwise if these data are to be used for non-statistical purposes (Verbot der Sammlung
personenbezogener Daten auf Vorrat).
Finally, by emphasising the need for procedural and organisational guarantees
and for restricting the multifunctional use of information, the Court dened the
function and importance of data protection law. Although Germany already had
its Data Protection Law of 1977, the considerations of the Constitutional Court
urged the legislator to look more closely at the provisions applicable to data
processing in the public sector.
6.2.3. The Duty of Immigration Oces to Keep Complete Files
In the same year as the Volkszhlungsurteil, the Constitutional Court dealt with a
claim with regard to les on aliens kept by the immigration oces.116 The case
concerned the claim by a group of persons whose application for deletion and
destruction of their les had been denied. These les were, unlike the AZR, not
computerised, but kept in paper les. According to the Court, the constitutional
rights of aliens would not be endangered by this use of the les. The Court did
not consider that retaining these les required a special legislative basis, since this
task could be derived from the general supervisory task of the immigration
116
BVerfG, Decision of 6 June 1983, 2 BvR 244, 310/83. Published in NJW, 1983, Heft 38,
p. 2135.
420
Chapter 12
117
118
119
Germany
421
applies to ocials both at Federal level and at the level of the Lnder. Based on
this principle, ocials can be required to provide each other with (personal)
information if available. In fact, this (old) German principle of mutual aid can
be compared to the principle of availability which has recently been introduced
at EU level for cooperation between criminal prosecutors. It emphasises the
importance of sharing available resources within the public administration.
In contrast to Amtshilfe, we nd the principle of the informational division of
powers or informationelle Gewaltenteilung. This principle is especially supported
in literature dealing with the purposes of data protection law.120 In the 1980s, the
German commentator Podlech supported a general ban on public authorities
using information which transgressed their functional borders or powers.121
Although this informational division of powers has never been implemented or
accepted in its strict meaning, the importance of decentralising informational
powers is emphasised both in German literature and by the courts. For example,
the German Constitutional Court stressed the importance of a clear and legal
distinction between statistical administration and other public administrations,
preventing information collected for a specic purpose only from being used or
transferred by other authorities as well, for other purposes. The Court explicitly
stated that if non-anonymous personal information gathered for statistical purposes were to be transferred for administrative purposes, this would be an unacceptable infringement of the individual right to informational self-determination.
Therefore, without abandoning the principle of administrative cooperation or
Amtshilfe, individuals should be protected against alienation of purpose or
Zweckentfremdung by prohibiting the transfer or the further use of data.122
The dicult relationship between the principle of Amtshilfe on the one hand
and the principles deriving from data protection law on the other hand is illustrated in the judgment of the administrative court of Giessen dealing with the
practice of Rasterfahndung.123 In this judgment, the court ordered the university
of Giessen to cease further transmission of the applicants data to the police.
According to the court, also in the eld of Amtshilfe, the authorities concerned
should strike a balance between the advantages of data proling and the constitutional right to informational self-determination and data protection of the
person concerned.
120
121
122
123
H.P. Bull, Die Grundprobleme des Informationsrechts, Inaugural speech Universtity Tilburg,
Zwolle: W.E.J. Tjeenk Willink 1985.
A. Podlech, Verfassungsrechtliche Probleme entlicher Informationssysteme, DVR 1972/
1973, p. 149 .
Amtshilfefester Schutz gegen Zweckentfremdung durch Weitergabe- und Verwertungsverbote.
See above, section 4.3.3, Verwaltungsgericht Giessen, 8.11.2002, Az. 10 G 4510/02.
422
Chapter 12
124
Germany
423
In these reports, the authorities are asked whether the information should be
stored for a further period. On the basis of German immigration law, certain
re-entry bans for which persons can be reported in the NSIS under Article 96 (3)
apply for six years. This is interpreted by German immigration ocers to mean
that this time limit of six years for the re-entry ban also applies to storage in the
NSIS and, therefore, they are not obliged to consider whether a storage period of
longer than three years is necessary. As a consequence, the rst automatic SIRENE
report which is sent to these authorities does not have any practical eect. The
immigration oces are merely asked to check the need for further storage.
However, if they do not react to this rst warning, nothing happens. Only after
six years, when a second report is forwarded by SIRENE and if the local authorities do not respond or if they do not provide any reasons why the alert should be
stored for a longer period, is the alert in the NSIS automatically deleted. This
means that, in practice, data on third-country nationals in the NSIS Germany are
generally stored for six years, instead of three years.125 This practice is contrary to
the current rules of the CISA.
6.4.2. Duty to Inform the Data Subject
Federal law and the law of the German Lnder both apply with regard to the use of
the NSIS. However, these laws, as far as I know, do not include any obligation to
inform third-country nationals of the fact that they are reported in the NSIS. The
AAH-SD do not include such a duty and 82 (3) Residence Act only obliges
authorities to inform a third-country national of the re-entry or residence ban.
This does not include information on the fact that this ban involves registration in
the NSIS.
In general, on the basis of 19a BDSG, a person whose data has been reported
without his or her knowledge should be informed of this data processing, including the purpose of this processing and the authorities that have access to this data.
In accordance with the rules of EC Directive 95/46, this duty does not apply in
three situations: if the person has been informed of the data processing by other
means, if such notication would require unreasonable eorts by the authorities,
or if the data processing is envisaged explicitly in formal law. Irrespective of the
question of whether the rst two exceptions would apply in this case, it is doubtful whether the German ratication act of the CISA or the general instructions as
laid down in the AAH-SD fall within this denition of law. The ratication
125
This practice has been criticised by the various data protection authorities of the Lnder. See,
for example, the annual report of the Berlin Authority, 2001, p. 38. http://www.datenschutz
-berlin.de. See also the 34th Report of the Hessian Data Protection Authority of 31 January
2005, which describes this practice as a general problem (typische Fallgestaltung ), p. 51.
424
Chapter 12
act does not provide detailed rules on the German criteria for reporting thirdcountry nationals in the NSIS but only approves the establishment of the NSIS
and the fact this NSIS will be used by the Schengen States. The latter regulation,
the AAH-SD, is not a formal law.
6.4.3. Right of Access, Correction and Deletion
In accordance with the provisions of Articles 109 and 110 of the CISA, individuals
have the right to submit a request for access and, possibly, correction or deletion
of their information stored in the NSIS. In Germany, this request can be forwarded to dierent authorities. Firstly, the application may be addressed to the
Federal or Lnder authority which forwarded the data to the NSIS. Secondly, the
application may be forwarded to the Federal Data Protection Commissioner or
the data protection authority of the country responsible (depending on which
authority forwarded the data to the NSIS). Finally, the applicant may directly
address the Federal Criminal Police Department (BKA) in Wiesbaden, which is
the responsible authority for the NSIS in general.126
Generally, the right of access, correction and deletion is regulated in 19 and
20 of the BDSG. This includes the right of the data subject to be informed of the
information which is processed with regard to him or her, the purposes for which
this information is being processed and the authorities that have access to this
information. Individuals have a right to direct and indirect access. This means
they may choose to forward their request of access, correction or deletion to the
Federal Data Protection Commissioner or the authorities of the Lnder, but may
also directly address the organisation holding the data. 19 (4) BDSG provides
for three exceptions to the right of access, the wordings of which run the risk of
being interpreted widely. In the rst place, the right of access may be denied if
such notication would endanger the fullment of the public tasks of the authority involved, if the notication would aect public order and security or would
infringe the public well-being of the Federal State or the Lnder, or if the information concerned has to be kept condential on the basis of legal or other
requirements or in the interests of third parties.
By 2005, the BKA had received between 500 and 600 applications annually
concerning individual requests for access, correction or deletion of their data in
the SIS.127 The Federal Data Protection Commissioner received approximately 30
applications per month for access to data stored in the NSIS by individuals.128
If this application falls within its eld, the Federal Data Protection Commissioner
126
127
128
See, for more practical information: Westphal & Stoppa (2007), p. 550.
Source: interview with BKA, May 2005.
Source: interview with ocials of the Federal Data Protection Commisioner and the Hesse
Data Protection Commissioner, May 2005.
Germany
425
will himself deal with such an application and will ask the BKA for its view. If the
application falls within the competence of the data protection commissioners of
the Lnder, the application will be forwarded to these authorities. In every case,
the applicant will be informed of the results of the inquiry, either by the Federal
Data Protection Commissioner or by the commissioners of the Lnder.
6.5. Supervision by Data Protection Authorities
6.5.1. Introduction
Compared to their counterparts in France and the Netherlands, the data protection authorities in Germany seem to play a larger role with regard to the functioning and use of the NSIS. The importance of these authorities could be
explained in the rst place by the historical emphasis on data protection in
Germany. Secondly, the data protection authorities in Germany are in a relatively
favourable position, in the sense that their powers or functioning are enhanced
by the shared responsibility of the Federal Data Protection Commissioner and
the authorities in the states or Lnder. The annual reports from the authorities in
the Lnder and from the Federal Data Protection Commissioner are a useful
source of information with regard to the functioning of the NSIS, the registrations of third-country nationals and the general problems encountered in these
elds. On the other hand, the controlling task of the data protection authorities
seems to deal more with general issues with regard to the use of the NSIS, than
with the handling of individual complaints.
In 2004, the Federal Data Protection Commissioner and the authorities of the
Lnder performed an investigation into the practice of the use and registration of
data on third-country nationals based on Article 96. This review was coordinated
by the German Federal Data Protection authority and formed part of the international review initiated by the Joint Supervisory Authority in 20032004. The
results of these investigations were published in the annual reports of the Federal
Data Protection Commissioner and the data protection authorities in the Lnder.
6.5.2. The Federal Commissioner for Data Protection
and Freedom of Information
Since 1 January 2006, based on the new Act on the Freedom of Information, the
name of the Federal Data Protection Commissioner (Bundesbeauftragten fr den
Datenschutz) has changed to the Federal Commissioner for Data Protection and
Freedom of Information (Bundesbeauftragte fr den Datenschutz und die Informationsfreiheit).129 The tasks of this authority with regard to the supervision of data
129
426
Chapter 12
processing and the right to data protection have not been changed. In the
following sections, I will refer to the Federal Data Protection Commissioner.
The Federal Data Protection Commissioner is elected by the Federal Parliament
(Bundestag) following nomination by the government. In accordance with 22 (3)
BDSG 2001, the term of oce of the Data Protection Commissioner is ve years,
renewable only once by another period of ve years.
The controlling powers of the Federal Data Protection Commissioner only
apply to federal public agencies. His powers include questioning the responsible
authorities, the right to be granted access to the premises of the federal authorities and the right to make proposals to improve data protection ( 24 BDSG
2001). Every two years, the Data Protection Commissioner publishes an annual
report on the basis of 26 (1) BDSG 2001.
Any person may forward a complaint to the Federal Data Protection
Commissioner, if he or she assumes that his or her rights have been aected by
the collection, processing or use of personal data by public authorities of the federal government ( 21 BDSG 2001). The number of individual complaints with
regard to the NSIS dealt with by the Federal Data Protection Commissioner is,
however, relatively small. One hundred and fteen requests were dealt with by
the Federal Data Protection Commissioner in 2003 with regard to records on
third-country nationals in the NSIS. In 2004, the Data Protection Commissioner
examined 107 requests. These gures include requests made by foreign (mostly
French) data protection authorities regarding individual alerts. This low number
can be explained by dierent factors. In the rst place, as we have seen, the task
of the Federal Data Protection Commissioner only extends to federal agencies.
As long as the data fall under the responsibility of an authority in one of the
Lnder, the data protection authorities of this specic state will be competent.
On the other hand, as we have seen above, individuals may forward their claims
immediately to the administrative authority concerned on the basis of their right
to direct access.
6.5.3. Data Protection Authorities of the Lnder
The organisation of the data protection authorities of the Lnder (Lndesbeauftragte
fr den Datenschutz) and their policy with regard to their working elds are
dierent in each country. Some authorities are able to rely on more sta and
nancial resources than others. The appointment of the data protection authority and the scope of nancial resources of this organisation are decisions taken in
the parliaments of the Lnder. This explains why these issues are closely related to
the political make-up of the parliaments. Not every data protection commissioner is able to give high priority to controlling the NSIS. Some data protection
authorities are more closely involved with the NSIS. For example, the Hesse
Data Protection Commissioner is quite active with regard to the NSIS which can
Germany
427
be explained by the fact that its organisation is based in the same city as the
Federal Criminal Police Department or BKA (Wiesbaden). Furthermore, during
the period of this study, one of its ocers was member of a working group of the
Schengen Joint Supervisory Authority, together with the Federal Data Protection
Commissioner, Peter Schaar. Although the dierent data protection authorities
of the Lnder act quite autonomously, their work is coordinated in dierent
working groups attended by the specialist members of the data protection
authorities. There is also a special working group on third-country nationals.
As mentioned above, the annual reports of the data protection authorities
include interesting information on the practical implementation and current
problems of the NSIS. For example, in 2000 and 2001, the Data Protection
Commissioner of North Rhine-Westphalia reported on the large number of SIS
entries which were in breach of the provisions of the CISA. It considered the
problem of wrongful Article 96 (3) reports on rejected asylum seekers (see
section 3.2.3) and the fact that the local authorities disregarded the applicable
time limits.130 The Data Protection Commissioner in Dresden, to whom the
NSIS was a relatively new issue, expressed concern in his annual report of
19992001 about the fact that, in many cases, the local immigration oces
entered rejected asylum seekers into the NSIS on the basis of Article 96 (3).131
6.5.4. Inquiry of the Data Protection Commissioners on Article 96 CISA
Of particular interest are the ndings of the data protection authorities of the
German Lnder concerning the implementation of Article 96 CISA during
a study in 20032004. As mentioned above, this inquiry was initiated by the
Schengen Joint Supervisory Authority. The inquiry included a group of 400
records in the NSIS which were provided at random by the BKA to the Federal
Data Protection Commissioner.132 The reports by the dierent data protection
authorities established that the data held in the NSIS by the German authorities
were often not updated or correct and data were not deleted after the expiry of
the time limits. 20% of the records in the NSIS concerned people of unknown
residence, which is not legal grounds for the Article 96 entry. 50% of the Article
96 (3) records were associated with the unlimited re-entry ban of 8 (2) of the
former Aliens Act ( 11 Residence Act) which was also considered illegal.
130
131
132
See the 14th and 15th Reports of the Data Protection Commissioner of North Rhine-Westphalia.
5th Report of the Landesbeauftragten fr den Datenschutz Sachsen-Anhalt (April 1999 to March
2001), p. 10.
A summary of the ndings of this investigation can be found in the 20th report of the Federal
Data Protection Commissioner: 20032004, para. 3.3.2.2.
428
Chapter 12
Furthermore, the data protection authorities found that, in many cases, the need
for further storage had not been motivated by the responsible authorities in
accordance with Article 112 CISA.
Aside from these conclusions in their reports for the JSA inquiry, the annual
reports of the data protection authorities of the dierent Lnder establish comparable ndings. For example, in 2004, the data protection authority of North
Rhine-Westphalia checked 80 of the Article 96 alerts held in the NSIS at random.
In ve of these cases, the authority discovered that the report in the NSIS was
only for the purpose of Aufenthaltsermittlung and was therefore unlawful.133
In many other cases (the report does not mention any numbers) the necessary
time limit for the SIS registrations was not suciently documented or checked.
According to the annual report from the Hessian data protection authority, 10%
of the registrations checked by the Hessian authorities were unlawful.134 This
mainly concerned registrations in the SIS for more than three years, the need for
which was not individually checked. In addition, the data protection commissioner of Baden-Wrttemberg, who randomly checked 49 les on third-country
nationals in the NSIS and INPOL, found many irregularities with regard to these
les.135 Some reports lacked a proper legal basis and, with regard to other reports,
this data protection commissioner found that the time limits had been exceeded.
The majority of third-country nationals stored in INPOL for the purpose of arrest
had been reported without the necessary judicial warrant. Six of these 49 cases
concerned individuals whose asylum request had been rejected. Finally, the Data
Protection Commissioner of Baden-Wrttemberg discovered that the reports
included EU citizens despite the fact that this is prohibited under EU law.
6.6. Legal Remedies
6.6.1. Competence of the Administrative Court
As we have seen above, German administrative procedural law provides dierent
possibilities for individual appeals. In its judgment on the central aliens administration, or AZR, in 2001 the Constitutional Court conrmed the applicability of the
right to administrative appeal with regard to data processing in the public sector.136
This right applies irrespective of the question of whether the data processing of
information results in an administrative decision aecting the individual. In this
133
134
135
136
Germany
429
case, the Court conrmed that a data subject should have the right to lodge an
appeal (Leistungsklage) with the administrative court, requesting a ban on further
data processing or transmission of the personal information to other authorities.
This includes the right to appeal for a temporary injunction, claiming a ban on data
processing until a nal judgment by the court, so as to oer the individual eective
protection against unlawful data processing. According to the Constitutional
Court, administrative courts have a duty to assess the constitutionality and legal
basis of data processing.
It is also possible to lodge an administrative appeal against the decision to
refuse the right to access, correction or deletion. The person concerned may
appeal against this refusal with the administrative court which is competent in
the district of the local authority refusing the individuals claim on the basis of
52 (5) VwGO.137
6.6.2. Right to Financial Compensation
An individuals right to nancial compensation is important if he or she has
suered damaged from wrongful or unlawful data processing. This is provided
for in 7 and 8 of the Federal Data Protection Act (BDSG). 8 BDSG explicitly covers nancial compensation with regard to automated data processing by
public authorities. According to this latter provision, the public authorities have
a duty to repair the nancial damage, irrespective of whether they are at fault or
carry any responsibility for this damage. This extended duty to repair nancial
damages was introduced with the amendment of the BDSG in 1990. The right
to nancial redress covers material and immaterial loss. Unlike the Dutch Data
Protection Act, the German BDSG includes a maximum amount for nancial
compensation of 130,000.
137
430
Chapter 12
Act unreadable for the average reader and even fails to meet the constitutional
principle of the rule of law in the sense that immigrants are unable to trace their
rights and duties.138
In section 5.1 we have seen that, even in 1972, the Constitutional Court made
clear that the right to legal remedies as oered by Article 19 (4) of the Constitution
applies in its entirety to non-citizens. We have also seen that the administrative
procedural rules with regard to the rights of appeal and judicial review in principle apply to immigration law decisions. In the following sections, we will discuss
certain exceptions and limitations to these rights as provided in the Residence
Act 2004.
7.2. Duty to Motivate Decisions
According to general rules of administrative law, an administrative decision may
be communicated to the person concerned orally, in writing or in electronic
form, or by other means. Only if the individual expresses an actual interest in
being informed in writing or electronically is the administrative authority obliged
to comply with this request (see 37 (1) and (2) of the German Administrative
Procedures Act, VwVfG). Based on 39 VwVfG, an administrative decision in
writing or in electronic form requires motivation of the factual and legal reasons
for the decision.
In the eld of immigration law, on the basis of 77 Residence Act, the written
form is always required for a refusal of a residence permit, a decision to limit the
right of residence in time or space and for decisions or measures of expulsion
(Ausweisung and Abschiebung). Decisions on visa applications and refusals of
entry at the borders are exempt from this obligation. According to 77 (2),
a refusal or limitation of a visa does not require the written form, a motivation or
a duty to inform the applicant of his or her right to appeal. In practice, only
when the person concerned lodges an objection against this refusal, the second
decision (Zweitbescheid ) by the administrative authority (embassy or consulate)
will include a written motivation and information about legal remedies
(Rechtsbehelfbelehrung). This does not include any right to a translation of this
decision. It seems doubtful whether the lack of informed decision-making at the
rst level is in accordance with criteria of eective remedies under Article 19 (4)
or 20 (3) of the German Constitution or the general principles of EU law and
the ECHR as described in Part II of my study.139
138
139
E. Benda et al. (eds.) Handbuch des Verfassungsrechts der Bundesrepublik Deutschland, BerlinNew York: Walter de Gruyter 1995, p. 410.
Westphal & Stoppa (2007), p. 551.
Germany
431
140
432
Chapter 12
8. Case Law
8.1. Record in the NSIS in Conformity with Criteria of Article 96 CISA?
In an interim judgment of 7 August 2002, the administrative court of Dsseldorf
court clearly demonstrated that the reasons forwarded by the government for the
entry of a third-country national in the NSIS were in breach of the applicable
rules in Article 96 CISA.141 In this case, the long-term residence permit of a
Turkish employee, who had lived in Germany for more than 20 years, had been
withdrawn in March 1999 by the German authorities because he had not reported
within the prescribed time and his place of residence was thus considered
unknown. Based on this withdrawal of his residence permit, the Turkish national
had been recorded in the NSIS in April 1999 for the purpose of refusal of entry.
This NSIS alert resulted, in the summer of 2002, in his arrest by the Dutch border
police, following which he was kept in detention with the intention of sending
him back to Turkey. The court of Dsseldorf armed the applicants right to a
temporary injunction to prevent his expulsion. The court ordered the German
authorities to treat the applicant as if his residence permit had never been withdrawn and to delete the registration in the NSIS. In this judgment, the court
made it clear that not only were there no valid grounds for the withdrawal of his
residence permit, but also that such a withdrawal was, according to Article 96
CISA, not valid grounds for his record in the NSIS. The court did not consider
whether the SIS report was in breach of the applicants rights under the Association
Decision 1/80 between the EC and Turkey (see section 2.2 of Chapter 9).
In a decision by the administrative court of Berlin of 3 December 2004, the
court explicitly considered the meaning and relationship of the various paragraphs
of Article 96 CISA.142 The underlying case concerned a person from BosniaHerzegovina, who applied for asylum in Germany for the rst time in 1994. His
application was rejected and he was ordered to leave Germany. On 24 June 2003,
in order to leave Germany, he passed through the border control agency from
Berlin, where he was found in possession of a fake French Schengen visa. He was
prosecuted for falsifying legal documents and then, in July 2003, he was expelled
from Germany. The public prosecutor withdrew the charge on October 2003, on
the grounds that the guilt of the person concerned was limited (the person denied
he knew the visa was fake) and the fact that prosecution would have limited
meaning for the public interest because he had left Germany. Despite the fact that
the criminal charge against him had been dropped, the Berlin border police
recorded his name in the NSIS for the purpose of refusal of entry. An application
141
142
Germany
433
to delete the record was refused by the German authorities on the grounds that
the suspected criminal behaviour of the person concerned would imply a threat to
security and public order.
The Berlin court was rigorous in its interpretation with regard to the legitimacy of the reasons forwarded by the German authorities to record this person
in the NSIS. The authorities argued that, even if there had been no conviction,
the fact that the person was suspected of having committed a serious oence
(schwere Straftaten) would made the SIS record lawful on the grounds of 96 (2)
(b) CISA. The court questioned this interpretation of serious oence in
Article 96. The court did not deny that the second criterion of Article 96 (2)
applied, for which no conviction was required. However, according to the court,
the interpretation of a serious oence would have to be interpreted in accordance with the requirements of the criteria under 96 (2) (a). Since 96 (2) a required
conviction of an oence carrying a penalty involving deprivation of liberty at
least one year, the second criterion under (b) could not be interpreted as allowing
registration in the NSIS for (suspected) less serious oences.
Under German law, crimes carrying a sentence of at least one year are considered crimes, or Verbrechen. The oences of which the person was suspected, falsication of legal documents and illegal entry into and exit from German territory,
did not concern crimes, merely oences (Vergehen). In the words of the court, it
would be illogical, for the registration of a convicted person in the NSIS for refusal
of entry, to require that this conviction involves a crime (Verbrechen) whereas,
with regard to a registration which is based purely on suspicion, a criminal oence
which does not meet this threshold would be sucient. Therefore, the court
ruled that the registration was not in accordance with Article 96 CISA and ordered
the German authorities to delete the data from the NSIS. Although the direct
link which the court makes between the criteria of Article 96 (2) and (3) can be
argued, the reasoning of the court makes sense.143
In my opinion, this judgment, which seems to focus on a rather technical
interpretation of Article 96, is important. Although not dealing with it explicitly,
the Berlin court criticised the extensive interpretation of Article 96 (2) by the
German authorities. This interpretation is that third-country nationals may be
reported in the NSIS for crimes which are punishable by a sentence of one year
and more, rather than at least one year or more, latter meaning being literally the
text of Article 96 (2) (a).144 It is worrying or at least odd that, until this judgment
143
144
During interviews, spokesmen for both the BKA and the (Former Border) Police expressed
their disagreement with this judgment.
In German: instead of: die mit einer Freiheitsstrafe von mindestens einem Jahr bedroht ist,
ein Delikt dass mit eine Strafe bis zu einem Jahr oder mehr bedroht ist. See Westphal & Stoppa
(2001), p. 409.
434
Chapter 12
by the Berlin court, the storage of data on third-country nationals for minor
oences seems to have been an accepted practice in Germany.
8.2. Direct Legal Eects of a SIS Alert
In their case law, German courts had to deal with the question whether a SIS
alert has direct legal eect.145 The question at issue is whether a SIS record can be
regarded as an administrative decision (Verwaltungsakt) with direct legal eects
for the data subject and, thus, whether an individual could appeal directly against
this decision. This question was dealt with in the judgment by the administrative
court (Verwaltungsgericht) of Dsseldorf in its decision of 7 August 2002.146
Although the court considered that the registration in the NSIS was not an
administrative decision (no Verwaltungsaktqualitt ) and thus had no direct
eect, on the basis of Article 80 (5) 3 VwGO the court found there was a substantive claim by the applicant because, as we have seen above, the SIS report
and its underlying decision were considered unlawful.
Unlike the Dsseldorf court, the administrative court of Berlin, in its judgment
of 3 December 2004 (see the previous section), considered the question of
whether a SIS record can be seen as an administrative decision with direct implications for the individual, of no relevance to the assertion of this individuals
right to have data deleted from the NSIS.147 For this right, according to the court,
it is only relevant whether the storage of his or her data is unlawful.
In relation to the legitimacy of SIS alerts, there is a related discussion in the
German literature on whether the CISA implies that ocials have to check
whether information stored in the NSIS is in accordance with the law. This discussion is connected to the question whether, if the underlying decision to store
information into the NSIS is illegal, this automatically means that an administrative decision based on this information is illegal as well. Referring to a comparable
issue dealt with in judgments by administrative courts, Westphal answers this
question in the negative.148 These cases concerned administrative orders for carriers to return expelled persons to their country of origin.149 In the judgment, the
German courts ruled that carriers were not obliged to check whether the underlying expulsion was justied; the courts did not even require any incidental control.
Except in cases where the underlying decision was clearly (ensichtlich) illegal,
145
146
147
148
149
As we will see in Chapter 13, the same question arose in the Netherlands.
Verwaltungsgericht Dsseldorf, 7.8.2002, Az. 24 L 2837/02, InfAuslR 10/2002. Also covered
in section 8.1.
Verwaltungsgericht Berlin, 3.12.2004, Az. 1 A 151.04.
V. Westphal, InfAuslR 1999, p. 364.
VG Kassel 23.3.1998, Az. 12 VE 1310/95, VG Frankfurt, 7.3.1995, Az. 11E3067/94.
