Digital Borders and Real Rights

Immigration and Asylum Law and

Policy in Europe
VOLUME 15

Editors

Elspeth Guild
Kingsley Napley Solicitors, London,
Centre for Migration Law, Radboud University Nijmegen

Jan Niessen
Migration Policy Group, Brussels

The series is a venue for books on European immigration and asylum law and
policies where academics, policy makers, law practitioners and others look to
nd detailed analysis of this dynamic eld. Works in the series will start from a
European perspective. The increased co-operation within the European Union
and the Council of Europe on matters related to immigration and asylum requires
the publication of theoretical and empirical research. The series will contribute to
well-informed policy debates by analysing and interpreting the evolving European
legislation and its eects on national law and policies. The series brings together
the various stakeholders in these policy debates: the legal profession, researchers,
employers, trade unions, human rights and other civil society organisations.

Digital Borders and Real Rights

Eective Remedies for
Third-Country Nationals in the
Schengen Information System

By

Evelien Brouwer

LEIDEN BOSTON
2008

This book is printed on acid-free paper.

Library of Congress Cataloging-in-Publication Data
Brouwer, Evelien Renate, 1966Digital borders and real rights : eective remedies for third-country
nationals in the Schengen Information System / by Evelien Brouwer.
p. cm. -- (Immigration and asylum law and policy in Europe, ISSN 1568-2749; 15)
Includes bibliographical references and index.
ISBN 978-90-04-16503-8 (hardback : alk. paper) 1. Emigration and immigration
law--European Union countries--Databases. 2. Emigration and immigration law--European
Union countries--Computer network resources. 3. Aliens--Civil rights--European Union
countries. 4. Privacy, Right of--European Union countries. 5. Asylum, Right of--European
Union countries. 6. Data protection--Law and legislation--European Union countries.
7. Freedom of movement--European Union countries. I. Title.
KJE6050.B76 2008
342.24082--dc22
2008011946

This book was edited by Hannie van de Put, Centre for Migration Law, Radboud
University Nijmegen.
The English text has been revised by Claire Singleton, translator, Los Alamos, United States.
ISSN 15682749
ISBN 978 90 04 16503 8
Copyright 2008 by Koninklijke Brill NV, Leiden, The Netherlands.
All rights reserved. No part of this publication may be reproduced, translated, stored in
a retrieval system, or transmitted in any form or by any means, electronic, mechanical,
photocopying, recording or otherwise, without prior written permission from the publisher.
Authorization to photocopy items for internal or personal use is granted by Brill Provided that the
appropriate fees are paid directly to The Copyright Clearance Center, 222 Rosewood Drive, Suite
910, Danvers, MA 01923, USA.
Fees are subject to change.
printed in the netherlands

Contents
Acknowledgments ........................................................................................xxiii
Abbreviations ................................................................................................ xxv
Chapter1 Introduction............................................................................. 1
1. The Schengen Information System and Other EU Databases:
Tools for Border and Immigration Control ................................................. 1
2. Problem ...................................................................................................... 2
3. A Right to Eective Remedies? .................................................................... 4
3.1. Questions ............................................................................................ 4
3.2. Criteria to Assess Availability of Eective Remedies............................. 5
4. Outline ....................................................................................................... 7
5. Denitions and Explanation of Used Terms ................................................ 7
6. Sources and Interviewees ............................................................................. 8
Part I Border Control and Data Surveillance in the EU
Chapter 2 Towards Schengen: The Abolition of
Internal Border Controls in Europe .......................................................... 13
1. Introduction: Abolition of Internal Border Controls ................................. 13
2. The Internal Market and the Free Movement of Persons:
Setting Goals ............................................................................................. 15
2.1. Between 1957 and 1985: From the Treaty of Rome to the
Commissions White Paper ................................................................ 15
2.2. The Commissions White Paper on the Completion of the
Internal Market ................................................................................. 17
3. From 1985 to the Completion of the
Single Market: Dening Powers ................................................................ 18
4. Intergovernmental Negotiations on the Abolition of
Internal Border Controls ........................................................................... 20
4.1. Other Examples: The Benelux, the Nordic Union, Ireland
and the United Kingdom .................................................................. 20
4.2. Between 1985 and 1989: The Schengen Negotiations ....................... 21
4.3. The Immigration Ad Hoc Group, Trevi, and
the Group of Co-ordinators .............................................................. 23

vi

Contents

5. Abolition of Border Controls and Compensatory Measures....................... 25

5.1. The Function of Borders: Emphasis on Internal Security and
Immigration Control ........................................................................ 25
5.2. Pre-Border Selection: Visa Policy ....................................................... 27
5.3. Draft of an External Frontiers Convention ........................................ 28
5.4. An Area of Freedom, Security, and Justice ......................................... 29
5.5. Common Mechanisms for External Border Controls......................... 31
6. The Convention Implementing the Schengen Agreement.......................... 33
6.1. Negotiations...................................................................................... 33
6.2. Content of the CISA ......................................................................... 34
6.2.1. Title II: Abolition of Checks at Internal Borders and
Movement of Persons ............................................................. 35
6.2.2. Visa Rules .............................................................................. 36
6.2.3. Free Circulation ..................................................................... 37
6.2.4. Priority of the Community Rules ........................................... 37
6.3. Entry into Force and Players ............................................................. 38
6.3.1. Entry into Force of the CISA ................................................. 38
6.3.2. Position of the Nordic Countries ........................................... 38
6.3.3. Position of UK and Ireland .................................................... 39
6.3.4. New EU Member States......................................................... 40
7. Treaty of Amsterdam: The Incorporation of the
Schengen Acquis in EU Law ...................................................................... 41
7.1. Title IV TEC: Communitisation of Asylum
and Immigration Law........................................................................ 41
7.2. Incorporation of Schengen into EU Law: Marriage of
Convenience or Repairing the Democratic Decit? ........................... 42
8. Schengen: Successful Laboratory for the EU? ............................................ 44
Chapter 3

The Schengen Information System ........................................ 47

1. The Establishment of the SIS .................................................................... 47

1.1. Setting an Example: The Benelux Lists .............................................. 47
1.2. Discussing the Purpose and Functioning of the SIS ........................... 49
1.3. Structure ........................................................................................... 52
1.4. Final Purpose and Categories of Entries ............................................ 53
1.5. Problems During the Construction Phase ......................................... 55
2. Legal Basis ................................................................................................. 57
3. Participants ............................................................................................... 57
3.1. Nordic Countries .............................................................................. 57
3.2. The UK and Ireland .......................................................................... 58
3.3. Switzerland........................................................................................ 59
3.4. Accession of New EU Member States ................................................ 59

Contents

vii

4. SIS and Third-Country Nationals: Exclusion of

inadmissible aliens ................................................................................... 59
4.1. Draft Texts ........................................................................................ 59
4.2. Article 96 CISA................................................................................. 60
4.3. Denition of inadmissible: Discretionary Power of
National Governments ...................................................................... 62
4.4. EU Citizens and Beneciaries of EC Law .......................................... 63
5. Practical Implementation of SIS: Statistical Data on the
Number of Records and SIS-Based Hits .................................................... 65
5.1. Numbers of Persons Entered in SIS ................................................... 66
5.2. Numbers of Hits Based on Searches Performed of the SIS ................. 68
Chapter 4 New Functionalities for SIS and
the Development of SIS II ........................................................................ 71
1. The Road to the Second Generation SIS or SIS II ..................................... 71
2. Early Proposals to Extend the Use of SIS ................................................... 73
2.1. Access to Europol and Eurojust ......................................................... 73
2.2. Eective Protection against Illegal Immigration ................................ 74
2.3. New Categories of Persons ................................................................ 75
3. SIS I and the Fight Against Terrorism ....................................................... 76
3.1. Extending the Functions of the SIS I................................................. 76
3.2. Access for Internal Security and Intelligence Services......................... 78
3.3. Inclusion of Persons Listed on the UN Terrorist Lists ........................ 79
4. Adopted Decisions Extending the Use of SIS I .......................................... 80
4.1. Regulation 871/2004 and Decision 2005/211 on
New Functionalities .......................................................................... 80
4.1.1. Europol and Eurojust ............................................................. 81
4.1.2. Public prosecutors .................................................................. 82
4.1.3. Authorities Responsible for Issuing or Examining
Visa Applications or for Issuing Residence Permits................. 82
4.1.4. Duty to Report all Transmission of Data and a
Legal Basis for SIRENE ......................................................... 83
4.2. Framework Decision 2002/584 on the
European Arrest Warrant ................................................................... 83
4.3. Common Position 2005/69 on Exchange of SIS Data Between
Member States and Interpol .............................................................. 84
4.4. Regulation 1160/2005 on Access to the SIS by
Vehicle Registration Authorities ........................................................ 85
5. SIS II ........................................................................................................ 85
5.1. Legal Basis for SIS II ......................................................................... 85
5.2. Developing SIS II as a exible tool .................................................. 87

viii

Contents

5.3. The Position of the UK and Ireland with

Regard to Access to SIS II ................................................................. 88
5.4. Involvement of the European Parliament........................................... 90
6. Final Texts of the Regulation and Decision on SIS II................................. 93
6.1. Purpose ............................................................................................. 93
6.2. Criteria for Third-Country Nationals to be Stored in SIS II .............. 94
6.2.1. Commission Proposal Trying to Harmonise
National Criteria .................................................................... 94
6.2.2. Final Criteria: The Individual Assessment and
Proportionality Clause ........................................................... 94
6.2.3. SIS II and Terrorist Lists ........................................................ 96
6.3. EU Citizens and Privileged Third-Country Nationals........................ 97
6.4. Inclusion of Biometrics in SIS II as an Identication Tool ................. 98
6.5. Authorities Allowed Access to SIS II.................................................. 99
6.6. Interlinking of Alerts ....................................................................... 101
6.7. Change of Architecture ................................................................... 102
6.8. Establishment of the Management Authority .................................. 103
6.9. Evaluation and Publication of Statistics on SIS II ............................ 103
7. Comparing SIS I and SIS II .................................................................... 104
7.1. Changing the Purpose of SIS........................................................... 104
7.2. Changes with Regard to the Storage and Use of Data on
Third-Country Nationals ................................................................ 106
Chapter 5 Other EU Databases Used in the Field of
Immigration Control: Eurodac and VIS.................................................. 117
1. Introduction............................................................................................ 117
2. Eurodac................................................................................................... 118
2.1. Development and Central Purpose of Eurodac ................................ 118
2.2. Collection, Transmission and Comparison of Fingerprints .............. 121
2.3. Extension to Illegal Immigrants ....................................................... 123
2.4. Functioning of Eurodac: Annual Reports of the Commission.......... 125
3. Visa Information System or VIS .............................................................. 127
3.1. Negotiations Towards a European Visa Information System ............ 127
3.2. The VIS Regulation: Purpose and Content of VIS .......................... 130
4. Interoperability of SIS II, Eurodac and VIS ............................................. 132
5. Use of Biometric Data ............................................................................. 135
5.1. Controlling the Body: Use of Biometrics at the EU Level ................ 135
5.2. Dierent Options with Regard to the Use of Biometric Data .......... 137
5.3. Biometrics and the Rights of Individuals ......................................... 138
5.4. Reliability of Biometrics .................................................................. 139
5.5. Index on Criminal Records of Third-Country Nationals ................. 140

Contents

ix

6. Comparing SIS II, Eurodac and VIS ....................................................... 141

6.1. Central Databases, Immigrants and Biometrics ............................... 141
6.2. Dierences Between SIS, Eurodac, and VIS .................................... 142
6.3. Intelligence Tool or Administrative File? .......................................... 143
Part II

Eective Remedies under European Law

Chapter 6 Data Processing and the Right to Privacy:

The Importance of Article 8 ECHR......................................................... 147
1. Introduction............................................................................................ 147
2. Taking Article 8 ECHR into Account in EU Policy................................. 148
2.1. SIS and SIS II ................................................................................. 148
2.2. Eurodac........................................................................................... 149
2.3. VIS ................................................................................................. 150
3. Article 8 ECHR and Data Processing: When is there an
Interference with the Right to Private Life? ............................................. 152
3.1. Secret Police and Security Files: Leander and
Segerstedt-Wiberg ............................................................................. 153
3.2. Child care Records, Health and Gender Information:
Gaskin, Z and Goodwin......................................................................155
3.3. Systematic Collection and Storage of Personal
Information by Public Authorities: Amann and Rotaru .................... 157
3.4. Recording of Voices and Video Images Collected
in the Public Domain: P.G. and J.H. v. UK...................................... 159
3.5. Administrative Data: Malone ........................................................... 160
3.6. Use of Information Beyond What is Normally Foreseeable:
Perry, Peck and Lupker ..................................................................... 160
3.7. Passports and Identication Measures: Smirnova and letmi............ 161
4. Is the Interference in Accordance with the Law? Quality of Law.............. 163
5. Necessary in a Democratic Society: Proportionality and
Procedural Guarantees............................................................................. 165
6. Article 8 ECHR and the Need for Eective Remedies ............................. 167
6.1. Independent Control Mechanism: Judicial or
Non-Judicial Remedies .................................................................... 167
6.2. Accessibility..................................................................................... 168
6.3. Scope of the Remedies..................................................................... 169
6.4. Competences................................................................................... 169
6.4.1. Article 8 and Article 13 ECHR ............................................ 169
6.4.2. Article 8 ECHR and the Right to Financial
Compensation under Article 6 ECHR ................................. 171
6.5. Non-discrimination......................................................................... 172

Contents

7. Conclusions: EU Databases, Article 8 ECHR and

Eective Remedies .................................................................................. 172
7.1. Data Processing and the Right to Private Life .................................. 172
7.2. Procedural Guarantees and Eective Remedies ................................ 174
Chapter 7

Eective Remedies under Data Protection Law ................... 177

1. Introduction............................................................................................ 177
2. Development of National Data Protection Law:
Dierent Phases of Law-Making ............................................................. 178
3. Development of European Data Protection Law ..................................... 181
3.1. 1981: Data Protection Convention of the
Council of Europe ........................................................................... 181
3.2. 1990: Inclusion of Data Protection Provisions
in the CISA ..................................................................................... 183
3.3. 1995: Directive 95/46 on the Protection of
Personal Data .................................................................................. 186
3.3.1. Protecting Individuals and Free Movement of Data ............. 186
3.3.2. Scope and Applicability of Directive 95/46 .......................... 188
3.4. Regulation 45/2001/EC: Data Protection Applicable to
Community Institutions and Bodies ............................................... 190
3.5. Data Protection in the Third Pillar: A New Instrument ................... 191
3.6. Article 8 of the EU Charter: Data Protection
as a Human Right ........................................................................... 193
4. Unveiling Reasons for Data Protection .................................................... 194
4.1. Protecting the Individual: The Right to Privacy ............................... 196
4.1.1. From the Right to be Let Alone to the Right of
Personal Liberty ................................................................... 196
4.1.2. Informational Self-determination ......................................... 198
4.2. Protecting the Rule of Law .............................................................. 200
4.2.1. Balance of Powers ................................................................ 200
4.2.2. Informational Division of Powers......................................... 201
4.3. Data Protection as an Obligation for good administration ............. 202
5. Data Protection Principles ....................................................................... 204
5.1. The Principle of Purpose Limitation ................................................ 205
5.1.1. Ban on aimless data collection ........................................... 206
5.1.2. Legitimacy of Purpose .......................................................... 207
5.1.3. Use or Disclosure Limitation ............................................... 208
5.1.4. Time Limit on Storage of Data ............................................ 209
5.2. Transparency Purpose Specication .............................................. 211
5.3. Special Categories of Data: Extra Safeguards ................................... 212

Contents

6.
7.

8.

9.

xi

5.4. Quality of Data ............................................................................... 213

5.5. Individual Participation: Rights of the Data Subject........................ 215
5.5.1. Right to be Informed Right of Access to
Personal Data ....................................................................... 215
5.5.2. Right to Request Correction, Deletion or
Blocking of Further Processing ............................................ 217
5.6. Ban on Automated Decision-making .............................................. 218
5.7. Security ........................................................................................... 219
5.8. Accountability ................................................................................. 220
5.9. Non-discriminatory Application of Data Protection Rules .............. 221
Limitations of Data Protection Rights: General Interest and
National Security .................................................................................... 222
Eective Remedies: Independent Data Protection Authorities................. 223
7.1. National Data Protection Authorities .............................................. 223
7.1.1. Data Protection Convention ................................................ 223
7.1.2. EC Directive 95/46.............................................................. 224
7.1.3. SIS I and SIS II: CISA and Regulation 1987/2006 .............. 225
7.1.4. Eurodac and VIS .................................................................. 226
7.2. Data Protection Authorities at the EU Level ................................... 226
7.2.1. The European Data Protection Supervisor............................ 226
7.2.2. Working Party on the Protection of Individuals
with regard to the Processing of Data ................................... 228
7.3. Schengen Joint Supervisory Authority ............................................. 229
7.3.1. Tasks and Powers ................................................................. 229
7.3.2. Activities of the JSA ............................................................. 230
Eective Remedies: A Right to Judicial Remedies? .................................. 231
8.1. Data Protection Convention ........................................................... 231
8.2. EC Directive 95/46 ......................................................................... 232
8.3. Regulation 45/2001: EDPS ............................................................. 233
8.4. SIS I: Article 111 CISA ................................................................... 233
8.5. SIS II Regulation 1987/2006 .......................................................... 235
8.6. Eurodac........................................................................................... 237
8.7. VIS Proposal ................................................................................... 237
8.8. Third Pillar Instruments .................................................................. 238
Conclusions ............................................................................................ 239
9.1. The Value of Data Protection .......................................................... 239
9.2. Eective Remedies .......................................................................... 241
9.2.1. Access to Data Protection Authorities and Courts? .............. 241
9.2.2. Accessibility ......................................................................... 241
9.2.3. Scope ................................................................................... 242
9.2.4. Competences ....................................................................... 242

xii

Contents

Chapter 8 Eective Remedies in

Immigration Procedures: ECHR ............................................................. 245
1. Introduction............................................................................................ 245
2. Article 6 (1) ECHR: The Right to a Fair Trial.......................................... 246
2.1. Maaouia: (Non-)Applicability of Article 6 in
Immigration Law Procedures? ......................................................... 246
2.2. Immigration Law Decisions and the Right to
Financial Compensation.................................................................. 248
2.3. (Non-)Registration and the Right to
Financial Compensation.................................................................. 249
3. Article 5 (1) (f ) ECHR: Right to Liberty and Security ............................ 251
4. Protocol No. 7 to the ECHR: Procedural Safeguards
Relating to Expulsion of Aliens ............................................................... 252
5. Article 13 ECHR: The Right to Eective Remedies in
Immigration Law Procedures................................................................... 253
5.1. When Does Article 13 Apply? ......................................................... 253
5.2. Admission of Third-Country Nationals ........................................... 254
5.3. Expulsion and Expulsion Orders ..................................................... 256
6. Criteria for Eective Remedies ................................................................ 258
6.1. Judicial or Non-judicial Remedies ................................................... 258
6.2. Accessibility of Eective Remedies .................................................. 259
6.3. Scope of Review .............................................................................. 262
6.4. Competences................................................................................... 266
7. The Principle of Non-discrimination: Article 14 ECHR .......................... 267
8. Summary: Criteria for Eective Remedies ............................................... 269
8.1. Non-judicial or Judicial Remedy ..................................................... 269
8.2. Accessibility..................................................................................... 270
8.3. Scope .............................................................................................. 270
8.4. Competences................................................................................... 271
8.5. Non-application of Article 6 (1) ECHR to Immigration Law
Procedures: Failure or No Loss? ....................................................... 272
Chapter 9

Eective Remedies under EC Immigration Law .................. 275

1. Introduction............................................................................................ 275
2. Directive 2004/38/EC on the Right of Citizens and
their Family Members to Move and Reside Freely within the EU ............ 276
2.1. Protecting the Free Movement of EU Citizens and
their Family Members ..................................................................... 276
2.2. Extending the Scope of Protection: Cetinkaya and
Drr-nal ....................................................................................... 278

Contents

xiii

2.3. The Relationship between the VIS and SIS and the
Freedom of Movement of EU Citizens and Family Members .......... 279
2.3.1. Commission v. Austria ........................................................... 279
2.3.2. Commission v. Spain ............................................................. 280
3. Legal Remedies in Immigration and Asylum Law Based on
Title IV TEC........................................................................................... 281
3.1. Directive 2001/40/EC on Mutual Recognition of
Expulsion Decisions ........................................................................ 282
3.2. Directive 2001/55/EC on Minimum Standards for
Temporary Protection ..................................................................... 283
3.3. Directive 2003/9/EC on Minimum Standards for the
Reception of Asylum Seekers........................................................... 284
3.4. Directive 2003/109/EC on Long-Term Resident
Third-Country Nationals ................................................................ 285
3.5. Directive 2003/86/EC on the Right to Family Reunication .......... 286
3.6. Regulation 343/2003/EC (Dublin II) ............................................. 287
3.7. Directive 2005/85/EC on Minimum Standards for
Asylum Procedures .......................................................................... 288
3.8. Refusals at the Border...................................................................... 289
3.8.1. Regulation 562/2006/EC on the Rules Governing
the Movement of Persons at Borders
(Schengen Borders Code)......................................................... 289
3.8.2. The Inclusion of a Standard Refusal Form............................ 290
3.9. Proposal for a Directive on Returning Illegal Staying
Third-Country Nationals ................................................................ 291
3.10. Visas................................................................................................ 292
3.10.1. Schengen Common Consular Instructions ........................... 292
3.10.2. Draft Community Code on Visas ........................................ 292
4. Criteria for Eective Remedies in EC Immigration Law ......................... 293
4.1. Judicial or Non-Judicial Court? ....................................................... 293
4.1.1. Directive 2004/38 ................................................................ 293
4.1.2. EC Asylum and Immigration Law ....................................... 294
4.2. Accessibility..................................................................................... 294
4.2.1. Directive 2004/38/EC ......................................................... 294
4.2.2. EC Asylum and Immigration Law ....................................... 295
4.3. Scope of Review .............................................................................. 296
4.3.1. Directive 2004/38/EC ......................................................... 296
4.3.2. EC Asylum and Immigration Law ....................................... 298
4.4. Competence of Court or Authority ................................................. 299
4.4.1. Directive 2004/38/EC ......................................................... 299
4.4.2. EC Asylum and Immigration Law ....................................... 299
5. Summary: Dierent Laws, Dierent Regimes? ........................................ 300

xiv

Contents

Chapter 10 Eective Remedies in the EU: A Matter of

Basic Principles ....................................................................................... 303
1. Introduction............................................................................................ 303
2. The First Principle: Incorporation of Human Rights in EU Law ............. 303
3. The Second Principle: Eective Remedies to Secure Rights
Conferred by EU Law ............................................................................. 306
3.1. The Johnston Principle ..................................................................... 306
3.2. Applying the Johnston Principle to EC Immigration Law:
The Panayotova Case ....................................................................... 307
3.3. Article 47 of the EU Charter ........................................................... 308
3.4. Relationship Between the General Principle and
Secondary EC Legislation ............................................................... 310
4. The Third Principle: Eective Judicial Remedies to Ensure a
Uniform and Clear Interpretation of EC Law ......................................... 311
4.1. Preliminary Proceedings: The Responsibility of
National Judges and Legislators ....................................................... 311
4.2. Criteria of National Courts Which Fall within the
Meaning of Article 234 TEC ........................................................... 313
5. Towards Minimum Standards for Eective Remedies.............................. 314
5.1. Eective Remedies, Databases and Third-Country Nationals .......... 314
5.2. Criteria for Eective Remedies ........................................................ 315
5.2.1. Judicial or Non-Judicial Authority? ...................................... 315
5.2.2. Accessibility ......................................................................... 316
5.2.3. Scope of Review ................................................................... 317
5.2.4. Competences ....................................................................... 317
Part III

Implementation at the National Level

Chapter 11

France................................................................................ 329

1. Introduction............................................................................................ 329
2. Parliamentary Involvement with CISA .................................................... 330
2.1. Schengen in General ....................................................................... 330
2.2. The NSIS ........................................................................................ 333
2.3. SIS I: Comments NGOs, Lawyers and Organisations ..................... 334
2.4. SIS II .............................................................................................. 335
3. Implementation of Article 96 CISA ........................................................ 336
3.1. Applicable Law ................................................................................ 336
3.2. National Criteria for Entering Third-Country Nationals
into the NSIS .................................................................................. 337

Contents

xv

3.3. Authorities with Access to NSIS Data ............................................. 340

3.4. Operation of SIRENE..................................................................... 340
3.5. Article 96 Hits: Duties and Responsibilities of
French Authorities........................................................................... 341
3.5.1. Refusal of Entry or Residence Based on
Article 96 CISA ................................................................... 341
3.5.2. Expulsion of Third-Country Nationals on the
Basis of Article 96 CISA....................................................... 342
3.5.3. Article 96 Hits and Visa Applications................................... 343
3.6. The Practical Use of the NSIS in France .......................................... 343
4. Intermezzo: French Policy Governing
Third-Country Nationals ........................................................................ 344
4.1. Police File on Searched Persons ....................................................... 344
4.2. General Database on Foreigners: AGDREF..................................... 344
4.3. Database with Regard to the Issuing of Visas ................................... 345
4.4. Fingerprinting Third-Country Nationals ......................................... 346
4.5. ELOI: File on Expelled Persons ..................................................... 348
5. Rights and Legal Remedies in Data Protection Law................................. 349
5.1. Background to French Data Protection Law .................................... 349
5.2. Third-Country Nationals and the
Right of Data Protection ................................................................. 351
5.3. NSIS and Applicable Rules.............................................................. 352
5.4. Duty to Inform the Data Subject .................................................... 352
5.5. Right to Access, Correct or Delete Data .......................................... 352
5.5.1. Direct and Indirect Access.................................................... 352
5.5.2. Application for a Right to Access and Time Limits ............... 354
5.6. Composition, Tasks and Powers of the French Data
Protection Authority (CNIL) .......................................................... 355
5.7. Practical Information on the Right to (Indirect) Access to
NSIS Information ........................................................................... 357
5.8 Right to Legal Remedies.................................................................. 358
6. Rights and Remedies in Immigration Law ............................................... 359
6.1. General Background to Immigration Law ....................................... 359
6.2. Amendments to French Immigration Law and the NSIS ................. 360
6.3. Duty to Motivate Decisions ............................................................ 361
6.4. Legal Remedies ............................................................................... 362
6.4.1. The Position of the Administrative Court in
Immigration Law ................................................................. 362
6.4.2. Legal Remedies Against a Refusal of Entry ........................... 364
6.4.3. Legal Remedies Against the Refusal of a Visa ....................... 365
6.4.4. Legal Remedies Against Expulsion ....................................... 366

xvi

Contents

7. Case Law ................................................................................................. 367

7.1. Introduction.................................................................................... 367
7.2. Duty to Inform the Data Subject .................................................... 368
7.3. Assessing the Validity of Foreign SIS Reports .................................. 370
7.4. Duty of Authorities to Balance Interests .......................................... 373
7.5. Powers of the Court ........................................................................ 375
7.6. Assessing the Role of the CNIL ....................................................... 376
7.6.1. Right of Indirect or Direct Access:
Divisibility of the Data Files................................................. 376
7.6.2. Duty to Play an Active Role when
Assessing the Validity of a Foreign Alert ............................... 376
7.6.3. Power of Foreign Data Protection Authorities ...................... 377
8. Conclusions ............................................................................................ 378
8.1. Implementation of Article 96 CISA ................................................ 378
8.2. Data Protection and the NSIS ......................................................... 379
8.3. NSIS and the Right to Eective Remedies ...................................... 379
8.3.1. Judicial and Non-Judicial Remedies ..................................... 379
8.3.2. Accessibility ......................................................................... 380
8.3.3. Scope of Review ................................................................... 380
8.3.4. Competences ....................................................................... 381
Chapter 12

Germany ........................................................................... 383

1. Introduction............................................................................................ 383
2. Parliamentary Involvement with CISA .................................................... 384
2.1. Schengen in General ....................................................................... 384
2.2. The NSIS and Data Protection ........................................................ 386
2.3. SIS II .............................................................................................. 389
3. Implementation of Article 96 CISA ........................................................ 390
3.1. Applicable Law................................................................................ 390
3.2. National Criteria for Entering Third-Country
Nationals in NSIS ........................................................................... 391
3.2.1. General Rules....................................................................... 391
3.2.2. Persons to be Expelled, Removed or Deported ..................... 391
3.2.3. Unlawful Data Storage Regarding Rejected
Asylum Seekers .................................................................... 393
3.2.4. Registration Based on Public Order and
Security Grounds ................................................................. 394
3.3. In the Beginning: Storing Old Data in the NSIS ............................. 395
3.4. Authorities with Access to NSIS Data ............................................. 396
3.5. Functioning of SIRENE.................................................................. 397

Contents

xvii

3.6. Article 96 Hits: Duties and Responsibilities of

German Authorities ........................................................................ 397
3.6.1. Refusal of Entry ................................................................... 397
3.6.2. Expulsion of Aliens on the Basis of an
Article 96 CISA Hit ............................................................. 398
3.6.3. Article 96 Hits and Visa Applications .................................. 398
4. Intermezzo: German Policy Governing Third-Country Nationals............ 399
4.1. The Central Aliens Administration or the AZR ............................... 399
4.1.1. The Need for a Legal Basis ................................................... 399
4.1.2. Content of the AZR............................................................. 399
4.1.3. Amendments on the Basis of the
Prevention of Terrorism Act ................................................. 401
4.2. Visa Information System ................................................................. 403
4.3. Computer Proling or Dragnet Searching (Rasterfahndung) ............ 403
4.3.1. Before 11 September 2001: Tracking
RAF Terrorists...................................................................... 403
4.3.2. After 11 September 2001: Tracking Islamic Terrorists......... 404
4.3.3. Assessment of Data Proling by
Lower German Courts ......................................................... 406
4.3.4. The Constitutional Court and
Data Proling Rasterfahndungsurteil .................................. 408
4.4. Biometrics and Border Control ....................................................... 409
5. Rights and Legal Remedies: Generally Applicable Rules .......................... 410
5.1. Article 19 (4) Constitution.............................................................. 410
5.2. The Klass Case Before the German Constitutional Court ................ 412
5.3. Rule of Law: The Principle of Proportionality ................................. 413
5.4. Applicability of Administrative Procedural Law............................... 414
5.4.1. Dierence in Remedies ........................................................ 414
5.4.2. Suspensive Eect of Legal Remedies .................................... 415
5.4.3. Temporary Injunction .......................................................... 415
5.5. Applicability of 6 ECHR ................................................................. 416
6. Legal Remedies and Data Protection Law ............................................... 416
6.1. Background and General Principles of German
Data Protection Law ....................................................................... 416
6.2. Constitutional Right to Informational Self-determination .............. 417
6.2.1. The Mikrozensus Urteil ......................................................... 417
6.2.2. The Volkszhlungsurteil ......................................................... 417
6.2.3. The Duty of Immigration Oces to
Keep Complete Files ............................................................ 419
6.2.4. A Constitutional Dilemma: Amtshilfe versus
Informationelle Gewaltenteilung ............................................ 420

xviii

Contents

6.3. The Applicability of Data Protection Principles and

the Right to Informational Self-determination
in Immigration Law ........................................................................ 422
6.4. Principles of Data Protection and the NSIS..................................... 422
6.4.1. Time Limits ......................................................................... 422
6.4.2. Duty to Inform the Data Subject ......................................... 423
6.4.3. Right of Access, Correction and Deletion ............................ 424
6.5. Supervision by Data Protection Authorities ..................................... 425
6.5.1. Introduction ........................................................................ 425
6.5.2. The Federal Commissioner for Data Protection and
Freedom of Information....................................................... 425
6.5.3. Data Protection Authorities of the Lnder ............................ 426
6.5.4. Inquiry of the Data Protection Commissioners on
Article 96 CISA ................................................................... 427
6.6. Legal Remedies ............................................................................... 428
6.6.1. Competence of the Administrative Court ............................ 428
6.6.2. Right to Financial Compensation ........................................ 429
7. Legal Remedies and Immigration Law .................................................... 429
7.1. General Background to German Immigration Law ......................... 429
7.2. Duty to Motivate Decisions ............................................................ 430
7.3. Legal Remedies ............................................................................... 431
7.3.1. Legal Remedies Against Refusal of Entry ............................. 431
7.3.2. Legal Remedies Against a Visa Refusal ................................. 431
7.3.3. Legal Remedies Against Expulsion ....................................... 431
8. Case Law................................................................................................. 432
8.1. Record in the NSIS in Conformity with Criteria of
Article 96 CISA? ............................................................................. 432
8.2. Direct Legal Eects of a SIS Alert ................................................... 434
8.3. Duty to Balance Interests ................................................................ 435
8.4. Competence of National Courts to Assess Validity of
Foreign SIS Report.......................................................................... 436
8.5. Access to Remedies After Expulsion? ............................................... 436
8.6. Article 96 CISA and Freedom of Religion: The Moon Case ............. 437
9. Conclusions ............................................................................................ 440
9.1. Implementation of Article 96 CISA ................................................ 440
9.2. Germany: Strong Tradition of Collecting and
Protecting Data ............................................................................... 440
9.3. NSIS and the Right to Eective Remedies ...................................... 441
9.3.1. Accessibility ......................................................................... 442
9.3.2. Scope of Review ................................................................... 442
9.3.3. Competences ....................................................................... 443

Contents

Chapter 13

xix

The Netherlands ................................................................ 445

1. Introduction............................................................................................ 445
2. Parliamentary Involvement with CISA .................................................... 446
2.1. Schengen in General ...................................................................... 446
2.2. Parliamentary Discussions on SIS .................................................... 448
2.3. Parliamentary Discussions on the SIS and the
Availability of Legal Remedies ......................................................... 449
2.4. Parliamentary Debate on SIS II ....................................................... 451
3. Implementation of the SIS and Registration of
Third-Country Nationals ........................................................................ 453
3.1. Sources of Immigration Law ........................................................... 453
3.2. Criteria for Registration in the NSIS ............................................... 455
3.2.1. Formal Residence Ban.......................................................... 455
3.2.2. Third-Country Nationals Reported as Unwanted ................. 457
3.3. Practical Implementation and Use of the NSIS ............................... 460
3.3.1. NSIS: Responsibility and Coordination ............................... 460
3.3.2. Procedure for Registration in the NSIS ................................ 460
3.3.3. Article 96 Hits and Internal and Border Controls ................ 462
3.3.4. Article 96 Hits and Visa Applications .................................. 464
3.4. NSIS and Article 96: Facts and Figures ........................................... 464
3.5. Audit Report By the Court of Auditors ........................................... 465
3.6. Audit Report of the Dutch Data Protection Authority .................... 467
4. Intermezzo: Dutch Policy with Regard to the Administration of
Data on Third-Country Nationals ........................................................... 468
4.1. General Administration of Immigrants............................................ 468
4.2. The Use of Biometric Data .............................................................. 470
4.2.1. Third-Country Nationals and their Biometrics..................... 470
4.2.2. Shared Use of Data on Criminals and Asylum Seekers ......... 471
4.2.3. Storing Biometric Data for Expulsion Purposes ................... 473
4.2.4. Biometrics and Passports and Identity Cards........................ 473
4.3. Immigration Files, Border Control and the
Fight against Terrorism.................................................................... 474
5. Rights and Legal Remedies for Individuals under
Data Protection Law ............................................................................... 475
5.1. Background to Dutch Data Protection Law .................................... 475
5.2. NSIS and the Applicable Rules on Data Protection ......................... 478
5.3. Duty to Inform the Data Subject .................................................... 479
5.4. Right to Access, Correction or Deletion of the NSIS Data .............. 481
5.5. Role of the Data Protection Authority ............................................. 482
5.6. Right to Legal Remedies.................................................................. 483

xx

Contents

6. Rights of Third-Country Nationals under Immigration Law ................... 484

6.1. Application of Principles of Administrative Law .............................. 484
6.2. Informed Decision-making at the Borders....................................... 485
6.3. Information on the Formal Residence Ban ...................................... 486
6.4. Time Limits for Decisions in the Field of
Immigration Law ............................................................................ 486
6.5. Legal Remedies ............................................................................... 487
6.5.1. Right to Review ................................................................... 487
6.5.2. Right to Appeal.................................................................... 488
6.5.3. Right to Higher Appeal........................................................ 488
7. Case Law................................................................................................. 489
7.1. Introduction: Extent and Importance of Dutch Case Law ............... 489
7.2. Legal Status of Article 96 Reports: Possibility of
Legal Redress................................................................................... 490
7.3. Conformity with Article 96 CISA ................................................... 493
7.3.1. National Administrative Decisions ....................................... 493
7.3.2. Foreign Administrative Decisions......................................... 493
7.3.3. A Foreign Alert: The Moon Case.......................................... 496
7.4. Balance of Interests Proportionality of a SIS Report ..................... 499
7.5. Right to Financial Compensation.................................................... 501
7.6. Preliminary Request to the ECJ....................................................... 502
7.7. Decisions of the National Ombudsman .......................................... 504
7.7.1. Duty of Informed Decision-making ..................................... 504
7.7.2. Duty to Make Decisions in Good Time ............................... 505
7.7.3. Duty of Proportional Decision-making ................................ 505
8. Conclusions ............................................................................................ 506
8.1. Implementation of Article 96 CISA ................................................ 506
8.2. Data Protection and Data Control .................................................. 507
8.3. NSIS and the Right to Eective Remedies ...................................... 508
8.3.1. Judicial and Non-judicial Remedies ..................................... 508
8.3.2. Transparency Accessibility of Remedies ............................. 508
8.3.3. Scope of Review ................................................................... 509
8.3.4. Competences ....................................................................... 510
Chapter 14 Conclusions ...................................................................... 511
1. Third-Country Nationals: Their Data and Their Rights ........................... 511
2. Third-Country Nationals: Their Data ...................................................... 512
2.1. Questioning the Eciency and Quality of the
Information Network ...................................................................... 513
2.2. Identifying, Tracking or Stigmatising Immigrants? .......................... 514

Contents

xxi

3. Third-Country Nationals and Their Rights.............................................. 515

3.1. Recovering the Right to Privacy ...................................................... 515
3.2. Immigration Law and the Protection of Human Rights................... 516
3.3. Rights and Freedoms Guaranteed by EU Law ................................. 516
3.4. Data Protection Rights .................................................................... 517
4. The Right to Eective Remedies .............................................................. 520
5. Comparing the Law and Practice in France, Germany and
the Netherlands ....................................................................................... 522
5.1. National Criteria for Storing Third-Country
Nationals in SIS I ............................................................................ 522
5.2. SIS and Data Protection Rights of Individuals................................. 523
5.3. Eective Remedies .......................................................................... 525
5.3.1. Case Law ............................................................................. 525
5.3.2. Accessibility ......................................................................... 525
5.3.3. Scope ................................................................................... 526
5.3.4. Competences ....................................................................... 526
6. The New SIS II Regulation 1987/2006: Learning from the Past?............. 527
6.1. Criteria for Reporting Third-Country Nationals in SIS II ............... 527
6.1.1. Lack of Harmonisation ........................................................ 527
6.1.2. Protecting EU Citizens and Beneciaries of EC Law ............ 529
6.2. Data Protection Rights .................................................................... 530
6.2.1. Right of Information ........................................................... 530
6.2.2. Cooperation Between Data Protection Authorities ............... 531
6.3. Right to Remedies ........................................................................... 532
6.4. Mutual Enforcement of National Decisions .................................... 533
7. Final Remarks ......................................................................................... 534
Bibliography ........................................................................................... 537
Jurisprudence.......................................................................................... 553
Index....................................................................................................... 563

Acknowledgments
I defended this study as my Ph.D, thesis on 1 October 2007 at the Radboud
University of Nijmegen. The research for this study was conducted at the Centre
for Migration Law under supervision of Prof. Mr. C.A. Groenendijk and Prof.
Dr. E. Guild. My research was partly funded by CHALLENGE - The Changing
Landscape of European Liberty and Security-: a very inspiring research project of
the 6th Framework Programme of the European Commissions Directorate-General
for Research.
The history of this book goes back almost as far as its subject: the Schengen
Information System, or SIS. In 1990, ve years before the SIS became operational, together with a group of students from the University of Tbingen, I visited Ruth Leuze, the rst Data Protection Commissioner of Baden-Wrttemberg.
She not only made us aware of the growing importance of data protection but also
triggered my curiosity and concerns with regard to the development of the SIS
and its consequences for individuals. While Ruth Leuze was perhaps my rst guide
to data protection law, Hanneke Steenbergen was certainly my rst and most
important guide to immigration law. Her involved way of teaching and her critical views inspired me to look further into the less privileged position of migrants
in the Netherlands and Europe. I miss her wise and warm words, especially now.
My rst opportunity to develop academic skills and to study the relation between
the rule of law and data protection principles was presented at the University of
Amsterdam, thanks to Egbert Dommering and Jan Kabel. Although I regret that
I was not ready at that time for a nal take-o , I always remember the friendly
and talented environment of the Institute for Information Law.
I owe the greatest thanks to Elspeth Guild and Kees Groenendijk. Their enthusiasm, knowledge and support are the most important building blocks of this
book. I am grateful that they oered me the chance to conduct research at the
Radboud University of Nijmegen: rstly, with regard to the development of
immigration law in the EU since 11 September 2001 and, secondly, since 2002,
to write this thesis on the legal position of third-country nationals reported in the
SIS. I admire the energy with which they make academic knowledge useful for
society and the legislative process and persuade others to do likewise. I will miss
our informal and cheerful trialogues and never forget the chances and lessons
they gave me. Apart from my formal promoters, I am grateful to Pieter Boeles
for his inspiration and many ideas concerning Schengen and the SIS.

xxiv

Acknowledgments

Many people provided me with information during my research: I thank

Caroline Intrand, Florence Fourets, Sylvia Preuss-Laussinotte and Didier Bigo
and his team for their information about France. I am particularly grateful to
Roger Errera for his valuable information and for taking the time to read
my French Chapter. For providing me with information on Germany, I thank
Volker Westphal, Wolfgang von Pommer Esche, Angelika Schriever-Steinberg,
Thilo Weichert and Martin Tuner. I also thank Holger Homan for reading my
German Chapter and for his useful comments. Eppo Mol, Stefan Rst, Niels
Groenhart and many others helped me with information about the Dutch implementation of the Schengen rules. Special thanks goes to Michiel Tjebbes, who
can be considered the most experienced lawyer in the Netherlands (and probably
in the EU) when dealing with Article 96 reports in the SIS. Just before completion of this thesis, he again illustrated the importance of well-trained and informed
lawyers for third-country nationals reported in the SIS. Hannie van de Put: thank
you for all your practical and especially calm support! And all my (former)
colleagues from the Centre for Migration Law and the Department of Sociology
of Law: thank you for making me feel at home, despite the fact that I was only
there once a week.
In the more personal sphere of my life, I thank my parents for their neverending support and especially their patience while waiting for this moment to
arrive. I am also grateful to our friends in Amersfoort, the school-gate mums and
dads: not only because of their support in taking care of the boys, but especially
for the happy and distracting moments we spent together. For the same reason
and in remembrance of Kees, I thank Ans, my cheerful mother-in-law. I dedicate
this book to Willem, Tim, Jelle and Lucas: they are the central and most valuable
heart of my private life.

Abbreviations
AAH-SD
AB
AGDREF
AIVD
AWB
Az.
AZR
AZRG
Benelux
BDSG
Bf V
BGBl
BKA
BVerfG
BVerwG
BVV
CCTV
CDU
CE
CIS
CISA
CNIL
CSDA
CSIS
CSU
DDR
DNA
DPA
EAW
EC
ECJ
ECHR
Econ

Allgemeine Anwendungshinweise zum Schengener

Durchfhrungsbereinkommen
Administratiefrechtelijke Beslissingen
Application de gestion des dossiers des ressortissants trangers
en France
Algemene Inlichtingen- en Veiligheidsdienst
Algemene Wet Bestuursrecht
Aktenzeichen
Auslnderzentralregister
Auslnderzentralregistergesetz
Belgium, Netherlands, Luxembourg
Bundesdatenschutzgesetz
Bundesamt fr Verfassungsschutz
Bundesgesetzblatt
Bundeskriminalamt
Bundeverfassungsgericht
Bundesverwaltungsgericht
Basis Voorziening Vreemdelingenketen
Closed Circuit Television
Christlich Demokratische Union
Conseil dtat
Customs Information System
Convention Implementing the Schengen Agreement
Commission Nationale Informatique et Liberts
Commission de sauvegarde du droit dasile
Central Schengen Information System
Christlich Soziale Union
Deutsche Demokratische Republik
Deoxyribo Nucleic Acid
Data Protection Authority
European Arrest Warrant
European Communities
European Court of Justice
European Convention on Human Rights
Economic and Financial Aairs (EU Council)

xxvi

Abbreviations

ECR
ECtHR
EDPS
EEA
EJML
ELOI
EP
FAED
FDP
FPR
GBA
GISTI
HAVANK
ID
IND
InfAuslR
INPOL
IT
JHA
JO
JORF
JSA
JV
KLPD
LIFL
LJN
MEP
MR
MRAP
Mvv
NAV
NGO
NSIS
NStZ
OECD
OFPRA
OJ
OPS
OVG

European Court Reports

European Court of Human Rights
European Data Protection Supervisor
European Economic Area
European Journal of Migration and Law
Fichier de faciliter lloignement des trangers se maintenant
sans droit sur le territoire
European Parliament
Fichier automatis des empreintes digitales
Freien Demokratischen Partei
Fichier des Personnes Recherches
Gemeentelijke Basis Administratie
Groupe dinformation et de soutien des immigrs
Het Automatische VingerAfdrukkensysteem Nederlandse
Kollektie
Identication
Immigratie- en Naturalisatiedienst
Informationsbrief Auslnderrecht
Polizeiliches Informationssystem
Information Technology
Justice and Home Aairs (EU Council)
Journal Ociel (France)
Journal Ociel de la Rpublique Franaise
Joint Supervisory Authority (Schengen)
Jurisprudentie Vreemdelingenrecht
Korps Landelijke Politiediensten
Loi relatif linformatique, aux chiers et aux liberts
Landelijk Jurisprudentie Nummer
Member of the European Parliament
Migrantenrecht
Mouvement contre le Racisme et pour lAmiti entre les Peuples
Machtiging tot voorlopig verblijf
Nieuwsbrief Asiel en Vluchtelingenrecht
Non Governmental Organisation
National Schengen Information System
Neue Zeitschrift fr Strafrecht
Organisation Economic Cooperation and Development
Oce franais de protection des rfugis et apatrides
Ocial Journal (EC)
nationaal opsporingsregister
Oberverwaltungsgericht

Abbreviations

PWP SIS
QMV
RAF
Reports
RMV
RV
SEA
SIRENE
SIS
SPD
TBG
TBV
t.c.n.
TEC
TEU
UK
UN
UNESCO
US
VGH
VIS
VwGO
VwVfG
WBP
WBV

Permanent Working Party SIS

Qualitative Majority Voting
Rote Armee Fraktion
Reports of Judgments and Decisions (ECHR)
Rseau Mondial Visa
Rechtspraak Vreemdelingenrecht
Single European Market
Supplementary Information Request at the National Entry
Schengen Information System
Sozialdemokratische Partei Deutschlands
Terrorismusbekmpfungsgesetz
Tussentijds Bericht Vreemdelingenrecht
third-country nationals
Treaty of the European Communities
Treaty of the European Union
United Kingdom
United Nations
United Nations Educational, Scientic and
Cultural Organisation
United States
Verwaltungsgerichtshof
Visa Information System
Verwaltungsgerichtsordnung
Verwaltungsverfahrengesetz
Wet Bescherming Persoonsgegevens
Wijzigingsbesluit Vreemdelingenrecht

xxvii

Chapter 1
Introduction
1. The Schengen Information System and Other EU Databases:
Tools for Border and Immigration Control
This study concerns the right to eective remedies by third-country nationals
reported in the Schengen Information System, or SIS. The SIS nds its roots in
the Convention on the Implementation of the Schengen Agreement of 1990
(hereafter the CISA). It is one of the most important databases used for immigration and border control in the EU and it has always been presented as a compensatory tool for the abolition of internal border controls between the Schengen
states. When the SIS became operational in 1995, it was used by seven states: the
Benelux countries, France, Germany, Portugal and Spain. In 2006, the SIS was
in use by the 15 old EU Member States, except the United Kingdom and
Ireland and Norway and Iceland as non-EU Member States. By 2002, the SIS
included approximately 15 million reports on dierent categories of persons and
objects. These categories include stolen vehicles and lost or stolen identity papers,
as well as persons wanted for arrest for extradition purposes or for the purpose of
discreet surveillance, witnesses or other persons summoned to appear before the
judicial authorities. With regard to the purpose of border checks of persons, the
SIS facilitates what has been adequately described as, keeping the unwanted out
for example, undesirable aliens and preventing the wanted from leaving, chiey
those suspected of criminal oences.1
Since its launch in 1995, the majority of personal data held in the SIS concerns
third-country nationals to be refused entry on the basis of Article 96 CISA.2 The
decision to report a third-country national in the SIS is based primarily on a
national decision that this person is considered a threat to public order, public
1

House of Lords European Union Committee, 9th Report of session 200607, Schengen
Information System II. Report with Evidence, HL Paper 49, London: The Stationery Oce
Limited, published 2 March 2007.
On 1 January 2006, from the 882.627 records on persons held in the SIS, 751.954 (85 %) were
third-country nationals reported for the purpose of refusal of entrance. SIS Database Statistics,
5239/06, 12 January 2006.

Evelien Brouwer, Digital Borders and Real Rights, pp. 110.

2008 Koninklijke Brill NV. Printed in the Netherlands.

Chapter 1

security or national security. Secondly, the decision can be based on immigration

law decisions regarding the deportation, refusal of entry or removal of this person.
The consequence of this decision to report an individual in the SIS is that the person will, in principle, be refused entry to every other Schengen State. On the basis
of a SIS alert, a third-country national also can be denied a visa or a residence permit, or even expelled or detained. The practical implementation of Article 96 is
based on a system of mutual recognition of national decisions to refuse entry to a
third-country national, rather than on the harmonisation of refusal grounds.
In order to transform the SIS into a system that was technically feasible for a
larger group of user states, including the new EU Member States, the EU legislator
prepared the so-called second-generation SIS, or SIS II. This development of
the SIS II has been used to discuss and introduce new functions of the SIS.
In December 2006, the EU Council adopted Regulation 1987/2006 on the
establishment of SIS II.3 SIS II is planned to be operational in 2008 and is to be
used by no less than 30 States.
Aside from SIS or SIS II, other large EU databases have been developed or are
being developed for the purposes of immigration and border control. In 2003,
the EU Member States established Eurodac for the implementation of the socalled Dublin Convention (now Regulation). With the aim of facilitating the
identication of the Member State responsible for the examination of an asylum
request, the ngerprints of asylum seekers and persons found illegally crossing
the external borders are stored in Eurodac. Another large-scale database of thirdcountry nationals will be the Visa Information System. This database is to include
data on every visa application by persons seeking entry to one of the EU Member
States, including the national decisions with regard to these applications.
The SIS II, Eurodac, and VIS databases each have their own functions and
should therefore be examined on their own merits. Nevertheless, these measures
are also closely linked to one other. In 2004, the European Council invited the
Commission to prepare proposals for enhanced interoperability between SIS II,
VIS, and Eurodac and the use of these databases in the ght against and prevention of terrorism. Furthermore, not only Eurodac, but also SIS II and the VIS
will include biometric data. This will make accessibility and the networking of
these databases much easier.

2. Problem
When an authority nds that a person is reported in one of these databases, this
may have immediate consequences for the legal position of third-country nationals. The VIS will be used primarily for repressive purposes rather than to improve
3

OJ L381/4, 28.12.2006.

Introduction

or accelerate visa procedures in favour of the visa applicants. According to the proposal by the European Commission in 2004, the central aim of the VIS will be,
to prevent threats to internal security and visa shopping, to facilitate the ght
against fraud and to assist in the identication and return of illegal immigrants.4
A hit based on data stored in Eurodac may result in the deportation or transfer
of an asylum seeker to another Member State. A person reported in SIS I or SIS II
may not only be refused entry or a visa, but he or she may also be detained or even
expelled.5 Where the use of these databases is focussed on controlling the movement of persons, it is questionable whether the EU Member States pay the same
attention to protecting the basic rights of these persons. What seems to be lacking
is the simultaneous development of a right to eective remedies for those individuals who are directly aected in their liberty to move, their personal freedom or
their privacy by decisions in matters of immigration and border control.6
Considering the use of databases such as SIS I, the rights of individuals are,
generally, covered by two elds of law: data protection law and immigration law.
On the one hand, a person facing a SIS alert may use his or her data protection
rights of access, correction or deletion of this information. National and supranational data protection authorities are empowered to supervise the protection of
these rights and the lawfulness of data processing in general. On the other hand,
a person who is refused entry or whose application for a visa or residence permit
has been rejected on the basis of a SIS alert will seek to use the available immigration
law procedures.
This study is based on the premise that both the data protection and the immigration law procedures have their own weaknesses aecting the legal protection
of the person involved. Firstly, it is questionable whether data protection law
oers individuals practical and eective legal protection or whether this only
concerns soft law or with other words rules which are non-binding. Access to
judicial courts is not always self-evident and can be made dependent on the
requirement that individuals should address data protection authorities rst.7
Furthermore, the decisions of these organisations often have no binding eect.
More importantly, however, a person generally will not be aware that he or she is
registered in the SIS I. This person will often nd out about the SIS alert when it
is too late, i.e. when he or she is denied entry at the external borders of the EU or
refused a visa in his country of origin. The procedure of trying to obtain access to

4
5

COM (2004) 835, 28 December 2004.

Hereafter I will refer to SIS I when meaning the rst generation SIS operational since 1995
and use SIS II for the future second-generation SIS.
P. Boeles a.o., Border control and movement of persons. Towards eective legal remedies for individuals
in Europe, Utrecht: Forum, 2004, p. 13.
This possibility is explicitly provided in the EC Directive 95/46 on data protection, Article 22.

Chapter 1

the data or to apply for correction or deletion under data protection law may
then take too long, considering the reason for which this person wishes to visit
one of the EU Member States.
Secondly, in the eld of immigration law decisions, tension traditionally exists
between the rights of the individual and the principle of state sovereignty. Based
on their sovereignty, national governments claim to have a wide margin of appreciation in deciding who may enter the national territory and who may not.
Additionally, the right to legal remedies in immigration law procedures is not a
matter of course. Especially in visa procedures, national laws do not always provide for legal remedies. Finally, based on the principle of sovereignty, it has been
argued that national courts are not competent to decide on the lawfulness of
decisions made by foreign authorities, including the decisions to report thirdcountry nationals in the SIS.

3. A Right to Eective Remedies?

3.1. Questions
The central question of my research is whether third-country nationals reported
in the SIS have access to eective remedies with regard to the storage and use of
this information. For this purpose, I will rst try to establish which rights of
third-country nationals are at stake when dealing with the use of the SIS I.
Secondly, I will investigate which right to eective remedies can be derived from
European (immigration and data protection) law, in order to protect these rights.
The practical meaning of the right to eective remedies is dependent of the
implementation at the national level. Therefore, I will examine the use of the SIS
I and the implementation of CISA and relevant rules at the national level.
Dealing with the law of respectively France, Germany, and the Netherlands,
I will try to answer the following sub-questions: What are the consequences of
the use of SIS I for the legal position of third-country nationals? What are the
criteria for which they can be reported in this database? What are their rights
under national law?
Based on my ndings with regard to the right to eective remedies in European
law and its implementation in national law, I will seek to answer two additional
questions. Firstly, what is the added value of data protection law? Does this provide
extra legal protection for the persons involved or does it only include soft rules?
Secondly, which lessons can be learned from more than ten years using the SIS I
with regard to the development and use of SIS II and other EU databases? What
recommendations can be made to guarantee the rights and legal protection of persons reported as inadmissible aliens in the EU?

Introduction

3.2. Criteria to Assess Availability of Eective Remedies

As a tool to describe the availability of the right to eective remedies in the eld
of immigration and data protection law, I consider it useful to apply a set of
minimum requirements or criteria. In an earlier study, Fair Immigration
Proceedings in Europe, Boeles dened eective legal remedies as a procedure
which is designed so that the maximum chance exists for review of the action or
failure to act of a government on the basis of a legal rules whose aim is (inter alia)
to protect individuals.8 In his study, Boeles used six criteria which in his view
would maximise the chance of eective legal remedies:
1)
2)
3)
4)

proceedings must exist and be accessible by the individual;

proceedings must have the character of judicial proceedings;
legal and linguistic assistance to parties must be guaranteed;
individuals must be able to overcome fait accompli (proceedings have suspensive
eect or court is competent to take interim measures);
5) the court must be able to take account of all essential aspects;
6) appeal at higher level must be available.
For each of these criteria, Boeles made an analysis of the international standards
which are to be considered binding within the legal framework of the EU, referred to
by Boeles as the Regional Acquis of the European Union. From his study, one can
learn that international law in 1997 did not require the fullment of each of these
criteria and that, with regard to the availability of eective remedies, one single answer
is not easy to give, because of the wide range of situations and decisions at stake.9
The present study will not repeat the Boeles exercise, describing the current
state of law on eective remedies in immigration law. The emphasis of this study
lies on the relationship between the use of EU databases and the rights of thirdcountry nationals. Therefore, the sources I use are not limited to the applicable
standards of immigration law, but also include Article 8 ECHR on the right to
private life and the European law on data protection. On the other hand, I will
only consider European standards, not other international norms. This is partly
for practical reasons, in order to limit the scope of my research, but also because
European law seems to play a more central role with regard to my topic. By
European law, I am referring to the immigration law and data protection principles adopted or incorporated within the legal framework of the EU, including

P. Boeles, Fair Immigration Proceedings in Europe, The Hague: Martinus Nijho Publishers,
1997.
This included the UN Declaration on Human Rights, the ECHR, the Convention on the Status
of Refugees and the Convention on the Status of Stateless Persons, the Convention on the Rights
of the Child, the ILO Convention on Migrant Workers, the European Social Charter, etc.

Chapter 1

the Treaty of the European Communities (TEC), the Treaty of the European
Union (TEU) and the relevant instruments of the Council of the Europe, including
the European Convention on Human Rights (ECHR).
Inspired by the criteria developed in Boeles research, I will use the following
questions to assess the applicable laws.
a)
b)
c)
d)

Is there a right to appeal to an impartial and independent authority?

Are the legal remedies accessible?
What is the scope of the review?
What are the competences of the (judicial or non-judicial) authority?

The rst criterion refers to the question whether the applicable law requires access
to judicial or non-judicial remedies. If the law only provides for access to nonjudicial authorities, for example data protection authorities, are these authorities
to be regarded as impartial and independent authorities?
The second criterion refers to the accessibility of the legal remedies in question. Does a person know that he or she may appeal against a negative decision,
or a ban on entry? What procedural guarantees should be in place to ensure that
a third-country national can use his right to legal remedies? Boeles third criterion, the right to legal and linguistic assistance, will not be dealt with separately,
but is considered as part of the accessibility of remedies.
With regard to the criterion of scope of review, I refer to what exactly can be
reviewed by the judicial or non-judicial authority. Can a court or authority review
every aspect of a national administrative decision, or are there certain limitations
based on the sovereignty of the administration involved? Does the court or
authority have the power to assess foreign decisions, including foreign decisions
to report a third-country national in the SIS?
Finally, I will question the competences of the court or authorities. This
includes the power to restore the rights of the applicants, as well as to issue nes
to the administration.
With the sole purpose of limiting the scope of this research, I chose not to deal
separately with the right to higher appeal. It is nonetheless beyond doubt that
the right to have ones case reviewed at a higher level is important for several reasons. On the one hand, the review of the judgment of a lower court by a higher
court could provide for more uniformity in law. On the other hand, for the
individual it includes a second chance of review which, under certain circumstances, might be crucial for the protection of his or her rights. In his study in
1997, Boeles concluded that the law of his Regional Acquis generally does not
require the possibility of appeal to a higher instance. One could however conclude with Boeles that on the basis of the principle of non-discrimination, if
national law oers a remedy to a higher court to its own citizens, under EU law
the legislator should provide equal protection to non-citizens.

Introduction

4. Outline
Part I of my study describes the impact of the SIS I on the legal position of thirdcountry nationals in the EU. I will rst give an historical overview of the abolition
of internal border controls and the freedom of movement of persons in the EU.
We will see how SIS I has been established as a compensatory tool for this abolition of internal border controls. Therefore, in Chapter 4, I will describe the development of the SIS II and the nal adoption of the SIS II Regulation 1987/2006 in
December 2006. In Chapter 5, I will compare the functioning of the SIS to other
EU databases such as Eurodac, and the proposed VIS. For what purposes are these
databases established, how are they used and what is their mutual relationship?
Part II of my study presents the institutional framework of my study: the protection of individual rights stemming from general principles of European law. Chapters
6 to 9 describe the sources of European law relevant to my subject: the right to eective remedies for third-country nationals reported in SIS I and other EU databases.
These sources include the ECHR and EU law, dealing with data protection law
decisions and immigration law decisions. In Chapter 10, I will consider whether a
right to eective remedies can be derived from the general principles of EU law.
Part III deals with the implementation of Article 96 CISA and the right to legal
remedies for third-country nationals reported in the SIS at national level. To
describe the implementation of the CISA and the rules on the SIS I, I have chosen
France, Germany and the Netherlands. Aside from practical reasons, this choice is
based on the fact that these countries have been involved in the development of the
Schengen cooperation and SIS I right from the start. The three countries provided
a signicant proportion of the Article 96 alerts in the SIS. In addition, these countries have a long history of developing data protection law and a developed system
of judicial remedies in immigration law. In the national Part, I will describe the
national criteria for reporting third-country nationals in the SIS I on the basis of
Article 96 CISA, and the provisions in national law with regard to the rights of the
persons concerned. Finally, an analysis will be made of the available case law to see
how the national courts and data protection authorities have dealt with individual
complaints with regard to the SIS.

5. Denitions and Explanation of Used Terms

National and EU policy-makers tend to use dierent denitions to describe individuals who are non-citizens of their countries or the EU. These denitions
include, for example, foreigners, aliens and immigrants. In this study, when
referring to a non-EU citizen, I generally prefer to use the term third-country
nationals. Only when these terms are explicitly used in national legislation, I will

Chapter 1

refer to aliens or foreigners. As we will see in Chapter 4, the SIS II Regulation

1987/2006 gives a narrower denition of third-country national, in that it
excludes both EU citizens and nationals of third countries who enjoy the rights of
free movement under the agreements between the EC and these third countries.
Regarding Schengen, authors generally refer to the Schengen Convention
or the Schengen Implementing Agreement. However, I prefer to use the same
reference used by the EC Court of Justice in its jurisprudence: the Convention
Implementing the Schengen Agreement or CISA.10
I will use the terms European Communities and EC Member States when
dealing with developments before the Treaty of Maastricht entered into force in
1993, establishing the European Union. As of that date, I prefer to use European
Union and EU Member States. Only when describing legal instruments
explicitly based on the Treaty of the European Communities (TEC), I will refer
to EC law or EC instruments.
Commentators on data protection law generally make an explicit dierence
between the words data and information. Where data is used to describe
the input of words, signs or bits and bytes which have no independent meaning,
information describes the meaning or knowledge which can be assigned to
those data. Starting with the presumption that any data gathered or stored concerning an individual can result in real information on this person, I will use the
two words indiscriminately.
Finally, data subject is used to describe the person who is the subject of the
data processing or, in other words, about whom the information is collected,
stored or processed. Whereas data holder, data owner and data controller are
generally used to describe the organisation or authority responsible for the data
processing, data user refers to the person or organisation using the information.

6. Sources and Interviewees

For this study, I used mainly information from publicly available sources including
national and EU legislation, jurisprudence and legal and non-legal publications.
Only with regard to my description of the history of the Schengen negotiations
and decision making, I used personal archives of Kees Groenendijk and myself.
In order to collect additional information on the legislation and practical measures
in France, Germany and the Netherlands, I conducted interviews with a number
of persons in these three countries. These persons were working as professionals in
this area, as lawyers, judges, government ocials, in NGOs, as members of national

10

See for example ECJ, C-150/05 Van Straaten v. the Netherlands and Italy.

Introduction

data protection authorities and, nally, as academics. I completed my research in

December 2006. Exceptionally, I incorporated important developments between
December 2006 and June 2007.
Persons interviewed in France (spring 2005):
Caroline Intrand, legal ocer of the NGO Cimade, Paris;
Florence Fourets, head of the unit Direction de lexpertise informatique et des
contrles of the French Data Protection Authority (Commission National
dInformations et des Liberts, or CNIL), Paris;
Sylvia Preuss-Laussinotte, professor of public law, University de Paris-X,
Nanterre, Paris
Further information was provided in writing by:
Lt-Col Jean-Franois Impini (Centre de Prospective, Gendarmerie Nationale);
Didier Bigo (Matre de confrences des universits Sciences-Po, Paris, CERI); and
Roger Errera (former judge of the Conseil dtat).
Persons interviewed in Germany (spring 2005):
Volker Westphal, Federal Police (Bundespolizei), Lbeck;
Wolfgang von Pommer Esche, head of the unit Police Intelligence Service,
Federal Data Protection Commissioner (Bundesbeauftragter Datenschutz), Bonn;
Thilo Weichert, Schleswig Holstein Data Protection Commissioner
(Landesbeauftragter Datenschutz Schleswig Holstein), Kiel;
Angelika Schriever-Steinberg, head of the unit C2, Hesse Data Protection
Commissioner, (Landesdatenschutzbeauftragte Hessen), Wiesbaden;
Martin Tuner and Manuela Brenner, head respectively ocer of the SIRENE
Unit, Federal Criminal Police Oce (Bundeskriminalamt or BKA), Wiesbaden
Persons interviewed in the Netherlands (summer 2004):
Michiel Tjebbes, lawyer at Everaert Advocaten Immigration Lawyers,
Amsterdam;
Eppo Mol, privacy ocer of the Dutch National Police (Koninklijke Landelijke
Politiediensten, or KLPD) Zoetermeer;
Stefan Rst and Janneke Bol, legal ocers of the Immigration and
Naturalisation Oce (Immigratie- en Naturalisatiedienst, or IND) Rijswijk;
Niels Groenhart, legal ocer of the Data Protection Authority (College
Bescherming persoonsgegevens, or CBP) The Hague.
A general call for immigration lawyers was published in the Dutch journal
Migrantenrecht, summer 2004 issue, to forward information or case law on SIS and
Article 96 CISA. This did not yield any response. Further (statistical) information

10

Chapter 1

was kindly submitted by Gerrit Huybrechts of the Directorate-General for Justice

and Home Aairs, Council Secretariat, Brussels. Peter Michael of the Joint
Supervisory Authority (JSA), Brussels, also provided information by telephone.
In order to keep abreast of the most recent decision-making on SIS II, Eurodac,
VIS or biometrics, the author gratefully used the website of Statewatch: http://
www.statewatch.org.

Part I
Border Control and Data Surveillance in the EU

Chapter 2
Towards Schengen: The Abolition of Internal
Border Controls in Europe
In order to eectively implement visa policy and the jointly dened controls along
our external borders, we feel it is essential that we should begin to exchange information about persons who must be refused access to the territories of one of our
Member States on the grounds that their presence there could threaten security or
public order in one of our states and we have decided to look into the best ways of
doing this, with special reference to computerisation.1

1. Introduction: Abolition of Internal Border Controls

The development of EU databases is closely related to the emergence of a Europe
without internal frontiers. With European integration, which was given a formal
boost with the signing of the Single European Act in 1986, the borders of the
Member States of the European Communities (EC) became an issue of shared
responsibility. The abolition of internal border controls was accompanied by different, so-called compensatory measures. To justify these measures, national governments relied heavily upon the symbolic function of borders or frontiers.2
Since borders have dierent functions, the compensatory measures to be developed
diered accordingly. For example, the idea that the abolition of internal border
controls would give criminal organisations the opportunity to move wherever
they please and that this would increase cross-border criminality was used to
justify the development of Europol and Eurojust and the introduction of the

Declaration of the EC Ministers dealing with immigration matters, 15 December 1989, Press
90/02/02.
See, for the evolution and the meaning of the concept of frontiers: D. Bigo & E. Guild (eds.)
Controlling Frontiers. Free movement into and within Europe, Aldershot: Ashgate 2005, and
M. Anderson, D. Bigo, What are EU frontiers for and what do they mean?, in: K. Groenendijk,
E. Guild & P. Minderhoud, In Search of Europes Borders, The Hague/London/New York: Kluwer
Law International 2003, p. 725.

Evelien Brouwer, Digital Borders and Real Rights, pp. 1346.