Germany
435
this would have been dierent. However, considering the responsibility of Member
States to ensure that their acts are in conformity with EU law and international
human rights standards, one could argue that this conclusion with regard to
private carrier organisations cannot be applied to governmental authorities.
Furthermore, as we gave seen in Chapter 9, with regard to family members of EU
citizens the ECJ conrmed in Commission v. Spain the responsibility of national
authorities to check the lawfulness of SIS alerts before enforcing them.150
8.3. Duty to Balance Interests
The German principle of proportionality or the Verhltnismssigkeitsprinzip
plays an important role in both data protection and immigration law. This principle is regarded as being directly connected to the constitutional principle of the
rule of law. On the one hand, it obliges administrative authorities to weigh the
dierent interests at stake whenever they take an individual decision. On the other
hand, it empowers national courts to assess, in each individual case, the proportionality of the measures or decisions taken against an individual. Although I have
not found any judgments which dealt explicitly with the principle of proportionality
in relation to the use of the NSIS, the jurisprudence on related matters could
indicate that national courts will also apply the proportionality test to the NSIS.
Furthermore, the decision, referred to in the previous section, by the administrative court of Berlin, illustrates that the court did not accept a broad interpretation
of Article 96 (2) as justication for a SIS entry.
As we saw in section 6.2.2, the Volkszhlungsurteil concerned the duty of the
public authorities to balance the public interest to be served by data gathering
against the individual right to privacy (Persnlichkeitsrecht) and the right, derived
from this constitutional right, to informational self-determination. The importance of this right to informational self-determination and the duty to balance
decision-making has been conrmed in the German jurisprudence with regard to
practice of Rasterfahndung after 11 September 2001. Although many courts
approved the (temporary) use of this measure, the courts made it clear that the
data search on foreigners and German nationals would have to meet the principle
of proportionality. Dealing with the question whether the data proling measure
was disproportionate, we have seen in section 4.3.3, that the Court of Appeal of
Dsseldorf applied dierent criteria to nationals of states listed as a risk country
and German citizens respectively.151 This dierence in appreciation could however
be explained by the fact that the Court of Appeal had to assess the lawfulness of
measures taken directly after the events of 11 September 2001.
150
151
436
Chapter 12
152
153
154
Germany
437
156
157
158
BVerfG 5.12.2001, 2 BvR 527/99, see also the judgment of the administrative higher court of
Kassel, VGH Kassel, 19.11.03, Az. 12 TG 2668/03.
These reasons of the German government were cited by the Federal Administrative Court in its
judgment BVerwG, 10.07.2001, Az. 1 C 35.00.
VG Koblenz, 9.11.1998, Az. VG 3 K 938/98.KO and OVG Koblenz, 13.09.2000, Az. OVG
11 A 10349/99.
BVerfG, 9.11.2006, BvR 1908/03 and OVG, 19 April 2007, Az. A 11437/06.
438
Chapter 12
In July 2001, the Federal Administrative Court reached its rst decision in
this case.159 In its judgment, the Court did not deny the existence of a right to
freedom of religion of third parties with regard to the SIS alert on their leader.
The Federal Court stressed that it was the duty of the state to take into account
the interests of the religious movement concerned. According to the Court, a residence ban on a religious leader could be in breach of the constitutional right to
freedom of religion of others, if the visit of the leader, according to the standards of current religious doctrine, would have signicant meaning for the common exercise of this religion. The question of whether these standards would
give the applicants a subjective right in this case was referred back to the Koblenz
Oberverwaltungsgericht.
In its judgment of June 2002, the administrative appeal court delivered a much
more strict interpretation of the freedom of religion as formulated by the Federal
Court in its judgment July 2001.160 Among other things, the Koblenz Court held
that, according to the theology of the Unication Church, the personal presence
of the leader at religious meetings would not be an absolute prerequisite, referring
to earlier satellite and internet meetings which were organised by this church.
In September 2003 (eight years after Mr. and Mrs. Moon had been registered in
the NSIS for the rst time) the Federal Administrative Court rejected the appeal
against the judgment of the Koblenz Court. Although the Federal Administrative
Court conrmed the claim of the applicants that the court of Koblenz had made
an overly strict interpretation of the specic signicant meaning of a visit of a
religious leader, it did not examine the lawfulness of the SIS alert itself.161 Again,
in this judgment, the Federal Administrative Court focussed on the freedom of
religion of members of a religious movement and on the relationship of this right
with the possibility or otherwise for these members to meet their religious leader.
Generally, the Court recognised the relationship between a residence ban and the
constitutional rights of others. However, in this case, it held that there were no
sucient grounds to conclude that the refuted decision of the German authorities
not to grant entry to Mr. and Mrs. Moon were in breach of the right of freedom
of religion of its members. In its nal consideration, the Federal Administrative
Court emphasised that this judgment did not mean that with regard to future
visits to be planned by the Moon couple, the Court would rule in the same way.
In this judgment, the Court did not go into the question of whether the public
order and security grounds as forwarded by the Koblenz authorities justied the
Article 96 (2) record on Mr. and Mrs. Moon in the NSIS.
159
160
161
Germany
439
162
163
164
440
Chapter 12
9. Conclusions
9.1. Implementation of Article 96 CISA
The German rules with regard to the implementation of Article 96 CISA are not
easy to decipher. Both the criteria for and the eects of an Article 96 report lack
transparency. The criteria for the input of third-country nationals who are to be
refused entry into the NSIS are not explicitly provided for in a formal law. These
criteria are, on the one hand, based on the re-entry ban of 11 (1) of the German
Residence Act, which is connected to a decision of expulsion, removal or deportation. On the other hand, they are based on the condential rules on national
security and public order criteria as applied by the German police. More detailed
rules for the German immigration oces are laid down in ministerial instructions of 1998, the AAH-SD. These instructions are not, however, legally binding and it is unclear whether and how they are applied by each individual
immigration oce. Nevertheless, since they are the only standards applicable
in this eld, both courts and data protection authorities seem to rely on the
accuracy of the provisions in the general instructions.
Based on these instructions, one can dispute the interpretation of the Article
96 (3) criteria and the way these criteria are implemented in German law. Although
the registration of rejected asylum seekers in the SIS is formally forbidden, the
reports by the German Data Protection Commissioners conrm that the immigration authorities in Germany are still submitting data on these grounds.
The interpretation of Article 96 (2) by the (former Border) Police and BKA can
also be disputed, with regard to the meaning of an oence carrying a penalty
involving deprivation of liberty of at least one year. This is interpreted to mean
that a wide range of minor oences would justify a ban on residence for the whole
Schengen territory by storing data concerning these persons in the NSIS.
An important source of information on the implementation of Article 96
CISA is provided by the investigation performed in 2004 by the Federal Data
Protection Commissioner and the data protection authorities in the Lnder on
behalf of the Joint Supervisory Authority. This investigation highlighted the fact
that there are many problems with regard to the reliability of the information
held in the SIS, the observance of the time limits and the criteria being used for
the registration of third-country nationals. Even before 2004, however, German
data protection authorities reported on the many mistakes and the illegal practices
with regard to the storage of data on third-country nationals in the NSIS.
9.2. Germany: Strong Tradition of Collecting and Protecting Data
Germany has long-term experience with gathering personal information and the
use of databases to maintain internal security. Important developments in this
Germany
441
eld have been the establishment of INPOL and experimenting with the use of
data proling or Rasterfahndung in the ght against the RAF in the 1970s. Since
1953, Germany has a central administration for aliens a database which only
acquired a legal basis in 1994. Based on its own experiences, the German government took a leading role with regard to the development of the NSIS and later
with regard to the computerisation of border control. The establishment of a central visa database and the use of biometrics for the identication and verication
of travellers had been on the German agenda since long before the negotiations
at EU level touched on these issues.
On the other hand, Germany has a strong constitutional history of data protection and the protection of the right to personal life or privacy. The Census Judgment
or the Volkszhlungsurteil by the Constitutional Court in 1983 was decisive for the
future development of German law as well as being inuential in other European
countries. In this judgment, the German Court raised the right of data protection
(informationelle Selbstbestimmung) to a constitutional level and dened important
criteria for the protection of individuals. German data protection lobbyists such as
Simitis and other lawyers played an important role with regard to the drafting of not
only the German data protection laws, but also the data protection rules in CISA
and EC Directive 95/46. Separate from the development of data protection law, but
perhaps just as important in this eld has been the protection of the constitutional
right to eective remedies (Article 19 (4) GG) in German jurisprudence.
The judgment of the German Constitutional Court on the practice known as
Rasterfahndung after the events of 11 September 2001 also marked an important
development in German law and policy. In this judgment of 4 April 2006, the
Court ruled that the applied measures of data proling were in breach of the
constitutional right to privacy of the persons whose information it concerned.
The Constitutional Court explicitly emphasised the risk of stigmatisation of certain groups of (foreign and Muslim) individuals residing in Germany, referring
to the selected criteria on which the data proling was based.
9.3. NSIS and the Right to Eective Remedies
As we saw in section 5.1, the right to legal remedies for everyone whose constitutional rights are aected by public administration is protected in Article 19 (4) of
the German Constitution. This right forms an important basis for the question of
whether the person concerned actually has access to eective remedies. With the
exception of short-term visa applications and manifestly unfounded asylum
claims, German immigration law includes a general right to appeal. With regard to
data processing, German administrative procedural law also provides dierent
possibilities for individual appeal. A person may also lodge an administrative appeal
against the decision to refuse the right to access, correction or deletion of data.
442
Chapter 12
Germany
443
Koblenz nally ruled that the Article 96 (2) alert was disproportional and therefore unlawful. With this conclusion, the Koblenz Court followed the earlier
judgment of the Constitutional Court in this case.
Other important judgments are those of the Constitutional Court and the
Federal Administrative Court with regard to the constitutional right to informational self-determination and the right to eective judicial protection. In these
judgments, the courts established clear and comprehensive criteria with regard to
the principle of proportionality and the eectiveness of legal remedies.
Finally, as we have seen above, in a judgment in 1999, the Constitutional
Court emphasised the importance for courts of having access to information
based on which the decision has been taken, in order to guarantee an eective
remedy.165 In this judgment, the German Court made it clear that the possibility
for the court to have access to the information during the judicial process had
nothing to do with data protection rights or the right to informational selfdetermination, but everything to do with the applicants right to eective judicial
protection.
9.3.3. Competences
The right to appeal under immigration law includes dierent possibilities for
restoring the interests of the applicant. This, as has been conrmed repeatedly by
the German courts, includes the possibility of obtaining a temporary injunction
or of having the eects of the administrative decision suspended.
In the case law described above, dierent German courts issued a binding
order to the administration involved when they found that a SIS alert did not
comply with the criteria of Article 96 CISA. These orders included the deletion
of the SIS alert in question, the annulment of the refuted decision based on the
SIS registration, or an interim order to prevent the expulsion of the person
concerned.
In a judgment on the AZR (dealt with in section 6.6.1), the Constitutional
Court conrmed that a data subject should have the right to lodge an appeal with
the administrative court, seeking a ban on further data processing or the transmission of the personal information to other authorities if this data processing is
considered unlawful.
Finally, it is important that an individual has the right to nancial compensation whenever he or she suers damage resulting from wrongful or unlawful data
processing. This right to nancial compensation is provided for in the Federal
Data Protection Act and covers material and immaterial loss.
165
Chapter 13
The Netherlands
Easy as it is to point at the deciencies of the SIS, it is not easy to repair them.
Seeing the sensitivity of Member States in this eld, there is little chance that consensus can be reached on clear and precise common criteria to report a person into such
a computer system. A step forward would already be a limitation of the reporting
grounds.1
1. Introduction
Before the Netherlands joined France and Germany in their bilateral discussions
on the abolition of internal border control, this country was already cooperating
in the eld of visa and immigration policy with Belgium and Luxembourg.
In fact, the Benelux agreement of 1960 was an important source of inspiration
for the later Schengen negotiations. The Dutch government had dierent reasons
for believing it useful to extend this cooperation to France and Germany. These
reasons included the economic advantages of the abolition of internal border
controls, as well as the possibility of enhancing cooperation between police forces
and of harmonising asylum and immigration law. In general, the Dutch
government held the view that intergovernmental cooperation in the eld of
immigration and asylum law was to be considered a temporary measure. In time,
Schengen would have to be replaced by EU measures.
J.D.M. Steenbergen, All the Kings Horses Probabilities and Possibilities for the Implementation
of the New Title IV EC Treaty, European Journal of Migration and Law 1, 1999, p. 2960.
446
Chapter 13
4
5
6
7
8
Dutch Journal of Treaties (hereafter: Tractatenblad ) 1993, no. 115, published on 27 August
1993. (Belgium and Luxembourg ratied the CISA on 31 March 1993).
Ocial Journal of the Lower House of Parliament (hereafter: Handelingen Tweede Kamer) 22
142. Act of approval published in Dutch Ocial Journal (hereafter: Staatsblad) of 24 February
1993, no. 138.
Memorandum of the Minister of Justice, Handelingen Tweede Kamer 19861987, 20 031, no. 12.
Handelingen Tweede Kamer 19891990, 19 326, no. 11, debate of 12 June 1989.
Staatsblad 1993, no. 660. See, for a general history of Dutch policy with regard to the legal duty
of identication, A. Bcker, Identicatieplicht: oplossing of oorzaak van problemen, Reeks Recht
& Samenleving no. 17, University of Nijmegen: GNI 2002.
Staatsblad 2004, no. 300.
Organisational measures which received much attention during parliamentary debates included, for
example, the nancial and organisational problems which occurred during the preparation of the
Dutch airport Schiphol for Schengen, see Handelingen Tweede Kamer 19951996, 19 326, no. 113.
The Netherlands
447
Convention.9 These questions had been drafted by a Dutch NGO, the Meijers
Committee. They covered, for instance, the role of the European Parliament during the Schengen negotiations, the competence of the Court of Justice, future
plans with regard to the harmonisation of asylum law and visa policy, the use of
SIS and the availability of legal remedies (see below).
In the Dutch legislative process, before legal drafts are forwarded to parliament,
the Council of State (Raad van State) has to give its prior recommendation on
the proposal. In its report on the approval act of the CISA of 8 April 1991, this
Council of State was critical with regard to the content of the CISA and,
exceptionally, advised the Dutch government not to submit the act of approval
to parliament.10 One of the central concerns of the Council of State was the fact
that the CISA provided rules on which state should be responsible for an asylum
application, without harmonising the national asylum laws. The Council of State
also questioned the provisions for the exchange of personal information, the
inadequate protection of privacy and the lack of unifying supranational judicial
control with regard to the implementation of CISA. Despite this negative advice,
the Dutch government decided to submit the proposal to the parliament.
The Dutch parliament was provided with information and comments by Dutch
NGOs, including the Dutch section of Amnesty International, the Dutch Centre
for Immigrants, the Dutch Refugee Council and the aforementioned Meijers
Committee.11 Based on a draft by this latter organisation, the Dutch parliament
agreed upon an important provision to be incorporated into the ratication act of
the CISA.12 According to this provision, the Dutch government was obliged to
publish and to submit to the Dutch parliament each draft decision by the Schengen
Executive Committee with binding eects on the Netherlands. This new power for
the national parliament with regard to binding decisions taken within the intergovernmental framework of Schengen was at that time quite unique, but later also
taken up by other countries.13 A comparable provision has also been included in
the approval act of the Maastricht, Amsterdam and Nice Treaties.14
9
10
11
12
13
14
448
Chapter 13
15
16
17
18
19
20
21
The Netherlands
449
The functioning of the SIS was raised again during the parliamentary debates
in response to the publication of two Dutch audits which were performed on the
functioning of the NSIS in 1997.22 These reports concerned the audit by the
Dutch Court of Auditors (Algemene Rekenkamer) and by the Dutch Data
Protection Authority. They will be discussed in sections 3.5 and 3.6.
Occasionally, members of the Dutch parliament submitted questions on security
issues in response to incidents with the SIS and SIRENE, even if these incidents
occurred abroad. For example, in 1997, a member of the Dutch Parliament raised
questions on the security and the accessibility of NSIS information following an
incident in Belgium. This concerned permanent sta members of the Belgian
SIRENE oce who were suspected of having forwarded information to members
of a criminal organisation.23 Another incident resulting in parliamentary questions
was the conduct of the French authorities in impeding research by members of the
Joint Supervisory Authority during their investigation of the CSIS premises in
Strasbourg.24
In 2005, a member of the Dutch parliament asked how many third-country
nationals were registered by the Dutch authorities in the SIS. The Minister of
Immigration responded that, based on gures from 1 January 2005 from the
C.SIS, the Dutch authorities forwarded 15,377 Article 96 alerts to the SIS.25
This answer did not result in any further questions or discussions.
2.3. Parliamentary Discussions on the SIS and the
Availability of Legal Remedies
Even before the date of signature of the CISA, members of parliament
questioned the legal protection of individuals registered in the SIS.26 In particular, the lack of judicial control in combination with the lack of harmonised
criteria for registration in the NSIS was a matter of general concern.27 In answer
to these questions, the government stated that an individual could invoke his
or her right to legal remedies in each country where a NSIS oce is located.
The Dutch government explicitly emphasised that the dierent countries
would have to respect each judgment by the national courts, including courts
of other Schengen states. The legal remedies open to individuals would be
those as provided for in national law.
22
23
24
25
26
27
450
Chapter 13
28
29
The Netherlands
451
30
31
32
33
Annex to a letter from the Meijers Committee to Dutch NGOs of 17 May 1991, JR91179.
See also the contribution by H. Meijers, the initiator and former chairman of the Meijers Committee
in the special issue on Schengen, Nederlands Juristenblad, 31 January 1991, p. 161240.
C.A. Groenendijk, The Competence of the EC Court of Justice, in: H. Meijers et al., A New
Immigration Law for Europe?, Utrecht: Dutch Centre for Immigrants 1993, see p. 52.
A. Woltjer, Schengen: The Way of no Return?, Maastricht Journal of European and Comparative
Law 2 (1995), p. 256278.
Aanhangsel van de Handelingen, 20012002, p. 425, no. 203.
452
Chapter 13
On the few occasions when the Senate or the Second Chamber of parliament
made an inquiry about SIS II, they rarely raised fundamental questions. The parliament did not question which lessons could be learned from the current use of
the NSIS or whether this system was eective with regard to its goals.
The most extensive inquiry into SIS II was included in a letter from the
sub-committee on Justice and the Interior of the Senate of 26 November 2002.34
In this letter, the Minister of Justice was asked to provide the Senate with information on the development of SIS II in relation to the accession of new EU Member
States. Other questions raised by the Senate concerned the involvement of the
European Parliament in the decision-making on SIS II, whether the Dutch parliament would be informed of every decision regarding SIS II and whether the purpose of SIS II would be changed. It was six months before these questions were
answered by the Minister of Justice.35 The Minister informed the Senate that the
European Parliament was consulted on the SIS developments and that every decision (binding and non-binding) on SIS II would be submitted to the Dutch parliament. According to the Minister, the inaccuracy of data held in the current SIS
would be the subject of continuous concern. In this same letter, the Minister of
Justice responded to parliamentary questions in reaction to an earlier publication
by in the Dutch government journal, the Staatscourant.36 In this publication, the
journalist Jelle van Buuren dealt with the proposals for the interoperability of different databases, the consequences of these proposals for the privacy rights of individuals and changing SIS II into an investigative tool. In his response, the Minister
described this publication as a mixture of Wahrheit und Dichtung. Although he
admitted that more organisations would gain access to SIS II, he emphasised that
the responsible Council Working Group was not considering any proposal to link
SIS II to other databases. According to the Minister, SIS II would remain a database for daily use by national ocers on a hit/no hit basis. The Minister did not
inform the parliament of the fact that, as we saw in Chapters 4 and 5, even
before 2003 dierent Member States had submitted extensive proposals with regard
to the use of SIS II, for example, the possibility of searching SIS on the basis of
incomplete data.37 Moreover, even in December 2003, the European Commission
recommended the technical integration of SIS II and VIS in its Communication on
the second generation SIS and synergies with SIS II and VIS.38
34
35
36
37
38
The Netherlands
453
41
42
454
Chapter 13
44
45
46
47
48
Since February 2007, with the installation of the new government Balkenende IV, the post of
Minister of Immigration has been abolished. Since then, immigration law and policy falls under
the responsibility of the Secretary of State for Justice.
Regulation 562/2006. See Vreemdelingencirculaire, decision 2006/16, Staatscourant no. 60,
24.3.2006.
Royal Decree (Koninklijk Besluit) 22 July 2002, Staatscourant no. 140, p. 7 and Staatsblad 2002,
no. 418.
Staatscourant 1814, no. 4.
Announced in a general memorandum of 18 July 2002 on the visa law (Hoofdlijnennotitie
Visumwet), Handelingen Tweede Kamer 20002001, 26 106, no. 4.
Letter from the Minister for Immigration, 20 June 2006, just060521.
The Netherlands
455
49
50
51
456
Chapter 13
of 2000.52 The formal residence ban is based on a written decision by the Dutch
Minister of Justice. In general, the decision to issue a formal residence ban should
be based on considerations involving the protection of public order and national
security. A person to whom a formal residence ban has been issued and who is
found on Dutch territory is punishable on the basis of Article 197 of the Dutch
Criminal Code. This means he can be sentenced to imprisonment for a maximum
of 6 months or to pay a pecuniary ne.
Article 67 (1) of the Aliens Act 2000 describes the following categories of
persons to whom a formal residence ban can be issued:
a. a person residing without a legal basis in the Netherlands and who has
committed more than one oence which is punishable under the Aliens Act
(for example if a person does not report his or her stay to the competent authorities within the prescribed time). This does not require a criminal conviction;
b. a person with a residence permit who is convicted of a crime punishable by
a term of imprisonment of 3 years or more;
c. a person residing without a legal basis in the Netherlands and who poses a
danger to public order or national security. This includes dierent categories of
persons, including (multiple) convictions for a crime punishable by imprisonment, or a report from the national or a foreign intelligence and security
agency;
d. a person regarding whom another Schengen or Benelux State submitted a
motivated request to the Dutch government to order a formal residence ban;
e. a person who committed a serious crime outside Dutch territory and when a
formal residence ban would be in the interests of international relations.
The criterion under (a) is inserted on the basis of a resolution adopted by the
Lower House of the Dutch Parliament in 2004. In this resolution, the Minister
was asked to apply the formal residence ban more frequently with regard to illegal immigrants acting in breach of the Aliens Act.53 Article 67 (1) (b) concerns
persons who have been convicted and whose residence permit is withdrawn for
that reason. This decision, to withdraw the residence permit, should be taken by
balancing the public interests and the individual rights of the person at stake.
Since February 1990, Dutch law provides a sliding scale mechanism for the
decision to withdraw someones residence permit.54 In general, this mechanism
stipulates that the residence permit of a person staying for a longer period in the
52
53
54
The implementation rules are laid down in the Aliens Decree 2000 and in the Aliens Circular
2000.
Amendment Aliens Circular, Decision no. 2005/29, Staatscourant 23 June 2005, no. 119.
Article 3.86 Aliens Decree 2000.
The Netherlands
457
Netherlands can only be withdrawn if the prison sentence to which he or she has
been sentenced is also longer. For example, the extension of a residence permit
can be refused or a residence permit can be withdrawn if a person who has been
in the Netherlands for at least three years but less than four years has been
sentenced to more than 9 months imprisonment. With regard to a person who
has been in the Netherlands for at least 15 years but less than 20 years, the
sliding-scale mechanism states that he or she should be sentenced to a term of
imprisonment of more than 96 months. Article 3.86, paragraph (c) of the Aliens
Decree 2000 states that the decision on the extension or withdrawal of residence
permits can also be based on foreign, nal convictions.
There are no ocial time limits for the duration of a formal residence ban.
It can only be withdrawn by the Minister following an application from the
third-country national concerned.55 The Dutch Aliens Act contains strict rules if
a third-country national should apply for the withdrawal of his or her residence
ban. These rules imply that, depending on the facts forming the basis for the
formal residence ban, the person must remain outside Dutch territory for one,
ve or ten years before he or she can apply for its withdrawal.
The sliding scale criteria are subject to changes. The criteria have been tightened
for persons residing in the Netherlands for less than ve years and, eective
17 June 2002, a residence permit can be withdrawn if the person concerned has
repeatedly committed minor oences.56 In 2005 and 2006, the Minister of
Immigration announced stricter rules, including amendments stating that legally
resident third-country nationals could be more easily expelled after having
committed a criminal oence.57
3.2.2. Third-Country Nationals Reported as Unwanted
The second category, third-country nationals reported as unwanted (ongewenst
gesignaleerde vreemdelingen) constitutes the largest number of Article 96 reports in
the NSIS. This category has no formal legal basis, but the criteria for reporting
third-country nationals as unwanted in the national police les can be found in
the Aliens Circular 2000 (para. A3/9.2.2). The decision to report somebody as
unwanted is based on an instruction from the Dutch Minister of Immigration
(now: Secretary of State for Justice) to the ocers implementing the tasks of border
control and immigration law. This informal residence ban is to be considered an
55
56
57
Article 68 Aliens Act 2000 and Article 6.6 of the Aliens Decree 2000.
Article 3.86 Aliens Decree amended by Tussentijds Bericht Vreemdelingenrecht (TBV) 2002/34
in: Staatscourant 6 August 2002, p. 7.
Aanhangsel Handelingen Tweede Kamer 20052006, no. 1983, p. 4211. See also NRC
Handelsblad 14 September 2006: Vreemdeling bij iedere straf het land uit.
458
Chapter 13
administrative instruction from the Minister to the border police and the immigration ocers to refuse the person entry at the borders or to expel the person if he is
found on Dutch territory. Unlike the formal residence ban, persons who are
reported as unwanted are not informed in advance. And, unlike the formal residence ban, a third-country national reported as unwanted is not committing a
crime if he or she resides or stays within the Netherlands.
In general, the reasons for reporting a person as unwanted in the NSIS are based
on danger to public security, public order or national security. In practice, this covers a wide variety of reasons for which a person can be reported in the NSIS, including a conviction for a minor oence such as shoplifting, as well as the suspicion
that a person has ties with terrorist networks. According to text of the Aliens
Circular of July 2006, the Dutch authorities are instructed to report a third-country
national whenever the following criteria apply (the prescribed duration of the alert
is given in brackets):58
a. rst expulsion of a non-criminal alien within a period of two years (two years);
b. removal of a third-country national who has been reported (prosecuted) for
a crime related to drugs smuggling, but who has (still) not been convicted
(two years);
c. removal following a prison sentence of a maximum of three months (two years);
d. removal following a prison sentence from three to six months (three years);
e. removal following a prison sentence of six months or more (no formal residence ban) (ve years);
f. if the person has been refused entry or has been expelled because he or she
used fake or forged identication or travel papers or deliberately produced
travel or identity papers that did not belong to him (ve years);
g. if the person evades supervision, for example if the person does not comply
with detention or supervision measures listed in Articles 4.374.39 and 4.42
to 4.52 of the Aliens Decree59 (three years);
h. if the Minister of Immigration nds there are concrete indications that the
person concerned is a danger to national security (ten years).
These criteria are regularly amended or updated. For example, in 2003, the Dutch
Minister of Immigration announced in a memorandum on the Dutch expulsion
policy with regard to rejected asylum seekers that it would be necessary to intensify
58
59
The Netherlands
459
the use of the SIS for tracking persons staying illegally in the Netherlands after
their removal.60 Based on a parliamentary resolution adopted in 2004, the criterion under (a) has been amended for this purpose.61 Whereas, according to the
original text, a person could only be registered for one year in the NSIS following
a second removal within two years, third-country nationals can already be
registered after their rst removal and for two years instead of one year.
The criteria listed under (b) and (h) were added in 2003 and 2004 respectively.62
The registration of third-country nationals suspected but not convicted of a
crime related to the smuggling of drugs is used especially to facilitate the return
of drugs couriers who arrive at Schiphol airport. The criterion mentioned under (h)
concerns third-country nationals who are suspected of having connections with
terrorist networks. The decision to report a person as a suspected terrorist in the
NSIS can be based on a report by the Dutch intelligence and security agency.
However, the explanatory memorandum to this amendment claries that this
decision also can be based on other grounds, including the reports of foreign
intelligence and security agencies.
In her explanatory memorandum, the Minister of Immigration also referred
to the duties of Member States pursuant to UN Security Council Resolution
1373. This Resolution requires states to enhance their border controls in the
ght against terrorism. In general, one can question whether the reporting of
suspected terrorists in the SIS for the refusal of entry is an ecient tool in combating terrorism. The same Resolution also calls upon states to prevent the commission of terrorist acts by bringing those persons to justice. It might have been
more appropriate to register the persons in the NSIS on the basis of Article 95
(extradition) or 99 (secret surveillance), rather than on the basis of Article 96
CISA, but this issue has not been discussed.63
In July 2006, the highest Dutch administrative court ruled that a condential
report by the national security and intelligence service (AIVD) can form a sucient basis for the decision to report the person in question as an unwanted
person, even if the report itself was not made available to this person.64 It was,
however, emphasised that the use of the condential report was justied in this
60
61
62
63
64
460
Chapter 13
particular case. The person concerned had only denied the content of the (available)
information forwarded by the AIVD and had not submitted any further information
to support his view that this information was wrong.
In some of the categories mentioned above, the general limit of three years for
the storage of data, as envisaged in Article 112 CISA, expires before the national
time limit given in the Aliens Circular. According to the applicable rules of the
CISA, in those cases, the Dutch authorities must explicitly request the C.SIS to
extend the retention period.
3.3. Practical Implementation and Use of the NSIS
3.3.1. NSIS: Responsibility and Coordination
Overall responsibility for the NSIS and SIRENE is in the hands of the Dutch
National Police Services (Korps Landelijke Politiediensten, hereafter the KLPD).
This organisation falls under the responsibility of the Minister of the Interior.
The KLPD is responsible for the storage and use of data in the NSIS, including
data for criminal investigation purposes, on missing persons, stolen goods and
on third-country nationals. The Dutch Immigration and Naturalisation
Department (Immigratie- en Naturalisatie Dienst, hereafter the IND) is responsible for the registration and coordination of registrations of third-country
nationals. The IND falls under the competence of the Minister of Immigration
(since 2007, the Ministry of Justice). As we will see below, this shared responsibility has consequences for how applications for access to SIS information are
being handled.
The Dutch NSIS is linked to the automated municipal population register
(Gemeentelijke Basisadministratie or GBA), regarding the registration of stolen or
missing identication documents. Since March 1998, a link has also been maintained with the national Agency for Road Trac (Rijksdienst voor Wegverkeer
RDW) in cases concerning data on stolen or missing driving licenses.
3.3.2. Procedure for Registration in the NSIS
Before the SIS became operational, third-country nationals to be refused entry or
persons reported as missing were registered in the Dutch national investigation
le (Nationaal opsporingsregister or OPS). Anticipating the start of the SIS, on
27 July 1993 the Dutch Minister of Justice issued instructions to the national
police authorities with regard to the reporting of third-country nationals in the
OPS and the NSIS.65 With regard to the input of data into the NSIS, the Dutch
government decided to report only those data relating to facts occurring after the
date the SIS became operational, i.e. 26 March 1995. This measure, not to copy
65
The Netherlands
461
the old OPS data into the NSIS, would ensure that the SIS records were as clean as
possible.66 This decision was made at a time when it had been established that the
data stored in the Dutch police les were often inaccurate, wrong or wrongly
spelled.67 Therefore the Dutch authorities started to clean up these les in order
not to contaminate the new NSIS les with the old information from the police
les. To prevent duplicate registration, third-country nationals registered in the
NSIS are no longer recorded in the OPS.68 The timing of the measures to be
adopted for the implementation of the CISA almost coincided with the reorganisation of the national police force.69 The police reorganisation included a decentralised structure with more responsibilities assigned to the regional police forces.70
Initially, based on this decentralised structure, the dierent regions applied dierent criteria for the registration of data in the NSIS. After this practice had been
criticised by the Court of Auditors in 1997 (see below, section 3.5), the central
government issued instructions to the regional departments with regard to the
input of data into the Dutch NSIS. This resulted in a more uniform and structured
organisation of the input of data into the NSIS.
Whenever a national immigration ocer or a border guard considers that a
person meets the criteria of the Dutch Aliens Circular 2000, the IND should
always be asked to report this person in the NSIS. For this purpose, a special
form is used (Model M93). The Dutch Aliens Circular (A3/9.6.1) provides that
an ocer using this form should forward the ngerprints of the third-country
national and, if available, copies of the identity documents to the IND. The current storage of third-country nationals in the SIS is coordinated by ve regional
coordinators of the IND. The IND will contact the regional coordinator, who
will decide whether the alert will be submitted to the NSIS. Since 1999, a
national coordinator has supervised the criteria used by the regional units to
enter a person into the NSIS. When the IND approves the alert regarding a
third-country national, the form is forwarded to SIRENE. The SIRENE ocers
formally have to check whether the entry is in conformity with the provisions of
the CISA and whether the person has not already been reported by other
66
67
68
69
70
462
Chapter 13
Schengen states. The requests from Dutch authorities for additional information
on a SIS report are forwarded by the regional coordinators to SIRENE.
3.3.3. Article 96 Hits and Internal and Border Controls
There are dierent procedures to be followed by immigration or border control
ocers with regard to third-country nationals who generate a hit in the NSIS or
the Dutch OPS. The Aliens Circular 2000 identies the procedure following
a hit during border control, during checks for immigration controls within the
national territory and during the application for a residence permit or asylum.
In general, a Dutch ocer should report every hit he or she nds concerning
a person when consulting the NSIS to their national SIRENE oce.71
The Dutch Military Police (Koninklijke Marechaussee), under the responsibility
of the Minister of Defence, is tasked with border controls, internal immigration
control (mobiel vreemdelingentoezicht) and with certain tasks in the asylum procedure. With regard to the two former tasks, Military Police ocers have access
to the NSIS and, if they nd a hit for a third-country national, they will contact
the IND. Military Police ocers will also have to contact the IND when dealing
with a third-country national who meets the criteria for a NSIS alert and who
should be recorded in the NSIS.
Persons encountered at border posts and registered in the SIS or the Dutch
OPS for the purpose of refusal of entry should in principle be refused entry.
Only if the person concerned falls within certain categories, should the border
ocer consult the IND.72 These categories include, for instance, EU/EEA or
Swiss nationals (this only applies to hits based on the OPS), third-country
nationals who claim they have a long-term residence permit and persons whose
refusal of entry would be in conict with serious humanitarian interests. Also, if
an important Dutch interest is at stake, the IND should be consulted rst. If a
person applies for asylum at the borders, the IND will be asked to handle the
asylum application. If a person has a legal residence permit but is reported in
the NSIS, the border ocials will have to inform both the Dutch SIRENE oce
and the IND but, in principle, will have to grant this person access to Dutch
territory. Only in cases of doubt about the residence status of the third-country
national, the border police are obliged to consult the responsible authority.
Persons checked while on Dutch territory during an immigration control and
registered in the NSIS will be transferred to a local police station or to the Military
Police, where they can be detained in order to be expelled as soon as possible from
the Netherlands.
71
72
See A3/9.3, 9.4, and 9.5 Dutch Aliens Circular 2000 (according to the text applicable in 2006).
A2/5.5.1 of the Aliens Circular 2000.
The Netherlands
463
With regard to third-country nationals applying for a residence permit, the Aliens
Circular 2000 describes four situations. Firstly, if the application concerns a thirdcountry national without a legal residence permit who is reported in the NSIS,
he or she should be expelled from the Schengen territory. The ocer involved
should inform the IND. Secondly, if the person applies for a residence permit
and is reported by the Dutch authorities, the IND should decide on the
application. If the IND issues a negative decision and there are no legal remedies left against this decision, the person should be expelled. If the IND issues a
residence permit, the SIS alert should be deleted. Thirdly, if a person applies for
a residence permit, but has been reported by another Schengen State, the IND
must consult the other State on the basis of Article 25 CISA, to decide whether
the third-country national should be granted a residence permit. During this
procedure, the person receives a special form stating that he or she has applied
for a residence permit.73 If the residence permit is refused and legal remedies
against this refusal are no longer available, this person must be expelled. Finally,
if a third-country national has a valid (temporary) residence permit for the
Netherlands but has been reported by another Schengen state, the IND will
also apply the Article 25 CISA procedure. The authority dealing with the thirdcountry national will have to check the lawfulness of the residence permit. If it
is clear that the residence permit has been issued correctly, the third-country
national will be entitled to remain in the Netherlands. If the report in the SIS
concerns a third-country national who applies for asylum, Dutch border ocials will have to forward this application to the IND. Only in cases where the
ocials have doubts about the legal status of this person, are they obliged to
contact the responsible authorities.
To summarise, a SIS report based on Article 96 CISA should only result in an
automatic refusal of admission or in expulsion if this person has no valid residence
permit, does not fall within the special categories described above and does not
le an application for asylum. In the latter situations, the responsible authorities
will have to contact the IND, examine the application for asylum or admission or
give leave to enter Dutch territory. In 2000, the Secretary of State for Justice told
the Parliament that, in each individual case, the national authorities would have
to assess whether a record in the NSIS would be a sucient reason to refuse this
person admission to the Netherlands.74 Four years later, during the parliamentary
debate on terrorism and immigration policy, the Dutch Minister of Immigration
submitted a more stringent interpretation of a SIS alert. According to the Minister,
when it has been established, for example on the basis of a NSIS alert to be
73
74
464
Chapter 13
refused entry that the person concerned is a danger to public order and security,
this person must and in practice shall be refused admission.75 As we will see below,
the Minister of Immigration also advocated this automatic eect of foreign SIS
reports on third-country nationals before the Dutch court in the case of Mr. and
Mrs. Moon.
3.3.4. Article 96 Hits and Visa Applications
The Dutch rules on issuing visas are regulated in the Aliens Circular 2000.76 The
ocials at the Dutch embassies and consulates generally submit a visa application
to the Visa Agency (Visadienst) in The Hague. Formally, this Visa Agency acts on
behalf of the Minister of Foreign Aairs. Its ocials and employees, however,
operate within the premises and organisation of the IND, under the responsibility
of the Minister of Justice (formerly Minister of Immigration). In cases of doubt,
political sensitivity, or with regard to certain nationalities (for example China and
Iran), applications for short-stay visas should always be submitted to the Visa
Agency. In general, long-stay visas (or machtiging tot voorlopig verblijf, hereafter
mvv) may only be issued if the Visa Agency has approved the application.77 Sta
members of the embassies and consulates do, however, take responsibility for issuing visas to third-country nationals. Therefore, it is possible that, even if the Dutch
Visa Agency or immigration authority has given leave to issue a visa to a certain
third-country national, the sta of the embassy may still decide to reject the visa
application based on the fact that this person has been reported in the SIS.78 The
embassies obtain monthly updated versions of the NSIS les on CD-ROM. This
means that, during the period between updates of this CD-ROM, embassies will
be working with outdated les. This problem could be resolved if every Dutch
embassy obtained direct access to the NSIS through an international IT network.79
However, in 2006, most of the embassies and consulates were still receiving their
information from the CD-ROMS.80
3.4. NSIS and Article 96: Facts and Figures
The Dutch government does not publish any data on the practical use of the
NSIS. This means that there is no information on the numbers of alerts stored in
75
76
77
78
79
80
The Netherlands
465
the NSIS between 1995 and 2006, the number of hits based on those alerts or
how many third-country nationals were refused entry, a visa or a residence permit
on the basis of a SIS report.
From the gures from the CSIS Exploitation team, it appears that the number
of third-country nationals reported by the Dutch authorities has increased considerably from 9,363 in 2003 to 15,377 in 2005.81 In 2005, of all the SIS alerts
on persons issued by the Dutch authorities, 89% concerned third-country
nationals to be refused entry on the basis of Article 96.
3.5. Audit Report By the Court of Auditors
In January 1997, the Dutch Court of Auditors (Algemene Rekenkamer) published
a report on the practical use of the national Schengen Information System.82 The
Court of Auditors started this audit because of the far-reaching consequences of
the use of the NSIS for the law and for individual citizens, as well as in response
to reported problems within the CSIS system in Strasbourg. The central questions
raised during this inquiry were:83
whether the national section of the SIS provided for the necessary technical
and functional requirements to ensure an ecient use of the NSIS;
whether data for the NSIS were submitted correctly and completely;
whether the available data in the NSIS were used systematically; and
whether there were practical problems and, if so, how they were resolved.
The report by the Court of Auditors on the NSIS was important for several
reasons. In the rst place, the organisation criticised the lack of information on
the eects of the use of the NSIS. According to the Court of Auditors, no procedures were in place to record the results of the alerts and the eects of the
SIS for police purposes.84 The only information available concerned Article 96
reports. According to the IND, cited in this report, 80% of the 109 foreign
hits on reports forwarded by Dutch authorities resulted in a refusal of entry or
even expulsion by the authorities in other Schengen states. In 48% of the 570
hits based on foreign reports, a hit would have led to refusal of entry by the
Dutch authorities. In 103 cases, the state which reported the person to the SIS
was asked to withdraw this alert because the Dutch authorities wanted to give
leave to enter to the person concerned. These numbers concerned the period
between 1995 and 1996.
81
82
83
84
Reports of the C.SIS Exploitation team including data as from 1 January 2003 and 1 January
2005 (unpublished).
Handelingen Tweede Kamer 19961997, 25 200, no. 12.
Audit report, p. 8.
Audit report, p.15.
466
Chapter 13
85
86
The Netherlands
467
security measures.87 Unfortunately, since 1997, there has been no such overall
and complete audit of the use of the NSIS in the Netherlands.
In 2003, the Court of Auditors published an audit report on the Dutch implementation of the Schengen visa policy.88 In this report, the Court of Auditors
dealt briey with the use of the NSIS with regard to the issue of visas. The Court
of Auditors criticised the fact that Dutch embassy ocers did not adequately
check international and national les with regard to visa applications, including
the NSIS. Among other things, the Court of Auditors found that the national
database on visa applications (see below) was not systematically used or updated
by the various consular posts.89 According to this report, of the 15,000 thirdcountry nationals who were refused entry at the borders in 2002, 1,789 persons
had a valid Schengen visa. Twenty-seven persons in this latter group were reported
in the SIS and, in eight cases, the visas had been issued by Dutch embassies or
consulates. Commenting on these data, the Court of Auditors concluded that, in
these eight cases, the Dutch authorities failed to act in accordance with the applicable rules with regard to the SIS. The Court of Auditors did not consider the
possibility that there could have been other legal grounds for issuing the visas to
the persons concerned.
3.6. Audit Report of the Dutch Data Protection Authority
The Dutch Data Protection Act (see section 5 below) provides for a national
supervisory body, entrusted with supervising the NSIS. In December 1998, this
Dutch Data Protection Authority (College Bescherming Persoonsgegevens, hereafter
CBP) published a report on the audits of the NSIS and SIRENE during 1997
and 1998.90 This audit dealt in particular with security issues. The central aims of
this audit were very general: to investigate the protection of privacy of the NSIS
and SIRENE and to assess which measures and procedures are available to protect integrity, exclusivity and availability.91 The audit did not deal with Article 96
alerts in the SIS. The information was gathered from visits by members of the
CBP to the premises of the Dutch police and from written questions submitted
to the organisations concerned. The CBP visited the KLPD, the SIRENE oces
and one of the regional police forces. Before publishing the report, the CBP
87
88
89
90
91
468
Chapter 13
92
93
The Netherlands
469
94
95
96
97
98
This obligation was based on Article 48 of the Aliens Act 1994, this is now regulated in Article
107 of the Aliens Act 2000.
Staatscourant 13 June 2003, no. 111. The BVV is regulated in section A1/6.3 of the Aliens
Circular 2000.
Articles 4.47 and 4.48 of the Aliens Decree 2000 and Article A3/7.6 of the Aliens Circular 2000.
Handelingen Tweede Kamer 20042005, 22 112, no. 364.
Handelingen Tweede Kamer 19992000, 26 106, no. 2, 25 October 1999.
470
Chapter 13
A special measure of Dutch immigration law policy is included in the socalled Linking Act (Koppelingswet) of 1998.99 This law was established to prevent
the use of social security, housing or nancing facilities, medical care and other
public facilities by individuals who are residing irregularly in the Netherlands.100
If a person is not registered with the Dutch municipal police, population or
immigrant les, this person generally should not be given access to one the
facilities mentioned above. Unlike the NSIS, which is based on the principle that
registration means exclusion, one could say that the Dutch Linking Act is based
on the principle that registration means inclusion. The implementation of this
law is closely related to the establishment and improvement of the computerised
national les.101
4.2. The Use of Biometric Data
4.2.1. Third-Country Nationals and their Biometrics
In the Netherlands, ngerprints are taken of every third-country national applying
for asylum. This practice was formalised by Royal Decree in 1994.102 The ngerprints of asylum seekers and third-country nationals who cannot be identied are
recorded in the national HAVANK system. HAVANK is linked to the BVV and,
with regard to the data on asylum seekers, to Eurodac as well. Article 54 Aliens
Act 2000 requires a third-county national to provide the national authorities with
certain information and to cooperate with identication measures. Details of this
obligation have been elaborated in Article 4.45 Aliens Decree 2000. If requested,
the third-country national must provide an accurate photograph and, if the
immigration ocer considers this necessary, he must cooperate in having his
photograph or ngerprints taken. As we have seen in the previous chapters, based
on forthcoming EC laws, every visa applicant planning to seek entry to the
Netherlands will have his or her ngerprints taken and stored in the European
VIS. The establishment of VIS was fully supported by the Dutch government,
partly because of the major role this system could play in its expulsion policy since
it would contain biometric data on every visa applicant.103
According to the general rule, a third-country national who is not an asylum
seeker can only be asked to have his photograph or ngerprints taken if this is
99
100
101
102
103
The Netherlands
471
considered necessary by the ocer in charge. This rule has its origins in a decision
of the Dutch Supreme Court (Hoge Raad ) of 1993.104 In this judgment, the
Supreme Court dealt with a claim from a woman who held both British and
Nigerian nationality and her Nigerian partner, whose ngerprints were taken
during an identity check. The Supreme Court condemned the behaviour of
immigration ocers because not only had they unlawfully withdrawn the passports of the applicants, they had also taken their ngerprints. Via Interpol, these
ngerprints were transferred to other States. The Supreme Court emphasised
that the taking and processing of ngerprints represent a breach of the right to
private life as protected in Article 8 (1) ECHR. If the person in question obtains
a valid passport or comparable document which proves his identity, it would
only be appropriate under exceptional circumstances to take his or her ngerprints. Even if there are grounds for believing the passport or document to be
fake or falsied, the national authorities would still have a duty to consider other
means of nding out whether the document is genuine or not, before taking
ngerprints.
In the light of the developments since 1993, it would be interesting to nd out
whether the Supreme Court would uphold this interpretation of Article 8 ECHR.
Recent developments, at both EU and national levels, illustrate that there is a shift
in thinking about the scope of the right to private life and the question of whether
the taking of ngerprints constitutes a breach of that right. Whereas, in 1993,
there was general agreement that the taking of ngerprints was an intrusive measure, currently this measure seems to be considered an appropriate identication
tool for all kinds of reasons. This applies not only in the eld of criminal
investigation, immigration or asylum policy, but also in the private sector and for
securing passports and ID documents by every EU citizen.
4.2.2. Shared Use of Data on Criminals and Asylum Seekers
The aforementioned HAVANK system is also used for criminal investigation
purposes. Initially, the ngerprints of asylum seekers were automatically compared to the available data in HAVANK. This comparison was meant not only to
assess whether the person had previously applied for asylum, but also to check
whether the asylum applicant posed a risk to public order and security.
Before 21 October 2001, every time police ocers or public prosecutors used
HAVANK for criminal investigation purposes, the ngerprints of the recorded
asylum seekers were automatically checked as well. As we saw in Chapter 7,
Article 6 (1) b of EC Directive 95/46 on the protection of personal data prohibits
104
Hoge Raad 19 February 1993, no. 14917 in: R. Fernhout and J.D.M. Steenbergen, Rechtspraak
Vreemdelingenrecht 1993, Nijmegen: Ars Aequi Libri 1994, no. 70.
472
Chapter 13
information processed for one purpose from being automatically used for other,
not explicitly dened purposes. According to this principle, personal data stored
for immigration law purposes cannot be used for other purposes, such as criminal investigations. Since the new Dutch Data Protection Act implementing this
EC Directive entered into force on 1 September 2001, the Dutch Minister of
Justice was obliged to take measures to stop this combined use of HAVANK.105
In December 2001, the Minister of Justice described the new practice to be
followed with regard to the use of ngerprints of third-country nationals for law
enforcement purposes with eect from 25 October 2001.106 Under the new situation, law enforcement authorities are only granted access to data regarding
third-country nationals if they can establish concrete reasons to believe that the
suspect is a third-country national. Since 2001, this criterion has been extended
twice by the Minister of Justice. In the rst place, according to a letter from the
Minister of Justice, law enforcement authorities may check the information on
third-country nationals in HAVANK during criminal investigations with regard
to serious crimes aecting the social legal order (maatschappelijke rechtsorde).107
In these situations, the condition that reasonable doubt must exist that the suspect
is a third-country national does not apply. Examples of such crimes, mentioned
by the Minister, include murder, rape or terrorist acts with potentially serious
eects. Secondly, in his answers to parliamentary questions, the Minister of
Justice claried that law enforcement authorities could also have access to data
on third-country nationals if they were being sought as witnesses.108
In January 2002, some members of parliament expressed their disappointment
with the fact that data on third-country nationals in HAVANK were no longer
automatically accessible for both immigration law and law enforcement purposes.109
It was proposed that the Dutch Aliens Decree be amended, by adding a sentence
stating that the data taken from immigrants or asylum seekers will also be used for
criminal investigation purposes. This proposal was rejected by the Dutch Minister
of Justice, since it would be contrary to international data protection principles.110
105
106
107
108
109
110
Handelingen Tweede Kamer 20002001, 19 637, no. 583. See also Petra Catz on the parliamentary discussion on the use of ngerprints, The Netherlands: Small steps on beaten tracks, in:
Brouwer, Catz & Guild (2003), p. 6566.
Handelingen Tweede Kamer 20012002, 19 637, no. 635, 10 December 2001.
Letter of the Minister of Justice, 22 January 2002. Handelingen Tweede Kamer 20012002, 19
637, no. 645, p. 3.
Handelingen Tweede Kamer 20012002, 19 637, no. 663, 12 April 2002, p. 3.
Handelingen Tweede Kamer 20012002, 19 637, no. 642, 18 January 2002.
See also Handelingen Tweede Kamer 20012002, 19 637, no. 645, 22 January 2002.
The Netherlands
473
111
112
113
114
115
474
Chapter 13
the nal decision-making. Implementing Regulation 2252/2004 on the EU passport, the Dutch government nally decided to introduce the electronic passport
on 26 August 2006.116
4.3. Immigration Files, Border Control and the Fight against Terrorism
In response to a recommendation by the Advisory Committee of Immigration
Aairs on Immigration Policy and Anti-Terrorism Measures, the Dutch government decided to launch a feasibility study into the possibility of including a national
security test in the regular immigration procedure. This would mean that, using
risk proles and matching dierent databases, every application for admission would
be checked against the risks to national security.117 One of the proposed measures
was to give the Dutch Intelligence and Security Agency access to the central aliens
administration, the BVV. In 2006, in a policy note on the use of border controls in
the ght against terrorism, the government emphasised the necessity of linking different databases and the use of biometrics.118 In this note, the government also
stressed the importance of screening visa applications using biometrics and by
dening the nationalities and categories of person whose visa applications would
have to be forwarded to the national intelligence and security agency.
In a letter dealing with the policy of tracing suspected terrorists on its territory,
the Ministers of the Interior and of Justice stated that, The collection, matching
and analysis of information on groups of persons is the key to preventing terrorism.119
In its response to this letter, the Dutch Data Protection Authority or CBP explicitly
disagreed with this new policy. The CBP warned against merging the tasks of the
police and the intelligence and security agencies and was especially concerned about
the protection of a large group of non-suspects.
The new emphasis on data control resulted in other proposals for the use of
biometrics, including the use of DNA materials. In a letter of 7 June 2004, the
Minister of Justice proposed the compulsory storage of biometric data from every
person using a false identity. On the same occasion, the Minister supported random
public and private identity controls in the ght against identity fraud.120
According to the Minister, this would mean that persons using a false identity
116
117
118
119
120
The Netherlands
475
would not be able to know, where, when and how they will be caught. Also in
2004, the Minister of Justice proposed registering the DNA of every (suspected
or convicted) criminal in the Netherlands, even in relation to minor oences.121
As in the other Member States, the urgent need for new security and antiterrorism measures felt by Dutch politicians was in the rst place a reaction to
the events of 11 September 2001 and, later, the events in Madrid and London.
However, the new focus on internal security was certainly also triggered by the
murders of the Dutch politician Pim Fortuyn on 6 May 2002 and of Theo van
Gogh on 2 November 2004. In particular, the murder of Theo van Gogh, committed by a Dutch national with a Moroccan background, seemed to have
changed the political agenda. According to reports by the Dutch Intelligence and
Security Agency, Theo van Goghs murderer was a member of a group of young
fundamentalist Muslims, preparing further attacks on Dutch soil. This fact
resulted in new control measures being considered justied, including new
methods of risk proling, connecting immigration and criminal law data.122
121
122
123
124
Draft decision on the amendment of the Regulation on the use of DNA during criminal investigation, 30 June 2004, just 040640. This draft was only questioned by members of the Dutch
Senate, Handelingen Eerste Kamer 20032004, 28 685, no. C, 7 July 2004.
In a letter of 10 November 2004 to the parliament, the Ministers of the Interior and Justice
describe the measures they think are necessary, Handelingen Tweede Kamer, 29854, no. 3.