2008 Koninklijke Brill NV. Printed in the Netherlands.

14

Chapter 2

European Arrest Warrant.3 The traditional use of borders as a source of income

by raising taxes on the import of goods was compensated by mutual cooperation
between the customs authorities of the EU Member States and the completion of
the Customs Union.4
Regarding the function of borders for immigration policy, the EC Member
States sought to compensate for their internal border controls by moving their
powers to external borders and even to the countries of origin of immigrants.
This includes the establishment of a more stringent and uniform visa regime, but
also the introduction of pre-boarding checks and the posting of liaison ocers in
the countries of origin.5 More recently, the EU Member States are preparing to
deploy maritime police teams in extraterritorial waters to prevent the arrival of
immigrants by boat.6
With regard to the use and sharing of information, the EU governments enabled their national authorities to exchange their information mutually in the
eld of criminal law and customs policy through the use of Europol, Eurojust
and the Customs Information System. Between 1995 and 2006, by far the largest database used in the EU is the Schengen Information System or SIS I.7
In 2006, this database included information on 15 million objects and individuals. Planned as an intergovernmental experiment by the Benelux countries,
France and Germany, the SIS I is used by 15 states including thirteen EU
Member States and the non-EU Member States Iceland and Norway. As we will
see below, in 2008, the new version of SIS, or SIS II, is planned to be used by at
least 31 European States including the 27 EU Member States and four non-EU
Member States (Iceland, Norway, Liechtenstein and Switzerland.

See respectively the Europol Convention based on Article K.3 of the Treaty on European Union,
OJ C 316, 27.11.1995, the Council Decision 2002/187/JHA of 28 February 2002 setting up
Eurojust with a view to reinforcing the ght against serious crime OJ L 63/1, 6.3.2002 and the
Framework Decision on the Arrest Warrant of 13 June 2002, L190/1, 18.07.2002.
See the Naples Convention on mutual cooperation between customs authorities signed by six
EC Member States in 1967, which was repealed by the so-called Naples II Convention of 18
December 1997, OJ C 24, 23.01.1998. See also Council Regulation 2913/92 of 12 October
1992 establishing the Community Customs Code, OJ L 302, 19.10.1992.
See Regulation 539/2001 determining the countries whose nationals must have visas to cross
external borders of the Member States, OJ L 81, 21.3.2001, the Schengen Common Consular
Instructions, OJ L 176, 10.7.1999 and the Council Regulation 377/2004 of 19 February 2004
on the creation of an immigration liaison ocers network, OJ L 64, 2.3.2004.
Communication from the Commission to the Council, Reinforcing the management of the
European Unions Southern Maritime Borders, COM(2006) 733 nal, 30 November 2006.
To distinguish the original SIS from the second generation SIS or SIS II, to be discussed in
Chapter 4, I will refer further to SIS I.

Towards Schengen: The Abolition of Internal Border Controls in Europe

15

To understand the relatively successful integration of the intergovernmental

Schengen cooperation into EU law and the expanding role of the SIS I, it is
necessary to describe the European history of immigration law and border policies. In this Chapter, I try to reveal how a small group of EC Member States were
able to reach agreement within the intergovernmental Schengen framework,
while at the same time governments were trying hard to maintain their national
sovereignty and the European Commission was attempting to lift this decisionmaking to the community level. In Chapter 3, I will describe the development
and use of the SIS I itself.

2. The Internal Market and the Free Movement of Persons: Setting Goals
2.1. Between 1957 and 1985: From the Treaty of Rome to the
Commissions White Paper
When the European Economic Community was established by the Treaty of Rome
on 25 March 1957, the abolition of internal border controls was not one of its primary goals.8 The Treaty of Rome formulated the freedom of movement for goods,
services, capital and persons, but freedom of movement for persons only applied to
nationals of the Member States conducting any kind of economic activity, such as
workers, the self-employed and those providing services. Those privileged persons
could enter and leave the territory of Member States by showing their passport or
identity card.9 The application of these rules was gradually widened by the case-law
of the Court of Justice (ECJ).10 However, since the EU governments were reluctant
to change the impact of border controls on persons, the Council persisted in closely
linking the freedom of movement of persons to the economic activities of EC
nationals. Likewise, the Treaty did not include a substantive legal basis for
immigration and asylum policy with regard to third-country nationals.
The abolition of internal border controls did not reach the EC agenda until
1972, with the so-called Tindemans report.11 This report reected on the need to

9
10

11

Treaty establishing the European Economic Community entered into force on 1 January 1958
and was signed in 1957 by the Benelux countries, France, Germany and Italy.
Directives 68/360 of 15.10.1968, OJ 168 L 257/13, 73/148 21.05.1973, OJ 1973, L 172/14.
See, for example, the judgment of 27 April 1987, case C-321/87, Commission v. Belgium, ECR
[1989] 997, in which the Court accepted the Belgian practice of frontier spot checks on nonBelgian Community nationals to determine whether they were carrying their residence permits
was not contrary to the Community rules, as long these checks were not being carried out in a
systematic, arbitrary or unnecessarily constricting way.
J.P.H. Donner, Abolition of Border Controls, in: H.G. Schermers et al. (eds.), Free movement of
persons in Europe: legal problems and experiences, Dordrecht: Nijho 1993, p. 5.

16

Chapter 2

lift border controls as a measure to make the Community more real to its citizens.
Although the Tindemans report did not receive warm support from the dierent
Member States, it formed the basis for the further development of concepts such
as the Passport Union and a Europe of the citizen. In the same year the
Tindemans report was published, the EC was enlarged to nine countries.12 One
could say that this enlargement on the one hand strengthened the motivation of
Member States to establish an area in which the four freedoms of movement was
applied, while at the same time this hampered the achievement of political
agreement on the necessary measures.
The foundations of the notion of lifting internal border controls were laid at
the European Conference of the Heads of State at their meeting of 910
December 1974.13 At this meeting in Paris, the Council created a Working
Group to investigate the possibilities for establishing a Passport Union. This
Passport Union had to include a uniform passport for EC citizens. In the longer
term, this would lead to the harmonisation of immigration law and the abolition
of passport control at the internal borders. A year after this European Conference,
in July 1975, the European Commission published two reports. In the rst report
on the Passport Union, the Commission proposed not only the introduction of
a uniform passport and the lifting of passport controls at internal borders, but
also common control measures at external borders. The second report concerned
the granting of privileged rights to EC nationals, including political rights and the
right to gain access to public functions.14 A Commission proposal for a directive
on a uniform model for a passport was only accepted in the form of a resolution
by the Council of Ministers on 23 June 1981.15
Despite the continuing discussion on this subject, between 1974 and 1985 no
serious legislation on the abolition of internal border control was adopted within
the EC framework. In June 1984, the Council and the representatives of the
Governments only adopted a resolution on the simplication of border-crossing
formalities for EC nationals at internal frontiers.16 In Fontainebleau, at its meeting
of 2526 June 1984, the European Council adopted a declaration on the concept
of a citizens Europe. At the same time, the Council instructed the so-called

12

13

14
15
16

In 1973, the EC was joined by the Denmark, Ireland, and United Kingdom, OJ L 73, 27.3.1972.
Greece became an EC Member State in 1981 (OJ L 291, 19.11.1979) and Portugal and Spain
in 1986 (OJ L 302, 15.11.1985). Austria, Finland, and Sweden joined the EC in 1995 (OJ
C 241, 29.8.1994) 1.
See H. Verschueren, Vrij verkeer van personen in Schengen-Verdragen, in: C. Fijnaut, J. Stuyck,
P. Wytinck, Schengen: Proeftuin voor de Europese Gemeenschap?, Antwerp: Gouda Quint 1992,
p. 1354.
EC Bull. Suppl. 7/75.
See OJ 1981, C 241 and OJ 1982, C 179.
OJ C 159, 19.6.1984.

Towards Schengen: The Abolition of Internal Border Controls in Europe

17

Adonnino Committee to examine measures regarding the abolition of police and

customs formalities with regard to the movement of persons and goods across
internal borders.17 Responding to a request made by the European Parliament,
the European Commission published a proposal for a Directive on the reduction
of controls and formalities applicable to nationals of the Member States when
crossing intra-Community borders.18 This draft Directive of 23 January 1985
included a proposal for a system of spot checks at all the internal frontiers in the
EC, regardless of the means of transport used. After the debate in the European
Parliament, the Commission proposed an amendment which also included the
abolition of controls upon departure.19 However, the proposal was never adopted
and was later withdrawn by the Commission.
2.2. The Commissions White Paper on the Completion of the Internal Market
On 14 June 1985, the European Commission presented a White Paper on the
completion of the internal market with a list of measures which were considered
necessary in order to achieve an internal market without internal border controls.20 With this paper, the Commission tried to nd support for the idea that
the abolition of internal border controls was something to be dealt with within
the EC framework. The Commission announced that by 1988 a proposal was to
be made for the complete elimination of checks when leaving one Member State
and entering another. With regard to third-country nationals, the Commission
recognised that the free movement of persons and the abolition of border control
would apply to all persons, regardless of their nationality. Therefore, the abolition
of checks at internal borders would also make it much easier for non-Community
citizens to move from one Member State to another. For this reason, the
Commission announced that it would propose by 1988 at the latest the coordination of rules on residence, entry and access to employment with regard to nonEC citizens. In addition, the Commission called for a Community policy on
visas. The adoption of these measures in the eld of immigration policy by the
Council and the enhanced cooperation between police and other relevant agencies
within the Member States would, according to the Commission, enable the
elimination of police checks at internal frontiers by 1992.

17

18

19
20

Ad hoc Committee set up for examining the creation of a peoples Europe, report published in
Bulletin of the European Communities, suppl. 7/85, 1985.
OJ 1985, C 47/5, 19.2.1985.This proposal was also a reaction to the Franco-German Agreement
of Saarbrcken of July 1984 (see below).
COM (85) 224 OJ C 131, 30.05.1985.
COM (85) 310, Brussels, 14 June 1985. On the same date, ve Member States signed the
Schengen Agreement which formed the cornerstone for further intergovernmental cooperation
in the same area, see further below.

18

Chapter 2

3. From 1985 to the Completion of the Single Market: Dening Powers

Although the European Council supported the initiative of the European
Commission with regard to the abolition of internal border controls, the governments were reluctant to transfer all their powers to the Commission.21 In 1985, ve
Member States (Germany, France, the Netherlands, Denmark and the UK) even
challenged the Commission before the ECJ, claiming that EC law did not empower
the Commission to adopt a Decision which requested the states among others to
notify the Commission of proposals for amendments to their immigration laws.22
The consensus between the EC governments about the need to lift internal border controls was formalised with the signing of the Single European Act (SEA) in
February 1986.23 Article 8A (later Article 14) of the new EC Treaty (hereafter: TEC)
dened the concept of the single market as an area without internal frontiers in
which the free movement of goods, persons, services and capital is ensured within
the provisions of this Treaty and the deadline for establishing the internal market
was set at 31 December 1992.24 However, it was still hard to reach political agreement on eective measures on internal and external border control controls within
the EC framework. Qualied Majority Voting (QMV) was introduced for the decision-making on key aspects of the single market programme, but this did not cover
the free movement of persons based on the new Article 100A inserted in the TEC
by the Single Act. In a declaration to the SEA, the Council conrmed that Member
States would cooperate in the eld of entry, movement and residence of third-country
nationals.25 At the same time, in the declaration on Article 8A, the governments
made it clear they did not wish to abandon their legislative powers all at once:

21

22

23
24

25

See Trsten Stein, in his statement for the British House of Lords: The decision to completely abolish
all border controls thus appears to be a political decision which one may welcome or not, but not a
decision which is dictated by Community law as it stands; House of Lords Select Committee on the
European Communities, 22nd Report 1992: Border Control of People, 7 November 1989, p. 7.
Germany and others v. Commission, 9 July 1987, ECR 3203. In its judgment, the Court denied
the absolute sovereignty of Member States on immigration policy. The Court did not accept the
French position that policy on foreign nationals involved questions of public security, for which
Member States were solely responsible. See for a more detailed analysis: E. Guild, European
Community Law from a Migrants Perspective, The Hague/London/Boston: Kluwer Law
International 2000, p. 210.
OJ L 169, 29.06.1987, p. 1.
In fact, Member States disagreed on the direct eect of this deadline, whether all internal border controls would have to be lifted by this date and on the interpretation of Article 8A. As we
will see below, this date became a crucial deadline for the development of Schengen as well.
In order to promote the free movement of persons, the Member States shall cooperate, without
prejudice to the powers of the Community, in particular as regards the entry, movement and
residence of nationals of third countries, OJ L 169, 29.06.1987, p. 26.

Towards Schengen: The Abolition of Internal Border Controls in Europe

19

The Conference wishes by means of the provisions in Article 8A to express its rm

political will to take before 1 January 1993 the decisions necessary to complete the
internal market dened in those provisions, and more particularly the decisions
necessary to implement the Commissions programme described in the White Paper
on the internal market. Setting the date of 31 December 1992 does not create an
automatic legal eect.26

The Member States strongly disagreed with the Commission on the competence
of the Commission in the eld of immigration law. Illustrative of this ongoing
dispute is the general declaration which was added to the SEA with regard to the
right of the Commission to submit proposals on the basis of Article 8A and
100A TEC:
Nothing in these provisions shall aect the right of Member States to take such
measures as they consider necessary for the purpose of controlling immigration
from third countries and to combat terrorism, crime, trac in drugs and illicit trading in works of art and antiques.27

The governments held the view that the creation of the internal market would be
dependent on measures to be taken by the Council of Ministers.28 Another stumbling block for further negotiations within the EC framework was the disagreement between the Member States about the scope of the denition of internal
market and free movement of workers. In particular the UK, initially supported
by Greece and Denmark, believed that this free movement and the subsequent
abolition of internal border control only applied to EC workers. As a result, these
countries claimed, controls at the internal borders would have to remain, to
check whether someone is an EC national or a third-country national.
In 1988, the Commission published a Communication on the abolition of controls of persons at intra-Community borders.29 In this paper, the Commission called
for acceleration and a new political impetus with regard to decision-making in
this area. The Council should play a stronger role by co-ordinating negotiations
which, at that time, took place in various groups. According to the Commission,
this work needed to be speeded up in order to respect the 1992 timetable. The
Commission considered itself competent to come forward with proposals for
legislation if the intergovernmental framework failed to develop the necessary
instruments. Despite this statement, the Commission made no real progress in
law making. As the 1993 deadline approached, no real proposals in this eld
26
27

28

29

OJ L 169, 29.06.1987, p. 24.

See, for more detail on the meaning of Article 8 and the additional declarations, E. Guild
(2000), p. 199.
See the Dutch government in its report on Border Control of 1 July 1987 to the Dutch
Parliament, 19861987, 20031, 12, p. 29.
COM (88) 640 nal, 7 December 1988.

20

Chapter 2

were published. This lack of initiative motivated the European Parliament, on

18 November 1993, to launch proceedings before the Court of Justice. The
European Parliament claimed that, contrary to the provisions (in particular
Articles 14 and 211) of the EC Treaty, the Commission failed to submit proposals
which are necessary for the achievement of the free movement of persons.30 In
the summer of 1995, the Commission published three draft directives: on the
abolition of internal border controls on persons, on the right of third-country
nationals to travel in the Community, and on the abolition of restrictions on
the movement of EU workers and their families.31 As a result of these legislative
proposals, the European Parliament withdrew its action before the Court.

4. Intergovernmental Negotiations on the Abolition

of Internal Border Controls
4.1. Other Examples: The Benelux, the Nordic Union, Ireland
and the United Kingdom
The awareness of the economic advantages of abolishing or reducing internal
border controls resulted in closer cooperation between smaller groups of
European countries.32 Aside from the Schengen negotiations which will be discussed below, this also occurred within the framework of the Benelux Economic
Union, the Nordic Union, and between the Republic of Ireland and the United
Kingdom. The Benelux Treaty provided free movement to the nationals of the
three Benelux countries and equal treatment with regard to residence and settlement.33 The Treaty was followed by the Agreement on the transfer of border controls of persons to the external frontiers of the Benelux area.34 Article 2 of this
Benelux Agreement states: From such time as this Agreement enters into force
each of the High Contracting Parties shall cease to exercise controls on persons
along their common borders, and shall exercise controls at their external borders
which shall apply to the Benelux area. This implied that the checks at the

30

31
32

33

34

C-445/93, European Parliament v. Commission, OJ 1994 C 13/1. See E. Guild, (2000),

pp. 203205.
OJ 1995, C 139, OJ 1995, C 305 and OJ 1995, C 307 respectively. See E. Guild (2000), p. 204.
See also J. Niessen, The Heyday of Intergovernmentalism (19851993), in: E. Guild &
J. Niessen, The Developing Immigration and Asylum policies of the European Union, The Hague/
London/Boston: Kluwer Law International 1996, p. 26.
The Benelux Treaty of 3 February 1958, Tractatenblad (Dutch Series of Treaties) 1958, 18,
entered into force on 1 November 1960.
The Benelux External Borders Agreement was signed on 11 April 1960, Tractatenblad 1960, 40,
and came into eect on 1 July 1960, before the Benelux Treaty.

Towards Schengen: The Abolition of Internal Border Controls in Europe

21

internal borders ceased to exist as well for third-country nationals.35 The Benelux
Agreement was later used as a model for the Schengen treaties. The Nordic
Passport Union was established on 12 July 1957 between Denmark, Norway,
Sweden and Finland.36 Iceland acceded on 24 September 1965. The Nordic
Union included the abolition of passport control at the common internal borders. Between Ireland and the United Kingdom, limited border controls apply to
their mutual citizens and to third-country nationals.37 Furthermore, dierent
European countries have established bilateral agreements on the reduction of
controls at their mutual borders.38
4.2. Between 1985 and 1989: The Schengen Negotiations
Schengen is without doubt the most important example of intergovernmental
decision-making within the eld of police cooperation and border and immigration
policy. The Schengen cooperation has its roots in the Saarbrcken Agreement of
13 July 1984 between France and Germany. With this treaty, signed by the
Federal Chancellor of Germany, Helmut Kohl, and the President of France,
Franois Mitterrand, the two countries agreed to gradually abandon controls at
their mutual borders. This cooperation would provide the basis for the further
establishment of a Single Market between the European countries. One of the
more practical rather than ideological motives of this agreement was the need for
the French government to seek a solution to the ongoing strikes by French truck
drivers and customs ocials, protesting against the long queues at internal borders. Concerns for the economic consequences and the pressure from its international transport organisations also encouraged the Dutch government to start
negotiations with the German government in March 1984. At their meetings in
the autumn of 1984, the governments of the Benelux countries agreed to hold
35

36

37

38

See further, on the free movement of persons and Benelux, J.J.A.M. Van Winckel, Het personenverkeer in de Benelux, SEW 7/8, 1982, p. 552562.
The exemption from passport control for travel between the Nordic Countries included thirdcountry nationals travelling directly from one Nordic state to another, see K. U. Kjaer, How
Many Borders in the EU?, in: Groenendijk, Guild & Minderhoud (2003), p. 177. See also
J. Vedsted-Hansen, Abolition of Border Controls within the Nordic Region and Security of
Residence in Denmark, in: E. Guild & P. Minderhoud, Security of Residence and Expulsion:
protection of aliens in Europe, Leiden/Boston: Martinus Nijho Publishers 2001, p. 91102.
Because of the common travel area there are no immigration controls and crossing by vehicle
with simple visual check is normal. Select Committee on the European Communities, 1992:
Border Control of People, House of Lords, Session 198889, 22nd Report, p. 25.
See for example the Agreements between the Netherlands and Germany: with regard to the
joining of border controls and the establishment of mutual railway stations (Trb. 1958, 81); on
the regulation of border-related problems (Trb. 1960, 67, 68 and 69) and on small-vehicle
border trac (Trb. 1960, 162).

22

Chapter 2

further negotiations with France and Germany on the reduction of internal

border controls. This agreement was consolidated in the Memorandum of the
Benelux countries, adopted by the Committee of Benelux Ministers on 12
December 1984.39 This text was based on the Saarbrcken Agreement, but also
included a reference to the free movement of goods as a second goal. On the
basis of this Memorandum, further negotiations took place between France,
Germany and the Benelux countries. The Benelux acquis, including the
Agreement on the lifting of internal border control, and the decisions by the
Benelux Committee of Ministers on the basis of this Agreement, was used as a
model for the Schengen cooperation.40
On 14 June 1985, the Schengen Agreement on the Gradual Abolition of Checks at
their Common Borders was signed by Germany, France and the Benelux states.41 This
Agreement included short-term and long-term measures considered necessary for
the abolition of controls at the internal common borders of the signatory parties.
The central aim of the Schengen Agreement was not only to simplify the circulation
of goods and persons by providing harmonised rules on tax and customs, but also to
establish the basis for further cooperation in the eld of the protection of public
order and security, measures against the illegal trac in drugs, criminality and illegal
immigration. In Article 17 of this Agreement, the signatory states made it clear that
internal border controls should be transferred to the external borders. At the initiative of the German Ministry of the Interior, a text was included in the Agreement
referring to the need to elaborate compensatory measures for the safeguarding of
internal security.42 To that end, the participating states would have to harmonise
laws in advance and take complementary measures to safeguard security and combat illegal immigration by nationals who are not members of the European
Communities. The Agreement described the dierent elds in which harmonisation of the law would be necessary: police cooperation, judicial assistance and extradition, the law on drugs, arms and explosives, visa policy and entry conditions.
Five years later, the Heads of State of France, Germany and the Benelux countries signed the Convention Implementing the Schengen Agreement of 14 June 1985
on the gradual abolition of checks at their common borders (hereafter referred to as
CISA) on 19 June 1990. This Convention, to be discussed further in section 6 of
this Chapter, was the result of long negotiations in working groups composed of
senior ocials and national experts in several elds. In view of the diculties with
39

40
41
42

See the preamble to the Schengen Agreement of 1985 and the Dutch parliamentary notes:
Handelingen Tweede Kamer (Procedures of Lower House) 19841985, 18 941, no. 1.
C.D. de Jong, Cooperation in the eld of Aliens Law, in: Schermers (1993), p. 192.
Dutch Treaty Series 1985, no. 102.
See, for instance, S. Lavenex, The Europeanisation of Refugee policies. Between human rights and
internal security, Aldershot: Ashgate 2002, p. 87 .

Towards Schengen: The Abolition of Internal Border Controls in Europe

23

nding national support for Community legislation, the European Commission

seemed to accept and even to support the intergovernmental cooperation in this
eld as long as this provided concrete results.43 In the Communication of 1988 on
the abolition of controls for persons, the Commission claries this position with
regard to the Schengen developments:
In a separate but parallel and very relevant exercise the ve Member States who
signed the Schengen Agreement (France, Germany and the Benelux countries) have
committed themselves to a process with the aim of abolishing identity controls of
individuals at their common land borders. The Commission participates in the
work of the Schengen Group which it nds invaluable in formulating its ideas in
the wider Community context.44

In the Annex to this report, the Commission stated that: The Schengen initiative may help to speed up the removal of controls throughout the community.
In the eyes of the Commission, the pilot function of the Schengen cooperation
was very important even if, in the end, measures would have to be taken within
the Community framework. Or, in the words of Commissioner Bangemann:
The success of the Schengen Project will demonstrate the feasibility of the goal
of the European Single Market, and the technical possibilities to solve all the
complementary problems.45
4.3. The Immigration Ad Hoc Group, Trevi, and the Group of Co-ordinators
Within the larger framework, even EC Member States rmly rejecting the idea
of a Europe without (internal) frontiers, felt the desirability for co-ordination
and cooperation in certain areas. This desire was not only a reaction to the process which had been initiated by the Schengen States, but also a response to current developments such as confronting terrorism in Europe and the growing
number of asylum seekers in the 1980s. Key actors in these intergovernmental
negotiations were three groups: the Trevi Working Group, the Ad Hoc Group on
Immigration and the Group of Co-ordinators.
The Trevi Working Group has been established back in 1975 following a meeting
of the European Council in Rome.46 The Group was composed of the EC
43

44
45

46

J. de Zwaan, Institutional Problems and Free Movement of Persons, in: Schermers (1993),
p. 336.
COM (88) 640 nal, see paragraph 12.
Response by European Commissioner Bangemann to the written question of E. Glinne, MEP,
No 431/89, OJ 1990, C 90/11.
According to the Dutch government (letter to Parliament, 19861987, 20031, 12, p. 31), this
group was named Trevi because its rst meeting was in Rome and the Dutch Director-General
of the Police and one of the main initiators was called Fonteijn. Only later the name was
explained as an abbreviation of Terrorisme, Radicalisme Et Violence Internationale.

24

Chapter 2

Ministers of the Interior and met twice a year. It was supported by national ocers
negotiating in special working groups. The Trevi Working Group was set up in
order to respond to the terrorist attacks occurring in the seventies. With regard
to these events, the politicians felt that the existing framework of the international police organisation, Interpol, did not operate correctly.47 Originally, the
Trevi Working Group concentrated only on the ght against terrorism. But soon,
the group was dealing with other topics as well, including public order, police
training and the ght against drugs and serious crime. In 1980, its domain was
extended to the policy on illegal immigration and asylum ows. In 1988, Trevi
1992 was created to study the consequences of the abolition of internal border
controls in the EC. Trevi 1992 was also responsible for co-ordinating the negotiations on Europol.48 During the meetings of the Trevi Working Group, which
were held behind closed doors, important preparatory work was done for subsequent European decision-making in the eld of police cooperation and the ght
against organised crime.
During the second half of 1986, at the initiative of the British Presidency, the
Council of Ministers set up the Ad Hoc Group of Immigration.49 This Ad Hoc
Group, which met every six months, consisted of high-level immigration policy
ocials from the Member States. The Group was divided into six sub-groups
dealing with asylum, external frontiers, forged papers, admissions, deportations
and information exchange. The Commission was invited to take part in these
meetings of the Ad Hoc Group and the secretariat was provided by the Council
secretariat. After 1989, asylum and external frontiers became key issues for the
Immigration Ad Hoc Group. One of the achievements of the Ad Hoc Group was
the drafting of the Dublin Convention on the responsibility of a member state for the
examination of an application for asylum which is submitted in one of the EC
Member States. The text of this Convention was based on earlier drafts on this
subject for the CISA.50 An important dierence between the two regulations was
the fact that the CISA was founded on the premise of the abolition of internal
border controls, while under the Dublin Convention internal border controls
were to be maintained. In a decision by the Schengen Executive Committee of 26
April 1994 (known as the Bonn Protocol) it was agreed that the asylum provisions

47

48

49
50

C.J.C.F. Fijnaut, Police cooperation in Western Europe, in: Schermers (1993), p. 7592,
see p. 79.
M. den Boer, Justice and Home Aairs: Cooperation without integration, in: H. Wallace &
W. Wallace, Policy-Making in the European Union, Oxford: Oxford University Press 1996,
p. 394, Trevi was dismantled in 1992.
See de Zwaan (1993), p. 339340.
Convention of 15 June 1990, OJ C 254, 1997.

Towards Schengen: The Abolition of Internal Border Controls in Europe

25

of the CISA (Articles 2838) were to be replaced by the provisions of the Dublin
Convention, once this Convention had entered into force.51
In December 1988, the Rhodes European Council called for an intensication
of the eorts of the EC governments to proceed in the area of the free movement
of persons. To this end, the Council established a Group of Co-ordinators to
co-ordinate activities with regard to the achievement of the free movement of
persons within and outside the framework of the EC Treaty. This included the
work of the Trevi Working Group and the Immigration Ad hoc Group. The
Group of Co-ordinators drafted the so-called Palma document, subtitled Free
Movement of Persons.52 This document, adopted by the European Council of
Madrid in June 1989, included a rst detailed agenda and timetable for European
policy, to be discussed below.

5. Abolition of Border Controls and Compensatory Measures

5.1. The Function of Borders: Emphasis on Internal
Security and Immigration Control
During the negotiations on the free movement of persons, the participating states
and institutions were focussed from the outset on measures which could compensate for the loss of internal border controls. The freedom of movement of
persons or the abolition of internal border controls was used as a motive to adopt
other instruments to control individuals entering a given state. The European
Commission underlined in its White Paper of 1985 that the elimination of internal
border control should be complemented by administrative cooperation between
the police authorities and by networks for the transmission of information to
enable the police in the country of entry to carry out checks on behalf of the
police in the country of departure. A system of this kind would provide continuing
protection in the ght against terrorism. According to the Commission, such a
system would not preclude security checks (as opposed to identity checks) being
carried out at airports. The need for compensatory measures was also emphasised
in the preamble to the Maastricht Treaty of 1992, in which the EC governments
rearmed their objective to facilitate the free movement of persons, while ensuring
the safety and security of their people, by including provisions on Justice and
Home Aairs in this Treaty. Based on the third pillar of the Maastricht Treaty,

51

52

SCH/Com-ex (94) 3. This Protocol is published in Tractatenblad (Dutch Treaty Series) 1994,
no. 185; see also the Decision of the Schengen Executive Committee of 22 December 1994,
OJ L 239/130, 22.9.2000.
The full text of the Palma Document is published in Guild & Niessen (1996), p. 443.

26

Chapter 2

many instruments in the eld of police cooperation and criminal law were proposed and adopted.53
In practice, the decision-making with regard to these compensatory measures
remained outside the Community framework. Measures in the eld of immigration
and asylum law were placed alongside intergovernmental cooperation on international fraud, terrorism and drug tracking. Important factors for achieving
consensus were the negotiations in the Trevi Working Group and those between
the Schengen states.54 The rst consolidated document on compensatory measures
was the aforementioned Palma Document. The Palma Document dierentiated
between ad intra and ad extra measures. Where the rst category included
cooperation in the eld of combating terrorism, drug tracking and judicial
cooperation, the latter involved the (tightening of ) controls at external frontiers.
According to the Palma Document, these measures implied legal, administrative
and technical instruments and the harmonisation of criteria for the treatment of
non-Community citizens. Aside from a common list of countries whose citizens
are subject to a visa requirement and the harmonisation of criteria for granting
visas and a European visa, it was also considered necessary to establish a common
list of persons to be refused admission. According to this Palma Document, the
establishment of a system for the exchange of information about persons who are
either wanted or inadmissible would be an essential measure, to be achieved by
the end of 1990. The computerisation of the exchange of information needed for
visa processing was considered desirable and to be achieved by the end of 1991.
The program in the Palma Document to some extent copied the measures
included in the Schengen Agreement.55
In a declaration of 15 December 1989, the twelve Ministers responsible for
immigration policy conrmed their shared commitment to implement the Single
European Act and to create a space with no internal frontiers by the end of
1992.56 Among the measures necessary to achieve this goal, this declaration
referred to the harmonisation of visa practices and rules on the responsibility of
Member States for asylum applications. The Ministers also referred to the need
to share information: In order to eectively implement visa policy and the
jointly dened controls along our external borders, we feel it is essential that we
should begin to exchange information about persons who must be refused access
to the territories of one of our Member States on the grounds that their presence
there could threaten security or public order in one of our states and we have
53
54
55
56

See A.H. Klip, Uniestrafrecht is op hol geslagen, NJB 11 April 1997, vol. 15, p. 663671.
Den Boer (1996), p. 390.
J.J.E. Schutte, Strafrecht in Europees verband, Justitile verkenningen, 1990, no. 9, p. 10.
Declaration by the ministers concerned with immigration, 15 December 1989, Press,
90/02/02.

Towards Schengen: The Abolition of Internal Border Controls in Europe

27

decided to look into the best ways of doing this, with special reference to computerisation. According to this declaration, the exchange of information could
only be envisaged if the protection of individual liberties and privacy could be
guaranteed in advance.
In July 1998, the Austrian Council Presidency presented a condential Strategy
paper on immigration and asylum policy to the K4 Committee.57 In this socalled non-paper, the Austrian government proposed adopting a rm approach
towards asylum seekers and immigrants transiting or attempting to transit
through European territory. The paper focussed, among other things, on measures enabling the detection and removal of unwanted immigrants by controlling
every step taken by a third-country national from the time he begins his journey
to the time he reaches his destination (point 85).
5.2. Pre-Border Selection: Visa Policy
The power to decide which foreign nationals may enter a country and which
nationals may not, has always been among the competences of national states,
inherent to their national sovereignty. Regional agreements between European
states on the withdrawal of internal border control included cooperation in the visa
policy. However, this cooperation did not result immediately in common visa lists.
For example, Article 4 of the Benelux Agreement institutes a common visa policy
which led to agreements with third countries and (secret) ministerial visa instructions, but not to a common list. The preamble clause of the Nordic Passport
Control Agreement of 1957 included the governments intention to apply identical visa requirements and to aim for harmonised practices regarding the issue of
visas. Article 4 of the Nordic Agreement only prescribed consultation between the
Nordic states in the event of a change in visa requirements.
Within the Schengen framework, the participating states established a common
visa list for the rst time. This list included the third countries for which nationals
should obtain a visa before being allowed entry into the Schengen territory. With
regard to the general visa policy, Article 20 of the Schengen Agreement of 1985
provided that the Schengen states would seek the harmonisation of their visa
policies as one of the measures to be taken in the longer term. The Convention
on the Implementation of the Schengen Agreement of 1990 (or CISA, see further below) only provided for the harmonisation of the short-stay visa policy.
This resulted in the Common Visa Instruction, adopted in a decision of the
Executive Committee on 14 December 1993, with a (condential) annex containing a joint list of states whose citizens are required to hold a visa by all
57

1.7.98, 9809/98 CK4 27, ASIM 170, Limite; Second draft, 29 September, 9809/1/98, Rev. 1
Limite, CK4 27, ASIM 170.

28

Chapter 2

Schengen states (the so-called black list) and a list of countries whose nationals
did not require a visa (white list).58
The European Ministers responsible for immigration had been trying since 1987
to draw up a common list of countries whose nationals would require a visa before
entering a Member State. On 1 January 1988, the Trevi Group decided to introduce a visa obligation for the nationals of fty countries. The Ministers agreed that
harmonisation of the entry document should be based on solidarity, regardless of
whether a Member State was having a problem with a particular country or not.59
In deciding whether to place third countries on the black list, the Member States
used the following criteria: those countries which produced large numbers of
asylum seekers and illegal immigrants and those which posed a security problem.
It was also agreed that a list would be established of countries whose nationals did
not require a visa to enter one of the EU countries (the white list).
In 1993, on the basis of Article 100C TEC, the Commission submitted a proposal for a Regulation determining the third countries whose nationals must be
in possession of a visa when crossing external borders.60 Regulation 2317/95 was
adopted in September 1995.61 Whereas the draft proposal of the Commission
included 129 countries whose nationals must have a visa in order to enter a
member state, the list annexed to the nal Regulation reduced the number to
101 countries. In this Regulation visa is dened as: An authorisation given or a
decision taken by a Schengen state which is required for entry into its territory
with a view to an intended stay in that Schengen state of no more than three
months in all; or transit through that territory of that Schengen state or several
Schengen states except for transit through international zones of airports and
transfers between airports in a Schengen state.62 In 1995 a new Regulation
574/1999 on visa lists was adopted.63 This Regulation of 1999 was replaced in
2001 by Regulation 539/2001.64
5.3. Draft of an External Frontiers Convention
In June 1991, the Immigration Ad Hoc Group presented a draft for the External
Frontiers Convention. The central aim of this convention was to regulate joint
measures for external border control, a common visa policy and common rules on
access to the territories of the participating states. This draft Convention provided,
58
59
60
61
62
63
64

SCH/II-Visa (93) 11, 6th rev., corr. 4. These lists have been amended several times.
See Niessen (1996), p. 17 and 35.
OJ C 11/6, 15.01.1994.
Regulation 2317/95 of 25 September 1995, entering into force on 3 April 1996, OJ L 234.
See Article 5 repeated in the new Visa Regulation 2317/95, OJ L 234/1, 3.10.1995.
OJ 1999 L 72/2.
OJ L 81/1, 21.03.2001.

Towards Schengen: The Abolition of Internal Border Controls in Europe

29

among other things, for the establishment of a European Information System.

This system would, along the lines of its model, the Schengen Information
System (see below), include information on persons to be refused entry. Neither
the External Frontiers Convention nor the EIS became operational, partly due to
the ongoing dispute between the UK and Spain on the sovereignty of Gibraltar.65
The fact that the use of SIS I was extended to other EC Member States as well
made it less important to develop a separate European system. Like the Dublin
Convention, the draft External Frontiers Convention did not include rules on the
abolition of internal border controls. This illustrates that the compensatory measures had become an important, self-contained purpose of the EC Member States
and were independently handled.66 This policy was conrmed by the Commission
in a response in 1993 to a written question by the European Parliament members
Verhagen and Janssen van Raay: although the draft Convention is an essential
measure for the abolition of internal frontier checks, it is not a condition for the
realisation of this aim as clearly formulated in Article 8a of the EEC Treaty.67
5.4. An Area of Freedom, Security, and Justice
The Amsterdam Treaty codied the concept of an area of freedom, security and
justice.68 The preamble to the Amsterdam Treaty reads: Resolved to facilitate the
free movement while ensuring the safety and security of their peoples, by establishing an area of freedom, security and justice in accordance with the provisions
of this Treaty. Article 2 (4) of the EU Treaty speaks of an area of freedom, security and justice in which the free movement of persons is assured in conjunction
with appropriate measures with respect to external border controls, immigration,
asylum and the prevention and combating of crime. As we have seen above, the
reasons for the compensatory measures with regard to the abolition of internal
border controls were based on both economic and psychological grounds.69 Now,
with the Amsterdam Treaty, the compensatory measures became a goal of EU
cooperation in themselves.70 The Vienna Action Plan 1998, adopted by the
Justice and Home Aairs (JHA) Council on 3 December 1998, developed the

65

66

67

68
69
70

B. Melis, Negotiating Europes Immigration Frontiers, Deventer: Kluwer Law International 2001,
p. 139.
J.D.M. Steenbergen, De grenzen van Schengen, in: P.R. Giuseppin & W.A.M Jansen, Het
Akkoord van Schengen en vreemdelingen. Een ongecontroleerde grens tussen recht en beleid? Verslag
studiedag OSR 31 October 1996, Utrecht: NCB 1997, p. 19.
Answer of the Commission to written question no. 1137/92, published in Migration News Sheet,
March 1993, no. 120/93, p. 1.
OJ C 340, 10/11/1997. The Amsterdam Treaty will be dealt with further below.
House of Lords report on Border Control of People, November 1989.
See also section 7 below.

30

Chapter 2

further measures to be taken in order to establish the area of freedom, security

and justice71 This Action Plan was especially focussed on the security issue.
As Swart points out, even the notions of freedom and justice in this Action
Plan could be interpreted as aspects of security.72
The realisation of an area of freedom, security and justice was also the central theme of the special meeting of the European Council of 1516 October
1999 in Tampere (Finland).73 In its conclusions, the Council announced the
development of a more transparent decision-making process by making full use
of the powers of Amsterdam Treaty. In the eld of border control and illegal
immigration, the European Council underlined the need for a more ecient
management of migration ows at all their stages (point 22). In the rst place,
this included setting up information campaigns in close cooperation with countries of origin and transit concerning the possibilities for legal immigration and
for the prevention of all forms of tracking in human beings. The European
Council also underlined the need for the development of a common active policy
on visas and false documents and for closer cooperation between EU consulates
in third countries. Where necessary, the Member States should establish common EU visa issuing oces. The European Council asked the Schengen states to
cooperate with each other but also with Europol in the ght against criminal
networks facilitating illegal immigration. In the Tampere Conclusions, the
Council emphasised the need to prevent illegal immigration and for closer cooperation and mutual technical assistance between the Member States border
control services. However, data processing and the establishment of databases
was not a separate issue.
The Tampere Conclusions explicitly dealt with the status of legally resident
third-country nationals in the EU. In their conclusions, the European leaders
recognised for the rst time that freedom of movement should not be the exclusive preserve of EU citizens. It would be in contradiction with Europes traditions to deny such freedom to those whose circumstances lead them justiably to
seek access to our territory. In point 18 of the Tampere conclusions, the EU
leaders stated that the European Union must ensure fair treatment of thirdcountry nationals who reside legally on the territory of its Member States. Based
on a more vigorous integration policy, legally resident third-country nationals
should be granted rights and obligations comparable to those of EU citizens.

71
72
73

OJ 1999, C 19/1.
A.H.J. Swart, Een ware Europese rechtsruimte, Deventer: Gouda Quint 2001, p. 7.
Conclusions 16 October 1999, Press: no. 200/1/99. The conclusions can be found on the web
site of the Council: http://www.consilium.europa.eu.

Towards Schengen: The Abolition of Internal Border Controls in Europe

31

The European Council concluded that the legal status of third-country nationals
should be approximated to that of Member States nationals.74
Since 2000, the Commission has submitted so-called scoreboards, setting
timetables and giving details on the progress made in the legislative process.
On 4 November 2004, the European Council adopted The Hague programme,
setting out the objectives to be implemented in the area of freedom, security and
justice during the period 20052010.75 In this The Hague programme, under the
headings Management of migration ows and Strengthening Security, the use
of databases, biometrics and the exchange of information was given a central role
in forthcoming policies.76 This new emphasis on information policies will be
discussed further in Chapter 5.
5.5. Common Mechanisms for External Border Controls
The emphasis on border controls as a security mechanism has been reinforced
since the events of 11 September 2001 in the United States, as well as following
the terrorist attacks in Spain in 2004 and in the UK in 2005. In meetings after
11 September 2001, the European governments repeatedly expressed their will
to combat terrorism eectively. To this end, the EU Council adopted various
decisions, including measures in the eld of immigration and asylum.77 The
European Council underlined the importance of ecient external border controls in its meeting of December 2001, stating that:
Better management of the Unions external border controls will help in the ght
against terrorism, illegal immigration networks and the trac in human beings.
The European Council asks the Council and the Commission to work out arrangements for cooperation between services responsible for external border control and

74

75

76

77

This approximation is further elaborated in point 21: A person, who has resided legally in a
Member State for a period of time to be determined and who holds a long-term residence permit, should be granted in that Member State a set of uniform rights which are as near as possible
to those enjoyed by EU citizens; e.g. the right to reside, receive education, and work as an
employee or self-employed person, as well as the principle of non-discrimination vis--vis the
citizens of the state of residence.
The Hague Programme: Strengthening freedom, security, and justice in the European Union.
16054/04, 13.12.2004.
Section 1.7 and 2 respectively. See, for a more detailed analysis of The Hague Programme:
T. Balzacq & S. Carrera, Security versus Freedom? A Challenge for Europes Future, Aldershot:
Ashgate 2006.
An overview of the adopted and proposed measures in the rst six months after 11.09.2001 is
given in: E. Brouwer, P. Catz & E. Guild Immigration, Asylum and Terrorism. A Changing Dynamic
in European Law, Nijmegen: Recht & Samenleving, no. 19 2003. See also A. Baldaccini &
E. Guild Terrorism and the Foreigner A Decade of Tension around the Rule of Law in Europe,
Leiden: Martinus Nijho Publishers 2006.

32

Chapter 2

to examine the conditions in which a mechanism or common services to control

external borders could be created ().78

Since the terrorist events, policymakers increasingly relied on border controls as a

panacea, on the one hand to protect internal security, including protection from
military or terrorist threats, and on the other hand, to protect against illegal
immigration, the mass inux of migrants, or human tracking.79 To substantiate this protection, the EU governments developed dierent mechanisms: privatisation and ex-territorialisation of border controls to countries of origin and
strengthening the role of embassies and travel agencies.
In February 2002, the Council published the Comprehensive Plan to combat
illegal immigration and tracking of human beings in the European Union which
further emphasised the need for external border controls.80 This Plan contained
proposals such as the development of a European Visa Information System, the
setting up of joint border management teams, the establishment of common
standards with regard to return policy and a role for Europol with regard to the
ght against illegal tracking. In its Communication on the Integrated
Management of the External Borders, the Commission proposed the installation
of a European Corps of Border Guards.81 According to consideration 51, the
powers of the sta of the European Corps of Border Guards could be conned
territorially to the strict needs of the surveillance and checks provided for by
Article 62 TEC, without prejudice to police cooperation eorts under agreements based on Articles 7 and 47 of the CISA. One might envisage conning
them, for surveillance purposes, to a strip a few hundred metres wide at external
land borders and to a portion of the territorial waters. Some land, maritime and
air-crossing points could be included for the purposes of checks. These portions
of territory, enjoying special status, should be listed exhaustively and be delimited precisely by maps and plans, which could be annexed to the Common
Manual for External Borders. At the European Conference in Seville, June 2002,
the European Council also focussed on the preservation of internal security and
the prevention of crimes and terrorism. Among other things, the Council called
for common measures on controlling the EUs external borders.82
On 11 November 2003, the Commission adopted a proposal for a Regulation
establishing a European Agency for the Management of Operational Co-operation
78
79

80
81
82

Conclusion no. 42 of the Laeken European Council of 14 and 15 December 2001.

See D. Bigo & E. Guild (eds), Controlling Frontiers. Free movement into and within Europe,
Aldershot: Ashgate 2005.
OJ 2002, C 142.
Brussels, 7.5.2002, COM(2002) 233 nal.
See S. Peers, EU immigration and asylum law after Seville, Tolleys Immigration, Asylum and
Nationality Law, London: Tolleys, vol. 16, no. 3, 2002.

Towards Schengen: The Abolition of Internal Border Controls in Europe

33

at the External Borders.83 This resulted in the establishment of the so-called

Frontex agency with the adoption of Regulation 2007/2004 of 26 October 2004.84
This European Agency for the Management of Operational Cooperation at the External
Borders of the Member States of the European Union is situated in Warsaw (Poland)
and started its operations in 2005. Furthermore, on 15 March 2006, the
Regulation on the Community Code governing the movement of persons at the borders replaced the Schengen Common Manual on Border Control.85 This
Regulation, which will be dealt with further in Chapter 9, includes rules on the
measures and powers of authorities controlling the movement of persons at the
external borders of the EU.

6. The Convention Implementing the Schengen Agreement

6.1. Negotiations
The nal text of the CISA, signed on 19 June 1990, was the result of a long
period of negotiations between senior ocials and national experts of the contracting parties. The states signing the Schengen Agreement made it very clear
from the beginning that from a police standpoint the planned abolition of border controls could only be tolerated if the expected decits were more or less
compensated.86 In 1988 the European Commission was invited to join the
Schengen negotiations with observer status. The nal decisions on the measures
to implement the Schengen Agreement were taken by the responsible Ministers
and Secretaries of the participating states. Their decisions were prepared by senior
ocials from each state who gathered in the so-called Central Group of
Negotiators (later Central Group). From September 1987 onwards, the negotiations preparing the nal decision-making took place in dierent working
groups. Working group I dealt with police and security matters, working group II
was concerned with free movement, working group III dealt with transport, and
group IV with customs and circulation. Each Working Group created its own
sub groups and ad hoc groups for the specic problems to be solved. Many of
these groups would continue their work after the signature of the Convention
Implementing the Schengen Agreement or CISA.
Initially, each working group drafted its own proposals for the regulations it
considered necessary for the implementation of the Schengen Agreement.
83
84
85

86

COM (2003) 687.

OJ L 349, 25.11.2004, p. 111.
Regulation 562/2006 of 15 March 2006, OJ L 105/1, 13.4.2006. Entered into force on 13
October 2006. Hungary voted against and Slovenia abstained.
B. Schattenberg, SIS: Privacy and Legal Protection, in: Schermers (1993), p. 45.

34

Chapter 2

On 14 June 1988, in Luxembourg, the participating Ministers and Secretaries of

State discussed a rst draft proposal for the complementary convention with
regard to the free movement of persons, border control, visa, right of residence
and asylum. On 19 June 1988, the Central Group of Negotiators decided to draft
one treaty regulating all the dierent subjects as a whole. The themes of the four
working groups would remain the basis for the subsequent structure of the CISA.
In subsequent discussions, the Central Group used a draft document which was
submitted by the Dutch delegation.87 At the end of 1988, the drafts of the majority of the Convention were nalised. The remaining problems were to be solved
during 1989. On 13 November 1989, the Ministers and Secretaries of State
adopted the nal decisions necessary to agree on the nal text of the Convention.
This agreement was to make it possible for the participating states to sign the
Convention in December 1989, which would make the lifting of internal border
controls with eect from 1 January 1990 still a realistic option. However, the fall
of the Iron Curtain in Berlin on 9 November 1989 and the subsequent reunication of West and East Germany forced the negotiators to change their plans. The
draft Convention which was approved by the Schengen Ministers on the 13
November 1989 did not take into account the new situation in Germany.
Negotiations started again in March 1990, during which the German government
proposed certain amendments to the Convention. These amendments included
the visa policy towards Eastern European countries. Under the presidency of the
Dutch government, the CISA was nally signed on 19 June 1990.
6.2. Content of the CISA
Although these subjects were the original incentives for the initial Schengen
cooperation, the measures regarding transport and the movement of goods represented only a small part of the nal text of CISA (Title V). Provisions concerning
these subjects had been replaced by EC secondary law before the CISA became
operational. The largest part of the CISA concerns provisions regarding border
control and border surveillance, including provisions concerning visa requirements, regulation of the responsibility for asylum applications, provisions concerning police and security, including police cooperation, the rules for hot
pursuit, extradition, and the ne bis in idem principle. Furthermore, as will be discussed later, the CISA contains a separate section on the Schengen Information
System (Title IV CISA) and on the protection of personal data (Title VI).
Chapter 7 of Title II of the CISA includes rules on the responsibility for
processing applications for asylum. This part of the CISA was replaced in 1997
by the Dublin Convention. Title III of CISA deals with Police and security,
87

Police and Security, 27.10.88, SCH/1 (88) 7 rev.

Towards Schengen: The Abolition of Internal Border Controls in Europe

35

including rules for cooperation between police authorities. This cooperation

includes assistance for the prevention and detection of criminal oences and surveillance of suspected persons at the request of another Schengen state. Under
certain circumstances, the CISA also provides for the possibility for national
police authorities to continue the pursuit of an individual on the territory of
another Schengen state without the latters prior authorisation (hot pursuit).
Title III of the CISA regulates mutual assistance in criminal matters, the application of the ne bis in idem principle and extradition, and cooperation in the prevention and punishment of illegal tracking in drugs, rearms and munitions.
6.2.1. Title II: Abolition of Checks at Internal Borders and Movement of Persons
Title II CISA includes the rules for crossing external borders, the issue of visas
and the conditions governing the movement of third-country nationals.88
Although the CISA of 1990 is based on the principle of the abolition of border
controls, there is a clear dierence between this Treaty and its predecessor: the
Schengen Agreement of 1985. As pointed out by Lavenex, where the latter
Agreement focuses on borders from the point of view of their abolition,
Schengen II can be read as a re-conrmation of the function of borders for state
sovereignty and security .89 Article 5 CISA contains the general conditions
which must be fullled before a third-country national may be granted entry to
the Schengen territory. These conditions are:
the person must be in the possession of a valid document, authorising him or
her to cross the borders;
the person must have the required visa;
he or she must be able to produce, if necessary, documents justifying the purpose and conditions of the intended stay; and he or she must have sucient
means for the stay and for returning to the country of origin;
the person may not have been reported in the SIS for the purpose of refusing
entry; and
the person is not to be considered a threat to public policy, national security
or the international relations of any of the contracting parties.
In principle, the Schengen states are obliged to refuse a person entry to the
Schengen territory if this person does not full all these conditions. There is only
88

89

See, for the eects of the CISA on the free movement of persons: J.D.M. Steenbergen, Schengen
and the movement of persons, and T. Hoogenboom, Free movement of non-EC nationals,
Schengen and beyond, both published in H. Meijers et al., Schengen Internationalisation of central chapters of the law on aliens, refugees, privacy, security and the police, Leiden: Stichting NJCMBoekerij 1992, pp. 57 and 74.
Lavenex (2002), p. 94.

36

Chapter 2

one exception to this obligation. According to Article 5 (2), a country may grant
a person entry to the territory of that particular country if this is considered necessary on humanitarian grounds, on grounds of national interest, or because of
international obligations.
6.2.2. Visa Rules
In 1993, on the basis of Article 132 CISA, the Schengen Executive Committee
adopted Common Consular Instructions regarding visas for the diplomatic and
consular posts of the Contracting Parties.90 Part V of these Instructions includes
basic criteria to be used by diplomatic missions or consular posts when examining
visa applications. These instructions make it clear that the main issues to be taken
into account by the national authorities when examining visa applications are
the security of the Schengen States and the ght against illegal immigration.
As far as security is concerned, national authorities are advised to check that the
necessary controls have been performed. These checks include searching the les
containing alerts (alerts for the purposes of refusing entry) in the Schengen
Information System and consultation with the central authorities of the countries subject to this procedure.
According to the instructions, the diplomatic missions and consular posts
carry full responsibility for assessing whether an immigration risk exists. These
instructions make it clear that visa policy is about making a distinction between
bona de persons and those posing a security or immigration risk. This can be
illustrated by comparing the reasons given by the Commission for the exclusion
and inclusion of certain countries on the visa lists in the explanatory memorandum
to EC Visa Regulation 539/2001.91 These criteria are grouped under three main
headings: illegal immigration, public policy and international relations. The
assessment of the applicability of these criteria by the sta members of consulates
or embassies should, on the one hand, be made on the basis of their own experience
in proling and by recognising the dierent categories of persons, using the visa
lists, including the risk countries. This proling, as pointed out by Guild, is thus
not based on individual characteristics, but on the nationality of the person concerned.92 On the other hand, this assessment should be made on the basis of the
exchange of information between consular posts and on the basis of information

90

91
92

Decision of 14 December 1993. The Common Consular Instructions were incorporated in the
Schengen acquis, listed in Annex A to Council Decision 1999/435/EC, OJ L 176, 10.7.1999.
See for amended version OJ C 313, 16.12.2002. The full text of the Instructions is published in
OJ C 326, 22.11.2005.
OJ 2001 L 81, 21.03.2001.
E. Guild, Moving the Borders of Europe, Inaugural lecture, Nijmegen: University of Nijmegen
2001.

Towards Schengen: The Abolition of Internal Border Controls in Europe

37

systems such as the SIS I. In Chapter 5, we will see how the Visa Information
System has been developed for precisely this aim.
In 2006, Annex 12 of the Common Consular Instructions was amended by a
Council Decision increasing the amount fees to be charged corresponding to
the administrative costs of processing visa applications.93
6.2.3. Free Circulation
One of the important positive eects of the CISA for legally resident third-country nationals is of course their freedom of circulation94 and the abolition of visa
requirements for third-country nationals who travel from one Schengen country
to another.95 This free circulation is based on Article 19 of the Convention and
applies to third-country nationals who hold a uniform visa and who legally
entered the territory of one of the contracting parties. The right to free circulation applies only during the period of validity of their visas and does not apply to
persons whose visa is territorially limited to one country. Article 20 CISA regulates the free circulation of third-country nationals who are not subject to a visa
requirement: this right applies for a period no longer than three months. For
both categories, the requirements of Article 5 (a), (c), (d) and (e) must be fullled. This means that in accordance with Article 5 (d) ocials shall check
whether the person is enlisted in the SIS I for the purpose of refusing entry.
According to Article 21, third-country nationals with a valid residence permit for
one of the Schengen countries may travel freely within the Schengen territory for
up to three months. Here too, the conditions of Article 5 (a), (c), (d) and (e)
apply. This means that the right to free movement does not apply to third-country nationals who are registered in the SIS or a national list of alerts. An important restriction on this right of free circulation includes the obligation in Article 22,
which states that the third-country national should report to the appropriate
authorities within three days of arrival.
6.2.4. Priority of the Community Rules
Article 134 CISA conrms the priority of the Community rules: The provisions of
this convention shall apply only insofar they are compatible with Community law.
Finally, Article 142 states that the contracting parties shall agree on the conditions

93
94

95

OJ L 175/77, 29.06.2006.
Note the dierence in terms between free movement of persons, which applies only to EC
nationals and includes the right to reside, and freedom of circulation, which limits the right to
be admitted into one or more countries for a visit of no more than three months.
This was already included in Article 8 of the Benelux Treaty on the Transfer of Border Controls
to the External Borders of the Benelux Area.

38

Chapter 2

under which the provisions of this Convention are to be replaced or amended,

whenever conventions are reached between the Member States of the European
Communities with a view to the completion of an area without internal frontiers.
6.3. Entry into Force and Players
6.3.1. Entry into Force of the CISA
The CISA entered into force on 1 September 1993. France was the rst state to
ratify the CISA, on 30 July 1991. Germany ratied the Convention on 15 July
1993, after having amended the German Constitution by weakening the original
constitutional right concerning asylum. The Netherlands ratied the CISA on 30
July 1993. However, the treaty did not become eective until 26 March 1995.
This late application of the CISA was due to the fact that the Schengen Information
System did not become operational until this time. As we will see in the following
sections, the operational launch of the SIS I had to be postponed several times.
With eect from 26 March 1995, the CISA was applicable to the three Benelux
countries, France, Germany, Portugal and Spain. In the two latter countries the
CISA had entered into force on 1 March 1994. On 26 October 1997, the CISA
became applicable in Italy, on 1 December 1997 in Austria, and on 8 December
1997 (partially) in Greece. In Greece, the full abolition of internal border controls
took place in 2000.96 The delay between the date of signature and the date of
entry into force of the CISA in these latter countries was a consequence of the fact
that these countries rst had to adopt their data protection law.
6.3.2. Position of the Nordic Countries
The ve Nordic countries acquired observer status in the Schengen negotiations
after 1 May 1996.97 Denmark, Sweden and Finland signed an agreement on accession to the CISA on 19 December 1996. Although Iceland and Norway, as nonEU members, could not be formally admitted to the Schengen Group, they signed
an Association Agreement, aliating themselves with the Schengen cooperation.
The EU Council which, after the incorporation of the Schengen acquis into EU
law on 1 May 1999, had taken over the role of the Schengen Executive Committee,
armed in a decision of 1 December 2000 that the ve Nordic countries fullled
the necessary requirements for Schengen membership. Therefore, with eect from

96

97

Italy signed on 27 November 1990, Spain and Portugal on 25 June 1991, Greece on 6 November
1992 and Austria on 28 April 1995.
See, for more details on the relationship between the Nordic countries and Schengen: Kim
U. Kjaer (2003), p. 169190.

Towards Schengen: The Abolition of Internal Border Controls in Europe

39

25 March 2001, the Schengen acquis also became applicable in Denmark, Sweden,
Norway, Iceland and Finland.98
Denmark acquired a special position with regard to Title IV TEC, with the
signature of the Amsterdam Treaty. On the basis of a Protocol annexed to the
Amsterdam Treaty regarding the position of Denmark, Denmark participates
fully in the legislation based on Title VI TEU, but not in that of Title IV TEC.
Based on Article 5 of this Protocol, Denmark may decide whether the latter
measures will be transposed into its national laws within six months of its adoption by the Council. These measures included the instruments implementing or
amending the Schengen acquis which is incorporated into Title IV TEC. On 18
September 2000, the ve Nordic countries signed the Supplementary Agreement
to the Nordic Passport Control Agreement, which implemented both the
Schengen Protocol and the Association Agreement. This Supplementary
Agreement entered into force on 22 April 2001.
6.3.3. Position of UK and Ireland
The United Kingdom and Ireland originally took no part in the Schengen cooperation due to their strict interpretation of the denition of the internal market.99 The
UK government refused to agree to measures for the abolition of internal border
controls between the UKs borders and those of the European continent, claiming
that those borders remained their external borders. However, attracted by the benets
of the compensatory measures taken within the framework of Schengen, the general reservation of the UK was gradually replaced by an opt in/opt out system.
Ireland and the UK have the possibility, subject to the provisions of Articles 4 and 5
of the Protocol integrating the Schengen acquis into the framework of the European
Union (hereinafter referred to as the Schengen Protocol), to participate in some or
all of the provisions of the Schengen acquis and in proposals and initiatives concerning areas of cooperation which build upon the Schengen acquis. In a decision of
29 May 2000, the EU Council not only granted the UK and Ireland an opt-in position with regard to the measures based on Title IV TEC, but also agreed to the partial participation of the UK and Northern Ireland in some of the provisions of the
Schengen acquis.100 This included, among other things, the provisions of the CISA

98

99

100

Council Decision of 1 December 2000 on the application of the Schengen acquis in Denmark,
Finland and Sweden, and in Iceland and Norway, OJ 2000, L 309/24.
See also L. Pallett, The UK position. Implementing the Schengen Protocol, in: L. Marinho,
Asylum, Immigration and Schengen Post Amsterdam, Maastricht: EIPA 2001, p. 9195.
Council Decision 2000/365/EC of 29 May 2000 concerning the request of the United
Kingdom of Great Britain and Northern Ireland to take part in some of the provisions of the
Schengen acquis OJ L 131, 01.06.2000 pp. 43 47.

40

Chapter 2

and the decisions of the Schengen Executive Committee on carrier sanctions

(Article 26), on police cooperation (Articles 39 and 40, and Articles 42 and 43 to
the extent that they relate to Article 40), mutual assistance in criminal matters
(48), extradition and measures to combat drug trac. The JHA Council further
agreed, at the request of Ireland, to participate in some of the provisions of the
Schengen acquis by its decision of 28 February 2002.101
Furthermore, a separate agreement was concluded between the EU and Iceland
and Norway on the establishment of rights and obligations between Ireland and
the United Kingdom on the one hand, and Iceland and Norway on the other
hand in areas of the Schengen acquis which apply to these states.102
6.3.4. New EU Member States
Between 1987 and 1996 thirteen countries submitted applications to join the
EU: Bulgaria, Cyprus, the Czech Republic, Estonia, Hungary, Latvia, Lithuania,
Malta, Poland, Romania, Slovakia, Slovenia and Turkey. The enlargement process started with the Luxembourg European Council of 12 and 13 December
1997. Based on the so-called Copenhagen criteria, the candidate states had to full the economic and political conditions which included: a stable democracy
with respect for human rights and the rule of law and the protection of minorities, a working market economy and the adoption of the common rules, standards
and policies of EU law.
The European Council of December 2002 found that, with the exception of
Bulgaria, Romania and Turkey, all the candidate countries fullled the conditions
necessary for joining the EU.103 On the 1 May 2004, after completing the ratication procedures for their accession treaties, these ten new countries formally became
Member States of the EU. With regard to the application of the Schengen acquis
for the new Member States, Article 8 of the Schengen Protocol mentioned above
states that: For the purposes of the negotiations for the admission of new Member
States into the European Union, the Schengen acquis and further measures taken
by the institutions within its scope shall be regarded as an acquis which must be
accepted in full by all states candidates for admission. This means that, as from 1
May 2004 the Schengen acquis applies to those countries. As we will see below, the
operation of SIS I in those countries has been postponed.
The Accession Treaty with Romania and Bulgaria was signed on 25 April 2005.
In October 2006, the EU Council (General Aairs) decided that Romania and

101

102
103

OJ L 64, 07.03.2002, Council Decision 2002/192/EC of 28 February 2002, concerning

Irelands request to take part in some provisions of the Schengen acquis.
OJ L 015/2 20.01.2000.
Presidency Conclusions, 12 and 13 December 2002, 15917/02.

Towards Schengen: The Abolition of Internal Border Controls in Europe

41

Bulgaria also fullled the necessary conditions and were able to become EU
Member States as from 1 January 2007.104

7. Treaty of Amsterdam: The Incorporation of the

Schengen Acquis in EU Law
7.1. Title IV TEC: Communitisation of Asylum and Immigration Law
The Amsterdam Treaty entered into force on 1 May 1999.105 For the European
developments on immigration and asylum law, the Amsterdam Treaty has been
important for at least two reasons. In the rst place, it transferred the whole area
of the policy with regard to the free movement of persons from the intergovernmental level (the third pillar) to the community decision-making level (the rst
pillar). A second important achievement was the incorporation of the Schengen
acquis into the law of the EU treaties, to be dealt with in the next section.
The new EC competence on immigration and asylum law is provided in Title
IV TEC. Article 61 (a) TEC provides that in order to establish progressively an
area of freedom, security and justice, the Council would have to adopt measures
aiming to ensure the free movement of persons in accordance with Article 14
TEC (concerning the internal market) within ve years from the entry into force
of the Treaty of Amsterdam. These measures would include anking measures
with respect to external border controls, asylum and immigration, to be adopted
in accordance with the provisions of Article 62 (2) and (3) and Article 63 (1) (a)
and (2) (a) TEC. The measures to prevent and combat crime would have to be
taken in accordance with the rules of the third pillar (Article 31 (e) TEU).
The measures referred to in Articles 62 and 63 TEC include provisions for crossing the external borders of the Member States, such as standards and procedures to
be followed by Member States in carrying out checks on persons at such borders
and the rules on visas for an intended stay of no more than three months.
Furthermore, they include measures setting out the conditions under which
nationals of third countries shall have the freedom to travel within the territory of
the Member States for a period of no more than three months. Article 63 TEC also
provides the basis for legislation in the eld of asylum policy and regarding refugees
and displaced persons, for the conditions of entry and residence and for standards
concerning procedures for the issue of long-term visas and residence permits,
including family reunication. It is also the basis for rules with regard to illegal
immigration and the repatriation of illegal residents and, nally, for measures
104
105

Conclusions EU Council, 17 October 2006, 13339/06 (Presse 264).

OJ C 340, 10/11/1997.

42

Chapter 2

dening the rights and conditions under which third-country nationals legally
residing in one Member State may reside in other Member States as well.
The rules based on Title IV TEC were to be adopted in accordance with the
procedure in Article 67 TEC. This meant that, for a period of ve years, the decision would be taken unanimously by the Council with only a consultative role
for the European Parliament. After ve years, the Council would take a new
decision regarding whether and to which eld the co-decision procedure of
Article 251 would be applied. During the negotiations leading to the Treaty of
Nice of 2000, the Member States were unable to reach an agreement on the
applicable procedures (QMV or decision by unanimity) for all matters in the
eld of immigration and asylum law.106 However, the end of the transitional
period did immediately result in the exclusive right of the Commission to make
proposals and for QMV and co-decision for the EP with regard to most of the
visa rules.107 Since 1999, dierent instruments in the eld of immigration and
asylum law have been proposed and adopted on the basis of Title IV TEC.108
To summarise, even if the Amsterdam Treaty did not provide for the immediate
or full application of the community decision-making process, nor for the full power
of the European Court of Justice, the Treaty represented an important step in the
further democratisation and transparency of EU immigration and asylum law.
7.2. Incorporation of Schengen into EU Law: Marriage of Convenience
or Repairing the Democratic Decit?
The entry into force of the Amsterdam Treaty included the incorporation of the
so-called Schengen acquis on the basis of the Schengen Protocol which was
attached to the Amsterdam Treaty.109 This Schengen acquis includes not only the
Schengen Agreement of 1985 and the CISA, but also the accession protocols and
agreements and the decisions and declarations which were adopted by the
Schengen Executive Committee for the implementation of the CISA. Depending
on whether these instruments dealt with rst pillar or third pillar subjects, they
were brought within the scope of Community law (TEC) or the law of the
European Union (TEU). The Schengen Executive Committee was replaced by
106

107

108
109

See, in more detail, S. Peers, From Black Market to Constitution: The Development of the
Institutional Framework for EC Immigration and Asylum Law, in S. Peers & N. Rogers (eds.),
EU Immigration and Asylum Law: Text and Commentary, Leiden/Boston: Martinus Nijho
Publishers 2006, p. 19 .
Except for the measures on the visa lists (Regulation 2001/539) and the visa format, for which
the consultation procedure still applies.
These instruments will be discussed in Chapter 9.
Protocol integrating the Schengen acquis into the framework of the European Union. OJ
C 340/96. 10.11.1997.

Towards Schengen: The Abolition of Internal Border Controls in Europe

43

the EU Council and the decisions amending or implementing the Schengen

acquis are now taken by Ministers of Justice and Home Aairs. One of the consequences of this shift in government from the Executive Committee to the JHA
Council was that an important source of information about Schengen disappeared. Whereas the former Schengen Executive Committee used to present an
annual report on the implementation of the Schengen acquis, this reporting was
not replaced by a comparable publication by the JHA Council. As for the position
of Norway and Iceland as non-EU Member States, a solution had to be found for
further decision-making based on the Schengen acquis. Since June 1999, whenever decisions are made on the basis of the Schengen acquis, the Ministers of
Justice and Home Aairs will have a meeting in the so-called Mixed Committee
which includes the responsible Ministers of Iceland and Norway.110 These meetings are held immediately after the regular meetings of the JHA Council.
The incorporation of the Schengen acquis into the EU framework has been
described as a marriage of convenience from which both partners beneted.111
In the eld of justice and home aairs, the EU cooperation proted from the large,
operational set of instruments which had been realised by Schengen. The fact that
Schengen meanwhile was being applied by almost all the EU Member States made
its integration in the larger EU framework inevitable.112 With their incorporation
into the EU law, the results achieved during the Schengen negotiations gained legitimacy. By incorporating the Schengen acquis into EU law, acceptance of these measures could be used as an accession condition for the new EU Member States. These
latter States were obliged, based on Article 8 of the Schengen Protocol, to accept the
Schengen acquis even if these countries did not participate at all in the drafting of
those rules. Of course, this deciency applies to the whole of the EU acquis.
Nevertheless, there is a disparity between, on the one hand, the obligation upon
new EU Member States to accept the whole of the Schengen acquis and, on the
other hand, the exible approach which has been chosen with regard to the old EU
Member States: the UK, Ireland and Denmark. This latter Europe la carte as provided in the protocols attached to the Amsterdam Treaty met with criticism, not
110

111

112

Decision no. 1/1999 of the EU/Iceland and Norway Mixed Committee established by agreement concluded by the Council of the European Union and the Republic of Iceland and the
Kingdom of Norway concerning the latters association in the implementation, application and
development of the Schengen acquis of 29 June 1999 adopting its Rules of Procedure, OJ 1999
C 211/9, 23.07.1999.
M. den Boer & L. Corrado, For the Record or O the Record: Comments About the
Incorporation of Schengen into the EU, in: European Journal of Migration and Law, 1:397418
1999.
G. de Kerchove, Un espace de libert, de scurit et de justice, in: M. den Boer, A. Guggenbhl,
S. Vanhoonacker, Coping with Flexibility and Legitimacy after Amsterdam, Maastricht: EIPA
1998, p. 197204.