Act of 28 December 1988, Staatsblad no. 665, Handelingen Tweede Kamer 20042005, 29 854, no. 3.
Royal Decree (Koninklijk Besluit) 21 February 1972, no. 70, Staatscourant 1972, no. 43.
476
Chapter 13
125
126
127
128
129
As formulated by Ch.J. Ensched at that time, without the actions against the census, there would
not have been a Koopmans Committee, in: Het interimrapport-Koopmans: een discussiebijdrage,
NJB, 28 September 1974, a. 32, p. 1030.
Eindrapport Staatscommissie Koopmans Privacy en Persoonsregistratie, The Hague: Staatsuitgeverij
1977, p. 28.
Handelingen Tweede Kamer 19811982, 17 207, no. 12.
Handelingen Tweede Kamer 19841985, 19 095, no. 13.
Article 10:
1. Ieder heeft, behoudens bij of krachtens de wet te stellen beperkingen, recht op eerbiediging
van zijn persoonlijke levenssfeer.
2. De wet stelt regels ter bescherming van de persoonlijke levenssfeer in verband met het
vastleggen en verstrekken van persoonsgegevens.
3. De wet stelt regels inzake de aanspraken van personen op kennisneming van over hen vastgelegde gegevens en van het gebruik dat daarvan wordt gemaakt, alsmede op verbetering van
zodanige gegevens.
The Netherlands
477
130
131
132
133
The treaty was signed by the Dutch government on 21 January 1988; however, it only entered
into force for the Netherlands on 1 December 1993, after the Dutch regulation on sensitive
data was also adopted, Tractatenblad 1993, no. 157.
See, for the parliamentary discussions, Handelingen Tweede Kamer 19841985, 19 095, nos. 5 and 8.
See J.E.J. Prins et al., In het licht van de Wet persoonsregistraties: zon, maan of ster?, Alphen aan
den Rijn/Diegem: Samsom Bedrijfsinformatie bv. 1995, and G. Overkleeft-Verburg, Wet
persoonsregistraties, Norm, toepassing en evaluatie, Zwolle: W.E.J. Tjeenk Willink 1995.
Act of 6 July 2000, Staatsblad 2000, no. 302.
478
Chapter 13
after the deadline for implementation of the EC Directive 95/46 had expired.
The WBP removed the general dierence between public and private les, except
for the criteria of legal purposes for the processing of personal data and with regard
to the regulation on legal remedies. Compared to the previous law, the national
Data Protection Authority (with a new name: College Bescherming Persoonsgegevens,
hereafter CBP) acquired additional powers, including the power to impose administrative nes and to use coercive measures. The terminology used in the WBP is
more in line with EC Directive 95/46. Among other things, the new WBP envisages a decentralised control mechanism, via the appointment of data protection
ocers within private and public organisations. Furthermore, the WBP includes a
simplied reporting system which only applies to computerised databases. The
duty for data controllers in the public sector to draw up and publish specic
regulations on the use of their data les has been withdrawn.
According to Article 45 WBP, a decision with regard to a request for access,
correction or deletion of personal data taken by an administrative authority falls
within the scope of the Dutch Administrative Act, or Algemene Wet Bestuursrecht
(AWB). This means that, with regard to those decisions in relation to the use of
the NSIS, the general administrative rules apply (see further below).
Apart from the general rules in the WBP, sectoral laws also apply to the
processing of personal data in specic elds. Since 1955, a special act has applied
with regard to the use of judicial and criminal les.134 The aforementioned law
regarding the civil population administration of the municipal authorities (Wet
Gemeentelijke Basisadministratie) of 1995 also includes specic data protection
standards. The Act on Police Files of 1990 (Wet Politieregisters) also applies to
data recorded in the SIS for police and criminal investigation purposes.135
5.2. NSIS and the Applicable Rules on Data Protection
The WBP applies to data registered on the basis of Article 96 CISA. With the
new WBP, the former duty to draw up separate rules for public les has been
replaced by a duty to report these les to the Dutch Data Protection Authority.136
In accordance with Article 27 WBP, the authorities responsible for public les
have to include information in these reports about, for instance, the authority
134
135
136
Wet op de justitile documentatie en de verklaringen om het gedrag, Staatsblad 1955, no. 395.
Act of 21 June 1990, houdende regels ter bescherming van de persoonlijke levenssfeer in
verband met politieregisters, Staatsblad 1990, no. 414. The legislator is preparing a complete
revision of this law.
Based on the former law of 1989, specic rules (reglementen) were adopted for NSIS and
SIRENE with regard to the data on third-country nationals, published in: Staatscourant 90, 16
mei 1994, p. 1718. These rules no longer apply.
The Netherlands
479
responsible for the data processing, the data which are to be recorded, the purpose of the data processing and the authorities or organisations which have access
to the data. The reports can be consulted on the public website of the Data
Protection Authority. It is, however, dicult to nd a report of a specic registration without knowing the number of this report. In the report on the NSIS
which was submitted to the Dutch Data Protection Authority, the KLPD and
the IND both declare themselves responsible for the NSIS.137 This means that
a data subject may contact both organisations when requesting information
about being registered in the NSIS, or when applying for correction or deletion
of his data. However, as we will see below, based on an informal agreement
between the KLPD and the IND, every application regarding SIS alerts, including
those concerning third-country nationals to be refused entry, is dealt with initially
by the privacy ocer of the KLPD.
5.3. Duty to Inform the Data Subject
Articles 33 and 34 of the Dutch WBP describe the duty of the data controller to
inform the data subject with regard to the processing of his or her data. In accordance with the provisions of Articles 10 and 11 of EC Directive 95/46, Dutch law
dierentiates between two situations. Firstly, Article 33 WBP describes a situation where the data controller collects the information from the person himself.
At the time of this collection, the person is to be informed of the identity of the
authority responsible for the data processing, the purpose of the data processing,
as well as any further information which is necessary to guarantee the proper
and fair processing of the information. The duty to inform does not exist if the
person already has this information.
The second rule in Article 34 WBP concerns a situation where the information
has not been obtained from the data subject personally. This provision will, in
my view, apply mostly to Article 96 CISA reports in the NSIS. According to
Article 34 WBP, the data subject has to be informed at the time the information
is stored or, if the information is meant to be disclosed to third parties, at the
time the data is disclosed for the rst time. However, three important exceptions
to this principle exist. Firstly, the duty does not apply if the data subject already has
this information. Secondly, the duty to inform does not apply when the provision
of such information would be impossible or would require a disproportionate
eort by the responsible authority. If this exception applies, the data controller
137
Report no. 1230270, available in the public register of reports (meldingen) on the website of
the Dutch Data Protection Authority: http://www.cbpweb.nl.
480
Chapter 13
has to make a record of the source of the information concerned (Article 34 (4)
WBP). Thirdly, the duty to inform the person concerned does not apply if the
recording or disclosure of this information is explicitly envisaged by national law.
In the latter situation, the data controller has to inform the data subject at his or
her request about the legal provision which is the basis for the storage or disclosure
of the information about him or her (Article 35(5) WBP).
With regard to the NSIS, none of these exceptions seems to apply. Firstly, an
individual reported in the NSIS for the purpose of non-admission is not informed
of this registration. A person against whom a formal residence ban has been issued
is informed of the formal residence ban, but not the SIS alert. Also, persons falling
within the second category (reported as inadmissible) are generally not informed
at all. During interviews held for this research, spokesmen for both the KLPD
and the IND held the view that the persons reported in the NSIS would generally
be aware they had done something wrong and, for that reason, would know
about their NSIS registration. However, as we have seen above, there are many situations in which a third-country national will not be aware he or she is reported
in the SIS, for example when he or she is prosecuted (but not convicted) for a
drugs crime or suspected of having connections with terrorist networks. But also a
person leaving the Netherlands without reporting this to the local authorities can
be reported in the SIS without his knowledge.
It was also assumed that it would be too dicult to locate and inform all
persons of their registration in the NSIS. For these reasons, it was not considered
necessary or feasible to inform third-country nationals personally at the time of
registration. However, this argument does not apply to persons who have been
issued a formal residence ban. As we will see below, this decision is to be given in
person and to include information on the reasons for this decision. It does not
seem a disproportionate eort to add to this information that he or she will also
be reported in the NSIS. With regard to the second category, perhaps this argument applies to persons who have already left Dutch territory and are dicult to
trace. Even in these situations, however, it should be possible to inform the legal
representative of the person concerned or to leave information at the persons last
known address.
A third reason why the aforementioned exceptions do not apply is the fact
that, as we have seen above, both categories of decision lack a formal legal basis.
The formal residence ban itself is envisaged in the Aliens Act 2000, but the fact
that the person will be reported in the NSIS is not. The second category of
reported third-country nationals is only envisaged in the Aliens Circular 2000.
To summarise, this would mean that the failure of national authorities to
inform third-country nationals of the fact that they have been reported in the
NSIS is in breach of the Dutch WBP as well as EC Directive 95/46.
The Netherlands
481
138
139
140
Wijziging Vreemdelingencirculaire, Decision no. 2005/29, Staatscourant 23 June 2005, no. 119.
Dutch inquiry made for the Justice report: The Schengen Information System. A human rights
audit SIS (2000).
According to the data protection ocer of the KLPD. No ocial data have been published.
482
Chapter 13
141
142
143
The Netherlands
483
CISA has been scarce. It did not include any details on the criteria being used
for reporting third-country nationals as inadmissible. Nor did it describe any
individual case studies. Generally, the CBP found, with regard to these alerts,
that the data were accurate, up to date and lawfully processed. The CBP only
found irregularities with regard to two out of 15 alerts in the NSIS, which is
still more than 10%. In one case, the CBP found that the entry of a report on
an irregular migrant had no legal basis. In the other case, the CBP found that
the time limit for the storage of an alert had been exceeded by two months. The
ndings of this inquiry have not been published and were only submitted to the
responsible authorities in 2006. Unlike the annual reports of the German data
protection commissioners, the annual report of the CBP does not include any
details of the ndings.144
As in other countries, the Dutch Data Protection Authority is under-resourced
to perform all its legal tasks. In 2006, the CBP publicly announced that it was
forced to interrupt its work with regard to giving advice or information in more
complicated matters because of a lack of sucient means. In the longer term,
this work could be reduced by applying more stringent criteria with regard to
new requests for information.145
5.6. Right to Legal Remedies
According to the former Data Protection Act of 1989, the data subject had access to
the civil courts with regard to data processing in both the public and private sectors.
Since this was considered more logical, the current WBP dierentiates between the
private sector and the public sector (Articles 45 and 47). The administrative court is
now competent with regard to individual appeals against data processing within the
public administration. With regard to data processing in the private sector, the
individual still has to apply to a civil court. Since the WBP applies to Article 96
alerts, a third-country national has a right to appeal according to the rules of
administrative law. The right to a legal remedy concerns the following decisions:
the refusal to inform the data subject of whether his or her data is processed
(Articles 30 (3) and 35 (1) of the WBP);
the refusal to give the person access to his or her data (Article 35 (2));
the refusal to correct or delete the information concerned (Article 36); and
the refusal to inform the data subject of the third parties who received
information regarding the data subject and those who were informed of the
fact that this data has been corrected or deleted, as requested by the data
subject (Article 38(2)).
144
145
484
Chapter 13
See also H. Staples, Adjudicating the Schengen Agreements in the Netherlands, European
Journal of Migration and Law 2, 2000, p. 4983.
The Netherlands
485
law decisions. Some of these principles can be considered important with regard
to decision-making based on SIS alerts. In the rst place, Article 3:4 AWB obliges
administrative authorities to strike a clear balance between the interests at stake
before taking a decision. Furthermore, according to Article 3:45, when a negative decision is made, individuals should be informed of their rights of review or
appeal. Decisions taken by administrative authorities should be appropriately
motivated and indicate the reasons and the legal provision on the basis of which
the decision has been taken (Article 3:46 AWB). Another relevant provision in
the AWB is the duty of the authorities to forward applications if they are wrongfully addressed to the competent authority (doorzendplicht, Article 2:3 AWB).
This means that if a person submits his or her request for access or information
regarding a SIS alert to an administrative authority which is not competent to
deal with this request, this authority should forward the request to the competent
authorities.
6.2. Informed Decision-making at the Borders
Initially, a refusal of entry at the borders did not require a written decision, except
for decisions with regard to EU and EEA citizens. However, according to Article
A2/5.2.1 of the Aliens Circular 2000, border ocials were obliged to give
the third-country nationals a leaet describing the available remedies. In 2006,
the provisions of the Aliens Circular 2000 were amended in accordance with the
rules of Regulation 562/2006 on the Schengen Borders Code.147 As we saw in
Chapter 9, Article 13 (2) of this Regulation states that border ocials may only
refuse a person admission on the basis of a substantiated decision, stating the
precise reasons for refusal. According to the new Article A2/5.5.2, a refusal of
entry should be submitted in writing using a standard form which also refers to
the available legal remedies. This is the standard form as included in Annex V to
Regulation 562/2006.
Interestingly, as early as July 2006, the District Court of Haarlem annulled an
oral decision by a border ocial, in which a young Nigerian woman had been
refused entry to the Netherlands.148 The Court referred, regarding this decision,
to the new rules stating that the decision should be given in writing. The Court
rejected the view of the Minister of Immigration that the amended rule in the
Aliens Circular 2000 was non-binding and would allow exceptions under certain
circumstances. According to the Court, the requirement of a written decision
was such an essential safeguard for the persons concerned that the refuted
decision should be annulled.
147
148
WBV 2006/16.
Judgment of 24 July 2006, LJN AY6520, http://www.rechtspraak.nl.
486
Chapter 13
149
150
151
152
The Netherlands
487
153
154
155
In the following sections, I will not deal with the special rules applying to asylum law procedures or with regard to the detention of immigrants.
Handelingen Tweede Kamer 20002001, 26 106, no. 4 and no. 6.
Handelingen Tweede Kamer 20032004, 29 260, no. 12, p. 22.
488
Chapter 13
156
157
The Netherlands
489
would be interpreted too narrowly. In January 2007, this criticism found support
in the judgment Salah Sheekh v. the Netherlands of the ECtHR.158 This case dealt
with the appeal of a Somali asylum seeker against the decision of the Dutch
authorities to expel him to Somalia. The ECtHR declared the claim of the
applicant admissible, even if he had failed to exhaust domestic remedies as
required by Article 35 (1) of the Convention. The ECtHR repeated its conclusions of the Selmouni v. France case, that the obligation to exhaust domestic
remedies is limited to making use of those remedies which are likely to be eective and available in that their existence is suciently certain and that they are
capable of redressing directly the alleged violation of the Convention.159
According to the ECtHR, in practice further appeal with the Dutch Administrative
Jurisdiction Division would have stood virtually no prospect of success. The
ECtHR based this conclusion on the narrow interpretation of the Administrative
Jurisdiction Division in earlier decisions with regard to the subjects of internal
ight alternative and the singled out requirement. These subjects were substantial to the claim of mr. Salah Sheekh that his expulsion would expose him to a
treatment in breach of Article 3 ECHR (protection against torture or inhuman
or degrading treatment or punishment).
7. Case Law
7.1. Introduction: Extent and Importance of Dutch Case Law
I found fewer than 20 judgments by Dutch courts on the application of Article 96
CISA and the SIS between the date the SIS became operation in the Netherlands
(25 March 1995) and September 2006. However, since 2005, there has been an
increase in case-law dealing with SIS, also with regard to Article 95 alerts (persons
wanted for extradition). This increase could indicate that individuals and their
lawyers become more aware of their rights and the available remedies. It could
also mean that individuals are more often aected by the use of the NSIS. Despite
the current low number of judgments, the available decisions, together with their
annotations, give an important insight into major questions with regard to the
applicable law on Article 96 entries in the Netherlands.
Another important source of (non-binding) case law on the NSIS can be
found in the decisions by the Dutch National Ombudsman. This authority
158
159
Salah Sheekh v. the Netherlands, 11 January 2007, no. 1948/04, published in NJCM-Bulletin
(2007), no. 2, p. 179194, annotation A.B. Terlouw.
Salah Sheekh 121123.
490
Chapter 13
160
161
See, for example Th. Holterman, Ongewenst signalering getoetst, Migrantenrecht 1994/5, p. 96
and K. Groenendijk and P. Boeles in their annotations to the judgments referred to below.
Decision of 24 September 1999, Jurisprudentie Vreemdelingenrecht 2000/8, annotation
K. Groenendijk.
The Netherlands
491
courts in later judgments, is open to criticism. The fact that, under certain circumstances, national authorities are competent to depart from a SIS report for
the refusal of entry does not imply that this report has no legal consequences in
other situations where these exceptional circumstances do not apply.162 During
this procedure, the District Court of Amsterdam also dealt with the question of
whether the applicant had any interest in the withdrawal of his SIS alert. The
Court denied such an interest, since he could have applied for a visa (or a temporary residence permit, or mvv) rst when he was, at the time of the procedure,
still in Nigeria. If this application were to be rejected, the Court held, the applicant could have appealed against this refusal. With this decision, the Court chose
a formal and narrow interpretation of the interests and rights at stake.
In another judgment from 1999, the President of the Court of The Hague
reached the opposite conclusion. The President explicitly ruled that a NSIS alert
is to be considered a decision that is intended to have legal eects.163 This case
concerned eight applicants of Polish nationality who had asked the IND to delete
the reports concerning them in the NSIS. The applicants, working illegally in
Dutch greenhouses, were registered by the Dutch authorities in the NSIS on the
basis of the criterion as provided for in the Aliens Circular, that they had been
repeatedly expelled or had evaded expulsion. The IND refused to delete their SIS
reports. The Polish workers appealed against this refusal on the basis of the Dutch
Aliens Act and subsequently sought a temporary provision to suspend the alert
during this procedure. During the procedure, the IND stated that this appeal
was inadmissible because the applicants should have used the procedure under
the Dutch Data Protection Law. In his judgment, the President of the Court
referred especially to the right to judicial remedies as provided for in Article 111
CISA. Rejecting the claim of inadmissibility of the IND, the President ruled that
even if other legal procedures based on the Dutch Data Protection Act were available, this would not stand in the way of the special procedure based on the Aliens
Act. The President granted the temporary measure to suspend the SIS alert until
four weeks after the nal decision, at the applicants request, because he found
there was at least a reasonable doubt about whether the disputed SIS report was
in conformity with Article 96 CISA.
The view of the Dutch immigration authorities that an alert in systems such as
the NSIS and the OPS is not covered by the notion of an administrative decision
was also rejected by the Court of The Hague in a decision of 8 March 2002.164
162
163
164
See Groenendijk in his annotation to this decision (ibid.) and Boeles in his annotation to the
judgment of the Court of The Hague, 5 January 2000, Jurisprudentie Vreemdelingenrecht 2000/51.
Decision of 8 December 1999, Jurisprudentie Vreemdelingenrecht 2000/59.
Jurisprudentie Vreemdelingenrecht 2002/162.
492
Chapter 13
This case concerned a German national who was reported by the Dutch authorities
into the OPS police le (not NSIS) for a violation of the Dutch Opium Act. The
German national submitted a letter to the Dutch authorities, in which he asked
both whether he was reported as unwanted alien and, if so, whether this report
could be withdrawn. The Minister of Justice did not respond to this request. Not
until one year later, after repeated requests, was the applicant informed that his
request had been forwarded to the special department of the Dutch police
(KLPD). The applicant appealed against this letter from the Minister. What is
important is the explicit statement by the Court that, even if it could be argued
that the decision to report a person as unwanted was not intended to have legal
eects, it still has to be considered a measure by an administrative authority
against an alien in accordance with Article 72 (3) of the Aliens Act 2000,
provided that the rules on administrative remedies apply.
In the same judgment, the Court also rejected the formal reasoning of the
Minister that the applicant should have addressed the KLPD rst. The Court
explicitly dierentiated between, on the one hand, the procedure by the applicant which is directed against the refusal to withdraw the SIS alert, and the
procedure which is directed against the (informal) decision to report a person as
an unwanted alien. According to the Court, the initial letter from the applicant
should be taken as a complaint against the decision to declare him an unwanted
alien. Therefore, the Dutch authorities should have made a decision with regard
to this request at once even if, in parallel to this procedure, the KLPD still had to
consider the request for deletion of the alert. In its decision, the Court ordered
the Dutch immigration authority to decide within six weeks on the request
against the report as an unwanted alien.
In a judgment of 2005, the Court of The Hague again emphasised that an
alert should be considered an administrative decision with legal eects in accordance with Article 72 (3) Aliens Act 2000 and therefore falls within the scope of
Article 1:3 AWB.165 Therefore, the Court concluded it was competent to deal
with the case at stake.
Despite these judgments, in which the Dutch courts recognised the direct legal
eects of a SIS alert, the IND and the former Minister of Immigration maintained the view that a SIS report is a practical measure against which no right of
appeal is possible. In June 2005, the Aliens Circular 2000 was amended, describing the procedures to be followed with regard to individual remedies against alerts
registered in the NSIS.166 In this text in the Aliens Circular, it was again explicitly
165
166
Court of The Hague, Aliens Chamber, Breda session, decision of 11 March 2005, no. AWB
04/24331. This judgment will be dealt with further in section 7.4.
Wijziging Vreemdelingencirculaire, Decision 2005/29, Staatscourant, 23 June 2005, no. 119.
See para. A3/9.6.3.3.
The Netherlands
493
stated that a national decision to report a SIS alert into the NSIS is not an administrative decision. It does stress, however, that procedures against a refusal to
withdraw such a SIS report should be in accordance with Article 111 CISA.
7.3. Conformity with Article 96 CISA
7.3.1. National Administrative Decisions
In the abovementioned judgment of 8 December 1999 on the Polish applicants,
the President of the Court of The Hague explicitly questioned whether the disputed alert in the NSIS was in conformity with Article 96 CISA. The President
did not reach any substantive conclusions, but stated that it was unclear whether
the Dutch implementation rules met the procedural and the material requirements of the former Border Control Circular (now included in the Aliens
Circular 2000).167 To my knowledge, the merits of this case have not been dealt
with in further proceedings.
7.3.2. Foreign Administrative Decisions
Initially, the Dutch courts were hesitant to consider themselves competent to
rule on the lawfulness of decisions taken by other Schengen States. An example
of such a careful approach is the decision of 18 August 1999 by the President of
the Haarlem Court.168 This case concerned the appeal of an American national
whose entry to Dutch territory was refused based on a NSIS report by the
German authorities pursuant to Article 96 CISA. The American had been refused
a residence permit by the German authorities because he had no health insurance and because he had applied for social security assistance. In 1998, he was
expelled by the German authorities to the United States. As a result of this expulsion, he was reported by the German authorities in the SIS. The American
national was detained by the Dutch border guards in order to await his expulsion. He applied to the Court of Haarlem, requesting a temporary suspension of
the refusal of entry, including the suspension of expulsion. In his judgment of 18
August 1999, the President of the Court explained that a person recorded in the
SIS has the right to challenge the lawfulness of this SIS alert even if another state
is responsible for the correctness and accuracy of these data. Referring to the special procedures of the then applicable Data Protection Act of 1989, the Court
concluded that it was not competent to assess the lawfulness of the alert itself.
Only if it were crystal clear (zonneklaar) that the SIS report is illegal did the
Court believe it would be competent to order temporary measures. Assessing the
lawfulness of the SIS alert and nding that the person was not reported on
unlawful grounds, the Court rejected the complaint.
167
168
494
Chapter 13
169
170
The Netherlands
495
Data Protection Authority and was even assisted by a lawyer. Unfortunately, the
Court of Appeal did not deal further with the competence of national courts to
assess the lawfulness of decisions by foreign authorities.
In 2005, for the rst time a District Court (civil chamber) ordered the
authorities of another Schengen State to remove a SIS alert.171 This judgment is
important as it could pave the way for other courts when dealing with the
interpretation of Article 111 CISA. In this judgment, the Haarlem Court dealt
with an Article 95 report, but the reasoning of the Court can be applied to reports
on third-country nationals as well. The applicant was a woman (of unknown
nationality) residing in the Netherlands, who had been arrested in 1993 in Spain.
She was suspected of involvement with criminal drugs-related oences. She was
detained but, due to a lack of evidence against her, the prosecution was interrupted
by the Spanish authorities. Nevertheless, the Spanish authorities reported her in
the NSIS in 1996 for the purpose of arrest for extradition (Article 95 CISA). For
several years, the woman took action unsuccessfully against the Spanish authorities for the withdrawal of this request for extradition. Finally, she submitted
a request to the Dutch authorities responsible for the NSIS, the KLPD, to have her
NSIS report deleted. She also submitted a complaint to the Dutch CBP. Whereas
the latter organisation informed the applicant that the alert itself was not unlawful, the KLPD repeatedly petitioned the Spanish authorities to have this report
deleted. The Spanish authorities did not respond to any of these requests.
Following the applicable procedure under the Dutch Act on Police Files, the
applicant lodged an appeal against the negative decision by the Dutch Data
Protection Authority before the civil chamber of the Court of Haarlem.
This Court, in an admirably short sentence, decided that the report in the NSIS
was unlawful, assessing the facts described above and the fact that the Spanish
authorities had never lodged an ocial extradition request for this applicant.
The Court ruled that it was clear that the Article 95 report issued by the Spanish
authorities did not serve the purposes for which this report was actually intended.
Therefore, the Court ordered the Spanish government to delete this report.
According to the data protection ocer of the KLPD, it took a long time before
the Spanish authorities were willing to execute this order. This was only done after
lengthy procedures and diplomatic pressure from the Dutch authorities. The
follow-up to this judgment showed that Article 111 CISA, obliging national
authorities to enforce the national judgments mutually, met with strong resistance
from the Spanish authorities.
171
Judgment of the Court of Haarlem (civil chamber) of 6 December 2005, LJN: AW2418,
published at: http://www.rechtspraak.nl. See also the judgment of the Court of Alkmaar, 10
November 2005, no. 79543/HA.
496
Chapter 13
172
The Netherlands
497
Among other things, the Minister argued that citizens could not invoke the provision of Article 5 (2) CISA because it was not directly applicable. This argument
was rejected by the Amsterdam Court, referring to the meaning of Article 111
CISA. Even if the Court considered that the lawfulness of the German alert
could not be discussed during this procedure, it emphasised that the German
alert aected the applicants within the Dutch legal framework based on the
intention of the Dutch authorities to deny the applicants the right of entrance.
The Court ruled that the Dutch government attached legal consequences to the
German alert and therefore the applicants should have the right of appeal against
the decision of the Minister which made it clear they would be refused entry. The
Court also rejected the arguments of the Minister with respect to the content. In
a letter of 18 May 2005, which was cited during this procedure, the Minister of
Immigration stressed the increasing importance of respecting the SIS alerts of
other Schengen partners, especially considering the fact that Europe was getting stronger, but also because of the changed situation with regard to security
in the world. The Court, however, rejected this argument as unfounded. In its
conclusion, it referred to the earlier decisions of the Dutch government, granting
the Moons access to the Netherlands, and to the earlier statement by the German
authorities that they would not object to such a temporary admission.
The Minister of Immigration appealed against this temporary provision.
During the same appeal procedure, the applicants asked the Court to impose
a penalty of 1 million per day in the event of non-compliance by the Dutch
authorities. Both appeals were rejected by the Court on 1 November 2005.173
Interestingly, during this procedure, the Dutch government was able to forward
further information on the lawfulness of the German alert. Firstly, it was stated
that, apart from Germany, the French and the Portuguese authorities had also
reported the Moons as unwanted in the SIS. Secondly, it was held that, in several
judgments the German courts concluded that the alert in question was lawful.
Thirdly, the Minister of Immigration produced a memo dated 27 October 2005
at a meeting between the IND ocers and a German liaison ocer. During this
meeting, the German ocer had emphasised the German objections to a visit to
the Netherlands by Mr. and Mrs. Moon. All these grounds were rejected by the
Dutch Court. With regard to the alerts of the two other Schengen States, the
Court found that these were not substantiated during the proceedings. With
regard to the more recent decisions of the German court, the Dutch Court
stressed that these judgments were applicable to the German situation and could
not have any meaning for the (Dutch) dispute at issue. Finally, the memo of
October 2005 was considered irrelevant as well, since it did not provide any
173
498
Chapter 13
information on new facts or circumstances which should have lead to the withdrawal of the temporary provision.
The third judgment (in fact two judgments) was issued by the same District
Court on 23 June 2006.174 These judgments concerned a renewed application
from Mr. and Mrs. Moon of 2 June 2006 for admission into the Netherlands,
this time only for 24 hours. This request was declared inadmissible by the
Minister of Immigration, after which the applicants again lodged an appeal for a
temporary provision. In these judgments, the District Court of Amsterdam
refused to consider the application for a temporary provision, but decided immediately on the merits of the appeal. This judgment, although dealing with the
same issue, is important because the Court rmly rejected a new formal ground
which was invoked by the Minister of Immigration to limit the applicants right
of appeal. According to the Minister, the question of whether or not Mr. and
Mrs. Moon should be granted access was a decision to be taken by the Dutch
border police. Since the applicants had not yet travelled to the Netherlands and
had not submitted their request at the border to the appointed ocers, the
Minister held that they had not been formally refused entry. Therefore, according to the Minister, there was no decision against which they could lodge an
appeal. At this point, it should be noted that the applicants are South Korean
nationals who are not obliged to hold a visa in order to enter the Netherlands for
a short stay. Their only way of knowing whether they would be admitted to
Dutch territory before starting their journey was to ask for this permission in
advance. The Court rejected the Ministers viewpoint. The Court stated that it is
the responsibility of the Minister of Immigration to decide whether or not to
refuse entry to the Netherlands. Since the request by the applicants of 2 June
2006 was to be considered a request for an administrative decision, the Minister
acted unlawfully when she rejected this request as inadmissible. The Court
ordered the Dutch government to reach a new decision within six days of the
date of publication of this judgment, so as to allow the applicants to make their
travel arrangements. In this judgment, the Court did not deal with the substantial grounds on which the Moons were registered in the SIS.
In March 2007, the District Court of Amsterdam rejected the appeal of
Mr. and Mrs. Moon against a renewed negative decision of the Minister of
Immigration. In this case, the applicants referred to their rights of freedom
of religion and freedom of speech as protected in Articles 9 and 10 ECHR.175
They also claimed that the decision of the Minister was insuciently motivated.
174
175
The Netherlands
499
Based on rather formal grounds, the Amsterdam Court this time rejected these
claims and held that the Minister rightly had put more weight on the Schengen
obligations. According to the court, the Dutch authorities were not obliged to
specify the reasons of this refusal, even if in previous years Mr. and Mrs. Moon
had been granted access to the Netherlands.176
7.4. Balance of Interests Proportionality of a SIS Report
In 2001, the President of the Court of The Hague ruled on the duty for national
authorities to assess the proportionality of retaining an alert in the NSIS.177 This
judgment concerned the case of a Jordanian applicant recorded in the NSIS by
the Dutch authorities because of his use of a false passport. As we saw above, in
section 3.2, the act of using false identity papers or travel documents is one of
the criteria mentioned in the Aliens Circular for reporting third-country nationals in the NSIS for a period of ve years. Based on the provisions of Article 34 of
the former Data Protection Act 1989, the applicant requested the President of
the civil court to order the Dutch authorities to withdraw the alert from the
NSIS. This request was rejected by the President of the Court of The Hague in a
judgment of 10 January 2001. Nevertheless, the President emphasised that, when
dealing with the request to withdraw the SIS alert, the Dutch authorities should
reconsider the circumstances of the case.
In the proceedings on the merits of this case, the Court of The Hague agreed
with the argument of the applicants lawyer, that there is a duty for the authorities
to assess the proportionality of retaining the SIS entry.178 The Court further rejected
the governments view that Article 96 CISA would leave no margin of appreciation
regarding the applicants circumstances and the severity of the criminal acts he
committed (false documents). Accordingly, the President found that there was a
duty for the IND to assess the circumstances of the case before reporting this
person to the NSIS. In this particular case, the interests of the state, to keep out
third-country nationals who pose a threat to public order or state security, overrode
the interests of the applicant. Since the use of false documents was rightly considered
a serious crime, the Court found the entry in the NSIS legitimate.
Interestingly, two judgments, both from 2005, concerned the question of
whether the Dutch authorities are obliged to assess the proportionality of the
decision to record a person as unwanted in the NSIS, even if the potential negative eects of this alert arise in another Schengen State. The rst judgment of the
176
177
178
500
Chapter 13
District Court of Breda concerned a person (of unknown nationality) who had
been reported in the NSIS for ve years by the Dutch authorities.179 This report
was based on the fact that he had used fake or falsied travel or identity documents. He applied for a review of the decision to report him and, at the same
time, deletion of the report. Both requests were rejected by the Dutch Minister
of Immigration. As in the other judgments described above, this Court ruled
that the person in question had a right to appeal against the refusal to withdraw
the alert and declared the appeal admissible. With regard to the procedural
aspects of this case, the Court found that the applicant was not to blame for the
fact that he failed to respect the applicable time limits for forwarding his appeal.
According to the Court, the ministerial decision rejecting his rst request did not
include an appropriate clause on the applicable time limits. The Court, however,
did not accept the applicants claim that his stay in Spain would be made impossible as result of the Dutch report. The Court found that the applicant had not
forwarded any individual or specic grounds based on which the Dutch authorities should have withdrawn or limited the territorial scope of the SIS alert. The
applicant had only argued that the Dutch authorities should have used their
inherent right, based on administrative law, to withdraw the SIS limit or to limit
the eect of this alert to Dutch territory or in time.
In the same year, the District Court of Alkmaar dealt with a comparable case.
In this judgment, however, the Court considered in more detail the consequences
of a Dutch alert with regard to the residence rights of a third-country national in
another Schengen State.180 The case concerned a Colombian national against
whom a formal residence ban had been issued by the Dutch authorities in 1998,
based on which he was reported in the NSIS. During that time, the applicant
held a valid residence permit for Spain and, for some reason, the Dutch authorities did not contact the Spanish authorities with regard to Article 25 (2) of the
CISA. Unfortunately, in its judgment, the Court did not enquire why the Dutch
authorities had not applied this consultation procedure. In 2003, the Spanish
authorities refused to renew his residence permit on the basis of the Dutch alert.
In 2004, the applicant applied for withdrawal of the formal residence ban. This
request was rejected and, during the procedure before the Court, the applicant
held that the Dutch decision to maintain the report in the NSIS constituted a breach
of his right to family life in Spain, contrary to Article 8 ECHR. According to the
applicant, the Dutch government failed to strike a fair balance between the circumstances of his family life on the one hand and Dutch interests in maintaining
the formal residence ban on the other hand. In this judgment, the applicants
179
180
The Netherlands
501
claims were rejected. The Court denied the direct relationship between the Dutch
decision to report the applicant in the SIS and the Spanish decision not to renew
his residence permit. According to the Court, the Dutch formal residence ban
did not in itself prevent the applicant from enjoying his family life in Spain. It
would be the responsibility of the Spanish government to decide whether a residence permit should be granted or not and to consider the applicants right to
family life as protected under Article 8 ECHR. Note the Courts comment that it
presumes, on the basis of the principle of mutual trust between the states (interstatelijk vertrouwensbeginsel ), that Spain would comply with its treaty obligations
towards the applicant.
One could agree with the conclusion of the Court that the Spanish authorities
are, in the rst place, responsible for respecting the human rights of the applicant.
These authorities should strike a balance between the interests at stake: the Dutch
residence ban or the applicants right to reside in Spain and to enjoy his family
life.181 However, it is arguable whether the Dutch government does not have any
responsibility with regard to the rights of the person concerned. In the rst place
and it would be interesting to know whether a civil court would not have made a
dierent assessment one could argue that there is a clear causal link between the
Dutch alert and the Spanish decision to withdraw the applicants residence permit. Secondly, as has been pointed out by Boeles in his annotation to this judgment, the Dutch authorities have obligations not only based on Article 8 ECHR,
but also based on the EC Directive 2003/86 on family reunication and Directive
2003/109 on long-term resident third-country nationals, described in Chapter 9.
These Directives include the obligation for national authorities to consider the
dierent interests and rights at stake before taking a removal decision. Therefore,
it could be reasoned that the Dutch authorities should have taken into account
the family life of the applicant in Spain as well.
7.5. Right to Financial Compensation
Although they are not related to the Schengen Information System, I refer briey
to judgments in which Dutch courts ordered nancial compensation with regard
to (wrongful) decisions in the eld of immigration law. These judgments show
that it is not inconceivable for a national court to grant an individual nancial
compensation if it is established that this person suered nancial loss caused by
a (wrongful) SIS alert. For example in one case, the District Court of The Hague
considered the claim of an Iranian refugee that she had lost income from work
and pension during the ve years of her asylum procedure, when she was not
allowed to work.182 The Court found that, due to the lengthy procedure, the
181
182
502
Chapter 13
183
184
185
186
See for example, judgment of the District Court Amsterdam, 2 October 2006, LJN: AY9280.
District Court Assen, 22 December 2006, AWB 06/58704.
See District Court Groningen, 1 February 2006, LJN: AV0808.
Judgment of 16 July 2004, LJN: AR7219.
The Netherlands
503
unclear whether the oences of which the applicant had been convicted in Italy
for a second time had to be regarded as the same oences of which the person
had been convicted in 1983 in the Netherlands. It also submitted the question of
whether a judgment in which the applicant was (partially) acquitted of the charge
fell within the meaning of nal disposal of a trial as meant in Article 54
CISA.187 This procedure illustrates that national courts can play an active role
with regard to conicts arising in the eld of the application of SIS, rstly, by
inviting foreign authorities to submit their view on the facts of the case and,
secondly, by submitting preliminary requests regarding legal questions which the
court considers too dicult to answer.
The ECJ ruled on this case in its judgment Van Straaten of 28 September
2006.188 The ECJ answered both questions from the Dutch court in the armative and claried the narrow meaning of the same oences as intended in
Article 54 CISA. The ECJ also made it clear that the ne bis in idem principle of
Article 54 applies in respect of a decision by the judicial authorities of a
Contracting State whereby the accused is acquitted nally due to lack of evidence. In this judgment, the ECJ concluded that the lack of harmonisation of
national criminal law, which forms the basis for a national SIS alert, might create
as many barriers to freedom of movement within the Schengen area as there are
penal systems in the Contracting States (paragraph. 47). Therefore, the ECJ
considered that the relevant criterion for the purposes of the application of
Article 54 is the identity of the material acts, to be understood as the existence of
a set of oences which are inextricably linked together, irrespective of the legal
classication given to them or the legal interest protected. With this decision by
the ECJ, the Dutch court was given a tool to declare the Italian alert in the SIS
unlawful and to order the Italian authorities to withdraw this alert.189
The consideration of the ECJ on the lack of harmonised criteria and its relation
to the freedom of movement is also important with regard to the SIS alerts based
on immigration law. This judgment should be taken together with its earlier
judgment in Commission v. Spain which dealt with an alert based on Article 96
CISA.190 In this judgment, the ECJ clearly established that there are important
limitations with regard to the sovereignty of Member States to decide on the
basis of foreign reports in the SIS.
187
188
189
190
See, for the rst judgment of the ECJ on the interpretation of Article 54 CISA: 11 February
2003, in the combined cases C-187/01(Gztok) and C-385/01 (Brgge).
Case C-150/05, Van Straaten v. the Netherlands, ECR I-9327.
See the judgment of the District Court Den Bosch of 4 April 2007, LJN: BA2132.
I have dealt with this judgment before in Chapter 3, section 4.4 and Chapter 9, section 2.3.2.
504
Chapter 13
The Netherlands
505
emphasised rst of all that embassies have their own responsibility for issuing
visas, despite prior advice from the Dutch Visa Agency. In this case, the denial
of the visa was not considered unjustied. However, the Ombudsman concluded
that the Visa Agency had failed in its duty to inform the applicant adequately,
correctly and completely. In his reply of 11 September 2002, the Visa Agency
failed to inform the applicant of the precise meaning of a SIS alert and on the
reasons why information about her spouse had been recorded. Moreover, the
Visa Agency should have informed the applicant of how long the negotiations
with the German authorities would take and when a denitive decision, based
on the information acquired from these authorities, was to be expected concerning
the visa application.
7.7.2. Duty to Make Decisions in Good Time
In another case, the National Ombudsman was asked to consider an individual
complaint about the way her husbands visa application had been handled by the
Dutch Visa Agency.193 The Turkish husband of the applicant was registered in the
NSIS by the German authorities with regard to an attempt to trade one gram of
heroin. During subsequent consultations between Dutch and German authorities, it was found that the German prosecutor had dropped the case. The applicant complained, among other things about the long delay (six months) between
the date of the rst application for a long-stay visa (mvv) and the date when she
was informed there was no objection to issuing the visa to her husband. The
National Ombudsman concluded that the Dutch Visa Agency exceeded the time
limits of 8 weeks, prescribed in Article 4:14 AWB, to decide on a visa application. Furthermore, while this time limit was exceeded, the Visa Agency failed in
its duty to inform the applicant of the reasons for the delay. With regard to the
third complaint by the applicant, regarding the way the Visa Agency had dealt
with the information based on the SIS, the National Ombudsman did not nd
the authorities had behaved improperly. The responsible ocer had contacted
the German authorities according to the applicable rules.
7.7.3. Duty of Proportional Decision-making
Finally, in a decision dated 1998, the National Ombudsman questioned the need
for a NSIS alert based on Article 96.194 The applicant, an asylum seeker of
Azerbaijani nationality, complained about the fact that he was recorded by the
Dutch Immigration and Naturalisation Oce in the national investigation le,
OPS, without justied grounds. The person was registered in OPS in 1995
193
194
506
Chapter 13
because his asylum application had been rejected and he failed to report to the
responsible authorities. After having applied for asylum a second time, his asylum request was accepted and during this second asylum procedure he resided
lawfully within the Netherlands. However, the applicant and his family had also
been registered by the German authorities in the SIS, because of their withdrawal
from supervision measures. As a consequence of the entry in the OPS and the
German SIS alert, the asylum seeker was arrested in 1997 and detained for a certain period by the police in Flevoland. The National Ombudsman stated in his
conclusions that persons should only be recorded in the OPS for as long as
strictly necessary. Since the applicant had a residence permit during his asylum
procedure, the report from 1995 in the OPS should have been withdrawn. With
regard to the German SIS alert, the Ombudsman concluded that the Dutch
authorities had not acted appropriately either, as they did not issue a form to the
applicant, which would have shown that the applicant was residing lawfully in
the Netherlands during his asylum procedure.
8. Conclusions
8.1. Implementation of Article 96 CISA
The criteria based on which third-country nationals can be reported into the
NSIS for the purpose of non-admission are dened by the Ministry of
Immigration (since 2007: Justice) without any involvement of the national parliament. This applies to both categories of person to be registered into the NSIS:
the formal residence ban and third-country nationals to be reported as unwanted.
Although, with regard to the second category, the Aliens Circular 2000 oers
centralised rules on the situations in which data can be stored in the NSIS, these
criteria can be broadened by the responsible Minister on a fairly ad hoc basis.
The application of these criteria leaves a considerable margin of appreciation for
the national authorities involved. At an early stage of the implementation of CISA,
it was established that there were dierences in application between the national
police regions. For the purpose of coordinating the application of Article 96 CISA,
regional SIS coordinators and, at central level, one national coordinator have
been appointed. No updated information is available about how this coordination works and on which criteria third-country nationals are currently reported
into the NSIS.
Considering the consequences of being registered in the NSIS as an inadmissible
person, the Dutch criteria in the Aliens Circular could be described as reasonably
light. Even minor oences or the fact of being suspected of such an oence can
lead to a SIS alert based on Article 96. Special doubts can be raised about the
The Netherlands
507
proportionality of the criterion that if a person fails to report within the prescribed
period to the immigration authorities, he or he will be reported in the NSIS for
three years.
According to Article 96 (2) and 96 (3) CISA, decisions to report somebody
as unwanted may only be based on two grounds. Firstly, the presence of the
person must be considered a threat to public policy or security. Secondly, if a
third-country national fails to comply with national regulations concerning
entry and, based on this failure, has been subjected to deportation or refusal
measures, including or accompanied by a ban on residing on the national territory. With regard to the former criterion, the Schengen governments have a
margin of appreciation to dene the situations in which this threat applies, but
it is clear that not all the criteria as provided for in the Aliens Circular 2000 fall
within the general condition of a threat to public policy or security. With
regard to the second criterion, the Dutch provisions allow for the registration of
a third-country national in the NSIS even if he or she has not been the subject
of expulsion. As we have seen above, someone can even be reported in the NSIS
if he or she fails to comply with national immigration rules. Therefore, one has
to conclude that the Dutch criteria are not in conformity with the criteria of
Article 96 CISA.195
8.2. Data Protection and Data Control
As in Germany and France, between 2001 and 2006, there has been increasing
emphasis in the Netherlands on the use of databases and the storage of personal
information as the ultimate solution to dierent problems. Dierent measures
have been proposed and adopted to extend the powers for national authorities to
carry out identity checks or to control persons in the Netherlands. Compared to
the strong public resistance in the 1970s to a central population registration and
the census, current developments do not meet with many critical responses. This
lack of public discussion could be explained by the fact that, in the Netherlands,
the principal notions of the right to privacy or informational self-determination
or even the division of powers are less dogmatically developed than, for example,
in Germany. As we saw in the previous Chapter, in this country the lawfulness
and proportionality of, for example, data proling and the central aliens
administration received a much more critical response.
195
See also P. Boeles, who argues that some of the Dutch criteria are in breach of the general criteria and purpose of Article 96, in his annotation to the decision of the Court of The Hague of 5
January 2000 mentioned in section 7.3.2. above, Jurisprudentie Vreemdelingenrecht 2000/51.
See also my conclusions in: Grensbewaking en het SIS, in: E. Brouwer, K. Groenendijk (eds.),
Derdelanders in de Europese Unie, Utrecht: Forum 2001, p. 49.
508
Chapter 13
The Netherlands
509
510
Chapter 13
The authorities involved should always assess the proportionality of the eects of
the refusal of entry together with the circumstances and interests of the person
concerned.
During the judicial procedure in the Moon case, the Minister of Immigration
expressed the more formal position that the reports by other Schengen countries
should in general be observed. This position on the automatic eect of SIS alerts
(interstatelijk vertrouwensbeginsel ) was also held by this Minister during parliamentary debates on immigration law and anti-terrorism measures. According to
the Minister and the IND, there would be little scope for national considerations
with regard to the admission of third-country nationals reported in the NSIS by
other Schengen States. With few exceptions, Dutch courts generally have been
reluctant to accept this position and required additional information from the
Dutch government as to why, in this specic case, no exception could be made.
On the other hand, the courts also required additional information from applicants to support their claims that a NSIS report is unlawful or disproportionate in
that specic situation. If no such information is submitted during the procedure,
this was considered sucient reason to reject this claim.
8.3.4. Competences
In immigration law procedures, Dutch courts can issue temporary provisions such
as ordering the national authorities to grant a person access to Dutch territory or to
lift a detention order. Until 2006, the case-law in which this competence was used
with regard to the Schengen Information System is scarce. However, the decision
of the Haarlem Court to order the Spanish authorities to withdraw a NSIS alert
based on Article 95 CISA can be considered an important breakthrough in the way
Dutch courts handle individual claims against NSIS reports. Another important
example is the judgment in the Moon case of the Amsterdam Court of 21 October
2005 in which the Dutch authorities were ordered to grant the Moons temporary
access to Dutch territory, despite the German alert in the SIS.196
Furthermore, even if they do not relate to NSIS alerts, the judgments described
in section 7.5 illustrate that national courts have the power to impose nancial
nes on national authorities in immigration law procedures in the case of unlawful or untimely decisions.
Considering the powers of the Data Protection Authority, it should be seen as
unfortunate that this authority only can impose a nancial ne when a data controller does not report a registration to the CBP. With regard to infringements of
more substantial standards of data protection law, the CBP has no such power.
196
Only in 2007, as we have seen above, the Amsterdam Court took up a more formal position
and refused the applicants request for a temporary provision granting them access for two days
to the Netherlands.
Chapter 14
Conclusions
in an age when the freedom of movement, especially across borders, is considered essential for the full development of private life, especially for people such as
the applicant, who have family, occupational and economic ties in more than one
country, denial of that freedom by the State without any good reason constitutes a
serious failure on its part to discharge its obligations to those under its
jurisdiction.1
2
3
letmi v. Turkey, 5 December 2005, appl. no. 29871/96, 50. This judgment is only available in
French, the quotation is from the ECtHR press release, 6.12.2005. The original text of 50
reads: A une poque o la libert de circulation, et en particulier la circulation transfrontalire,
est considre comme essentielle pour lpanouissement de la vie prive, surtout quand il sagit de
personnes, tel le requrant, ayant des liens familiaux, professionnels et conomiques ancrs dans
plusieurs pays, refuser cette libert sans aucune motivation une personne relevant de sa juridiction
constitue, de la part dun Etat, un manquement grave ses obligations.
16982/06, 20 December 2006.
17102/06, 22 December 2006, p. 3.
512
Chapter 14
Ibid., p. 6.
Conclusions
513
5
6
514
Chapter 14
Conclusions
515
516
Chapter 14
Conclusions
517
There is some tension between the rights of the categories of persons mentioned above and the possibility of these persons being reported in the SIS for the
refusal of entry. In 2006, this tension became clear in the judgment of the ECJ in
the case of the Commission v. Spain. Here, the ECJ left no doubt about the fact
that an automatic refusal of entry or a visa to a third-country national who is
married to an EU citizen, solely on the basis of a SIS alert, violates the principle
of free movement which is central to the communitarian system. To take this
negative decision without verifying whether the person concerned imposes a genuine and suciently serious threat to the fundamental interest of society implied
a breach of the rights as laid down in Directive 2004/38.8
3.4. Data Protection Rights
In general, data protection law provides for procedural guarantees safeguarding,
among other things, the transparency of the use of personal information and databases. This transparency regarding the use of data allows the individual to be
informed of the authority collecting his or her information and of the purposes of
this data processing. It enables an individual to exercise the right of access, deletion
and correction and obliges the authorities to take these requests seriously and to
handle them within a preset or reasonable time limit. In Chapter 7, I described the
central principles of data protection law and considered the added value of data
protection. I have argued that the primarily procedural norms of data protection
are closely tied to more substantial criteria such as the non-discrimination principle, the limitation on the processing of sensitive data and the ban on automated
decision-making. In the following paragraphs, I will set out why in my view current EU measures are dicult to reconcile with these principles. It should be noted
however, that this subject requires a more in-depth analysis. The following paragraphs should only be considered as a rst exercise to describe the tension between
data protection law and the current measures of data surveillance in the EU.
1. At EU level, the principle of purpose limitation is undermined by the inclusion
of vague and open criteria in the applicable rules and the new emphasis on the
interoperability of information systems and the availability of information.
Furthermore, the creation of large, multipurpose databases such as VIS and
SIS II is in conict with this principle of purpose limitation, including limits
on the use and disclosure of personal information. The establishment of these
databases also conicts with the principle that aimless data collection should
be banned. In their proposals for the storage of biometrics and the interoperability of dierent databases, Member States are explicitly envisaging the future
use of personal information, unknown at the time of its registration.
8
I will come back to this subject in section 6.1.2, dealing with the new Regulation 1987/2006.
518
Chapter 14
2. The creation of multipurpose central databases such as the VIS and, possibly,
Eurodac and SIS II, impedes the transparency of the storage and further use of
personal information in these systems. Generally, persons whose data are
stored by one Member State will not be aware that these data are accessible to
the authorities of the other Member States, and eventually third countries, as
well. With regard to the use of SIS I, we have seen that generally, in France,
Germany and the Netherlands, third-country nationals are not informed at
all about their registration in the SIS I.
However, the data protection principle of transparency is bolstered by the
rules on informed decision-making in EC immigration and asylum law.
An example is the Schengen Borders Code, obliging border ocials to inform
a person in writing of the reasons for refusing him entry. One of the valid
reasons for border ocials to refuse a person entry to their territory is an alert
in the SIS. This means that the aforementioned obligation enables the person
refused entry to nd out that he or she is registered in the SIS.
3. EU legislation allowing for the collection and storage of specied information such as health (biometric data) and religious beliefs (especially Muslims,
in measures aimed at combating terrorism) or ethnic origin (data on foreigners used for immigration control) erode the principle based on which extra
safeguards are to be provided for sensitive or special categories of data. As mentioned above, EU measures in the eld of Freedom, Security and Justice are
increasingly based on the general assumption that migrants within the EU
are to be treated as suspected persons or potential terrorists. Such a policy
runs against the general accepted principle of non-discrimination and equality, which is one of the goals of the extra protection of sensitive or special categories of data. This policy also has a negative impact for the position of
migrants and their further integration into the society of EU Member States.
4. The principle that data holders or processors should take measures to guarantee the quality of data is jeopardised by the establishment of large, multipurpose databases. As we observed, diverging criteria based on which personal
data are stored by national authorities, diverging implementation of EU standards and non-compliance with time limits aect the quality and accuracy of
the data. The ndings of the national data protection authorities with regard
to Article 96 CISA, discussed in Part III, showed that the reliability of the
information stored in SIS is dubious, that national authorities are using SIS
for dierent purposes and that authorities disregard the rules protecting the
rights of individuals, such as time limits. Furthermore, it is questionable
whether, in their ght against terrorism, including the retrieval of information
on potential or possible terrorists, the national authorities are still considering
the importance of treating soft data and hard data dierently. SIS II and
VIS will also include information which is based on soft data rather than
Conclusions
519
hard data. For example, as we have seen with regard to SIS I, national
authorities report individuals on the basis of suspicions that this person has
committed a serious crime or is involved in terrorist activities. There is a risk
that due to the interlinking of databases such as SIS II and VIS and the access
granted to internal security organisations, the distinction between reliable
hard data and unreliable soft data becomes blurred. This makes it dicult
not only for the person involved, but especially for the user authorities and
the courts or supervisory authorities involved in assessing which information
is accurate and which is not.