44

Chapter 2

only because it would aect the readability of the EU Treaties, but also because it
would hinder the uniform and equal application of EU law.
However, in general, Schengen gained transparency with its incorporation
into EC and EU law. One of the major objections against the Schengen cooperation was its secrecy of decision-making, the lack of democratic accountability and
the absence of any judicial control.113 The Schengen Agreement was not submitted to parliamentary control which allowed for signature without reservation concerning its ratication or approval.114 The negotiations in the working group and
sub-committees on the draft texts for the CISA remained secret and the decisions
which were taken by the Executive Committee on the application of the CISA
lacked any parliamentary scrutiny. The national parliaments (with a few exceptions) and the European Parliament were not involved or properly informed about
this decision-making. For example, the common visa instruction of 14 December
1993 including the list of countries for whose nationals a visa was required for the
Schengen territory remained secret until the Dutch Parliament explicitly requested
the publication of these lists. The publication of the whole Schengen acquis in
2000 was an important achievement for the transparency of the applicable rules,
despite the fact that some documents remained condential.115 Also, the Court of
Justice acquired competence to judge the implementation and application of
Schengen law. Depending on whether the law or decisions were incorporated into
Title IV TEC or Title VI TEU, the competence of the ECJ with regard to the
Schengen acquis is found in Article 68 TEC or Article 35 TEU respectively.116

8. Schengen: Successful Laboratory for the EU?

Schengen is often labelled an experimental garden or laboratory for the work in
the community framework.117 Whether this experiment has proven successful
depends on the perspective of the parties involved and on which goals were meant
113

114

115
116

117

Dealt with in Meijers (1992), as well as by D. OKeee, European Immigration Law and Policy,
in: A. Pauly (ed.), Les accords du Schengen: Abolition des frontires intrieures ou menace pour les
liberts publiques?, Maastricht: EIPA 1993, p. 174.
Only in the Netherlands, the convention was subjected to parliamentary approval before it
entered into force, Tractatenblad (Dutch Treaty Series) 1986, No. 34. C. Elsen, Les structures
administratives de Schengen, in: Pauly (1993), p. 19.
The Schengen acquis is published in OJ L 239, 22.09.2000.
The rst judgment on a preliminary question concerning the national implementation of CISA
was given by the European Court of Justice on 11 February 2003 in the joint cases
C-187/01(Gztok) and C-385/01 (Brgge).
For example V. Hreblay, Les Accords de Schengen. Origine, Fonctionnement, Avenir, Brussels:
Bruylant 1998, p. 17: Lespace Schengen est considr comme le laboratoire de la libre circulation. See also Steenbergen (1997), p. 1825; H. Verschueren, Vrij verkeer van personen in

Towards Schengen: The Abolition of Internal Border Controls in Europe

45

to be achieved. With regard to the goal of abolishing internal border controls, one
might wonder whether this has actually been achieved. For example, in the early
years, the abolition of internal border control between Schengen states did not
occur automatically: in France, border controls were maintained after terrorist
attacks in Paris, invoking Article 2 (2) of the CISA, allowing temporary security
controls.118 Later, at the Schengen Executive Meeting of April 1996, the French
government announced the reintroduction of internal border controls between
France and Belgium and Luxembourg because those countries were regarded as
transit countries for drugs leaving the Netherlands. Security checks, proposed
rstly as anti-terrorism measures and later because of the problems with the Dutch
soft policy on drugs, were temporarily maintained by the French government.119
In the Netherlands, special police units were established to check persons immediately inside internal borders in order to prevent illegal immigration. In practice,
internal border controls were simply replaced in this country by mobile police
units used to check immigrants within close proximity to internal borders.120 The
(re-)introduction of the national obligation to carry an identity card was another
measure to move border controls to the national territory.
From the perspective of third-country nationals, a positive achievement of the
Schengen cooperation has of course been the right of free circulation for thirdcountry nationals with a valid visa or residence permit within the Schengen territory, even if this only granted the right to a maximum stay for a period of three
months during the six months following the date of rst entry into the Schengen
area.121 On the other hand, Schengen did not include any provision to strengthen
further the legal position of admitted migrants or migrants seeking entry on lawful
grounds. On the contrary, with its focus on compensatory measures, including the
emphasis on public order and security as grounds for refusing entry to migrants,
the incorporation of Schengen into EU law also meant the incorporation of these
restrictive measures.

118

119

120

121

Schengen Verdragen, in: Fijnaut, Stuyck & Wijtinck (1992), p. 1354, and H.U. Jessurun
dOliveira, Schengen uitgerangeerd?, NJB, no. 4, 1990, p. 129131.
See, on the application of Article 2.2 CISA in practice, K. Groenendijk, Re-instatement of
controls at the internal borders of Europe: why and against whom?, European Law Journal 2,
2004, p. 150170.
A. Geddes, Immigration and European integration, Towards fortress Europe?, Manchester/
New York: Manchester University Press 2000, p. 83.
See K. Groenendijk, New Borders Behind Old Ones: Post-Schengen Controls Behind Internal
Borders and Inside the Netherlands and Germany in: Groenendijk, Guild & Minderhoud
(2003), p. 131146.
In the judgment of 3 October 2006, C-241/05 (Bot), the ECJ gave a more liberal interpretation of this freedom of circulation by refusing to narrow the denition of rst entry.

46

Chapter 2

Speaking in terms of success, it is clear that the Schengen arrangements were

attractive to EU and even some non-EU Member States wishing to participate in
its operational aspect and in the more ambitious targets, without the constraints
of the judicial or democratic mechanisms of the community framework.122
Examples of Schengen law which were later used as models for regulations in the
larger European framework include the Council Decision on principles for the
conclusion of readmission agreements123, the Commission proposal for uniform
visa lists based on negative lists set by Schengen countries124, the uniform visa
format, and the Dublin Convention (later Regulation) which copied the CISA
criteria for the responsibility for an asylum application.125
Concluding, I refer to a more recent similar development with the so-called Prm
Treaty, which Treaty also has been referred to as Schengen III.126 Like Schengen I
(the Schengen Agreement) and Schengen II (the CISA), the Prm Treaty was prepared within the intergovernmental framework. The Treaty was signed on 27 May
2005 by seven Member States (Austria, Belgium, France, Germany, Luxembourg,
the Netherlands and Spain) and entered into force on 23 November 2006 between
Austria, Germany and Spain. It provides for the facilitation of police cooperation
including the mutual exchange of DNA proles, ngerprints and vehicle registration data.127 This Treaty is open to accession by other Member States and in 2006
the governments of Finland, Hungary, Italy, Portugal and Slovenia expressed their
interest in joining the Prm Treaty. The similarity between the role of Schengen
Agreement and the Prm Treaty for EU developments is clearly illustrated in a
speech given in November 2006 by the Dutch Minister of Justice, describing the
Prm Treaty as follows: The Prm Convention is viewed by the Member States
now participating as a pilot for cooperation, particularly in relation to the exchange
of information, in preparation for European Union legislation in this area.128
In 2006, the German government, presiding over the EU in 2007, already proposed
integrating this Prm Treaty within the legal framework of the EU.
122
123
124
125

126

127

128

A. Geddes (2000), p. 84.

OJ C 274, 19.9.1996.
COM (93) 684.
J. Monar, The Impact of Schengen on Justice and Home Aairs, in: M. den Boer (ed.), Schengen
Still Going Strong. Evaluation and Update, Maastricht: EIPA 2000, p. 20.
Council doc. 10900/2005, 7 July 2005. See, for formal publication, the Dutch Tractatenblad
2005, 197.
Th. Balzacq, D. Bigo, S. Carrera & E. Guild, Security and the Two-Level Game: The Treaty of
Prm, the EU and the Management of Threats, CEPS Working Document no. 234, January
2006. See also E. Guild & F. Geyer, Getting local: Schengen, Prm and the dancing procession of
Echternach. Three paces forward and two back for EU police and judicial cooperation in criminal
matters. December 2006. Both commentaries are available at: www.ceps.be.
Speech given by Mr. Hirsch Ballin in Vienna at a Prm seminar, 16 November 2006, published
at: http://www.justitie.nl/actueel/toespraken/archief2006/Prum-seminar.aspx.

Chapter 3
The Schengen Information System
The purpose of the Schengen Information System shall be in accordance with this
convention to maintain public policy and public security, including national security, in the territories of the contracting parties and to apply the provisions of this
convention relating to the movement of persons in those territories, using information communicated via this system.1

1. The Establishment of the SIS 2

1.1. Setting an Example: The Benelux Lists
During the development of the Schengen agreement and the CISA, the negotiating states were inspired by the cooperation mechanisms already in operation
between a smaller group of neighbouring countries: Belgium, the Netherlands
and Luxembourg, or the Benelux countries. The basis for the abolition of internal border controls between the Benelux countries was laid down in the Benelux
Agreement on the shift of border controls on persons to the external borders,
dated 11 April 1960. This agreement was followed by several treaties regulating
cooperation in the eld of criminal law, including the Benelux Treaty on extradition (1962), the Treaty on the execution of judicial decisions in criminal proceedings (1968), the Agreement on administrative and criminal law cooperation
(1969) and the Treaty on criminal law enforcement (1974).3
On the basis of Article 10 of the Benelux Agreement of 1960, third-country
nationals regarded as unwanted aliens in one of the Benelux countries could be
considered unwanted by the other two countries as well.4 However, this was not

1
2

Article 93 CISA.
In this Chapter, I refer to SIS meaning SIS I; when I am dealing specically with SIS II, I will
use SIS II.
The (French and Dutch) texts of the dierent Benelux treaties can be found at: http://www
.benelux.be/fr/dos/dos_intro.asp or http://www.benelux.be/nl/dos/dos_intro.asp.
See, on the Benelux Agreement, A.H.J. Swart, De toelating en uitzetting van vreemdelingen,
Deventer: Kluwer 1978, p. 49 .

Evelien Brouwer, Digital Borders and Real Rights, pp. 4770.

2008 Koninklijke Brill NV. Printed in the Netherlands.

48

Chapter 3

an obligation. The Ministerial Working Group of the Benelux countries, responsible for the implementation of the Benelux Convention, adopted a decision
dening the situations in which a third-country national had to be considered
unwanted by all three countries. This included persons convicted of a crime for
which extradition would be possible and persons who, by their presence in the
Benelux area, would pose a danger to the public order or national security. Based
on this decision, a Minister of Justice in one of the Benelux countries, declaring
a person to be inadmissible, could request the Minister of Justice in another
Benelux country to declare this person inadmissible as well in the latter state.
Such a request could only be refused on special grounds, for example if the thirdcountry national was lawfully resident in one of the countries to which the
request was directed.
The diplomatic and consular posts of the Benelux countries used the common
Benelux lists of persons not to be granted a visa without prior authorisation from
the national authorities of the other Benelux partner declaring this person inadmissible or unwanted. These lists were considered necessary because, in many third
countries, the Benelux embassies and consulates of one state were empowered to
issue a visa for the other two Benelux states as well. The Benelux list of inadmissible persons for one of the Benelux countries was incorporated into the national
investigation records. The Benelux list was only used for visa applications. At a later
stage, the list was transferred to a microche le. This le was administered by the
Belgian government.5 For third-country nationals without a visa obligation, the
Benelux countries agreed upon the desirability of a comparable list as mentioned
above, but refrained from unilateral introduction, awaiting developments in the
Schengen framework.6
According to the Dutch government in a memorandum to its parliament in
1987, the ultimate goal of the Benelux Convention of 11 April 1960 was not reached
completely, mostly because of discrepancies in the application by the national
authorities of the applicable rules. These concerned the rules on the issue of a Benelux
visa, the decision to grant access to the Benelux territory, the decision to remove a
person from the Benelux territory and the declaration of a person as unwanted and
the decision to record a person as unwanted or inadmissible.7 Other failures in the
eyes of the Dutch government were the fact that the Benelux countries did not
harmonise national law in all the relevant elds and their failure to amend the
Convention in response to relevant social or international developments.

See the evidence of Professor Schermers before the Select Committee on the European
Communities, House of Lords, 1992: Border Control of People (1989), p. 58.
Answers of the Dutch government to the parliament, 19871988, 20031, no. 4, p. 6 under
point 43.
Handelingen Tweede Kamer 19861987, 20031, nos. 12, pp. 1415.

The Schengen Information System

49

1.2. Discussing the Purpose and Functioning of the SIS

As mentioned above, the Schengen cooperation focussed mainly on the need for
compensatory measures for the abolition of internal border control. The Schengen
Information System has been called the heart of these compensatory measures,
designed to play a key role in minimising the decits of the abolition of internal
border controls.8 However, at the time of signature of the Schengen Agreement
in 1985, the participating states did not yet envisage the establishment of an
automated system for the exchange of data. Article 9 of the Schengen Agreement
only instructed the contracting parties to improve, in accordance with their
national laws, the exchange of information and to enforce the exchange of data
where this could be useful for the ght against crime in the other Member States.
The primary goal of this sharing of information would be the ght against crime.
Nevertheless, as long ago as November 1985, the German delegation launched
the idea of a computerised system, enabling the easy and quick exchange of data
on persons, vehicles and objects.9
At the Ministerial conference of 1415 September 1987, the Schengen governments agreed on the creation of a computerised information system.10 According
to the responsible Ministers and Secretaries of State, the eective functioning of
the SIS would be a prerequisite for the abolition of border controls. In one of the
earliest negotiation documents, the purpose of the SIS was dened as: to maintain public order and safety and to ght criminality.11 Persons to be entered into
the SIS would have to be: persona non grata and persons whose place of residence was unknown. According to this same paper, registration in the SIS would
have to be based on national immigration law or on grounds of national security
or public order. It was proposed that the legitimacy of these records be checked
every ve years.
The negotiations on the development of a shared information system took
place within the rst pillar of the Schengen cooperation: the Working Group I
on Police and Security (subgroup 4 on Data Exchange). On 17 December 1987,
the Ministers installed a Permanent Working Party SIS, tasked with presenting,
within eight months, a feasibility study for a system of automated information
exchange. This Working Party, hereafter referred to as the PWP, started its work
on 17 February 1988. The Group was composed of (permanent) delegations of
national experts of both the police organisation and information technology
8
9
10

11

B. Schattenberg, SIS: Privacy and Legal Protection, in Schermers (1993), p. 45.

Hreblay (1998), p. 95.
Meetings of December 1987 (Berlin) and June 1988 (Remich). Report of the Central Group of
Negotiators on the activities of WG I over the second half of 1988, Brussels, 14 November 1988
SCH/I (88) 10.
Doc. SCH/I (88)7.

50

Chapter 3

from each Schengen state.12 In September 1990, also at the request of the PWP,
a Steering Group for the SIS was given the mandate to deal with legal, administrative,
nancial and organisational matters which were not dealt by the PWP.13
When the negotiations on the establishment of a shared information system
commenced, in early 1988, four of the ve Schengen states were already introducing information technology for the collection and exchange of data in the
police sector.14 These national experiences were important for the negotiations
on the technical and functional possibilities of a shared system. The feasibility
study by the PWP was presented by the Schengen Ministers and Secretaries of
State during the meeting of 12 December 1988. This study did not provide solutions which were immediately applicable. It only underlined the technical possibility of creating a shared information system. Furthermore, this study dened
the principles which were considered necessary for the establishment of such a
system. According to one of these principles, the only information that could be
recorded and exchanged was that which could lead to action by police authorities
or ocials responsible for border control.15 This remained one of the central
principles on which SIS I was based.
The feasibility study dierentiated between two categories of data: objects and
persons.
With regard to alerts concerning persons, the negotiators dened ve dierent
actions:
1.
2.
3.
4.
5.

investigation for arrest for the purpose of extradition;

refusal of entry or removal from the Schengen territory;
investigation for detention for the purpose of preventing dangers;
observation or surveillance; and
retrieval of a persons address.

In the feasibility study, dierent possible technical solutions were presented. These
included the establishment of one central system, forwarding all essential data to
the data systems of the participating states. Furthermore, the study considered the
need to transmit complementary information, not through the shared information

12

13

14

15

See J.W. Hoeksma, H.L. Rensen, SIS moet voldoende bieden, niet meer en niet minder,
Algemeen Politieblad, no. 8, 14 April 1990, p. 179183.
SCH/C.OR. SIS (90) 2. See L.M.N. Kroon, European information systems: beyond borders?
Barriers within the development process of the Schengen Information System and the Social Security
Network, Delft: Eburon 1997, p. 120.
J. Dumortier Het Schengen Informatie Systeem en de bescherming van persoonsgegevens in:
C. Fijnaut, J. Stuyck, P. Wytinck, Schengen: Proeftuin voor de Europese Gemeenschap?, Antwerp:
Gouda Quint 1992, p. 140141.
Hreblay (1998), p. 99100.

The Schengen Information System

51

system, but through the dierent police organisations. The problems to be solved
were: choosing the location of the central system, legal questions such as the system
of data protection, and the arrangements which would be necessary for dividing
the nancial costs for the information system.
In 1989, in Bonn, the Ministers of the participating states decided to locate the
headquarters of the C-SIS in Strasbourg. Furthermore, the Ministers decided during this meeting that the ratication of the Council of Europe Convention on
Data Protection of 1981 would be a requirement for the participating states before
exchange of personal data could take place. Additionally, with regard to data protection, it was decided that national laws were to apply and national procedures
on complaints had to be envisaged.16 In October 1991, the PWP issued an open
tender for the development of the SIS computer technology. Initially, the choice
fell to the consortium between the US company Arthur Andersen and the French
computer group Bull. Politically, however, the governments opposed the idea of
placing the order for such a large IT project, which was also a symbol of European
cooperation, to a non-European company. Pressed by the German government,
the former Prime Minister of France, Edith Cresson, demanded that Bull withdraw from the consortium with Andersen, forcing the latter to renounce its bid.
Instead, the contract was give to a new consortium composed of the Anglo-French
rm SEMA, the Bull group, and Siemens-Nixdorf in Germany.17
One may wonder why there was a need for a Schengen Information System
with regard to police cooperation and the exchange of police information, when
the European States had already been cooperating since 1923 through Interpol,
the International Criminal Police Organisation.18 One of the reasons could be that
Interpol was not based on an international treaty, such as the Schengen cooperation. Therefore, implementation of the Interpol statute diered in the dierent
countries and the organisation was more of an assembly of national police ocers,
rather than a system which was organised and led by the national governments.
Also, the goals of Interpol were more limited than the cooperation envisaged by
the European governments. Even though its primary goals are comparable to those
of Schengen, such as the prevention and repression of criminal crimes, Interpol
does not concern itself with the implementation of the free movement of persons.

16

17

18

The national data protection regulations and the regulation in the CISA on data protection will
be dealt with in the next chapter.
European squabbling round after Schengen op, Fortress Europe? Circular letter (FECL),
March 1994. http://www.fecl.org/circular/2301.htm.
See E. Schlanitz, Lchange international dinformations de police dans le cadre des systmes
dinformation dInterpol et de Schengen, in: A. Pauly (ed.), Accords du Schengen: abolition des
frontires intrieures ou menace pour les liberts publiques?, Maastricht: EIPA, 1993, p. 3952.

52

Chapter 3

Secondly, Interpol explicitly excludes cooperation in the eld of crimes of a political, racial, militant or religious character. This statutory limitation in the operational eld of Interpol has also been one of the reasons why, in the 1970s and
1980s, the European ministers used the intergovernmental framework of Trevi and
not Interpol in their ght against terrorism.19 The CISA does not exclude political
facts as one of the goals of data exchange or police cooperation. On the contrary,
the desire to identify and exclude those known as security risks can be regarded
as one of the main incentives for the establishment of the SIS.20 As we will see
below, this goal of the SIS, the upholding of public policy and public security,
including national security, is explicitly dened in Article 93 of the CISA.
1.3. Structure
During the negotiations, the PWP seriously considered four options for data
exchange between Schengen states.21 In the rst place, the negotiators considered
the establishment of a direct connection between national databases in the
Schengen states. Objections raised to this option were that Luxembourg did not
then have a computerised database and the concern about dierences between the
content, the language, the concepts and the computer programs of the national
systems. Secondly, it was proposed that a Schengen Computer be established in
each of the Schengen states, which could be linked to all the others through a network. The main objections to this option were the high costs of this structure
and the necessity to maintaining many data connections. The third option was
the construction of one central database. This would however require the authorities in Schengen countries other than the country in which the database was
located to make an international connection for each individual check. This
would involve high costs and the need to establish an international administration to supervise such a central database. The PWP therefore chose a fourth
option: a system involving ve identical databases to be supplied with information through one central database. This included one central information system
(CSIS ) connected to the national information systems (NSIS ) in each of the
Schengen states. As long as the purpose of issuing these data and the content of
the data were in accordance with the criteria of the CISA, the national authorities had to submit their data to the CSIS. The data are forwarded by the CSIS to
each NSIS system in the dierent Schengen states.

19

20
21

C. Fijnaut, The Internationalization of Criminal Investigation in Western Europe, in: C. Fijnaut &
R. Hermans (eds.), Police Co-operation in Europe, Lochem: J.B. van den Brink, 1987, p. 3256.
Guild (2001), p. 22.
Dumortier (1992), p. 142.

The Schengen Information System

53

Using this system, which has nally been adopted in the CISA, the contents of
each system, CSIS and NSIS, are exactly the same. The task of controlling
whether the data submitted to the CSIS by the national authorities comply with
the principles and criteria of the CISA has been assigned to a central oce at
national level: SIRENE. This organisation plays an intermediary role between
the NSIS and the CSIS.22
During the negotiations, the participating ocials made it clear that the SIS
should make it possible to identify persons or goods searched by the national
authorities of one of the Schengen states on an easy and fast manner, without
excessively hampering the circulation of travellers crossing external borders.
Therefore, the SIS would have to contain only the necessary information for the
requested action and the SIS terminals would have to be easy accessible, comparable to the national police systems already used in the dierent Schengen countries.
An ocer checking the system should also be clearly informed about the actions
to be taken. The problem of language and the use of dierent concepts was solved
by the introduction of a structure of limited categories of data to be stored in the
system, clearly describing clearly the actions to be taken each time a check on the
SIS resulted in a hit. One of the major advantages of this system would be that it
resolved the normal problems of translation, since each recipient could deduce all
the relevant information from the location of the data in the system.23
The Schengen Information System was further to be based on the so-called
ownership principle, according to which only the state storing the data in the
SIS would be responsible for the accuracy of these data and only this state could
change or delete these data in the SIS. Accordingly, changes to the SIS data could
only be forwarded to the central system by the state who owned the data.
As one of the consequences, it was decided that the issuing state is ultimately liable for any sums paid as compensation for an injury to a person, caused by the
use of the SIS (Article 116 CISA).
1.4. Final Purpose and Categories of Entries
At the beginning of the negotiations on the SIS, the participating states mainly
focussed on the use of such a system for security and police purposes. In a draft
text of 1988, the purpose of the information system was still described as to
guarantee public order and security and ght criminality on the territories of the
Contracting Parties, with the help of the information received by this system.24

22

23
24

This name is derived from the English description: Supplementary Information Request at the
National Entry.
Donner (1993), p. 14.
88 (SCH/1 (88) 7) 27.10.1988, para. 2.2.

54

Chapter 3

Later, at the initiative of the Dutch government, this was extended to the application of immigration law, including the rst visa issue procedure and later with
regard to the provisions on the movement of persons.25 The nal denition of the
purpose of the SIS, described in Article 93 CISA, includes a more general aim of
regulating the movement of persons in the Schengen area. Article 93 reads:
The purpose of the Schengen Information System shall be in accordance with this
convention to maintain public policy and public security, including national security,
in the territories of the contracting parties and to apply the provisions of this convention relating to the movement of persons in those territories, using information
communicated via this system.

According to Article 94 of the CISA, the SIS may only contain data as required
for one of the purposes mentioned in Articles 95100 of the CISA. The decision
regarding whether a certain case is important enough to warrant entering the
alert into the SIS is to be taken by the national authorities. We will see later that
the procedure of national decisions on entering data into the SIS is organised in
dierent ways in each of the contracting parties.
The Articles 95 to 100 provide for the following categories of persons to be
entered into the SIS:
1. Persons wanted for arrest for extradition purposes (Article 95);
2. Third-country nationals to be refused entry (Article 96);
3. Persons who have disappeared who need to be placed in a secure location to
protect their safety (Article 97);
4. Persons (such as a witness or a person being prosecuted) whose whereabouts
are sought by the judicial authorities during the course of a prosecution
(Article 98);
5. Persons (or objects) for the purpose of discreet surveillance or specic checks,
following indications that a person intends to commit, or is committing
numerous and extremely serious oences or where an overall evaluation of the
person, particularly his or her prior oences, gives reasons to suppose that he
or she will also commit extremely serious oences in future (Article 99).
Article 100 CISA concerns objects for the purposes of seizure or for evidence in
criminal proceedings. Whether a national authority has access to the SIS depends
on the grounds on which a person or object was entered into SIS. The appointment
of national authorities having access to the SIS is in principle a decision for the
national state. According to Article 101 (4), the contracting parties must however
send a list of the appointed authorities to the Executive Committee each year
and, since 1999, to the JHA Council.26 Also, Article 101 provides that only the
25
26

Dumortier (1992), p. 142.

See, for example, 6265/1/03 and 16023/04 of 10 December 2004.

The Schengen Information System

55

authorities responsible for border checks and other police and customs checks
carried out within the country may have access to the data entered into the SIS.
With regard to the data entered on the basis of Article 96 this is extended to authorities responsible for issuing visas, central authorities responsible for examining visa
applications and the authorities responsible for issuing residence permits and for
the administration of legislation in the context of the application of the provisions
of this convention relating to the movement of persons.
During the negotiations on the CISA, the French government insisted on the
inclusion of the possibility of a prior check regarding whether a request for a persons arrest was in compliance with French law.27 Based on this request, Article
94 (4) stipulates that it is possible to add a ag to an alert in the national section
of the SIS.28 This is a note, prohibiting the national authorities from arresting the
person on its territory. The ag subsequently allows the requested state 24 hours
to conduct the legal examination.
1.5. Problems During the Construction Phase
The date on which the SIS should have become operational was postponed several times. It should be noted that these deadlines were always set by the meetings of the Schengen Executive Committee and the Central Group and not by
the negotiating groups of national experts. For example, the rst deadline, to
have the SIS operational on the same date as the creation of the internal market,
1 January 1993, was based much more on the political will of the Schengen
Ministers than on the expertise of its ocials that such a date would be technically feasible. Only when it became clear that the deadline of 1 February 1994
could not be met either, by which time the Schengen governments were developing a phobia about mentioning dates, it was decided that no new deadline
would be set.29 Their negotiators in the PWP and Steering Group were given the
freedom to take those measures considered necessary for the functioning of the
SIS and to solve the remaining problems.
There were several reasons for postponing the start of the SIS, including legal,
technical, practical and political problems. One legal problem was for example
the national ratication procedures which were necessary for the implementation
of CISA. In some countries, the integration of CISA and the SIS required amendments to national law, such as in France and Germany. Technical problems during the construction phase were for example the delays in the delivery of products
by the consortium which was given the task of building the SIS. A practical
27
28

29

See, for the reasons for this request, my Chapter on France.

French constitutional law did not allow national authorities to comply with international arrest
requests without prior examination by the French courts.
Migration News Sheet, April 1994, no. 133/94, p. 1.

56

Chapter 3

problem causing delay was the fact that some countries did not come forward
with their lists of authorised end users of the SIS on the basis of Article 101
CISA. Finally, at the political level, there was the temporary reluctance of the
French government to proceed further with the SIS. To solve the various problems, the Central Group formulated seven conditions for the entry into force of
the CISA in its Madrid meeting of 30 June 1993. These included:
the implementation of external border control and the use of a common
handbook;
the regulation of common visa issue and common instructions for consular
and diplomatic posts;
a common treatment of asylum seekers;
the implementation of the CISA provisions on drugs policy; and
the regulation of freedom of movement of persons in airports.
In 1993, the process of negotiations on the SIS reached its lowest point, which
resulted in the establishment of a Crisis Team (cellule de crise) in November
1993.30 The German government threatened to walk out of the Schengen Group
if more demands were made to compensate for the removal of internal borders.
Furthermore, it stated that it would concentrate its eorts at the level of the
12 EU States. Then, in the Spring of 1994, the French government which did
not want to be seen as being responsible for a possible failure of the Schengen
initiative assured its partners of its commitment to work towards the abolition
of internal borders within the Schengen framework. That this commitment was
not without limitations can be illustrated by the fact that, in November 1994,
the same government stated before the French Parliament that it was out of the
question that France would suppress checks at French borders if a certain number
of obstacles were not removed, including the Dutch position on the control of
drugs tracking.31
The loading of data into the SIS started on 22 December 1994. On that same
date, at its meeting in Bonn, the Executive Committee of Schengen decided
that the irreversible implementation of the Convention would take place on
26 March 1995. This date was chosen to facilitate the technical separation of
travellers for the Schengen airports since, on 26 March, continental Europe
would switch over to summer time, which included the airlines changeover to
their summer timetables. Since the SIS became nally accessible for its end users
on 26 March 1995, this date is also regarded as the date of the entry into force of
the CISA. As we will see in Chapter 5, a comparable situation arose with regard

30
31

MNS, February 1994, no. 131/94, p. 2.

MNS, December 1994, no. 141/94, p. 2.

The Schengen Information System

57

to the development of the SIS II. Similarly, based on technical problems and
delays with regard the measures to be taken in the dierent Member States, the
Commission announced in 2006 that the date for the operation of SIS II would
be postponed until the end of 2008.

2. Legal Basis
With the entry into force of the Amsterdam Treaty, the Schengen acquis was
incorporated into the EU framework. This incorporation included the need to
decide upon the precise legal basis of every legal instrument from the Schengen
acquis. This determination of the legal basis, whether in the EC or EU Treaty, was
unproblematic for most provisions and decisions.32 For dierent reasons, the EU
Schengen states were not able to reach agreement on the legal basis of the Schengen
Information System. As a result of this failure to reach a decision, for the time
being the SIS is considered as having its legal basis in the third pillar or Title VI of
the EU Treaty. Article 5 (2) of the Schengen Protocol implies that whenever legal
parts of the Schengen acquis are amended, the exact legal basis, EC or EU, needs
to be addressed.33 This means that whenever decisions on the use or functioning
of the SIS are to be made, the legal basis of the SIS has to be determined.

3. Participants
3.1. Nordic Countries
Article 6 of the Nordic Passport Control Agreement of 1957 includes a regulation on a joint negative list of third-country nationals who are to be refused
entry at the common Nordic external borders. This list was not computerised
until 1991, due to the fact that when the Nordic Passport Control Agreement
came to existence, information technology was still in its infancy.34
In 2000, the Nordic countries adopted a supplementary agreement to the
Nordic Passport Control Agreement to deal with the participation of the Nordic

32

33

34

Council Decision 1999/435 of 20 May 1999 concerning the denition of the Schengen acquis
and 1999/436 of 20 May 1999, determining the legal basis for each of the provisions or decisions which constitute the Schengen acquis, OJ 1999 L 176/1; see, for the publication of the
whole Schengen acquis, with exception of condential sections, OJ 2000 L 239/1, 22.09.2000.
N. Bracke, Flexibility, Justice Cooperation and the Treaty of Amsterdam, in Marinho (2001),
p. 59.
H. Fode, Nordic Experience on Criminal Law, in: Schermers (1993), p. 6169.

58

Chapter 3

countries in the Schengen acquis.35 Based on this supplementary agreement, the

common Nordic register of entry prohibitions has been replaced by the SIS.
Article 2 of the supplementary agreement states that a contracting state can only
refuse a person entry, if the person in question is registered in the SIS. This Article
supplements the provision concerning the rejection of third-country nationals
appearing on one of the Nordic countries lists of expelled persons. Council
Decision 2000/777 of 1 December 2000 on the full application of the Schengen
acquis in Denmark, Finland, Sweden, Iceland and Norway took eect on 25
March 2001.36 Between 1 December 2000 and 25 March 2001, the Nordic
countries were already loading data into the SIS, except for the data on persons
to be refused entry.
3.2. The UK and Ireland
The UK and Ireland did not participate in the use of SIS I. As we have seen in the
previous Chapter, on the basis of the Protocol to the Treaty of Amsterdam, Ireland
and the UK can take part in all or some of the provisions of the Schengen acquis.
In March 1999, the UK asked to take part in some elds of Schengen policy,
including police and judicial cooperation in criminal matters, the ght against
drugs and the Schengen Information System (SIS). In a Decision of 29 May
2000, the Council approved the request from the UK, including its participation
in the establishment and operation of SIS, except for the provisions of Article 96
CISA concerning the data on third-country nationals to be refused entry.37
In June 2000, Ireland asked to take part in some aspects of Schengen, which
more or less matched to the content of the request from the UK. In 2002, with
the decision on the partial participation of Ireland in the Schengen acquis, the
Council agreed upon the future use of the SIS except with regard to data on
third-country nationals based on Article 96 CISA.38
Although the UK and Ireland did not have access to SIS I, ocials from
these countries did join the decision-making on other provisions concerning
the Schengen Information System. These decisions included the apportionment of the costs of the SIS (Article 119 CISA), the decisions of the Schengen
Executive Committee on the future of the SIS, including the awarding of the
tender for the SIS II preliminary study, and on the SIRENE Manual.39 The
UK government strongly advocated the possibility for UK and Irish ocials to
35
36
37
38

39

Source: K. U. Kjaer (2003), p. 84.

OJ 2000, L 309/24; see declaration in OJ 2000, L 309/28.
OJ L 131, 1.6.2000.
Council Decision 2002/192/EC of 28 February 2002 concerning Irelands request to take part
in some of the provisions of the Schengen acquis, OJ L 64, 7.03.2002.
SCH/Com-ex (97) 24, SCH/Com-ex (97) 2 rev. 2, and (SCH/Com-ex (99) 5, respectively.

The Schengen Information System

59

have access to the data on third-country nationals to be entered into the SIS
by other countries. This would allow national authorities to compare national
alerts on third-country nationals with alerts in other countries. A Working
Group proposed a technical solution, according to which Article 96 data
would be ltered out, so that they would not be accessible to authorities of the
UK or Ireland, but this proposal was not further developed.40 During the
meeting of the JHA Council in June 2002, the EU Member States agreed on
the principle that the UK and Ireland could participate in the development of
SIS II.41
3.3. Switzerland
In October 2004, an Agreement was signed between the European Union, the
European Community and the Swiss Confederation on the association of the
Swiss Confederation with the implementation, application and development of
the Schengen acquis.42
In the Swiss referendum of 5 June 2005, the population of Switzerland agreed
to sign the CISA. The accession of Switzerland to the CISA is envisaged in 2008.
This will also grant access by the Swiss authorities to the SIS II.
3.4. Accession of New EU Member States
In 2004, the EU was enlarged by ten new Member States. In 2007, the EU was
joined by Bulgaria and Romania. As we saw in Chapter 2, Article 8 of the
Schengen Protocol stipulates that new EU Member States should accept in full
the Schengen acquis, including the measures adopted on the basis of the CISA.
This means that the new EU members must participate in the use of the SIS as
well. Depending on whether these countries provide for sucient technical and
legal guarantees, the new EU Member States are scheduled to gain access in 2008
to the second generation SIS.

4. SIS and Third-Country Nationals: Exclusion of inadmissible aliens

4.1. Draft Texts
The idea of exchanging information on inadmissible aliens, using the Schengen
Information System, was based on the existing cooperation between the Benelux
40
41
42

9273/02 SIS 34 COMIX 359.

Conclusions of the JHA Council, 9620/02 (Press 175), p. 17.
OJ L 370 of 17.12.2004.

60

Chapter 3

countries to share information on persons who would have to be refused entry at

their external borders. In one of the earliest notes dealing with the criteria for
third-country nationals to be listed in the SIS, of 25 April 1988, the Dutch delegation issued a proposal for categories of persons to be entered into the SIS for
the purpose of refusal entry at external borders.43 This proposal included, rstly,
the two categories currently reported by the Dutch authorities to NSIS, including persons against whom a formal residence ban has been issued and persons
who are reported as inadmissible. Secondly, the Dutch delegation proposed
entering persons in the SIS to whom no visa should be issued without the prior
approval of the national visa agency and, thirdly, persons whose asylum applications had been rejected. This latter category would allow border ocials to assess
whether an asylum applicant had already applied for asylum in another Schengen
State. The Dutch authorities had already processed the rst three categories of
data within the framework of the Benelux cooperation.44 Finally, as we will see
below, those refused asylum were not entered into the SIS, but this proposal was
later implemented separately through the establishment of Eurodac. The proposal
to enter persons into the SIS for the visa application procedure as well was restated
during the negotiations in 1989.45
Later drafts on the denition of inadmissible aliens to be registered in the SIS
were very short and in practice gave the participating states complete discretionary power. For example, according to a draft dated November 1988, the SIS
would contain data on persons, who are by one of the contracting parties
declared as an inadmissible alien, with the aim to be refused entry to, or to be
expelled from the territory of the contracting parties.46
4.2. Article 96 CISA
Article 96 CISA reads:
1. Data on aliens for whom an alert has been issued for the purposes of refusing
entry shall be entered on the basis of national alert resulting from decisions
43

44

45
46

Note by the Dutch Delegation to Working Groups I and II, Brussels, 25 April 1988, SCH/I+IIimm+c.fr (88) 5.
The Dutch note even included the estimated numbers of persons to be entered into the NSIS
according to these criteria, including 2,000 persons with a formal residence ban, 2,000 reported
inadmissible persons, 6,015 visa applicants for whom prior approval would be necessary, and
10,675 rejected asylum seekers.
Working Group I, 7 August 1989, SCH/I (88) 7, 12th revision.
Article 2.5, Working Group I Police and Security, 16 November 1988, SCH/I (88) 7, second
revision.

The Schengen Information System

61

taken by the competent administrative authorities or courts in accordance

with the rules of procedure laid down by law.
2. Decisions may be based on a threat to public policy or public security or to
national security which the presence of an alien in national territory may pose.
This situation may arise in particular in the case of:
a. an alien who has been convicted of an oence carrying a penalty involving deprivation of liberty at least one year;
b. an alien in respect of whom there are serious grounds for believing that he
has committed serious criminal oences, including those referred to in
Article 71, or in respect of whom there is clear evidence of an intention to
commit such oences in the territory of a contracting party.
3. Decisions may also be based on the fact that the alien has been subject to
measures involving deportation, refusal of entry or removal which have not
been rescinded or suspended, including or accompanied by a prohibition on
entry or, where applicable, a prohibition on residence, based on a failure to
comply with national regulations on the entry or residence of aliens.
Article 96 provides three categories of grounds for entering a third-country
national into the SIS: rstly, it allows for the reporting of third-country nationals
who are convicted of an oence which carries a penalty involving deprivation of
liberty of at least one year. Secondly, it refers to third-country nationals who are
suspected of either having committed serious criminal oences or of planning to
commit those oences on the territory of one of the Schengen states, Thirdly,
persons who have not complied with national immigration law and therefore
have been subjected to deportation measures, refusal of entry or removal may
also be entered in the SIS. The rst two reasons for reporting a person in the SIS
are based on the assumption that the presence of this individual on one of the
Schengen countries territories poses a threat to public policy, public security or
national security. The goal of the third criterion is to be found in the implementation of national immigration law.
According to Article 5 (1) CISA, including rules on the conditions of entry,
the fact of being registered in the SIS precludes this person from being allowed
entry to one of the territories of the Schengen states. The same applies to the
issue of a visa: according to Article 15 CISA, Schengen states may only issue a
short-stay visa (stays not exceeding a period of three months) to persons who full the conditions mentioned in Article 5 (1) CISA. This implies that, before issuing a visa, the national authorities should check the NSIS. With regard to a
long-stay visa, Article 18 provides that these visas be issued according to national
law. In practice, this also means that national ocers will check the SIS before
issuing a long-term residence visa to a third-country national.

62

Chapter 3

When a contracting party considers granting a residence permit to a thirdcountry national who is entered in the SIS for the purposes of refusing entry,
according to Article 25 (1) CISA it should rst consult the contracting party
issuing this alert. Only for substantive reasons, based on humanitarian grounds
or for reasons involving international commitments, the rst state may issue a
residence permit to the person concerned. If a residence permit is issued, Article
25 (2) states that the state issuing the alert should withdraw this alert from the
SIS. This state may put the third-country national on its national list.
As we will see in Chapter 4 on the development of SIS II, the text of Article
96 CISA is almost literally copied into the new text of the SIS II Regulation.
In 2006, the conditions of entry in Article 5 CISA have been replaced by the
almost identical provision of Article 5 in the Schengen Borders Code.47
4.3. Denition of inadmissible: Discretionary Power of National Governments
The denition of third-country nationals for the purpose of refusal of entry in
Article 96 CISA seems to be based on two concurring thoughts. On the one
hand, the criteria as stated in Article 96 (2) and (3) should prevent arbitrary
implementation with regard to the reporting of inadmissible aliens. On the other
hand, this provision should leave enough discretionary power to the national
authorities. An important incentive for a shared information system would have
been the acknowledgement that notions of public safety and security could not
be harmonised.48 This lack of harmonisation had to be resolved by establishing a
common list of inadmissible persons. However, the assumption that the criteria
on public safety and security could not be harmonised better describes the political rather than the legal reality. As we will see below, with regard to the protection
of the free movement of EU citizens and privileged non EU citizens, the ECJ
provided a denition of public order and security which could have been used
for a larger group of non-EU citizens.49 The participating states clearly preferred
an accumulation of their national public order criteria, rather than developing
harmonised, common criteria for the application of the SIS.
Articles 96 (2) and (3) are based on the general principle that whenever thirdcountry nationals meet the criteria listed in these provisions, this is sucient for
these persons to be regarded as a threat to public order and security, or as a risk to
illegal immigration. In other words, if the authorities decide to enter an individual into the SIS, they do not have to indicate the specic risk this person entails

47
48
49

Regulation 562/2006, OJ L 105, 14.04.2006 to be dealt with further in Chapter 9.

Donner (1993), p. 12.
For example, in Bouchereau, 27 October 1977, C-30/77 and Adoui and Cornuaille, 18 May
1982, C-115/81 and C-116/81.

The Schengen Information System

63

with regard to national security or illegal immigration. The decision to enter a

third-country national into the SIS is however limited by the general requirement
implied in Article 94 CISA. This provision states that national authorities issuing
an alert should determine whether the case is important enough to warrant entry
of the alert in the Schengen Information System. In practice, as we will see in
the Chapters on the national implementation of Article 96, this provision does
not seem to have played a large role.
A comparable mechanism for excluding inadmissible migrants which is incorporated into the Schengen acquis are the visa lists. As dened by Swart, the function of a visa is to subject a third-country national to an examination of whether
the stay this person is seeking is permissible and desirable.50 Where the visa itself
is the instrument used to control immigration, visa lists are in fact no more than
the agreement between groups of countries to apply the visa requirement for the
same group of third countries. However, the result of being a national of one of
those latter third countries is that this person will be aected by the consequences
of proling, regardless of her or his individual behaviour or purpose of the visit.
Therefore, in the decision-making process with regard to visa applications, governments are making use of proling on two levels. In the rst place, every
national of a state which is labelled by the EU countries as generating a risk of
illegal immigration, crime, or to international relations, must obtain a visa
before entering those European countries. In the second place, a person will be
subjected to proling with regard to his or her visa application itself. The ocial
at a national embassy or immigration oce will assess the legitimacy of the applicants reasons for visiting Europe by calculating the risk of this person of overstaying his or her visa, applying for asylum, or the individual risk to security. The
criteria used for assessing these risks, are (apart from nationality) the age, gender,
income and family situation of the applicant.51
4.4. EU Citizens and Beneciaries of EC Law
The powers of Member States to restrict the rights of entry and residence of EU
citizens based on reasons of public policy, public security or public health are
limited by the adoption of Directive 64/221 on the coordination of special measures concerning the movement and residence of foreign nationals.52 The circumstances in which the freedom of movement of EU citizens can be limited have

50
51

52

A.H.J. Swart, De toelating en uitzetting van vreemdelingen, Deventer: Kluwer 1978, p. 67.
See also B. Puntervold B, The Use of Visa Requirements as a Regulatory Instrument for the
Restriction of Migration, in: A. Bcker et al., Regulation of Migration. International Experiences.
Amsterdam: Het Spinhuis Publishers 1998, p. 191202.
OJ 56, 4.4.1964. This Directive has been replaced by Directive 2004/38, see also Chapter 9.

64

Chapter 3

been further narrowed in the jurisprudence of the ECJ. In the Bouchereau case,
the ECJ formulated the well-known criteria that there must be a genuine and
suciently serious threat to the requirements of public policy aecting one of
the fundamental interests of society.53 For a long time, these ECJ criteria did not
seem to play an important role with regard to the national practice of reporting
third-country nationals into the NSIS. The European Commission however
repeatedly urged the Schengen partners to apply the criteria of Directive 64/221
to third-country nationals who are family members of EU citizens as well, in
order to guarantee to the latter the right to freedom of movement under the EC
Treaty. Responding to this pressure from the Commission, in 1996 the Schengen
Executive Committee adopted a declaration dening aliens as referred to in
Articles 1 and 96 of the CISA.54 According to this declaration, the general rule
should be that individuals, including third-country nationals, who are beneciaries of Community law are not to be reported into the SIS. Family members of
EU citizens who are third-country nationals and who have the right on the basis
of EC law to enter and to reside in a Member State, as well as nationals of Iceland,
Liechtenstein and Norway, and later Switzerland, may be entered into the SIS if
this entry would be compatible with Community law. If a beneciary of EC
law is entered into the SIS and this is not in accordance with Community law, he
or she should be deleted from the list.
As pointed out by Eicke, the declaration of 1996 does not comply fully with
the Courts criteria. The decision to exclude or expel a person from a national territory is only allowed based on the actual threat this person represents to this territory. In other words, being a threat to one Member State does not justify excluding
that individual from all other states.55 The ECJ made this clear in its rst judgment with regard to the SIS and the registration based on Article 96 CISA. In this
judgment, Commission v. Spain, of 2006, the ECJ ruled that registration in the
SIS of two non-EU citizens who were married to EU nationals could not automatically result in the decision of the Spanish authorities to refuse them a visa or
admission to Spanish territory.56 The judgment of the ECJ, and the point made by
Eicke, is very important considering the legitimacy of the principle on which the
functioning of the SIS is based. There is a clear tension between the principle of
the mutual recognition of national immigration decisions relating to public order
or security grounds on the one hand and, on the other hand, the protection of the
53
54
55

56

Bouchereau, C-30/77, 27 October 1977, ECR [1977], p. 1999, para. 30.

Declaration of 18 April 1996, SCH/Com-ex, (96) decl. 5.
T. Eicke, Paradise Lost? Exclusion and Expulsion from the EU, in Groenendijk, Guild &
Minderhoud (2003), p. 163.
Commission v. Spain, 31 January 2006, C-503/03. This judgment will be discussed further in
Chapter 9.

The Schengen Information System

65

rights of third-country nationals beneting from EC law. The application of

Article 96 in conjunction with Article 5 CISA is in sharp contrast with the criteria
established by the Court of Justice regarding EU citizens and third-country
nationals who are beneciaries of EU law. Whereas, for these latter groups, public
order restrictions may exclusively be based on the personal conduct of the person
concerned, the criteria of Article 96 are vague and leave the applying states a wide
margin for interpretation.57 Meanwhile, the group of beneciaries of EC law has
been extended and includes third-country nationals deriving rights from the EC
Directive 2003/86 (third-country nationals seeking family reunication) and
2003/109 (long-term resident third-country nationals). Also, for these groups of
third-country nationals, the respective Directives require stricter rules as to the
interpretation of public order and national security grounds.
Another problem with regard to the implementation of the CISA rules to the
NSIS is that this requires a standard check of the NSIS when controlling thirdcountry nationals, regardless of whether these controls take place at the borders,
within the national territory, or for visa applications at consulates or embassies
abroad. This systematic checking of persons may result in a practice which is contrary to the principles of free movement as protected by EC law. As underlined by
the ECJ in the judgment Commission v. Belgium, identity checks on EU nationals
at the internal borders of the single market need to be sporadic, not systematic,
arbitrary or unnecessarily restrictive and only identity controls are allowed.58 This
also means that EU citizens cannot be required to answer questions on the purpose and the duration of their stay or the nancial means at their disposal before
they are permitted to enter the territory of another Member State.59

5. Practical Implementation of SIS: Statistical Data

on the Number of Records and SIS-Based Hits
Due to the lack of centralised, regularly updated information, it is dicult to assess
the added value and practical usefulness of SIS. The last annual report on the implementation of the Schengen Convention of the Schengen Executive Committee was
published in 1999. This report contained data on the use of the SIS in 1998. After
this report, information on the number of records in SIS in 2000 and 2001 were
only published occasionally and by dierent organisations. For example, the

57

58
59

E. Guild, Security of Residence and Expulsion of foreigners: European Community Law in

Guild & Minderhoud (2001), p. 5980.
C-321/87 [1989] ECR 997.
See the case, Commission v. the Netherlands, C-68/89 [1991] ECR I-2637.

66

Chapter 3

Schengen Joint Supervisory Authority or JSA (see below, Chapter 7) published data
in its fourth and fth annual reports on the content of the SIS. However, no such
information was included in the sixth report of the JSA on 20022003. There are
some statistical data included in the Report of the ad hoc group for the study of 3rd
pillar information systems to the Council in 2003.60 In this report, the ad hoc
group compared the existing EU databases, including the SIS, Eurodac, the Customs
Information System (CIS), the Anti-Fraud Information System (AFIS), and the
databases of Europol. An important conclusion by this ad hoc group is that, at the
stage in its research, insucient information was available on the content and the
current usage of the systems. Only since 2005 has the Council Secretariat published
annual database statistics on the number of records registered into the SIS. These
publications can be retrieved from the public register of the Council.61
According to the report of the ad hoc group for the study of 3rd pillar information systems in 2003, the NSIS data could be consulted by approximately
125,000 terminals in the Schengen States. By 2005, the SIS included more than
15 million records on objects and persons.62 Approximately 6% of these records
concerned persons who were registered in the SIS for more than one purpose.
As we saw in section 1.4, the categories on persons include persons wanted for
arrest or extradition (Article 95 CISA); third-country nationals (non-EU and
non-EEA citizens) to be refused entry (Article 96 CISA); missing persons or
those to be placed under temporary police protection (Article 97 CISA); witnesses or other persons summoned to appear in court (Article 98 CISA); and
persons wanted for discreet surveillance or specic checks (Article 99 CISA).
5.1. Numbers of Persons Entered in SIS
With regard to the total number of records on persons in the SIS between 1999
and 2005, the following information can be derived from the above reports.63
Data for 1999 64
Total persons entered into SIS: 855,887
Article 95:
10,419
Article 96:
764,851
Article 97:
27,436
Article 98:
35,806
Article 99:
17,365

60
61
62
63
64

(89%)

Doc. 8857/03, 6 May 2003.

http://register.consilium.europa.eu.
See the gures in the tables included in the next section.
The author did not nd any information on 2002.
31.12.1999, source: Justice report, The Schengen Information System. A human rights audit,
London 2000.

The Schengen Information System

67

Data for 2000 65

Total persons entered into SIS: 842,255
Article 95:
10,914
Article 96:
750,347
(89%)
Article 97:
28,362
Article 98:
35,297
Article 99:
17,335
Data for 2001 66
Total persons entered into SIS: 803,160
Article 95:
11,628
Article 96:
709,763
(88%)
Article 97:
29,132
Article 98:
30,763
Article 99:
21,874
Data for 2003 67
Total persons entered into SIS: 877,655
Article 95:
14,023
Article 96:
780,992
(89%)
Article 97:
32,211
Article 98:
34,413
Article 99:
16,016
Data for 2004 68
Total persons entered into SIS: 883,511
Article 95:
14,902
Article 96:
785,631
(89%)
Article 97:
34,400
Article 98:
32,696
Article 99:
15,882
Data for 2005 69
Total persons entered into SIS: 818,673
Article 95:
15,012
Article 96:
714,078
(87%)

65

66
67
68
69

23.05.2000, source: report C.SIS Exploitation team, 4th annual report Schengen Joint
Supervisory Authority.
28.02.2001, source: 5th annual report Schengen Joint Supervisory Authority.
Data on 5.03.05, described in doc. 8857/03. See also the Statewatch/Ben Hayes report 2004.
Report from the C.SIS Exploitation team, 01/01/2004 at 00.00 (unpublished).
Data from the C.SIS at 010/1/2005 at 00.00. SIS Database Statistics from the Presidency to the
SIS-TECH Working group, 8621/05, 2 June 2005.

68

Chapter 3

Article 97:
Article 98:
Article 99:

36,235
35,317
18,031

Data for 2006 70

Total persons entered into SIS: 882,627
Article 95:
15,460
Article 96:
751,954
(85%)
Article 97:
39,011
Article 98:
45,189
Article 99:
31,013
The statistics above show that, since 2005, the percentage of records on thirdcountry nationals to be refused entry decreased, while the amount of data for the
other categories has increased. In particular, the number of Article 98 alerts (witnesses) and Article 99 alerts (discreet surveillance) increased over the past two
years. This seems to be an indication that Member States are starting to use the
SIS increasingly for criminal law proceedings, instead of immigration law purposes. The increase in Article 95 reports can be explained by the implementation
of Council Framework Decision 2002/584 on the European Arrest Warrant and
the surrender procedures between Member States.71 On the basis of this
Framework Decision, Member States can enter an alert on a requested person
into the SIS on the basis of Article 95 CISA.
5.2. Numbers of Hits Based on Searches Performed of the SIS
Data regarding hits are reported annually by the national SIRENE bureaux to
the General Secretariat of the Council.72 With regard to the numbers of hits
based on the SIS, in other words the number of times authorities nd a record in
the SIS on individuals checked by these authorities, Article 96 hits produces the
largest number. Between 1997 and 2004, hits on third-country nationals based on
Article 96 CISA constituted about 6070% of the total number of hits on persons.73
In 2004, the percentage of hits on third-country nationals dropped to 57% of the

70
71
72

73

SIS Database Statistics dated 01/01/2006, 5239/06, 12 January 2006.

Framework Decision of 13 June 2002, OJ L 190, 18.7.2002.
See, for the table of hits for the period 1 January to 31 December 2004, 6335/05, 23 February
2005, and for the table of hits for the period 1 January 2005 to 31 December 2005, 5913/06,
14 February 2006.
In 1997, third-country nationals to be refused entry represented 66% of the total number of
hits (14,806 of a total 22,475). In 2003 this was 71.5% (26,363 of a total of 36,876), compared
to the hits based on Article 95: 7.7%; Article 97: 4.8%; Article 98: 10%; and Article 99: 6%).

The Schengen Information System

69

total. This in the rst place is due to the enlargement of the European Union,
following which the old Member States had to take the names of the nationals
of the new EU Member States o the SIS. Secondly, this drop could be explained
by the increasing percentage of hits based on the other categories of data stored
in the SIS. Relatively speaking, when comparing the numbers of hits with the
numbers of entries for each category, reports on third-country nationals to be
refused entry seem to be the least successful. This is illustrated by comparing the
gures for 2001, 2004 and 2006.74
Based on the above reports, in 2001 the following hits were recorded by the
SIRENE bureaux:

Article 95: 2,841 hits (24% of the total number of records on Article 95);
Article 96: 26,363 hits (3.7% of the total number of records on Article 96);
Article 97: 3,661 hits (6% of the total number of records on Article 97);
Article 98: 1,779 hits (12% of the total number of records on Article 98);
Article 99 (persons): 2,232 hits (10.2% of the total number of records on
Article 99).

The gures for 2004 show an even smaller percentage of hits on third-country
nationals, compared to the number of records based on Article 96 CISA in
the SIS:

Article 95: 3,813 (25.6%)

Article 96: 21,957 (2.8%)
Article 97: 1,984 (5.8%)
Article 98: 4,945 (15.2%)
Article 99 (persons): 2,989 (18.8%).

The following numbers of hits were reported in 2005:

74

Article 95: 3,887 (25.1%)

Article 96: 21,090 (2.8%)
Article 97: 2,289 (5.9%)
Article 98: 6,612 (14.6%)
Article 99 (persons): 4,152 (13.4%).

Note that I compare the data on the number of records held in the SIS on the precise date of
1/1/2001, 1/1/2004 or 1/1/2006 with the total number of hits which were found the year after
that date. As the number of alerts change every day, this percentage only gives an estimate of the
exact percentage.

70

Chapter 3

Based on these statistical data, one could conclude that the registration of thirdcountry nationals in the SIS is in practice less eective, compared to the records
on persons stored in the SIS for other purposes. Even if information stored in the
SIS concerns predominantly third-country nationals to be refused entry, the
number of hits and, therefore, the actual eects of this storage are relatively small
compared to the number of hits for other categories of persons stored in the SIS.
On the other hand, the annual number of 21,000 to 25,000 hits on third-country
nationals is considerably high particularly when we consider that, based on these
hits, these persons have been stopped at the borders, refused a visa or even
expelled to a third country.
With regard to the development of the second-generation SIS, one would
expect the Commission or Council to have evaluated the use and eciency of
SIS I. To my knowledge, no such evaluation has taken place. Only the Schengen
Joint Supervisory Authority initiated a coordinated evaluation of the national
implementation of the Article 96 criteria in 2003, to be carried out by the
national data protection authorities. Based on this report and the available
national reports, it can be concluded that the Schengen authorities applied the
Article 96 criteria very dierently and the data stored in the SIS often did not
meet the criteria of Article 96.75 Furthermore, the national data protection
authorities discovered that the time limits for the storage of these data were frequently exceeded.76 The ndings of the JSA have been published in a report dated
20 June 2005. This report has not been ocially published but is only available
on request via the joint data protection secretariat of the Council.77
In the next Chapter, I will describe the development of the second-generation
SIS or SIS II, including the technical and functional amendments which were
proposed and adopted with regard to the SIS. Chapter 5 will examine other EU
databases which are directly or indirectly used for controlling immigrants within
or seeking admission to EU territory.

75
76

77

These reports are dealt with in Part III of this study.

See the critical report of the Danish Data Protection Authority of 10 June 2005, published at
http://www.statewatch.org. See also B. Hayes, SIS II: fait accompli?, Statewatch analysis,
May 2005.
The JSA report on this evaluation appeared in the summer of 2005 on the web site of the
Danish Data Protection Authority (http://www.datatilsynet.dk/) and on the web site of the
human rights organisation, Statewatch, but not on the technically outdated website of the JSA
itself (http://www.schengen-jsa.dataprotection.org/).

Chapter 4
New Functionalities for SIS
and the Development of SIS II
The Schengen Information System ended up by being the victim of its own success,
and it became imperative to increase its capacity and to introduce new possibilities
while taking advantage of the latest development of information technology.1

1. The Road to the Second Generation SIS or SIS II

When the SIS became operational on 26 March 1995, the system was used by
seven States: Belgium, the Netherlands, Luxembourg, France, Spain, Portugal
and Germany. At the end of 1997 those countries were joined by three other
countries: Italy, Austria and Greece. As far back as 1996, the governments participating in Schengen started discussions on technical as well as functional
improvements to SIS I. The practical reason for changing the architecture of SIS
was based on the forthcoming integration into the SIS of the Nordic countries
(Denmark, Sweden, Finland, Norway and Iceland). On 19 December 1996, the
Schengen States signed the agreements with Denmark, Sweden and Finland on
their accession to the Convention on the Implementation of the Schengen
Agreement (CISA).2 During the same meeting, the Schengen States decided to
develop a second-generation SIS or SIS II. This SIS II would not only permit
the integration of new Schengen States, but also include new functions.3
When it became clear that SIS II would not be realised before 2000, the
Schengen Executive Committee decided, at its meeting of 7 October 1997, to
combine the extension to the Nordic countries with the necessary technical

2
3

Carlos Coelho, Rapporteur for the LIBE Committee, Working Document on the Decision and
the Regulation on SIS II, 20.10.2005.
OJ L 239, 22.9.2000. See also section 3.1 in Chapter 3.
This decision on the development of SIS II has not been published, but is referred to in the decision of the Schengen Executive Committee of 25 April 1997 in which Portugal was given the
mandate to start a preliminary study for SIS II. SCH/Com-ex (97) 2 rev. 2, published in OJ L
239, 22.9.2000.

Evelien Brouwer, Digital Borders and Real Rights, pp. 71116.

2008 Koninklijke Brill NV. Printed in the Netherlands.

72

Chapter 4

measures to make the SIS ready for the new millennium. The same decision
emphasised that the parallel development of a renewed SIS, or SIS I, would not
aect the development of SIS II.4 The new extended SIS I (under the heading
SIS I+) should be accessible to 18 countries (15 operational States, the United
Kingdom and Ireland, plus one in reserve) while, in the longer term, the strategic objective of SIS II would remain unchanged.5 After the integration of the
Nordic countries into the SIS and the successful completion of the SIS I+
project in 2001, the governments continued their negotiations on SIS II.6 The
Council of Justice and Home Aairs or JHA Council (having replaced the
Schengen Executive Committee in 1999 on the basis of the Amsterdam Treaty)
conrmed, at its meeting of 2829 May 2001, that in view of the enlargement
of the EU, the development of SIS II by 2006 would be a priority.7 In December
2002, the JHA Council decided upon the implementation of the Schengen
acquis in the new Member States. The application of the full Schengen acquis
would make it necessary for those Member States to full all legal, organisational and technical pre-conditions (), especially the requirements linked to
the access to the Schengen Information System and the ecient controls at
external borders.8
Before discussing the developments of SIS II, the rst sections will describe
the decisions adopted to amend the use of SIS I. As we will see, many of these
earlier decisions inuenced the nal scope and use of SIS II.9 In section 6, I will
focus in particular on the (draft) Regulation on SIS II with regard to alerts on
third-country nationals to be refused entry or residence. I will not go into details
of the Decision on SIS II which applies to the use of SIS II within the third pillar
framework.

4
5

7
8
9

SCH/Com-ex (97) 24, OJ L 239, 22.9.2000.

Decision of 21 April 1998. See, for an overview of these developments in decision-making, the
note from the German delegation to the Council Working Party on the Schengen Information
System, SIS II overall plan: Problems to be addressed, 20 August 1999, 10629/99.
SIS I became fully operational in the Nordic countries in March 2001. See Council Decision
2000/777 of 1 December 2000 on the application of the Schengen acquis in the Nordic countries,
OJ L 309/24 9.12.2000.
Press release, 9118/01 (Presse 203).
See point 7 of the Roadmap adopted at the meeting of the JHA Council of 1929 December 2002.
See also Hayes, SIS II: fait accompli?, Statewatch analysis, May 2005, www.statewatch.org.
An overview of the proposals and the nal decision-making with regard to SIS I and SIS II is
given in the annex to this chapter.

New Functionalities for SIS and the Development of SIS II

73

2. Early Proposals to Extend the Use of SIS

2.1. Access to Europol and Eurojust
In the Vienna Action Plan on an Area of Freedom, Security and Justice of
December 1998, the JHA Ministers agreed in conclusion 43(c) to examine the
possibility of granting Europol access to the SIS.10 This possibility for both Europol
and Eurojust to gain access to SIS information was strongly advocated by the
German government. In a note from the German delegation to the SIS Working
Party, it was proposed that Europol be authorised to consult the right of access to
SIS and, in the longer term, to make Europol responsible for the implementation
of the C.SIS tasks.11 In September 2000, Germany presented a discussion paper
on the future use of SIS.12 The German government proposed optimising the use
of the SIS and extending access to the SIS to other authorities and institutions,
including Europol and central credit protection agencies. These organisations
should have access to the data on stolen or missing documents. This would prevent persons using stolen identity documents with the goal of establishing dierent bank accounts in the EU Member States. These amendments would serve
the interests of protecting the public from crime, prosecuting crime eciently
and providing eective protection against illegal immigration.
In the aftermath of the terrorist attacks in the United States (see below), the
discussion about granting access to Europol and Eurojust received a new impulse.
It took more than a year before the EU Ministers could reach political agreement
on access by Europol and Eurojust to the SIS. During the Meeting of the JHA
Council of 19 December 2002, the Mixed Committee agreed on the principle
that Europol and national members of Eurojust should have ecient and workable access to the SIS. The decision on how this access would be implemented
was to be taken at a later stage, based on a report to be forwarded by experts.13
As we will see in section 4.1 below, the legal basis for SIS access by Europol and
Eurojust was provided in Decision 2005/211 of 25 February 2005.14
During the Council discussions, the option of granting access to Article 96
data on inadmissible third-country nationals was considered both with regard to
10
11
12
13
14

Text adopted by the JHA Council of 3 December 1998, OJ C 19/1, 23.1.1999.

10629/99, 20 August 1999.
20 September 2000, 11538/00. See also the German note of 8 December 2000, 14470/00.
5691/02 (Presse 404).
OJ L 68, 15.3.2005. See for the Decision 2002/187 on the establishment of Eurojust, OJ L
63, 6.3.2002.

74

Chapter 4

Europol and with regard to Eurojust. In 2002, France, Luxembourg, Sweden

and Spain supported access to Article 96 data for Europol and Eurojust.15
According to the Note of the College of Eurojust of 30 July 2002, access to
Article 96 data on non-admission would also be useful to Eurojust. However,
this utility was only justied by stating that the combination of judicial orders
with non admission orders is delicate.16 By the end of 2006, there was still no
agreement or legal basis for access to SIS data on third-country nationals by
Europol and Eurojust.
The Hague Program on an Area of justice, freedom and security of 2004,
launched the principle of availability as a common standard for information
sharing and exchange between the national law enforcement authorities. This
principle, which is to be further developed, seems to be used as a motive to link
dierent EU databases and to give the authorities wide access to these databases as
well.17 In 2005, the Commission announced that it was to study the development
of links between the SIS II and the Europol information system before 2007.18
2.2. Eective Protection against Illegal Immigration
In the same note in which the German delegation supported Europol access to the
SIS I, it proposed to grant authorities issuing residence permits to third-country
nationals appropriate access to SIS documents/investigations.19 This would include
access to information on stolen, misappropriated or lost documents. Providing
immigration authorities access to this information would enable them to tackle
illegal residence in the Schengen area at an early stage, by preventing persons from
obtaining residence or legalising illegal residence by submitting stolen or misappropriated documents. It was also proposed that asylum authorities be granted
access to the data on third-country nationals stored to the SIS for Article 96 purposes, in order to facilitate the appointment of the Member State responsible for
an asylum claim according to the Dublin II Regulation.20 The proposal was
based on the assumption that the state entering the data on the basis of Article 96

15
16
17

18

19
20

9408/4/02, 26 November 2002.

11653/02, p. 3.
For example in the discussion paper on the future progress concerning the principle of availability of the Friends of the Presidency, 25 January 2006, 5595/06 (document only partially
accessible to the public).
COM (2005) 184, Communication on The Hague Programme: Ten priorities for the next ve
years, 10.5.2005, p. 20. See also my article Data surveillance and border control in the EU:
Balancing eciency and legal protection of third-country nationals in: T. Balzacq & S. Carrera,
Security versus Freedom? A Challenge for Europes Future, Aldershot: Ashgate 2006, p. 137154.
11538/00.
6164/5/01 REV 5, p. 29.