The use and storage of biometrics also may cause problems with regard to
the quality of information. Dierent specialists and data protection authorities, including the EDPS, explicitly have warned against the use of biometrics
as a primary key. A primary key can be described as an instrument enabling the identication of a person and, based on this identication, a very
rapid search through dierent databases. Since biometrics are always based on
probabilities, they will never deliver the unambiguous key that is by denition
required for a primary key for databases. As emphasised by the EDPS, for
example, such use will probably result in a breach of the principle of data
quality.
5. Formally, the principle of individual participation includes the right of data
subjects to be informed, their right of access to information and the right to
request correction or deletion. Generally, these rights have been incorporated
in the legislation dealing with EU databases described above. However, these
rights are subject to limitations. Furthermore, in practice, these rights seem to
be dicult to achieve due to a lack of knowledge about the existence of databases and the fact of being registered at all. Also, as we have seen with regard
to the use of SIS I, it is not easy for individuals to ascertain which authority is
responsible for the data processing or to nd information about the available
rights and remedies.
6. The ban on automated decision-making is not an absolute right of data protection. National legislation already provides for accepted limitations to this
principle, for example, in tax law or in trac law. The extended use of systems such as SIS, VIS and terrorist lists seems, however, to imply an additional and less acceptable deterioration of this principle. Through these
systems, Member States are prepared to rely increasingly on the national decisions of foreign authorities. Since these decisions are stored in shared information systems and based on the so-called principle of mutual trust, the use
of these systems will lead to automatic decisions which are dicult to refute
by the individual concerned.
7. The principle of security of information systems containing personal data generally receives a lot of attention in EU policy. Dierent proposals explicitly
520
Chapter 14
refer to technological safeguards protecting data systems against loss, destruction or unauthorised access. National and EU policy-makers are also investing
in the so-called Privacy Enhancing Technologies. However, in practice, the
centralised storage of data, their multipurpose use, and the increase in numbers
of authorities (including those from non-EU Member States) and organisations
gaining access to these systems are likely to result in a loss of security.
8. The principle of accountability is included in the dierent legal instruments
concerned. They provide for rules on the liability of the data processor for
damage suered by individuals caused by the use of information systems for
which the data controller is responsible. Although not explicitly covered in
my study, a problem of accountability may arise, considering the responsibility of EU institutions or Member States for the management of the central
databases of SIS II, Eurodac or VIS. The creation of separate, independent
EU Management Authorities or Agencies must be accompanied by clear
rules on accountability, liability and transparency.
9. The non-discriminatory application of data protection is included in EC
Directive 95/46 and the Data Protection Convention. Article 8 of the EU
Charter explicitly stipulates that everyone has the right to protection of personal
data concerning him or her. As we have seen in Chapter 7, data subjects
rights may be restricted on the basis of legal exceptions as described in Article
13 of EC Directive 95/46. These exceptions include the need to safeguard
national security, defence, public security or criminal investigation. On these
grounds, Member States may restrict certain rights of individuals, including
the right to obtain information on the data processing in question (purposes,
data controller, recipients of information) and the right to access, correction or
deletion of his or her information. In practice, the use of these legal limitations
of certain rights could result in the discriminatory application of data protection
principles. In the ght against terrorism, certain activities by governmental
organisations are targeting foreigners or individuals with a Muslim background. Therefore, even if data protection law itself does not discriminate,
its practical implementation, the way individual applications for access or
information will be treated, may be dierent for dierent groups.
Conclusions
521
procedures in both data protection and immigration law. For example, the scope
of review by data protection authorities is restricted and the independence and
eciency is threatened by their lack of power and nancial resources. EC instruments on asylum and immigration generally refer to the right to legal remedies
for third- country nationals, but the applicable rules are not very detailed with
regard to the content, the scope, or the eects of the remedies. Procedural guarantees are left to the scrutiny of the national legislator and access to an independent court or tribunal is not always guaranteed. Although there are some positive
developments with regard to the duty of informed decision-making, this duty to
inform third-country nationals of their rights remains void if national laws do
not provide for these rights.
In Chapter 10, I developed three principles of EU law, arguing why the right
to eective remedies applies to both immigration law and data protection law
decisions relating to the use of databases, such as the SIS. The rst of these principles
is based on the incorporation of human rights and the ECHR within the legal
framework of the EU. It is clear that the standards on the right to eective legal
remedies in the ECHR, and further developed by the ECtHR, apply to the
implementation of EC immigration and asylum law in cases where human rights
are at stake. Secondly, I pointed out the right to judicial protection to enable
individuals to enforce their rights under Community law. In the words of the
ECJ in the Panayotova case, Member States must provide for eective judicial
scrutiny of the decisions of national authorities taken pursuant to the applicable
provisions of Community law. Thirdly, the right to eective remedies follows
on from the legal system within the Community which includes the system of
preliminary references. Here, the right to remedies is necessary in order to enable
both national courts and the ECJ to guarantee a coherent and clear interpretation
of Community law.
As we have seen, the criteria developed on the basis of these general principles
go much further than the rules adopted in the dierent instruments at stake.
From the law described in Part II of my study, I derived the following minimum
criteria: access to an impartial tribunal, which might be a judicial or a non-judicial
authority provided it is a permanent institution, established by law and independent of the national authority taking the decision or measure. Secondly, on the criterion of accessibility, we have seen that the decision-making should be in writing,
indicate the reasons for the decision and include information on the authority
taking the decision, the available remedies and the applicable time limits. The
legal remedies should be available within a reasonable time and the person concerned should have the option to be advised, defended and represented during the
procedure. To guarantee the accessibility of remedies there must be access to legal
aid for those who otherwise would have no sucient means of nding access to
legal remedies. The court or tribunal dealing with the individual complaint or
522
Chapter 14
appeal should be able to consider all relevant aspects of the case. In other words,
its scope of review should include the legitimacy or lawfulness of the measures
concerned and the necessity and proportionality of these measures. This applies,
in our case, to the decisions of national authorities to report individuals in the
SIS, as well as to the decisions or measures which are based on those SIS reports.
Furthermore, the court or tribunal should be able to balance the individual rights
against a pressing social need or to balance the competing interests at stake.
Finally, a court or tribunal should have sucient powers, in the words of Boeles,
to overcome fait accompli. This means that the court or tribunal should be able
to grant interim relief or suspensive eect to a legal procedure, to impose binding
decisions or nes and, if necessary, to order (nancial) repair of damage.
Conclusions
523
asylum seekers in the SIS. Also, in general, the annual reports by the German
data protection authorities established the unlawfulness and inaccuracy of the
information held on third-country nationals. The applicable criteria in the
Netherlands must be regarded as very broad and are dicult to reconcile with
the criteria of article 96 (2) and (3) CISA. According to the Dutch criteria, a person may be reported in the SIS for relatively minor oences or even on the basis
of a suspicion.
More recently, in France and the Netherlands, the responsible Ministers
underlined the importance not only of a systematic input of data into the NSIS,
but also of a systematic refusal of entry based on a SIS report. Based on this policy,
national authorities are expected to report a person in the SIS as soon he or she
meets the criteria for a SIS alert. Additionally, if the authorities nd a report for
the purpose of refusal of entry, this person should automatically be refused entry.
In the Netherlands, the latter policy has been advocated with regard to reports
on the basis of public order or security grounds. Also in 2005 and 2006, the
Dutch authorities referred before courts to the changed situation with regard to
security in the world and the increasing importance of respecting the SIS alerts
of other Schengen partners. These arguments were used to justify the refusal of
entry to persons on the basis of a, in this particular case, clearly disputable foreign
alert. This negative decision was remarkably because in previous years, the same
applicants had been granted access to the Netherlands in spite of the foreign
alert. In France, the presumption of inadmissibility even has consequences for
the availability of legal remedies in cases of expulsion. The French legislator considers a foreign SIS alert as a nal decision by another Schengen State, assuming
that the person involved could already have lodged an appeal against this decision in the issuing State. Based on this assumption of a nal decision, the right
to suspensive remedies against expulsion orders on the basis of these foreign
reports has been limited in the French Immigration Act.
5.2. SIS and Data Protection Rights of Individuals
In France, Germany and the Netherlands, national law provides no duty for
public authorities to inform a person that he or she is reported in the SIS. The
French Data Protection Act includes the principle of indirect access, meaning
that a person who wants to know whether he or she is reported in the SIS and on
what grounds must apply to the CNIL. This procedure leads to lengthy procedures and the rights of the applicant are dependent on an active approach by the
French Data Protection Authority, CNIL. In Germany and the Netherlands, the
persons may directly address the authorities concerned with an application for
access, correction or deletion of their data. In the Netherlands, individuals will
have to submit their request concerning data held in the SIS to the privacy ocer
524
Chapter 14
of the Dutch police force. Although this ocer is easily accessible and wellinformed, the procedure chosen for requests from third-country national seems
illogical and time-consuming. A person who applies to the Immigration Oce
with the request for information will be informed that he or she should apply
rst to the privacy ocer of the police force. This ocer will then return this
request to the immigration ocer for processing.
The German and French data protection authorities seem to be more actively
involved in individual applications with regard to the SIS than the Dutch Data
Protection Authority, the CBP. Whereas both the French CNIL and the German
Federal Data Protection Commissioner received more than 500 individual applications annually for (indirect) access to the NSIS alerts (not only Article 96
alerts), the Dutch CBP only dealt with fewer than ten individual applications
per year. This very low number of applications with regard to SIS information in
the Netherlands could be explained by the active role of the privacy ocer in the
Dutch police force. The latter ocer dealt with approximately 200 applications
each year.
In 2004, the national data protection authorities investigated the Article 96
alerts held in the SIS I within the framework of the general inquiry by the
Schengen Joint Supervisory Authority. In particular, the reports of the German
data protection authorities included important conclusions with regard to the
data held on third-country nationals and the ndings were thoroughly discussed
in the various annual reports by these data protection authorities. In France and
the Netherlands, the data protection authorities only performed very marginal
research on the Article 96 alerts. The reports were not ocially published. In the
Netherlands, the Data Protection Authority only investigated 15 out of a total
of 12,167 Dutch alerts on third-country nationals to be refused entry. This
was explained by a lack of time and capacity. Generally, in all three countries
the data protection authorities lack nancial and personal resources. However,
in Germany, the parallel functioning of the Federal Data Protection Commissioners
and the data protection authorities in the Lnder, each with their own resources
and sta, seem to result in a more active scrutiny of the functioning of the SIS.
Unlike the Dutch Data Protection Authority, the French and German data protection authorities have the competence to impose heavy penalties on organisations
or persons who act in breach of the applicable data protection rules.
Despite these short-comings, future investigations performed by national
(or European) data protection authorities should be encouraged, not least because
of the potential discovery of irregularities in the SIS II or other databases. These
general inquiries or audits make national authorities aware of their obligations
regarding the lawfulness and quality of data held in the SIS. It also emphasises
the watchdog role of national and European data protection authorities.
Conclusions
525
526
Chapter 14
Conclusions
527
In a judgment of 2005, a Dutch court, nding that an Article 95 alert (extradition) did not meet the CISA criteria, ordered the Spanish authorities to withdraw
this alert from the SIS. Also this decision met with strong opposition from the
Spanish authorities. Only after diplomatic pressure, involving the national data protection authorities and the privacy ocer of the Dutch police force, were the Spanish
authorities willing to follow the courts decision and to delete the SIS reports.
528
Chapter 14
Secondly, the fact that these decisions are based on the national discretionary
power of the States causes a problem for the national courts or authorities in
assessing the lawfulness of SIS reports. For example, a SIS alert based on the suspicion of a serious criminal oence opens the door for very wide application.
Furthermore, in France, Germany and the Netherlands, third-country nationals
may be declared inadmissible or unwanted on the basis of condential reports
from internal security agencies, resulting in registration in the NSIS. This
information cannot be eectively scrutinised by the individual or by the courts.
The need for a common interpretation of the reasons for excluding an individual
from the territory of the EU derives both from the principle of equal treatment
and the duty of Member States to respect the rights of third-country nationals
as described above (ECHR, rights of employees under third country agreements,
family reunication).9 The harmonisation of the criteria for reporting persons in
the SIS II is also necessary to provide the individual in question with eective
remedies, in which national courts or tribunals are able to assess the criteria for
SIS reporting and refusal. For these reasons, it is unfortunate that the development of SIS II was not used to provide for more harmonised criteria. As we have
seen, the attempt of the European Commission to achieve this harmonised
approach was not accepted by the governments of the EU Member States. Article
24 (5) Regulation regarding SIS II only states that the Commission shall review
the application of this Article three years after the Regulation enters into force.
The Commission will then, based on this review, use its right of initiative and
make the necessary proposals to amend this provision, to achieve a higher level
of harmonisation of the criteria for entering the alerts.
Despite this lack of harmonised criteria, the new SIS II Regulation includes
two important limitations with regard to the criteria for reporting third-country
nationals in the SIS, compared to the provision of Article 96 CISA. In the rst
place, the SIS II Regulation explicitly includes a proportionality clause which
goes further than the former proportionality clause of Article 94 CISA. This
Article 21 provides that a Member State issuing an alert should not only determine whether the case is important enough, but also whether this case is adequate and relevant to warrant an entry in the SIS II. Secondly, in addition to
this proportionality clause, Article 24 of the Regulation 1987/2006 requires that
every decision to issue an alert on a third-country national be taken on the basis
of an individual assessment. Furthermore, Article 24 (1) explicitly provides that
appeals against these decisions shall lie in accordance with national legislation.
See also Guild (2001), p. 28. The challenge of the Schengen system is the basis on which
common control of the denition of risk should be founded.
Conclusions
529
These two limitations and the explicit reference to the possibility of appeal oer
national courts and data protection authorities a tool to assess the lawfulness and
proportionality of reporting third-country nationals in the SIS II.
Until a further harmonisation of criteria takes place, the lack of material criteria should be compensated by procedural guarantees. This includes the safeguarding of applicable time limits for the storage of data, informed decision-making,
the possibility of imposing nes if national authorities act in breach of the applicable law and, last but not least, eective remedies for the person involved,
including the right to nancial compensation.
6.1.2. Protecting EU Citizens and Beneciaries of EC Law
The drafters of the SIS II Regulation clearly have taken into account the recent
jurisprudence of the ECJ with regard to the protection of rights of EU citizens
and beneciaries of EU law. However, the extra safeguards included in this
Regulation still provide for some loopholes. Based on Article 25 (2), if a hit is
found for a third-country national who is a beneciary of the Community right of
free movement, the executing state must immediately consult the issuing Member
State via the SIRENE oce in order to decide without delay on the action to be
taken. This provision does not describe the procedure to be followed when the
Member States disagree upon the action to be taken, or when one Member State
does not respond without delay to the request from the other State.
Furthermore, Article 30 of the Regulation 1987/2006 includes the obligation
for Member States to delete alerts on persons reported in SIS II on the basis of
Article 24 as soon as the Member State issuing the alert is informed or becomes
aware that the person has acquired the citizenship of any State whose nationals
are beneciaries of the Community right of free movement. This Regulation does
not oblige Member States, although this has been proposed by the Commission,
to delete data on third-country nationals who become family members of EU
citizens. Nor does it include such an obligation for long-term resident thirdcountry nationals. This could mean that those persons are registered in the SIS II
in conict with the criteria of the Directive on long-term resident third-country
nationals or the Directive on family reunication.
Even if the duty to delete an alert from the SIS II were extended to the aforementioned categories of third-country nationals, it is questionable whether this
rule will be eectively implemented. The practice of the current use of the SIS
and Eurodac has shown that unless the person concerned actively pursues the
deletion of his own record, data on recognised refugees or EU citizens respectively are not automatically or swiftly deleted, as prescribed by European or
national law. Therefore, the duty to delete a report as soon as a Member State
becomes aware that the person concerned falls within one of these categories is
only eective if accompanied by stricter safeguards.
530
Chapter 14
Conclusions
531
As we have seen above, these information rights are bolstered by the rights
included in EC immigration and asylum law. The Schengen Borders Code obliges
authorities refusing a person entry to their territory to issue a substantiated and
written decision, stating the procedures for appeal. Other instruments regarding
immigration and asylum law adopted under Title IV TEC also include provisions
concerning the duty of informed decision-making.
6.2.2. Cooperation Between Data Protection Authorities
Practice with the current SIS has shown that procedures by which an individual
seeks to obtain information about the reasons for a SIS alert or to have this alert
deleted from the SIS, often take a long time. Even if the national data protection authorities are actively involved, their power to act is limited if a national
administration fails to respond in a timely manner to the questions involved.
For this reason, it is important that the new Regulation regarding SIS II provides for the cooperation of the dierent data protection authorities involved.
According to Article 46 (1), national supervisory authorities and the EDPS
must cooperate actively, within the framework of their responsibilities and
shall ensure coordinated supervision of SIS II. In addition, Article 46 (f ) of
Regulation 45/2001 regarding the processing of data by Community institutions and bodies states that the EDPS should cooperate with the national supervisory authorities to the extent necessary for the performance of their respective
duties, in particular by exchanging all useful information, requesting such
authority or body to exercise its powers or responding to a request from such
authority or body.
Article 34 (3) and (4) of the Regulation 1987/2006 provides for a special procedure if a Member State has evidence that information stored in SIS II is incorrect or unlawful. This rule had already been included in Article 106 (2) and (3)
CISA, but the new provision now includes a time limit. According to Article 34 (3),
if a Member State not issuing the alert has evidence suggesting that an item of
data is factually incorrect or has been unlawfully stored, it shall, by exchanging
supplementary data, inform the issuing Member State at the earliest opportunity
and no later than ten days after it became aware of the said evidence. The issuing State must then check the communication and, if necessary, correct or delete
the item in question without delay. In practice, it will be dicult to establish
exactly when a Member State has to inform an issuing State of the alleged wrongfulness or unlawfulness of an alert. Furthermore, the fact that there is no time
limit within which the issuing State should delete or correct the refuted data also
makes it doubtful whether this rule will be eective in practice.
According to Article 34 (4), if the aforementioned Member States are unable
to reach agreement within two months, the Member State not issuing the alert
shall submit the case to the EDPS. The EDPS then has to act jointly with the
national supervisory authorities as mediator.
532
Chapter 14
Conclusions
533
10
11
12
Having to refuse a person entry because of having to blindly follow the instruction of another
state is also loss of sovereignty, Steenbergen (1999), p. 2960.
Cholewinski (2005), p. 238.
M. Gautier, Le dpassement du caractre national de la juridiction administrative franaise:
le contentieux Schengen, Droit Administratif, May 2005, pp. 7 .
534
Chapter 14
Member State. These coordination points could ensure that each request from a
foreign court dealing with a SIS alert is dealt with in a timely and ecient manner.
This procedure could be accompanied by appropriate time limits, ensuring a swift
response by the authorities involved. A comparable mechanism has been chosen
for the SIRENE manual with regard to the coordinating role of national SIRENE
oces for the administrative authorities when dealing with a SIS alert and the
issue of residence permits and visas. These oces operate 24 hours a day, seven
days a week and must respond within 12 hours of submission of the request.13
7. Final Remarks
In 1985, in the White Paper on the Internal Market, the Commission underlined the symbolic meaning of borders by stating that the formalities aecting
individual travellers were, a constant and concrete reminder to the ordinary citizen that the construction of a real European Community is far from complete.14
The Commission referred to the police checks relating to the identity of persons
and the safety and customs checks concerning the goods they were carrying, even
though these controls were often no more than spot checks. These checks would
be seen as, the outward sign of an arbitrary administrative power over individuals and an aront to the principle of freedom of movement within a single
Community. The Commission did not foresee the development of high-tech
control and surveillance measures to which individuals travelling around Europe
are now exposed. The question arises of whether these new measures are not precisely the same as those which the Commission tried to abandon in 1985. The
establishment of the European information network includes the storage of
data in large-scale databases, the increase in identication measures and the use
of biometrics. It is clear that these measures entail a risk to the protection of
human rights such as the right to privacy and the right to data protection, but also
the freedom of movement of persons and the principle of non-discrimination.
These rights and freedoms protect both non-EU citizens and EU citizens. Once
the above measures are applied, it may become dicult to restore these rights
and freedoms. Even if we are able to grant individuals eective remedies, it would
have been better to draft these controlling measures in such a way that individuals
would not need to seek legal redress.
13
14
Conclusions
535
To make a nal conclusion, I would like to stress the important role of individual practitioners, whether they work for NGOs assisting immigrants, or as a
lawyer or a judge. Without their knowledge on the applicable laws and available
rights and remedies, the position of third-country nationals seeking protection
and access to justice will remain weak. There is a special task for judges using
their powers in the broadest extent, balancing the dierent interests at stake and
assessing the lawfulness of decisions involved. In a eld were the use of databases
and the mutual recognition of national decisions become increasingly important,
courts should be able to look further than their own national laws. Dealing with
databases such as the Schengen Information System, they should be competent
to assess the lawfulness of foreign decisions aecting individuals rights. Finally,
courts must be made aware of their power to submit preliminary requests to the
Court of Justice. Even if, in the short term, a preliminary procedure will not restore
the rights of the person concerned, in the long-term it might help to safeguard
a coherent and clear interpretation of EU law.
Bibliography
Alston (1999)
Ph. Alston (ed.), The EU and Human Rights, Oxford: Oxford University Press 1999.
Anderson & Bigo (2003)
M. Anderson and D. Bigo, What are EU frontiers for and what do they mean? in: Groenendijk,
Guild & Minderhoud (2003), p. 725.
Ashbourne (2006)
J. Ashbourne, Societal Implications of the Wide Scale Introduction of Biometrics and Identity
Management, Background paper for the Euroscience Open Forum ESOF 2006 in Munich,
July 2006.
Aubert (2002)
F. Aubert, Laccs aux donnes personnelles du systme dinformation Schengen, AJDA, 18
novembre 2002, p. 1208.
Aubin (2000)
E. Aubin, Le juge administrative franais face lapplication de la Convention de Schengen dans
ses dispositions sur le droit dasile. Bilan juridictionnel de lapplication en France des accords
de Schengen, Revue de droit Public, no. 32000, p. 829862.
Aus (2006)
J.P. Aus, Eurodac: A Solution Looking for a Problem? Working Paper no. 9, Centre for European
Studies, University of Oslo, May 2006 http://www.arena.uio.no/publications/
Baldaccini & Guild (2006)
A. Baldaccini and E. Guild, Terrorism and the Foreigner A Decade of Tension around the Rule of
Law in Europe, Leiden/Boston: Martinus Nijho Publishers 2006.
Baldaccini, Guild & Toner (2007)
A. Baldaccini, E. Guild and H. Toner (eds.), Whose Freedom, Security and Justice? EU Immigration
and Asylum Law and Policy Oxford: Hart Publishers, 2007.
Balzacq, Bigo, Carrera & Guild (2006)
T. Balzacq, D. Bigo, S. Carrera, E. Guild, Security and the Two-Level Game: The Treaty of Prm,
the EU and the Management of Threats, CEPS Working Document no. 234, January 2006.
Balzacq & Carrera (2006)
T. Balzacq and S. Carrera, Security versus Freedom? A Challenge for Europes Future, Aldershot:
Ashgate 2006.
Balzacq & Carrera (2006a)
T. Balzacq and S. Carrera, The Hague Programme: The Long Road to Freedom, Security and
Justice, in: Balzacq & Carrera (2006), p. 132.
Barendt (2001)
E. Barendt (ed.), Privacy, Aldershot: Ashgate 2001.
Barnard & Scott (2002)
C. Barnard & J. Scott (eds.), The law of the single European market: unpacking the premises,
Oxford: Hart 2002.
Evelien Brouwer, Digital Borders and Real Rights, pp. 537552.
2008 Koninklijke Brill NV. Printed in the Netherlands.
538
Bibliography
Battjes (2002)
H. Battjes, A Balance between Fairness and Eciency? The Directive on International Protection
and the Dublin Regulation, EJML, 4, 2002, p. 159192.
Battjes (2006)
H. Battjes, European Asylum Law and International Law, Leiden/Boston: Martinus Nijho
Publishers 2006.
Baudouin, Boeles, Kuijer & Spijkerboer (2001)
P.J.A.M. Baudoin, P. Boeles, A. Kuijer, T.P. Spijkerboer, Vreemdelingenwet. Gevolgen voor de
rechtspraktijk, Utrecht: OSR Juridische Opleidingen 2001.
Benda (1995)
E. Benda et al. (eds.), Handbuch des Verfassungsrechts der Bundesrepublik Deutschland, BerlinNew York: Walter de Gruyter 1995.
Bennett (1992)
C.J. Bennett, Regulating Privacy. Data Protection and Public Policy in Europe and the United
States, Ithaca and London: Cornell University Press 1992.
Benyekhlef (1993)
K. Benyekhlef, La protection de la vie prive dans les changes intenationaux dinformations,
Montral: Ed. Thmis 1993.
Bigo (2006)
D. Bigo, Liberty, whose Liberty? The Hague Programme and the Conception of Freedom, in:
Balzacq & Carrera (2006).
Bigo & Guild (2003)
D. Bigo and E. Guild, La mise lcart des trangers: la logique du visa Schengen, Cultures &
Conits, 2003, no. 4950.
Bigo & Guild (2005)
D. Bigo and E. Guild (eds.), Controlling Frontiers. Free movement into and within Europe,
Aldershot: Ashgate 2005.
Billaud (1993)
P. Billaud, La protection des donnes informatiques dan le cadre du Accord de Schengen, in:
Pauly (1993), p. 25 .
Bing & Torvund (1995)
J. Bing, O. Torvund (eds.), 25 Years Anniversary Anthology, Tano: Norwegian Research Center
For Computer and Law 1995.
Bisschof (2004)
B. A. Bisschof, Europische Rasterfahndung grenzelose Sicherheit oder glserne Europer?
Kritische Justiz, Jrg. 37, Heft 4, 2004, p. 361380.
Blake (2004)
N. Blake, Developments in the Case Law of the European Court of Human Rights, in: Bogusz
& Cholewinski (2004), p. 431 .
Blake & Husain (2003)
N. Blake and R. Husain, Immigration, Asylum and Human Rights, Oxford/New York: Oxford
University Press 2003.
Blok (2001)
P. Blok, De splitsing van privacy. Advies over het grondrecht op privacy in het digitale tijdperk,
Ars Aequi 50 (2001), p. 6.
Blok (2002)
P.H. Blok, Het recht op privacy. Onderzoek naar de betekenis van het begrip privacy in het
Nederlandse en het Amerikaanse recht, The Hague: Boom Juridische Uitgevers 2002.
Bibliography
539
de Bock (2004)
R.H. de Bock, De omvang van het geding, Nijmegen: Ars Aequi Libri 2004.
Bcker (1998)
A. Bcker (ed.), Regulation of Migration. International Experiences, Amsterdam: Het Spinhuis
Publishers 1998.
Boeles (1997)
P. Boeles, Fair Immigration Proceedings in Europe, The Hague/Boston/London: Martinus Nijho
Publishers 1997.