New Functionalities for SIS and the Development of SIS II

75

would also be the state whose territory the person in question entered for the rst
time. However, when Eurodac (see Chapter 5) became operational, this proposal
disappeared from the agenda.
2.3. New Categories of Persons
During the discussions in the EU Council, Belgium, Spain and Portugal
supported registration in the SIS of two new categories of persons: persons prohibited to leave the Schengen area and potentially dangerous persons to be
banned from participating in certain events. With regard to the former category,
this was proposed in February 2001, by the Portuguese delegation.21 This category of persons would include a divergent group of persons, for example, children
who are at risk of being kidnapped by one of their parents when there is a dispute
over custody of the child. But it could also include detainees who are conditionally released. In June 2003, the JHA Council agreed to study the possibilities of
this new alert although, to my knowledge, no measure has been taken with regard
to this proposal.
The proposal to enter data into the SIS I on potentially dangerous persons to
be banned from participating in certain events was supported by the Spanish
and Belgian governments. In reaction to the events surrounding the EU summit
of Gothenburg, Sweden, the JHA Council of 13 July 2001 agreed on the need
for a structured exchange of data on violent troublemakers within the context of
meetings of the European Council and other, similar meetings.22 Based on these
conclusions, the Spanish government, during its Presidency in February 2002,
proposed studying the possibility of including data on violent troublemakers
[with respect to] in view of mass events to the SIS I.23 In the Spanish note, it
was recognised that such alerts could aect freedom of movement as protected
by EC Directive 64/221 (now Directive 2004/38) as well as other civil liberties
and data protection of the persons concerned. It was therefore suggested, since
these data would only be necessary for limited periods related to certain events,
that those data would not be made permanently visible or included in the SIS.
Meanwhile, the possibility for the police authorities to exchange information on
this category of persons was provided for in dierent bilateral agreements on
police cooperation between EU Member States.24 This meant that it was no
21

22
23
24

6577/01, 24 February 2001, see also the Swedish Presidency note on Requirements for SIS II,
6164/1/01 REV 1.
10608/01 (Presse 281).
Presidential note to the Working Party on SIS, 5968/02, 5 February 2002.
For example, the Treaty between Germany and the Netherlands of 2 March 2005, Tractatenblad
(Dutch Ocial Publications) 2005, no. 86 and the Benelux Treaty on border crossing police
cooperation (grensoverschrijdend politie-optreden) 8 June 2006, Tractatenblad 2005, no. 35.

76

Chapter 4

longer necessary to provide for this exchange of information through the SIS II.
Furthermore, the Treaty of Prm, adopted in 2005, provides for the exchange of
information during major events with cross-border dimensions, in particular
sport events, if any nal convictions or other circumstances give reason to
believe that the data subjects will commit criminal oences at the event or pose
a threat to public order and security, in so far as the supply of such data is
permitted under the supplying Contracting Partys national law (Article 14).25
These data subjects include both EU and non-EU citizens.
With regard to other categories of data, the JHA Council agreed in June 2003
to study the feasibility, usefulness and practical implementation of entering
them into the SIS I.26 Those categories included:
1.
2.
3.
4.
5.
6.
7.

minors precluded from leaving the Schengen area;

violent troublemakers;
other vehicles;
works of art;
animals;
luxury items; and
easily identiable objects.

At this same meeting of June 2003, the Council asked for a study of the
inclusion of SIRENE forms into the SIS and of which biometric data other
than photographs and ngerprints can be stored in the SIS I.

3. SIS I and the Fight Against Terrorism

3.1. Extending the Functions of the SIS I
Immediately after the terrorist attacks in the United States of America of
11 September 2001, the EU institutions and national governments came forward with dierent legislative proposals and measures aimed at intensifying
the ght against terrorism.27 The failure of the administrations to identify those
responsible, who turned out to have stayed legally or on an expired visa in both
the United States and Germany, resulted in new emphasis on controlling thirdcountry nationals entering or residing in the EU. At its special meeting of
20 September 2001, which immediately followed the terrorist events, the Justice

25

26
27

10900/05, 7 July 2005, published at www.libertsecurity.org. See for the Dutch version
Tractatenblad 2005, 197.
Meeting of 56 June 2003 of the JHA Ministers. Press release 9845/03 (Presse 150).
See, for early EU decision-making in response to 9/11: Brouwer, Catz & Guild (2003), p. 96 .

New Functionalities for SIS and the Development of SIS II

77

and Home Aairs Council urged the Member States to take certain measures
involving the use of the SIS I. Among other things, the JHA Council announced
that it would examine the possibility of granting other public services access to
the SIS, with regard to the cooperation between police and intelligence services.
The participating States were also invited to provide more systematic input into
the SIS of alerts under Articles 95, 96 and 99 of the CISA.28
The German government, in particular, proposed far-reaching measures with
regard to the use of personal information in the ght against terrorism. In a paper
dated 27 September 2001, Germany proposed enabling the interconnection of
data by allowing Europol, national Public Prosecutors Oces and immigration
and asylum authorities on-line access to the SIS.29 The German delegation also
called for enabling Europe-wide computerised prole searches, the establishment
of a common visa database and of a European central register of third-country
nationals present on EU territory. Furthermore, in this same note, Germany
advocated the use of Eurodac information for police purposes.
In October 2001, the Belgian Presidency of the EU issued a proposal to extend
Article 96 CISA to make it possible to check whether third-country nationals to
whom a visa is issued and whose visa has expired have actually left the Schengen
territory.30 Under this proposal, an alert would have to be automatically reported
into the SIS when a person does not leave the Schengen area within the period
stated in his or her visa. It was noted that when the proposal was to be incorporated into the SIS II, the nancial eects would be minor. As we will see in
Chapter 5, the idea of an entry-exit system was transferred to the proposal for
a separate Visa Information System.
In November 2001, the Belgian government forwarded another proposal to
record alerts more systematically in the SIS I.31 According to this note, data
should be recorded automatically in all cases once this entry into the SIS would
be allowed by national legislation. The entry of alerts could be improved by
issuing common recommendations or even setting common binding rules for
the entry of alerts. With regard to alerts on persons to be refused entry, the
authorities responsible for public security could be made (more) aware of the
possibility of entering alerts under Article 96 (2) (b) (i.e. aliens in respect of
whom there are serious grounds for believing that he has committed serious
criminal oences () or in respect of whom there is clear evidence of an
intention to commit such oences in the [Schengen] territory).

28
29
30
31

SN 3926/6/01 REV 6, 20.09.2001, Conclusions 13 and 27.

SN 4038/01, meeting document of 27 September 2001.
12813/01, 15.10.2001.
14193/01.

78

Chapter 4

The report of the EU Presidency to the Security Council Commission of

December 2001 summarised the view of the Member States at that time on using
the SIS in the ght against terrorism.32 According to this report, the SIS would
oer several opportunities for preventing terrorists using the territories of the EU
Member States for purposes relating to acts of terrorism. The report referred
again to the importance of recording data in the SIS more systematically. Eorts
would be made to improve the use of the SIS, for example by introducing warnings by default and national warnings fullling the criteria for introduction
into the SIS will be introduced as automatically as possible and should not
require any additional operation from the initiating authority.
3.2. Access for Internal Security and Intelligence Services
During the EU negotiations on the ght against terrorism, the possibility of
granting national internal security and intelligences services access to the SIS was
a recurrent issue. This was proposed explicitly for the rst time in October 2001
by the UK delegation within the SIS Working Party.33 Referring to the aforementioned Council Conclusions of 20 September 2001, the Belgian Presidency
described the UK proposal as logical.34 However, at the same time, the Belgian
government stated that if the Council reached an agreement in principle on this
point, it would still have to be decided whether this access would include civil or
military services, which categories of information would be involved, for what
purposes these services could use the data, and which data protection provisions
would have to be adopted.35 To my knowledge, a formal decision has not been
taken on access by internal security and intelligence services. It has been suggested that, based on an informal decision at working party level, this SIS access
by security and intelligence services has been implemented at national level without a formal legal basis.36 During the negotiations on the Decision on the use of
the SIS II, the German government tried to include a provision granting internal
security agencies access to the SIS. This proposal was successfully opposed by the
European Parliament, however later replaced by a provision granting designated
authorities access to SIS II (see section 6.5 below).
32

33

34
35
36

Letter of 27 December 2001 to the Security Council Committee established pursuant to

resolution 1373/2001, S 2001/1297. http://ec.europa.eu/comm/external_relations/un/docs/
eu1373.pdf.
13530/01, 29 October 2001. In this same note, the UK delegation also proposed the creation of
a restricted access terrorist database. See also 6164/5/1, 6 November 2001.
13269/01, 31 October 2001.
10127/02, 21 June 2002.
B. Hayes, Statewatch analysis, From the Schengen Information System to SIS II and the Visa
Information System (VIS): the proposals explained, February 2004, p. 9, www.statewatch.org.

New Functionalities for SIS and the Development of SIS II

79

3.3. Inclusion of Persons Listed on the UN Terrorist Lists

Directly related to the ght against terrorism was the Italian proposal to enter
persons included on the UN list established by the Sanctions Committee on
Afghanistan on the basis of UN Security Council Resolution 1390/2002
(SCR Resolution). This proposal was supported and elaborated in a note of 28
May 2002 from the Spanish Presidency to the SIS Working Group.37 The Spanish
Presidency asked the national delegations to check what national measures had
been taken to comply with the SCR Resolution. It was stated that, if all Member
States lacked the legal basis to enter these individuals into the SIS, governments
could consider whether legislative changes at national or European level would
be appropriate to ensure that, in future, such persons were entered into the SIS.
The proposal to report persons on the UN terrorist lists in the SIS was not ocially adopted. On the basis of an informal agreement between the Schengen
States, the German authorities entered the listed persons into the SIS on behalf
of the other States.38 Input regarding these persons is managed by the German
Ministry of the Interior, as long these persons could be adequately identied.39
In 2006, in a note on Article 96 alerts based on the UN lists, the EU Presidency
dealt with dierent options for entering and maintaining information based in
the UN or EU lists on terrorists for the forthcoming Regulation on SIS II.40
In this note, it was conrmed that for the time being, the German authorities
have volunteered to enter these persons into the SIS on behalf of the Member
States. As we will see below, a new provision is included in the SIS II Regulation,
according to which a third-county national listed on a UN terrorist list may be
registered in the SIS II for the purpose of refusal of entry or residence.
At this point, it should be stressed that the instrument of terrorist lists already
existed before 11 September 2001. In the EU, several terrorist lists were and still
are used simultaneously, including a list of persons aliated with the Al Qaeda
network. After 11 September 2001, a new list was compiled by the UN Sanctions
Committee and attached to the UN Security Council Resolutions.
The Member States decided unanimously in the EU Council of 27 December
2001 on the Decision establishing the list provided for in Article 2 (3) of Council
Regulation 2580/2001 on specic restrictive measures directed against certain persons
and entities with a view to combating terrorism41 and the (much longer) list in the
37
38

39

40
41

9358/02, 28 May 2002.

See the Outcome of Proceedings of the meeting of the Article 36 Committee, 9182/03,
12 May 2003.
Internal note from the German Federal Data Protection Authority to the Schengen Joint
Supervisory Authority, 25 January 2005.
7783/06, 7 April 2006.
OJ L 344, 28.12.2001.

80

Chapter 4

Annex of the Common Position 2001/931 on the application of specic measures to

combat terrorism and Council Decision 2001/ 927.42 The EU lists are reviewed
every 6 months.43 Based on Council Regulation 2580/2001, Member States are
required to freeze the nancial assets of the listed persons and organisations considered to be involved in terrorism. The Regulation applies within the territory
of the Community, including its airspace, on board any aircraft or any vessel
under the jurisdiction of a Member State, to any person elsewhere who is a
national of a Member State, to any legal person, group or entity incorporated or
instituted under the law of a Member State or doing business within the
Community (Article 10). The EU list which is attached to the Common Position
2001/931 contains the same names, but also includes EU citizens. It provides
the names of individuals and organisations who are believed to be connected
with terrorism, some of those (in the rst version around 30) are characterised as
endogenous (primarily active within the EU), while others (around 10) are
characterised as exogenous (mainly active outside the EU). The provisions for
mutual support in criminal proceedings target the rst group, while the measures
for freezing assets are aimed at the latter.
Criteria for listing people can be found in the Common Position 2001/931
and in the Regulation 2001/927. These criteria include whether a criminal prosecution, investigation or sentence has been carried out as a result of terrorist acts.
In addition, people who are linked by the UN Security Council to terrorism and
against whom sanctions have been imposed can be added to the list. Member
States are entitled to make their own proposals on the removal of persons and
organisations from the lists, as well as on the entry of new persons and entities.

4. Adopted Decisions Extending the Use of SIS I

4.1. Regulation 871/2004 and Decision 2005/211 on New Functionalities
On 29 April 2004 and 24 February 2005 respectively, the EU Council adopted
Regulation 871/2004 and Decision 2005/211 on new functionalities for the
SIS.44 These instruments, based on Spanish proposals from 2002, include dierent measures extending the use and utilities of the current SIS.45 The most
important changes are:

42
43

44
45

OJ L 139/4 and L 139/9, 29.05.2002.

See, for updates: 2 May 2002, OJ L 116, 3.05.2002; 17 June 2002, OJ L 160/26, 18.06.2002;
28 October 2002, OJ L 295/12, 30.10.2002; 12 December, OJ L 337/85, 13.12.2002.
OJ L 162/29, 30.04.2004 and OJ L 68/44, 25.03.2005 respectively.
Spanish initiative for a Regulation on new functions of SIS, OJ C 160, 4.7.2002.

New Functionalities for SIS and the Development of SIS II

81

1. access by Europol and Eurojust to the SIS;

2. access by national judicial authorities, including public prosecutors, to the
SIS, including Article 96 alerts, with regard to checks within the country;
3. access to information held in the SIS on stolen, misappropriated or lost
identity documents by authorities responsible for issuing or examining visa
applications or for issuing residence permits.
Finally, the Regulation extends the duty to make records of the transmission of
data and, for the rst time, includes a legal basis for the SIRENE bureaux.
The Regulation was purposely adopted on 29 April 2004 which is before the
adoption of its third pillar counterpart, the Council Decision of 25 February
2005.46 The reason for this swift adoption of the Regulation was Article 67 of the
EC Treaty. On the basis of this provision, after 1 May 2004, the Council could
no longer adopt legal acts within the scope of Article 66 TEC insofar they are
based on the initiative of one or more Member States. The application of the
provisions of the Regulation and the Decision were set for dierent dates.47
4.1.1. Europol and Eurojust
The most important amendments with regard to the use of the SIS are the provisions in the Decision on access to Europol and Eurojust and, in the Regulation,
on access by visa and immigration authorities to information on stolen documents. Decision 2005/211 provides for access by Europol and Eurojust to SIS
data stored on the basis of Articles 95, 99 and 100 CISA, or Articles 95 and 98.
This access is limited to the police and judicial tasks of these organisations and
does not include data under Article 96 or 97. The Decision explicitly forbids
Europol to link parts of the SIS to which it has access to any computer system
operated by or at Europol. In addition, with regard to Europol, it is explicitly
stated that Europol may not transfer the SIS data to any third State or third party
without the express prior authorisation of the Member State which entered this
data into the system. The Decision also changes the procedure to be followed by
national authorities in the event of an alert on the basis of Article 99 (discreet surveillance). Based on the former provision in the CISA, ocials planning
to issue such an alert had to consult the other contracting parties beforehand.

46
47

See the note from the Irish presidency to the Article 36 Committee, 6874/04, 27 February 2004.
Article 2 of the Regulation and the Decision allows the Council to set dierent dates of application. See Decision 2005/451 of 13 June 2005, OJ L 158, 21.6.2005, Decision 2005/728 and
Decision 2005/727 of 12 October 2005, OJ L 273, 19.10.2005 respectively. On 24 July 2006,
the JHA Council adopted two decisions setting two further dates of application (1 October and
1 November 2006) for Article 1(4) and Article 1(5) of the Regulation, 11556/06 (Presse 216).

82

Chapter 4

With the new Article 99 (4), the national authorities issuing an alert will only
have to inform other parties.48
4.1.2. Public prosecutors
Regulation 872/2004 includes an amendment to Article 101 (1) (b) CISA, based
on which the authorities responsible for police and customs checks carried out
within the country and the coordination of such checks have direct access to the
SIS, including alerts on third-country nationals to be refused entry. Based on the
amendment, direct access is made possible for national judicial authorities,
including those responsible for initiating public prosecutions in criminal proceedings and judicial inquiries prior to indictment, in the performance of their
tasks as set out in national legislations. The original text of the Spanish proposal
only envisaged adding to the provision of 101(1) (b), which reads as follows:
and the judicial supervision thereof .49 This proposed amendment was justied
by the fact that some Member States already granted access to the SIS to their
public prosecutors based on the words and the coordination of such checks in
Article 101 (1) (b).50 In October 2002, the French delegation proposed giving
national judicial authorities direct access to all SIS data, whereas the German
delegation proposed, for the initiation of public prosecutions in criminal
proceedings, giving national authorities only direct access to Articles 95, 98 and
100 data (persons wanted for arrest for extradition, witnesses, and objects for the
purposes of seizure or use as evidence for criminal proceedings respectively).51
In the nal decision on the proposed Regulation and Decision, the Council
chose a combination of both texts.
4.1.3. Authorities Responsible for Issuing or Examining Visa Applications
or for Issuing Residence Permits
A new Article 101 (2) has been inserted in the CISA, giving the authorities responsible for issuing visas or examining visa applications and the authorities issuing
residence permits and for the administration of legislation on aliens access to the
data on stolen, misappropriated or lost identity documents which are held in the
SIS on the basis of Article 100 (3) (d) and (e) CISA. Regulation 871/2004 further
allows national authorities to add information to the alerts stored in the SIS, for
example on whether a person has previously escaped from detention.
48

49
50

51

In its resolution of 17 December 2002, the EP advised maintaining the obligation of informing
the other parties beforehand, A5-0436/2002.
OJ C 160, 4.7.2002.
5968/1/02, 19 March 2002, see also the Report of Carlos Coelho of the LIBE Committee,
A5-0436/2002, 4 December 2002, explanatory statement, p. 22.
9407/2/02, 17 October 2002.

New Functionalities for SIS and the Development of SIS II

83

4.1.4. Duty to Report all Transmission of Data and a Legal Basis for SIRENE
Although the Spanish proposal focussed on extending the use of the SIS for the
ght against terrorism, the opportunity to change current provisions regarding
the SIS has also been used to improve some data protection provisions. Both in
the Regulation and in the Decision, a duty has been added for national authorities to make a record of every case of the transmission of personal data, instead of
every tenth transmission (as provided for in the original text of the CISA). This
provides an extra safeguard with regard to the lawful use of SIS information.
Finally, the Regulation and the Decision provide for an explicit legal basis in
the CISA for the functioning of SIRENE. Article 92 paragraph 4 provides that
Member States will, in accordance with their national legislation, exchange
through SIRENE all supplementary information necessary in connection with
the entry of alerts and for allowing the appropriate action to be taken in cases
where data concerning persons and objects have been reported in the Schengen
Information System and these are then found as a result of searches made
within the System. The information exchanged through SIRENE may only
be used for the purpose for which it is transmitted. This latter restriction of the
further use of SIRENE data had been advocated by the EP in its resolution of
17 December 2002.52
4.2. Framework Decision 2002/584 on the European Arrest Warrant
Article 9 (2) of the Framework Decision 2002/584 on the European Arrest
Warrant provides that judicial authorities may issue an alert in the SIS on
requested persons for the purpose of a surrender procedure.53 As dened in the
Framework Decision, a European Arrest Warrant (EAW) is a judicial decision
issued by a Member State with a view to the arrest or surrender by another
Member State of a requested person. This request for arrest or surrender is possible for the purposes of conducting a criminal prosecution, executing a custodial
sentence or executing a detention order. In general, based on the double criminality rule, a Member State may subject the request from another Member State
to surrender a person to the condition that the act for which surrender is
requested should also constitute an oence under the law of the executing
Member State. However, with regard to 32 oences listed in the Framework
Decision, this double criminality rule does not apply. If punishable in the issuing
Member State by imprisonment of at least three years, the requested State must
surrender the person without verifying the double criminality of the oence at
stake. The oences listed in the Framework Decision include, among others,
52
53

A5-0436/2002.
The Framework Decision was adopted on 13 June 2002, OJ L 190, 18.7.2002.

84

Chapter 4

membership of a criminal organisation, terrorism, human tracking, corruption,

fraud (including fraud aecting the nancial interests of the Communities), counterfeiting currency, murder, racism and xenophobia, organised or armed robbery,
computer-related crime, tracking in stolen vehicles and rape.54 The EAW must
contain information that includes the identity of the person concerned, the
issuing judicial authority, the nal judgment, the nature of the oence and the
penalty. The arrest warrant, registered in the SIS in accordance with Article 95
CISA, is considered equivalent to an EAW. When the location of the requested
person is known, the issuing judicial authority may also transmit the EAW
directly to the executing judicial authority.
The Framework Decision entered into force on 1 January 2004. Some Member
States, including United Kingdom, France, Belgium, Portugal, Luxembourg,
Germany and Spain agreed to apply the Framework Decision as of the rst quarter
of 2003.55 In dierent EU Member States, the lawfulness of the Framework
Decision has been disputed before national (constitutional) courts.56
4.3. Common Position 2005/69 on Exchange of SIS Data
Between Member States and Interpol
On 24 January 2005, the Council adopted a common position on the exchange of
information on stolen and lost passports between the SIS countries and Interpol.57
Article 3.3 of this Common Position requires Member States, whenever they enter
data on stolen passports into their national databases or into the SIS, to exchange
these data immediately with Interpol as well. The purpose of this measure is,
according to Article 1, to prevent and combat serious and organised crime, including terrorism. The Common Position is considered a rst response to the call of
the European Council of 24 March 2004, in its Declaration on combating terrorism, to create an integrated system for the exchange of stolen and lost passports
between the SIS and the Interpol database. According to preamble (5), the current
measure should be followed up by setting up a technical functionality in the SIS to
achieve that aim. The Common Position took eect on the date of its adoption
(Article 5). In practice, the implementation of this Common Position means that
information reported to the SIS and then automatically submitted to Interpol,

54

55

56

57

This (partial) abolition of the double criminality rule and the abolition of the prohibition on
surrendering ones own nationals have been criticised. See: http://www.eurowarrant.net.
This was agreed upon during the informal meeting of the JHA Council in February 2002,
see doc. 5065/03, 20 January 2003.
See, for analysis of some of these judgments: E. Guild (ed.), Constitutional challenges to the
European Arrest Warrant. A challenge for European Law: the merging of international and external
security. Nijmegen: Wolf Legal Publishers 2006.
Common Position 2005/69 on exchanging certain data with Interpol, OJ L 27/62, 29.1.2005.

New Functionalities for SIS and the Development of SIS II

85

so that the information at stake is no longer available for EU Member States only,
but also for the police organisations of non-EU States participating in Interpol.
4.4. Regulation 1160/2005 on Access to the SIS
by Vehicle Registration Authorities
In June 2005, the Council adopted Regulation 1160/2005 on the basis of which
the vehicle registration authorities gained access to data reported in the SIS on
stolen cars.58 This measure, provided in the new Article 102A CISA, should prevent vehicles reported by one Member State from being licensed in another
Member State. It should also increase the possibility of nding stolen vehicles.59
The Regulation applies with eect from 11 January 2006. According to Article
102A (4), the Council must submit a report to the EP on the implementation of
this provision, each year, after seeking the opinion of the Schengen Joint
Supervisory Authority. This report shall include information and statistics relating to the use and results of the implementation of this Article and shall state
how the data protection rules were applied.
The sections above, describing the amendments with regard to SIS I, make it
clear that the Member States were already extending the scope and use of this database. The multiple use of the SIS was invoked by giving new authorities, including Europol, Interpol, national vehicle registration authorities, national judicial
authorities and Eurojust access to the information held in the SIS I. During the
discussions on these amendments of the CISA provisions, the negotiators paved
the way for a new, enlarged concept for the second generation SIS, or SIS II.

5. SIS II
5.1. Legal Basis for SIS II
Regulation 2001/2424 and Decision 2001/886 on the development of the second
generation Schengen Information System (SIS II), adopted on 6 December 2001,
provided the legal basis for the further development of the SIS II.60 On the basis
of these instruments, the Commission was empowered to take the necessary
implementing measures, in accordance with the Council Decision on the procedures for the exercise of implementing powers conferred on the Commission.61
58

59
60
61

OJ L 191/18, 22.07.2005. Council minutes of 23 June 2005, doc. 8849/05. This decision of
the Council is based on a proposal by the European Commission, COM (2003) 510 and takes
into account three amendments by the European Parliament. See doc. 8524/05.
Based on a Belgian proposal, 8835/99 and 12793/01.
Regulation 2001/2424 and Decision 2001/886 published in OJ L 328, 13.12.2001.
Decision 1999/468/EC of 28 June 1999, OJ L184, 17.7.1999.

86

Chapter 4

The Decision provides for a comitology procedure, in which both the Commission
as the Council are involved.
The question of the appropriate legal basis and the nancing of SIS II was
controversial because of the legal basis of the current SIS. As we have seen in
Chapter 3, at the time of the integration of the Schengen acquis into the EU
Treaties, the Member States were unable to agree on the appropriate legal basis
for the SIS, recognising that some parts of the SIS fell within the scope of
Title IV TEC, while other parts were covered by Title VI TEU. To solve this
problem, the Council appointed Title VI as the legal basis for the whole SIS.
With regard to the legal basis of SIS II and the proposals which were necessary
for the development of SIS II, it was recognised that SIS II should be regarded
as having a dual legal basis. In its Communication on the Development of SIS II of
18 December 2001, the Commission had already underlined the dual function
of the SIS. With regard to Article 96 CISA, the Commission held that this would
have to be based on Articles 62, 63, and 66 of the EC Treaty. According to the
Commission, although an alert referred to in Article 96 may contribute towards
preserving public order, it sometimes entails action that does not amount to a
form of police cooperation within the meaning of Title VI of the EU Treaty
(or Title III Police and security of the CISA). Therefore, an alert for purposes
of refusing entry entails measures that fall under the heading of entry and residence of foreigners, whether they involve refusing a person a visa, removing them
to an external frontier or deporting them. The Regulation on the development
of the SIS II was based on Article 66 TEC and the Decision on Articles 30 (1) a
and b and 31 a, 34 (2) c TEU.62 With regard to the nancing of SIS II, the JHA
Council could not reach unanimity on the decision to nance SIS II through
intergovernmental funding. The Ministers agreed in their meeting of 29 May
2001 that the expenditure should be charged to the EC budget as from 2002.63
On 31 May 2005, the European Commission published three legislative proposals on the second generation SIS.64 The proposal for the Regulation on SIS II
was explicitly based on Article 62 (2) (a) TEC (external border controls) and
Article 66 TEC (administrative cooperation).65 By using Article 62 (2) (a) as legal

62
63
64

65

Both the Decision and the Regulation expired on 31 December 2006.

Report of the meeting, 9118/01 (Presse 203).
COM (2005) 236, 230 and 237, 31 May 2005, including a draft Regulation and Decision on
the establishment, operation and use of second-generation SIS (SIS II) and a Regulation regarding access to SIS II by national services responsible for issuing vehicle registration certicates.
See further below.
For more details on the applicable procedures with regard to Title IV instruments: S. Peers,
From Black Market to Constitution: The Development of the Institutional Framework for EC
Immigration and Asylum Law, in Peers & Rogers (2006), p. 52 and 6566.

New Functionalities for SIS and the Development of SIS II

87

basis for this Regulation, the Commission paved the way for qualied majority
voting and a co-decisive right for the European Parliament.
5.2. Developing SIS II as a exible tool
Although the formal reason for SIS II was the technical need to make the SIS
applicable to a larger group of states, from an early stage the development of SIS
II has been used in political discussions on the proposals for new functions of the
SIS.66 Even in July 2000, the French Presidency submitted a detailed overview,
on the basis of preparatory work carried out over several years by the SIRENE
Working Party, of the dierent proposals to extend the use of SIS II.67 This list
of proposals would be regularly updated in subsequent years.68 During the discussions on the anti-terrorism policy following 11 September 2001, Member
States forwarded dierent proposals on extending the use of the SIS. Whereas,
several of these proposals were implemented with regard to the current SIS
(for example, access by Europol and Eurojust), others were gradually incorporated in the draft texts on SIS II. Although the Regulation and Decision on the
development of SIS II did not directly refer to possible extended functions,
preamble 7 explicitly states that these instruments are without prejudice to the
adoption of future legislation on the use and operation of SIS II. The purpose of
allowing for a multipurpose tool was more explicitly referred to in the earlier
drafts of these instruments, forwarded by the Swedish and Belgian governments.69
In Article 1 of the proposed Regulation, the future goal of SIS II was described as
the need for Member States to have in place a joint information system enabling
the authorities designated by them to have access, by means of an automated
search procedure, to alerts on third-country nationals for the purpose of checks
to be carried out at external borders and elsewhere in their territory, and for the
purpose of examining visa applications and applications for residence. Article 1
of the proposed Decision referred to the goal of maintaining public policy and
security and enabling designated authorities to have access to alerts on persons
and objects for the purposes of police and customs checks at the borders and
elsewhere within their territory. According to Article 2 of both proposals, SIS II
would have to allow for certain new functions to be carried out taking into
account new IT developments. Since these functional changes would require
amendments to the CISA which were not feasible in the short term, these broad

66

67
68
69

See also Statewatch, Schengen Information System: SIS II: technical innovation pretext for
more data and control, Statewatch bulletin, JanuaryFebruary 2001 (Vol. 11, no. 1), p. 2425.
Requirements for SIS II, 10353/00. 13 July 2000.
See, for example 6164/5/01, 6 November 2001 and 5968/02, 5 February 2002.
OJ C 183/12, 29.6.2001.

88

Chapter 4

descriptions of the new functions of the SIS were deleted in the nal texts,
adopted on 6 December 2001.70 Despite these legal obstacles, at this meeting of
6 December 2001, the Council agreed to study dierent options to expand the
use of SIS II. In June 2002, the Econ Council reached formal agreement on
new functions for SIS II with a view to ensuring greater eectiveness in combating terrorism.71 These functions included, among others: the inclusion of
biometric data, the addition of new categories of data, the possibility of interlinking dierent alerts and the possibility of running searches on the basis of
incomplete data. As we will see below, except for the function of searching the
SIS II on the basis of incomplete data, these functions are included in the current
texts of the Regulation and Decision on SIS II.
In 2003, it was decided to instruct IT companies developing SIS II to design
SIS II so as to allow for new requirements whenever these become necessary.72
This would make it possible to develop SIS II as a exible tool that will be able
to adapt to changed circumstances and full, within reasonable time and without major additional costs and eorts, user requests made during its lifecycle.
Based on this decision, SIS II was technically developed to allow for various new
functions, even if at political level the decisions on the nal functions of SIS II
were yet to be taken.
At its meeting of June 2003, the JHA Council concluded that the new SIS II
should remain a hit/no hit system allowing for information exchange with a
view to policing the free movement of persons as well to maintaining public
security, and in particular assisting national authorities in the ght against transnational crime, in the context of the EU objective to maintain and develop the
Union as an area of freedom, security and justice. Considering the current decisions taken with regard to SIS II, (see below) we may wonder whether the
description of hit/no hit system still applies.
5.3. The Position of the UK and Ireland with Regard to Access to SIS II
Parallel to the discussions on the new functions of the SIS, negotiations took
place on possible access by the UK and Ireland to the SIS. Based on Council
Decisions 2000/365/EC and Council Decision 2002/192/EC respectively, both
70

71

72

Press release 14581/01 (Presse 444). See also the Note Requirements for SIS from the Belgian
Presidency, 13269/01 SIS 95 COMIX 693 and updated in 14790/01 SIS 107 COMIX 767,
which was used as a basis for the discussions in the Council.
Council Conclusions 10089/02 (Presse 181) based on the Presidential note to the Council,
9773/02, of 7 June 2002.
Meeting of 56 June 2003 of the JHA Council. Press release 9845/03 (Presse 150). These conclusions were based on the Commission Sta working paper on the development of the second
Generation Schengen Information System (SIS II) of 19 February 2003, SEC(2003)206.

New Functionalities for SIS and the Development of SIS II

89

countries only take part in the provisions of the Schengen acquis on police and
judicial cooperation.73 Despite this outsider status, the UK was actively involved
in the discussion on the new functionalities of SIS II, including the use of data
on third-country nationals to be refused entry. In dierent notes to the SIS/
Sirene Working Group, the UK presented its opinion regarding the proposed list
of functions for SIS II.74 In a note of 2003, the UK government justied the
extended use of the SIS by referring to the Tampere Conclusions of 1999 (conclusion no. 43) according to which: Maximum benet should be derived from
cooperation between Member States authorities when investigating cross-border
crime in any Member States.75 Aiming for a more exible use of the data that
will be held on SIS II, the UK referred to the two categories of Article 96 data:
data concerning people who have been refused entry to the Schengen area because
they constitute threats to public order, national security and safety and data concerning people refused for immigration or visa oences. According to the UK
proposal, the rst category of data should be accessible by law enforcement and
immigration ocers, since their registration would not only be used for refusing
entry, but also for law enforcement purposes such as preventing and detecting
crime. The second category should only be accessible by immigration ocers for
the purposes of refusing entry. From this proposal, as well as from other proposals
forwarded by the UK delegation, it is clear that the UK envisaged altering the
functioning of the SIS signicantly. From a merely administrative system, used
to prevent a dened group of third-country nationals from entering the Schengen
territory, the SIS had to change into an intelligence system, using which the
same group of persons could be traced for prosecution and law enforcement
purposes. In February 2003, the UK government proposed amending the denition of the purpose of the SIS as described in Article 92 CISA to allow for SIS II
to be shaped into a robust system that, rstly, assists national authorities in the
ght against transnational organised crime, secondly, facilitates ecient border
controls and, thirdly, provides a technologically advanced tool for the investigation
and rapid identication of suspect persons.76
Illustrative of the UKs view with regard to the utility of the SIS is also the
consideration of the UK delegation in a note of 2002 to the Schengen Acquis
Working Group in which it advocated access by UK immigration and visa
authorities to data in the SIS on stolen or lost passports.77 According to this note,
the priority for the UK would be to ensure that suspected criminals and terrorists
73
74
75
76
77

OJ L 131, 1.6.2000 and OJ L 64, 7.3.2002.

See Note of 29 October 2001, 13530/01 and Note of 6 February 2003, 6113/04.
Note on the development of SIS II, 7786/03 of 25 March 2003, p. 2.
6113/03, 6 February 2003.
13482/02, 24 October 2002.

90

Chapter 4

are identied and arrested before they have the opportunity to commit further
crimes in the EU. Our immigration service has extended experience, considerable
technical skill and state of the art forgery detection equipment which ensures
a high success rate in identifying forged passports and other travel documents.
It would therefore be a benet of all Schengen Members if UK immigration and
visa authorities as well as the police could access this data directly.
In 2005, the Legal Service of the Council submitted its advice to the Council
with regard to the request from the UK and Ireland to grant their asylum authorities access to SIS II data on third-country nationals to be refused entry.78 The
UK and Ireland justied this request with their participation in the Dublin II
Regulation. Based on the fact that these countries do not take part in the
Schengen acquis with regard to immigration and border control, the Legal Service
however concluded that their authorities could not have access to Article 96 data
or, with regard to SIS II, Article 15 data.79 The reason I refer to this advice is the
additional consideration of the Legal Service, according to which the provisions
of the Dublin II Regulation did not prevent the UK and Ireland from requesting
information and personal data from the other Member States on asylum seekers,
including the information and personal data those states acquired through their
right to access to the SIS II alerts on the refusal of entry. This explicit recommendation of the Legal Service to the authorities of UK and Ireland makes it
clear that, in practice, on a bilateral or cross-organisational basis ocials are able
to obtain all the information they are seeking, whether this is provided for in the
applicable rules or not.
5.4. Involvement of the European Parliament
The EP has been involved in the development of the SIS and SIS II at dierent
times. Between 2001 and 2006, Carlos Coelho, Member of the European
Parliament (MEP) was, with few exceptions, the regular rapporteur with regard
to issues of the SIS and SIS II.
In principle, the EP had only a co-decisive role in the Regulation on SIS II and,
with regard to the SIS II Decision and other third pillar measures changing the
use and architecture of SIS II, it should merely have been consulted. In practice,
however, based on an agreement with the Council and the Commission, the EP
was allowed to consider the SIS II Regulation and Decision as a package deal.

78

79

15058/05, 12 December 2005. This advice is only partially accessible via http://register.consilium
.europa.eu (in fact, the whole content of the legal advice has been deleted). The author has a
Dutch version.
Decisions 2000/365 and 2002/192.

New Functionalities for SIS and the Development of SIS II

91

In the report of 2001 on crossing external borders and the development of

Schengen cooperation, rapporteur Carlos Coelho dealt for the rst time with the
SIS, its deciencies and the need to improve the applicable rules on data protection and transparency.80 In this report, Coelho criticised the lack of uniform
criteria for entering data on third-country nationals, arguing that this lack of
clear criteria, in particular in relation to unwanted aliens would give the
Member States too much freedom of interpretation. Furthermore, the MEP
noted that decisions on the entry of data into the system can be taken at a
relatively low level. Given the many shortcomings in relation to the protection
of data and the inadequate remedies available to persons whose data is in the SIS,
according to the MEP the current situation would fail to meet the level of protection required by the Charter of Fundamental Rights with potentially serious
consequences for citizens.
Based on the co-decision and consultation procedures respectively, the EP
adopted a legislative resolution on the Belgian-Spanish proposal for the Decision
and Regulation for the development of the SIS II as referred in section 5.2 above.
In this report, adopted during its plenary session of 23 October 2001, the EP
demanded an extended role for the Joint Supervisory Authority during further
negotiations on SIS II.81
Consulted by the Council according to the procedure given in Article 39 (1)
TEU, the EP adopted a legislative resolution on the Spanish proposals for the
Regulation and Decision on new functionalities of SIS on 17 December 2002.82
This resolution, which was adopted by a majority of 377 votes to 89, included
amendments for a higher data protection level. In a new recital (3a), the EP added
the general condition that the introduction of certain new functions into the
current version of the SIS shall not reduce the safeguards on accuracy, the use or
the level of protection on personal data. Further, the resolution included additional conditions with regard to access by Europol and Eurojust to the SIS and
with regard to the further use of the SIS data by those institutions. In its legislative
resolution, the EP also held that extended access to stolen ID documents would
risk increasing the existing problems of citizens whose identity and documents are
being misused. It is worth noting the minority opinion of two MEPs, Maurizio
Turco and Marco Cappato, attached to the EP resolution on SIS II. Although
they found the amendments of the EP resolution an improvement over the
current text, they nevertheless proposed to reject the Spanish proposal as a whole.
80
81

82

Report of 21 June 2001, A5-0233/2001 adopted on 20 September 2001,OJ C77 28.3.02.

Here, the rapporteur was Christian von Boetticher, A5 -0333/2001, 11 October 2001. OJ C 11
2E/32, 9.5.2002.
Report by Carlos Coehlo, A5-0436/2002, 4 December 2002.

92

Chapter 4

According to them, the denitions of new functions for the Schengen Information
System and ght against terrorism were used as pretext both for extending
access to the SIS (and its successor SIS II) by Europol, Eurojust and the authorities dealing with residence permits, and for eroding citizens guarantees regarding
the processing of their personal data and the exchange of such data with third
countries. The Council should be called upon to make the SIS more reliable by
harmonising and improving the quality of the data reported at national level
by the SIRENE oces. According to this minority report, data currently reported
by SIRENE are often incorrect or inaccurate and reported on the basis of dierent
national legal systems, a practice which jeopardised the rights of both European
and third-country citizens. Furthermore, the two MEPs underlined in their
minority report the need to provide binding guarantees regarding the processing
of personal data under the third pillar.
On 20 November 2003, the EP adopted a recommendation on SIS II.83
In general, the (plenary) EP agreed upon the need to extend the use of SIS II and
even its inter-operability with other databases such as VIS and Eurodac, and the
inclusion of biometric data (see Chapter 5). However, it did criticise the so-called
salami tactic or piecemeal approach of the Council with regard to current decisionmaking on the SIS, since this would hamper a general understanding of the real
implications of the decisions taken. Rapporteur Coelho referred to the dierent
ideas pursued in dierent forums and with a dierent legal status. He emphasised the need to distinguish the technical development of SIS II as such, the
Spanish initiatives concerning the introduction of some new functions for the
SIS (including those in the ght against terrorism), the occasional legislative
proposal emerging from the political discussions and closely-related questions
such as the procedure to amend the SIRENE manual or the practical implementation of the European Arrest Warrant through the SIS.84 Coelho described this
approach as very opaque, dicult to follow even by experts and completely
incomprehensible for normal people. The rapporteur further held that it is not
very democratic since formal legislative proposals only see the light of the day
after years of discussion in various Council working groups and only when a
consensus among Member States is reached. Furthermore, his recommendation
also supported the proposal, as mentioned above, to adopt binding rules on data
processing under the third pillar. In an eort to involve a wider audience in the
development and decision-making regarding SIS II, the LIBE Committee of the
EP organised a meeting on SIS II on 6 October 2003.
83
84

A5-0398/2003, 7.11.2003, OJ 87, 7.4.2004.

In its report on the second-generation SIS, A5-0398/2003, 7 November 2003, p. 12.

New Functionalities for SIS and the Development of SIS II

93

The negotiations on the nal outcome of the decision establishing the

Regulation and Decision on SIS II was taken at the so-called tripartite meetings
between the Council, the Commission and the EP.85 At these meetings, which
take place behind closed doors, the representatives of the three institutions try to
reach a compromise which will be acceptable to all parties involved. As this is
generally drafted with great diculty, the compromise text will not easily be
rejected when it reaches the plenary session of the EP. In general, this legislation
process cannot be considered very transparent. On the other hand, these informal
trialogues with the Commission and Council, enable the rapporteur of the
European Parliament to negotiate and to reach agreement on some amendments
improving, for example, the data protection rights of the data subjects.86

6. Final Texts of the Regulation and Decision on SIS II

6.1. Purpose
In December 2006, the Council adopted the nal text of Regulation (EC) 1987/
2006 on the establishment, operation and use of the second generation Schengen
Information System (SIS II).87 According to Article 1 (2) of the Regulation, the
purpose of SIS II is to ensure a high level of security within the area of freedom,
security and justice of the European Union, including the maintenance of public
security and public policy and the safeguarding of security in the territories of the
Member States and to apply the provisions of Title IV of the EC Treaty relating
to the movement of persons in their territories, using information communicated
via this system. The new denition of the purposes of SIS II is almost the same as
the denition used in Article 93 CISA for SIS I, except that the new Regulation
refers explicitly to the goal of ensuring a high level of security. The addition of
this latter goal illustrates the new emphasis on security in EU policy with regard
to the use of databases such as SIS II. Compared to the former rule in Article 93
on the use of SIS I, the new provision is also not very precise. The denition of the
purpose of SIS II leaves the Member States a wide margin for interpretation.
85

86

87

European Parliament legislative resolution on the proposal for a Council decision and Regulation
on the establishment, operation and use of the second generation Schengen information system
(SIS II), adopted on 25 October 2006. Based on the reports of EP rapporteur Coelho,
A6-0353/2006 and A6-0355 of 13 October 2006.
For example, with regard to the limitation of the conservation periods of alerts in the SIS, the
lifting of the territorial limitation in the right to legal remedies, and the refusal to allow internal
security agencies access to SIS II, see further below.
OJ L 381/4, 28.12.2006.

94

Chapter 4

6.2. Criteria for Third-Country Nationals to be Stored in SIS II

6.2.1. Commission Proposal Trying to Harmonise National Criteria
The adoption of the Regulation on SIS II would have been a good opportunity
to provide for harmonised criteria for the registration of third-country nationals
to be refused entry. The need to provide for more standardised criteria has been
advocated both by the European Commission and by the Joint Supervisory
Authority of SIS, the data protection authority responsible for controlling CSIS;
see further Chapter 8.88 The draft Regulation of the European Commission of
May 2005 (see the texts at the end of this chapter), provided for a further harmonisation of the grounds for issuing alerts to third-country nationals to be
refused entry. For example, with regard to the penalties for which a person was
sentenced and for which he or she could be recorded in the SIS, the Commission
proposal referred to the oences listed in the Council Framework Decision
2002/584 on the European Arrest Warrant. With regard to third-country
nationals subjected to a re-entry ban, the Commission proposal referred to the
(proposed) Directive on return. The EU Member States were unable (or unwilling)
to reach agreement on the proposal from the Commission and, in a text forwarded by the Austrian Presidency in January 2006, Article 15 was more or less
redrafted in the same wording as Article 96 CISA.89 In addition, other provisions of the Commission proposals were also changed in accordance with the
original CISA rules. According to the Austrian Presidency, the opposition to the
Commissions approach for more harmonisation was based on the concern of
the various governments that the drastic departure from the provisions of the
existing Schengen Acquis might needlessly jeopardise the smooth transition
from the rst generation SIS to the second generation and would also mean a
degradation of the eectiveness of the system compared to the existing SIS.90
It is however also reasonable to believe that Member States were reluctant to
amend their national rules with regard to the criteria on listing third-country
nationals as inadmissible persons.
6.2.2. Final Criteria: The Individual Assessment and Proportionality Clause
Article 24 of the Regulation on SIS II includes the criteria on the conditions for
issuing alerts on refusal of entry or stay This provision includes in general the
same categories as provided for in Article 96 CISA. Like the latter provision,
Article 24 (1) stipulates that data on third-country nationals shall be reported
88

89

90

Recital 10 of the draft Regulation, COM (2005) 236, 31 May 2005 and the Opinion of the JSA
on the proposed legal basis for SIS II, 27 September 2005, p. 22.
See the Discussion note 8537/06, 20 April 2006, p. 5 and the Austrian proposal 5709/06,
27 January 2006.
Note of the Austrian Presidency, 5596/06 27 January 2006.

New Functionalities for SIS and the Development of SIS II

95

into SIS II on the basis of a national alert resulting from a decision taken by the
competent administrative authorities or courts in accordance with the rules of
procedures laid down by national law.
What is new compared to Article 96 CISA is the provision in Article 24 (1),
according to which a national decision to issue an alert should be taken on the
basis of an individual assessment.91 In a draft of the Regulation regarding SIS II
of June 2006, this new condition was provided in a separate sentence: The decision may only be taken on the basis of an individual assessment. The nal text
of Article 24 states that a SIS II alert shall be based on a national alert resulting
from a decision taken by the competent administrative authorities or courts in
accordance with the rules of procedure laid down by national law taken on the
basis of an individual assessment. Even if the formulation of the nal text of
Article 24 is less clear, this does not mean that the new requirement of an individual assessment for each national decision on which an alert can be issued is
any less imperative. This new provision makes it clear that national authorities cannot report third-country nationals automatically on the basis of another decision
which is taken with regard to this person , for example an expulsion decision. For
each individual case, the national authorities will have to consider whether the
national criteria and the criteria of the Regulation are met and whether the
reasons at stake merit registration in SIS II.
This individual assessment requirement should be read together with the
so-called proportionality clause in Article 21 of the SIS II Regulation (and SIS II
Decision). This provision goes further than the clause which was included in
Article 94 (1) CISA. As we have seen above, according to this latter provision
Member States issuing an alert should determine in advance whether the case is
important enough to warrant the entry of the alert in the SIS. The new Article 21
provides: Before issuing an alert, Member States shall determine whether the
case is adequate, relevant and important enough to warrant entry of the alert in
SIS II. With the addition of the criteria of adequacy and relevance, the new
provision makes it clear that the importance of the case or matter for which a
person is to be reported is not enough. There should be a direct relationship
between the reason for which a person is to be reported in SIS II and the added
value or eect the registration will have for the reporting national authorities.
Both rules the individual assessment requirement and the proportionality
clause are important limitations on the power of national administrations to
enter information on third-country nationals (or other persons, when dealing
with the Decision on SIS II) into SIS II.
As in Article 96 CISA, Article 24 (2) of the Regulation includes two main
categories of reasons for which an alert as understood in this provision can be
91

5709/6/06, June 2006.

96

Chapter 4

registered in SIS II. Firstly, alerts may be reported in SIS II when the decision is
based on a threat to public policy or public security or to national security, which
the third-county national on national territory may pose. This situation shall
arise in particular (italics mine) in cases of:
a. a third-country national who has been convicted of an oence by a Member
State, carrying a penalty involving imprisonment of at least one year;
b. a third-country national in respect of whom there are serious grounds for
believing that he has committed a serious criminal oence or in respect of
whom there are clear indications of an intention to commit such oences on
the territory of a contracting party.
Where Article 96 (2) (b) requires that a decision to report a person in the SIS
should be based on a clear evidence, Article 24 (2) (b) of the SIS II Regulation
only refers to clear indications of an intention to commit such oences. This
means that under the new provision, the clear indication of such intention is
considered sucient for registration in SIS II. What exactly will fall under clear
indications is not further specied. As in the former Article 96 CISA, the criteria
as mentioned above are not limitative. Therefore, third-country nationals may also
be registered in SIS II for other reasons based on public order or security grounds.
Secondly, an alert can be registered in SIS II when the decision referred to in
the rst paragraph of Article 24 was based on the fact that the third-country
national was subject to measures involving expulsion, refusal of entry or removal
which have not been rescinded or suspended, including or accompanied by a ban
on entry or, where applicable, a ban on residence based on a failure to comply
with national regulations concerning the entry or residence of third-country
nationals. These criteria are the same as provided for in Article 96 (3) CISA
except that, with regard to this category as well, the new criterion mentioned
above applies, stating that national decisions to issue an alert may only be taken
on the basis of an individual assessment.
To compensate for the lack of harmonised criteria in the current provision of
Article 24 of the SIS II Regulation, the Commission and the EP insisted upon
the inclusion of a sunset clause in Article 24 (5). This requires the Commission
to evaluate the application of this provision, three years after the date of its
application. On the basis of that review, the Commission shall, using its right of
initiative under the EC Treaty, make the necessary proposals to modify the provisions of this Article to achieve a greater level of harmonisation of the criteria for
entering alerts.
6.2.3. SIS II and Terrorist Lists
The Regulation on SIS II provides for a new category of third-country nationals
to be refused entry or stay. Article 26 provides that a third-country national may

New Functionalities for SIS and the Development of SIS II

97

be registered in SIS II if he or she is the object of a restrictive measure intended

to prevent entry into or transit through the territory of Member States, including
those implementing a travel ban issued by the Security Council of the United
Nations. This new category, which was also included in the Commission proposal, refers to persons listed on the EU terrorist lists based on decisions by the
Sanctions Committee of the Security Council of the United Nations. Importantly,
Article 26 includes an exception to the general rule of Article 23, that an alert
cannot be reported without the information on the name and sex of the person,
a reference to the decision giving rise to the alert and the action to be taken. It is
unclear how persons listed on the EU or UN terrorist list can be registered in SIS
II without their names or reference to the action to be taken, unless it is the
intention of Member States to enter these persons in SIS II solely on the basis of
the use of their biometric data, such as ngerprints.
6.3. EU Citizens and Privileged Third-Country Nationals
Unlike the CISA provisions, the new Regulation provides for explicit rules with
regard to the registration of third-country nationals who are beneciaries of EU
law or who have obtained EU citizenship.
In the rst place, Article 3 (d) of the SIS II Regulation provides a narrow denition of third-country nationals. According to this denition a third-country
national is an individual who is neither a citizen of the European Union within
the meaning of Article 17(1) of the Treaty, nor a national of a third country who,
under agreements between the Community and its Member States on the one
hand, and these countries, on the other, enjoys rights of free movement equivalent
to those of citizens of the European Union.
Furthermore, according to the new Article 25, an alert concerning a thirdcountry national who is a beneciary of the Community right of free movement
within the meaning of Directive 2004/38 shall be grounded in conformity with
rules adopted in implementing the Directive.92 A new paragraph 2 has been
added to Article 25 providing that, in cases of a hit or alert concerning a beneciary of freedom of movement, the Member State concerned will immediately
consult the issuing Member State. This consultation is to take place by means of
its national SIRENE oce, in accordance with the provisions of the SIRENE
Manual in order to decide without delay on the action to be taken.
The nal text of the Regulation further includes the obligation for Member
States to erase alerts on persons as soon as the Member State issuing the alert
becomes aware that the person has acquired EU citizenship (Article 30). However,
92

Directive 2004/38 provides rules on the freedom of movement of EU citizens and their family
members (dealt with in Chapter 9).

98

Chapter 4

the nal text no longer includes the obligation, as proposed by the Commission,
also to erase the data on third-country nationals who become family members of
EU citizens. The registration of this category of persons may lead to situations
which are in breach with the Directive 2004/38. This has been claried by the
ECJ in 2006 in the case Commission v. Spain.93 In this judgment, the ECJ ruled
that the refusal of entry or a visa to a third-country national who is a family
member of an EU citizen infringes upon the rights of these persons under EC
law when this measure is solely based on the listing in the SIS.
6.4. Inclusion of Biometrics in SIS II as an Identication Tool
As far back as October 2000, the SIS Working Group discussed the possibility of
adding DNA proles and/or ngerprints to the reports held in SIS II.94 During
the Econ Council of 20 June 2002, it was agreed that identication material,
notably photographs and ngerprints, could in principle be incorporated into
alerts on persons, but that a technical feasibility study would be awaited.95
Whether on the basis of the outcome of this (unpublished) study or not, the
JHA Council nally decided at its meeting of 56 June 2003 that SIS II should
allow for the storage, transfer and possible querying of biometric data, especially
photographs and ngerprints.96
Initially, in a note of July 2004, the Dutch Presidency conrmed that biometric
identiers would only be used for verication purposes.97 This note dealt specically with the question of whether the SIS II would become a tool for investigative
purposes, acknowledging that, so far, this subject (the purposes of SIS) had only
been dealt with using a piecemeal approach. The European Data Protection
Supervisor and the Article 29 Working Party, an independent EU advisory body
on data protection and privacy, criticised the use of biometric identiers because
technological reliability would not allow for secure and reliable identication.98
Despite these critical observations by both data protection authorities and IT

93
94
95

96
97
98

31 January 2006, C-503/03. See, further on this judgment, Chapter 9, section 2.3.2.
12400/00.
9773/02, see p. 4, the conclusions of which were adopted by the Econ Council, 10089/02
(Presse 181).
9845/03 (Presse 150).
11055/04.
Opinion of the European Data Protection Supervisor on VIS, Brussels, 23 March 2005 (also
referred to in Chapter 7) and Opinion 6/2005 on the Regulation and Decision on SIS II of the
Article 29 Data Protection Working Party Data, 25 November 2005. See also the earlier opinions of this Working Party with regard to the use and storage of biometric data available at:
http://ec.europa.eu/justice_home/fsj/privacy/workinggroup/index_en.htm.

New Functionalities for SIS and the Development of SIS II

99

experts, it became clear during the negotiations that the majority of Member
States favoured the use of biometrics as a primary search tool.99
Initially, Article 22 (b) of the SIS II Regulation only allows for the use of photographs and ngerprints to conrm the identity of a third-country national who
has been located as a result of an alphanumeric search of SIS II. Article 22 (c) of
the Regulation does however include the option that, in future, as soon as this
becomes technically possible ngerprints may be used as sole identier.100 SIS II
will then be searchable solely on the basis of ngerprints without the need for
further information, such as rst name or surname. Apparently, under pressure
from the EP, the nal text includes the condition that before this option is
implemented, the Commission has to report to the Council and the EP on the
availability and readiness of the required technology.
During the negotiations on the development of SIS II, some Member States
decided to start exchanging ngerprints and photographs, as supplementary
information to the SIS information. For the exchange of these photographs and
ngerprints, the law enforcement authorities in the SIRENE oces use the socalled SIRPIT method (SIRene PIcture Transfer). Participation in the project is
voluntary and in 2006 it was only used by a limited group of Member States.
In June 2006, the Council for Justice and Home Aairs agreed upon a recommendation to extend the use of this method to other Member States as well.101
6.5. Authorities Allowed Access to SIS II
According to the original proposal by the Commission of May 2005, information on third-country nationals stored in the SIS would only be accessible to the
authorities responsible for border controls and to authorities issuing visas. The
nal text of the Regulation on SIS II more or less follows the former provision
included in Article 101 CISA.
Article 27 (1) of the SIS II Regulation states that access to data entered in SIS II
and the right to search such data directly or in a copy of SIS II data:
shall be reserved exclusively (italics mine) for the authorities responsible for the
identication of third-country nationals for the purposes of:

99
100

101

8537/06, 20 April 2006.

Article 22 (c) reads, as soon as this becomes technically possible, ngerprints may also be used
to identify a third-country national on the basis of his biometric identier. Before this functionality is implemented in SIS II, the Commission shall present a report on the availability
and readiness of the required technology, on which the European Parliament shall be
consulted.
Based on an Italian proposal of 28 March 2006, the Council agreed on this point at its meeting
of 10 June 2006, 9696/1/06.

100

Chapter 4

a. border control in accordance with the Schengen Borders Code102 and:

b. other police and customs checks carried out within the Member State concerned,
and the coordination of such checks by designated authorities.103

In addition, Article 27 (2) provides for access to SIS II by national judicial

authorities, including those responsible for the initiation of public prosecutions in
criminal proceedings and judicial inquiries prior to charge, in the performance of
their tasks, as provided for in national legislation, and by their coordinating
authorities. As we have seen above, access by the judicial authorities was already
made possible by virtue of Article 101 (1) CISA as amended by the Regulation
871/2004. The reference in Article 27 (2) to coordinating authorities is however
new and was added shortly before nal adoption of the text. It is a vague concept
and leaves unclear which authorities exactly will fall within this description.
Finally, Article 27 (3) provides that authorities issuing visas and central authorities examining visa applications shall have access to the data entered in SIS II as
well as the right to search these data directly. The same provision includes the
right to access and to direct search by authorities responsible for issuing residence permits and for the administration of legislation relating to third-country
nationals in the context of the application of the Community acquis relating to
the movement of persons. This provision was already included in Article 101 (2)
CISA. Furthermore, Article 28 of the SIS II Regulation repeats the general principle of Article 101 (3) CISA and states that users may only access data which
they require for the performance of their tasks.
As mentioned above, the German government proposed amending Article 37
of the SIS II Decision, in order to give national intelligence services access to
alerts held in the SIS II, including data on third-country nationals based on
Article 24 of the Regulation.104 This proposal was rejected by the European
Parliament. The nal text of the SIS II Decision does not allow intelligence services to have access to SIS II. However, as we have seen above, Article 27 (1) (b) of
the SIS II Regulation, even if the texts is not clear, implies access to designated
authorities for the purpose of coordination of police and customs checks. We will
see in Chapter 5 that in 2005 the Council agreed that internal security agencies
would be allowed access to the Visa Information System or VIS.105 In June 2007,

102

103

104
105

Community Code on the rules governing the movement of persons across borders, OJ L 105,
13.4.2006.
5709/6/06. See also the draft of the Austrian Presidency of January 2006 which, for the rst
time, included this extended use of data on third-country nationals, 5709/06, 27 January 2006.
12260/06, 21 August 2006.
Conclusions of the Council, 6811/05. See below, Chapter 5, section 3.2.

New Functionalities for SIS and the Development of SIS II

101

the Council formally adopted the decision granting designated authorities of

the Member States access to VIS. Internal security agencies was now replaced
by this more vague designated authorities. In the light of these developments,
and the proposed interoperability between SIS and VIS, it seems unlikely that
the information held in SIS II will remain inaccessible to national security and
intelligence agencies.106
Article 39 of the SIS II Regulation explicitly prohibits the transfer of data
processed in SIS II, according to this Regulation, to third parties or to international organisations. This provision was included following the proposal by the
European Parliament.
Finally, In Article 18 (2) of its proposal, the Commission proposed granting
asylum authorities access to the data on third-country nationals in SIS II for the
implementation of the Dublin II Regulation. This option was deleted from the
later proposals. This decision could be based on the fact that the Regulation on
the EU Visa Information System (VIS), see Chapter 7, already provides for access
by asylum authorities and thus oers those authorities information on which
Member State issued a visa to the person concerned, in order to enable them to
establish which state is responsible for the asylum application.
6.6. Interlinking of Alerts
As we have seen above, the possibility of interlinking dierent alerts within
SIS II has long been on the agenda. In practice, this new option included in the
SIS II Regulation and Decision will signicantly amend the original function
and purpose of SIS. This includes the possibility for the authorities, when reporting a person in SIS II on the basis of the dened categories of reasons, to enter an
additional link to data on other persons as well. Interesting examples of such
cases in which information in the SIS II may be linked to information on other
persons or even objects were described in a note from the Dutch Presidency
dated 30 November 2004.107 This note listed which alerts (including registrations
on persons wanted for secret surveillance, missing children or stolen identity
documents) can be linked to other categories of data. With regard to the registrations based on Article 96 CISA, the note gave the following examples (between
brackets are the former provisions of CISA):
1. EU national oender + convicted companion to be refused entry (9596);
2. family members (9696);
3. parent to be refused entry + a missing child (9697);

106
107

Press release JHA Council, 1213 June 2007, 10267/07 (Presse 125), p. 15.
12573/2/04, 12 November 2004.

102

Chapter 4

4. persons to be refused entry + a witness in an illegal immigration case (9698);

5. husband is convicted criminal to be refused entry + wife is suspected terrorist
(9699);
6. person to be refused entry + suspects in illegal immigration case (9699);
7. person to be refused entry using own car/boat/aircraft (9699);
8. person to be refused entry using stolen identity document (96100).
The text as nally included in Article 37 of the SIS II Regulation includes a general
power for a Member State to create a link between alerts it enters in SIS II. This
provision does not require national authorities to forward any reason why they
create an alert between two or more alerts but, according to Article 37 (4), the link
may only be created when there is a clear operational need. Furthermore,
according to Article 37 (3), authorities with no right to access to certain categories of alert shall not be able to see the link to an alert to which they do not have
access. This means that national authorities having access to SIS II will only gain
access to the linked data if they are authorised to have access to the categories of
data involved.
If another Member State considers that the creation of a link between alerts is
incompatible with its national law or international obligations, Article 37 (6)
stipulates that it may take the necessary measures to ensure that there can be no
access to the link from its national territory or by the authorities located outside
its territory. It is unclear how this provision should be implemented in practice.
6.7. Change of Architecture
The structure of the current SIS includes a network between the central SIS
(C-SIS) in Strasbourg and the national SIS (N-SIS) in each Schengen State
(Article 4 (1) of the SIS II Regulation). In this structure, the C-SIS contains
exactly the same data as every national SIS database. Based on the SIS II
Regulation and Decision, SIS II will maintain more or less this same structure.
It will include a central system (the Central SIS II), consisting of a technical support system (referred to as CS-SIS) and uniform national interfaces (NI-SIS) on
the one hand, and national sections (N.SIS II) on the other hand.108 The dierence compared to the current SIS will be that the SIS alerts forwarded by the
Member States are inserted in the CS-SIS via the national interfaces. These
national interfaces will not hold the SIS data, but Member States may choose to
maintain, as part of the N.SIS II, a national copy of the SIS database for their
own account and at their own risk. These national copies include a complete or

108

See also the Commission Sta Working Paper of February 2003, COM SEC (2003) 206
attached to 6615/03, 28.2.2002.

New Functionalities for SIS and the Development of SIS II

103

partial copy of the data held in the reference database of CS-SIS. A communication infrastructure exists between CS-SIS and NI-SIS which allows, among
other things, for information exchange between the national SIRENE oces.
The new structure means that the original choice of a central SIS with exact
copies at national level has been abandoned. However, as previously mentioned,
Member States may choose to maintain national copies of SIS for their own
account. The information stored in SIS II will be searchable either through the
uniform national interfaces in each Member State, or using the so-called
national copies. Whether this change will improve accessibility and the exchange
of information through SIS II in practice is unclear.
The location of the Central SIS II remains in Strasbourg, France. For security
reasons, a back-up CS-SIS is provided in Sankt Johann im Pongau, Austria
(Article 4 (3) of the SIS II Regulation).
6.8. Establishment of the Management Authority
In the original proposal by the Commission (COM (2005) 236) it was envisaged
that the Commission itself would be responsible for the operational management
of the SIS II. Since the negotiating Member States feared that this would give the
Commission too much power to control the management of SIS II, the Council
proposed the establishment of a so-called Management Authority. The proposal
to establish this Management Authority was rst mentioned in May 2006 in the
Austrian Presidency note on the issue of the long-term management of SIS II.109
Article 15 of the SIS II Regulation provides for the creation of this Management
Authority. This Authority also will have responsibility for the EU data systems
VIS and Eurodac (see Chapter 5). This Management Authority will be responsible for the operational management of the Central SIS II, for the supervision,
security and the coordination of relations between Member States and the
provider. The Commission remains responsible for all other tasks relating to the
Communication Infrastructure including the implementation of budgetary and
contractual matters. The SIS II Regulation does not include further rules on the
composition of the Management Authority or how it will be appointed. In a joint
declaration annexed to the Regulation, the EP, the Council and the Commission
agreed upon the swift adoption of the legislation necessary for the establishment
of this Authority.
6.9. Evaluation and Publication of Statistics on SIS II
According to Article 50 (3) of the Regulation on SIS II, the Management
Authority is to publish statistics each year showing the number of records per
109

9169/06, 15 May 2006.

104

Chapter 4

category of alert, the number of hits per category of alert and how many times
SIS II was accessed. Two years after the start of SIS II, the Management Authority
will have to submit a report on the technical functioning of the Central SIS II
and on the bilateral and multilateral exchange of supplementary information
between the Member States (Article 50 (4)). Three years after SIS II becomes
operational and every four years thereafter, the Management Authority is to produce an overall evaluation of Central SIS II and the bilateral and multilateral
exchange of information between Member States.
The duty to provide statistics on the use of SIS II is an important tool in
assessing the added value of SIS II. However, according to the current text, neither the statistics from the Management Authority nor the evaluation by the
Commission will include information on the authorities which gained access
to SIS II, the nationalities of the persons stored in SIS II or the decisions or
measures based on which a national alert was registered in SIS II.
I will describe the provisions concerning the rights of third-country nationals
and the legal remedies in Chapter 7, section 8.4 and 8.5. For now, it is relevant
to note that according to Article 43 (3) of the Regulation on SIS II, it is stipulated that the Commission must evaluate the rules on remedies as provided in
this Article by 17 January 2009.

7. Comparing SIS I and SIS II

7.1. Changing the Purpose of SIS
Initially, the European Commission displayed some caution with regard to
changing the original structure and purpose of SIS. In the Communication on the
Development of SIS II of December 2001, the Commission emphasised that the
current SIS (SIS I) is a reporting system, referring to the fact that SIS provides
only clearly dened and relatively simple information on a hit/no hit basis.110
In the view of the Commission, the proposals then under discussion would alter
the purpose of SIS, transforming it from a reporting system to a reporting and
investigating system. The Commission warned against the duplication of other
information systems in the European context, whether existing or planned
systems. Dealing with the appropriate legal basis for SIS, the Commission stressed
that SIS is not an end in itself, but is meant to support the implementation of the
measures and forms of cooperation referred to in the CISA. Just two years later,
in 2003, the Commission presented a much broader view of SIS in its Sta

110

COM (2001) 720, 18.12.2001.

New Functionalities for SIS and the Development of SIS II

105

Working Paper on SIS II.111 According to this paper, the SIS should be developed
into an information system which would have to be a new, exible system based
on new technology, which would not only enable the further integration of new
users and functions but also, in the light of events such as those of 11 September,
would not require too long implementation time frames in the future.
During the discussions on new functionalities for SIS, the Member States
seemed less concerned with the benets of a restricted function of the SIS and
proposed not only new categories of data to be registered but also new users.
These proposals were often initiated on the basis of current developments or
demands from national authorities. Initially, Member States were slow to reach
agreement on these proposals because this would require time-consuming
amendments to the CISA. After 11 September 2001, the decision-making process was speeded up because the new proposals on extending the use of the SIS
were deemed necessary to combat terrorism and to detect possible terrorists at an
early stage. The changed attitude of the Member States towards the new functions of the SIS and SIS II were of course also inuenced by the progress which
had been made in the use of technology, allowing for the storage of increasingly
detailed information. The multiple use of SIS is especially invoked by increasing
the range of authorities with the right to access SIS information, including
Europol, Interpol, national vehicle registration authorities and Eurojust. Despite
the numerous proposals which have been made by national delegations, compared to the current SIS, the categories of data to be registered in SIS II remained
almost unchanged. The most important changes in this regard are the addition of
information on the person or object registered in SIS II, including information
on other alerts in SIS II and, with regard to persons in SIS II, the inclusion of
photographs and ngerprints.
In Chapter 3 we saw that the general goal of the current SIS, described in
Article 93, is to maintain public order and safety, including State security, and to
implement the provisions of this Convention concerning the movement of persons in the territory of the Member States concerned by means of information
transmitted via this system. During the discussions on the new functionalities of
the SIS, Member States referred to this broad purpose to justify the extension of
the use and storage of information in the SIS. However, this denition of the
purpose of SIS I must be read in combination with the purposes for which
each category of objects or persons are registered in the SIS, as described in
Articles 95100 CISA. This structure of SIS I provides for restricted categories of

111

See the Commission Sta Working Paper on the development of the second generation Schengen
Information System, 2002 Progress Report, 18.2.2003, SEC (2003) 206, which is attached to
the Council document 6615/03, 28 February 2003.

106

Chapter 4

persons and objects stored in SIS; this information is, in principle, only accessible to limited categories of users. This explicit restriction of the scope of SIS I
was based, among other things, on the need to keep the information system
accurate and workable.
With regard to SIS II, the close relationship between the general purpose of
SIS II and the purposes as dened for each category of alerts, seems to have
been abandoned. The rules on the dierent categories of data as provided for in
the Regulation and the Decision on SIS II do not explicitly require the registration of these data to be for the sole use or purpose as dened in that provision.
This broadening of the future use of data recorded in SIS II is also implied by
the possibility of linking dierent categories of SIS II alerts. As we have seen
above, this allows national authorities to check whether an alert on a person or
object registered in SIS II is somehow related to another person or object in SIS
II, registered for another purpose. This power to create links between dierent
categories of data held in SIS II will undoubtedly increase the investigative use
of the SIS.112
The combination of the possibility of creating links, the (future) use of biometric data as sole identier and the access granted to other authorities such as
Europol, as well as national law enforcement authorities, has actually changed the
original function of SIS. From a hit/no hit database, SIS II has been transformed
into a general search or intelligence tool.
7.2. Changes with Regard to the Storage and Use of Data
on Third-Country Nationals
Aside from the general changes to the functioning of SIS II, an important change
with regard to SIS II alerts on third-country nationals is the increase in the range of
authorities with access to these data. Article 96 alerts in SIS I were only accessible to
national authorities responsible for border, immigration or visa control. Compared
to the extended discussions which took place regarding the decision to grant access
to Europol, Eurojust and other authorities to SIS in general, the amendments with
regard to the alerts on third-country nationals received little attention. Article 27 of
the Regulation 1987/2006 allows police and customs authorities nd national
judicial authorities to have access to data on third-country nationals in SIS II.
The access for judicial authorities was already provided for in Regulation 871/2004
extending the use of SIS I. The information stored in the SIS II may be used for
checks within the country and, for judicial authorities, during their research for the
initiation of public prosecutions in criminal proceedings.

112

See also Hayes (2005).

New Functionalities for SIS and the Development of SIS II

107

The text of the SIS II Regulation also seems to imply access for national
security agencies. Article 27 (1) (b) grants access to authorities responsible for
the identication of third-country nationals for the purpose of police and
customs checks, and the coordination of such checks by designated authorities.
As mentioned above, during the negotiations on VIS and its use by internal security agencies, in the nal decision the denition internal security agencies has
been replaced by designated authorities. Although this text of Article 27 has
been approved by the European Parliament, this extension of the use of data on
third-country nationals would run counter to the explicit refusal of the European
Parliament to grant national intelligence services access to SIS II.
What is also new is the provision in the SIS II Regulation according to which
a third-county national listed on a UN terrorist list based on Member States
notications may be registered in SIS II for the purpose of refusal of entry or
residence. Although, as we saw in Chapter 3, this already had been achieved in
practice with regard to SIS I on the basis of an informal agreement, the new
explicit provision may give rise to a more extended application of this option.
Considering the legal protection of third-country nationals, an important
improvement is the new requirement for national authorities to make an individual assessment before reporting a third-country national in SIS II. Together with
the proportionality clause in Article 21, these provisions, if applied correctly,
must be interpreted as an important limitation of the power of national authorities to list third-country nationals in SIS II for refusal of entry or residence.
There remains however a striking contradiction between the requirement of
individual assessment and the proportionality clause, on the one hand, and an
agreement by the Member States reached during the discussions on SIS II and
the ght against terrorism on the other hand. Based on this latter agreement,
national authorities were invited to enter data into SIS II systematically or, in
other words, to enter data as automatically as possible, requiring no additional
operation by the national authority concerned (see section 3.1. above). In Part
III we will see that this systematic approach with regard to the use of the SIS
and SIS II is also advocated by governments at the national level.

108

Chapter 4

Annex I to Chapter 4
Commission Proposal for a Regulation on SIS II, COM (2005) 236
Proposed Article 15 on the conditions for issuing alerts on refusal of entry or stay
of the:
1. Member States shall issue alerts in respect of third-country nationals for the purpose
of refusing entry into the territory of the member states on the basis of a decision
dening the period of refusal of entry taken by the competent administrative or
judicial authorities, in the following cases;
a. If the presence of the third-country national in the territory of a Member state
represents a serious threat to public policy or public security of any Member
state based on an individual assessment, in particular if;
i. The third-country national has been sentenced to a penalty involving deprivation of at least one year following a conviction of oence referred to in
Article 2 (2) of Council Framework decision 2002/584/JHA on the
European arrest warrant and the surrender procedures between member
states;
ii. The third-country national is the object of a restrictive measure intended to
prevent entry into or transit through the territory of member states, taken
in accordance with Article 15 of the EU Treaty.
b. If the third-country national is the subject of a re-entry ban in application of a
return decision or removal order taken in accordance with Directive 2005/XX/
EC [on Return].
Regulation 1987/2006 on the Establishment, Operation and Use of SIS II:
Article 21 Proportionality
Before issuing an alert, Member States shall determine whether the case is adequate,
relevant and important enough to warrant entry of the alert in SIS II.

Article 24 Conditions for issuing alerts on refusal of entry or stay

1. Data on third-country nationals in respect of whom an alert has been issued for
the purposes of refusing entry or stay shall be entered on the basis of a national
alert resulting from a decision taken by the competent administrative authorities
or courts in accordance with the rules of procedure laid down by national law
taken on the basis of an individual assessment. Appeals against these decisions
shall lie in accordance with national legislation.
2. An alert shall be entered where the decision referred to in paragraph 1 is based on
a threat to public policy or public security or to national security which the presence of the third-country national in question in the territory of a Member State
may pose. This situation shall arise in particular in the case of:

New Functionalities for SIS and the Development of SIS II

109

a. a third-country national who has been convicted in a Member State of an

oence carrying a penalty involving deprivation of liberty of at least one year;
b. a third-country national in respect of whom there are serious grounds for believing that he has committed a serious criminal oence or in respect of whom
there are clear indications of an intention to commit such an oence in the
territory of a Member State.
3. An alert may also be entered when the decision referred to in paragraph 1 is based
on the fact that the third-country national has been subject to a measure involving
expulsion, refusal of entry or removal which has not been rescinded or suspended,
that includes or is accompanied by a prohibition on entry or, where applicable, a
prohibition on residence, based on a failure to comply with national regulations
on the entry or residence of third-country nationals.
4. This Article shall not apply in respect of the persons referred to in Article 26.
5. The Commission shall review the application of this Article three years after the
date referred to in Article 55(2). On the basis of that review, the Commission
shall, using its right of initiative in accordance with the Treaty, make the necessary
proposals to modify the provisions of this Article to achieve a greater level of
harmonisation of the criteria for entering alerts.
Article 25 Conditions for entering alerts on third-country nationals who are
beneciaries of the right of free movement within the Community
1. An alert concerning a third-country national who is a beneciary of the right of
free movement within the Community, within the meaning of Directive 2004/38/
EC of the European Parliament and of the Council of 29 April 2004 on the right
of citizens of the Union and their family members to move and reside freely within
the territory of the Member States [18] shall be in conformity with the rules
adopted in implementation of that Directive.
2. Where there is a hit on an alert pursuant to Article 24 concerning a third-country
national who is a beneciary of the right of free movement within the Community,
the Member State executing the alert shall consult immediately the issuing Member
State, through its SIRENE Bureau and in accordance with the provisions of the
SIRENE Manual, in order to decide without delay on the action to be taken.
Article 26 Conditions for issuing alerts on third-country nationals subject to a restrictive measure taken in accordance with Article 15 of the Treaty on European Union
1. Without prejudice to Article 25, alerts relating to third-country nationals who are
the subject of a restrictive measure intended to prevent entry into or transit through
the territory of Member States, taken in accordance with Article 15 of the Treaty
on European Union, including measures implementing a travel ban issued by the
Security Council of the United Nations, shall, insofar as data-quality requirements are satised, be entered in SIS II for the purpose of refusing entry or stay.

110

Chapter 4

2. Article 23 shall not apply in respect of alerts entered on the basis of paragraph 1 of
this Article.
3. The Member State responsible for entering, updating and deleting these alerts on
behalf of all Member States shall be designated at the moment of the adoption of
the relevant measure taken in accordance with Article 15 of the Treaty on
European Union.

New Functionalities for SIS and the Development of SIS II

111

Annex II to Chapter 4
A. Adopted Law with regard to SIS I and SIS II
SIS I
13 June 2002

Council

OJ L190/1,
18.07.2002

29 April 2004

JHA Council

OJ L 162.
30.04.2004

25 February 2005

JHA Council

OJ L 68/44,
25.03.2005

SIS II
19 December 1996 Schengen
Executive
Committee
29 May 2000
Council

2829 May 2001

JHA Council

Framework decision
on the European Arrest
Warrant: authorising
judicial authorities to
issue alerts on persons
in SIS for the purpose
of surrender procedures.
Regulation 871/2004
and Decision concerning
the introduction of some
new functions for the
Schengen Information
System, including in the
ght against terrorism.
Council Decision
2005/211 concerning
the introduction of
some new functions for
the Schengen Information
System, including in the
ght against terrorism.

unpublished

Decision to develop SIS II.

Decision 2000/365
OJ L 131 1.6.2000

Decision concerning the

request of the UK to take
part in some of the
provisions of the
Schengen aqcuis.
Priority to develop
SIS II in 2006.

9118/01
(Presse 203)

112

Chapter 4

Annex II. (cont.)

A. Adopted Law with Regard to SIS I and SIS II
OJ L 328,
13.12.2001

6 December 2001

JHA Council

20 June 2002

Econ Council 10089/02

(Presse 181)

56 June 2003

JHA Council

9845/03
(Presse 150)

56 October 2006

JHA Council

13086/06
(Presse 258)

20 December 2006 Council

OJ L 381/4
28.12.2006

20 December 2006 Council

OJ L 381/1
28.12.2006

Regulation 2424/2001and
Decision 2001/886 on the
development of the
second generation
SIS (SIS II).
Agreement on
principle of entering
identication material,
notably photographs and
ngerprints into SIS.
Agreement on principle of
allowing access to data in
SIS on the basis of
incomplete data.
Final decision on SIS II
allowing for storage,
transfer and possible
querying of biometric
data, especially
photographs and
ngerprints.
Adoption of revised
implementation schedule
for SIS II, deciding that
SIS II should be
operational by June 2008.
Adoption of Regulation
1987/2006 on the
establishment, operation
and use of SIS II.
Adoption of Regulation
1986/2006 regarding
access to SIS II by the
services responsible for
issuing vehicle registration
certicates.

New Functionalities for SIS and the Development of SIS II

113

Annex II. (cont.)

B. Proposals on New Functionalities for SIS and SIS II
3 December 1998

European
Council

31 May 1999

SIS Working
Party
German
delegation

20 August 1999

13 July 2000

French
Presidency

Vienna Action
Plan Conclusion
43 (c)
8835/99
10629/99

10353/00 Note
on new
functionalities
SIS II

20 September 2000 German

delegation

11538/00

27 October 2000

SIS Working
Party
Portugal

12400/00

Sweden/
Belgium

OJ C 183/12
29.6.2001

24 February 2001

19 June 2001

6577/01

Examine Europol access

to SIS investigation data.
Access to SIS by vehicle
registration authorities.
Authorise Europol to
consult SIS and, in the
longer term, make Europol
responsible for performance
of CSIS tasks.
Interlinking of data,
extension of time limits
on storage of data,
inclusion of ngerprints
and photographs.
Access by Europol and
credit protection agencies.
Replace maximum time
limits for storage of data
in checking deadlines.
Give authorities issuing
residence permits to 3rdcountry nationals access
to stolen/lost documents.
Full recording of all SIS
searches to improve control
of unauthorised access.
Adding DNA proles and/
or ngerprints to SIS.
Inclusion of new category
of persons: those
prohibited from leaving
the Schengen area.
Proposal for Regulation
and Decision on the
development of SIS II.

114

Chapter 4

Annex II. (cont.)

B. Proposals on New Functionalities for SIS and SIS II
14 September 2001 German
delegation

11895/01

2001

Spain and Italy 6164/5/01

15 October 2001

Belgian
Presidency

12813/01

29 October 2001

UK

13530/01

Grant asylum authorities

access to Article 96 data,
to assess which country is
responsible for asylum
claim (only for transitional
period until Eurodac
becomes operational).
Possibility of carrying out
searches on the basis of
incomplete data.
Adding information on
issued visas to Article 96
data to make it possible to
check whether a 3rdcountry national whose
visa has expired has left
EU territory.
Amending Article 99,
enabling the storage of
information on
potentially dangerous
persons to be banned
from certain events,
including sports, cultural,
political or social events.
Link SIS II to national
facial/iris recognition
systems, AFIS and
Automated Number Plate
Recognition Systems.
Establishment of
restricted-access database
of terrorists.
Granting security and
intelligence agencies
access to Article 95, 96
(2), 98, 99 and 100 data
in SIS.

New Functionalities for SIS and the Development of SIS II

115

Annex II. (cont.)

B. Proposals on New Functionalities for SIS and SIS II
5 February 2002

Spanish
Presidency

5968/02

28 May 2002

Italy

9358/02

25 March 2003

UK

7786/03

56 June 2003

JHA Council

9845/03
(Presse 150)

11 December 2003 Commission

COM (2003) 771

Proposal to study including

data in SIS on violent
troublemakers in view of
mass events.
Registration in SIS of
persons included on UN
terrorist lists.
Split Article 96 data into
two categories: grant law
enforcement authorities
access to data on 3rdcountry nationals
registered on public order
& security grounds, and
immigration ocers
access to data-based
immigration or visa law
oences.
Launch feasibility study
on entering new
categories of data (minors
precluded from leaving
Schengen area, violent
troublemakers, other
vehicles, works of art,
animals, luxury items and
easily identiable objects)
and study which
biometrics other than
ngerprints and
photographs could be
stored in SIS.
Communication on the
second generation of SIS
and synergies between
SIS II and VIS.

116

Chapter 4

Annex II. (cont.)

B. Proposals on New Functionalities for SIS and SIS II
31 May 2005

Commission

COM (2005)
236, 230,
and 237

28 March 2006

Italy

15 May 2006

Presidency

7867/1/06,
9696/06
9169/06

Proposals for draft

Regulation and Decision
on the establishment,
operation and use of
second-generation SIS
(SIS II) and a Regulation
regarding the access to
SIS II of national services
responsible for issuing
vehicle registration
certicates.
Recommendation on the
use of SIRPIT.
Note on issue of
long-term management of
SIS II, Proposal on
Management Authority
for SIS II.

Chapter 5
Other EU Databases Used in the Field of
Immigration Control: Eurodac and VIS
As regards the better identication of wanted persons whilst the storage of personal
data in criminal databases is justied due to past and real or suspected behaviour of
the individual (which must be substantiated), this is not the case for EURODAC or
VIS. Neither the claiming of asylum nor a visa application indicates in any way that
a hitherto innocent individual will commit a criminal or terrorist act.1

1. Introduction
The focus of this study lies on SIS, SIS II and the registration of inadmissible
third-country nationals. Aside from SIS II, two other large-scale information
systems provide for the exchange of information on third-country nationals:
Eurodac and VIS. For several reasons, I consider it important to describe these
databases which have been established within the framework of the EU law.
Firstly, both VIS and Eurodac are used for immigration control and only include
data on third-country nationals. Therefore, the same problems which arise for
persons reported in SIS or SIS II, may also arise in relation to Eurodac and VIS.
Secondly, the use of VIS and Eurodac is closely related to the use of SIS II. Based
on the so-called principle of interoperability, the EU policy-makers envisage
interlinking these databases with SIS II. The interoperability of the dierent EU
databases is facilitated by the inclusion of biometric data not only in the data
systems, but also in the EU passport and other travel documents. The development
of Eurodac and VIS and the use of biometrics will be covered in the following
sections. Finally, I will highlight the most important dierences and similarities
between VIS and Eurodac, on the one hand, and SIS II on the other.

Communication of the European Commission on improved eectiveness, enhanced interoperability and synergies among European databases in the area of Justice and Home Aairs, COM
(2005) 597, 24.11.2005.

Evelien Brouwer, Digital Borders and Real Rights, pp. 117144.

2008 Koninklijke Brill NV. Printed in the Netherlands.

118

Chapter 5

2. Eurodac
2.1. Development and Central Purpose of Eurodac
Eurodac is the rst EU Automated Fingerprint Identication System. It includes
the ngerprints of asylum seekers and immigrants crossing the external borders of
that Member State irregularly. Eurodac, which became operational on 15 January
2003, is based on Regulation (EC) No. 2725/2000 concerning the establishment of
Eurodac for the comparison of ngerprints for the eective application of the Dublin
Convention of 11 December 2000.2 The purpose of Eurodac is to facilitate the
application of the Dublin Convention of 1990 to establish which state is responsible for an asylum application.3 Meanwhile, the Dublin Convention has been
replaced by Council Regulation 343/2003 (Dublin II) of 18 February 2003.4 The
Dublin Regulation includes a list of criteria to establish which Member State is
responsible for the examination of an asylum application submitted in one of
the Member States.5 Among other things, the Dublin Regulation stipulates
that the Member State where the asylum seeker rst entered the EU or the
Member State issuing a visa or residence permit to the asylum seeker is responsible
for the application. The Dublin Regulation is based on the so-called single application principle. The application of this Regulation should prevent a person from
applying for asylum in more than one country (known as asylum-shopping). It
also seeks to ensure that asylum applications submitted by dierent members of
one family are examined whenever possible by the same Member State. Finally,
the implementation of the so-called Dublin criteria should guarantee that at least
one Member State deals with the application of an asylum seeker, in order to
prevent the problem of refugees in orbit.
One of the practical reasons submitted by national governments for the need
to establish a central registration system for ngerprints was the fact that asylum
seekers would often destroy all their documents, such as identication cards and
2

3
4

OJ L 316, 15/12/2000. See, for the decision on the operability of Eurodac: OJ C 5/2,
10.1.2003.
Convention of 15 June 1990, OJ C 254, 1997, entered into force on 1 September 1997.
OJ L 50/1, 25.2.2003, based on a proposal of the Commission COM (2001) 447, 26 July 2001,
OJ C 304, 30.10.2001.
See, for a critical assessment of the principle of the Dublin II Regulation: H. Battjes, A Balance
between Fairness and Eciency? The Directive on International Protection and the Dublin
Regulation, EJML, 4: 2002, p. 159192; U. Brandl, Distribution of Asylum Seekers in Europe?:
Dublin II Regulation Determining the Responsibility for Examining an Asylum Application, in:
C. Dias Urbano De Sousa & Philippe De Bruycker (eds.), The emergence of a European asylum
policy/Lmergence dune politique europenne dasile, Brussels: Bruylant 2004, p. 3369; A. Hurwitz,
The 1990 Dublin Convention: A Comprehensive Assessment, International Journal of Refugee
Law 1999 11 (4), p. 646677.

Other EU Databases Used in the Field of Immigration Control

119

travel documents, upon arrival in one of the Member States. This would make it
dicult for the authorities not only to identify the person, but also to establish
the route travelled and to nd out if the person had already applied for asylum in
the same or another state. This problem was only partly solved by the existing
obligation that travel agencies and carrier organisations keep or copy the identity
papers or travel documents of passengers on certain ights. Back in 1991, when
the Immigration Ministers met on 2 December, it was agreed that a feasibility
study would be launched regarding a European system to compare dactyloscopic
data of asylum seekers. This feasibility study was presented to the Ministers during their meetings of 30 November and 1 December 1992, on the basis of which
they decided to investigate the needs and requirements of Eurodac.6 In February
1993, the Legal Service of the Council was asked to give advice on the question
of whether Article 15 of the Dublin Convention could be used as the legal basis
for the creation of Eurodac.7 This provision envisaged the exchange, upon
request, of individual data necessary for the examination of an application for
asylum, for the establishment of the Member State which is responsible for such
an application and for other obligations resulting from the Convention.8 The
Legal Service conrmed in its advice of 18 March 1993 that Article 15 provided
an adequate legal basis for the establishment of Eurodac.9 However, the Legal
Service explicitly stated that Eurodac should not be used for other purposes, such
as the functioning of other international instruments or starting criminal
investigations against asylum seekers.
Concluding that the exchange of asylum seekers ngerprints through Eurodac
was technically and legally feasible, the Council of Justice and Home Aairs
(JHA) decided on 23 November 1995 to start the legislative work.10 In a discussion paper from 1995, the Council conrmed that the recording of ngerprints in
a database, to be called Eurodac, should prevent asylum seekers from applying in
more than one state by changing their names or by throwing away their travel and
identity papers.11 At the time of the negotiations on Eurodac, ten of the 15 EU
Member States were already ngerprinting asylum seekers and storing these
ngerprints in national registers.12 For several reasons, it took another ve years

6
7
8
9
10
11

12

WGI 1284 REV 2.

SN 1419/93 WGI 1365.
Compare with Article 22 of the draft regulation of the Commission (COM (2001) 447).
5546/93, JUR 25.
11476/95 ASIM 308.
4464/1/95 cited in C. Schmid, Eurodac Verordnung. Europisches System zur Identizierung
von Fingerabdrcken, NWV Verlag: Wien 2003, p. 18.
Statewatch, Vol. 6, no. 4, July-August 1996, Eurodac: European Union to hold asylum seekers
ngerprints on central computer draft Convention proposals, p. 2.

120

Chapter 5

before the Eurodac Regulation was nally adopted. One of these reasons was that
the organisation of Eurodac was not strongly supported by all Member States.
Only a few Member States, such as Germany, the Netherlands and Austria, were
especially interested in the distribution mechanism of the Dublin Convention.
Southern Member States, such as Italy and Greece, which were often the rst
country of arrival for asylum seekers, were less interested in the functioning of
Eurodac to support this mechanism.13
At the initiative of the Luxembourg Presidency, a draft Eurodac Convention
was forwarded to the European Parliament in 1997. This meant that, in anticipation of the entry into force of the Amsterdam Treaty, the EP was for the rst time
given the opportunity by the Council to advise on asylum and migration matters.
The EP adopted a resolution on the draft Convention in January 1998.14 In this
resolution, the EP especially emphasised the necessity of the limited use of
Eurodac, the inclusion in the Convention of a reference to the ECHR and the
Geneva Convention on the protection of refugees; these proposals were followed
by the Council. The advice of the EP to include an explicit obligation to delete
the data of asylum seekers who obtain refugee status within one month was,
however, ignored. The JHA Council agreed on the text of the Eurodac Convention
at its meeting of 34 December 1998. In March 1999, the Council agreed upon
a protocol to the Eurodac Convention on the inclusion of the ngerprints of
illegal immigrants (see below). In the light of the forthcoming entry into force of
the Amsterdam Treaty, according to a plan by the Austrian government, it was
decided to freeze these texts in anticipation of a new EC instrument to be
presented by the Commission.
On 26 May 1999, shortly after the entry into force of the Amsterdam Treaty,
the European Commission forwarded a proposal for a Eurodac Regulation.15
This proposal, including a protocol on illegal immigrants, was based on the
frozen texts of the Council. Unlike the Council texts, the Commission proposal
referred to the direct applicability of EC Directive 95/46 on data protection.
Furthermore, the Commission proposal, in a departure from the Council text,
conferred certain powers to adopt the implementing rules upon the Commission
itself. This proposal to limit the implementing powers of the Council met
with strong opposition from the Member States and in 2000 the Commission
was forced to forward a new proposal, involving a weaker position for the

13

14
15

See, on the political debate on Eurodac, Jonathan P. Aus, Eurodac: A Solution Looking for a
Problem?, Working Paper no. 9, Centre for European Studies, University of Oslo, May 2006,
available at: http://www.arena.uio.no/publications/.
A4-0402/97 15.1.1998.
COM (1999) 260 n., OJ 2000 C 337.

Other EU Databases Used in the Field of Immigration Control

121

Commission.16 The European Parliament was consulted again and again, but
now on the basis of Article 63 (1) TEC.17
The Eurodac Regulation was the rst instrument adopted on the basis of
Title IV of the EC Treaty. The Regulation applies to all EU Member States,
including United Kingdom and Ireland; these countries, in accordance with
Article 3 of the Protocol on the position of the United Kingdom and Ireland
annexed to the EU Treaties, have given notice of their wish to take part in the
adoption and application of this Regulation. On the basis of the Council Decision
concerning the signing of the Agreement between the EC, Norway and Iceland
regarding the responsibility for asylum applicants, Norway and Iceland are
required to apply the Eurodac Regulation.18 Denmark automatically opted out in
accordance with Articles 1 and 2 of the Protocol on the position of Denmark
annexed to the EU Treaties but, based on an agreement signed between the EU
and Denmark on 10 March 2005, now also takes part in the Eurodac Regulation.19
The Eurodac Regulation immediately applied to the ten new EU Member States
which joined the EU in 2004. One month after their accession, the number of
transactions to Eurodac and hits based on this system increased signicantly.20
Finally, based on an agreement between the European Communities and
Switzerland of 26 October 2004, and a Protocol to this agreement between these
latter parties and Liechtenstein, Eurodac will be used by Switzerland and
Liechtenstein, depending on a positive evaluation of the application of the
Schengen acquis by those states.21 In 2006, Eurodac was used by 27 European
states, including the 25 EU Member States, Norway and Iceland.
2.2. Collection, Transmission and Comparison of Fingerprints
The Eurodac Regulation is based on the premise that, in principle, each Member
State has to take the ngerprints promptly from every applicant for asylum
aged at least 14 years old and transmit these data promptly to the Central Unit
16

17

18
19

20
21

COM (2000) 100, 15 March 2000. See further, on this competency dispute between the
Commission and the Council: S. Peers, Key Legislative Developments on Migration in the
European Union, EJML 3/2 (2001), p. 235; E. Brouwer, Eurodac: Its Limitations and
Temptations, EJML 4 2002, p. 234, and J.P. Aus (2006), p. 2324.
The EP adopted two resolutions, A5- 0059/19990, 18 November 1999, and A5-0219/2000,
21 September 2000.
15 March 2001, OJ 93/38, 3/4/2001.
See the Council Decision of 21 February 2006 on the conclusion of this Agreement between
Denmark and the European Community, OJ L 66/38, 8.3.2006.
Second annual report on Eurodac, Commission Sta Working Paper SEC (2005) 839, 20.06.2005.
See for the Protocol between EC, Switzerland, and Liechtenstein, COM (2006) 753. I did not
nd any ocial publication of the Dublin/Eurodac agreement between Switzerland and the
EC of 26 October 2004.

122

Chapter 5

(Article 4 (1) of the Regulation). The Central Unit, based in Luxembourg, is

established under the responsibility of the European Commission and controls
the central database of ngerprints in accordance with Article 3 of the Eurodac
Regulation. The procedure for taking ngerprints takes place in accordance with
the national practice of the Member State concerned.
The minimum age of the persons from whom ngerprints can be taken was
one of the main discussion points in the negotiations. Whereas most countries
wanted to raise this minimum age, the Netherlands proposed lowering this minimum age to 12, in accordance with its own national law.22 The European
Parliament strongly opposed the minimum age of 14, arguing that this would be
contrary to existing international instruments protecting the rights of children.
The proposed amendment by the European Parliament to raise the minimum
age to 18 was however ignored by the Council.
It is important to underline that, unlike SIS and VIS, Eurodac contains no
name or address of persons. Based on Article 5(1), points (a) to (f ) of the Eurodac
Regulation, the following information is recorded in Eurodac:

the Member State of origin;

the place and date of the application for asylum;
ngerprint data;
sex;
the reference number used by the Member State of origin;
the date on which the ngerprints were taken; and
the date on which the data were transmitted to the Central Unit.

National authorities should forward to the Eurodac Central Unit the ngerprints
of all individuals aged 14 and over who apply for asylum or who were apprehended while illegally crossing borders. The Central Unit will check whether the
ngerprints forwarded by the national authority are already stored in the system.
If so, the national state will be informed of this match and of the Member State
which previously forwarded the ngerprints. States may also forward ngerprints
of persons found illegally present within their country. Based on a request from
a Member State, the Central Unit can compare the ngerprints with data previously transmitted by the same Member State. This means that Eurodac can also
be used by a Member State to check whether a person has previously applied for
asylum on its own territory.
Only the Member State of origin can have access to the data which it transmitted to Eurodac and only this Member State can have these data corrected
(Article 15 (1) and (3) of the Eurodac Regulation). If the Member State of origin

22

Council doc. 10191/3/97, 27.11.1997 and 11868/1/98, 5.11.1998 (authors archive).

Other EU Databases Used in the Field of Immigration Control

123

recorded the data directly in the central database, it may also amend or erase the
data directly. Otherwise, the data are amended or erased by the Central Unit
(Article 15 (6) Eurodac Regulation).
According to Article 6 of the Regulation, data on asylum seekers are to be
stored for 10 years from the date on which the ngerprints were taken. Only if
the person concerned has acquired the citizenship of one of the Member States
before this time limit expires, the data are to be deleted as soon as the Member
State of origin becomes aware that the person has acquired such citizenship
(Article 7).
2.3. Extension to Illegal Immigrants
Not until a later stage in the Eurodac negotiations was it agreed to extend the
Eurodac Regulation to ngerprinting illegal immigrants.23 In response to the
arrival of a large number of (Kurdish) immigrants from Northern Iraq in Europe
in 1997, the Northern European countries in particular pressed for this extension. In December 1997, the Schengen Executive Committee concluded that it
could be necessary to take the ngerprints of every illegal immigrant whose identity could not be established without doubt and to store this information for
exchange with other Member States.24 In point 46 of the Action Plan of the EU
Council of 26 January 1998 (Inux of migrants from Iraq and the neighbouring
region) the taking of ngerprints from illegal immigrants was deemed necessary,
to curb the entry into the EU of illegal refugees. Point 17 urged the Member
States to examine without delay whether Eurodac should be extended to illegal
immigrants. On 21 April 1998, under strong pressure from the German delegation, the Schengen Executive Committee adopted a formal decision with regard
to the ngerprinting of every foreign national entering the Schengen area illegally whose identity cannot be established with certainty on the basis of valid
documents.25
The extension to illegal immigrants was to be based on Article 15 (1), Article 10 (1c)
and (1e) of the Dublin Convention. As we have seen above, Article 15 of this
Convention prescribed the exchange of individual information in application of the
Dublin Convention. Article 10 (1c) and (1e) of the Convention referred to the obligation of a Member State to readmit an asylum seeker who has formerly applied for
asylum on its territory and whose application is either being processed or has been
rejected and who is later found illegally on the territory of another Member State.
Whether these provisions included an accurate basis for the ngerprinting of persons
23
24
25

See, for backgrounds, Statewatch Bulletin, January-February 1998, Vol. 8, no. 1.

15-12-1997, SCH/Com-Ex/97/44 rev. 2.
SCH/Com-Ex/98/1 rev. 2, OJ 22 September 2000, cited in Jonathan P. Aus (2006), ibid., p. 18.

124

Chapter 5

who do not apply for asylum has been called into question.26 In a report to the
Council in 1998, the Legal Service of the Council concluded that the inclusion in
Eurodac of data relating to persons who legitimately crossed the external frontiers of
a Member State, but had later been found residing unlawfully in a Member State
cannot be justied.27
The current text of the Eurodac Regulation distinguishes two categories of
illegal immigrant: rstly, third-country nationals who are apprehended by the
competent control authorities in connection with irregular crossing by land, sea
or air of the border of that Member State, having come from a third country and
who are not turned back (Article 8) and, secondly, third-country nationals found
illegally present on the territory of a Member State (Article 11).28
Data on persons who cross an external border irregularly are recorded for the
sole purpose of comparison with data on applicants for asylum subsequently
transmitted to the Central Unit.29 The Central Unit may not compare this data
with any data previously recorded in the central database, nor with data subsequently transmitted to the Central Unit pursuant to Article 8. According to
Article 10, ngerprints of third-country nationals apprehended in connection
with the illegal crossing of external borders shall be stored in the central database
for only two years from the date on which the ngerprints of the alien were
taken. Upon expiry of this period, the Central Unit shall automatically erase
the data from the central database. Article 10 (2) of the Eurodac Regulation
further provides that this data has to be deleted immediately if the Member State
of origin becomes aware that the person concerned has left the territory of
the Member States, has been issued with a residence permit, or has acquired the
citizenship of any Member State. This is thus a more stringent provision with
regard to the deletion of data, compared to the rule which applies to the storage
of ngerprints of asylum seekers; see above.
The ngerprint data on persons found illegally present within the territory of
a Member State (the second category) are only to be transmitted to the Central
26
27

28

29

See also B. Schrder, Das Fingerabdruckvergleichssystem EURODAC, ZAR 2/2001, p. 7176.

8441/98, 18 May 1998, cited in the letter of Justice to the Select Committee on the European
Communities, 19 March 1999.
The Regulation uses the word aliens. Neither the Council nor the Commission followed the
advice of the European Parliament to use third-country nationals instead of aliens; see both
Pirker Reports, A5-0059/1999 and A5-0219/2000.
The use of the denitions illegal irregular border crossing and illegal presence also raised
doubts on whether this would not result in dierent interpretations by the Member States.
See the European Communities Committee, House of Lords, Tenth Report on Fingerprinting
illegal immigrants: extending the Eurodac Convention, 8 June 1999 and the Memorandum of the
Immigration Law Practitioners Association to the Select Committee of 3 March 1999 and the
aforementioned letter of Justice, 19 March 1999.

Other EU Databases Used in the Field of Immigration Control

125

Unit for the purpose of comparison with the ngerprint data of applicants for
asylum transmitted by other Member States and recorded in the central database. These ngerprints shall not be recorded in the central database at all, nor
shall they be compared with the data transmitted to the Central Unit pursuant
to Article 8 (rst category).
2.4. Functioning of Eurodac: Annual Reports of the Commission
A rst annual report on Eurodac was published by the Commission on 5 May
2004.30 According to this report, in the period from 15 January 2003 to
15 January 2004, 271,572 ngerprints were successfully transmitted to the
central authority. Of a total of 246,902 asylum applications recorded by Eurodac,
17,287 concerned persons who had previously made an asylum application in
another contracting state or in the same state. In other words, 7% of the cases
recorded in Eurodac would include multiple asylum applications. According to
the second annual report on Eurodac, published on 20 June 2005, of the total of
232,205 asylum applications recorded by Eurodac in 2004, 31,307 cases show
that the same person had already made at least one previous asylum application
in the same or another Member State.31 This means that the percentage of
multiple asylum applications detected by Eurodac increased from 7% in 2003 to
13.5% in 2004. In September 2006, the European Commission published its
third Annual Report on Eurodac.32 According to this report, of a total of 187,223
asylum applications recorded by Eurodac in 2005, 31,636 cases show that the
same person made at least one previous asylum application, thus 16% of the
asylum applications were repeat (second or subsequent) asylum applications.33
The Eurodac annual reports do not provide information on whether these
hits lead to the transfer of persons to the Member State which is responsible for
asylum application and thus whether, using Eurodac, the goals of this system are
actually achieved. Whereas the rst report did not include any information on
this question, the Commission concluded in the second report that Eurodac has
demonstrated its eciency and quality in terms of speed, output, security and
cost-eectiveness.34 The Eurodac system would be functioning well in terms
of the number of requests to take back or to take charge of an asylum seeker
submitted by one Member State to another. The second report did not include

30
31
32
33

34

SEC (2004) 557, 5 May 2004.

SEC (2005) 839, 20 June 2005.
SEC (2006) 1170, 15 September 2006.
According to this third report, in four cases a person would have applied for asylum 11 times
since Eurodac became operational, see p. 6.
See p. 14 of the second annual report.

126

Chapter 5

explicit gures to support this conclusion but, according to the Commission,

information on the current application of the Dublin Regulation would be based
on a pilot project managed by the Commission services. According to this
(unpublished) information, 67% of the total requests to take back or to take
charge of an asylum seeker in the period JulyDecember 2004 were based on
Eurodac hits. Still, even considering this percentage of 67% of Dublin claims
based on Eurodac, the eciency of Eurodac is questionable. The gures in the
annexes attached to the annual reports show that if Member States would apply
the Dublin mechanism on the basis of the Eurodac hits, some Member States
would generally receive approximately the same number of asylum seekers from
other Member States as the number of asylum seekers it could send to another
Member State.35 Therefore, in practice, it is questionable whether the application
of Eurodac together with the Dublin criteria does aect the net number of
asylum seekers in each Member State or the EU. The eect of Eurodac is merely
on the distribution of asylum seekers. It could be argued that Eurodac has a
deterrent eect, in the sense that asylum seekers knowing that their ngerprints
will be stored will be less inclined to lodge multiple asylum applications or even
apply for asylum at all. As side-eects, the use of the Eurodac-Dublin rules
certainly leads to longer asylum procedures and provides Member States with
new grounds for refusing an asylum application.
The Eurodac annual reports also do not include information on how many
times data on asylum seekers, or third-country nationals recorded on the basis of
Article 8 of the Regulation, have been deleted before expiry of the regular time
limits of 10 or 2 years respectively. As we have seen above, based on the Eurodac
Regulation, the ngerprints have to be deleted if a person acquires the citizenship of a Members State as well as, in the case of an irregular immigrant crossing
the external borders if this person has left the EU territory or obtained a residence permit. The reports also fail to give the total numbers of registrations
held in Eurodac. However, considering that the ngerprints of asylum applicants
will be stored for ten years in Eurodac and data on illegal border crossings for
two years, it could be estimated that, after ve years of operation, more than
one million ngerprints will be stored in this system.
It is worth noting that the three annual reports all refer to the problem of
special searches performed by national authorities. This special search function
provided for in Article 18 (2) of the Eurodac Regulation is only meant for data
protection purposes and limited to the requests for access to personal data made
by individuals. In the rst annual report, the Commission noted that this possibility has been used frequently by some Member States and, apparently, for other
35

See also E. Guild, Unreadable Papers? The EUs rst experiences with biometrics: Examining
Eurodac and the EU Borders, in: Lodge (2007).

Other EU Databases Used in the Field of Immigration Control

127

purposes as well. In the second annual report, the Commission reports that the
number of special searches in Eurodac increased signicantly, mainly due to
two Member States while a few other Member States continued to apply this
provision frequently. According to the third annual report, the Commission
services would have alerted the European Data Protection Supervisor to further
clarify this use of special searches by some Member States.36
In 2006, the European Data Protection Supervisor (EDPS) published a press
release about its rst inspection report on the security of the Eurodac central
unit.37 The EDPS expressed its general satisfaction with the level of security and
stated that it had issued certain recommendations. As a result of the sensitivity
of some of the information in the report, the inspection report by the EDPS has
not been made publicly available.38

3. Visa Information System or VIS

3.1. Negotiations Towards a European Visa Information System
Even in the 1990s, before the CISA was implemented and internal border
controls were lifted under its Convention, France stated as a prerequisite that it
should be informed in advance by the other Schengen States of each visa issued
to nationals of certain countries.39 Although the other countries supported prior
consultation in certain cases, they initially objected to the proposal to create
a system which would be used to communicate this information as a prerequisite
for the implementation of CISA, since this would take much more time.40
For certain categories of visa application only, a computerised consultation network (VISION) was created on the basis of Article 17 (2) CISA, through which
visa authorities can consult the central visa authorities of other countries before
issuing a visa to the person concerned.41
36
37

38
39
40

41

SEC (2006) 1170, p. 10.

The European Data Protection Supervisor was set up to control the processing of personal data
by the Community institutions, see also Chapter 7.
Press release, 9 March 2006, http://www.edps.eu.int.
Migration News Sheet, July 1993, No. 124/93, p. 1.
Migration News Sheet estimated that if, for example, France wanted to be informed of all visa applications by Russians at the German and other consulates, a total of 2.5 million visa applications
from 1993 would have to be submitted for prior approval.
Article 17 (2) CISA provides for prior consultation by embassies or consulates to which an
application for a visa is made, with their own central authorities as well as with the central
authorities of other participating states. According to Article 17 (2), the cases in which these
consultations should take place are to be dened by the Schengen Executive Committee, now
the Council.

128

Chapter 5

After the events of 11 September 2001, the proposal for a visa information
system was again placed on the EU agenda. In the Conclusions of the JHA
Council of 20 September 2001, the Council requested the European Commission
to come forward with proposals for the establishment of a network for information exchange concerning visas issued by Member States.42 In a paper to the EU
Visa Working Party of 26 November 2001, the Italian delegation emphasised
that the events of 11 September demonstrated that visas are not just about controlling immigration but are above all an issue involving EU Member States internal
security.43 According to this paper, the most immediate objective should be to set
up a genuine European database for collecting the names both of individuals
issued with a visa and of those denied a visa and perhaps other relevant information. The second objective should be to set up fully-edged (sic) common visa
oces, in order to increase the overall capacity of the Member States and the
European Union regarding the ght against terrorism.
A policy questionnaire on the needs for a future database for visas, set up by
the Spanish delegation in December 2001, included the following list of possible
objectives:44
contribute to improving local consular cooperation;
distinguish better between the identity of the holder and the carrier of the
visa at external border checkpoints or at immigration or police checkpoints;
facilitate the application of the Dublin Convention regarding asylum;
by archiving the visa le, assist (directly/indirectly) in the identication and
documentation of illegal immigrants and therefore the readmission of illegal
immigrants;
contribute to combating terrorism and organised crime;
respond to the nature of the visa, which is described as an instrument of
prevention and channelling of legal movements of persons.
The paper proposed that the following data be included in the visa database: visa
issued; visas formally refused; visa requested; visa annulled, revoked or extended;
and visa stickers misappropriated or lost. The Spanish note dealt further with
questions such as which authorities should obtain access to the database, the
period for which the data should be retained before being archived and which
other databases should be directly accessible to the consular posts. Finally, the
note raised the question of whether the database should be incorporated into SIS
and, if so, which role would be given to SIRENE.

42
43
44

SN 3926/6/01 REV 6, 20.09.2001, see conclusion 26.

14523/01.
Note to the Visa Working Party, 15577/01, 21 December 2001.

Other EU Databases Used in the Field of Immigration Control

129

In the Laeken Conclusions of December 2001, the European Council asked

the JHA Council and the Member States to take steps to set up a common visa
identication system and to examine the possibility of setting up common
consular oces.45 In the Comprehensive Plan to combat illegal immigration and
tracking of human beings in the European Union of February 2002, the Council
again referred to the utility of a European VIS, but this time in the context of the
EU return policy.46 According to consideration (73) of this Plan, a European
Visa Identication system would signicantly facilitate the process of identifying
illegal residents and the issue of travel documents for return purposes.
In the roadmap on the measures and initiatives to be implemented according
to the Action Plan to combat terrorism of October 2001, the Commission was
scheduled to present a proposal before March 2002.47 This deadline was moved
several times in later versions of this roadmap.48 However, before making concrete
proposals, the Commission raised the issue of the need for a visa information
system in several documents. For example, the creation of a visa information system was mentioned in the proposal updating the Regulation on a standard
format for visas,49 in the Communication on illegal immigration of 15 November
200150 and in the Green Paper on Return Policy of 10 April 2002.51 In the
Communication on illegal immigration, the Commission proposed including
the personal information of visa applicants in the information system, as well as
electronic photographs and scanned photographs of travel documents. According
to the Commission, such a system should enable Member States to allow shortterm admission on justiable grounds and to ensure the return of those persons
after the expiry of the visa. In the Green Paper on return policy, the Commission
also mentioned this possibility of using the European Visa Identication System
for return purposes. These return-related problems could be resolved, according
to the Commission, by carrying out suitable identication measures during
administrative procedures when the person concerned has an interest in
providing correct data. The Commission referred again to the usefulness of a
Visa Identication System for identication purposes, leaving open for discussion
the question of which elements should be included in the Visa Identication
System to ensure the identication of undocumented illegal residents.

45

46
47
48
49
50
51

The European Council of 14 and 15 December 2001, Laeken, see Conclusion 42, SN 300/1/01
REV 1, p. 12.
OJ 2002, C 142.
See the roadmap of 16 October 2001, 12800/01.
See, for example, the roadmap of 09/04/02, 7686/02.
COM (2001) 577, 9.10.2001.
COM (2001) 672, 15.11.2001.
COM (2002) 175, 10.4.2002.

130

Chapter 5

During the informal JHA meeting of 1415 February 2002, further discussions
took place on whether a European visa database should contain not only information on issued visas, but also on visas applications and on visa denials.52 A majority
of the Member States seemed to favour such an extension, though it was noted that
it was unclear how much information should be includedonly substantial grounds
for rejection or rejections based on the inadmissibility of the application as well.
The guidelines for the establishment of the Visa Information System as
approved during the meeting of 13 June 2002 of the JHA Council, describe the
following goals of VIS:

to improve the functioning of the common policy in the eld of visa;

internal security and the ght against terrorism;
to ght against fraud;
to prevent visa shopping;
to improve the possibilities for returning illegal immigrants and, nally;
to improve the application of the Dublin Convention.53

These goals are comparable to the list in the Spanish note of 2001 mentioned
above, but also include internal security and the ght against fraud. At this meeting of June 2002, it was further decided that the European Visa Information
System should have a similar structure as was chosen for SIS, including a Central
Visa Information System (CS-VIS) and a National Visa Information System
(NI-VIS) in each Member State. Furthermore, the Council invited the European
Commission to prepare a feasibility study on the setting up of such a database.
In June 2004, the Council adopted the decision on the establishment of the
Visa Information System.54 This Decision enabled the Commission, even though
the political decision-making on the use and the content of VIS was still ongoing,
to start the technical preparations for the establishment of VIS.
3.2. The VIS Regulation: Purpose and Content of VIS
In December 2004, the Commission presented a proposal for a Regulation concerning the Visa Information System (VIS).55 The adoption of the VIS Regulation
was foreseen for mid-2006 and VIS was planned to be operational in 2007.

52

53

54
55

See the letter from the Dutch Minister of Justice to the parliament, Handelingen Tweede Kamer
20012002, 23 490, no. 226.
See the Press release of the JHA Council, 9620/02 (Presse 175). See, for the draft guidelines,
7309/02, 4 April 2002 and 9615/02, 5 June 2002.
Council Decision 2004/512, 8 June 2004, OJ L 213, 15.6.2004.
COM (2004) 835.

Other EU Databases Used in the Field of Immigration Control

131

The Regulation has to be adopted by qualied majority vote and through

co-decision with the European Parliament.56 In June 2007, the Council and the
European Parliament agreed on a nal text of the VIS Regulation.57
VIS is to contain information on every visa issued, on every decision to examine
an application for a visa, every visa which is refused, annulled, or revoked and on
each extension of a visa. The persons concerned are third-country nationals from
the countries whose nationals require a visa, according to the EU visa lists.
In 2006, nationals from 134 states around the world required a visa to enter the
EU.58 Every national from these states who applies for a visa is to be recorded
into the VIS central database. The annual number of visa applications for 2007 is
estimated at 20 million per year.59 This implies the storage of information on
millions of third-country nationals, each record to be stored for ve years.60
One of the data to be stored as visa applicants is the nationality of birth. VIS will
also include information on EU and non-EU nationals inviting third-country
nationals. VIS is to link at least 27 Member States and should be accessible to
12,000 users and 3,500 consular posts worldwide.
Based on Articles 18 to 22 of the draft Regulation (June 2007), the following
authorities will be granted access to VIS:
competent visa authorities for the purposes of examining applications, of
consulting and requesting documents and of reporting and statistics;
competent authorities carrying out checks on visas at external borders and
within the territory of the Member State for the sole purpose of verifying the
identity of the person and/or the authenticity of the visa;

56

57

58

59

60

See, for a consolidated version of the VIS, draft Regulation 11632/06, 13 July 2006. This
includes a three-column table showing the Commission proposal, the Presidency compromise
and the amendments as proposed by the European Parliament.
JHA Council, Press release 1213 June 2007, 10267/07 (Presse 125), p. 15, see for the latest
version of the Draft Regulation, 9753/07, 19 June 2007.
Not including the Palestinian Authority and Taiwan, whose nationals need a visa as well.
Council Regulation 539/2001 of 15 March 2001, listing the third countries whose nationals
must be in possession of visas when crossing the external borders and those whose nationals are
exempt from that requirement, OJ L 81 of 21 March 2001 (modied by Regulation 2414/
2001, OJ L 327, 12.12.2001, Regulation 453/2003, OJ L 69, 13.3.2003 and Regulation 851/
2005, OJ L 141, 4.6.2005). See also the information in OJ C 311, 19.12.2006.
Commission Sta Working Document on VIS including an Extended Impact Assessment, SEC
(2004) 1628, 28 December 2004, pp. 20 and 25. See also the Study for the Extended Impact
Assessment of the Visa Information System. Final Report, December 2004, Brussels: European
Policy Evaluation Consortium (EPEC), December 2004, p. 4.
Estimated data stored in VIS cover 20 million visa applications on an annual basis, which would
result in 70 million records to be stored into the system for the ve-year term.

132

Chapter 5

competent immigration authorities for the sole purpose of identifying and

returning illegal immigrants; and
competent asylum authorities for the sole purpose of determining the Member
State responsible for examining an asylum application and for the purpose of
examining an application for asylum.
The functions and authorities obtaining access to the proposed VIS have gradually
been extended as a result of other instruments adopted by the EU Council.
During its meeting of 7 March 2005, the Council adopted the decision that
in order to achieve fully the aim of improving internal security and the ght
against terrorism, Member State authorities responsible for internal security and
law enforcement authorities should be guaranteed access to VIS, in the course
of their duties in relation to the prevention, detection and investigation of
criminal oences, including terrorist acts and threats.61
A proposal for a decision providing national security agencies and Europol
access to VIS was published by the Commission in November 2005.62 In February
2007, a new proposal of the draft VIS Decision was published changing the
explicit reference to internal security agencies in the title and text into designated
authorities of the Member States.63 This more euphemistic denition is still
referring to internal security agencies, but implies the risk that national governments designate every agency or authority they like, to obtain access to the VIS.
The JHA Council reached agreement on this Decision in their meeting of 1213
June 2007.64

4. Interoperability of SIS II, Eurodac and VIS

The possibility of interconnecting dierent databases is an important and recurrent issue in the development of SIS II and VIS. The European Commission
announced in its Communication on SIS II of 18 December 2001, that the establishment of a network for exchanging information on issued visas should be
studied in connection with the development of SIS II.65 The question of whether
a visa information system should be established separately or as a database incorporated into SIS was further raised in a discussion paper on a new visa database
of December 2001.66 In addition, during the negotiations on the ght against
61
62

63
64
65
66

Conclusions meeting Council Competitiveness 7 March 2005, doc. 6811/05.

See the proposal for a Council Decision concerning access for consultation of the Visa
Information System (VIS) by these authorities, COM (2005) 600 nal, 24 November 2005.
Council doc. 5456/1/07, 20 February 2007.
Press release JHA Council, 1213 June 2007, 10267/07 (Presse 125), p. 15.
COM (2001) 720, p. 8.
15577/01, 21 December 2001.

Other EU Databases Used in the Field of Immigration Control

133

terrorism, the interconnection of dierent databases was advocated by dierent

Member States.67 The European Council, in its Declaration on combating terrorism
of 25 March 2004, invited the Commission to submit proposals for enhanced
interoperability between SIS II, VIS, Eurodac and the use of this information in
ghting and preventing terrorism.
In 2005, the Commission published the Communication on improved eectiveness, enhanced interoperability, and synergies among EU databases of 2005.68 The
content of the recommendations in this Communication reects the ambiguous
position of the Commission. On the one hand, the Commission sought to
improve the eciency of the databases and its possible use for realising the
Community principle of freedom of movement. On the other hand, the
Commission tried to respond to the general wish of the Council and its individual
Member States to allow the use of immigration and asylum information for antiterrorism and security policy. The purpose of this Communication would be to
highlight how, beyond their present purposes, these systems can more eectively
support the policies linked to the free movement of persons and serve the objective of combating terrorism and serious crime. Interoperability is dened by
the Commission as the ability of IT systems and of the business processes they
support to exchange data and to enable the sharing of information and knowledge. In the Communication on interoperability, the Commission stressed that
the existing databases have so far not been fully exploited.69 Some of the shortcomings of these databases mentioned by the Commission are that the identication of illegal immigrants is still dicult, that there is no possibility for internal
security agencies to use asylum, immigration, and visa data, and that there is
incomplete monitoring of the entry and exit of third-country nationals. With
regard to Eurodac, the Commission concluded that this database has been underexploited because the quantity of data to be transmitted to Eurodac is a surprisingly low fraction of the total migratory ow.70 It is noted that the lack of access
by internal security authorities to Eurodac is considered by the law enforcement
community to be a serious gap in the identication of suspected perpetrators of a
serious crime.71

67

68
69
70
71

See, for example, the German government during a meeting of 27 September 2001, 13176/01,
24.10.2001.
COM (2005) 597, 24 November 2005.
COM (2005) 597, para. 4.
Ibid., para. 4.1.
The Commission envisages the following possibility for access to Eurodac: Authorities responsible for internal security could thus have access to EURODAC in well-dened cases, when
there is a substantiated suspicion that the perpetrator of a serious crime has applied for asylum.
This access should not be direct but through the authorities responsible for EURODAC.
Para. 5.2.3 of the Communication on interoperability COM (2005) 597.

134

Chapter 5

The Commission summarised the following developments and plans with

regard to the existing data systems:
1. possibility of biometric searches in SIS II;
2. more comprehensive access to VIS and SIS II by asylum and immigration
authorities;
3. access by authorities responsible for internal security.
In the long term, the Commission described the following scenarios:
1. the creation of a European criminal Automated Fingerprints Identication
System (AFIS);
2. the creation of an entry/exit system and the introduction of a border-crossing
facilitation scheme for frequent border crossers; and
3. the creation of European register(s) for travel documents and identity cards.
In the Communication on interoperability, the Commission did not go into
details with regard to the legal aspects of the interoperability of databases and its
consequences for individuals and their (human) rights. On the contrary, in the
introduction to the Communication, the Commission made clear that
interoperability is used as a technical rather than a legal or political concept and
is separate from the question of whether the data exchange is legally or politically
possible or required. This policy of considering the technical issue of interoperability separately from the legal issue is not without problems.72 For example, in
the Communication on the second generation of SIS and synergies of SIS II with VIS
of 11 December 2003, the Commission recommended the technical integration
of SIS II and VIS in its central part, since this option would generate important
budgetary savings.73 In the Decision 2004/512 on the establishment of VIS of
8 June 2004, the Commission was instructed to take into account the option
of a common technical platform with the second generation SIS (SIS II).74
In 2003, the Commission still emphasised that this synergy was only to be created
at the central level and it would be necessary to keep the two systems and data
separate. Now we see that the decisions on the technical and budgetary issues
provided the basis for the more political and legal decisions with regard to the
shared use and interoperability of the systems.

72

73
74

See also P. de Hert & S. Gutwirth, Interoperability of Police Databases within the EU:
An Accountable Political Choice?, International Review of Law Computers & Technology, Vol. 20,
Nos. 1 & 2, p. 2135, March-July 2006.
COM (2003) 771.
Council Decision 2004/512, 8 June 2004, OJ L 213, 15.6.2004.

Other EU Databases Used in the Field of Immigration Control

135

5. Use of Biometric Data

5.1. Controlling the Body: Use of Biometrics at the EU Level
At both national and European levels, governments are developing mechanisms
for checking individuals using biometric data. Biometrics can be described as
automated methods of recognising a person based on a physiological or behavioural characteristic including ngerprinting, retinal and iris scanning, hand and
nger geometry, voice patterns, facial recognition, and other techniques.75
Comparison of the unique biometric features of a person with the personal data
which has been previously stored in a database or ID card allows for the identication of this specic person. During the inquiry for this study, Eurodac was the
largest database to contain biometric data, namely ngerprints. In future,
biometric data will be stored and used on a much larger scale. As we have seen,
the proposals on both SIS II and VIS provide for the inclusion of biometrics
(ngerprints) in these databases. Furthermore, dierent decisions have been taken
with regard to the inclusion of biometrics into EU passports, travel documents
and visas. The inclusion of biometric data in databases and in travel documents is
presented as a new measure for dierent purposes, including the prevention of
illegal immigration or visa shopping, to combat terrorism, to prevent fraud and to
facilitate the return of rejected asylum seekers.76
During their meeting in Thessaloniki on 19 and 20 June 2003, the European
Council agreed upon the necessity of a coherent EU approach on biometric
identiers for documents for third-country nationals, European Union citizens
passports and information systems (VIS and SIS II). The need for this EU policy
was in rst initialised by new US anti-terrorism legislation which required citizens
of countries falling under the US Visa Waiver Program to hold machine-readable
passports in order to visit the US. Having postponed this deadline many times,
the US government requires EU travellers to the US who do not hold this
machine-readable passport to apply for a visa with eect from 26 October 2006.
In December 2004, the EU Council adopted Regulation 2252/2004 for security
features and biometrics in passports and travel documents issued by Member States.77

75
76

77

Denition used on http://www.eubiometricsforum.com/.

See, for an overview of the EU policy on biometrics: J. Lodge, eJustice, Security and Biometrics:
the EUs Proximity Paradox, European Journal of Crime, Criminal Law and Criminal Justice,
Vol. 13/4, 2005, p. 533564, and P. de Hert, W. Schreurs & E. Brouwer, Machine-Readable
Identity Documents with Biometric Data in the EU, Keesing Journal of Documents and Identity
2006, Issue no. 21, p. 3 .
OJ L 385, 29.12.2004.

136

Chapter 5

This Regulation does not apply to national identity cards or to temporary passports. According to Article 1 of this Regulation, Member States must include in
their passports and travel documents a storage medium containing a facial image
in accordance with the security standards set out in the Annex of this Regulation.
Furthermore, Member States must include ngerprints in interoperable formats.
The data are to be secured and the storage medium should have sucient capacity
and capability to guarantee the integrity, authenticity and condentiality of the
data. According to Article 6 of the Regulation, the digitised facial image has to
be implemented into the passports before 28 August 2006 and the ngerprints
before 28 February 2008. The scope of harmonisation is limited to the security
features containing biometric identiers: the designation of the authorities and
bodies that will be allowed access to the data in the storage medium of the issued
document remains a matter of national legislation.
Despite the negative advice on this matter from the European Parliament,
Regulation 2252/2004 allows for the central storage of biometric data. The technical requirements for the machine-readable passport and the storage medium
for the biometric data (so-called contactless chip) are provided in a Decision of
the European Commission dated February 2005.78
The EU Member States reached political agreement on the draft Regulation
amending the uniform visa and residence permits to include biometric data.79
Furthermore, in 2006, the Commission forwarded a proposal for a Regulation
providing rules for consulates and embassies with regard to the use of biometrics
during reception and processing of visa applications.80 In its Communication on
The Hague Program on the implementation of the principles of Freedom, Security
and Justice, the Commission stated that biometrics allows the storage and exchange
of information on the entry and exit of third-country nationals into and out of
the Schengen territory. The Commission acknowledged that these systems would
have considerable impacts in technical, nancial and data protection terms.81
78

79

80

81

Commission Decision C (2005) 409 of 28 February 2005, available at: http://ec.europa.eu/

justice_home/doc_centre/freetravel/documents/doc/c_2005_409_fr.pdf. There is no ocial
English translation of this decision since the United Kingdom and Ireland did not take part in
the adoption of this measure.
Draft Regulation amending the uniform visa and residence permits to include biometric data,
COM (2003) 558.
Proposal for a Regulation of the European Parliament and of the Council amending the
Common Consular Instructions on visas for diplomatic missions and consular posts in relation
to the introduction of biometrics, including provisions on the organisation of the reception and
processing of visa applications, COM (2006) 269, 31.5.2006.
COM (2006) 331, 28.6.2006. See also the Communication on the priorities in the ght against
illegal immigration, COM (2006) 402, 19.7.2006 in which the Commission announced to
publish a feasibility study for such an entry/exit system in 2007.

Other EU Databases Used in the Field of Immigration Control

137

5.2. Dierent Options with Regard to the Use of Biometric Data

In order to understand the relevancy of biometrics for EU policy, it is important to
dierentiate the following purposes for which identication based on biometrics
can be used: verication, authorisation and as a search tool.82
In the rst place, the storage of biometric data may be used for verication
purposes. A good example of this use is the aforementioned EC Regulation
2252/2004 on biometric passports and the proposal for including biometrics
in visa and residence permits. The storage of biometric data in a passport or visa
enables national authorities to verify whether a person holding this document
at cross-border or internal checks is the legal owner by comparing his or her
biometric features with the biometric data recorded in the document. Since the
1990s, the technology of biometrics has been in use in the United States and
Canada for identication purposes in administrative applications (identication
checks for driving licence applications) and applications for social welfare
assistance. Although the use of Eurodac is to be distinguished from verication
in the strict sense, in fact the ngerprints stored in this system are used for verifying whether this person has travelled or applied for asylum in another Member
State. Unlike other verication procedures, identication through Eurodac is
anonymous since it only provides information about the geographic movements
of the holder of the ngerprints.
The second option biometric identication used for authorisation procedures
is used, for example, by companies to control access by clients or employees to
their premises or to certain services. For example, at Schiphol airport in the
Netherlands, a so-called Privium chip card has been introduced to enable regular
travellers to cross the border swiftly using iris scanning.83 Starting experimentally
in October 2001, the use of this card was permanently authorised by the Dutch
Ministry of Justice in October 2002. Another example is the registration of personal information (including biometrics) in VIS in combination with the storage
of these data in an electronic visa. This use, which should prove that the person
holding the visa is the same as the person recorded in VIS, in fact authorises this
person to travel into and within an EU Member State.
82

83

Articles 2 (10) and 2 (11) of the VIS Proposal dene the meaning of verication and identication: Verication is the process of comparison of sets of data to establish the validity of a claimed
identity (one-to-one check). Identication is dened as the process of determining a persons identity through a database search against multiple sets of data (one-to-many check).
Only nationals of EEA countries + Switzerland can apply for an iris scan chip card. According to
information issued by the Privium company, third-country nationals holding a permanent residence permit of one of those countries are for the time being, unfortunately excluded from
this service, in accordance with the restrictions imposed by national law. Annual costs are 99
to 119. See http://www.schiphol.nl, visited in September 2006.

138

Chapter 5

Thirdly, identication through biometrics can be used as a search tool.

Dactylographic research has been an important tool for the police and crime
investigation authorities for more than a hundred years. The success rate of forensic research based on biometric data (ngerprints, DNA) depends on the amount
of data with which the item found/ngerprint can be compared. Therefore, law
enforcement authorities and internal security and intelligence services advocate
the maximum storage of biometric data. This lobbying for the wide and largescale registration of biometric data also takes place the EU level. SIS II, Eurodac
and VIS will allow law enforcement authorities and intelligence agencies to search
through the available information, using biometrics as primary search key.
5.3. Biometrics and the Rights of Individuals
Depending on the option used, the person concerned will not always be aware of
the moment when his or her personal data is retrieved and which databases are
searched. Using contactless technology, national authorities can carry out checks
on persons without their knowledge. The practical scope of such searches depends
on whether the biometric data are only contained on an individual card, or
whether the information is also stored in a central database. In the former case,
the authorities will only read the information included on the card; in the latter
case, the authorities may compare the information on the card with information
held in the database and even receive additional information through this database on the person concerned. Other important options to be considered when
dealing with the EU measures described above are whether the information is
accessible to many or only to a limited category of authorities. Is the information
stored on the card accessible to the individual concerned, in other words does the
person have any means of controlling this information? Is it possible to read
the information stored in passports, visa or residence permits without the knowledge of the card holder? The introduction of RFID or contactless machinereadable microchips as provided for in EU passports and possibly, in future, in
EU visas, seems to make this possible. It will be easier to read the information on
a document from a distance, with facial recognition used as biometric identier,
instead of ngerprints or iris recognition.
The advantages of contactless chip technology for migration control were
discussed during the discussions of the Council in June 2003.84 The use of this
technology would allow fast border controls and would make it possible to record
every border-crossing movement and the integration of this technology with VIS
84

Note from the Italian Presidency to the Visa Working Party of the Council describes in detail
the possibilities for using VIS, biometrics and contactless microchip technology. 10857/03,
24 June 2003.

Other EU Databases Used in the Field of Immigration Control

139

would allow the control of every alien. The extra costs of the introduction of
these technologies for the Member States could be passed on to the visa applicants.85 As we now know, this is what actually happened on the basis of the
Council Decision 2006/440 of June 2006, following which the fee for visa applications was raised from 35 to 60.86 According to recital (4) of this Decision,
the amount of 35 would no longer cover current visa application processing
costs, particularly because the consequences of the introduction of the European
Visa Information System (VIS) and the biometrics required to introduce VIS in
the visa application examining process should be taken into account.
Choices with regard to the introduction of biometrics as described above are
important, not only for the rights of the individual concerned (which will be
discussed in Part II), but also for the social acceptance of the use of biometrics.
For example, when a person knows that his data are only held on a personal
secure ID card and not in a central register, he may more easily accept the use of
this kind of control mechanism.87
5.4. Reliability of Biometrics
Technical specialists and (national and EU) Data Protection Authorities have
repeatedly expressed their concerns about the reliability of systems using
biometric data. The EDPS emphasised the technical imperfection of biometrics
in its opinion on the proposal for VIS, opposing the use of biometrics as a
primary search key.88 An important question for validating the choice of this
technology in EU measures is whether there is an acceptable balance between the
so-called false acceptance rate (FAR) and false rejection rate (FRR). According to
the EDPS, it is estimated that 5% of individuals are unable to enrol because
they have no readable ngerprints or no ngerprints at all. This would mean,
with regard to the use of VIS, which is expected to include data on 20 million
applicants by 2007, that 1 million persons cannot be checked using the normal

85

86

87

88

10857/03 Add 1, 18 September 2003. Other countries, including Finland, expressed their
doubts on the cost-eectiveness of the use of this technology. See Council doc. 12171/03,
8 September 2003.
Decision 2006/440/EC of 1 June 2006 amending Annex 12 to the Common Consular
Instructions and Annex 14a to the Common Manual on the fees to be charged corresponding to
the administrative costs of processing visa applications OJ L 175, 29.6.2006.
See also the report by J. Ashbourne, Societal Implications of the Wide Scale Introduction of
Biometrics and Identity Management, Background paper for the Euroscience Open Forum ESOF
2006 in Munich, July 2006, downloadable from http://www.statewatch.org/news/2006/jul/
biometrics-and-identity-management.pdf.
Opinion of the European Data Protection Supervisor on VIS, Brussels, 23 March 2005, see:
http://www.edps.europa.eu/12_en_opinions.htm.

140

Chapter 5

procedure. Secondly, with regard to biometrics, an error rate of 0.5 to 1% is

considered normal, which would mean a False Rejection Rate of 0.5 to 1% with
regard to measures and checks based on VIS. If only one percent of a targeted
group of 100,000 people per day suers from a false negative, this would cause
1000 people to be automatically (but wrongfully) stopped every day. The risk of
false recognition can be caused by the fact that biometric data such as ngerprints
may change over time.89
Furthermore, commentators stressed that the use of biometrics will not rule
out identity theft or forgery. Although biometrics prevent so-called identity substitution to a certain degree, the fraudulent issue of a genuine passport cannot
be prevented.90 This lack of security of new e-passports, to be introduced in a
number of EU Member States, was illustrated by a German computer security
expert in August 2006. During a conference in Las Vegas, this expert demonstrated how personal information stored in the documents could be copied and
transferred to another device, including fake passports.91
It seems that EU Member States deliberately did not assess the overall eects of
the dierent proposals providing for the use of biometrics. This can be concluded
from a Presidency note on the assessment of the state of the SIS II project, according to which the Member States want to have a transparent discussion on the
handling of biometric data in the framework of SIS II, but without broadening
it to a general discussion on the subject.92
5.5. Index on Criminal Records of Third-Country Nationals
Without going into detail on this more recent development, it is relevant to note
that in July 2006 the Commission adopted a proposal to improve the exchange
of information on criminal records within the European Union.93 The reason for
this index of third-country nationals would be the fact that the current exchange
of information on criminal convictions based on the 1959 Convention on
Mutual Assistance in Criminal Matters (Council of Europe) would not cover
nationals of countries which are not party to this Convention. The proposed
index would allow Member States to receive immediate conrmation of which
other Member State holds information about a third-country national. On the
basis of a persons identier, a national criminal record system can consult the
index and nd out whether the third-country national has a criminal record.
89

90
91
92
93

J. Wayman, Linking Persons to Documents with Biometrics. Biometric systems from the 1970s
to date, Keesing Journal of Documents & Identity, Issue 16, 2006, p. 14.
See further De Hert, Schreurs & Brouwer (2006).
L. Kirk, E-passports waste of money, says security expert, 7 August 2006, http://euobserver. com/.
9672/05, 2 June 2005.
COM (2006) 359, 4.7.2006.