Boeles et.al (2004)
P. Boeles, E. Brouwer, A. Woltjer and K. Alfenaar, Border control and movement of persons.
Towards eective legal remedies for individuals in Europe, Utrecht: Forum, 2004.
Boeles (2005)
P. Boeles: Fair and Eective Immigration Procedures in Europe? EJML 7, 2005, p. 213218.
den Boer (1995)
M. den Boer, Moving between bogus and bona de: the policing of inclusion and exclusion in
Europe, in: Miles & Thrnhardt (1995), p. 92 .
den Boer (1996)
M. den Boer, Justice and Home Aairs: Cooperation without integration, in: Wallace & Wallace
(1996), p. 389409.
den Boer et al. (1998)
M. den Boer, A. Guggenbhl, S. Vanhoonacker, Coping with Flexibility and Legitimacy after
Amsterdam, Maastricht: EIPA 1998.
den Boer & Corrado (1999)
M. den Boer and L. Corrado (1999), For the Record or O the Record: Comments About the
Incorporation of Schengen into the EU, European Journal of Migration and Law, 1, 1999,
p. 397418.
den Boer (2000)
M. den Boer (ed.), Schengen Still Going Strong. Evaluation and Update, Maastricht: EIPA
2000.
Bogusz, Cholewinski (2004)
B. Bogusz, R. Cholewinski et al. (eds.), Irregular Immigration and Human Rights:
Theoretical, European and International Perspectives, Leiden/Boston: Martinus Nijhoff
Publishers 2004.
Bonjour (1999)
F. Bonjour, Pour la dfense des trangers, Paris : GISTI Recueil de jurisprudence 1999.
Boswinkel (1993)
B.J. Boswinkel, De privacyrichtlijn begrensd, SEW Sociaal Economisch Weekblad, 7/8, July/
August 1993, p. 551.
Bracke (2001)
N. Bracke, Flexibility, Justice Cooperation and the Treaty of Amsterdam, in: L. Marinho (2001),
p. 55 .
Brochmann, Hammar (1999)
G. Brochmann, T. Hammar, Mechanisms of Immigration Control: A Comparative Analysis of
European Regulation Policies, Oxford-New York: Berg 1999.
Brouwer (1998)
E. Brouwer, Registratie van gegevens en Koppelingswet, Migrantenrecht 56, 1998, p. 164174.
Brouwer (2001)
E. Brouwer, Grensbewaking en het SIS, in: Brouwer & Groenendijk (2001), p. 45 .
540
Bibliography
Brouwer (2002)
E. Brouwer, Eurodac: its Limitations and Temptations, European Journal of Migration and Law,
4, 2002, p. 231247.
Brouwer (2003)
E. Brouwer, Immigration, asylum and terrorism: A changing dynamic legal and practical developments in the EU in response to the terrorist attacks of 11.09, European Journal of Migration
and Law 4, 2003, p. 399424.
Brouwer (2006)
E. Brouwer, Data surveillance and border control in the EU: Balancing eciency and legal
protection of third-country nationals, in: Balzacq & Carrera (2006), p. 137154.
Brouwer & Groenendijk (2001)
E. Brouwer and K. Groenendijk (eds), Derdelanders in de Europese Unie, Utrecht: Forum 2001.
Brouwer, Catz & Guild (2003)
E. Brouwer, P. Catz and E. Guild, Immigration, Asylum and Terrorism. A Changing Dynamic in
European Law, Series Recht & Samenleving no. 19, Nijmegen: University of Nijmegen 2003.
De Bruycker (2003)
Ph. De Bruycker (ed.), The Emergence of a European Immigration Policy, Brussels: Bruylant 2003.
De Bruycker & Carlier (2005)
Ph. De Bruycker and J.Y. Carlier, Immigration and Asylum Law of the EU, current debates,
Brussels: Bruylant 2005.
Bull (1984)
H.P. Bull, Datenschutz oder die Angst vor dem Computer, Mnchen-Zrich: Piper 1984.
Bull (1985)
H.P. Bull Die Grundprobleme des Informationsrechts, Inaugural speech Universtity Tilburg,
Zwolle: W.E.J. Tjeenk Willink 1985.
Burkens et al. (2006)
M. Burkens et al., De beginselen van de democratische rechtsstaat, Alphen aan den Rijn:
Kluwer 2006.
Busch (1999)
H. Busch, Neue Wachstumringe im SIS, Brgerrechte & Polizei/CILIP, 63(2) 1999, p. 8084.
Bygrave (1998)
L.A. Bygrave, Data Protection pursuant to the Right to Privacy in Human Rights Treaties,
International Journal of Law and Information Technology, 1998, Vol. 6, p. 247284.
Bygrave (2003)
L.A. Bygrave, Data Protection Law: approaching its rationale, logic and limits, The Hague: Kluwer
Law International 2003.
Bygrave (2004)
L.A. Bygrave, Privacy Protection in a Global Context A Comparative Overview, Scandanavian
Studies in Law, 2004, vol. 47, p. 324.
Bygrave & Berg (1995)
L.A. Bygrave and Jens Peter Berg, Reections on the rationale for data protection laws, in: Bing
& Torvund (1995), p. 3 .
Carlier & De Bruycker (2005)
J.Y. Carlier and Ph. De Bruycker, Immigration and Asylum Law of the EU: current debates,
Brussels: Bruylant 2005.
Carlier & Guild (2006)
J.Y. Carlier and E. Guild, The Future of Free Movement of Persons in the EU, Brussels:
Bruylant 2006.
Bibliography
541
Carrera (2004)
S. Carrera, What Does Free Movement Mean in Theory and Practice in an Enlarged EU? CEPS
Working Document No. 208/ October 2004 available at: http://www.ceps.be
Catala (1983)
P. Catala, Ebauche dune thorie juridique de linformation, Revue de droit prospectif, 1983, no. 1
Catz (2003)
P. Catz, The Netherlands: small steps on beaten tracks, in: Brouwer, Catz & Guild (2003), p. 57 .
Cholewinski (2000)
R. Cholewinski, The EU Acquis on Irregular Migration: Reinforcing Security at the Expense of
Rights, European Journal of Migration and Law 2, 2000, p. 361405.
Cholewinski (2003)
R. Cholewinski, No Right of Entry, in: Groenendijk, Guild & Minderhoud (2003), p. 105 .
Cholewinski (2004)
R. Cholewinski The Need for Eective Remedies in Matters of Immigration and Border Control,
Migrantenrecht 7, 2004, p. 259262.
Cholewinski (2005)
R. Cholewinski, The Need for Eective Individual Legal Protection in Immigration Matters,
European Journal of Migration and Law, 7, 2005, p. 237262.
Cimade (2003)
Cimade, Centres et locaux de retention administrative, rapport 2003, Paris: 2003.
Cornelisse (2004)
G. Cornelisse, Human Rights for Immigration Detainees in Strasbourg: Limited Sovereignty or
a Limited Discourse? European Journal of Migration and Law 6, 2004, p. 93110.
Craig & Brca (1999)
P. Craig and B. de Brca (eds.), The evolution of EU law, Oxford: Oxford University Press 1999.
Curtin & Meijers (1997)
D. Curtin and H. Meijers, The Principle of Open Government in Schengen and the European
Union: Democratic Retrogression? in: Meijers (1997), p. 13 .
Davy (2006)
U. Davy, Immigration, Asylum and Terrorism: how do they relate in Germany? in: Baldaccini
& Guild (2006), p. 177 .
Dias Urbano De Sousa & De Bruycker (2004)
C. Dias Urbano De Sousa and Ph. De Bruycker (eds.), The emergence of a European asylum
policy/Lmergence dune politique europenne dasile, Brussels: Bruylant 2004.
van Dijk (2001)
P. van Dijk, Protection of Intergrated Aliens against Expulsion under the European Convention
on Human Rights, in: Guild & Minderhoud (2001), p. 23 .
van Dijk & van Hoof (2006)
P. van Dijk and F. van Hoof, Theory and Practice of the European Convention on Human Rights,
Antwerpen/Oxford: Intersentia 2006.
Donner (1993)
J.P.H. Donner, Abolition of Border Controls, in: Schermers et al. (1993), p. 5 .
Dougan (2004)
M. Dougan, National Remedies Before the Court of Justice. Issues of Harmonisation and
Dierentiation, Oxford and Portland, Oregon: Hart Publishing 2004.
Dumortier (1992)
J. Dumortier Het Schengen Informatie Systeem en de bescherming van persoonsgegevens, in:
Fijnaut, Stuyck & Wytinck (1992), p. 119 .
542
Bibliography
Dumortier (1997)
J. Dumortier, Protection of Personal Data in the Schengen Convention, International review of
law, computers and technology, p. 93106 1997.
Eicke (2003)
T. Eicke, Paradise Lost? Exclusion and Expulsion from the EU, in: Groenendijk, Guild
& Minderhoud (2003), p. 147 .
Elgesem (1999)
D. Elgesem, The structure of rights in Directive 95/46 on the protection of individuals with
regard to the processing of personal data and the free movement of such data, Ethics and
Information Technology 1, 1999, p. 283293.
Ellger (1991)
R. Ellger, Datenschutz und Europischen Binnenmarkt (Teil I), RDV 1991/2, p. 5765.
Elzinga (1989)
D.J. Elzinga, De democratische rechtsstaat als ontwikkelingsperspectief. Over machtsregulering
als ontwikkelingslijn, in: Engels & Middel (1989).
Engels & Middel (1989)
J.W.M. Engels, E.M. Middel (eds.), De rechtsstaat herdacht, Zwolle: W.E.J. Tjeenk Willink 1989.
Ensched (1974)
Ch.J. Ensched, Het interim-rapport Koopmans: een discussiebijdrage, NJB, 28 september
1974, a. 32, p. 1030.
Essakkili & Spijkerboer (2006)
S. Essakkili, T.P. Spijkerboer, De marginale toetsing in asielzaken, NJB, A. 2006/33, no. 1439.
Fasti (2002)
M. Fasti, The restrictive approach taken by the European Court of Human Rights: deportation
of longterm immigrants and right to family life (Part 1 and 2), Tolleys Immigration, Asylum and
Nationality Law, Vol. 16, nos 3 & 4, 2002.
Fernhout & Steenbergen (1994)
R. Fernhout and J.D.M Steenbergen, Rechtspraak Vreemdelingenrecht 1993, Nijmegen: Ars Aequi
Libri 1994.
Fijnaut (1993)
C.J.C.F. Fijnaut, Police cooperation in Western Europe, in: Schermers et al. (1993), p. 75 .
Fijnaut & Hermans (1987)
C. Fijnaut and R. Hermans (eds.), Police Co-operation in Europe, Lochem: J.B. van den Brink
1987.
Fijnaut, Stuyck & Wytinck (1992)
C. Fijnaut, J. Stuyck, P. Wytinck, Schengen: Proeftuin voor de Europese Gemeenschap? Antwerpen:
Gouda Quint 1992.
Flaherty (1989)
D.H. Flaherty, Protecting Privacy in Surveillance Societies. The Federal Republic of Germany,
Sweden, France, Canada and the United States, Chapel Hill: University of North Carolina
Press 1989.
Fode (1993)
H. Fode, Nordic Experience on Criminal Law, in: Schermers et al. (1993), p. 6169.
Forstho (1973)
E. Forstho, Lehrbuch des Verwaltungsrechts, Mnchen: C.H. Beck 1973.
Frowein & Stein (1987)
J.A. Frowein, Torsten Stein, Die Rechsstellung von Auslndern nach staatlichem Recht un
Vlkerrecht, Teil 1, Berlin/ Heidelberg: Springer Verlag 1987.
Bibliography
543
Garside (2006)
A. Garside, The political genesis and legal impact of proposals for the SIS II: what cost for data
protection and security in the EU? Sussex Migration Working Paper no. 30, March 2006, available
at http://www.sussex.ac.uk
Gautier (2005)
M. Gautier, La dpassement du caractre national de la juridiction administrative franaise:
le contentieux Schengen, Droit Administratif, Mai 2005, p. 7 .
Geddes (2000)
A. Geddes, Immigration and European Integration. Towards Fortress Europe? Manchester:
Manchester University Press 2000.
Giraud (1999)
Ph. Giraud, Lexprience de la France dans la mise en oeuvre de Schengen, in: Hailbronner &
Weil (1999), p. 3141.
GISTI (2003)
GISTI, Contrler, surveiller et punir, Analyse de la rforme Sarkozy sur lentre et le sjour des
trangers en France, Paris: GISTI April 2003.
GISTI (2003a)
GISTI, Les visas en France. La rglementation, les recours les texts, Paris: GISTI May 2003.
GISTI (2005)
GISTI, Utiliser le rfr administrative pour la dfense des trangers, Paris: GISTI November
2005.
GISTI (2006)
GISTI, Les Visas, Les Cahiers Juridiques, Paris: GISTI September 2006.
Giuseppin & Jansen (1996)
P.R. Giuseppin and W.A.M Jansen, Het Akkoord van Schengen en vreemdelingen. Een ongecontroleerde grens tussen recht en beleid? Verslag studiedag OSR 31 oktober 1996, Utrecht: NCB 1996.
Groenendijk (1993)
C.A. Groenendijk, The competence of the EC Court of Justice, in: Meijers et al. (1993),
p. 45 .
Groenendijk (2003)
K. Groenendijk, New Borders Behind Old Ones: Post-Schengen Controls Behind Internal
Borders and Inside the Netherlands and Germany, in: Groenendijk, Guild & Minderhoud
(2003), p. 131 .
Groenendijk (2003a)
K. Groenendijk, The Directive on mutual recognition of expulsion decisions: symbolic or unbalanced politics? in: P. de Bruycker (2003), p. 447463.
Groenendijk (2004)
K. Groenendijk, Re-instatement of controls at the internal borders of Europe: why and against
whom? European Law Journal 2, 2004, p. 150170.
Groenendijk (2006)
K. Groenendijk, Citizens and Third-Country Nationals: Dierential Treatment or Discrimination?
in: Carlier & Guild (2006), p. 79 .
Groenendijk, Guild & Minderhoud (2003)
K. Groenendijk, E. Guild, and P. Minderhoud (eds.), In Search of Europes Borders, The Hague/
London/New York: Kluwer Law International 2003.
Groeneweg, van den Berg, Verhey (2001)
H.W. Groeneweg, I.H. van den Berg, M. Verheij, Teksten en toelichting op de Vreemdelingenwet
2000, The Hague: SDU Uitgevers 2001.
544
Bibliography
Guild (2000)
E. Guild, Adjudicating Schengen: National judicial control in France, European Journal of
Migration and Law 1, 2000, p. 419439.
Guild (2000a)
E. Guild, European Community Law from a Migrants Perspective, The Hague/London/Boston:
Kluwer Law International 2000.
Guild (2001)
E. Guild, Moving the Borders of Europe, Inaugural lecture, Nijmegen: University of Nijmegen 2001.
Guild (2003)
E. Guild, The Borders Abroad Visas and Border Controls, in: Groenendijk, Guild & Minderhoud
(2003).
Guild (2004)
E. Guild, The Legal Elements of European identity. EU Citizenship and Migration Law, The Hague:
Kluwer Law International 2004.
Guild (2005)
E. Guild, The Legal Framework: Who is Entitled to Move? in: Bigo & Guild (2005), p. 14 .
Guild (2006)
E. Guild (ed.), Constitutional challenges to the European Arrest Warrant. A challenge for European
Law: the merging of international and external security. Nijmegen: Wolf Legal Publishers
2006.
Guild (2007)
E. Guild, Unreadable Papers? The EUs rst experiences with biometrics: Examining Eurodac
and the EU Borders, in: J. Lodge (ed.), Are you who you say you are? Liberty and security in the
EU, Nijmegen: Wolf Legal Publishers 2007, (forthcoming).
Guild & Niessen (1996)
E. Guild and J. Niessen, The Developing Immigration and Asylum Policies of the European Union,
The Hague/London/Boston: Kluwer Law International 1996.
Guild & Minderhoud (2001)
E. Guild and P. Minderhoud, Security of Residence and Expulsion: protection of aliens in Europe,
Leiden/Boston: Martinus Nijho Publishers 2001.
Guild & Geyer (2006)
E. Guild and F. Geyer, Getting local: Schengen, Prm and the dancing procession of Echternach
Three paces forward and two back for EU police and judicial cooperation in criminal matters,
December 2006, available at: http://www.ceps.be
Gutmann (1999)
R. Gutmann, Datenschutz und europischen Aufenthaltsrecht, ZAR 5, 1999, p. 229231.
Hailbronner (2000)
K. Hailbronner, Immigration and Asylum Law and Policy of the EU, The Hague: Kluwer Law
International 2000.
Hailbronner & Weil (1999)
K. Hailbronner and P. Weil (eds.), From Schengen to Amsterdam. Towards a European Immigration
and Asylum Legislation, Trier: ERA Series of Publications, Vol. 29, 1999.
Hartley (2003)
T.C. Hartley, The foundations of European Community Law, Oxford: Oxford University
Press 2003.
Harvey (2001)
C. Harvey, Promoting Insecurity: Public Order, Expulsion and the European Convention on
Human Rights, in: Guild & Minderhoud (2001), p. 41 .
Bibliography
545
Hayes (2004)
B. Hayes From the Schengen Information System to SIS II and the Visa Information System (VIS):
the proposals explained, Statewatch analysis, February 2004, http:// www.statewatch.org
Hayes (2005)
B. Hayes (2005), SIS II: fait accompli? Construction of EUs Big Brother database underway
Statewatch analysis, May 2005, http://www.statewatch.org
Hemesath (1995)
W. Hemesath, Das Schengener Informationssystem SIS , Ausschreibungskategorien und Aus
schreibungsmodalitten, Kriminalistik, 3/1995, p. 169171.
de Hert & Guthwirth (2003)
P. de Hert and S. Guthwirth, Making sense of privacy and data protection: a prospective overview
in the light of the future identity, location-based services and virtual residence, Annex 1 to the
report Security and Privacy for the Citizen in the Post-September 11 Digital Age: A Prospective Overview,
Technical Report Series, Institute for Prospective Technological studies, Brussels, July 2003.
de Hert & Gutwirth (2006)
P. de Hert and S. Gutwirth, Interoperability of Police Databases within the EU: An Accountable
Political Choice? International Review of Law Computers & Technology, Vol. 20, Nos. 1 & 2,
p. 2135.
de Hert, Schreurs & Brouwer (2006)
Paul de Hert, Wim Schreurs and Evelien Brouwer, Machine-Readable Identity Documents with Biometrical Data in the EU (Part I), Keesing Journal of Documents & Identity, Issue no. 21, 2006, p. 3 .
Hoeksma & Rensen (1990)
J.W. Hoeksma and H.L. Rensen, SIS moet voldoende bieden, niet meer en niet minder, Algemeen
Politieblad, nr. 8, 14 April 1990, p. 179183.
Holterman (1994)
Th. Holterman, Ongewenst signalering getoetst, Migrantenrecht 1994/5, p. 96.
Hondius (1975)
F.W. Hondius, Emerging Data Protection in Europe, Amsterdam: North-Holland Pub. Company
1975.
Hoogenboom (1992)
T. Hoogenboom, Free movement of non-EC nationals, Schengen and beyond, in: Meijers et al.
(1992), p. 74 .
den Houdijker (2006)
F.M.J. den Houdijker, Punitief karakter ongewenstverklaring, -signalering en rechtsbescherming, Migrantenrecht 67, 2006, p. 239243.
House of Lords (2006)
House of Lords, European Union Committee, Schengen Information System II (SIS II), Report
with Evidence, 9th report of session 200607, London: 2006.
Hreblay (1998)
V. Hreblay, Les Accords de Schengen. Origine, Fonctionnement, Avenir, Bruxelles: Bruylant 1998.
Hubert (1999)
P. Hubert, De Schengen Amsterdam: Questions juridiques et solutions institutionnelles, in:
Hailbronner & Weil (1999), p. 65 .
Hurwitz (1999)
A. Hurwitz, The 1990 Dublin Convention: A Comprehensive Assessment, International Journal
of Refugee Law 11 (4), 1999, p. 646677.
Jessurun dOliveira (1990)
H.U. Jessurun dOliveira, Schengen uitgerangeerd? NJB, 1990, nr. 4, p. 129131.
546
Bibliography
de Jong (1993)
C.D. de Jong, Cooperation in the eld of Aliens Law, in: Schemers (1993), p. 183 .
Julien-Laferrire (2005)
F. Julien-Laferrire, La loi no. 2003-1119 du 26 Novembre 2003 relative la matrise de
limmigration, au sjour des trangers en France et la nationalit, in : Carlier & De Bruycker
(2005), p. 530558.
Justice (2000)
Justice, The Schengen Information System. A human rights audit, London: Justice 2000.
Kant (2001)
M. Kant, Nothing doing? Taking stock of data trawling operations in Germany after 11
September 2001, Statewatch, May-August 2005 Vol. 15, no. 3/4, p. 19.
Karanja (2002)
S.K. Karanja, The Schengen Information System in Austria: An Essential Tool in Day to Day
Police and Border Control Work? The Journal of Information, Law and Technology 2002 (1), p.
Kaspersen & Oskamp (1990)
H.W.K. Kaspersen and A. Oskamp (eds.), Amongst Friends in Computers and Law. A Collection of
Essays in Remembrance of Guy Vandenberghe, Deventer/Boston: Kluwer Computer/Law Series 1990.
Kayser (1990)
P. Kayser, La protection de la vie prive, Marseille: Economica Presses universitaires dAixMarseille 1990.
Kayser (1995)
P. Kayser, La protection de la vie prive par le droit: protection du secret de la vie prive,
Aix-en-Provence: Economica Presses universitaires dAix-Marseille 1995.
de Kerchove (1998)
G. de Kerchove, Une espace de libert, de scurit et de justice, in: den Boer et al. (1998),
p. 197204.
Kjaer (2003)
K. Kjaer, How Many Borders in the EU? in: Groenendijk, Guild & Minderhoud (2003),
p. 169 .
Kleijne (2001)
J. Kleijne, Artikelsgewijs commentaar op de Vreemdelingenwet 2000 en het Vreemdelingenbesluit
2000, Deventer: Kluwer 2001.
Klip (1997)
A.H. Klip, Uniestrafrecht is op hol geslagen, NJB 11 April 1997, a. 15, p. 663671.
Kommers (1997)
D.P. Kommers, The Constitutional Jurisprudence of the Federal Republic of Germany, Durham and
London: Duke University Press 1997.
Kor (1990)
D. Kor, The Schengen Information System: also a question of data protection, in: Mols (1990),
p. 67 .
Kroon (1997)
L.M.N. Kroon, European information systems: beyond borders? Barriers within the development
process of the Schengen Information System and the Social Security Network, Delft: Eburon 1997.
Kuijer/Steenbergen (2005)
A. Kuijer et al., Nederlands Vreemdelingenrecht, Den Haag: Boom Juridische Uitgevers 2005.
Kunig (1989)
Ph. Kunig, Das Rechtsstaatsprinzip: berlegungen zu seiner Bedeutung fr das Verfassungsrecht der
Bundesrepublik Deutschland, Tbingen: Mohr (Siebeck) 1989.
Bibliography
547
Lavenex (2001)
S. Lavenex, The Europeanisation of Refugee policies. Between human rights and internal security,
Aldershot: Ashgate 2001.
Lawson (1999)
R. Lawson, Het EVRM en de Europese Gemeenschappen, Europese Monograen no. 61, The
Hague: Kluwer 1999.
Lecucq (2004)
O. Lecucq, Lexamen par le Conseil Constitutionnel de la nouvelle lgislation sur limmigration,
AJDA, 22 mars 2004, p. 599606.
Leutheusser-Schnarrenberger (2004)
S. Leutheusser-Schnarrenberger, Ein System gert ausser Kontrolle: Das Schengener
Informationssystem, Zeitschrift fr Rechtspoltik, 14 Juni 2004, 37. Jahrgang, p. 97101.
Lodge (2005)
J. Lodge, eJustice, Security and Biometrics: the EUs Proximity Paradox, European Journal of
Crime, Criminal Law and Criminal Justice, Vol. 13/4, 2005, p. 533564.
Magnon (2003)
X. Magnon, Le champ dapplication territorial de laccord de Schengen, Lactualite juridique,
Droit administratif 13, 2003, p. 683684.
Malabre (2001)
J.E. Malabre, Security of residence and expulsion: protection of aliens in Europe: the French
experience, in Guild & Minderhoud (2001), p. 125137.
Marinho (2001)
L. Marinho, Asylum, Immigration and Schengen Post Amsterdam, Maastricht: EIPA 2001.
Marx (2004)
R. Marx, Terrorismusvorbehalte des Zuwanderungsgesetzes, ZAR, 8/2004, p. 275282.
Maurer (2002)
H. Maurer, Allgemeines Verwaltungsrecht, Mnchen: C.H. Beck 2002.
Meijers (1992)
H. Meijers et al., Schengen Internationalisation of central chapters of the law on aliens, refugees,
privacy, security and the police, Leiden: Stichting NJCM-Boekerij 1992.
Meijers (1993)
H. Meijers et al., A New Immigration Law for Europe? Utrecht: Centre for Immigrants 1993.
Meijers (1997)
H. Meijers (ed.), Democracy, Migrants and Police in the European Union: the 1996 IGC and
beyond, Forum: Utrecht 1997.
Melis (2001)
B. Melis, Negotiating Europes Immigration Frontiers, Deventer: Kluwer Law International 2001.
Michael & Heimans (1990)
P.A. Michael and D. Heimans, Privacybescherming in SIS is uitvoerig geregeld, Algemeen
Politieblad, nummer 9, 28 april 1990, p. 203 .
Miles & Thrnhardt (1995)
D. Miles, D. Thrnhardt Migration and European Integration, London: Pinter Publishers
1995.
Minderhoud (2000)
P. Minderhoud, The Dutch Linking Act and the Violation of Various International NonDiscrimination Clauses, European Journal of Migration and Law 2000, p. 185201.
Mols (1997)
G.P.M.F. Mols (ed.): Dissonanten bij het Schengen akkoord, Deventer: Kluwer 1990.
548
Bibliography
Monar (2000)
J. Monar, The Impact of Schengen on Justice and Home Aairs, in: Den Boer (2000), p. 21 .
Nascimbene (2001)
B. Nascimbene (ed.), Expulsion and detention of aliens in the European Union countries, Milan:
Giur Editore 2001.
Niessen (1996)
J. Niessen, The European Unions Migration and Asylum Policies, in: Guild & Niessen (1996), p. 3 .
Noll & Vedsted-Hansen (1999)
G. Noll and J. Vedsted-Hansen, Non-Communitarians: Refugee and Asylum Policies, in: Alston
(1999), p. 359 .
Nugter (1990)
A.C.M. Nugter, Transborder Flow of Personal Data within the EC. A comparative analysis of the
privacy statutes of the Federal Republic of Germany, France, the United Kingdom and the Netherlands
and their impact on the private sector, diss., Deventer: Kluwer Law and Taxation Publishers
1990.
OKeee (1993)
D. OKeee, Convention on Crossing External Borders, in: Pauly (1993), p. 171 .
OKeee (2000)
D. OKeee, Judicial Review in European Union Law, The Hague: Kluwer Law International
2000.