Other EU Databases Used in the Field of Immigration Control

141

One of the options to be dealt with in the forthcoming preparatory work is the
possibility of adding a biometric search engine to allow for general searches on
biometrics.

6. Comparing SIS II, Eurodac and VIS

6.1. Central Databases, Immigrants and Biometrics
SIS II, Eurodac and VIS have the common feature of being centralised largescale databases, focussed on the registration of third-country nationals and that
they include biometric data. The set-up of these centralised databases is closely
related to the aim of the EU governments to acquire an additional tool or mechanism for controlling the entrance and movement of migrants. These migrants
include persons staying irregularly in their territory, asylum seekers and migrants
declared inadmissible by national authorities. SIS II, VIS and Eurodac will not
only be accessible at the external borders of Member States, but also within
the national territory and at the embassies and consulates of third countries.
This means that border control is performed at dierent levels: within the
country, at the internal94 and external borders, and at the consular post abroad.
The use of these EU databases implies a presumption concerning the legal or
virtual status of an individual. A third-country national reported in SIS II on the
basis of Article 24 of the Regulation is presumed inadmissible based on public
order or security grounds, or because he or she may have infringed national
immigration law. A hit based on Eurodac implies that the person concerned is
presumed to have arrived through the territory of another Member State and
thus may be sent back to this country. Finally, a person whose visa has expired,
according to the information stored in VIS, may be immediately expelled when
his or her VIS record is checked by a national authority.
A third common feature of SIS II, Eurodac, and VIS is that in the decisionmaking, the decisions on the technical feasibility of these systems preceded the
political decisions on the desirability or even necessity of these systems.95
The decisions to develop Eurodac, VIS and SIS II were taken without a fundamental discussion of the expected eciency of these systems, the consequences for
individual rights, or the balance between these interests. The legal and practical
implementations of large-scale EU-wide databases, including the use of biometrics,
were only dealt with as a matter of secondary concern or as a limiting condition.96
94
95
96

Based on the application of Article 2.2 CISA, see Chapter 2.

See, on the decision-making regarding Eurodac: Aus (2006), p. 15.
This will be discussed further in Part II.

142

Chapter 5

6.2. Dierences Between SIS, Eurodac, and VIS

Despite these common features, there are also dierences between the systems.
In the rst place, there is an important dierence with regard to the criteria based
on which an individual can be recorded. The inclusion of persons in SIS or SIS II
is based on the individual behaviour of a person, taking into account who is
likely to be a risk from the viewpoint of illegal immigration, security or criminal
oences.97 Since the Schengen rules do not give harmonised rules on the criteria
for having a third-country national reported in SIS, situations in which a person
can nd himself reported in SIS are to a certain extent arbitrary. Although individual behaviour is the basis for being registered in SIS II, the question of which
types of behaviour exactly produce this eect is still not transparent.98 This is particularly true when the person is reported by a Schengen State on the basis of
national provisions and that person is not informed of the data or the reasons
for this report. Furthermore, it is possible for SIS or SIS II to include soft
data on third-country nationals, in other words information of which the accuracy or correctness is not guaranteed. This is the case when data on third-country
nationals are recorded in SIS II on the basis of the criterion that there is a clear
indication that he or she intends to commit a serious criminal oence.99
In principle, registration in Eurodac includes every asylum seeker applying for
asylum in one of the Member States or every person entering the territory illegally. However, on the basis of the annual gures from Eurodac, one can see that
practical implementation is dierent for each EU Member State. The question of
when and which third-country nationals are ngerprinted for storage in Eurodac
is dependent on national policies and the practice of the national ocials in
question. Furthermore, unlike SIS II or VIS, Eurodac does not include personal
data: no name, address or date of birth: only the ngerprints of the person concerned and the place and date of arrival. Using the reference number in Eurodac,
the ngerprint data may however be connected to the personal information for
that person.
VIS will include data on each individual applying for a visa for one of the EU
countries and data on the EU or non-EU citizens inviting (or sponsoring) the
visa applicant. Since EU visa policy is based on the so-called visa lists, including
the third countries whose nationals are obliged to obtain a visa before entering
European territory, registration in VIS will only aect the nationals of those states.

97
98

99

Guild (2001), p. 35.

As we have seen in Chapter 4, the Regulation on SIS II stipulates that, before entering an alert
into SIS II on a third-country national, the authorities should perform an individual assessment
and proportionality test.
According to Article 96 CISA this was clear evidence.

Other EU Databases Used in the Field of Immigration Control

143

In practice, the majority of persons inviting the visa applicants will hold the
nationality of a third-country state or will originate from a third-country.
The selection of states to be placed on the visa lists can be compared with the
national decision to enter a record of a person as inadmissible into SIS. Whereas
the reporting of individuals in SIS is based on a prole of individual behaviour,
the EU visa list is based on a prole of countries. Is the country in question to be
considered a risk country with regard to illegal immigration or with regard to
the internal security of the Member States?100 In practice, the majority of the
individuals recorded in VIS will not imply any security risk at all.
6.3. Intelligence Tool or Administrative File?
SIS I was not set up for intelligence purposes unlike, for example, the Europol
databases. The SIS includes limited categories of personal data and, depending
on the aim for which the data are stored, these categories are only accessible to
the administrations which were authorised to use these data for their public tasks.
Secondly, the current SIS operates on a hit/no hit basis. This means that when
governmental administrations check whether a person has been reported to SIS,
they will in the rst place only obtain information on whether this is the case or
not. If the person is in SIS, the authorities can directly view, depending on the
reporting category, which action is to be taken. Although the EU Ministers
conrmed in June 2003 that this hit/no hit basis would be maintained for SIS,
we saw in Chapter 4 that the decisions adopted since then show that SIS II has
developed into a database for general intelligence purposes.
The primary function of Eurodac is purely administrative; it monitors only
when and in which country an asylum seeker has entered or applied for asylum.
Its purpose is to establish which country is responsible for the examination of the
application of an asylum seeker. Nevertheless, in combination with the other
European databases, Eurodac and the use of the ngerprints stored therein can
be easily used for other purposes as well.101
According to the plans for the European Visa Information System (VIS), this
will be a multifunctional system. The Commission and the Member States

100

101

R. Cholewinski, The EU Acquis on Irregular Migration: Reinforcing Security at the Expense of

Rights, EJML 2, 2000, p. 361405. See further on the EU visa policy and the criteria used for
placing third country on the black list or not: E. Guild, The Borders Abroad Visas and
Border Controls, in Groenendijk, Guild & Minderhoud (2003), pp. 87 104.
In June 2007, the JHA Council invited the European Commission to present as soon as
possible a proposal to amend the Eurodac Regulation, granting police and law enforcement
authorities and Europol access to Eurodac. 10002/07, 25 May 2007. See also JHA
Conclusions, 1213 June 2007, 10267/07 (Presse 125).

144

Chapter 5

described the multiple goals of this system: misuse of identity; prevention of

illegal immigration and visa shopping; implementation of Dublin II and the
ght against terrorism. Whereas the SIS is used to restrict the entry of unwanted
aliens into the Schengen territory, the purpose of VIS will be primarily to provide ocials and governments with knowledge of every person who is seeking
access to one of the EU countries, the persons inviting these third-country
nationals and persons crossing EU borders who do not leave before expiry of
their visas. An important incentive for governments to develop this latter system
was its use for safeguarding internal security. This goal has been facilitated by the
inclusion of biometrics, as well as by the registration of personal information on
every visa applicant in VIS. This means that VIS, although apparently set up as
an administrative le, will in practice function as an intelligence tool.
The reason I have focussed on these dierences in the central purpose and
features of SIS II, Eurodac and VIS is because this may become a crucial factor
when assessing the lawfulness or proportionality of the further use of these data
systems. This will be further elaborated in Part II of this study, dealing with the
legal rights of individuals.

Part II
Eective Remedies under European Law

Chapter 6
Data Processing and the Right to Privacy:
The Importance of Article 8 ECHR
The right to privacy is a widely recognized opacity tool to prohibit certain uses of
power. It may not be the strongest human right enlisted in the ECHR and it may
also well be that the reign of privacy in discourse is over, but nevertheless the right
is there and has its proper place: prohibiting the uses of powers in spheres intimately
linked with the development of the individual and especially when these powers
make use of new technology.1

1. Introduction
When considering the storage and use of personal information, the rights of
individuals are generally dened in terms of data protection and privacy.
Although these rights are closely related, I prefer to describe the right to privacy
or private life separately from the right to data protection. The following sections
examine the jurisprudence of the European Court of Human Rights (ECtHR)
on Article 8 of the European Convention on Human Rights (ECHR), dealing
with the claim that data processing measures or the use of databases may interfere
with the right to privacy.
In this Chapter, I will not try give a detailed analysis of the content of the
right to privacy.2 The purpose of the following sections is merely to describe
the general criteria resulting from the jurisprudence of the ECtHR on Article 8

P. de Hert & S. Guthwirth, Making sense of privacy and data protection: a prospective overview
in the light of the future identity, location-based services and virtual residence, Annex 1 to the
report Security and Privacy for the Citizen in the Post-September 11 Digital Age: A Prospective
Overview, Technical Report Series, Institute for Prospective Technological studies, EUR 20823
EN, July 2003, p. 144.
For this purpose, I refer to general literature: P.H. Blok, Het recht op privacy. Onderzoek naar de
betekenis van het begrip privacy in het Nederlandse en Amerikaanse recht, The Hague: Boom
Juridische Uitgevers 2002; E. Barendt (ed.), Privacy, Aldershot: Ashgate 2001; F. Rigaux, La
protection de la vie prive et des autres biens de la personnalit, Brussels: mile Bruylant 1990;
P. Kayser, La protection de la vie prive, Marseille: Presse universitaires dAix-Marseille 1990.

Evelien Brouwer, Digital Borders and Real Rights, pp. 147176.

2008 Koninklijke Brill NV. Printed in the Netherlands.

148

Chapter 6

ECHR in the eld of governmental measures on the use of personal information.

When does Article 8 ECHR apply and what are the criteria as formulated by the
ECtHR with regard to the availability of eective remedies in order to protect
the right to privacy? The aim of this Chapter is to discover when Article 8 ECHR
becomes relevant for the actual theme of this research: the use of SIS and other
EU databases used for immigration and border control.
Before going into the jurisprudence of the Strasbourg Court, I will briey
summarise which role the right to privacy or private life has been given in the
decision making process on EU data bases and data processing.

2. Taking Article 8 ECHR into Account in EU Policy

2.1. SIS and SIS II
In the discussions on the establishment of SIS I, the right to private life as protected in Article 8 ECHR did not play an explicit role. When considering
the protection of the rights of individuals, even if this was often referred to as
privacy rights, both negotiators and commentators focussed on the necessary
safeguards as provided for in data protection law.3 As we will see in the next
chapter, thanks to active lobbying by data protection authorities, the nal text of
CISA included explicit provisions on data protection to safeguard the rights of
data subjects and referred to the Council of Europe Data Protection Convention
of 1981 and the Recommendation on Police Files as basic principles to be implemented by the Schengen States. Even if these instruments of the Council of
Europe are based on the right to private life as protected in Article 8 ECHR, the
real consequences of the development of the use of a large database for the individuals right to private life were not further explored by the Schengen states.
During the debate on the approval act of the CISA, members of the Dutch parliament questioned the Minister of Justice on whether the criteria for reporting
persons in the NSIS were in accordance with the right to privacy as protected in
Article 8 ECHR.4 More specically, they asked whether the reasons for registration complied with the criterion of necessary in a democratic society of Article 8
(see below). The Minister of Justice answered initially that this was a relevant
question for the interpretation of Article 96 CISA but at that moment he was
not able to answer this question. Pressed by the members of parliament for a further response, the Minister later stated that, when drafting the provisions of
3

L.F.M Verhey, Privacy aspecten van de uitvoeringsovereenkomst van het akkoord van Schengen,
NJB 31 January 1991, no. 5, p. 217.
Handelingen Tweede Kamer (Dutch Lower House of Parliament), 19911992, 22 140, no. 11, p. 35.

Data Processing and the Right to Privacy

149

CISA, the Schengen States would have checked each alert to see whether the
criteria were in conformity with the principle of necessity.5
During the development of the second generation SIS, the right to privacy
was only marginally discussed and mostly the rights of individuals were considered in terms of data protection. Not until 2004, in a discussion paper concerning the opinion of the Joint Supervisory Authority on the development of SIS II,
did the Dutch government, as EU Council president, propose facilitating a
debate on the future purpose of the SIS. In this paper, the Dutch Presidency
explicitly referred to issues of transparency and privacy and questioned whether
the other Member States considered it necessary to incorporate a privacy assessment into the development of SIS II.6 To my knowledge, this inquiry has never
been followed up and, at least in the accessible documents, the issue of privacy
has never been dealt with further. With regard to the use of biometrics in SIS II,
we have seen above that the negotiating partners even explicitly refused to have a
general discussion on the impact of the use of biometric data.7
2.2. Eurodac
Comparable with the development of SIS I and SIS II, the discussions on the
necessity for individual protection at international level concerning Eurodac were
limited to data protection issues. However, at the national level, more attention
has been paid to the relationship between Eurodac and the right to privacy.8
NGOs in particular raised concerns both over the fact that Eurodac implied the
ngerprinting of a large and specic group of people and that the persons to be
registered were entirely innocent and not suspected of any crime. In the United
Kingdom, the application of Article 8 ECHR was raised by the organisation
Justice in its comments to the protocol extending the use of Eurodac to illegal
immigrants.9 In the report on Eurodac of 1999, the Select Committee of the
House of Lords made it clear that there was little doubt about that compulsory
ngerprinting interferes with the right to respect for private life in Article 8 (1) of
the European Convention on Human Rights.10 The Select Committee especially

6
7
8

9
10

Cited in the comments of the NGO, the Dutch Commission of Lawyers for Human Rights
(Nederlands Juristen Comit voor de Mensenrechten, NJCM), Spring 1992 (authors archive).
11055/04, 5 July 2004.
9672/05, 2 June 2005, referred to in Chapter 5.
In literature, the application of Article 8 ECHR has been raised in: Birgit Schrder, Das Fingerabdruckvergleichssystem Eurodac, ZAR 2/2001, p. 7176. See also my article, Eurodac: Its
Limitations and Temptations, EJML 4, 2002, p. 231247.
JUSTICE, Letter of 3 March 1999.
House of Lords, Select Committee on European Communities (Sub-Committee E), Tenth
Report, Fingerprinting Illegal Immigrants: Extending the Eurodac Convention. 8 June 1999, p. 21.

150

Chapter 6

questioned the justication for the ngerprinting and whether the governments
had suciently established the need and proportionality of this ngerprinting
(including the ngerprinting of illegal immigrants). In this report, the Select
Committee emphasised the Europe-wide impact of Eurodac, partly because of the
fact that ngerprinting is compulsory for the persons concerned.
During the parliamentary discussions in the Netherlands on Eurodac, the question of whether there was a breach of Article 8 ECHR was dealt with on the basis
of comments by the Dutch NGO, the Meijers Committee.11 According to this
NGO, there were no legitimate grounds for the general ngerprinting of every asylum seeker and illegal immigrant as provided in the Eurodac Convention. During
the parliamentary questions, the Minister of Justice argued that since ngerprinting
was desirable for the purposes of the Dublin Convention (see above), this measure
would be in accordance with the grounds for limitations in Article 8 (2) ECHR.12
It should be noted here that it is doubtful whether the criterion desirable meets
the criterion of necessary for a democratic society.
2.3. VIS
During the development of the Visa Information System (VIS) an assessment of
the impact on privacy and human rights was included in the Extended Impact
Assessment published in 2004, together with the proposal for a VIS Regulation.13
To compare the costs of the alternative policy options with regard to the establishment of VIS, this report described the impact on privacy and human rights
alongside nancial costs, opportunity costs, retaliation costs and reductions
in business travel and tourism. Both with regard to the option of an entry/exit
system based on VIS (checking persons whenever they enter or leave the territory)
and the establishment of VIS including biometrics, the Impact Assessment study
emphasised their extensive impact on the protection of the right to privacy:
Impact on privacy and human rights would be extensive, and there would be a
substantial need to meet personal data requirements. The collection, storage and
use of highly personalised and sensitive data, such as biometrics of all travellers
applying for a visa to enter the territory of the Schengen states, would raise concerns over the proper use and protection of personal data of travellers on such a
massive scale.14 According to the Extended Impact Assessment on VIS, The
principles of proportionate and fair use of personal data and high security in the

11

12
13
14

Letters to the Dutch Parliament and the Minister of Justice on the Eurodac Convention, CM98026, 24 February 1998 and CM98-094, 18 June 1998.
Handelingen Tweede Kamer, 19971998, 23 490, nos. 92 and 97.
SEC (2004) 1628, 28 December 2004, EPEC Final report, December 2004.
See p. 37 and 45.

Data Processing and the Right to Privacy

151

system would have to be considered carefully. In particular, the principles of proportionality and the necessity for storage and processing would have to be implemented in full.15 Furthermore, according to this report, the impact on privacy will
depend on what biometrics are taken, for how long they are stored and which
authorities will have access to the data. The drafters of the Impact Assessment
Report did not refer to Article 8 ECHR.
The Commission, when publishing the proposal on the VIS Regulation,
seemed not to take into account the concerns on the possible impact of VIS,
including biometrics, for the right to privacy as mentioned in the Extended
Impact Assessment Study. In the proposed preamble (20) to the proposal for the
VIS Regulation, it was only stressed that the Regulation respects the fundamental rights and observes the principles recognised in particular by the Charter of
Fundamental Rights of the European Union.16 In the explanatory memorandum,
the Commission did not mention the right to privacy, but only considered that
in view of the related sensitive issues for the protection of personal data, inter
alia the consultation of the Article 29 Working Party is required. With this conclusion, the Commission disregarded the fact that the specic concerns mentioned in the impact assessment were already based on an earlier and critical
opinion expressed by the Working Party on the use of biometrics.17
In their opinions on the development of VIS and related issues, the EDPS and
the Article 29 Working Party explicitly considered the impact of these developments on the right to privacy. The EDPS referred to Article 8 ECHR when considering the purpose and proportionality of the VIS. According to the EDPS, in
the light of Article 8 ECHR and the general data protection framework, the purpose of VIS would be of crucial importance and all the elements of the VIS
must be necessary and proportional instruments to reach this policy goal in the
interest of the common visa policy. Although the EDPS dened safeguards
regarding the use of VIS and especially the incorporation of biometrics, it did
not give any detailed analysis on the criteria derived from Article 8 ECHR.
The Article 29 Data Protection Working Party considered more elaborately
the scope and applicability of Article 8 ECHR with regard to the establishment
of VIS.18 This Data Protection Working Party was especially concerned about the
far-reaching consequences of the large-scale collection and processing of personal

15

16
17

18

Study for the Extended Impact Assessment of VIS, SEC (2004) 1628, 28 December 2004,
EPEC Final report, December 2004. p. 45.
COM (2004) 0287, 28.12.2004.
The Article 29 Working Party is an independent European advisory body on data protection.
See the Working Document on biometrics, WP 80, 1 August 2003. http://europa.eu.int/
comm/justice_home/fsj/privacy/workinggroup.
Opinion 1022/05/EN, WP 110, 23 June 2005.

152

Chapter 6

data on individual human rights, in particular the right to privacy. The Working
Party criticised the multipurpose structure of VIS, including the use of biometrics, and questioned whether this would meet the criteria of proportionality and
necessity on the protection of the right to privacy as developed by the European
Courts, in this case both the ECtHR and the European Court of Justice (ECJ).
In their opinions, both the EDPS and the Working Party referred to the judgment of the ECJ in the case of sterreichischer Rundfunk and others.19 In this
judgment, the ECJ explicitly applied Article 8 ECHR in application of EC
Directive 95/46 on the protection of personal data. The ECJ conrmed that the
processing of personal data may constitute an interference with the right to private life as protected by Article 8 of the ECHR; this interference must be in
accordance with the law and necessary in a democratic society for a legitimate
aim. According to the ECJ, where the provisions of the EC Directive allow for a
limitation of the rights of the data subjects, the criteria of Article 8 ECHR (and
their interpretation by the ECtHR) should be applied to assess rstly whether
the applicable legislation interferes with the right to private life and, if so, whether
that interference is justied from the point of view of Article 8 ECHR.

3. Article 8 ECHR and Data Processing: When is there

an Interference with the Right to Private Life?
Article 8 ECHR reads:
1. Everyone has the right to respect for his private and family life, his home and
his correspondence.
2. There shall be no interference by a public authority with the exercise of this right
except such as is in accordance with the law and is necessary in a democraticsociety in the interests of national security, public safety or the economic well-being
of the country, for the prevention of disorder or crime, for the protection of
health or morals, or for the protection of the rights and freedoms of others.
It is not easy to make a comprehensive analysis of the jurisprudence of the ECtHR
on Article 8 ECHR. Since every case in which the Strasbourg Court has dealt
with this human right has its own specic features, it is not always possible to
reach general conclusions.20 In its judgments, the ECtHR repeatedly stressed that

19

20

Rechnungshof v. sterreichischer Rundfunk and Others (also referred to as Rechnungshof case), Joint
Aairs C-465/00, C-138/01 and C-139/01, ECR I-4989 7183. See further Chapter 7.
See also L.A. Bygrave, Data Protection pursuant to the Right to Privacy in Human Rights
Treaties, International Journal of Law and Information Technology, 1998, vol. 6, p. 247284.

Data Processing and the Right to Privacy

153

a clear-cut denition of the right to private life is impossible: private life should
be considered as a broad term which is not susceptible to an exhaustive denition.21 In general, the ECtHR made it clear that one of the purposes of the right
to private life is to protect the right to identity and personal development. This
protection should not be limited to the private sphere or the home of the individual since, in the words of the ECtHR, Article 8 ECHR also protects the right to
establish and develop relationships with other human beings and the outside
world and it may include activities of a professional or business nature.22
In dierent judgments, the ECtHR concluded that the right to private life was
infringed by the collection, registration or use of personal information. With
regard to public registrations, the ECtHR considered elements such as gender
identication, name, sexual orientation and sexual life as important elements of
the personal sphere protected by Article 8. However, it is clear that this is not
meant to be a limitative list.23 In the following sections, I will apply the scheme
which is generally used by the ECtHR to establish whether, when dealing with
data processing, there is a breach of Article 8 ECHR: is there an interference
with the right to private life; is the interference in accordance with the law, and is
this interference necessary in a democratic society? Only when it is established
that Article 8 ECHR applies and there is an infringement of someones right to
private life, can we consider which legal remedies should be provided for by the
national legislator.
3.1. Secret Police and Security Files: Leander and Segerstedt-Wiberg
The rst case in which the ECtHR was asked to rule on the relationship between
the recording of personal data by the government and the right to private life is
the Leander v. Sweden judgment of 26 March 1987.24 This case dealt with information stored in secret police les, which was used by the applicants employer,
the board of the Naval Museum, where he was temporarily hired as a museum
technician. Based on this information, Mr. Leander was told to leave his work
before the expiry of his contract. Leander, who had previously been a member of
the Swedish Communist Party and of a soldiers union, was not informed of the
reasons for this decision. The ECtHR found it uncontested that the secret police
le contained information relating to the applicants private life. Both the storage
and release of data concerning his private life in a secret police le and communication of these data to employers, coupled with the refusal to allow the applicant
21

22
23
24

In P.G. and J.H. v. the United Kingdom, 25 September 2001 no. 44787/98, 56, Reports 2001IX and also Peck v. UK, 28 January 2003, appl. no. 44647/98, Reports 2003-I. 57.
Niemietz v. Germany, 16 December 1992, appl. no. 13710/88, Series A, no. 251-B, 29.
P.G. and J.H. v. the United Kingdom, 56 and Peck v. United Kingdom, 57.
Leander v. Sweden, 26 March 1987, appl. no. 9248/81, Series A, no.116.

154

Chapter 6

the opportunity to refute them, amounted to an interference with his right to

privacy as guaranteed in Article 8.25
Almost twenty years later, after publication of the Leander judgment, the
ECtHR ruled in a comparable case which also dealt with secret police les in
Sweden (Segerstedt-Wiberg and others v. Sweden).26 This judgment concerned ve
Swedish nationals who complained about the storage of their information in les
belonging to the national security agencies. The ECtHR concluded, with regard
to four applicants that the continued storage of the information (in one case up
to 30 years), constituted a violation of Article 8 ECHR and Article 10 ECHR
regarding the freedom of information. With regard to the rst applicant, the
ECtHR found that there was no violation of Article 8 since the data was held for
the safety of the applicant herself, a former member of the Swedish Parliament
who had been the subject of a bomb threat. The ECtHR found that, for the
other applicants, there had been a disproportionate breach of their right to private life, not only because of the long period during which the data had been
kept on le, but also because of the absence of a current, relevant threat to
national security. The infringement of the right of freedom of information was
based on the fact that the data collection, in particular, concerned the political
opinions and activities of the applicants. As we will see below, the ECtHR also
considered the (lack of ) eectiveness of the applicable remedies and the (lack of )
powers of the national data protection authority.
In Rotaru v. Romania (see also below), the ECtHR assessed the lawfulness of
les held by the Romanian Intelligence Service.27 This case concerned the claim
from a Romanian lawyer who had started proceedings against the Romanian
Intelligence Service with regard to les including information on his alleged
membership of a legionnaire movement and on the publication of two antigovernment pamphlets. From these les, the applicant claimed, the Intelligence
Service had provided information to the Romanian Minister of the Interior.
In its judgment, the Strasbourg Court made it very clear that Mr. Rotarus right
to private life had been infringed even though, as set forth by the Romanian government, the information concerned his public life. According to the government, the applicant had waived his right to anonymity by engaging in political
activities and publishing pamphlets. This argument was rejected by the ECtHR.
Referring to its earlier judgment in the Leander case, the ECtHR emphasised
that the storage of information about an individuals private life in a secret register and the release of such information fall within the scope of Article 8. Repeating
25
26

27

Leander v. Sweden, 48. As we see below, the ECtHR did not nd any breach of Article 8 ECHR.
Segerstedt-Wiberg and others v. Sweden, 6 June 2006, appl. no. 62332/00. Published in EHRC
2006, 89 with annotation of Jan Peter Loof.
Rotaru v. Romania, 4 May 2000, appl. no. 28341/95, Reports 2000-V.

Data Processing and the Right to Privacy

155

its earlier conclusions in Niemietz v. Germany, the ECtHR made it clear that
respect for private life must also comprise, to a certain degree, the right to establish and develop relationships with other persons.
3.2. Child care Records, Health and Gender Information:
Gaskin, Z and Goodwin
In 1989, the ECtHR applied Article 8 ECHR for the second time directly to
personal data les in the public sector in the case Gaskin v. the United Kingdom.28
This case concerned the question of whether the right to private life as protected
in Article 8 ECtHR included the right to have access to his or her personal information. In his youth, Mr. Gaskin was in the care of the Liverpool City Council.
During his procedure before the national authorities and, nally, before the
ECtHR he complained about the refusal by the local authorities to give him
access to information concerning his youth. The municipal child care organisation which held this information made access to this le dependent on the
authorisation of the applicants mother. The government justied the refusal to
give Gaskin access to his information by stating that these les also contained
information on other persons whose privacy had to be protected. In its judgment, the ECtHR referred to the earlier conclusion of the Commission that the
les at stake unquestionably contained information concerning highly personal
aspects of the applicants childhood, development and history and thus could
constitute his principal source of information about his past and formative years.
The ECtHR conrmed the importance for the applicant to have access to the
les concerning his youth ( 37). The ECtHR made it clear that this conclusion
applied only with regard to this specic case and the ECtHR did not intend to
formulate a more general principle. Despite this restriction, the judgment has
been considered an important development in the recognition of the right to
access as one of the positive duties of governments with regard to the application
of Article 8 ECHR to public les.
In Z v. Finland (1997), the ECtHR dealt with the appeal of Z. against the disclosure of his health records, including information on his HIV infection.29 This
information was revealed during court proceedings without the applicants consent. In this judgment, the ECtHR referred for the rst time explicitly to the
obligations of the Data Protection Convention of 1981. The ECtHR concluded
there was a breach of 8 ECHR, especially based on the fact that this case concerned the disclosure of medical les, including the information on the applicants HIV infection. According to the ECtHR, the protection of personal data,
not least medical data, is of fundamental importance to a persons enjoyment of
28
29

Gaskin v. the United Kingdom, 7 July 1989, appl. no. 10454/83 Series A, 160.
Z v. Finland, 25 February 1997, appl. no. 22009/93, Reports 1997-I, 95100.

156

Chapter 6

his or her right to respect for private life and family life as protected in Article 8
of the Convention. In this conclusion, the ECtHR referred to the more general
function of condentiality in the health sector, by stating that the reason for this
protection and the respect for condentiality is not only to protect the privacy of
the person concerned, but also his or her condence in the medical profession
and in the health services in general.
Finally, at this point, one could refer to the jurisprudence of the ECtHR with
regard to claims from transsexuals to have the information concerning their sex
changed in public les, as well as birth certicates, identity cards or driving
licences. Initially, the national authorities were given a wide margin of appreciation because of the lack of general consent in the European States with regard to
the acceptance of transsexuality.30 Since 1986, the ECtHR, having regard to scientic and societal developments, emphasised the need to keep appropriate legal
measures under review.31 In 2002, in Goodwin v. UK, the ECtHR considered
that, on the basis of more current developments, the duties of a national state to
recognise and legalise a change of sex in governmental les on transsexuals could
be more strictly dened.32
Although the type of information dealt with in the case law described above
does not directly relate to the subject of my research, these judgments illustrate
the close relationship between the storage or disclosure of personal information
and the individual right to respect for private life. In these judgments, the ECtHR
emphasised the special responsibility of public authorities with regard to the storage and processing of sensitive information such as medical data or gender information. As we will see in Chapter 7, section 5.3, data protection law includes
extra safeguards with regard to the processing of sensitive data or special categories of data, such as data on ethnicity, gender, sexual life, political opinions or the
religion of the person. The special responsibility of the data processor towards sensitive data can be explained rstly by the fact that the information at stake, for
example medical data, as well as information about a persons youth, as in the
Gaskin case, belongs to the core of a persons private life. It is exactly this kind of
information that individuals generally do not wish to disclose to others. The other

30

31

32

Rees v. the United Kingdom, 17 October 1986, appl. no. 8532/81, Series A, 106; Cossey v. the
United Kingdom, 27 September 1990, appl. no. 10843/84, Series A, 184 (the latter judgment
contained a very strong dissenting opinion by Judge Martens).
Sheeld and Horsham v. the United Kingdom, 30 July 1998, appl. no. 22985/93; 23990/94,
Reports 1998-V, 60.
Christine Goodwin v. the United Kingdom, 11 July 2002, appl. no. 28957/95 (unreported), see
93: Since there are no signicant factors of public interest to weigh against the interest of this
individual applicant in obtaining legal recognition of her gender re-assignment, it reaches the
conclusion that the fair balance that is inherent in the Convention now tilts decisively in favour
of the applicant.

Data Processing and the Right to Privacy

157

reason why sensitive information needs extra protection is that the use of this
information more easily results in discrimination against the person concerned. It
is no coincidence that the principle of non-discrimination in Article 14 ECHR or
Article 13 of the EC Treaty includes more or less the same grounds as a basis for
prohibiting discrimination. In my view, it is clear that this special responsibility of
national authorities for certain categories of data also concerns the use of biometrics and data on the nationality and the ethnic origin for the purposes of identity
controls or visa applications.
3.3. Systematic Collection and Storage of Personal Information
by Public Authorities: Amann and Rotaru
In several judgments, the ECtHR applied Article 8 ECHR on the basis of the criterion that there is systematic collection and storage of data. One very important
decision is the judgment of 16 February 2000 in Amann v. Switzerland, since this
gives a broad interpretation of Article 8 with regard to les held by the government.33 In this interpretation, Article 8 applies to the storage of information
relating to an individuals private life by a public authority, regardless of the sensitivity of the data and regardless of the use that is eectively being made by third
parties.34 In this case, the ECtHR again referred to the Data Protection
Convention. The applicant in this case was a Swiss salesman of depilatory appliances, which he advertised in magazines. In 1981, a woman telephoned from
the Soviet embassy in Bern to order one of his items: the Perma Tweez appliance. This telephone call was intercepted by the Federal Public Prosecutors Oce
(Bundesanwaltschaft) in Switzerland. Later, the Public Prosecutors Oce drew up
a card on the applicant for its national security card index on the basis of the particulars provided by the police of the Canton of Zrich. When, in 1990, the public was informed of the existence of the card index held by the Public Prosecutors
Oce, many people, including the applicant, asked to see their cards. On 9 March
1992, the applicant led an administrative law procedure with the Federal Court,
claiming compensation from the Confederation of 5,000 Swiss francs for the
unlawful registration of his particulars in the card index held by the Public
Prosecutors Oce. He also requested that his le and card be sent immediately
to the Federal Archives with a ban on making any copies and that the authorities
be ordered to store the information under lock and key and not to disclose any of
it without his agreement. His application was rejected by the Federal Court but,
in 1996, the applicants card was removed from the card index and transferred to
the Federal Archives, where it cannot be consulted for fty years.

33
34

Amann v. Switzerland of 16 February 2000, appl. no. 27798/95, Reports 2000-II.

Ibid., 6870.

158

Chapter 6

In this judgment, the ECtHR gave a broad interpretation of the right to private life, by explicitly rejecting the reasons given by the Swiss government for
limiting the scope of Article 8 ECHR. In the rst place, the ECtHR emphasised,
by referring to its earlier conclusions in the Niemietz case, that there is no reason
in principle to justify excluding activities of a professional or business nature
from the notion of private life. Since the right to respect for private life comprises the right to establish and develop relationships with other human beings,
this right should inherently be extended to the public sphere. The ECtHR explicitly concludes that such a broad interpretation corresponds to that of the Council
of Europes Data Protection Convention of 28 January 1981. Secondly, the
ECtHR rejected the submission of the Swiss government that the le in question
did not contain sensitive data. In fact, the card only included the information
that the applicant had contact with the Russian embassy and was doing
business of various kinds with the [A.] company. However, other (censored)
information which was held on the card was not disclosed to the applicant.
Furthermore, the applicants lawyers submitted that the codes used on the card
(1153: 0) (614) referred to the meaning communist country (1), Soviet
Union (153), espionage established (0) and various contacts with the Eastern
bloc (614) (see 22 of the judgment). Thirdly, the Swiss government contended that the applicants private life would not in any way have been inconvenienced as a result of the creation and storage of his card, which in all probability
[has] never been consulted by a third party. The ECtHR countered this
argument, noting that it is not for the ECtHR to speculate as to whether the
information gathered on the applicant was sensitive or not or as to whether the
applicant had been inconvenienced in any way. The Strasbourg Court found it
sucient to nd that data relating to the private life of an individual were stored
by a public authority in order to conclude that the creation and storage of the
impugned card amounted to an interference within the meaning of Article 8,
irrespective of whether this information was subsequently used.35
The refuted practices of the Swiss authorities in the Amann case can be compared with the practice of data proling or the collection of data on a group of
persons based on certain common criteria rather than based on their individual
behaviour. In the case of Amann, the extra surveillance measures by the Swiss
authorities and the creation of a card were only based on two suspicious facts.
Firstly, the Swiss authorities were monitoring all phone lines from the (former)
Soviet embassy. Secondly, the Swiss authorities suspected the content of the
phone call, unfamiliar as they were with the Perma Tweez appliance in which
the applicant was trading. The ECtHR made it clear that the creation of the card

35

Ibid., 6970.

Data Processing and the Right to Privacy

159

le, regardless of whether or not the information was subsequently used, must be
considered a breach of Article 8 ECHR.
In its judgment Rotaru v. Romania, the ECtHR referred more explicitly to the
criterion of systematic collection and storage.36 According to the ECtHR, even
public information may fall within the scope of private life when it is systematically collected and stored in les held by the authorities. This would be all the
more true when such information concerns a persons distant past. With regard
to this particular case, the ECtHR noted that the refuted letter from the
Romanian Security Agency contained various pieces of information about the
applicants life, in particular his studies, his political activities and his criminal
record, some of which had been gathered more than fty years earlier. In the
ECtHRs opinion, such information, when systematically collected and stored in
a le held by agents of the State, falls within the scope of private life for the
purposes of Article 8 (1) ECHR. According to the ECtHR, this was all the more
true since the information at stake had been declared false and was likely to
damage the applicants reputation.
The criterion that even information belonging in the public domain may fall
within the protection of a persons private life, once systematically stored, was
also used in the judgment in P.G. and J.H. v. UK (see below) and in SegerstedtWiberg v. Sweden.37
3.4. Recording of Voices and Video Images Collected
in the Public Domain: P.G. and J.H. v. UK
In the case of P.G. and J.H. v. UK, a conversation between the two applicants had
been recorded secretly while they were being charged at a police station and after
they had refused to provide voice samples voluntarily. In this case, the UK government submitted that the subject of these recorded conversations did not contain any private or substantive information and, therefore, the recording did not
include any infringement of the right to private life. This argument was rejected
by the ECtHR, considering that there is a zone of interaction between a person
and others, even in a public context, which may fall within the scope of private
life. Even if the applicants only answered formal questions in a place where police
ocers were listening to them, the recording and analysis of their voices on this
occasion was, according to the ECtHR, still to be regarded as the processing of

36

37

Rotaru v. Romania, 4 May 2000, appl. no. 28341/95, Reports 2000-V, 4344. See further
section 6.4.2 below.
P.G. and J.H. v. the United Kingdom, 25 September 2001, appl. no. 44787/98, Reports 2001-IX,
11. See also Perry v. the United Kingdom, 17 July 2003, appl. no. 63737/00, Reports 2003-IX,
38 and Segerstedt-Wiberg, 72.

160

Chapter 6

personal data about the applicants.38 Referring to its earlier judgments (including
the Rotaru and the Amann cases), the ECtHR held that private life considerations may arise once any systematic or permanent recording comes into existence of such material of the public domain. Furthermore, the ECtHR held that
even if information has not been gathered by any intrusive or covert method,
Article 8 ECHR would still apply.
Both in the Perry v. UK and Peck v. UK judgments, the ECtHR dealt with the
recording and storage of video images by the police and the question of whether
these practices constituted an infringement of an individuals right to private life.
The Perry v. the United Kingdom judgment concerned a claim by a person who
had been arrested and charged with robbery.39 During his interrogation at the
police station, the police authorities had lmed him secretly after he had refused
to participate in an identication parade. This lming using custody suite
camera was then shown to the witnesses at the identication parade. The permanent recording of the footage and its inclusion in a montage for further use was
regarded as the processing or collecting of personal data about the applicant.
As we will see below, its subsequent unforeseen use was considered in breach of
Article 8 ECHR. In Peck v. United Kingdom (see below), the ECtHR concluded
that the further use of video surveillance by the police also violated the right to
private life of the applicant.40
3.5. Administrative Data: Malone
In Klass v. Germany, the ECtHR ruled that telephone calls fall within the meaning of private life and correspondence of Article 8 ECHR.41 In the Malone case,
the ECtHR went further by nding that not only the content of telephone calls,
but also the administrative data concerning telephone calls (number dialled,
duration and costs of call) form an integral part of the protected telephone communication.42 Therefore, according to the ECtHR, communication of these data
without the prior consent of the person concerned also caused a breach of the
right protected in Article 8 ECHR.
3.6. Use of Information Beyond What is Normally
Foreseeable: Perry, Peck and Lupker
In cases where the data had not been obtained voluntarily or in circumstances
where it could reasonably be anticipated that it would be recorded and used for
38
39
40
41
42

P.G. and J.H. v. the United Kingdom, 5456.

Perry v. the United Kingdom, 3336.
Peck v. UK, 28 January 2003, appl. no. 44647/98, Reports 2003-I.
Klass v. Germany, 6 September 1978, appl. no. 5029/71, Series A, 28.
Malone v. UK, 2 August 1984, appl. no. 8691/79, Series A, 82, 84.

Data Processing and the Right to Privacy

161

identication purposes, the ECtHR concluded there was interference with the
applicants right to respect for private life.43 The ECtHR referred in this judgment to decisions of the Commission in Lupker v. the Netherlands and Friedl v.
Austria, dealing with the unforeseen use by the authorities of photographs which
had previously been voluntarily submitted by the applicants.44 According to the
Commission in the Lupker case, the question of whether photographs were
legally used by the police in identication albums depended on whether they
were obtained voluntarily or under circumstances were it could reasonably be
anticipated that they would be recorded and used for identication purposes.
In the case of Perry v. the UK, neither the applicant nor his solicitor was
informed of the making of this video, nor of the fact that this video was shown
to witnesses during an identication parade. According to the ECtHR, the
ploy adopted by the police went beyond the normal or expected use of this
type of camera (security cameras). In the judgment Peck v. United Kingdom of
28 January 2003, the applicant complained about the publication in the media
of police video images, which were recorded by CCTV cameras on the street.45
This video surveillance had actually saved the life of the applicant, since it
resulted in the involvement of the police which prevented him committing suicide. The ECtHR decided that the disclosure of these records to the media was
beyond what was normally foreseeable and therefore interfered with his right to
private life.
3.7. Passports and Identication Measures: Smirnova and letmi
Finally, I refer to two judgments in which the ECtHR dealt with the withdrawal
of passports. Although the considerations of the Strasbourg Court on the consequences of the withdrawal of identication papers on the individual right to private life are not directly related to the issue of data processing, they become
relevant when the use of large EU databases is closely, not to say inextricably,
linked to identication measures.
The rst judgment, Smirnova v. Russia, concerned the case of Russian twin sisters who were prosecuted and charged with fraud by the Moscow authorities.
After being discharged, they complained about the violation of their rights under
both Article 5 and Article 6 (1) ECHR with regard to the way they were treated

43
44

45

Perry v. United Kingdom, 4143.

Lupker and others v. the Netherlands, Commission decision of 7 December 1992, appl. no.
18395/91, unreported, and Friedl v. Austria, 31 January 1995 (decision of the Court to strike
the case from the list, amicable settlement), appl. no. 15225/89, Series A, 305B. See the
Commission report of 19 May 1994, 4952.
Peck v. UK, 28 January 2003, appl. no. 44647/98, Reports 2003-I.

162

Chapter 6

during the criminal proceedings.46 One of the sisters also lodged an appeal on the
basis of Article 8 ECHR, for the fact that during the proceedings between 1995
and 1999, her passport was withheld by the Russian authorities. The authorities
justied withholding the passport by the fact that the twins had used their similar appearance several times to confuse the investigating authorities. After recalling that private life is a broad term not susceptible to exhaustive denition, the
ECtHR concluded in this judgment that the conscation of the passport constituted continuing interference with the applicants private life ( 97). The ECtHR
underlined the direct relationship between the obligation upon citizens to identify themselves at various moments and locations with the right to private life.
Even if the applicant could not substantiate one specic event which would have
constituted disrespect for her private life, the ECtHR considered that it was
established that the applicants private life was infringed by a number of everyday inconveniences taken in their entirety which lasted between 1995 and 1999
( 96). The ECtHR considered explicitly that in their every day life, Russian
citizens have to prove their identity unusually often, even when performing such
mundane tasks as exchanging currency or buying train tickets, but also that a
national passport was required for more crucial needs such as nding employment or receiving medical care. Taking these facts together, the ECtHR concluded that conscation of her passport included continued interference with
the applicants private life.
The withdrawal of a passport was also dealt with in letmi v. Turkey, concerning a Turkish national who had lived in Germany since 1975.47 In 1984, the
Turkish government launched an investigation into the applicant, accusing him
of separatist activities. These procedures were based on the applicants aliations to Kurdish organisations. During his visit to Turkey in 1992, the applicant
was arrested and detained and the Turkish authorities conscated his passport.
After six days he was released but his passport was not given back to him. For
seven years letmi was not permitted to leave Turkey. His family (spouse and
two children) therefore chose to join him and to live in Turkey. Not until 1999
was the applicant nally acquitted of the charge of separatist activities and, after
his passport was returned to him, the applicant and his family were able to
return to Germany. Aside from the conclusion that his right to a fair trial under
Article 6 (1) ECHR had been violated by the Turkish authorities, the ECtHR
also held unanimously that the conscation of his passport represented a breach
of his right to private life. For this conclusion, the ECtHR reasoned that in an
age when the freedom of movement, especially across borders, was considered

46
47

Smirnova v. Russia, 24 July 2003, appl. no. 46133/99 and 48183/99, Reports 2003-IX.
letmi v. Turkey, 6 December 2005, appl. no. 29871/96 (unreported).

Data Processing and the Right to Privacy

163

essential for the full development of private life, especially for people like the
applicant, having family, occupational and economic ties in more than one
country, denial of that freedom by the State without any good reason constituted a serious failure on its part to discharge its obligations to those under its
jurisdiction ( 50). According to the ECtHR, the continued application of
the prohibition on leaving Turkish territory no longer corresponded to a pressing social need and was therefore disproportionate to the aims permitted by
Article 8. In this judgment, the ECtHR explicitly connected the freedom of
movement with the right to private life in Article 8 ECHR. According to the
ECtHR, even though Article 2 of the fourth Protocol to the Convention (signed
but not ratied by Turkey) also protects the freedom of movement, this would
not mean, as suggested by the Turkish government, that one and the same fact
may fall foul of more than one provision of the Convention and Protocols.48
The Smirnova v. Russia and letmi v. Turkey judgments are important for our
subject because they highlight the relationship between, on the one hand
(repeated) identity controls and the right to private life and, on the other hand,
freedom of movement and the right to private life. The former relationship is at
stake when a person or a specic group of persons is repeatedly confronted with
identity checks based on the use of data systems or data proling. The Smirnova
judgment illustrates, in my view, that the right to private life is at stake when a
person is repeatedly stopped at borders because he or she is listed in one of the
EU databases, or because he or she belongs to a group of persons which is under
extra surveillance by the government on the basis of data proling. The considerations of the ECtHR in the letmi judgment, in my view, apply to a person who
is listed in SIS or SIS II, when the fact of this registration in practice results in a
restriction of his freedom of movement and therefore also his right to private life
as protected in Article 8 ECHR.

4. Is the Interference in Accordance with the Law? Quality of Law

Having concluded that Article 8 (1) ECHR applies, we must then assess whether
a measure or action by a government interfering with the right to private life, is
in accordance with the law. In the Leander case, on the practice of secret police
les, the ECtHR found that it is not sucient for the interference to have some
basis in domestic law: the law in question must be accessible to the individual
concerned and its consequences must be predictable. The ECtHR acknowledged
that the requirement of predictability in the special context of secret controls of

48

50. See, also Airey v. Ireland, 9 October 1979, appl. no. 6289/73, Series A, 32, p. 17, 3133.

164

Chapter 6

sta in sectors aecting national security cannot be the same as in many other
elds. Thus, it cannot mean that an individual should be enabled to foresee precisely what checks will be made in his regard by the Swedish special police service
in its eorts to protect national security. Nevertheless, the ECtHR added that
in a system applicable to citizens generally, as under the Personnel Control
Ordinance, the law has to be suciently clear in its terms to give them an adequate indication as to the circumstances in which and the conditions on which
the public authorities are empowered to resort to this kind of secret and potentially dangerous interference with private life.49
In Malone v. UK, dealing with secret telephone tapping, the ECtHR stated
that in accordance with the law refers not only to the availability of domestic
law, but also to the quality of the law, requiring it to be compatible with the
rule of law.50 The requirement of quality of law is further specied in Huvig and
Kruslin v. France.51 These cases concerned the claims based on Article 8 ECHR of
Mr. and Mrs. Huvig and Mr. Kruslin, whose phones were tapped during criminal proceedings by the French authorities. The question in these cases was not so
much whether this telephone tapping constituted an interference with the applicants right to private life, but whether the applicable French law was clear and
foreseeable. The ECtHR held that, where tapping and other forms of telephone
conversation represent a serious interference with private life and correspondence,
this must be based accordingly on a law that is particularly precise. According to
the ECtHR, clear, detailed rules on the subject are essential, especially since the
technology available for use is continually becoming more sophisticated, as in
the case in question. Since French law, written and unwritten, did not indicate
with reasonable clarity the scope and manner of exercise of the relevant discretion conferred on the public authorities, the ECtHR found a breach of Article 8
of the Convention.52
In the Huvig and Kruslin judgments, the ECtHR further dened a set of criteria for lawful telephone tapping which should have been provided for in
French law. These criteria included the categories of persons liable to have their
telephones tapped by judicial order and the nature of the oences which may
give rise to such an order; the lack of an obligation to set a limit on the duration
of telephone tapping; the circumstances under which recordings may or must
be erased or the tapes destroyed, in particular when an accused party has been

49
50
51

52

Leander case, 26 March 1987, 5051.

Malone case, 2 August 1984, appl. no. 8691/79, Series A, 82.
Both cases of 24 April 1990, appl. no. 11801/95, Series A, 176A (Kruslin), and appl. no.
11105/84, Series A, 176B (Huvig).
See Kruslin, 36, and Huvig, 35.

Data Processing and the Right to Privacy

165

discharged by an investigating judge or acquitted by a court.53 Interestingly,

a comparable list of criteria is given in Rotaru v. Romania with regard to the law
regulating the collection, recording and the archiving of information in secret
les. Assessing the quality of the Romanian law involved, the ECtHR concluded that this law did not include any limits on the exercise of the powers on
the storage and use of the information by the Romanian Intelligence Services.
Furthermore, Romanian law did not specify which information could be collected or stored and against which categories of people or under which circumstances these surveillance measures were allowed. Also, there were no limits on
the length of time for which the information could be stored.54 In the view of the
ECtHR, the criteria of in accordance with the law and quality of law require
supervision procedures and adequate and eective safeguards against abuse of the
rule of law.55 Since the Romanian system did not provide such safeguards or a
supervisory mechanism, the ECtHR ruled that the refuted storage and use of
information by the intelligence service was not in accordance with the law.
In the case of Segerstedt-Wiberg v. Sweden, the ECtHR also used the criterion
of whether the powers of the Swedish Security Service to store information in
Secret Police registers for special reasons, as provided under the Swedish Police
Data Act, included unfettered powers for these authorities. In this case, the
ECtHR concluded that the scope of discretion conferred upon the competent
authorities and the manner of its exercise were indicated with sucient clarity,
having regard to the legitimate aim of the measure in question, to give the
individual adequate protection against arbitrary interference.56

5. Necessary in a Democratic Society: Proportionality

and Procedural Guarantees
In the case of Z v. Finland, which, as we saw above, concerned the disclosure of
data about the applicants health during court proceedings, the ECtHR explicitly
underlined the duty of the government to provide, in national law appropriate
safeguards to prevent any such disclosure inconsistent with the guarantees in
Article 8 of the Data Protection Convention.57 For this purpose, the ECtHR
referred to the safeguards in Article 3 (2)(c) and Articles 5, 6 and 9 of the Data
53
54
55
56
57

Kruslin, 35, Huvig, 34.

Rotaru v. Romania, 41.
Rotaru v. Romania, 43.
Segerstedt-Wiberg, 79.
As we can see in Chapter 7, this provision includes the rights of data subjects to access, correct
and delete personal data and the right to remedies if these rights are not respected.

166

Chapter 6

Protection Convention. These provisions deal with the quality of data, the
protection of sensitive data and the legitimate exceptions to these safeguards.58
When it comes to national security or the prevention of disorder or crime, the
ECtHR normally leaves a wider margin of appreciation to the national authorities to assess the necessity of the interference with the right to private life for the
pursued goals, than it would in regular cases. This is especially underlined in
Klass v. Germany and Leander v. Sweden.59 In the Leander judgment, the
Strasbourg Court recognised that the national authorities enjoy a margin of
appreciation, the scope of which will depend not only on the nature of the legitimate aim pursued but also on the particular nature of the interference involved.
According to the ECtHR, the interest of the respondent State in protecting its
national security must be balanced against the seriousness of the interference
with the applicants right to respect for his private life. For this purpose of protecting national security, the ECtHR accepted the need for Contracting States to
have laws empowering national authorities, rstly, to collect and store in registers not accessible to the public information on persons and, secondly, to use this
information when assessing the suitability of candidates for employment in posts
of importance for national security. However, in both the Klass and Leander
judgments, the ECtHR made it clear that the power of the national police
authorities to collect and store personal information should be counterbalanced
by procedural guarantees. The considerations of the ECtHR in the Klass judgment (and repeated in Leander v. Sweden) that Contracting States do not enjoy
unlimited discretion to subject persons within their jurisdiction to secret surveillance have been much quoted. The Court, being aware of the danger such a law
poses of undermining or even destroying democracy on the ground of defending
it, arms that the Contracting States may not, in the name of the struggle against
espionage and terrorism, adopt whatever measures they deem appropriate.60
Whatever system of surveillance is adopted, the ECtHR ruled that adequate
and eective guarantees against abuse must be in place. At the same time, in
these judgments, the ECtHR referred to the relative meaning of the assessment
of the safeguards at stake. This would depend on all the circumstances of the
case, such as the nature, scope and duration of the possible measures, the grounds
required for ordering such measures, the authorities competent to permit, carry
out and supervise such measures, and the kind of remedy provided by national
law. In the Leander case, the ECtHR was satised with the dierent safeguards
which were provided under Swedish law and the supervision eected by the
58
59

60

Z v. Finland, 25 February 1997, appl. no. 22009/93, Reports 1997-I, 95100.

See Klass and others v. Germany, judgment of 6 September 1978, Series A 28, 4649 and
Leander v. Sweden, 59.
Klass and others v. Germany, 4950 and Leander v. Sweden, 60.

Data Processing and the Right to Privacy

167

Chancellor of Justice and the Parliamentary Ombudsman, as well as the

Parliamentary Committee on Justice.

6. Article 8 ECHR and the Need for Eective Remedies

6.1. Independent Control Mechanism: Judicial or Non-Judicial Remedies
As we have seen above, in some judgments the ECtHR dealt with the question of
whether sucient safeguards and supervisory mechanisms are in place, when
assessing whether the interference was necessary for a democratic society (Klass,
Leander) or in accordance with the law (Rotaru). Also in the Gaskin v. UK
judgment, the requirement of an independent controlling authority was dealt
with under the question of whether the interference with the applicants right to
private life was proportionate.61 In this judgment, the ECtHR explicitly stressed
the importance of an independent controlling mechanism to balance the conicting interests at stake. In the view of the ECtHR, a system on the condentiality of public records is only in accordance with the principle of proportionality
if it provides that an independent authority nally decides whether access has to
be granted in cases where a contributor fails to answer or withholds consent.
The absence of any procedure to balance the applicants interest in access to the
le against the claim to condentiality by certain contributors, and the consequential automatic preference given to the contributors interests over those of
the applicant, was considered disproportionate to the aim pursued and could
not be said to be necessary in a democratic society.
In general, the ECtHR will consider the availability of legal remedies on the
basis of claims that the applicants right to eective remedies under Article 13
ECHR in combination with the alleged violation of Article 8 has been breached.
Even if the ECtHR, in some judgments, explicitly favoured the availability of
judicial remedies, the ECtHR seems more concerned with the practical functioning and the competences of the supervisory authorities. In the following sections,
I only describe the criteria of Article 13 ECHR as formulated by the ECtHR in
judgments dealing with the right to private life. In Chapter 9, the right to eective
remedies will be further explored in relation to immigration law decisions.
In Klass v. Germany, the ECtHR considered that with regard to surveillance
measures in the eld of national security where abuse is potentially so easy in
individual cases and could have such harmful consequences for democratic society
as a whole, it is in principle desirable to entrust supervisory control to a judge.
According to the ECtHR, the rule of law implies, inter alia, that interference by
61

Gaskin v. UK, 49.

168

Chapter 6

the executive authorities with an individuals right should be subject to eective

supervision, which should be normally carried out by the judiciary, at least in last
resort, since judicial control aords the best guarantees of independence, impartiality and a proper procedure.62 However, the ECtHR also concluded that given
the available supervisory and other safeguards in the applicable German rules, the
exclusion of judicial control does not exceed the limits of what may be necessary
in a democratic society. Aspects which played a role in this decision were the guarantees as provided under German law to reduce the eect of surveillance measures
to an unavoidable minimum and a previous decision by the German Constitutional
Court that persons should be informed of the termination of surveillance measures as soon as notication could be made without jeopardising the purpose of
this restriction. In the Leander case, the ECtHR explicitly held that the authority
referred to in Article 13 need not necessarily be a judicial authority in the strictest
sense, but that the powers and procedural guarantees an authority possesses are
relevant in determining whether the remedy is eective ( 8283).
6.2. Accessibility
In the judgments discussed, the ECtHR did not explicitly dene any criteria
regarding the accessibility of legal remedies. However, this principle is inherently
linked to the emphasis of the ECtHR on the availability of eective remedies.
For example, in the Klass v. Germany case, accepting the use of secret surveillance
measures under certain circumstances, the ECtHR made it clear that once those
measures are suspended, the national authorities should notify the person concerned so as to enable him to seek eective remedies before the courts.63 The
ECtHR only accepted postponing informing the person concerned, as long as
this is necessary in order not to jeopardise the performance of the police task,
even if the surveillance has ceased.64
The requirement of accessible remedies can also be derived from the requirements as dened by the ECtHR in the Huvig and Kruslin judgments on the
quality of law. As we have seen above, these requirements include clarity and predictability with regard to the scope and manner of exercise of the competences
and the powers of the authorities involved.65 In the words of the ECtHR: the
law must indicate the scope of any such discretion conferred on the competent
authorities and the manner of its exercise with sucient clarity, having regard to
the legitimate aim of the measure in question, to give the individual adequate

62
63
64
65

Klass, 56. This consideration is repeated in Rotaru v. Romania, 43.

Klass, 55.
Klass, 58.
See Kruslin, 3036.

Data Processing and the Right to Privacy

169

protection against arbitrary interference.66 Comparable criteria were used in

Rotaru v. Romania (see above), where the ECtHR assessed the quality of
Romanian law on the storage of data. Here, the Strasbourg Court found that this
law did not include any limits on the exercise of the powers regarding the storage
and use of the information by the Romanian Intelligence Services. Also, the law
at stake did not specify which information could be collected or stored and
against which categories of people or under which circumstances these surveillance
measures were allowed.
6.3. Scope of the Remedies
Based on the ECtHRs decisions and the system of human rights as protected by
the ECHR, one can deduce that national courts should be able not only to control the legitimacy of the measures concerned, but also to assess the necessity and
proportionality of these measures. This includes not only the balancing of individual rights against a pressing social need, but also, as is illustrated in the
Gaskin judgment, to balance the competing individual rights. In this latter judgment, on the refusal to grant Gaskin access to his personal information, the
ECtHR explicitly emphasised the importance of an independent authority which
could weigh the dierent interests at stake. In the eld of internal security measures, the ECtHR accepted a more limited scope of review by national courts.
In these cases, a system which envisaged controlling the surveillance measures
afterwards has been considered a sucient safeguard.
6.4. Competences
6.4.1. Article 8 and Article 13 ECHR
In Klass v. Germany, the ECtHR acknowledged that the powers and procedural
guarantees of the controlling authority are relevant in determining whether the
remedy oered is eective for the individual.67 As mentioned above, an important
role of these authorities, according to the ECtHR, is to aord protection against
abuse but also to repair or undo wrongful measures or decisions. In Rotaru v.
Romania, the applicant claimed damages for the non-pecuniary damage he had
suered and also applied for the amendment or destruction of the les in question. Referring to its general jurisprudence on Article 13 ECHR (see further
Chapter 8), the ECtHR observed in this judgment that domestic remedies should
allow the competent national authority both to deal with the substance of the

66

67

See also Malone v. the United Kingdom, judgment of 2 August 1984, Series A 82, p. 3233,
6768, reiterated in Amann, cited above, 56, and in Rotaru, cited above, 55.
Klass, 67.

170

Chapter 6

relevant Convention complaint and to grant appropriate relief .68 In this case,
the ECtHR found that there was no evidence that Romanian law provided for an
eective remedy with regard to the holding of information on the applicants private life by intelligence services or for refuting the truth of such information.
Therefore, the ECtHR found there was a violation of Article 13.
In Leander v. Sweden, the ECtHR considered the powers of the Swedish
Parliamentary Ombudsman, tasked with the supervision of secret police les.
This supervision included the power to decide whether the information in these
les was to be released to requesting authorities. In the view of the ECtHR, this
direct and regular control over the most important aspect of the register the
release of information provided a major safeguard against abuse.69 Also in the
Leander judgment, the ECtHR referred to the power of the Swedish Parliamentary
Ombudsman to lodge criminal proceedings or disciplinary measures against an
ocial who has committed an oence by departing from the obligations inherent in his ocial duties as an adequate safeguard. With regard to the eectiveness
of the power of the Ombudsman to give non-binding advice, the Strasbourg
Court gave a rather vague criterion: whether the advice of this institution would
have any practical eect would depend on his ability to convince the decisionmaker or authority in question. Although the ECtHR explicitly recognised the
weaknesses in the control aorded by the Parliamentary Ombudsman and the
Chancellor of Justice, since neither authority could render a legally binding decision, this necessarily limited eectiveness was inherent to any remedy available
to the individual concerned in a system of secret security checks.
Interestingly in the Segerstedt-Wiberg judgment of 2006 which, as we saw above,
involved a comparable case, the Strasbourg Court was more critical of the competence of the Swedish Parliamentary Ombudsman. As we have seen, the ECtHR
found a breach of Article 8 ECHR only with regard to four of the ve applicants.
However, with regard to all the applicants, the ECtHR held that there was a
breach of their right to eective remedies under Article 13 ECHR.70 The very fact
that the Parliamentary Ombudsman lacked the power to render a legally binding
decision was one of the grounds on which the ECtHR concluded that the applicants had no eective remedies. Furthermore, the ECtHR observed that the
Records Board, a body specically empowered to monitor data processing by the
Secret Police on a daily basis, had no power to order the destruction, deletion or
rectication of the information kept in the les. Equally important are the considerations of the ECtHR in the Segerstedt-Wiberg v. Sweden judgment on the powers

68
69
70

Rotaru v. Romania, 51.

Leander v. Sweden, 65.
Segerstedt-Wiberg v. Sweden, 118122.

Data Processing and the Right to Privacy

171

of the Swedish Data Protection Authority (Data Inspection Board), with which
individuals could lodge a complaint. The ECtHR concluded that it had not been
shown that the available procedure carried out by the Data Inspection Board
oered an eective remedy in practice with regard to an application for deletion
of the data ( 120). While it found the processing unlawful, the Data Inspection
Board could order the processor to stop further data processing (blocking of
data) upon penalty of a ne. But it was not empowered to order the deletion of
unlawfully stored information. It could only make an application for such a measure to the County Administrative Court. According to the ECtHR, no information had been furnished to shed light on the eectiveness of the Data Inspection
Board in practice. On the contrary, during this procedure, the applicants alleged
that during its 30-year existence, the Data Inspection Board had never performed
a substantial review of the les held by the Security Police.
From the Segerstedt-Wiberg judgment, it is clear that in the light of Article 13
ECHR, national remedies should be eective not only on paper but also in practice. This principle also follows on from judgments in which the ECtHR dealt
with the requirement that individuals should exhaust the available national remedies on the basis of Article 26 ECHR before addressing the case to the
Commission. In Akdivar v. Turkey, the ECtHR made it clear that this requirement (exhaustion of national remedies) does not imply that individuals are
obliged to have recourse to remedies which are inadequate or ineective.71
According to the ECtHR, if a government claims that national remedies have
not been exhausted, it is the duty of the government to satisfy the ECtHR that
the remedy was eective and available in theory and in practice at the relevant
time. The remedy should be capable of providing redress in respect of the applicants complaints and oer reasonable prospects of success.
6.4.2. Article 8 ECHR and the Right to Financial
Compensation under Article 6 ECHR
An important issue with regard to the future use of EU databases is the possibility of lodging a claim based on Article 6 ECHR for damages which are caused by
the use of information or data processing by governmental organisations in
breach of Article 8 ECHR. This applicability of Article 6 ECHR with regard to
damage caused by government information les is recognised by the ECtHR in
the judgment in Rotaru v. Romania.72 As we have seen above, this case concerned
the complaint by Mr. Rotaru with regard to the information stored about him

71

72

Akdivar v. Turkey, 16 September 1996, no. 21893/93, Reports 1996-VI, 6768, see also Salah
Sheekh v. the Netherlands, 11 January 2007, no 1948/04, referred to in Chapters 8 and 13.
Rotaru v. Romania, 7479.

172

Chapter 6

since 1948 by the Romanian Intelligence Services. After nding that there had
been a violation of his right to private life, as laid down in Article 8, the ECtHR
dealt with the Mr. Rotarus claim on the basis of Article 6 ECHR. Rotaru held
that the refusal of the Romanian courts to consider his applications for costs and
damages was in breach of his right to a fair trial. While the Commission decided
to consider the complaint only under the more general obligation of Article 13
ECHR, the ECtHR observed that that there was no remedy for the applicant
involving making an application for amendment or destruction of the le containing information about him ( 61). According to the ECtHR, there was no
doubt that the applicants claim for compensation for non-pecuniary damage
and costs was a civil claim within the meaning of Article 6 (1) ECHR and that
the Bucharest Court of Appeal would have had jurisdiction to deal with it. The
Court of Appeals failure to consider the claim in this case therefore violated the
applicants right to a fair hearing within the meaning of Article 6 (1).73
6.5. Non-discrimination
On the basis of Article 14 ECHR, the right to privacy should apply indiscriminately to everyone, without distinguishing on grounds such as nationality, race,
language, religion, etc As we have seen above, in the eld of the protection of
internal security, the ECtHR acknowledged the necessity of secret surveillance
and thus privacy-infringing measures. One could argue that in these elds, limitations on the right to private life aect some groups of persons more than others.
With regard to those persons who are specically aected by surveillance measures by national authorities, one cannot say that the right to privacy applies to
them indiscriminately.

7. Conclusions: EU Databases, Article 8 ECHR and Eective Remedies

7.1. Data Processing and the Right to Private Life
In its jurisprudence on Article 8 ECHR with regard to the use of personal information by governments, the Strasbourg Court established that, in line with its
general policy, Article 8 ECHR should be interpreted in an open-minded manner,
with an eye for the actual circumstances and requirements of the society. The
ECtHR developed useful criteria for the necessary balance of powers between the
data-collecting authorities on the one hand and the protection of the interests and
rights of the individual concerned on the other hand. In fact, in formulating these

73

The Court refers to the judgment in Ruiz Torija v. Spain, 9 December 1994, Series A, 303A, 30.

Data Processing and the Right to Privacy

173

criteria, the ECtHR seemed to recognise the broader function of the right to privacy in the relationship between citizens and the government. According to the
jurisprudence of the ECtHR, Article 8 ECHR is at stake when it concerns the
collection, storage, or use of personal information in the following situations:
secret police or secret service les (Leander, Segerstedt-Wiberg, Rotaru);
public les irrespective of the nature or the sensitivity of the information
stored in them (Amann);
health records (Z v. Finland);
child care records (Gaskin);
public les (Goodwin);
records of voices (Peck), photographs (Commission: Lupker and Friedl ), and
video surveillance images (Perry);
administrative data on telephone calls (Malone);
birth certicates, identity cards or driving licences (Goodwin); and
passports (Smirnova and Iletmi).
In order to establish whether an interference with the right to private life has
occurred, the ECtHR based its conclusions on the following circumstances and
methods of data processing:
the public circumstances in which the information was collected (Perry,
P.G. and J.H.);
whether it concerns the systematic collection and storage of personal information (Rotaru, Amann, Segerstedt-Wiberg, and P.G. and J.H.);
whether the information concerns the persons past (Rotaru);
whether the information was provided voluntarily or not (Lupker, cited in
Perry);
whether the person has given his or her prior consent to the further communication of personal data (Malone);
whether the further use of the information stored goes beyond the normally
foreseeable use (Peck, P.G. and J.H., Perry);
the consequences (of deprivation of passport) on everyday life (Smirnova);
whether there is a limitation on the freedom of movement (by conscation of
passport) (Iletmi); and nally,
whether the information is subsequently used in practice is not relevant
(Amann).
Considering our subject, the registration of third-country nationals in the EU
databases, it can be concluded that the criteria formulated by the ECtHR are
applicable on several grounds. In the rst place, the ECtHR emphasised that the
systematic collection and storage of personal information by governments falls
within the scope of protection under Article 8 ECHR. Secondly, it is clear that

174

Chapter 6

the right to privacy is at stake if sensitive information such as biometric data is

to be registered in SIS II and VIS. Thirdly, the frequent controls to be performed
on the basis of this registration may cause disproportionate interference with the
travellers right to privacy, including his freedom of movement. This is especially
the case when these controls are combined with practices which may often be
embarrassing for travellers, such as taking the person aside, questioning the person, collecting biometric data and carrying out body searches. Fourthly, based on
plans for the interoperability of EU databases described above and the proposals
for access to these systems by internal security agencies, it is clear that SIS II is
becoming a tool for surveillance measures. This might lead to the semi-permanent
control of the movements of the persons registered into SIS II, VIS or Eurodac,
which is facilitated by the use of biometric data and the inclusion of these data in
passports and visas. In various judgments, the ECtHR made an explicit link
between surveillance measures used by government authorities and the right to
privacy (Perry, Peck, Rotaru, Klass).
7.2. Procedural Guarantees and Eective Remedies
The ECtHR developed several criteria on the basis of the general criterion of
Article 8 (2) ECHR, regarding the question of whether the interference is in
accordance with the law. These criteria on the predictability and accessibility of
the law as well as on the necessary procedural safeguards are of more general
importance when assessing data processing by government authorities. With
regard to dierent measures for data collection or data surveillance, the ECtHR
dened the following requirements which should be envisaged in national laws:
limits on the exercise of powers to store and use the information by the
authorities (Leander, Rotaru);
the duty to inform the person concerned in advance with regard to the storage of his or her information (Perry);
denition of the kind of information that may be recorded (Leander, Rotaru);
denition of the categories of people against whom surveillance measures
such as gathering and maintaining information may be taken; and (HuvigKruslin, Rotaru);
denition of the circumstances under which such measures may be taken or
the procedure to be followed (Leander, Rotaru);
denition of the situations in which information may be disclosed (Peck);
limits on the age of the information held or the length of time for which it
may be kept (Rotaru, Segerstedt-Wiberg);
appropriate safeguards to prevent disclosure which may be inconsistent with
the guarantees under Article 8 of the Data Protection Convention (Z );
safeguards to protect the quality of data and the protection of sensitive data (Z ).