Overkleeft-Verburg (1995)
G. Overkleef-Verburg, Wet persoonsregistraties, Norm, toepassing en evaluatie, Zwolle: W.E.J.
Tjeenk Willink 1995.
Pallet (2001)
L. Pallet, The UK position. Implementing the Schengen Protocol, in: Marinho (2001), p. 9195.
Pallez (2004)
C. Pallez, LExercise du pouvoir de sanction est une rvolution culturelle pour la CNIL, Petites
aches, 29.09.2004, no. 195, p. 3.
Pauly (1993)
A. Pauly (ed.), Les accords du Schengen: Abolition des frontires intrieures ou menace pour les libert
publiques? Maastricht: EIPA 1993.
Pauly (1996)
A. Pauly (ed.), De Schengen Maastricht: voie royale et course dobstacles, Maastricht: EIPA 1996.
Peers (2001)
S. Peers, Key Legislative Developments on Migration in the European Union (1) European
Journal of Migration Law 3, 2001, p. 231255.
Peers (2001a)
S. Peers, Immigration, Asylum and the European Union Charter of Fundamental Rights,
European Journal of Migration Law 3, 2001, p. 141169.
Peers (2002)
S. Peers, EU Immigration and Asylum law after Seville, Tolleys Immigration, Asylum and
Nationality Law, vol. 16, no. 3, 2002.
Peers (2003)
S. Peers, Key Legislative Developments on Migration in the European Union (2) European
Journal of Migration Law 5, 2003, p. 107141.
Peers (2006)
S. Peers, From Black Market to Constitution: The Development of the Institutional Framework
for EC Immigration and Asylum Law, in Peers & Rogers (2006), p. 19 .
Bibliography
549
550
Bibliography
Schlink (1982)
B. Schlink, Die Amtshilfe. Ein Beitrag zu einer Lehre von der Gewaltenteilung in der Verwaltung,
Berlin: Duncker & Humblot 1982.
Schmahl (2004)
S. Schmahl, Internationaler Terrorismus aus der Sicht des deutschen Auslnderrechts, ZAR
7/2004, p. 217225.
Schmid (2003)
Ch. Schmid, Eurodac Verordnung. Europisches System zur Identizierung von Fingerabdrcken,
Wien: NWV Verlag 2003.
Schmid-Drner
Marion Schmid-Drner, Der Begri der entlichen Sicherheit und Ordnung im Einwanderungsrecht
ausgewhlter EU-Mitgliedstaaten: Status quo und Reformbedarf auf europischer Ebene, BadenBaden: Nomos Verlag 2007.
Schriever-Steinberg (1994)
A. Schriever-Steinberg, Das Auslnderzentralregistergesetz, NJW 1994, Heft 50, p. 32763277.
Schrder (2001)
B. Schrder, Das Fingerabdruckvergleichssystem EURODAC, in ZAR 2/2001, p. 7176.
Schutte (1990)
J.J.E. Schutte, Strafrecht in Europees verband, Justitile verkenningen, 1990.
Simitis (1990)
S. Simitis, Datenschutz und Europischen Gemeinschaft, RDV 1990, Heft 1, p. 323.
Simitis (1999)
S. Simitis, Revisiting Sensitive Data, Review of the answers to the Questionnaire of the
Consultative Committee of the Convention for the Protection of Individuals with regard to
Automatic Processing of Personal Data (ETS 108), Strasbourg, 2426 November 1999.
Simitis (2006)
S. Simitis (ed.), Bundesdatenschutzgesetz, Baden-Baden: Nomos 2006.
Spijkerboer & Vermeulen (2005)
T.P. Spijkerboer and B.P. Vermeulen, Vluchtelingenrecht, Nijmegen: Ars Aequi Libri 2005.
Staples (1999)
H. Staples, The legal status of third country nationals resident in the European Union, The Hague/
London/Boston: Kluwer Law International 1999.
Staples (2000)
H. Staples, Adjudicating the Schengen Agreements in the Netherlands, European Journal of
Migration Law 2, 2000, p. 4983.
Steenbergen (1992)
J.D.M. Steenbergen, Schengen and the movement of persons, in: Meijers et al. (1992), p. 57 .
Steenbergen (1997)
J.D.M. Steenbergen, De grenzen van Schengen, in: Giuseppin & Jansen (1997), p. 1825.
Steenbergen (1999)
J.D.M. Steenbergen, All the Kings Horses Probabilities and Possibilities for the Implementation
of the New Title IV EC Treaty, European Journal of Migration Law 1, 1999, p. 2960.
Swart (1978)
A.H.J. Swart, De toelating en uitzetting van vreemdelingen, Deventer: Kluwer 1978.
Swart (2001)
A.H.J. Swart, Een ware Europese rechtsruimte, Deventer: Gouda Quint 2001.
Temple Lang (2000)
John Temple Lang, The Principle of Eective Protection of Community Law Rights, in: OKeee
(2000), p. 235 .
Bibliography
551
Tuner (2000)
M. Tuner, Das Schengener Informationssystem (SIS), Ein Quantensprung der polizeilichen
Fahndung in Europa, Kriminalistik 1/00, p. 3943.
Turpin (2004)
D. Turpin, Les nouvelles lois sur limmigration et lasile dans le contexte de lEurope et la mondialisation, Revue critique de droit international priv, 93 (2) avril-juin 2004, p. 311393.
Vedsted-Hansen (2001)
J. Vedsted-Hansen, Abolition of Border Controls within the Nordic Region and Security of
Residence in Denmark, in: Guild & Minderhoud (2001), p. 91 .
Verhey (1991)
L.F.M. Verhey, Privacy aspecten van de uitvoeringsovereenkomst van het Akkoord van Schengen,
NJB 31 januari 1991, a. 5, p. 217 .
Verhey (1992)
L.F.M. Verhey, Privacy aspects of the Convention, in: Meijers et.al. (1992), p. 110 .
Verschueren (1992)
H. Verschueren, Vrij verkeer van personen in Schengen-verdragen, in: Fijnaut, Struijk &
Wytinck (1992), p. 1354.
Wallace & Wallace (1996)
H. Wallace and W. Wallace, Policy-Making in the European Union, Oxford: Oxford University
Press 1996.
Warren & Brandeis (1890)
S.D. Warren and L.D. Brandeis, The Right to Privacy, Harvard Law Review, Vol. IV, 15
December, no. 5, 1890.
Wayman (2006)
J. Wayman, Linking Persons to Documents with Biometrics. Biometric systems from the 1970s
to date, Keesing Journal of Documents & Identity, Issue 16, 2006, p. 14.
Webber (1996)
F. Webber, Crimes of Arrival: Immigrants and Asylum-seekers in the New Europe, London:
Statewatch Publications 1996.
Weichert (1990)
Th. Weichert, Das geplante Schengen-Informationssystem, Computerrecht 1/1990.
Weichert (1993)
Th. Weichert, Auslndererfassung in der Bundesrepublik. Die informationele Sonderbehandlung
von Immigrantinnen und Flchtlingen, Brgerrechte & Polizei/CILIP 45, 2/1993.
Weichert (1998)
Th. Weichert, AZRG. Kommentar zum Auslnderzentralregistergesetz, Neuwied-Kriftel:
Luchterhand 1998.
Weichert (2002)
Th. Weichert, Datenschutz fr Flchtlinge nach der Anti-Terr0r-Gesetzgebung, Asylmagasin
4/2002, p. 49.
Weil (1997)
P. Weil, Rapports au Premier Ministre. Mission dtudes des lgislations de la nationalit et de
limmigration, Paris: La documentation franaise 1997.
Westphal (1999)
V. Westphal, Die Ausschreibung zur Einreiseverweigerung im Schengener Informationssystem Vorraussetzungen, Wirkungen und Rechtsschutzmglichkeiten, InfAuslR 1999,
p. 361365.
Westphal & Stoppa (2007)
V. Westphal and E. Stoppa, Auslnderrecht fr die Polizei, Lbeck: Westphal/ Stoppa 2007.
552
Bibliography
Wilkesmann (1999)
P. Wilkesmann, Pldoyer fr das Schengener Informationssystem, NStZ 1999, Heft 2, p. 6871.
Westin (1967)
A.F.Westin, Privacy and Freedom, New York: Athenaeum 1967.
van Winckel (1982)
J.J.A.M van Winckel, Het personenverkeer in de Benelux, SEW 7/8, 1982, p. 552562.
de Wit (1991)
M.L.S. de Wit, Het akkoord van Schengen: vergelijkend onderzoek tussen Nederland en Frankrijk,
Mast. Thesis, University Nijmegen 1991.
Woltjer (1995)
A. Woltjer, Schengen: The Way of No Return? Maastricht Journal of European and Comparative
Law 2, 1995, p. 256278.
de Zwaan (1993)
J. de Zwaan, Institutional Problems and Free Movement of Persons, in: Schermers et al. (1993),
p. 335 .
Jurisprudence
European Court of Human Rights (http://www.echr.coe.int/)
Klass v. Germany, 6 September 1978, no. 5029/71, Series A 28 .................... 160,
167169, 174, 175, 196, 201, 264, 324, 412
Airey, 9 October 1979, no. 6289/73 Series A 32 ................................... 163, 259
Albert and Le Compte I and II, 10 February 1983, nos. 7299/75
and 7496/76 Series A 58 ........................................................................... 262
Silver and others v. United Kingdom, 25 March 1983, no. 5947/72,
Series A 61 ................................................................................................ 254
Zimmermann v. Switzerland, 13 July 1983, no. 8737/79, Series A 66 ............ 259
Malone v. United Kingdom, 2 August 1984, no. 8691/79,
Series A 82 ........................................................................ 160, 164, 169, 173
Benthem v. Netherlands, 23 October 1985, no. 8848/80, Series A 97 ............. 246
Rees v. United Kingdom, 17 October 1986, no. 8532/81, Series A 106 .......... 156
Leander v. Sweden, 26 March 1987, no. 9248/81,
Series A no. 116 ........ 153, 154, 164, 166168, 170, 173175, 199, 264, 324
Belilos v. Switzerland, 29 April 1988, no. 10328/83, Series A 132 ......... 258, 262
Gaskin v. United Kingdom, 7 July 1989, Series A no. 160 ..................... 155, 156,
167, 169, 173, 175, 199, 324
Kruslin and Huvig v. France, 24 April 1990 (joined cases) nos. 11801/95
and 11105/84, Series A 176 A and B ........................ 164, 165, 168, 173, 324
Obermeier v. Austria, 28 June 1990, no. 11761/85, Series A 179 ................... 263
Moustaquim v. Belgium, 18 February 1991, no. 12313/86,
Series A 193 ...................................................................................... 256, 268
Cardot v. France, 19 March 1991, no. 11069/84, Series A 200 ...................... 254
Oberschlick v. Austria (I), 23 May 1991, no. 11661/85, Series A 204............. 258
Vilvarajah and others v. United Kingdom, 30 October 1991,
no. 13163/87, Series A 215 ............................................... 257, 259, 264, 325
Castells v. Spain, 23 April 1992, no. 11798/85, Series A 236 ......................... 254
Geoure de la Pradelle v. France, 16 December 1992, no. 12964/87,
Series A 253 .............................................................................. 246, 254, 259
Niemietz v. Germany, 16 December 1992, no. 13710/88
Series A 251B............................................................................ 153, 155, 197
Evelien Brouwer, Digital Borders and Real Rights, pp. 553562.
2008 Koninklijke Brill NV. Printed in the Netherlands.
554
Jurisprudence
Jurisprudence
555
556
Jurisprudence
Jurisprudence
557
France
(most of the following decisions can be found at http://www.legifrance.gouv.fr)
Conseil Constitutionnel
25 July 1991, no. 91294, JO 27 July 1991 ......................................... 332, 333
13 August 1993, no. 93325 DC JO 18 August 1993 .................................. 351
22 April 1997, no. 97389 DC, JO 25 April 1997 ....................... 347, 351, 363
Cour de Cassation
18 May 2005, Jabeur, no. 04-50-053 ........................................................... 364
Conseil dtat
CE 22 July 1994, Chambre syndicale du Transport Arien, no. 145606 .......... 370
CE 29 December 1997, Thorel, no. 140325 ................................................. 370
CE 9 June 1999, Hamssaoui, no. 198344 ..................................................... 368
CE 9 June 1999, M. et Mme. Forabosco, no. 190384 ............................ 368, 370
CE 6 October 1999, Bafandi, no. 186082 .................................................... 375
CE 28 July 2000, Faifer, no. 205435 ............................................................ 369
CE 25 October 2000, Cucicea-Lamblot, no. 212315 .................................... 373
CE 9 July 2001, Matumona, no. 209037 ...................................................... 371
558
Jurisprudence
Jurisprudence
559
Tribunal administratif Nice, Barzilay, 16 July 2002, no. 023061 .......... 369, 375
Tribunal administratif Pau, Anton, 19 November 2004, no. 0301352 .......... 369
Germany
Bundesverfassungsgericht (http://www.bundesverfassungsgericht.de)
BVerfG 15.12.1970, 2 BvF 1/69 .................................................................. 412
BVerfG 09.06.1973, 1 BvL 14/72 ................................................................ 412
BVerfG 18.07.1973, 1 BvR 23 155/73 ......................................................... 411
BVerfG 26.09.1978, 1 BvR 525/77 NJW 1978, Heft 48, p. 2446 ................ 420
BVerfG 27.03.1980, 2 BvR 316/80 .............................................................. 412
BVerfG 06.06.1983, 2 BvR 244, 310/83 ...................................................... 419
BVerfG 15.12.1983, 1 BvR 209/83, BVerfGE 65 E 40 ........................ 198, 417
BVerfG 16.03.1999, 2 BvR 2131/95 ............................................................ 411
BVerfG 27.10.1999, 1 BvR 385/90 ...................................................... 411, 443
BVerfG 10.10.2001, BvR 1970/95 ............................................... 400, 422, 428
BVerfG 05.12.2001, 2 BvR 527/99 .............................................................. 437
BVerfG 04.04.2006, 1 BvR 518/02 .............................................................. 408
BVerfG 09.11.2006, BvR 1908/03 ....................................................... 437, 439
Bundesverwaltungsgericht (http://www.bundesverwaltungsgericht.de)
BVerwG 10.07.2001, Az. 1 C 35.00 .................................................... 437, 438
BVerwG 14.03.2002, Az. 1 C 15.01 .................................................... 412, 416
BVerwG 04.09.2003, Az. 1 B 288.02 ........................................................... 438
Verwaltungsgerichtshof Kassel (http://www.vg-kassel.justiz.hessen.de)
19.11.2003, Az. 12 TG 2668/03 .......................................................... 436, 437
11.12.2003, Az. 9 TG 546/03 ...................................................................... 436
12.01.2004, Az. 12 TG 3204/03 .................................................................. 436
Oberverwaltungsgericht Dsseldorf (http://www.olg-duesseldorf.nrw.de)
8 February 2002, Az. 3 Wx 351/01 .............................................................. 406
8 February 2002, Az. 3 Wx 357/01 .............................................................. 407
Oberverwaltungsgericht Koblenz (http://cms.justiz.rlp.de)
22.3.2002 Az. 12 B 10331/02 ...................................................................... 407
07.06.2002, Az. 12 A 10349/99 ................................................................... 438
19.04.2007, Az. A 11437/06 ........................................................................ 439
560
Jurisprudence
Verwaltungsgericht
Verwaltungsgericht Frankfurt am Main, Az. 07.03.1995,
Az. 11 E 3067/94 (http://www.vg-frankfurt.justiz.hessen.de) ................... 434
Verwaltungsgericht Kassel, 23.03.1998, Az. 12 VE 1310/95
(http://www.vg-kassel.justiz.hessen.de) ..................................................... 434
Verwaltungsgericht Koblenz, 09.11.1998, Az. VG 3 K 938/98.KO
(http://cms.justiz.rlp.de) ........................................................................... 437
Verwaltungsgericht Hamburg, 27.02.2002, Az. 14 VG 446/02
(http://lrha.juris.de/cgi-bin/laender_rechtsprechung/ha_frameset.py)....... 407
Verwaltungsgericht Dsseldorf, 07.08.2002, Az. 24 L 2837/02,
InfAusIR 10/2002 (http://www.justiz.nrw.de) ........................... 415, 432, 434
Verwaltungsgericht Giessen, 08.11.2002, Az. 10 G 4510/02
(http://www.vg-kassel.justiz.hessen.de) ..................................... 408, 416, 421
Verwaltungsgericht Frankfurt am Main, 21.07.2004,
Az. 1 E 2479/04 (www.vg-frankfurt.justiz.hessen.de) ............................... 436
Verwaltungsgericht Berlin, 3 December 2004, Az. 1 A 151/04 ............. 432, 434
Amtsgericht
Amtsgericht Tiergarten, 15.01.2002, Az. 84 T 8/02 ..................................... 407
Landgericht
Landgericht Wiesbaden, 6.02.02, Az. 4 T 707/01 ........................................ 407
Kammergericht
Kammergerichts Berlin, 16.04.2002 zur Rasterfahndung Az. 1
W 8998/02 ............................................................................................ 407
The Netherlands
(many of the following decisions can be found at
http://www.rechtspraak.nl)
Afdeling Bestuursrechtspraak Raad van State
4 July 2006, case no. 200602107/1, LJN: AY3839 ....................................... 459
Hoge Raad
19 February 1993, no. 14917, RV 1993/70 .................................................. 471
Jurisprudence
561
Gerechtshof
Gerechtshof Den Haag, 16 November 2000, AB 2002/10............................ 494
Rechtbank
Rechtbank Haarlem, 18 August 1999, JV 1999/269 .................................... 493
Rechtbank Amsterdam, 24 September 1999, JV 2000/8............................... 490
Rechtbank Den Haag, 8 December 1999, JV 2000/59 ......................... 491, 493
Rechtbank Den Haag, 5 January 2000, JV 2000/51 ..................... 491, 494, 507
Rechtbank Den Haag, 10 January 2001, JV 2001/52 ................................... 499
Rechtbank Den Haag, 14 March 2001, RV 2001/52 .................................... 499
Rechtbank Den Haag, 8 March 2002, JV 2002/162..................................... 491
Rechtbank Den Bosch, 16 July 2004, LJN: AR7219 .................................... 502
Rechtbank Breda, 11 March 2005, AWB 04/24331 ............................. 492, 500
Rechtbank Alkmaar, 24 August 2005, LJN: AU3548, JV 2005/447 ............. 500
Rechtbank Amsterdam, 21 October 2005, JV 2006/69 ................................ 496
Rechtbank Amsterdam, 1 November 2005, AWB 05/48355,
AWB 05/48358 ........................................................................................ 497
Rechtbank Alkmaar, 10 November 2005, no. 79543/HA ............................. 495
Rechtbank Haarlem, 6 December 2005, LJN AW2418 ................................ 495
Rechtbank Den Haag, 8 December 2005, no. 03/890 NAV no. 2,
April 2006, p. 111 .................................................................................... 501
Rechtbank Groningen, 1 February 2006, LJN: AV0808 ............................... 502
Rechtbank Amsterdam, 23 June 2006, AWB 06/27382,
AWB, 06/27348 ....................................................................................... 498
Rechtbank Haarlem, 24 July 2006, LJN: AY6520 ........................................ 485
Rechtbank Amsterdam, 2 October 2006, LJN: AY9280 ............................... 502
Rechtbank Assen, 22 December 2006, AWB 06/58704................................ 502
Rechtbank Amsterdam, 23 March 2007, LJN: BA3547, JV 2007/245 ......... 498
Rechtbank Den Bosch of 4 April 2007, LJN: BA2132 ................................. 503
Nationale Ombudsman (http://www.nationaleombudsman.nl)
Decision of 14 May 1998, report no. 1998/164 ........................................... 505
Decision of 28 January 2000, report no. 2000/28 ........................................ 505
Decision of 29 October 2003, report no. 2003/388 ..................................... 504
Index
A
AAH-SD 390, 391, 392, 393, 397, 398,
423
Abschiebung 391, 430
Ad Hoc Group of Immigration 24
Afdeling Bestuursrechtspraak van de Raad
van State 488
AGDREF 344, 345, 346, 347, 357, 379
AIVD 459
algemene identicatieplicht 446
Amsterdam Treaty 29, 30, 39, 41, 42, 43,
57, 72, 120, 190, 305
Amtshilfe 202, 420, 421
Area of Freedom, Security, and Justice 29
Asylum 2, 3, 15, 23, 24, 26, 27, 28, 29, 31,
32, 34, 38, 41, 42, 46, 56, 60, 63, 74, 77,
90, 101, 114, 117, 118, 119, 120, 121,
122, 123, 124, 125, 126, 128, 132, 133,
134, 135, 137, 141, 142, 143, 150, 211,
247, 252, 257, 260, 264, 265, 269, 273,
275, 281, 283, 284, 287, 288, 289, 294,
295, 296, 298, 299, 300, 301, 310, 313,
315, 316, 320, 331, 332, 334, 335, 347,
352, 360, 371, 385, 386, 393, 399, 402,
416, 427, 428, 432, 436, 440, 441, 442,
445, 447, 448, 453, 458, 462, 463, 470,
471, 472, 473, 487, 488, 501, 505, 513,
514, 516, 518, 521, 523, 526, 531, 533
Aufenthaltsgesetz 390, 429
Auslndergesetz 390, 422
Ausreisepicht 391
AWB 478, 484, 486, 487, 492, 497, 498,
500, 502, 505
AZR 393, 398, 399, 400, 402, 403, 405,
419, 422, 428, 443
AZRG 383, 399, 400, 402, 403, 422
B
BDSG 417, 423, 424, 426, 429
564
Index
nancial repair
right to 242, 324, 325, 375, 502
FPR 338, 339, 344, 345, 346
freedom of movement 7, 15, 25, 30, 56, 63,
75, 97, 133, 162, 163, 173, 174, 251, 268,
276, 279, 285, 297, 305, 307, 308, 329,
335, 451, 503, 511, 515, 516, 534
G
GBA 199, 460, 469
Gendarmerie 9
H
Hague Programme 31, 74
HAVANK 470, 471, 472, 473
Hoge Raad 471
I
IND 9, 460, 461, 462, 463, 464, 465, 466,
479, 480, 481, 482, 484, 486, 488, 490,
491, 492, 496, 497, 499, 508, 510
informational division of powers 201, 202,
208, 421
informationelle Gewaltenteilung 420, 421
informationelles Selbstbestimmungsrecht 418
interdiction du territoire franais 378
interlinking 101, 113
internal borders 16, 17, 19, 21, 35, 45, 56,
65, 332, 384, 387
internal security 3, 22, 25, 32, 78, 93, 100,
107, 128, 130, 132, 133, 134, 138, 143,
144, 169, 172, 174, 336, 385, 389, 394,
400, 401, 403, 406, 407, 412, 413, 440,
475, 515, 519, 528
interoperability
principle of 2, 101, 117, 133, 134, 174,
389, 452, 515, 517
Interpol 24, 51, 84, 85, 105, 471
J
Joint Supervisory Authority (JSA) 10, 219,
229, 448
JSA 66, 70, 94, 185, 219, 229, 230, 231,
428, 448, 482
K
KLPD 9, 460, 467, 468, 479, 480, 481, 482,
492, 494, 495, 502, 508, 509
Index
L
LIFL 349, 350, 351, 352, 353, 354, 356,
357, 358, 361, 379, 381
Loi Chevnement 343, 359,
362, 365
Loi Debr 346, 347, 359, 365
Loi Pasqua 359, 361, 364
Loi Sarkozy 338, 359, 360, 364, 366
M
Mikrozensusurteil 417
N
national security 2, 35, 47, 48, 49, 52, 54,
61, 63, 65, 89, 96, 101, 107, 108, 132,
152, 154, 157, 164, 166, 167, 207, 217,
222, 223, 245, 246, 252, 253, 256, 257,
264, 269, 271, 325, 330, 336, 352, 353,
356, 362, 366, 377, 379, 395, 402, 411,
440, 442, 448, 456, 458, 459, 474, 487,
488, 516, 520, 530
non-discrimination principle 221, 248, 267,
294, 517
Nordic Passport Union 21
O
OECD 179, 182, 183, 204, 349
OFPRA 347, 352
ongewenst gesignaleerde vreemdelingen 455,
457
ongewenst verklaarde vreemdelingen 455
ongewenstverklaring 455
OPS 455, 460, 462, 491, 505
P
Passport Union 16
Persnlichkeitsrecht 418, 435
preliminary
proceedings 44, 58, 71, 287, 306, 311,
312, 313, 314, 315, 401, 502, 521, 525,
533, 535
questions 44, 58, 71, 287, 306, 311, 312,
313, 314, 315, 401, 502, 521, 525, 533,
535
request 44, 58, 71, 287, 306, 311, 312,
313, 314, 315, 401, 502, 521, 525,
533, 535
565
proportionality
principle of 94, 95, 107, 142, 144, 150,
151, 152, 165, 167, 169, 196, 197, 222,
223, 240, 298, 305, 317, 319, 324, 352,
375, 394, 413, 435, 442, 443, 499, 507,
510, 522, 525, 528, 532
Prm Treaty 46
purpose limitation 185, 198, 202, 204,
205, 207, 208, 209, 213, 223, 239, 240,
317, 517
R
Rasterfahndung 403, 404, 406, 409, 421,
435, 441, 442
RMV 343, 345, 346
rule of law 40, 164, 165, 167, 175, 195, 200,
201, 208, 240, 247, 266, 275, 303, 305,
309, 314, 360, 413, 420, 430, 435, 512
S
Schengen acquis 36, 38, 39, 40, 41, 42, 43,
44, 57, 58, 59, 63, 72, 86, 89, 90, 121,
189, 281, 292, 333
Schengen Borders Code 62, 100, 289, 290,
296, 301, 321, 454, 485, 518, 531
sensitive data 150, 156, 158, 166, 174, 175,
212, 213, 240, 477, 515, 517
Single Market 18, 21, 23
SIRENE 9, 53, 58, 68, 69, 76, 81, 83, 87,
92, 97, 99, 103, 109, 128, 210, 219, 337,
340, 341, 389, 395, 396, 397, 422, 449,
460, 461, 462, 467, 468, 477, 478, 502,
529, 534
SIRPIT 99, 116
suspensive eect 5, 282, 289, 291, 299, 300,
310, 318, 319, 320, 321, 342, 360, 364,
366, 381, 415, 484, 488, 522
T
Tampere Conclusions 30, 89, 275, 276
terrorist lists 79, 96, 97, 519
Treaty of Amsterdam 41, 57, 58, 333, 447
Treaty of Maastricht 8, 275, 304
Treaty of Rome 15
U
bermaverbot 413
566
Index
V
Verfassungsbeschwerde 400
Verhltnismssigkeit 413, 442
Volkszhlungsurteil 197, 199, 202, 399, 417,
419, 435, 441
Vreemdelingenbesluit 2000 454
W
WBP 477, 478, 479, 480, 481, 482, 483, 484
Z
Zurckschiebung 391, 398
Zuwanderungsgesetz 390, 399