Data Processing and the Right to Privacy

175

Concluding, the jurisprudence of the Strasbourg Court makes clear that, if the
impact of the use and storage of personal information by public authorities on
the private life of individuals is overlooked, we will lose an important mechanism for controlling governmental powers. In its case law on Article 8 ECHR
and the use of personal information by public authorities, the ECtHR did not
doubt the importance of an independent supervisory mechanism. The ECtHR
consistently stressed the need for an independent control mechanism when it
comes to the infringement of an individuals right to private life caused by the
use of personal information by public authorities. The ECtHR gave dierent
grounds for motivating this need for the right to an independent supervisory
mechanism. In the rst place, the ECtHR emphasised the need for an independent supervisory authority as a mechanism for the protection of the rule of
law and to prevent the abuse of power, especially in the case of secret surveillance systems (for example in the Klass, Leander and Rotaru judgments). In other
cases, the ECtHR demanded the availability of an independent mechanism,
where specic sensitive data were at stake or where the case concerned a claim to
access to such data (for example medical data or data about the applicants
youth, in Z v. Finland and Gaskin v. the United Kingdom respectively). In these
cases, access to an independent control mechanism was not only considered
important because it clearly dealt with an infringement of someones right to
respect for his private life, but also because of the need to balance the dierent
interests at stake.
In its judgments, the ECtHR established a preference for access by judicial
authorities because it gave the best guarantees of independence, impartiality
and a proper procedure.74 However, in dierent judgments (for example,
Gaskin, Leander) it was explicitly stated that a non-judicial supervisory mechanism could be appropriate. The general conclusion that legal remedies should in
the rst place be practical and eective, has been armed in Segerstedt-Wiberg v.
Sweden. In this judgment, the ECtHR explicitly questioned the practical meaning of the (non-judicial) authorities with which individuals could lodge a complaint. In particular, the consideration of the ECtHR in this judgment, in which
it required proof of evidence regarding the eectiveness of the Swedish Data
Protection Authority in practice, is meaningful when assessing the meaning of
data protection law. As mentioned above, the general criteria concerning the
competence or powers of independent authorities as developed by the ECtHR
in its jurisprudence on Article 6 and 13 ECHR will be dealt with further in
Chapter 8.

74

Klass, 56.

176

Chapter 6

Finally, I have pointed out the importance of Article 6 ECHR with regard to the
right to compensation. In Rotaru v. Romania, the ECtHR acknowledged the right
of individuals to nancial redress for damages based on a breach of Article 8 ECHR
caused by the data processing activities of public authorities. This means that Article 6
ECHR may be invoked by an individual when his or her civil liberties or rights are
infringed by an administrative decision based on data processing activities.

Chapter 7
Eective Remedies under Data Protection Law
Article 1 of the Council of Europes Data Protection Convention of 1981:
The purpose of this convention is to secure in the territory of each Party for every
individual, whatever his nationality or residence, respect for his rights and fundamental freedoms, and in particular his right to privacy, with regard to automatic
processing of personal data relating to him (data protection).

1. Introduction
Data protection law regulates the various stages involved in the processing of data
(or information) on individual, physical persons (and sometimes groups and
organisations of such persons).1 These stages include the collection, registration,
storage, use and dissemination of data. In Europe, the most important instruments concerning data protection law are the Data Protection Convention of
1981 of the Council of Europe and the EC Directive 95/46 on the protection of
personal data. Whereas the EC Directive only applies to data processing within
the scope of community law, the rules of the Data Protection Convention also
apply to certain so-called third pillar measures within the EU, dealing with data
processing in the eld of police or justice, for example the Europol Convention.
Accordingly, the use of VIS and Eurodac is covered by the rules of Directive 95/46
whereas, as we will see below, the CISA refers with regard to the use of SIS I to the
applicability of the Data Protection Convention. With regard to the use of the
second generation SIS, or SIS II, both instruments will apply. Regulation
1987/2006 on the use of SIS II for the registration of third-country nationals
refers to Directive 95/46.2 The Decision on the use of SIS II for political and

L.A. Bygrave & J.P. Berg, Reections on the rationale for data protection laws in: J. Bing,
O. Torvund (eds.), 25 Years Anniversary Anthology, Tano: Norwegian Research Center For
Computers and Law 1995, p. 3 . See also L.A. Bygrave, Data Protection Law: approaching its
rationale, logic and limits, The Hague: Kluwer Law International 2003.
Regulation 1987/2006, OJ L381/4, 28 December 2006.

Evelien Brouwer, Digital Borders and Real Rights, pp. 177244.

2008 Koninklijke Brill NV. Printed in the Netherlands.

178

Chapter 7

judicial purposes refers to the Data Protection Convention. Furthermore, the EC

legislator is preparing the adoption of a Framework Decision for data protection
in the third pillar.
To assess the practical meaning of data protection with regard to the use of
information systems such as SIS or SIS II, it is useful to understand the basic
rights and principles which are at stake. The following sections will go into
the development of national and international data protection law, trying to
analyse the main functions of data protection. I focus on what can be considered
as the central principles of the applicable international standards, in particular the
aforementioned Data Protection Convention and the rules developed under EC
and EU law. In this Chapter, I will also describe the development and content of
the relevant data protection provisions in the CISA.
In the nal conclusions, in Chapter 14, the basic data protection principles
will be applied to the current EU policy on the use of personal information and
information technology. In the conclusions to this Chapter, I will address one of
the central questions of this research: does data protection law provide for legal
remedies for individuals?

2. Development of National Data Protection Law:

Dierent Phases of Law-Making
The introduction and use of information technology in the second half of the 20th
century brought major changes in the administration of personal data. Information
technology allowed for the collection of an increasing amount of data. It facilitated the centralisation and accessibility of the information stored and increased
our ability to integrate dierent databases.3 These new challenges for managing
the information stock of organisations in the public and private sectors resulted in
changes to public programmes and policies. For example, the ability to store more
(and more detailed) information on citizens allowed the legislator to adopt, in the
eld of social security or welfare, more specic rules, taking into account the specic circumstances of the person concerned. The use of personal identication
numbers and the connection of dierent information systems made it possible for
information given to one authority to be used more easily and swiftly by other
public departments or organisations as well.

J.B. Rule, Private Lives and Public Surveillance, 1974, p. 270 . and 308; A.F. Westin, Privacy and
Freedom (1967), p. 158 .; Bygrave and Berg (1995), p. 7 .

Eective Remedies under Data Protection Law

179

A relatively short time passed between the introduction of information technology and the development of data protection rules.4 The Council of Europe
played a major role in this development by establishing, at a very early stage, the
rst framework for legal instruments. At the national level, for example, in the
German federal state of Hessen, in Sweden and in the Netherlands, we see that
during large automation projects the legislators were urged to adopt or at least to
think about the adoption of data protection laws.5 These projects included the
establishment of a central population register and the electronic implementation
of the census. In several countries, the governments installed special committees
to investigate the need for new regulations. The rst data protection law in
Europe, the Datenschutzgesetz in Hessen, was adopted in 1970 together with the
introduction of the Hessian central population register. This law only applied to
data processing in the public sector and provided for the establishment of an
ombudsman-like independent data protection authority. The data protection
authority was responsible for ensuring the security of state les and for advising
on the impact of new data processing techniques. The Hessian data protection
law played an important exemplary role for the development of other national
laws. In 1973 the Data Act was adopted in Sweden, in 1974 the Privacy Act in
the United States and, in 1977, the Federal Data Protection Law in Germany.
In 1978 the rst French Law on data processing, les and individual liberties
followed and, in Norway, the Personal Data Registers Act.
In describing the history of data protection law in Europe, one may distinguish
dierent phases of law-making.6 Generally, the basic principles of data protection
were formulated in the period between 1970 and 1981. During this period, the
pioneers of data protection were based on a mechanism of prior control of databases, including prior registration or a licensing system. The second period,
between 1981 and 1988, marked the end of an isolated national legislation process. Concerns about data protection on the one hand and the free ow of information on the other hand resulted in the adoption of the OECD Guidelines in 1980
and of the Data Protection Convention of the Council of Europe in 1981. The
general principles of these international instruments were taken as an example in
countries which still had to adopt their rst data protection laws. The legislator in

See, for a general history of data protection law: D.H. Flaherty, Protecting Privacy in Surveillance
Societies. The Federal Republic of Germany, Sweden, France, Canada and the United States, Chapel
Hill and London: University of North Carolina Press 1989, and F.W. Hondius, Emerging Data
Protection in Europe, Amsterdam-Oxford: North-Holland Pub. Company 1975.
Staatscommissie bescherming persoonlijke levenssfeer in verband met persoonsregistraties KB
[Royal Decree] 21 February 1972, no. 70, Stcrt. 1972, no. 43.
See S. Simitis (ed.) Bundesdatenschutzgesetz, sixth edition, Baden-Baden: Nomos 2006.

180

Chapter 7

the UK passed its rst data protection law in 1984 and, in Ireland and the
Netherlands, the rst laws were adopted in 1988. An important goal of the socalled second generation law was to reduce the administrative obligations for data
holders. In the third period, between 1988 and 1995, a rst revision of the dierent national laws took place. These amendments emphasised self-regulation and
the withdrawal of bureaucratic rules. The fourth period, between 1995 and 2000,
was marked by the implementation of EC Directive 95/46 on data protection.
The implementation of the new rules in the Directive resulted, in the so-called
rst generation countries (France and Germany), in the second revision of their
data protection laws. The requirement that this Directive be implemented before
October 1998 forced some countries, for example Greece and Italy, to adopt their
rst data protection laws. In these latter countries, the establishment of the SIS
was another important incentive for the nal adoption of data protection law. As
we will see below, before being allowed to use this system, the Schengen States
were obliged to adopt national data protection provisions in accordance with the
rules of the Data Protection Convention of 1981 (Article 117 CISA). Finally, the
period since 2000 could be described as a new phase in data protection history.
On the one hand we see the introduction of new information technologies
including the use of biometrics, large-scale databases, machine-readable documents and the eorts of national legislators to respond to these developments. On
the other hand, as we will see in section 3.6, this period has been marked by the
recognition of data protection as an independent human right in the Charter on
the Fundamental Rights of the EU.
During these periods of development of data protection laws, dierent models
of regulation have been applied by national legislators. In a publication from
1992, Bennett distinguished between the voluntary control model, the subject
control model, the licensing/registration model and, nally, the data commissioner
model.7 The rst voluntary control model, chosen in particular in the United States
and generally in the Netherlands, emphasised self-regulation and self-surveillance,
including the appointment of data protection ocials within the private organisation. The second subject control model focused on the rights of the data subject
with regard to his or her data. Initially, the German data protection law especially
emphasised the rights of data subjects but data subjects rights, including the
right to have access to information, have now been inserted into every national
law. Thirdly, the licensing and/or registration model included the involvement of a
separate institution for the authorisation of new databases in either the public or

See, on the divergences and convergences of data protection policy: C.J. Bennett, Regulating
Privacy. Data Protection and Public Policy in Europe and the United States, Ithaca and London:
Cornell University Press 1992, p. 116 .

Eective Remedies under Data Protection Law

181

the private domain. In the UK, authorities or organisations were obliged to register their new databases with the national data protection authority. Sweden and
Norway operated a licensing system which meant that the database would have
to be authorised by the data protection authority. In France and the Netherlands,
both the licensing and the registration models applied, depending on the nature
of data processing. Fourthly, one could distinguish the data commissioner model
in which the controlling authority plays a central role with regard to the protection of secure and lawful data processing (Germany). Furthermore, a distinction
is made between countries with generally applicable laws (Germany, Austria) and
countries with a sectoral approach (for example the US and, to a certain extent
the Netherlands).
Gradually, however, the states adopted laws with a mixture of the above
elements. This mixture includes administrative rules (licensing system, administrative ne), a civil law approach including contractual agreements and informed
consent, and criminal law measures such as the ban on holding a personal le or
sanctioning the infringement of data protection rules. One important development in data protection law is the fact that the bureaucratic requirement of prior
registration and authorisation of personal les has been more or less abandoned.
The new laws contained more powers of self-regulation for the data processing
authorities and also provided for more detailed rules for the dierent sectors.
This development is to a large extent the result of a long period of trans-border
exchanges of experiences. Since the 1970s, there has been regular cross-border
exchange of ideas and solutions between national data protection experts.
However, the development of international standards and the obligation to adapt
national legislation to those standards also had a harmonising eect on national
laws. In particular, the implementation of EC Directive 95/46 reduced the
divergence between European countries.

3. Development of European Data Protection Law

3.1. 1981: Data Protection Convention of the Council of Europe
In 1968, the Parliamentary Assembly of the Council of Europe invited the
Committee of Ministers to examine whether the European Human Rights
Convention and the domestic laws of the Member States oered adequate
protection of the right to personal privacy vis--vis modern science and technology.8

Recommendation 509.

182

Chapter 7

In response to that recommendation, a study was carried out at the instruction of

the Committee of Ministers. This study showed that the present national legislations provided insucient protection of individual privacy and other rights and
interests of individuals with regard to automated databanks. On the basis of these
ndings, the Committee of Ministers adopted (in 1973 and 1974) two resolutions
on data protection. The rst, Resolution (73) 22, established the principles of data
protection for the private sector and the second, Resolution (74) 29, did the same
for the public sector.9 The aim of these recommendations was to bring unity to the
dierent national regulations. According to the explanatory memorandum to the
recommendation for the public sector, this instrument should contribute to the
public understanding and condence with regard to new administrative techniques
which public authorities in the member states are using in order to ensure the
optimal performance of the tasks entrusted to them.
In 1976, the Committee of Ministers instructed the Committee of Experts
on Data Processing, under the aegis of the European Committee for Legal
Co-operation (CDCJ) to prepare a convention for the protection of
privacy in relation to data processing abroad and transfrontier data processing. The committee was instructed to do so in close collaboration with the
Organisation for Economic Co-operation and Development (OECD) and the
non-European member countries of that organisation. This organisation also
dealt with the development of international standards in the eld of information, computers and communications policy. The motivation of the OECD
for this activity was in the rst place economic. At the end of 1970, mutual
mistrust reigned between the United States and the European governments
about the (protectionist) motives behind the data protection level of national
laws in Europe and the low standard of privacy protection in the United
States.10 In the framework of the OECD, governments reached agreement on
the Guidelines governing the protection of privacy and transborder ows of
personal data on 23 September 1980. These guidelines, albeit not binding, still
represent an international, not purely European, consensus on the core principles of data protection. Between the two organisations, the OECD and the
Council of Europe, a close liaison has been maintained at secretariat level
and at the level of the Council of Europes committee of experts and the
corresponding OECD committee, the Data Bank Panel.11

10
11

Resolution (73) 22 on the protection of the privacy of individuals vis--vis electronic databanks in
the private sector and Resolution (74) 29 on the protection of the privacy of individuals vis--vis
electronic databanks in the public sector.
Bennett (1992), p. 137.
See the explanatory report to the Convention.

Eective Remedies under Data Protection Law

183

Four months after the adoption of the OECD Guidelines, the Convention for
the protection of individuals with regard to the automatic processing of personal data
was signed by the Committee of Ministers of the Council of Europe on 28
January 1981.12 The Convention entered into force on 1 October 1985. Although
the Convention in principle applies only to the automatic processing of personal
information, according to Article 3 States may, at the time of signature or later,
give notice by declaration that the Convention will also apply to non-automated
data processing. According to Article 1, the purpose of this Convention is to
secure, on the territory of each Party the rights and fundamental freedoms of
every individual and especially the right to privacy. Another important goal of
the Convention, only mentioned in the preamble, is the aim of safeguarding the
free ow of information. To reach this goal the Convention aimed to provide
harmonised rules to prevent national data protection laws from causing limitations on the free ow of information. Article 12 of the Convention explicitly forbids the State Parties from limiting trans-border data ow solely on the basis of
data protection principles.
In the framework of the Council of Europe, several recommendations were
adopted for more specic elds, for example the Recommendation regarding the
police sector of 1987 and Recommendation on the use of personal les in the
public sector of 1991.13 In 2001, the Committee of Ministers of the Council of
Europe adopted an additional protocol to the Data Protection Convention
regarding the role and powers of supervisory authorities and trans-border data
ows.14 With regard to the use of SIS, Article 117 CISA refers explicitly to the
applicability of the Data Protection Convention of the Council of Europe and to
the Recommendation of the Council of Europe on the use of personal data in
the police sector. This provision obliges the Schengen States to adopt the necessary national provisions in order to achieve a level of data protection law at least
as equal to the principles included in these instruments.
3.2. 1990: Inclusion of Data Protection Provisions in the CISA
The drafting of the CISA took place between 1987 and 1990. At that time
Germany, Luxembourg and France were the only Schengen countries which both

12

13

14

European Treaty Series (ETS), no. 108, Strasbourg 1982. Ratied by France, Germany and the
Netherlands on 24 March 1983, 19 June 1985 and 24 August 1993 respectively. Entered into
force for Germany and France on 1 October 1985, for the Netherlands on 1 December 1993.
Recommendation on the use of personal data in the police sector, No. R (87) 15 and
Recommendation on the communication of personal data held by public bodies, No. R (91) 10.
ETS no. 181, 8 November 2001, eective 1 July 2004.

184

Chapter 7

ratied the Data Protection Convention of 1981 and adopted national data protection laws. In the Netherlands, a general data protection law was adopted in
December 1988, but there was still no law on police les. The Dutch government only ratied the Data Protection Convention in 1993. Belgium and Italy
had no legislation, nor had they ratied the Convention. Finally, Spain ratied
the Convention in 1984 but has not yet adopted a data protection law. Politicians
in France and Germany in particular regarded this lack of data protection law in
some of the Schengen states as a problem for the establishment of SIS and the
exchange of police information as envisaged in the draft CISA. In May 1988, the
Central Group decided that it was necessary for the Permanent Working Group
on SIS to have contact with experts on data protection, in order to take into
account the legal conditions on SIS. This resulted in the establishment of the
Privacy Ad Hoc Group.15
The work of this Privacy Ad Hoc Group made the European data protection
authorities aware of the development of SIS. Since then, these authorities
expressed on several occasions their concerns about the lack and, later, incompleteness of data protection rules in the draft CISA.16 Initiated by the Luxembourg
data protection authority, the existing Schengen data protection authorities met
in 1988 and 1989 to discuss SIS and its consequences for data protection.
At their second meeting of 17 March 1989, the French, Luxembourg and
German data protection authorities adopted a declaration on the minimum
standards which should be fullled before SIS could become operational.17
In this declaration, the data protection authorities stated rst of all that the provisions regarding SIS should contain a clear, restrictive and denitive denition
of the content of the database, its purpose and use. Furthermore, they required
that each individual should have access to his or her data in every contracting
state and the right to correct wrong or delete inaccurate data. The processing and
use of the SIS data in each national state should be supervised by an independent
authority. A common data protection authority, composed of representatives of
the national data protection authorities of each Schengen state, would have
to supervise the general functioning of SIS and nd harmonised solutions to

15

16

17

J. Dumortier, Het Schengen Informatie Systeem en de bescherming van persoonsgegevens, in:

C. Fijnaut, J. Stuyck, P. Wytinck, Schengen: Proeftuin voor de Europese Gemeenschap? Arnhem:
Gouda Quint 1992, p. 122.
See P. Billaud, La protection des donnes informatiques dans le cadre de lAccord de Schengen,
in: A. Pauly, Les Accords de Schengen: Abolition des frontires intrieures ou menace pour les liberts
publiques?, Maastricht: EIPA 1993, p. 30.
D. Kor, The Schengen Information System: also a question of data protection, in: G.P.M.F. Mols
(ed.), Dissonanten bij het Schengen Akkoord, Deventer: Kluwer 1990, p. 67 .

Eective Remedies under Data Protection Law

185

common problems. Finally, according to this declaration, the provisions of the

Data Protection Convention of 1981 would have to apply as minimum rules for
the functioning of SIS. The joint declaration was sent to each government participating in the Schengen negotiations. In June 1989, before the intergovernmental meeting which was planned for the approval of SIS, the French data protection
authority, the CNIL, made an intervention on the minimum data protection
standards for SIS. In this statement, the CNIL advocated the application of the
Data Protection Convention and the Recommendation R (87) of the Council of
Europe with regard to data protection in the police sector. The CNIL also emphasised the necessity of a joint supervisory authority.
The involvement of national data protection authorities certainly inuenced
the nal outcome with regard to the provisions on data protection in the CISA.
A draft of 27 October 1988 included provisions on data protection which more
or less corresponded with the nal provisions of the CISA. This draft also
included a Dutch proposal for a general reference to the Data Protection
Convention, stating that the section on SIS would also serve the protection of personal data in conformity with the basic principles of the European Convention for the
protection of individuals with regard to the automatic processing of personal data.18
This latter draft text of the CISA provided for a purpose limitation principle with
regard to both the storage and use of personal information similar to the current
provisions of the CISA (Articles 94 and 102). Furthermore, this draft provided
for the obligation to record or log every ftieth transmission from SIS which, in
the nal text of the CISA, was changed to the duty to log every tenth transmission; see Article 103 CISA. The draft of November 1988 also included time
limits of ve years for the storage of personal information in SIS. In the nal text
of the CISA, this was changed in three years. Other rules in the draft concerned
the liability of the issuing state for the accuracy of the SIS data, the individuals
right to access to his or her information and the right to recourse before a national
court or another authority. Based on a proposal by the national data protection
authorities, the negotiators inserted into the draft text of 7 August 1989 provisions regarding the role of national data protection authorities and the establishment of a Joint Supervisory Authority (hereafter JSA).19 The Luxembourg
government proposed, in an alternative text of 7 August 1989, granting the JSA
extended powers and including in the nal text a provision on the basis of which

18

19

SCH/I (88) 7th rev. (Dutch version). See also the draft of 16 November 1988, SCH/I (88) 7,
2nd revision (Dutch version).
SCH/I (88) 7, 12th revision (Dutch version).

186

Chapter 7

the use of data for purposes other than those provided by law would constitute a
criminal act. These proposals were not included in the nal text.
With regard to the exchange of personal information outside the scope of SIS,
as provided for in Title VI, the CISA includes its own set of rules on data protection.20 These provisions deal with the exchange of information for policy and
security purposes.
3.3. 1995: Directive 95/46 on the Protection of Personal Data
3.3.1. Protecting Individuals and Free Movement of Data
Initially, the incentive for the European Commission to develop data protection
law was related more to the concerns about the development of a European data
processing industry able to compete with the US industry, than to the protection
of individual rights.21 For example, in the communication on Community Policy on
Data Processing: Development of EC data processing industry of 1973, the Commission
stated that the development of this new industry in the EC could be impeded by
national solutions with regard to the protection of individuals.22 Before 1989, the
Commission did not forward any proposal in this eld but merely awaited the
developments on the Data Protection Convention of the Council of Europe. The
European Parliament, expressing its concerns about the rights of individuals,
repeatedly urged the European Commission to come forward with a legislative
proposal.23 The need for communitarian rules was emphasised by MEP Lord
Manseld in a speech given in 1974 stating that data processing would not stop
at the borders.24 In 1976, the European Parliament adopted a resolution demanding the development of community law to protect individual rights from technological developments. According to the European Parliament, a directive would be
absolutely necessary to guarantee maximum privacy protection and to prevent the

20

21

22
23

24

See, for a general analysis of these rules: J. Dumortier, Protection of Personal Data in the CISA,
International Review of Law, Computers & Technology 11 (1997) 93; L.F.M. Verhey, Privacy
aspects of the Convention, in H. Meijers et al., Schengen. Internationalisation of central chapters
of the law on aliens, refugees, privacy, security and the police, Leiden: NJCM 1992.
See S. Simitis, Datenschutz und Europischen Gemeinschaft, RDV 1990, No. 1, p. 323, and
R. Ellger, Datenschutz und Europischen Binnenmarkt (part I), RDV 1991, No. 2, p. 5765.
SEC (73) 4300.
See A.C.M. Nugter, Transborder Flow of Personal Data within the EC. A comparative analysis of
the privacy statutes of the Federal Republic of Germany, France, the United Kingdom and the
Netherlands and their impact on the private sector. Deventer: Kluwer Law and Taxation Publishers
1990, p. 30 .
OJ 1974, parliamentary sessions, no. 179, p. 60, cited in R. Ellger (1991), p. 59.

Eective Remedies under Data Protection Law

187

development of divergent national laws.25 In a resolution adopted in May 1979,

the European Parliament submitted its own proposal for a Directive on the protection of individual rights.26 In this proposal, the European Parliament dened basic
principles which can be viewed as progressive and innovative for that time. For
instance, the proposal included the liability of the data controller for damage
caused by the misuse of personal data, whether or not this involved negligence on
his part. Furthermore, it was proposed that the data controller should be obliged
to inform the person concerned when data were stored for the rst time. The
European Parliament also proposed that the matching or combining by any means
of two separate databases should require the prior consent of an independent data
protection body.
In a Recommendation of 1981, the Commission advised the EC countries to
sign the Data Protection Convention of the Council of Europe.27 According to
the same Recommendation, the Commission would only consider proposing a
separate instrument based on the EC Treaty if not all Member States had signed
and ratied this Convention within a reasonable time. In a resolution adopted in
1982, the European Parliament urged the Member States to ratify the Data
Protection Convention.28 Finally, in 1990, the lack of data protection laws in
many EC Member States encouraged the European Commission to publish a
legislative proposal on data protection.29 The timing of this proposal was triggered by the so-called FIAT case.30 The judgment illustrated the problem of
diverging data protection laws in the Member States regarding the free movement of information. In this case, the French national supervisory authority
(CNIL) had refused to register the automated processing of data on employees,
although prior registration was a requirement in the French data protection act
for lawful data processing. The reason for this refusal was the intended transfer of
these data by FIAT to Italy. Italy at that time had no data protection legislation
nor had Italy signed the Data Protection Convention. Therefore, CNIL insisted
on a prior, contractual agreement between the French and Italian FIAT factories,
which would have to conrm the application of both the Data Protection

25
26
27
28
29
30

OJ C 100/27, 3.5.1976
OJ C 140/34, 5.6.1979.
Recommendation of 29 July 1981. OJ L 246/31, 29.8.1981.
OJ C 87/39, 5.4.1982.
Proposal of 27 July 1990, COM (90) 314 SYN 287. OJ C 277, 5.11.1990.
See, on the role of this case for the development of EC law, B.J. Boswinkel, De privacyrichtlijn
begrensd, SEW Sociaal Economisch Weekblad 7/8 (1993), p. 551 and S. Simitis, Datenschutz
und Europische Gemeinschaft, RDV (Recht der DatenVerarbeitung) 1990, No. 1, p. 11.

188

Chapter 7

Convention and French law.31 The fact that a national data protection authority
forced companies to reach a contractual agreement before trans-border data ows
could be allowed received much attention. The case was used to demonstrate the
consequences of having divergent levels of data protection in EC countries and
the need for more harmonised rules.
The rst draft of the EC Directive on data protection was criticised by a powerful lobby of private organisations and companies. These organisations considered
the Directive too restrictive and too impractical for implementation.
An amended proposal was submitted in 1992, taking into account the amendments of the European Parliament. The nal Directive was adopted by the Council
on 24 October 1995.32 This Directive 95/46 was to be implemented by the Member
States before 1 October 1998. This deadline for implementation was exceeded by
several countries and the European Commission started proceedings on the basis
of Article 226 EC Treaty against Germany, France, Ireland, Luxembourg and the
Netherlands.33 In other countries, such as Italy (1996) and Greece (1997), the
obligation to implement the EC Directive coupled with their desire to accede to
the Convention Implementing the Schengen Agreement forced the legislators to
proceed with the adoption of their rst national data protection laws. With regard
to the enlargement of the EU by Central and Eastern European states, it was agreed
in the so-called Copenhagen criteria of 1993 that these candidate states were
committed to having Directive 95/46 transposed into their national laws by the
time of their accession. In the rst evaluation report on the Directive of 2003, the
European Commission concluded that all candidate member states, except Turkey,
had passed legislation in the eld of data protection.34
3.3.2. Scope and Applicability of Directive 95/46
In the 2003 evaluation report on the implementation of Directive 95/46, the
Commission recognised that some provisions of the EC Directive were not clear

31
32
33

34

No. 89-79, 11 July 1989.

OJ L 281, 23.11.1995.
In 2001, Germany and the Netherlands announced their legislation and the Commission closed
their cases. The case against France was dropped as well after France announced its (amended)
1978 Data Protection Act. The case against Luxembourg resulted in condemnation by the Court
of Justice. As result, Luxembourg implemented the Directive by a law which entered into force
in 2002. Ireland announced a partial implementation in 2001 and adopted a bill in 2003 which
implemented the Directive completely, source: COM (2003) 265, 15.5.2003, p. 3. See further,
on the implementation of the EC Directive in the Member States: http://www.europa.eu.int/
comm/justice_home/fsj/privacy/law/implementation_en.htm.
15 May 2003, COM (2003) 265, p. 13.

Eective Remedies under Data Protection Law

189

and could be interpreted dierently.35 Despite these dierences in implementation

and despite the new technologies which demanded other, more adapted, legal
solutions, the Commission concluded there was no need to amend or modify the
1995 Directive.36 In the same report, the Commission referred to the importance
and the wider impact of the EC Directive. According to the Commission, even
though the Directive was based on Article 100A TEC (now Article 95), its applicability should be interpreted widely. This would mean that the EC rules should
be regarded as applicable with regard to data processing outside the scope of EC
law. In its judgment regarding Rechnungshof v. sterreichischer Rundfunk, the ECJ
conrmed the need to interpret the provisions of Directive 95/46 broadly.37
According to Article 3, the Directive does not apply to the processing of personal data in the course of an activity which falls outside the scope of Community
law, such as provided for by Titles V and VI of the EU Treaty and in any case to
processing operations concerning public security, defence, State security (including the economic well-being of the State when the processing operations relates to
security matters) and the activities of the State in areas of criminal law. The Data
Protection Convention of the Council of Europe has wider application and covers
data processing in the eld of police and judicial cooperation. With the integration of the Schengen acquis into the EU Treaty, the laws on SIS were brought
under Title VI of the EU Treaty. As a consequence, data stored in SIS in application of Article 96 CISA with regard to third-country nationals to be refused entry,
do not fall within the ambit of EC Directive 95/46, even though the scope of its
application, including border control and visa applications, has become subject to
community law. This does not mean that the implementation of the SIS falls
completely outside the scope of Community law. As we will see in Chapter 9, the
ECJ ruled in the Commission v. Spain that a decision based on SIS, denying the
right of entry or a visa to third-country nationals who are family members of an
EU citizen, may infringe their rights under Community law. The new Regulation
1987/2006 on SIS II explicitly refers to the applicability of Directive 95/46.
Compared to the Data Protection Convention of 1981, the Directive 95/46
contains more detailed provisions, for example with regard to the rights of individuals, lawful data processing, the competence and powers of national data protection authorities, and the rules on the liability of the data owner. The Data
Protection Convention sets out minimum standards for data processing, which
implies that the signing States may oer more protection, but not less protection.

35
36

37

15 May 2003, COM (2003) 265, see p. 78.

This conclusion was repeated in the follow up of the Commission of the Work Programme for a
better implementation of the Data Protection Directive, COM (2007) 87, 7.3.2007.
See, on this judgment, sections 4.1.1 and 8.2 below.

190

Chapter 7

Directive 95/46 includes a harmonised set of rules ensuring a high standard of

protection for personal data throughout the EU. The Directive oers a minimum
level of data protection to be implemented into national law by the EU Member
States. With regard to the ee ow of information the Directive includes however
a maximum level of protection. Article 1 (2) of the Directive provides that
Member States may neither restrict nor prohibit the free ow of personal data
between Member States for reasons connected with the protection aorded in
this Directive. Furthermore, to meet the concerns of the dierent organisations
involved, the authors of the Directive provided for numerous exceptions to the
general principles. Some provisions are dened so broadly that data holders and
users are left with a large margin of appreciation.
In June 1999, the Data Protection Convention was amended, permitting the
European Communities and non-Member States of the Council of Europe to
become a party to the Convention.38 In 2006, only one state which is not a
Member of the Council of Europe ratied the Data Protection Convention:
Montenegro. Of the Member States of the Council of Europe, the following
states have not ratied this Convention: Andorra, Armenia, Azerbaijan, Moldova,
Monaco, Russia, San Marino, Turkey and Ukraine.39
3.4. Regulation 45/2001/EC: Data Protection Applicable to
Community Institutions and Bodies
On 18 December 2000, the Council adopted Regulation 45/2001/EC on the
protection of individuals with regard to the processing of personal data by
Community institutions and bodies and on the free movement of such data.40
This Regulation is based on Article 286 TEC, according to which Community
acts involving data protection would have to apply to the institutions and bodies
created by, or on the basis of, this Treaty. This provision was included in the
Amsterdam Treaty of 1999 in order to take away the inconsistent situation where
Member States and organisations in those Member States were bound by the EC
Directive 95/46, while Community institutions and bodies were not. As we will
see below, on the basis of Regulation 45/2001, a European Data Protection
Supervisor (EDPS) has been established to control data processing by Community
institutions and bodies. This new body began its operations in 2005 and has
published numerous opinions on the current developments with regard to SIS II,
VIS and the use of biometrics.

38

39
40

Amendments will only enter into force after acceptance by all Parties to the Convention. See:
http://www.coe.int/T/E/Legal_aairs/Legal_co-operation/Data_protection/Documents/.
Source: Treaty Oce Council of Europe: http://conventions.coe.int (consulted in June 2007).
OJ L 008, 12.01.2001.

Eective Remedies under Data Protection Law

191

3.5. Data Protection in the Third Pillar: A New Instrument

Since the adoption of Directive 95/46, the EU legislator has adopted new measures on data processing and international cooperation on the basis of Title VI of
the EU Treaty. Important examples are the Convention on the establishment of the
European Police Oce or Europol, in 1995, and the Decision on the organisation for
judicial cooperation or Eurojust, in 2002.41 The Member States also adopted several decisions providing for the transmission of personal data by the EU organisations or EU Member States to third parties or third countries.42 These so-called
third pillar measures fall outside the scope of Directive 95/46. The CISA, as well
as the Europol Convention, and the Council Decision establishing Eurojust refer
to the applicability of the Data Protection Convention and, with regard to SIS
and Europol, to the Recommendation of 1987 on police les of the Council of
Europe. Despite these rules, it was felt that data processing in the third pillar of
the EU required specic data protection rules.
In 1998, the issue of the harmonisation of data protection in the third pillar was
explicitly raised for the rst time in a discussion paper by the Italian Presidency.43
This paper referred to the fragmentation of data protection provisions for Europol,
SIS and CIS, as well as to the increasingly intense cooperation in the third pillar. It
called for uniform standards which would have to be developed and could then be
incorporated into new systems. This call for harmonisation was supported by the
national data protection authorities of the EU Member States.44 Under the German
Presidency (rst half of 1999), this initiative was further elaborated by the
Horizontal Working Party on Data Protection. This Working Party focussed on
two issues: the harmonisation of data protection provisions in the third pillar
instruments and the need to create a single supervisory body. This latter proposal
resulted in 2000 in both the establishment of a joint secretariat for Europol, SIS
and CIS, and in the installation of the European Data Protection Supervisor.45

41

42

43
44
45

Convention on the establishment of Europol, OJ C 316, 27.11.1995, and Council Decision

2002/187/JHA on the creation of Eurojust of 28 February 2002, OJ L 63/1, 6.3.2002.
For example, the Council Act on the transmission of personal data by Europol to third States
and third bodies of 12 March 1999, OJ C 088, 30.03.1999.
JAI 15 8321/98, cited in a note by the Finnish Presidency, 5643/99, 4 February 1999.
Resolution JAI 16 8563/98, cited in the same note by the Finnish Presidency, 1999.
Council Decision of 17 October 2000 establishing a secretariat for the joint supervisory data
protection bodies set up by the Convention on the Establishment of a European Police Oce
(Europol Convention), the Convention on the Use of Information Technology for Customs
Purposes and the Convention implementing the Schengen Agreement on the gradual abolition
of checks at common borders, OJ L 271/1, 24.10.2000.

192

Chapter 7

The establishment of harmonised standards for the third pillar proved to be a

dicult task. In 2000, the French Presidency of the EU Council prepared a draft
Resolution on data protection rules under the third pillar of the EU.46 This draft
was discussed within the Article 36 Committee and Working Party on
Information Systems and Data Protection.47 The draft was an item for discussion
on the agenda of the meeting of May 2001 of the Council of Justice and Home
Aairs (JHA), but the item was dropped and the subject seemed to disappear
from the agenda. In June 2003, the Greek government, then holding the EU
Presidency, submitted a new proposal for data protection in the third pillar.48
This proposal for Common rules for the protection of personal data within the framework of the third pillar contained thirteen general rules of data protection. These
rules would be the basis for a common network of rules or a point of reference
with regard to both the national legislation of Member States and the actions
taken by the EU in the eld of security and justice. At its meeting, the JHA
Council took note of the Greek proposal, but again neither the content nor the
need for common rules for the third pillar was discussed further.
In April 2005, the need for a harmonised approach and for a new instrument for
data protection for the third pillar was armed by the national data protection
authorities of the EU Member States at their annual meeting in Krakow.49 According
to this declaration, this new instrument should not only respect EC Directive 95/46
to guarantee the consistency of data protection within the European Union, but
also provide for a detailed set of rules taking into account the specic nature of law
enforcement. In October 2005, the European Commission presented a proposal
for a Framework Decision on the protection of personal data in the framework of
police and judicial co-operation in criminal matters.50 This proposal not only
includes data protection rules; perhaps more importantly, it also provides the basis
for the further exchange of information between national authorities of the EU and
between the EU and third countries. This new emphasis on data sharing in the
(draft) Framework Decision is also reected by the fact that between 2005 and
2006 the nal text had been prepared by the Multidisciplinary Group on Organised

46

47
48

49
50

10968/00, 30 August 2000, see for the statement of reasons: 10968/00 ADD 1 of 31 August
2000.
See 6316/01, 16 February 2001 and 6316/2/01, 12 April 2001.
Working document, no document number, see Conclusions Meeting JHA Council, 56 June
2003, 9845/03 (Presse 150), p. 32.
Spring Conference of European Data Protection Authorities, Krakow, 2526 April 2005.
COM (2005) 475 n. See also, on this proposal, the Working Document of the rapporteur
Martine Roure of the LIBE Committee of the European Parliament, 7.2.2006.

Eective Remedies under Data Protection Law

193

Crime of the EU Council.51 In December 2006 the JHA Council discussed a new
text proposal by the Finnish Presidency.52 In conclusion, one could say that the
original proposal of 1998 to provide for a data protection tool for the third pillar
resulted in a new instrument which extended the powers of national authorities to
exchange personal information.
3.6. Article 8 of the EU Charter: Data Protection as a Human Right
An important milestone in the development of data protection law has been the
inclusion of data protection as a fundamental right in Article 8 of the EU Charter
of Fundamental Rights of the European Union of 2000.
Article 8 EU Charter reads:
1. Everyone has the right to the protection of personal data concerning him
or her.
2. Such data must be processed fairly for specied purposes and on the basis of
the consent of the person concerned or some other legitimate basis laid down
by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectied.
3. Compliance with these rules shall be subject to control by an independent
authority.
Before 2000, few attempts were made to insert data protection as a new fundamental right into the ECHR. In 1979, the International Union of Lawyers
adopted a resolution which proposed adding a regulation on the exercise of
Article 8 ECHR in the eld of automated data processing.53 In February 1980,
the Parliamentary Assembly of the Council of Europe recommended that the
Committee of Ministers study the option of including a provision in the Human
Rights Convention on the protection of personal data, either by amending
Article 8 or Article 10 or by including a new Article.54 This initiative was
supported by the European Parliament.55

51

52
53
54
55

This was also stressed by Lord Avebury, speaking at the Joint Parliamentary Meeting on EU
developments in the area of freedom, security and justice at the European Parliament, 3 October
2006, published at: http://www.statewatch.org.
13246/4/06. See also the version of 24 April 2007, 7315/1/07, referred to below, in section 8.8.
Hondius (1975), p. 179.
Recommendation 890 (1980), 31st Session Document 4472, Document 4484.
Sieglerschmidt report of 8 March 1982, 19811982, Document 1548/81.

194

Chapter 7

At a national level, the right to data protection was only directly or indirectly
protected by the constitution in a few countries. The Portuguese Constitution of
1976 provided for a right of knowledge regarding the automated processing of
personal data and a ban on the use of personal ID numbers. In other countries,
the right to data protection remained closely linked to the constitutional right to
privacy. As we will see in Chapter 12, in Germany, the informational self determination right acquired constitutional protection with the Census judgment of
1983. Furthermore, the so-called Verfassungsbestimmung in the Austrian Data
Protection Law of 1978 referred to the right of everyone to the condentiality of
his or her personal data, especially concerning his or her private or family life.
Both the Spanish Constitution of 1978 and the Dutch Constitution, since its
revision in 1983, attributed the constitutional task to the legislator of regulating
the use of information technology and the protection of private life.56
The inclusion of the right to data protection as a fundamental right in the EU
Charter of 2000 conrms that data protection is not merely a code of conduct,
but an individual right to be considered independently of the right to private life
laid down in Article 7 of the EU Charter. According to the Commission, the
incorporation of the right to data protection in the EU Charter also gives added
emphasis to the fundamental rights dimension of EC Directive 95/46 on data
protection.57 In June 2006, in the judgment on the Family Reunication Directive
2003/86, the ECJ emphasised that Member States themselves declared that they
are bound to observe the principles as recognised in the EU Charter, including the
right to private life protected in Article 7.58 The ECJ referred to the second recital
of the preamble to the Family Reunication Directive in which the EC
legislator stated that the principles of the Charter should be observed. Secondly,
the ECJ pointed to the fact that the Charter is a rearmation of the constitutional
traditions and international obligations common to the Member States.

4. Unveiling Reasons for Data Protection

The debate on the need for data protection has for a long time been closely linked
to the need to protect the individual right to privacy. However, the notion of
privacy, when used to explain the main goals of data protection, does not

56
57

58

Hondius (1975), p. 176177.

European Commission, rst report on the implementation of the Data Protection Directive of
15 May 2003.
Case C-540/03, European Parliament v. the Council (not yet reported but see information in OJ
C 190/1, 12.08.2006), para. 38.

Eective Remedies under Data Protection Law

195

provide a clear-cut denition of the rights and interests of the individual concerned. In 1992, Bennett described privacy as a notoriously vague, ambiguous,
and controversial term that embraces a confusing knot of problems, tensions,
rights and duties.59 According to Bennett, in both English-speaking and other
countries, the word privacy (or informational privacy) has long been used to
add popular appeal to statutes that essentially perform the same functions as
European data protection laws. Laws regulating the processing and use of
personal information were therefore generally presented as privacy laws. On the
other hand, the word data protection has been criticised as well for being too
technical and esoteric, a word which would mean little to the average citizen.60
For example, data protection would not explain that the goal of this law is to
protect persons instead of data.61 To distance themselves from the conceptual
problems of both privacy and data protection, commentators advocated the use
of fair data processing principles, fair use of personal information or IT principles of fair administration as more adequate denitions. As long ago as 1972, the
Younger Committee in its report on Privacy in Great Britain recommended the
adoption of fair information principles.62 In 1973, the American Committee
on Automated Personal Data Systems, in its report Records, Computers and
Rights of Citizens conrmed the necessity for fundamental principles of fair
information practice.63
A brief analysis of the main goals of data protection can be useful in explaining the central principles of data protection implemented in national and
European data protection law. These principles will then be elaborated in
section 5. Although I realise that other goals could be dened as well, in my view
data protection law in general serves three goals. The rst goal is the protection
of the individual and, more specically, the protection of his or her right to privacy. This right includes the right to be left alone, the right to liberty and the
right to informational self-determination. The second goal of data protection has
a much broader scope and includes the protection of the rule of law. For this
purpose, the concept of the rule of law should be interpreted widely, similar to
the German and Dutch concepts of Rechtsstaat. In this meaning, the rule of law
refers to a legal order in which the powers of the state (and possibly of civil

59
60
61
62

63

See Bennett (1992), p. 1213.

Bennett (1992), p. 13.
Bull (1985), p. 3.
Report of the Committee on Privacy (the Younger Committee), Home Oce, London: HMSO
1973.
US Department of Health, Education and Welfare, Report of the Secretarys Advisory
Committee on Automated Personal Data Systems, Washington D.C: HEW, 1973.

196

Chapter 7

actors) are constrained for the protection of rights and liberties and the equality
and legal security of individuals.64 This concept of the rule of law includes the
principle of division or balancing of powers, the protection of human rights and
a democratic legal order. By emphasising this goal separately, it becomes clear
that data protection law not only protects the individual, but also the community of individuals as a whole. The third goal of data protection law is, in my
view, the safeguarding of the principles of good governance or good administration. This goal protects the interests of both the data subject and the data
controller.
4.1. Protecting the Individual: The Right to Privacy
4.1.1. From the Right to be Let Alone to the Right of Personal Liberty
In the early discussions, in the 1970s and 1980s, dialogue on the issue of data
protection often began with a reference to an article by Samuel Warren and Louis
Brandeis in the Harvard Law Review in 1890.65 This essay, in which the two
American judges commented on the intrusive practices of newspaper reporters,
provided a rst doctrinal elaboration of the defence of privacy and portraiture
with regard to slander and intrusive press publications. Their considerations on
the right to privacy or the right to be let alone and their proposals for individual redress for invasions of this right formed a basis for the development of a
legal right of individuals for the protection of their personal information.
As we have seen in Chapter 6, the ECtHR applied the right to private life as
protected in Article 8 ECHR to assess the lawfulness and proportionality of data
processing and for protecting the individual against unlawful intrusion by
governmental authorities. With regard to the relationship between citizens and
government, it is clear that this right not only entails protection of the secrecy of
private life, but also the liberty of ones private life.66 In the Klass case of 1978,
concerning secret surveillance measures by the German government, the ECtHR
explicitly referred to the relationship between Article 8 ECHR and the freedom

64

65

66

Ph. Kunig, Das Rechtsstaatsprinzip: berlegungen zu seiner Bedeutung fr das Verfassungsrecht der
Bundesrepublik Deutschland, Tbingen: Mohr (Siebeck) 1989; M. Burkens (et al.), Beginselen van
de democratische rechtsstaat, Alphen aan den Rijn: Kluwer 2006, and D.J. Elzinga, De democratische rechtsstaat als ontwikkelingsperspectief. Over machtsregulering als ontwikkelingslijn, in:
J.W.M. Engels, E.M. Middel (eds), De rechtsstaat herdacht, Zwolle: W.E.J. Tjeenk Willink 1989.
S.D. Warren and L.D. Brandeis, The Right to Privacy, Harvard Law Review, Vol. IV,
15 December 1890, no. 5. Downloadable from http://www.lawrence.edu/fast/boardmaw/
Privacy_brand_warr2.html.
See also P. Kayser, La protection de la vie prive, Marseille: Economica Presses Universitaires
dAix-Marseille 1990, p. 17 .

Eective Remedies under Data Protection Law

197

of communication.67 In both the Niemietz and the Rotaru cases, the Court
emphasised that the right to private life must also to a certain extent include the
right to establish and develop relationships with other human beings.68
In the judgment Rechnungshof v. sterreichischer Rundfunk and Others (see further below), the ECJ explicitly stated that EC Directive 95/46 must be interpreted in accordance with the right to private life as protected in Article 8
ECHR.69 According to the ECJ, if national courts were to conclude that the
national legislation with regard to the processing of personal data is incompatible
with Article 8 of the Convention, that legislation would also be incapable of satisfying the requirement of proportionality in Articles 6(1)(c) and 7(c) or (e) of
Directive 95/46.70 In the same paragraph, the ECJ ruled that each of the exceptions included in Article 13 of that Directive must comply with the requirement
of proportionality with respect to the public interest objective being pursued. In
the words of the ECJ: that provision cannot be interpreted as conferring legitimacy on an interference with the right to respect for private life contrary to
Article 8 of the Convention.
In the famous population Census decision or Volkszhlungsurteil of 1983, the
German Constitutional Court also emphasised this more external aspect of
private life.71 In this judgment, which has been extremely important for the
discussions at international level and in other countries, the German Court
emphasised the need for data protection to protect individual liberty. The
Constitutional Court made it clear that even a persons awareness that his or her
movements are being watched could aect his or her freedom to move or act. In
the words of the Constitutional Court: Anyone who is uncertain whether his or
her deviating behaviour will always be noted and recorded, used or transmitted
in the longer term, will try to not attract attention by such behaviour. Anyone
who is concerned, for example, that his participation in a gathering or civil action

67

68

69

70
71

Judgment of 6 September 1978, appl. no. 5029/7. Compare the Pfeifer vs. Austria case concerning the right of correspondence of detained persons, 25 February 1992, Series A, no. 227, in
which the Court conrmed the link between privacy and the individuals liberty, stating that the
protection of secrecy of communication in Article 8 ECHR protects not only the content of this
correspondence, but also the freedom to correspond.
Niemietz v. Germany, judgment of 16 December 1992, Series A, 251B, Rotaru v. Romania,
4 May 2000, appl. no. 28341/95, Reports 2000-V. See also Chapter 6.
Rechnungshof v. sterreichischer Rundfunk and Others, Joint Aairs C-465/00, C-138/01 and
C-139/01.
C-465/00, para. 91.
Judgment of 15 December 1983, 1 BvR 209/83, BVerfGE 65. To be discussed further in
Chapter 12 on Germany.

198

Chapter 7

could be recorded by the government and that this will involve risks for him,
may refrain from exercising his constitutional rights. () This would not only be
detrimental to the possibilities for individual self-development, but also to the
public interest [common well-being], because individual self-determination is a
basic condition for the functioning of a democratic society, based on the freedoms
of citizens to act and to cooperate.72
Individual liberty, as one of the rights to be protected by data protection law,
is also incorporated into the French data protection act, to be described in
Chapter 11. According to Article 1 of this French law, information technology
should not infringe upon human rights, including the right to privacy and
individual or public liberties.
Looking at the principles of data protection law described in section 5, the
right to privacy is reected, for instance, in the principle of purpose limitation
which protects an individual from unauthorised access to his or her data.
Furthermore, it is protected by the special safeguards with regard to sensitive
data and by individual participation rights.
4.1.2. Informational Self-determination
Since the 1960s, new theories have emerged on the relationship between an individual and his or her personal information, which go beyond the protection of
secrecy and liberty of ones private life. In his Privacy and Freedom, published in
1967, the American author Westin gave a new denition of privacy which
implied the right of an individual to control the further dissemination of his or
her personal information. Westin described privacy as the claim of individuals,
groups, or institutions to determine for themselves when, how, and to what
extent information about themselves is communicated to others. Westins publication was inuential in the discussions on data protection law, not least because
it described general developments in (American) society posing a risk to personal
privacy. These developments included new practices of eavesdropping, the experiments at that time with polygraphs or lie detectors, the new use (including by
private corporations) of personal testing for employment purposes and the
expanding practice of large-scale data collection, facilitated by the automation of
data processing. In the European discussion, Westins publication was especially
important because of his more active approach of the individual and his rights to
deal with the new problems caused by automated data processing.
In its jurisprudence, the ECtHR recognised the right of individuals to
control to a certain extent the use and registration of their personal information.

72

BVerfGE 65, para. 42, cited in Bull (1985), p. 12 (own translation).

Eective Remedies under Data Protection Law

199

These conclusions dealt not only with claims for the deletion of personal data
from public les (for example, Leander or Segerstedt-Wiberg), but also with the
right to have access to personal les (Gaskin). The Court also recognised the
right of persons to have their personal data in public les changed in accordance
with their feelings or wishes.73 In Germany and, to some extent, in other countries too, the right to informational self-determination became embedded in
the aforementioned Volkszhlungsurteil of the Constitutional Court. The Court
described the so-called informationeller Selbstbestimmungsrecht as the power
of individuals to decide in principle about the providing and use of his or her
personal data.
At national level, governments adopt an ambivalent attitude towards this concept of informational self-determination. In the Netherlands, for example, the
government explicitly rejected the recognition of a constitutional right to informational self-determination, fearing that such a right would tilt the balance
between the individual and the state too far in favour of the data subject.74 On
the other hand, the concept of autonomy and the right of individuals to control
their own data was later used in order to justify governmental plans for multifunctional ID cards. These cards, to be used in health care, were linked to several
proposals from the right for individuals to control the use of their personal information.75 In 2001, a digital locker was even proposed, enabling each citizen to
decide which information could be forwarded to which authority.76
The right to informational self-determination should be distinguished from the
so-called ownership principle, giving individuals an unlimited and absolute right
regarding their data.77 Such a right, similar to a right of copyright or property, has
been advocated especially in the eld of private relations, for example with regard

73

74

75

76

77

For example, in Goodwin v. UK (dealt with in Chapter 6, section 3.2) with regard to the
registration of a transsexual who wanted to have the information about his sex changed in the
governmental les.
Handelingen Tweede Kamer (proceedings of Dutch lower house), 19971998, 25 892, no. 3,
p. 9, cited in P. Blok, De splitsing van privacy. Advies over het grondrecht op privacy in het digitale tijdperk, Ars Aequi 50 (2001) 6, p. 438.
Commissie ICT en Overheid (Commissie Docters van Leeuwen), Burger en overheid in de informatiesamenleving: de noodzaak van institutionele innovatie, The Hague: 2001.
Adviescommissie Modernisering GBA (Commissie Snellen), GBA in de toekomst: Gemeentelijke
basisadministratie als spil voor toekomstige identiteitsinfrastructuur, The Hague: 2001.
The ownership theory is formulated by the French author P. Catala in: Ebauche dune thorie
juridique de linformation, Revue de droit prospectif, 1983, no. 1. An analysis of the discussions
on this ownership principle is given in: K. Benyekhlef, La protection de la vie prive dans les
changes internationaux dinformations, Montral: Ed. Thmis 1993, p. 38 .

200

Chapter 7

to the commercial use of personal information or the right to publicity in the eld
of media law.78 However, in general, an unlimited interpretation of the ownership
principle has not been considered realistic.79 It would for example not be feasible
for a data user to be obliged to seek approval from the data subject for every use of
his or her data, since this would ignore the fact that such relations are not (always)
free interaction or communication.80
The data protection provisions on the right of access, correction and deletion
of personal data, to be discussed below, can be considered an example of the
implementation of the right of an individual to control ones data or the right to
informational self-determination. This right is also reected in the principle of
the prohibition of automated decision-making.
4.2. Protecting the Rule of Law
4.2.1. Balance of Powers
According to the preamble to the Data Protection Convention, the rule of law is
one of the goals of data protection law. The explanatory memorandum to this
Convention explicitly refers to the necessity of data protection as a tool of balancing powers. As far back as 1967, in his Privacy and Freedom, Westin pointed out
the consequences of the new developments on the automation of databases for the
balance of powers between citizen and government.81 According to Westin, the
increased collection and processing of information for diverse public and private
purposes, if not carefully controlled, could lead to a sweeping power of surveillance by government over individual lives and organisational activity. His view
that data protection is a necessary instrument to ensure the balance of powers or
equality of arms (Waengleichheit) is still or perhaps even more true for the use of
information technology in the 21st century. The importance of protecting the
individual against any misuse of powers by the government was emphasised by

78

79

80

81

J.C.S. Pinckaers, From privacy toward a new intellectual property right in persona: the right of publicity (United States) and portrait law (Netherlands) balanced with freedom of speech and free trade
principles, The Hague: Kluwer Law International 1996.
See also L.A. Bygrave, Privacy Protection in a Global Context - A Comparative Overview,
Scandinavian Studies in Law, 2004, vol. 47, p. 324.
Y. Poullet, Data Protection between Property and Liberties. A Civil Law Approach, in:
H.W.K Kaspersen and A. Oskamp (eds.), Amongst Friends in Computers and Law. A Collection
of Essays in Remembrance of Guy Vandenberghe, Deventer/Boston: Kluwer Computer/Law Series
1990, p. 161 .
Westin (1967), p. 158.

Eective Remedies under Data Protection Law

201

the ECtHR in its jurisprudence on Article 8 ECHR. As we have seen in Chapter

6, in the Klass and Leander judgments, the ECtHR focussed especially on the
importance of procedural guarantees to counterbalance the powers of the national
police authorities to collect and store personal information. The French Data
Protection Law, the purpose of balancing powers is reected by the principle
that information technology should serve the interests of citizens (linformatique
doit tre au service de chaque citoyen).
The goal of data protection should therefore be to strengthen the position and
rights of data subjects with regard to the processing and use of his or her personal
information. By regulating the relationship between the public authorities and
data subjects, data protection rules should protect the citizen from arbitrary and
unfair measures based on data processing.82 Examples of these counterbalancing
provisions of data protection are the rules safeguarding the transparency of data
processing. Furthermore, the right to apply for access, correction or deletion of
his data strengthens the position of the data subject.
4.2.2. Informational Division of Powers
Closely related to the idea of the rule of law and the balance of powers is the
(originally German) concept of informational division of powers or Informationelle
Gewaltenteilung.83 This principle protects citizens against a concentration of
power by the government, by preventing one authority having access to information from other authorities, regardless of organisational boundaries or the purposes for which the information was gathered. Originally, the concept of the
informational division of powers was founded in the concerns of administrative
organisations about the consequences of information technology for their mutual
relations. In 1967, Westin already predicted that the new information technologies would cause changes to the governmental organisation: All the government
agencies concerned with a problem, such as health, employment, education, etc.
whatever their level of government, will be part of an integrated information
system and will coordinate their information to make decisions.84
In the rst national data protection law in Hessen, the concept of informational division of powers was initially developed to protect the autonomy of lower
governments, such as the German Lnder or municipalities, from the powers of
the central government. The Hessian data protection law even provided for a role
for the data protection commissioner to check whether automation leads to any

82
83

84

Bygrave & Berg (1995), p. 8.

See among others H.P. Bull, Datenschutz oder die Angst vor dem Computer, Mnchen-Zrich:
Piper 1984, p. 113, and A. Ronagel, Datenschutz und Datensicherheit (DuD), 10/95, p. 584.
Westin (1967), p. 325.

202

Chapter 7

change in the distribution of powers among governmental bodies. Later, the principle of informational division of powers became more important for protecting
the rights of individuals, rather than those of the lower governments. On a political level, the choice in favour of decentralised public administrations was especially meant to alleviate citizens fears of central databases. German scholars
advocated a more general theory of prohibition to exercise control through the
use of information beyond organisational borders.85 Such an informational division of powers was however contrary to the constitutional principle of Amtshilfe
obliging public authorities to cooperate and exchange information, under certain
circumstances, with other governmental authorities (Art. 35 GG).86 In the Census
case or Volkszhlungsurteil of 1983, the German Constitutional Court however
acknowledged the importance of an informational division of powers.87 The
Court held in this judgment that the public administration does not constitute
one informational unit (Informationseinheit) in which personal data can be
freely exchanged. According to the Court, it is the task of the legislator to provide
guarantees against alienation of purpose or Zweckentfremdung.88
The informational division of powers is mainly reected in the data protection
principle of purpose limitation. This, as we will see below, obliges authorities to
dene the purpose of their data processing. In principle, the use or disclosure of
information for anything other than the original purpose is limited.
4.3. Data Protection as an Obligation for good administration
The principle of good administration or governance refers to the duty of administrative authorities to take measures aimed at protecting data les from unauthorised
access, or security measures which should prevent the loss or destruction of stored
information. Generally, of course, this principle applies to the relationship between
enterprises and their clients or employees as well but, for our purposes, I focus on
the relationship between the government and its citizens. The goal of good administration is related to the abovementioned concepts of fair information principles
or fair use of personal information.
Good administration serves in the rst place the interests and rights of individuals or the data subjects. The right to good administration is included as

85

86

87
88

A. Podlech, Gesellschaftspolitischen Grundlagen des Datenschutzes (1976), cited in Bull

(1985) p. 13.
B. Schlink, Die Amtshilfe. Ein Beitrag zu einer Lehre von der Gewaltenteilung in der Verwaltung.
Berlin: Duncker & Humblot 1982.
BVerfgE 65, 1, para. 46 and 69.
S. Simitis (ed.) Bundesdatenschutzgesetz, Baden-Baden: Nomos 2006, p. 75.

Eective Remedies under Data Protection Law

203

a human right in Article 41 of the Charter on Fundamental Rights of the EU.

This right clearly illustrates the new emphasis on good governance and the close
relationship between good governance and the use of personal information,
including the proper use of personal information and fair decision making on
the basis of that information.
Article 41 of the EU Charter reads:
1. Every person has the right to have his or her aairs handled impartially, fairly
and within a reasonable time by the institutions, bodies, oces and agencies
of the Union.
2. This right includes:
a. the right of every person to be heard, before any individual measure which
would aect him or her adversely is taken;
b. the right of every person to have access to his or her le, while respecting
the legitimate interests of condentiality and of professional and business
secrecy;
c. the obligation of the administration to give reasons for its decisions
3. Every person has the right to have the Union make good any damage caused
by its institutions or by its servants in the performance of their duties, in
accordance with the general principles common to the laws of the Member
States.
4. Every person may write to the institutions of the Union in one of the
languages of the Constitution and must have an answer in the same language.
The principle of good administration not only protects citizens. It also serves
the interest of the organisation holding data les. In the rst place, organisations
depend on the reliability of personal les. If the information held is outdated,
incorrect or incomplete, this will hamper the functioning and administration of
the data holder. Data holders, whether private or public, are conscious of the
importance of fair information practices for maintaining the condence of their
clients or citizens. A person who has no condence in how the organisation is
processing his or her information will be reluctant to provide further information to this organisation. We have seen above another motive for good administration: the implementation of the data protection law as included in the Data
Protection Convention of 1981 and EC Directive 95/46. By ensuring the same
level of data protection in their countries, governments have tried to ensure that
there are no impediments to trans-border data processing or the free ow of
information. A high level of data protection ensures the reliability and accuracy
of personal data and thus the mutual trust and exchange of information between
authorities. In its comment on the draft Framework Decision on Data Protection
in the third pillar, the EDPS conrmed this by stating: An eective protection
of data protection is not only important for the data subjects but also contributes

204

Chapter 7

to the success of the police and judicial cooperation itself. In many aspects, both
public interests go hand in hand.89
The goal of good administration is ensured rstly by the data protection principles of security and accountability. However, the accuracy and reliability of
data processing is also served by the rights of individuals to apply for access,
correction or deletion of their personal data.

5. Data Protection Principles

There is no absolute or denitive set of principles. In the literature and in the
various instruments at stake, varying lists have been dened of what should be
considered basic data protection rules.90 The eight principles described in the
OECD Guidelines of 1979 are often used as a starting point for describing the
main rules of data protection law. These include the principles of collection limitation, purpose specication, data quality, use limitation, security safeguards,
openness, individual participation and accountability. The data protection principles as described in the following sections are based on the Data Protection
Convention and EC Directive 95/46. They include:
1. purpose limitation, including:
a. ban on aimless data collection;
b. legitimacy of purpose;
c. use disclosure limitation; and
d. time limit on storage of data;
2. transparency or purpose specication;
3. extra safeguards for special categories of data;
4. quality of data;
5. individual participation or rights of the data subject, including:
a. the right to be informed;
b. the right of access to information;
c. the right to request correction, deletion or blocking of further processing;
6. ban on automated decision-making;

89

90

In its opinion of 19 December 2005 on the draft Framework Decision for Data Protection in
the third pillar, OJ C 47/27, 25.2.2006, consideration 5.
See, for example the six core fair information principles of Bennett: principles of openness,
individual access and correction, collection limitation, use limitation, disclosure limitation and
security, Bennett (1992), p. 101 .

Eective Remedies under Data Protection Law

205

7. security;
8. accountability;
9. non-discrimination.
Considering recent proposals or comments on data protection, one will see that
the principles developed more than twenty-ve years ago are still the guiding
standards. For example, the explanatory memorandum to the proposal for a
Framework Decision on data protection in the third pillar refers to the general
rules on the lawfulness of processing of personal data, including not only the
principles mentioned above, but also emphasising the liability of data controllers
and the possibility of imposing sanctions by supervisory authorities.91
Furthermore, the European Data Protection Supervisor repeatedly refers to the
general data protection principles.92 In the following sections, I will consider
whether these principles have been incorporated into the CISA. The right of
access to legal remedies under data protection law is discussed separately in
section 7 of this Chapter.
5.1. The Principle of Purpose Limitation
Purpose limitation is one of the central principles of data protection. According
to Article 6.1 (b) of EC Directive 95/46, personal data must be collected for
specied, explicit and legitimate purposes and must not be further processed in a
way incompatible with those purposes. As we will see below, this principle
includes dierent layers of protection. Firstly, it prohibits the collection of personal data for unknown or unspecied purposes. Secondly, it prohibits the use or
disclosure of personal information for purposes other than the specic purpose
for which the data have been collected. Thirdly, the principle of purpose limitation provides that data should not be retained any longer than is necessary for the
specied purpose. Purpose limitation is closely linked to the principle of purpose
specication (see section 5.2) which implies that data holders should specify and
make transparent the purposes of the relevant data processing. Both the purpose
limitation and the purpose specication principle reect the idea that data
processing should be foreseeable for the data subject and should not go beyond
the reasonable expectations of the person concerned.93 As we have seen above, in

91
92
93

COM (2005) 475, 4.10.2005.

See, for example, Opinion of 28 February 2006, Brussels: http://www.edps.europa.eu.
See D. Elgesem, The structure of rights in Directive 95/46 on the protection of individuals with
regard to the processing of personal data and the free movement of such data, Ethics and
Information Technology 1, 1999, p. 283293.

206

Chapter 7

its jurisprudence on the protection of the right to private life, the ECtHR explicitly emphasised the importance of foreseeability with regard to the processing
of personal data by governmental authorities.94
5.1.1. Ban on aimless data collection
The ban on aimless data collection or Verbot pragmatikloser Datensammlung as
dened by Podlech, refers to the principle that personal data should not be collected or stored without the prior specication of the goal of this data processing.95
According to this principle, the gathering of information just to keep these data
in stock for future unspecied purposes is prohibited. The ban on aimless data
collection is closely linked to the principle of purpose specication, described
below. In the Council of Europe Recommendation R (87) on police les, this
principle is explicitly included with regard to data processing for criminal investigation procedures. According to principle 2.1 of the Recommendation on police
les, the collection of personal data for police purposes should be limited to such
as is necessary for the prevention of a real danger or the suppression of a specic
criminal oence. The Recommendation therefore prohibits the general collection
of data, unrelated to any specic criminal investigation. The importance of the
principle of if there is no crime, there is no investigation, was conrmed in the
second evaluation of the Recommendation R (87) in 1998.96 This evaluation
describes the matching of police data gathered in the course of criminal investigations based on vast numbers of persons, completely unrelated to any crime.
According to the conclusions of this evaluation, these general data surveillance
checks should be limited to specic cases described in national criminal law and
be granted on the basis of a specic mandate from the judiciary.
The purpose of the SIS is described in Article 93 CISA, in conjunction Articles
95 to 99.97 Where Article 93 includes the general goal of SIS, Articles 95 to 99
give for each category of data to be stored in SIS the purpose for which these
data are to be used. According to Article 93, the purpose of the Schengen
Information System is to maintain public policy and public security, including

94
95

96

97

Judgment Peck v. United Kingdom, 28 January 2003, Appl. no. 44647/98.

A. Podlech, Gesellschaftspolitische Grundlagen des Datenschutzes in: Dierstein/Fiedler/ Schulz
(eds.), Datenschutz und Datensicherung, Kln 1976, p. 311. Cited by H.P. Bull (1985), p. 13.
Report by A. Patijn, CJ-PD expert from the Netherlands. Data protection and the police.
Evaluation of Recommendation R (87)15, 1998, available at: http://www.coe.int/t/e/legal
_ affairs/legal_cooperation/data_protection/documents/reports_and_studies_of_data
_protection_committees/.
Since Article 100 CISA includes data on objects, this provision will not be dealt with in this
context.

Eective Remedies under Data Protection Law

207

national security, in the territories of the contracting parties and to apply the
provisions of this convention relating to the movement of persons in those territories, using information communicated via this system. This purpose, which is
very broadly dened, makes it clear that SIS was intended rstly as tool for the
police for maintaining the public order and security and, secondly, as a tool to
control the movement of persons across borders. What is important is the general principle of Article 94 CISA, which states that SIS should only include such
data as are necessary for the purposes of Articles 95 to 100. This explicit requirement is important because it forces the contracting parties, forwarding data, to
investigate whether the interest of the case justies registration in the SIS.
5.1.2. Legitimacy of Purpose
The principle of purpose limitation not only requires the availability of a specic
goal for data processing, but also implies the legitimacy of this goal. This principle of a legitimate purpose is included in Article 5 of the Data Protection
Convention. EC Directive 95/46 goes further, with the inclusion of a limitative
enumeration of purposes for which personal data may be processed. According
to Article 7 of the EC Directive, data processing is legitimate if:
the data subject has given his consent;
the data processing is necessary for a contract to which the data subject is a
party;
the processing is necessary for compliance with a legal obligation to which
the controller is subject;
it is necessary in order to protect the vital interests of the data subject; or
for the performance of a task in the public interest or in the exercise of an
ocial authority vested in the controller or in a third party to which the data
are disclosed and, nally;
when processing is necessary for the legitimate interests of the controller or
the third party to whom the data are disclosed, except where such interests are
overridden by the fundamental rights and interests of the data subject.
According to these criteria, it is not always necessary for data processing by
public authorities to be explicitly provided for by law. For example, a legal basis
is not required if data processing is necessary to protect the vital interests of the
data subject or if this is necessary in the public interest or in the exercise of an
ocial authority vested in the controller or in a third party to whom the data
are disclosed. The general provision in Article 6 (1) (a) of the EC Directive only
requires that data must be processed fairly and lawfully. This does not mean
that data processing always must have a legal basis, but only that it should not
be fair and not in breach of the applicable law. However, as we have seen in
Chapter 6, in its jurisprudence on Article 8 ECHR, the ECtHR dened more

208

Chapter 7

stringent criteria with regard to the legal basis of data processing, for the
purpose of transparency and to ensure the accessibility of legal remedies.98
With regard to the legitimacy of the purpose of SIS, Article 93 CISA provides
that the use of SIS should be in accordance with the provisions of the CISA.
With regard to the more specic criteria, as provided in Articles 95 to 99, these
provisions only include the criterion that the decision to report somebody in SIS
should be in accordance with the national laws.
Article 94 CISA further includes the rule that if a contracting party considers an
alert entered in SIS based on Article 95, 97 or 99 in breach of its national law, international obligations or other prevailing national interests, this country may mark
this alert to prevent action on the basis of this alert occurring on its own territory.
5.1.3. Use or Disclosure Limitation
The principle of use or disclosure limitation implies that personal data should
not be used or transmitted for purposes other than the initial purpose dened at
the time of data collection or storage. In general, this purpose limitation principle is not very strictly dened. For example, Article 6 (1) (b) EC Directive 95/46,
allows for the use or disclosure of information for purposes which are not
incompatible with the initial purposes. Of course, this criterion can be applied
in various ways. It allows data holders to dene very broadly the purposes of
their databases or the authorities or users who have access to them. In practice, it
will often be dicult for individuals and data protection authorities to enforce or
control this principle. For example, it is not always easy to establish which use of
the information at stake is incompatible with the original purposes.
Considering the general goals of data protection, including the protection of the
rule of law and preventing the concentration of power, the principle of use or disclosure limitation is closely linked to the prohibition of dtournement de pouvoir in
administrative law. In their relations with governments, in particular, persons
should have a guarantee that information given to one authority is not automatically available to other authorities as well. In other words, this principle should to a
certain extent safeguard the informational division of powers, as described above.
Articles 101 and 102 CISA are the central provisions regulating the authorities potential access to the data in SIS. Article 101 provides that access to the data
entered in SIS and the right to search data directly shall be reserved exclusively
for the authorities responsible for either border checks or other police and customs checks carried out within the country and the coordination of such checks.

98

See sections 6.2 and 7.2 of Chapter 6.

Eective Remedies under Data Protection Law

209

In addition, the authorities responsible for issuing visas or central authorities

responsible for examining visa applications or for issuing residence permits and
for the administration of legislation on aliens may have access to the data
entered pursuant to Article 96 (Article 101 (2)). The contracting parties are
obliged to send to the Secretariat General of the Council (formerly the Executive
Committee) a list of competent authorities which are authorised to search the
SIS data (Article 101 (4) ). These lists should specify, for each category of data
included in SIS, which authority may search for which data.99
5.1.4. Time Limit on Storage of Data
The principle of purpose limitation also requires that personal data be retained
no longer than necessary for the purpose for which the data are stored or processed. This principle is laid down in the dierent European instruments of data
protection, although these instruments do not include explicit time limits. For
example, according to Article 5e of the Data Protection Convention, personal
data undergoing automatic processing may not be stored in a form which permits identication of the data subjects for longer than is required for the purpose
for which those data are stored. The contents of this wording is similar to the
(much shorter) wording of Article 6.1 (e) of the EC Directive: no longer than is
necessary for the purposes for which the data were collected or for which they are
further processed.
More specic criteria are included in Principle 7 of the Recommendation No.
R (87) 15 on police les. According to this provision, the states should ensure
that personal data kept for police purposes are deleted if they are no longer necessary for the purposes for which they were stored. Regarding the decision on
whether longer storage is necessary, the following criteria should be taken into
account: the need to retain data in the light of the conclusion of an inquiry into
a particular case; a nal judicial decision, in particular an acquittal; rehabilitation; spent convictions; amnesties; the age of the data subject; and particular
categories of data. Furthermore, the Recommendation explicitly requires the
adoption of rules aimed at xing storage periods for the dierent categories of
personal data and that regular checks on their quality should be established in
agreement with the supervisory authority or in accordance with domestic law.

99

See the lists of competent authorities which are authorised to search the data contained in the
Schengen Information System directly, pursuant to Article 101(4) of the CISA, at the public
register of the Council: http://register.consilium.eu.int/utfregister/frames/introfsEN.htm,
July 2003, 5002/00; 11788/01; 6265/03.

210

Chapter 7

The CISA provides for dierent time limits for the storage of data in SIS,
depending on which category of data this concerns. According to Article 112
CISA, personal data for the purpose of tracing persons may only be kept for the
time required to meet the purposes for which they were supplied. For this category of data, the authority which issued the alert is obliged to review the necessity
of further storage no later than three years after they were reported to SIS.100
If the issuing state does not explicitly state that further storage is necessary, the
data will automatically be deleted after this period of three years. For persons
whose data are stored for the purposes of Article 99 (discreet surveillance or
prosecuting criminal oences, prevention of threat to public order) this review
period is xed at one year. The time limit for the storage of data on objects is
10 years (Article 113). The provisions in CISA do not restrict the number of times
the storage of data in SIS may be extended. In practice, this allows the participating
states to keep data on individuals in SIS on a permanent basis. Another loophole
with regard to the time limits applicable to SIS is caused by the practices of
national SIRENE oces. As described above, the functioning of SIS is complemented by SIRENE bureaux, which hold additional information les alongside
the SIS alerts. According to the SIRENE manual, if a SIS alert is deleted from
SIS, the corresponding dossier with SIRENE should be destroyed as well, at least
as far as possible. This latter exception has been used by Schengen states to keep
SIS information in their local intelligence les, even after its removal from SIS.
Article 102 (2) CISA precludes alerts issued by one state from being copied from
the NSIS to the national les of another state. However, issuing states can, even
when data are removed from SIS, preserve those data in their national les.
With regard to SIS II, the German government proposed in 2000 replacing the
maximum time limits for the storage of data by time limits for reviewing the need
of further storage.101 In a meeting of 20 June 2002, the Econ Council concluded
that there should be no extension of the duration of alerts and no replacement of
the maximum deadlines by review deadlines.102 The Council recommended
however that where national law allows such extension of time limits, this should
be done via national technical procedures. One year later, the JHA Council,
in their meeting of 56 June 2003, decided that the applicable time limits had to be

100

101
102

According to Article 113, for data other than referred to in Article 112, data may kept for a
maximum of ten years, with the exception of identity papers and suspect banknotes, which
may be kept for ve years, and data on motor vehicles, trailers and caravans, to which a time
limit of three years is applicable.
11538/00, 20 September 2000.
10089/02 (Press 181).

Eective Remedies under Data Protection Law

211

modied without specifying how.103 The original proposal of the Commission for
the SIS II Regulation provided for automatic erasure after ve years. This has been
changed in the nal text of the Regulation 1987/2006. According to Article 29 (2),
Member States issuing an alert must review the need to keep it within three years of
its entry in SIS II. Furthermore, Article 29 (3) provides that where appropriate
Member States must set shorter review periods. Important is the new provision in
Article 29 (4) stating that a decision to keep an alert longer in SIS II must be based
on a comprehensive individual assessment. This assessment must be recorded.
The principle of time limits must be distinguished from rules stating that personal data have to be deleted from certain les after the change of status of the person concerned. For example, Article 7 and 10 of the Eurodac Regulation 2725/2000
provides that, when an asylum seeker acquires citizenship of any of the Member
States or has been issued a residence permit, his or her data have to be deleted from
Eurodac as soon as the Member State of origin becomes aware that this person
acquired such citizenship or residence permit. As we have seen above, a similar rule
has been included in Article 30 of the Regulation 1987/2006 on SIS II.104
5.2. Transparency Purpose Specication
One of the most important clues for legal protection for individuals is knowing
which authority or organisation is collecting and using their personal information.
This transparency is secured, rstly, by the obligation upon data owners to
publish the fact of data processing by any means: legal basis, registration with the
data protection authority, or submitting written information to the data subject.
This principle is laid down in Article 5b Data Protection Convention which states
that personal data undergoing automatic processing shall be stored for specied
purposes. This is further explained in consideration no. 42 of the explanatory
report to the Convention, which states that the reference to purposes in Article
5 indicates that data should not be stored for undened purposes; however, the
way in which the legitimate purpose is specied may vary in accordance with
national legislation.
The principle of purpose specication is also included in Article 6 (1) (b) of
EC Directive 95/46, stating that personal data must be collected for specied,
explicit and legitimate purposes. Purpose specication is also secured by the right
of data subjects to be informed before, during or after the collection of personal
information of the purpose for which the data are stored and of the recipients of
this information (see section 5.5).

103
104

JHA Council, 56 June 2003, 9845/03 (Presse 150).

See Chapter 4, section 6.3.

212

Chapter 7

As we have seen, Article 93, in conjunction with Articles 95 to 99 CISA, dene

the purposes for which persons may be entered in the SIS. In particular, the criteria of Article 96 are broad and leave a wide margin of interpretation to the
national authorities. Only with regard to the denition of the data which may be
stored in SIS, Article 94 CISA includes more specic criteria. The limitative list
of data on persons to be stored into the SIS includes, among other things, the
name, date and place of birth of the person, sex, nationality, the reason for the
alert and the action to be taken, any specic objective physical characteristics not
subject to any change and whether the person concerned is armed or violent.
5.3. Special Categories of Data: Extra Safeguards
One of the earliest concerns during the discussions on the development of data
protection legislation has been the storage or use of so-called sensitive or special
categories of data. Recognising the sensitivity of certain categories of data, such
as concerning racial or ethnic origin, health or sexual behaviour, extra safeguards
have been developed with regard to the use and storage of this information. In
Chapter 6, section 3.2, I have dealt with the protection of sensitive data in the
light of Article 8 ECHR, arguing that the requirement of extra safeguards with
regard to these data is closely related to the right of non-discrimination. Article 6
of the Data Protection Convention denes the following special categories: data
revealing racial origin, political opinions or religious or other beliefs, as well as
data concerning health or sexual life and data relating to criminal convictions.
The list of special categories of data in Article 8 of the Directive 95/46 is almost
the same as provided for in the Data Protection Convention, but also includes
data on ethnic origin and data on trade union membership. Furthermore, Article
8 (5) of the Directive states, with regard to data relating to oences or criminal
convictions, that these data may be processed only under the control of a ocial
authority or if suitable specic safeguards are provided under national law.
EC Directive 95/46 and the Data Protection Convention do not include an
absolute ban on the processing of these special categories of data. According to
Article 6 Data Protection Convention, these data may not be processed automatically unless domestic law provides appropriate safeguards. Article 8 of the EC
Directive is based on the principle that Member States should prohibit the
processing of special categories of data. However, Article 8.2 provides for a large
number of exceptions to this general prohibition. For example, the prohibition
does not apply when the data subject has given his explicit consent or in specic
situations where the processing of these data falls under the general task of certain organisations such as trade unions or non-governmental organisations.
Furthermore, Article 8.4 allows Member States to dene additional exemptions

Eective Remedies under Data Protection Law

213

such as those included in Article 8 for reasons of substantial public interest,

either by national law or by decision of the supervisory authority.
In practice, national regulations on sensitive data often provide for a hybrid
approach: the listing of special categories of data in national laws, of recording
or use is limited, combined with a sectoral approach, in which the use of personal data in certain sectors is regulated by special laws. For example, in the
Netherlands, specic laws have been adopted for the use of police les and on
the use of personal data in health care. In 1999, the former Hessen Data
Protection Commissioner Simitis referred to two paradoxes in the contemporary
regulation of the processing of sensitive data.105 In the rst place, the persistent
claim that sensitive data can and must be dened in an exhaustive manner would
conict with constant attempts either to bypass or revise the apparently denitive list. Secondly, according to Simitis, the intention of States to limit radically
the processing of sensitive data would be counteracted by an endless list of exceptions which is provided for in the same laws. These problems, as pointed out by
Simitis, are inherent in the regulation of sensitive or specic categories of data.
Rather than just prohibiting the processing of these categories of data, national
legislators should be obliged to provide for more additional safeguards.
With regard to the storage of sensitive data in the SIS, Article 94 (1) formally
prohibits the recording of sensitive data, as described in the rst sentence of
Article 6 of the Data Protection Convention. However, CISA allows for two
exceptions. In the rst place, the authors of CISA intentionally did not refer to
the second sentence of Article 6 Data Protection Convention, regarding data
relating to criminal convictions, since this would have precluded the alert,
described in Articles 95 and 96, which may include information on criminal
convictions. Secondly, the information on physical features as listed in Article 94
can also be considered sensitive data, since those data may well include
information on someones health or racial origin.106
5.4. Quality of Data
Compliance with this principle is not only a prerequisite for the protection of
individuals, but also for the adequate execution of the tasks of the data holder.
Compliance with the quality of data is related to the purpose limitation principle.

105

106

S. Simitis, Revisiting Sensitive Data. Review of the answers to the Questionnaire of the
Consultative Committee of the Convention for the Protection of Individuals with regard to
Automatic Processing of Personal Data (ETS 108), Strasbourg, 2426 November 1999.
See L.F. Verhey, Privacy aspects of the Convention in: H. Meijers (1992).

214

Chapter 7

As provided for in Article 5c of the Data Protection Convention, the information

stored should be adequate, relevant and not excessive in relation to its purpose.
According to Article 5d, the information should be accurate and, where necessary,
kept up to date. As emphasised in the explanatory memorandum to the
Convention, these criteria apply to the storage and use of personal information,
including gathering, storage or dissemination. Article 6 (1) (d) of EC Directive
95/46 provides that personal data must be accurate and, where necessary, kept up
to date. According to this provision, data holders should take every reasonable
step to ensure that data which are inaccurate or incomplete are erased or rectied,
taking into account the purposes for which they are collected or processed.
The principle of the quality of data implies the need to dierentiate between
soft and hard data. Although, in general, data protection law does not explicitly refer to soft or hard data, the Recommendation (87) 15 on police les
obliges the authorities to treat certain categories of data dierently. Principle 3.2
of the Recommendation states that as far as possible, the dierent categories of
data stored should be distinguished in accordance with their degree of accuracy
or reliability and, in particular data based on facts should be distinguished from
data based on opinions or personal assessments. The explanatory memorandum
refers to corroborated and uncorroborated data. The report on the third evaluation of Recommendation (87) 15, published in 2002, describes soft data as
data that have not yet been veried and whose link with the police objectives
must be prepared.107 According to the report, the use of this data, which give
some unconrmed indications or raise suspicions about the involvement of a
person in one or several criminal oences, causes problems from a data protection point of view. More specically, the report points to the problem that these
data are processed for dierent purposes or for a general preventive purpose, even
if the adequacy or accuracy of these data has not been established.
Article 105 CISA obliges contracting parties to ensure that data entered in SIS
are accurate, up-to-date and lawful. Only the issuing states are allowed to modify,
add to, correct or delete the data entered in SIS. When a non-issuing state has
reason to believe the data entered in SIS are not accurate, this State must inform
the issuing State. The latter State is then obliged to check the accuracy of the data
immediately (Article 106).

107

Published at: http://www.coe.int/t/e/legal_aairs/legal_co-operation/data_protection/. See

paragraph 14.

Eective Remedies under Data Protection Law

215

5.5. Individual Participation: Rights of the Data Subject

5.5.1. Right to be Informed Right of Access to Personal Data
As we have seen above, one of the goals of data protection law is to protect
individuals and their right to control to a certain level the use of their personal
information. Although one cannot speak of an unlimited right to informational
self-determination, one of the tools to control the use of personal information by
third parties or governmental organisations is the right to be informed. This right
includes both the right for the individual to apply for access to his or her data and
the duty of the data controller to inform the data subject. Article 8 of the Data
Protection Convention includes the right of a person to be enabled to establish
the existence of an automated personal data le, its main purposes, as well as the
identity and habitual residence or principal place of business of the controller of
the le. Article 12 of the Directive 95/46 requires that the controller of the
information should conrm without constraint at reasonable intervals and
without excessive delay or expense whether or not data relating to the data
subject are being processed and to give information on the purpose of processing,
categories of data concerned, recipients or categories of recipients.
The right to be informed is included in Articles 10 and 11 of the EC Directive
95/46. These provisions oblige the data controller to inform the data subject on the
use of his or her personal information, irrespective of whether the data subject
applies for access to the data. Article 10 of obliges the controller to inform the data
subject from whom data are collected of the identity of the controller and the
purpose of the data processing for which the data are intended. In so far as this is
necessary having regard to the specic circumstances in which the data are collected to guarantee fair processing in respect of the data subject, information must
also be provided on the recipients or categories of recipients, whether the reply to
the information request is compulsory, and on the consequences of failure to
response the existence of the right to access and rectify data concerning the individual. The data controller should also inform the data subject on the existence of the
right to access and the right to rectify data concerning him (on the basis of Article
10 (c)). If the data have not been obtained from the data subject himself, Article 11
of the Directive obliges the data controller, at the time of recording or when disclosure of the data to a third party is envisaged, to inform the data subject no later than
the time when the data are rst disclosed, conveying the information mentioned in
Article 10. Article 11 (2) of the Directive includes general exceptions to the right to
be informed. The data controller is not obliged to inform the data subject, where
the data are processed for statistical purposes or for the purposes of historical or scientic research, or where the provision of such information proves impossible or
would involve a disproportionate eort or if recording or disclosure is expressly laid
down by law. In these cases Member States must provide appropriate safeguards.

216

Chapter 7

According to Article 109 CISA, the right of individuals to demand access to

their data is to be asserted in accordance with the national legislation of the state
in which they invoke this right. When national law so provides, the right to access
cannot be exercised directly, but must be asserted via the national supervisory
authority. The right of access to SIS information as provided for in Article 109
has two restrictions. Firstly, when the state to which the application for access is
made is not the issuing state, the latter state must be given the opportunity to set
forth its position, before the requested state can give the individual the requested
information. This duty to consult the issuing state may cause considerable delays
in applicable procedures and extend the time the applicants has to wait before he
or she is informed of the information stored in NSIS. During the negotiations on
the draft CISA, the French government even advocated the need for the approval
of the issuing state, but this was not accepted by the other negotiating parties.108
The second limitation of the right to access is contained in Article 109 (2), which
states that information must be refused to the person concerned when this is
indispensable for the performance of a lawful task in connection with alert or
for the protection of the rights and freedoms of other parties. The right to
access must in any event be refused during the period of validity of an alert for
the purpose of discreet surveillance. In conclusion, it is fair to say that the CISA
in one way conrms the universality of the principle of the right to access;
however, the way this right is to be exercised is left to national scrutiny.
Article 41 of the new Regulation 1987/2006 on SIS II includes a comparable
rule as provided in the CISA. As in the Article 109 CISA, the requested state should
give the issuing State the opportunity to state its position before communicating
the requested data. Also, Article 41 allows national legislators to give the national
data protection authorities a primary role with regard to access rights. Dierent
from the provision in the CISA, Article 41 includes a time limit of 60 days within
which an individual aplying for access to his or her data should be informed. And
no later than three months the individual should be informed on the follow-up
given to the exercise of his rights of correction or deletion (see further below).
Article 42 of the Regulation on SIS II gives more specic rules dealing with
the right of information comparable with the provision in the EC Directive
95/46. Article 42 of the SIS II Regulation provides that third-country nationals who are the subject of an alert issued in accordance with this Regulation
shall be informed in accordance with Articles 10 and 11 of Directive 95/46.

108

Draft document of 7 August 1989, SCH/I (88) 7 12th revision (Dutch version); see also
Dumortier (1992), p. 160.

Eective Remedies under Data Protection Law

217

This information must be provided in writing, together with a copy of or a reference to the national decision giving rise to the alert in SIS II. Article 42 (2) of
the SIS II Regulation allows for exceptions to this right of information, which
go further than those provided in the EC Directive 95/46. Firstly, the information must not be provided where (i) the personal data have not been obtained
from the third-country national in question; and (ii) the provision of the information proves impossible or would involve a disproportionate eort. Secondly,
the information must not be provided where the third country national in question already has the information. Thirdly, there is no duty to inform the data
subject where national law allows for the right of information to be restricted,
in particular in order to safeguard national security, defence, public security and
the prevention, investigation, detection and prosecution of criminal oences.
5.5.2. Right to Request Correction, Deletion or Blocking of Further Processing
Article 8 of the Data Protection Convention of 1981 includes the right of a data
subject to obtain the correction or erasure of personal data if the data have been
processed contrary to the national law implementing the data protection principles. Article 12 (b) of Directive 95/46 includes, aside from the rights of rectication and erasure, also the right to ask for blocking of data. This includes the right
to demand that the data are not further processed or transmitted to other parties
if the data processing does not comply with the provisions of the Directive.
Article 12 (b) of the EC Directive provides that the data controller may be asked
to notify third parties to whom the data are disclosed of any rectication or erasure on behalf of the person concerned unless this proves impossible or involves
a disproportionate eort.
Article 14 EC Directive further gives individuals the right to object to data
processing on compelling legitimate grounds relating to his particular situation.
According to this provision, this right applies at least with regard to data
processing as described in Article 7 (e) and (f ) of the Directive. These provisions
refer, respectively, to data processing necessary for the performance of a task carried out in the public interest or in the exercise of ocial authority and processing by the controller or third party or parties to whom the data are disclosed, for
the purposes of their legitimate interest. Furthermore, Article 14 gives individuals
the right to object, upon request and free of charge, to data processing for the
purposes of direct marketing. Only with regard to this latter objection, the
Directive requires Member States to take the necessary measures to ensure that
data subjects are aware of their right of objection. In practice, it will be dicult
for an individual to apply this right of objection with regard to data processing by
public authorities. This requires not only that an individual be aware of this right,
but also that he or she be able to put forward compelling grounds, based on
which his or her personal data should not be processed further.

218

Chapter 7

5.6. Ban on Automated Decision-making

In the eld of administrative law and of criminal procedural law, the ability of
authorities to base their decisions and prosecutions respectively on automated data
processing only, is already limited by common rules. For example, in administrative law, authorities are generally obliged to motivate their decisions in writing. In
criminal law procedures, courts should motivate their judgments and relate the
decision to the individual facts or circumstances of the case. On the other hand,
automated decision-making in the eld of tax and social security procedures or
administrative nes is common practice. This practice is justied by the huge
volume of cases to be dealt with by the administration, as well as the convenience
of the citizens involved.
In the light of the current EU developments, where measures on immigration
control tend to be based increasingly on automated data processing, the banning
of automated decision-making becomes even more important. Based on the
example of French data protection law (dealt with in section 5 of Chapter 11),
this principle was included in Article 15 of EC Directive 95/46. According to this
provision, every person has the right not to be subject to a decision which
produces legal eects concerning him or signicantly aects him or her and which
is based solely on automated processing of data intended to evaluate certain
personal aspects relating to him, such as his performance at work, creditworthiness, reliability, conduct, etc. The meaning of this principle has been weakened
considerably by paragraph (2) of Article 15, which allows for subjection to an
automated decision when the decision in question is taken in the course of
entering into or fullling a contract, or when this is authorised by a law which
also lays down measures to safeguard the data subjects legitimate interests.
The CISA does not include any reference to a ban on automated decisionmaking. On the contrary, the implementation of the rules on the use of the SIS
requires a practice which seems quite contrary to this principle. Generally, the
reports in SIS forwarded by the national authorities of one State should be automatically implemented by the authorities of the other States. As we will see below,
in the judgment of Commission v. Spain, concerning the registration in SIS of the
spouses of EU citizens, the Court of Justice ruled that the Spanish authorities
could not automatically refuse entry or a visa solely on the basis of these SIS
alerts.109 As I will argue below, this reasoning should also apply to other thirdcountry nationals protected by EU law or international standards of human
rights.

109

C-503/03, 31 January 2006, OJ C 86, 8.4.2006. See further Chapter 9.

Eective Remedies under Data Protection Law

219

5.7. Security
The duty to secure personal information against destruction, loss or unauthorised access is not new. Even with regard to manual les and archives containing
personal information, it is generally accepted that the person, organisation or
authority holding these les should take precautionary measures to protect the
information. Especially in certain elds such as in health care or the police sector,
it is considered as normal for these les to be kept in special safe-deposit boxes.
What actually changed is that the introduction of information technology
requires new technical and organisational safeguards. Article 7 of the Data
Protection Convention obliges the state parties to ensure that data holders are
taking the appropriate security measures to protect against accidental or unauthorised destruction or accidental loss, as well against unauthorised access, alteration or dissemination. Article 17 of EC Directive 95/46 refers to the duty of
appropriate technical and organisational measures. These rules do not include
details on which kind of measures should be taken. It is therefore unclear when
data processors or data controllers can be held responsible or accountable (dealt
with in section 5.8) for damages due to faulty or inadequate security measures.
With regard to the use of SIS, Article 118 CISA describes certain security
measures which should be implemented by the contracting parties. For instance,
it stipulates that the states should take appropriate measures to prevent access
by unauthorised persons to the systems used for the SIS and to prevent
unauthorised access, change, deletion or use of the data stored.
In its annual reports, the Joint Supervisory Authority (JSA) devoted much
attention to the necessary safeguards to protect the security of CSIS and SIRENE
oces. Responding to an incident in 1997, when an ocer at the Belgian
SIRENE oce leaked personal information to criminal organisations, the JSA
decided at its meeting of 12 December 1997 to investigate the security measures
taken in the dierent countries.110 Based on the reports forwarded by the national
authorities, the JSA concluded that complementary measures were still necessary.
Among other things, the JSA advised the authorities to take the following
measures: encryption of information which is kept on data carriers; intensication of the measures to guarantee that only authorised ocials are gaining access
to the information in SIS; check the reasons for SIS inquiries at regular intervals;
appointment of an ocial responsible for security, and the adoption of security
measures which should be identical for each national SIRENE bureau.

110

Third activity report of the JSA, March 1998March 1999, Brussels, 9 March 1999, SCH/
Aut-cont (99) 8.

220

Chapter 7

In 2006, the European Data Protection Supervisor (EDPS) completed its rst
inspection report of the Central Unit of Eurodac.111 This inspection focused on a
number of security aspects, including risks and incident management, security of
communications and physical access control. According to the press release, the
EDPS was generally satised with the level of security at the Central Unit. The
inspection report itself was held condential.112
5.8. Accountability
The data owner or controller is in principle responsible for possible damage
caused by illegal or inaccurate data processing. This principle of liability is not
explicitly regulated by the Data Protection Convention of 1981 or by
Recommendation R (87). Although the latter Regulation uses the denition of
responsible body which refers to the controller of the le which has ultimate
responsibility for the le, the only consequence it attaches to this responsibility is
the duty to notify the supervisory body of the existence of a particular le.
The liability of the data owner is regulated by Article 23 of the EC Directive:
this entails an obligation for Member States to specify that any person who has
suered damage as a result of an unlawful processing operation, or any act incompatible with the national provisions adopted in accordance with the Directive, is
entitled to receive compensation from the controller for the damage suered.
According to Article 108 of CISA, the contracting states must appoint
national authorities which are responsible for the smooth operation of the
national section of SIS. This authority should take the necessary measures to
ensure compliance with the provisions of CISA. The liability of the Schengen
States for injuries caused by the use of SIS is provided for in Article 116 CISA.
According to this provision, each contracting state is liable for injury caused to
individuals by the use of national sections of SIS. This includes injury caused by
an issuing state which has entered factually inaccurate data or stored data unlawfully in NSIS. This provision is important because it enables individuals to forward their claims to every Schengen State, irrespective of whether this is the
issuing state or not. On the basis of Article 116 (2), if the state against which
the action has been brought is not the issuing state, the latter should reimburse
the sum paid by the former. This rule does not apply if the former state used the
information in SIS in breach of the provisions in this convention.

111

112

See the Annual Report of the EDPS on 2006, p. 38, http://www.edps.europa.eu. See further
below, section 7.2.1.
See for a critical review of this report: E. Guild, Unreadable Papers? The EUs rst experiences
with biometrics: Examining Eurodac and the EU Borders, in: J. Lodge (ed.), Are you who you
say you are? Liberty and security in the EU, Nijmegen: Wolf Legal Publishers 2007.

Eective Remedies under Data Protection Law

221

5.9. Non-discriminatory Application of Data Protection Rules

The right to data protection applies to every individual irrespective of his or her
residence, status or nationality. This non-discriminatory application of data protection follows explicitly from the European instruments on data protection.
Article 1 of the Data Protection Convention refers to every individual, whatever
his nationality or residence. The Convention includes a special regulation in
Article 14, paragraph 1, ensuring that subjects residing abroad, whether in a
Contracting State or in a third country, will be able to exercise their right to
know and, where necessary, to rectify the information stored in a data le.
According to the explanatory memorandum, the guarantees set out in the
Convention are extended to every individual regardless of nationality or residence, in accordance with the general principle of the Council of Europe and its
Member States with regard to the protection of individual rights. Clauses restricting data protection to a States own nationals or legally resident aliens not only
would be incompatible with Article 1 of the Data Protection Convention, but
also with the general non-discrimination principle in Article 14 ECHR together
with Article 8 on the right to private life.
EC Directive 95/46 does not dene data subject but, from its provisions,
referring to natural person, individuals or data subjects, it can be concluded that
the Directive does not treat dierent categories of persons in dierent ways. We
saw above that the EU legislator inserted the right to data protection as a separate human right in the EU Charter on Fundamental Rights. From the wordings
chosen in Article 8 of this Charter, it follows that this right to the protection of
personal data should apply indiscriminately. Article 8, refers to the right of
everyone, where other rights in the Charter include the wordings every citizen
of the Union and therefore have a restricted meaning.
The rights as provided for in the CISA also apply indiscriminately. The CISA
explicitly gives any person the right to have inaccurate data or unlawful data
either corrected or deleted (Article 110); the right of access to a judicial court in
the territory of each Schengen State is also open to any person (Article 111 CISA
and Article 43 of the SIS II Regulation, to be dealt with in section 8.4 below).
To my knowledge, the national laws of the EU Member States do not dierentiate between dierent categories of persons, other than the Privacy Act of the
United States which only applies to US citizens or aliens lawfully admitted for
permanent residence.113

113

U.S. Privacy Act of 1974 as amended, 5 U.S.C. 552a.

222

Chapter 7

6. Limitations of Data Protection Rights: General Interest

and National Security
The practical meaning of the rights and safeguards in the instruments described
above depends on the criteria based on which these rights can be limited.
Article 9 of the Data Protection Convention denes legitimate grounds for
limiting the rights of data subjects, including deviation from the provisions of
Articles 5 (on data quality), 6 (on extra safeguards for special categories of data)
and 8 (right of data subject to access, correct and delete, and the right to a
remedy). According to Article 9, limitation of these rights is allowed when this is
provided for by national law and constitutes a necessary measure in a democratic society in the interests of 1) protecting State security, public safety, the
monetary interests of the State or the suppression of criminal oences; and 2)
protecting the data subject or the rights and freedoms of others.
The explanatory report to the Data Protection Convention (para. 55) explicitly
refers to the principles of the ECHR and the criteria as provided for by the ECtHR
in order to assess which limitations can be considered lawful: Exceptions to the
basic principles of data protection are limited to those which are necessary for the
protection of fundamental values in a democratic society. The text of the second
paragraph of this article has been modelled after that of the second paragraphs of
Articles 6, 8, 10 and 11 of the ECHR. It is clear from the decisions of the
Commission and the ECtHR relating to the concept of necessary measures that
the criteria for this concept cannot be laid down for all countries and all times, but
should be considered in the light of the given situation in each country. With
regard to the meaning of state security, paragraph 56 of the explanatory report to
the Data Protection Convention states that this notion should be understood in
the traditional sense of protecting national sovereignty against internal or external
threats, including the protection of the international relations of the State.
Article 13 of EC Directive 95/46 also explicitly describes the restrictions to the
rights as included in the Directive. It includes a long list of legal restrictions: the
safeguarding of national security, defence and public security; the prevention,
investigation, detection and prosecution of criminal oences or of breaches of
ethics for regulated professions; the protection of important economic or nancial
interest of the Member States or of the EU; and, nally, the protection of data
subject or rights and freedoms of others. Furthermore, according to Article 13 (2)
the right of access, correction and deletion, as provided for in Article 12, may be
restricted by a legal measure and when there is clearly no risk of breaching the privacy of the data subject for data which are processed solely for scientic purposes.
The ECJ made it clear in the sterreichischer Rundfunk case that any of the
exceptions included in Article 13 of Directive must comply with the requirement
of proportionality with respect to the public interest objective being pursued and

Eective Remedies under Data Protection Law

223

any national provision based on the limitations must be interpreted in accordance with the right to private life in Article 8 of the ECHR.114
Article 52 (1) of the EU Charter includes a general limitation which also
applies to Article 8 on the right to data protection. According to this provision,
any limitation on the exercise of the rights and freedoms recognised by this
Charter must be provided for by law and respect the essence of those rights and
freedoms. Subject to the principle of proportionality, limitations may be made
only if they are necessary and genuinely meet objectives of general interest recognised by the Union or the need to protect the rights and freedoms of others.
Both the denition of this Article 52 and the explanation to Article 9 of the
Data Protection Convention referred to above make it clear that governments
cannot simply invoke the legitimacy of its purposes when restricting the rights to
data protection. These limitations are only lawful if governments can establish
that such limitations are necessary, proportional and genuine or that they are
eective for the purposes to be achieved. It should be noted that according to
Article 52 (3) of the EU Charter, in so far this Charter contains rights which
correspond with the rights protected in the ECHR, the meaning and the scope
of the rights in the Charter shall be the same as the rights of the ECHR. However,
Union law may provide more extensive protection.
According to Article 102 CISA, data entered in SIS may only be used for the
purposes laid down for each category of alert referred to in Articles 95100.
However, paragraph 3 of this provision allows deviation from this principle when
this is justied by the need to prevent an imminent serious threat to public policy
and public security, on serious grounds of national security or for the purposes of
preventing a serious criminal oence. Although this requires prior authorisation
from the state issuing the alert to be obtained for another purpose, the Convention
does not provide any prior, independent, supervisory control of the necessity of
this deviation from the purpose limitation principle.

7. Eective Remedies: Independent Data Protection Authorities

7.1. National Data Protection Authorities
7.1.1. Data Protection Convention
Surprisingly, the Data Protection Convention does not include any specic provision on the availability of independent data protection authorities. Article 10
of this Convention only requires that each Party should undertake to establish
114

Rechnungshof v. sterreichischer Rundfunk and Others, 20 May 2003, Joint Aairs C-465/00,
C-138/01 and C-139/01 para. 91.

224

Chapter 7

appropriate sanctions and remedies for violations of provisions of domestic law

giving eect to basic principles of the Data Protection Convention. Not until
2001 was a Protocol added to the Convention on the role and powers of supervisory authorities and trans-border data ows, according to which States should
ensure the establishment of independent supervisory authorities.115 These authorities should be given, in particular, powers of investigation and intervention to
ensure the compliance of national legislation implementing the principles of the
Data Protection Convention and this Protocol. These authorities should also be
given the power to engage in legal proceedings or bring to the attention of the
competent judicial authorities violations of national legislation, putting these
principles of the Data Protection Convention into eect.
Furthermore, the Protocol provides for appeal against decisions by the supervisory authorities, which give rise to complaints, through the court system. With
regard to trans-border data ows, the Protocol includes the rule that personal data
may only be transferred to another country or international organisation which is
not subject to the jurisdiction of a Party to the Convention, if this recipient state
or organisation ensures an adequate level of data protection. There are two exceptions to this general rule: rstly, parties may allow the transfer of personal data if
domestic law so provides because of the specic interests of the data subject or
legitimate prevailing interests, especially important public interests. Furthermore,
data transfer is allowed if safeguards which can in particular result from contractual clauses are provided by the controller responsible for the transfer and are
found adequate by the competent authorities according to domestic law.
7.1.2. EC Directive 95/46
Article 28 of the EC Directive 95/46 provides for the establishment of national
public authorities which are responsible for the application of data protection
principles. According to Article 28, Member States should ensure the complete
independence of these authorities and assign them the following tasks and powers: to give advice on administrative measures or regulations relating to the
protection of the individuals rights and freedoms with regard to data processing
and to have investigate powers to monitor the application of the national law
implementing the EC Directive. The supervisory authority may further order the
blocking, erasure or destruction of data and place a temporary or denitive ban
on data processing.

115

ETS No. 181, 8 November 2001. This Protocol entered into force on 1 July 2004. Of the 47
Member States of the Council of Europe only 16 States (of which 13 EU Member States) ratied
this Protocol, including France, Germany, and the Netherlands, http://conventions.coe.int
(consulted in June 2007).

Eective Remedies under Data Protection Law

225

The supervisory authority may, according to Article 28 (4), hear individual

claims concerning his or her data protection rights. The EC Directive does not
provide further details on the powers and competences of the supervisory authorities when dealing with this individual application. Article 28 (4) only states that
the person concerned shall be informed of the outcome of the claim.
According to Article 28 (3) of the EC Directive, supervisory authorities have
the power to start legal proceedings in cases where the national provisions which
are adopted to implement the EC Directive are violated. The national data protection authorities may also refer a matter to parliament or another political
organisation. In its rst evaluation report on the implementation of the EC
Directive, the European Commission conrmed the importance of the independence of national data protection authorities.116 The Commission describes
the independence in the taking of decisions as a sine qua non for the correct
functioning of the system. In the same report, the Commission expresses its
concerns that in practice this independence is threatened by the lack of resources
for national supervisory authorities.
Finally, Article 28 (6) states that a supervisory authority is competent, whatever the national law applicable to the processing in question, to exercise its
powers in accordance with paragraph 3 on the territory of its own Member State.
This seems to imply that a national data protection authority cannot exercise its
competences with regard to data processing outside the scope of its own territory.
However, the same provision makes it clear that each authority can be requested
by an authority of another Member State to exercise these powers.
7.1.3. SIS I and SIS II: CISA and Regulation 1987/2006
The CISA provides for the establishment of a non-judicial supervisory mechanism, at both national and international levels. At national level, on the basis of
Article 114 CISA, supervisory bodies are responsible for carrying out independent
supervision of the national SIS data les. This supervision includes checking
whether the processing and use do not violate the rights of the data subject. Article
114 (2) gives any person the right to ask this supervisory authority to check the
data entered in the NSIS and the use being made of these data. The tasks and
competences of the national authorities are to be performed in accordance with
national law. This means there is no harmonised approach at all regarding the way
in which the national databases of the SIS are being supervised.
Article 44 of the SIS II Regulation deals with the supervision of NSIS II by
the national data protection authority (the National Supervisory Authority).

116

Report of 15 May 2003, COM (2003) 265, p. 1213.

226

Chapter 7

Article 44 (1) provides that the authority or authorities designated in each

Member State and endowed with the powers referred to in Article 28 of Directive
95/46, shall monitor independently the lawfulness of the processing of SIS II
personal data on their territory and its transmission from that territory, and the
exchange and further processing of supplementary information.
Furthermore, Article 44 (2) provides that the National Supervisory Authority
must ensure that at least every four years an audit of the data processing operations in NSIS II will be carried out. This audit will have to be in accordance with
international auditing standards.
Finally, Article 44 (3) obliges Member States to ensure that their data protection authorities have sucient resources to full the tasks entrusted to it under
this Regulation.
7.1.4. Eurodac and VIS
The Eurodac Regulation 2725/2000 does not include very strong criteria as to the
role of data protection authorities.117 The national supervisory authorities must
according to Article 18 (10) assist and advise a person with regard to his or her
rights on the deletion or correction of the data concerned. According to Article
18 (9) this assistance has to be performed according Article 28 (4) of the EC
Directive 95/46, which only requires that the supervisory authority should hear
claims of individuals with regard to the protection of their rights and freedoms
and with regard to the lawfulness of data processing. Furthermore, Article 19 of
the Eurodac Regulation provides that each Member State must ensure that
national data protection authorities will monitor independently, in accordance
with national law, the lawfulness of the processing of the personal data, including
their transmission to the Central Unit. Comparable provisions have been included
in Articles 32 (2) and 34 of the draft VIS Regulation.118 Importantly, Article 34
(3) of the draft VIS Regulation obliges Member States to ensure that their national
data protection authorities have sucient resources to full their tasks.
7.2. Data Protection Authorities at the EU Level
7.2.1 The European Data Protection Supervisor
At European level, the protection of individuals with regard to the processing of
personal data by Community institutions and bodies has been envisaged in
Regulation 45/2001 of 18 December 2000.119 This Regulation provides for

117
118
119

OJ L 316, 15.12.2000.
Draft of 10 May 2007, 9423/07.
OJ L 008, 12.01.2001.

Eective Remedies under Data Protection Law

227

supervision by a special supranational authority: the European Data Protection

Supervisor, or EDPS.120 In 2002, the Council adopted a decision on the regulations and general conditions governing the performance of the European Data
Protection Supervisors duties.121 The creation of the EDPS is based on Decision
1247/2002 of 1 July 2002 on the regulations and general conditions governing
the performance of this organisations duties.122 In December 2003, Peter
Hustinx, the former chairman of the Dutch Data Protection Authority, was
appointed the rst European Data Protection Supervisor for a term of ve
years.123 According to Article 32 of the Regulation 45/2001, any data subject
who claims that his or her rights under Article 286 of the Treaty have been
infringed as a result of the processing of his or her personal data by a Community
institution or body may lodge a complaint with the European Data Protection
Supervisor directly. This right is without prejudice to any judicial remedy.124
The powers of the EDPS are listed in Article 47 of Regulation 45/2001.
Among other things, the EDPS may give advice to data subjects in the exercise of
their rights, refer a case to the data controller in the event of an alleged breach of
the provisions governing the processing of personal data and, where appropriate,
make proposals for remedying that breach and for improving the protection of
the data subjects. Article 47 also includes the power of the EDPS to warn or
admonish the controller, without dening the content or the eect of these
warnings. More coercive powers of the EDPS are implied in the ability to order
the responsible authority to comply with requests to exercise certain rights of a
data subject, to order the rectication, blocking, erasure or destruction of all data
when they have been processed in breach of the provisions governing the processing of personal data and the notication of such actions to third parties to whom
the data have been disclosed. The European Supervisor may also impose a temporary or denitive ban on processing. The EDPS may refer matters not only to
the Community institution or body concerned and, if necessary, to the European
Parliament, the Council and the Commission but also to the Court of Justice.

120

121
122
123

124

Article 286 (2) TEC, which is the legal basis for this Regulation, also provided for the establishment of an independent supervisory body which should be responsible for monitoring the
application of data protection rules by the Community institutions and bodies.
Decision no. 1247/2002 of 1 July 2002, OJ L 183, 12.07.2002.
OJ L 183, 12.07.2002.
Decision of the European Parliament and of the Council of 22 December 2003 appointing the
independent supervisory body provided for in Article 286 of the EC Treaty (European Data
Protection Supervisor), OJ L 12/47, 17.01.2004.
According to the Annual Report on 2006 (p. 30), the EDPS dealt in 2006 with 52 complaint of
which only 10 were declared admissible: see http://www.edps.europa.eu.

228

Chapter 7

Finally, according to Article 47 (2), the European Data Protection Supervisor

shall have the power to obtain from a controller or Community institution or
body access to all personal data and to all information necessary for his or her
enquiries and to obtain access to any premises in which a controller or Community
institution or body carries on its activities when there are reasonable grounds for
presuming that an activity covered by this Regulation is being carried out there.
In its rst year of activity, the EDPS focused on its advisory role and did not use
its more coercive powers (order, warning or ban).125
The EDPS also has an advisory role with regard to community measures and
legislation related to data protection issues. Since January 2004, the EDPS has
also been tasked with the supervision of Eurodac. In an early policy paper, the
EDPS made it clear that it would consider his mandate broadly and not restricted
to community legislation or measures.126 And indeed, in its rst years of operation, the EDPS published many opinions, including with regard to legislative
proposals within the framework of the third pillar of the EU. For this broad
interpretation of its task, the EDPS refers to Article 46 (f, ii) of Regulation
45/2001, according to which the EDPS should cooperate with supervisory data
protection bodies of the third pillar to ensure an improving consistency of the
applicable data protection rules. In my view, the role of the EDPS outside the
scope of the EC Treaty could also be based on Article 47 (e) which refers to its
task to monitor relevant developments insofar they have an impact on the
protection of personal data, in particular the development of information and
communication technologies.
The recommendations of the EDPS have no binding eect. According to
Article 27 Regulation 45/2001, processing operations by community institutions or
bodies likely to involve a risk to the rights and freedoms of individuals require prior
checking by the EDPS. If the EDPS considers that the intended processing may
involve a breach of any provision of the Regulation, the controller should make
proposals to avoid such breach. The EDPS may use its coercive powers under Article
47 if the data controller does not modify the processing operation accordingly.
7.2.2. Working Party on the Protection of Individuals
with regard to the Processing of Data
Directive 95/46 provides, in Article 29, for a Working Party on the Protection of
Individuals with regard to the Processing of Data (also referred to as the Article
29 Working Party). The Working Party advises on Community legislation or

125
126

See the Annual Reports on 2004 (p. 24) and 2006 (p. 17), http://www.edps.europa.eu.
Policy Paper, The EDPS as an advisor to the Community institutions on proposals for legislation
and related documents, Brussels, 18 March 2005, p. 5.

Eective Remedies under Data Protection Law

229

measures which relates to the processing of personal data and the rights of individuals, including possible amendments to the EC Directive. According to
Article 30 of the Directive, the Working Party may make recommendations on
its own initiative and forward these to the Commission. On several occasions,
the Working Party has used this power and published critical reports on specic
but also more general developments within the EU.127 These recommendations
are not binding. The Commission should inform the Working Party on the
action it has taken in response to these opinions and recommendations, but it is
not obliged to implement them. The Working Party has no competence to consider individual complaints.
7.3. Schengen Joint Supervisory Authority
7.3.1. Tasks and Powers
The inclusion of a provision in the CISA on the establishment of a supranational
data protection authority was strongly advocated by the national data protection
authorities in existence at that time (Germany, France and Luxembourg). The
task and powers of the Joint Supervisory Authority (JSA) are regulated in Article
115 CISA. According to this provision, the JSA performs its controlling tasks in
accordance with the Data Protection Convention and Recommendation R (87)
on the use of police les. According to Article 115 CISA, the JSA is responsible
for more general tasks. These include the interpretation of the CISA rules and
the supervision on the operation and security of the CSIS. According to Article
115 (3), the JSA is also responsible for studying any problems that may occur
with the exercise of independent supervision by the national supervisory authorities of the contracting parties or in the exercise of the right to access to the
system. This could be interpreted to mean that the JSA also has the task of dealing with individual complaints with regard to national supervisory authorities,
or the exercise of an individuals right of access. However, to my knowledge, the
JSA has so far not dealt with any individual complaints.
The JSA, which consists of two representatives from each national supervisory
authority, is assigned the task of monitoring the technical support function of
SIS, in other words the CSIS located in Strasbourg. Furthermore, the JSA is also

127

For example, the Working Party twice published a critical letter on the transfer of passenger
data by European air line companies to the US, which had been authorised by the European
Commission, although this would be in breach of EC Directive 95/46. Furthermore, in August
2003 it published a memo on the use of biometric data.

230

Chapter 7

responsible for the examination of diculties arising from application or interpretation, which may arise during the operation of SIS, or with regard to the
exercise of the supervisory tasks of national authorities, or regarding the right of
access to the system. According to 115 (3), the JSA should draw up harmonised
proposals for joint solutions for existing problems.
7.3.2. Activities of the JSA
In the annual reports, the JSA often referred to the weaknesses of its own position.
In the rst place, the organisation regularly complained about the lack of nancial, human and technical resources required for the performance of its tasks. In its
reports, the JSA may only submit its analysis of the problems and make its recommendation to the authorities concerned. These recommendations are not binding,
nor has the JSA any enforcement powers. Initially, the JSA itself looked for ways
to strengthen its position, for example by contacting the media and publishing its
annual reports. For example, by way of illustration, the JSA sought publicity for
two incidents, both of which occurred in 1997. Firstly, the press was informed
about the problems the JSA encountered with the French authorities during its
inspection of the CSIS. Secondly, in a press release, the JSA expressed its concern
about the lack of security of SIS, when printouts of certain SIS data were found at
a Belgian railway station and, later, also at the house of an employee of the Belgian
Ministry of Justice.128 In 1996, the JSA issued a recommendation that the number
of super-users be reduced. These are users who have privileged access to CSIS and
who may not only have access to the information included in SIS, but also be
permitted to amend these data and to delete all traces of the activities performed.
In its fth annual report of 1999, the JSA noted that the number of these superusers had dropped.129 In 1997, the JSA requested the contracting parties to ensure
that information leaets (drafted by the JSA) were distributed at external borders,
more specically at airports. According to the fourth annual report (March 1999
February 2000) of the JSA, the number of requests from individuals for access to
SIS information would have had increased since the dissemination of information;
according to the JSA, this should be attributed to the success of the information
campaign. Between 1999 and 2000, the JSA asked the Article 36 Committee
(Coordinating committee of senior representatives of the governments under the
TEU) whether the list of authorised users could be submitted to the JSA.

128
129

See Justice report (2000), p. 27 and 42.

See fth annual report JSA, March 2000December 2001, overview of recommendations JSA
1996, (Dutch version), p. 33.

Eective Remedies under Data Protection Law

231

The Article 36 Committee approved giving the JSA these lists after they were submitted to the JHA Council.130
In it its most recent years of activity, the JSA has not sought much publicity or
attention for its work. There is a long delay in publication of its latest annual
report and the information on its website is outdated. Illustrative of this lack of
publicity is the fact that the 2005 report of the JSA on the national implementation of Article 96 CISA was never ocially published by the JSA. The report has
only been accessible through the website of the Danish data protection authority
and the NGO Statewatch. This passive attitude might be explained by the fact
that the JSA was overshadowed by its communitarian counterparts, the Article
29 Working Party and the EDPS. Another reason for this lack of activity could
be the fact that, with the establishment of SIS II, the functioning of the JSA
would be taken over by the EDPS.

8. Eective Remedies: A Right to Judicial Remedies?

As a result of the importance of this subject, in the followings sections, I will also
consider other instruments described above, to compare the dierent provisions
on legal remedies. These other instruments include the Regulation on Eurodac,
the third pillar instruments and the draft VIS Regulation.
8.1. Data Protection Convention
The Data Protection Convention refers to two dierent situations in which an
individual may invoke a remedy. Firstly, according to Article 8 of the Convention,
an individual should have a remedy when his or her rights as protected in this provision have been breached. The rights of Article 8 include the right to be informed
about the existence of an automated data le and about the contents of the information stored about the data subject and the right to correct erroneous or inappropriate information. Secondly, in accordance with Article 10, the State Parties
should ensure appropriate sanctions and remedies for violations of provisions of
national law implementing the principles of the Data Protection Convention.
The Convention and its explanatory memorandum do not explicitly require
the availability of judicial remedies. The explanatory memorandum to Article 10
explicitly states that it is left to each State to determine the nature of these

130

See fourth annual report JSA, March 1999February 2000, SCHAC 2533/1/00 REV 1 (Dutch
version), p. 14.

232

Chapter 7

sanctions and remedies (civil, administrative or criminal) considering the the

non self-executing character of the convention .131
8.2. EC Directive 95/46
EC Directive 95/46 explicitly obliges Member States to provide for judicial remedies. According to Article 22, individuals should have a judicial remedy for any
breach of the rights guaranteed him by the national law applicable to the processing in question. The rst sentence of Article 22, however, includes an important
restriction of this right. According to this sentence, this right to judicial remedies
is without prejudice to any administrative remedy for which provision may be
made, inter alia before the supervisory authority referred to in Article 28. This
means that national legislators may stipulate that, prior to the right to have access
to courts, the individual should rst appeal to the supervisory data protection
authorities as referred to in Article 28 of the EC Directive. This duty to address
data protection authorities rst may not only lead to longer procedures, but
could also imply that individuals have no timely access to eective remedies.
The importance for individuals to have access to national courts to enforce
their rights under Directive 95/46 was conrmed by the ECJ in Rechnungshof v.
sterreichischer Rundfunk.132 This judgment was the rst decision of the ECJ on
EC Directive 95/46. It dealt with the question of whether the rules of the
Austrian Court of Auditors (Rechnungshof) based on which organisations and
holdings had to disclose information about their employees and pensioners,
including names, positions, salaries and their pensions, were in accordance with
the provisions of the EC Directive and the Community principles on the protection of privacy. In this judgment, the ECJ conrmed that the scope of the applicability of this Directive has to be interpreted broadly. According to the ECJ, the
scope of applicability of the Directive would not be limited to data processing
directly linked to the freedoms of free movement as protected in the EC Treaty.133
The ECJ made it clear that every other interpretation would run the risk of making the boundaries of the Directives application too uncertain and too vague.
Furthermore, it considered that the principles and criteria for legitimate data
processing (as laid down in Articles 6 and 7 of the Directive) have a direct eect,
in the sense that an individual may seek access to a national court to prevent the
application of national rules which are contrary to these principles.134

131
132

133
134

Explanatory report to the Convention, see comments on Article 10.

Rechnungshof v. sterreichischer Rundfunk and Others, 20 May 2003, Joint Aairs C-465/00,
C-138/01 and C-139/01.
Para. 3947.
Para. 100.

Eective Remedies under Data Protection Law

233

In this case, the ECJ found that the disclosure of names by the public bodies
of the state implied interference with the right to private life as protected by
Article 8 ECHR. Concluding that the interference at stake was in accordance
with national law, the Court of Justice explicitly stated that it is the task of
national courts to ascertain whether this interference with the right of private life
meets the requirements of foreseeability and whether the interference is necessary to protect legitimate aims.135 With this wide interpretation, the ECJ did
not follow the opinion of the Advocate General Tizzano on this case. Tizzano not
only gave a narrow interpretation of the scope of Community law, but also
held that the safeguarding of human rights would not be an independent
objective of the Directive.
As we have seen above, Articles 10 and 11 of EC Directive 95/46 force the data
controller to inform the data subject of the existence of the right to access and to
rectify the data concerning him. This obligation, together with other data protection provisions on informed decision-making, the right to receive information
about the data processing and the rights of access, correction and deletion can be
seen as important tools for safeguarding the accessibility of remedies. Even if the
data protection law does not itself include a duty to inform the data subject of the
availability of (judicial) remedies, these information rights are important with
regard to the accessibility of remedies for the data subjects concerned.
8.3. Regulation 45/2001: EDPS
Article 32 of the Regulation contains provisions on the remedies which should
be available to data subjects whose rights under Article 286 of the EC Treaty
have been infringed. This includes the right of any person who has suered damage because of an unlawful processing operation or any action incompatible with
this Regulation to have the damage made good in accordance with Article 288 of
the Treaty. Furthermore, individuals may bring an action against decisions of the
European Data Protection Supervisor before the Court of Justice. The Court of
Justice also has jurisdiction to hear disputes which relate to the provisions of this
Regulation, including claims for damages.
8.4. SIS I: Article 111 CISA
Pressed by the national data protection authorities during the negotiations on the
draft text of the CISA (see above), the Schengen States inserted a provision in
the CISA on the right of access to courts or independent authorities with regard to

135

Para. 88 and 9194.

234

Chapter 7

the alerts held in SIS. This provision, included in Article 111, is based on Articles 8
and 10 of the Data Protection Convention. This Article 111 CISA reads:
1. Any person may, in the territory of each Contracting Party, bring before the
courts or the authority competent under national law an action to correct,
delete or obtain information or to obtain compensation in connection with
an alert involving them.
2. The Contracting Parties undertake mutually to enforce nal decisions taken
by the courts or authorities referred to in paragraph 1, without prejudice to
the provisions of Article 116.
Article 111 CISA provides for the right of a person, in the territory of each contracting party, to bring before the courts or the authority competent under national
law an action to correct, delete or obtain information or to obtain compensation
in connection with an alert involving him or her. The choice of authority that is
competent to assess the individual claim and the scope of the available remedies
has been left to the scrutiny of each Schengen State. Nevertheless, the explicit
reference to a right to legal remedies, with the possibility of compensation, has
been very important in the development of rights with regard to SIS. The meaning of this provision has been enhanced by Article 111 (2) of the CISA, according
to which the nal decisions of national courts should be enforced by the national
authorities of other contracting parties. This provision had to be inserted because
the use of SIS is based on the principle that only the contracting state issuing the
alert can modify, add to, correct or delete the data in SIS (Article 106 CISA).
Article 116 provides that each Schengen State is liable, in accordance with its
national legislation, for any injury caused to a person through the use of the national
data le of the Schengen Information System. This also applies to injury caused by
the Contracting Party issuing the alert, where the latter entered factually inaccurate
data or stored data unlawfully. Exceptionally, if the State against which an action is
brought is not the State issuing the alert, Article 116 (2) provides that the latter
shall be required, upon request, to reimburse the sums paid out as compensation
unless the data were used by the requested State in breach of the rules of the CISA.
Article 111 CISA gives each individual the right to seek access to a competent
court or authority, in every State which applies the CISA. Thus, the individual is
not obliged to address the court in the country of his nationality, nor in the country
where the person discovered use of his or her personal le from SIS. In one of the
earliest drafts, such a limitation was proposed by the Dutch government, according
to which the person could only submit his or her complaint about an SIS alert to
the competent judge or authority of the state which entered the alert in the SIS.136

136

27 October 1988, SCH/I (88) 7 rev. (Dutch version) Article 2.15ter.

Eective Remedies under Data Protection Law

235

Furthermore, Article 111 (2) obliges each contracting party mutually to enforce
the nal decisions of the national courts or authorities concerning SIS. This
implies, in my view, the power of national courts to consider the lawfulness of foreign SIS reports. Another interpretation of this provision would render
meaningless the rule inserted into Article 111 (2).137 I will come back to this point
in the Chapters on France, Germany and the Netherlands, and in Chapter 14.
8.5. SIS II Regulation 1987/2006
Article 30 of the Commission proposal for a SIS II Regulation included an
explicit right to judicial remedies, granting any person in the territory of any
Member State the right to bring an action or a complaint before the courts of
that Member State if refused the right of access to or rectication or erasure of
his data or the right to obtain information or reparation with regard to the
processing of his data.138 On the one hand, the Commission proposal included
an important addition to Article 111 CISA, granting a person the right to appeal
against a decision of a national authority to store his information into SIS.
According to Article 15 (3) of the draft Regulation, a third-country national
would have the right to a review by or an appeal to a judicial authority against a
decision to issue an alert taken by an administrative authority of a Member
State. On the other hand, the Commission proposal seemed to include a territorial limitation by granting only those in the territory of any Member states the
right to bring an action or complaint. In my view, the use of commas in Article
111 (1) of CISA makes clear that this provision does not include a territorial
limitation but implies that the individual has the right to forward its action in
any of the Member States.
A new proposal on SIS II was proposed by the Austrian Presidency in January
2006.139 In this new text, the explicit right to judicial remedies with regard to the
decision to issue an alert in Article 15 (3) from the Commission proposal was
deleted. The explicit duty to provide for a right to a judicial remedy if person is
refused access or rectication of his data, was changed into: any person may bring
before the courts or the authorities an action to correct or delete, or obtain
information or to obtain compensation . According to this proposal, access to

137

138

139

A similar conclusion can be drawn from the judgment of the ECJ, C-150/05, Van Straaten v.
the Netherlands, on the basis of which a Dutch lower court was considered competent to assess
the lawfulness of an Italian alert in the SIS. The alert was based on Article 95 CISA. See
section 7.6, Chapter 13.
COM (2005) 236, 31 May 2005, including a draft Regulation on the establishment, operation,
and use of second generation SIS (SISII).
5709/06, 27 January 2006.

236

Chapter 7

judicial courts would not be required, but also Member States would not be
obliged to provide for legal remedies if somebodys request for access or erasure is
refused.
In the nal text as adopted in Regulation 1987/2006 on SIS II, the EU legislator chose for almost exactly the same wordings as in Article 111 CISA, except for
the addition of an evaluation clause in Article 43 (3) according to which the
Commission should evaluate the rules on remedies before 17 January 2009.
Furthermore, the new text in the SIS II Regulation does not include the territorial limitation which was implied in the Commission proposal with the phrase
in the territory of the Member State.140 This means that, dierent from the
Commission proposal, access to remedies is not dependent on whether the person actually is within the territory one of the EU Member States. Especially
where it concerns the use of SIS II for the refusal of entry or a visa, it would have
been problematic if a third country national would not be able to remedy the
wrongful use or registration of his or her personal information if he or she would
be outside the EU territory.
Article 43 of the Regulation 1987/2006 reads:
1. Any person may bring an action before the courts or the authority competent
under the law of any Member State to access, correct, delete or obtain information or to obtain compensation in connection with an alert relating to him.
2. The Member States undertake mutually to enforce nal decisions handed
down by the courts or authorities referred to in paragraph 1, without prejudice
to the provisions of Article 48.
3. The rules on remedies provided for in this Article shall be evaluated by the
Commission by 17 January 2009.
Article 48 of the SIS II regulation includes a comparable provision on liability as
included in Article 116 CISA. It provides that each Member State shall be liable
in accordance with its national law for any damage caused to a person through
the use of NSIS II. This shall also apply to damage caused by the Member State
which issued the alert, where the latter entered factually inaccurate data or stored
data unlawfully. If the Member State against which an action is brought is not
the Member State issuing the alert, the latter shall be required to reimburse, on
request, the sums paid out as compensation unless the use of the data by the
Member State requesting reimbursement infringes this Regulation. Furthermore,
Article 48 (3) provides that if any failure of a Member State to comply with its
obligations under this Regulation causes damage to SIS II, that Member State
can be held liable for such damage, unless and insofar as the Management

140

This territorial limitation was deleted in the draft of 6 June 2006, 5709/6/06.

Eective Remedies under Data Protection Law

237

Authority or another Member State participating in SIS II failed to take reasonable steps to prevent the damage from occurring or to minimise its impact.
Finally, Article 49 of the SIS II Regulation provides that Member States must
ensure that any misuse of data entered in SIS II or any exchange of supplementary information contrary to this Regulation is subject to eective, proportionate
and dissuasive penalties in accordance with national law.
8.6. Eurodac
As in CISA, the Eurodac Regulation includes a two-fold mechanism of protection for individuals. On the one hand, individuals can seek protection from
supervisory national authorities on the basis of Article 18 (10), as discussed
above. On the other hand, Article 18 (11) and (12) of the Eurodac Regulation
gives the data subject the right to bring an action or a complaint before the competent authorities or courts of the State if his or her right of access, correction or
erasure is denied according to the laws, regulations and procedures of that State.
Finally, according to Article 68 of the EC Treaty, the Court of Justice is
competent to consider prejudicial questions from (nal) national courts on the
explanation of the Eurodac Regulation according to the procedure of
Article 234 EC.
8.7. VIS Proposal
Article 33 (1) of the Commission proposal for a VIS Regulation included the right
that in each Member State any person would have the right to bring an action or a
complaint before the competent courts of that Member State if he is refused the
right of access to or the right of correction or deletion of data relating to him.141
In the nal text for a VIS Regulation, based on a compromise between the European
Parliament and the Council, the provision on remedies has been changed.142 In the
rst place, as in Article 43 of the SIS II Regulation, the new provision allows
Member States to provide only for the right to bring action to non-judicial authorities. Secondly, in the new text, the right to remedies can only be invoked against
the authority or court of that Member State by which his right of access, correction, or
deletion has been refused. Other than Article 43 of the SIS II Regulation (and 111
CISA), the VIS Regulation does not provide that a person can invoke his right in
any Member State, regardless of which Member State refused his request.

141
142

Original proposal by the Commission, COM (2004) 835.

Text of 19 June 2007, 9753/07, as agreed upon by the European Parliament, A6-0194/2007, 7
June 2007.

238

Chapter 7

The nal Article 40 of the VIS Regulation on remedies reads:143

1. In each Member State any person shall have the right to bring an action or a
complaint before the competent authorities or courts of that Member State
which refused the right of access to or the right of correction or deletion
relating to him, provided for in Article 38 (1) and (2).
2. The assistance of the national supervisory authorities referred to in Article
39 (2) shall subsist throughout the proceedings.
This VIS Regulation does not provide in a remedy against a decision which is
based on VIS information, for example the refusal of a visa. However, according
to Article 36 of the proposed Regulation, Member States must take the necessary
measures to ensure that any misuse of data entered in the VIS is punishable by
penalties, including administrative and/or criminal penalties in accordance with
national law, that are eective, proportionate, and dissuasive.
8.8. Third Pillar Instruments
Article 38 of the Europol Convention includes a regulation on the liability of
Member States with regard to damage caused to an individual as a result of legal
or factual errors in data stored or processed at Europol. Only in the Member
State where the event occurred which gave rise to the damage can the individual
apply to the courts, competent under the national law of the Member State
involved. The Convention does not refer further to a right to judicial remedies.
Recommendation (87) 15 on the use of personal data in the police sector only
refers to the need for the right of appeal to an independent authority with regard
to the refusal to grant access to ones own data. According to Article 6 (6) of the
Recommendation, where access to data in a police le is refused, the data subject
should be able to appeal to a supervisory body or to another independent body
which shall satisfy itself that the refusal is well-founded. The recommendation does
not include further provisions on the powers and competences of this independent
authority nor prescribe that there should be access to a judicial authority.
The draft Framework Decision on the protection of personal data processed in
the framework of police and judicial co-operation in criminal matters also
includes a right to a judicial remedy.144 According to Article 20 of the draft of
24 April 2007, the data subject must have the opportunity of seeking judicial
remedy for any breach of the rights guaranteed to him by applicable national

143
144

According to the text of June 2007.

7315/1/07, 24 April 2007.

Eective Remedies under Data Protection Law

239

law.145 However, as in Article 22 of the EC Directive, Article 20 of the draft

Framework Decision includes the limitation that the national legislator may provide for administrative remedies prior to referral to a judicial court.
According to Article 19 of the draft Framework Decision of April 2007, any
person suering damage as a result of unlawful processing operation or of any act
incompatible with the national provisions adopted pursuant this Framework
Decision, is entitled to receive compensation from the competent authority or
other authority competent under national law. Article 24 obliges Member States
to adopt suitable measures to ensure the full implementation of the provisions
of this Framework Decision and to lay down eective, proportionate and
dissuasive sanctions to be imposed in case of infringement of the provisions
adopted pursuant to this Framework Decision.

9. Conclusions
9.1. The Value of Data Protection
In this Chapter, I have tried to make it clear that data protection protects not
only privacy and that data protection principles such as purpose limitation, data
quality or security cannot solely be explained by the need to protect the right to
privacy.146 The need to observe central data protection principles can only be
understood by dening and eventually rethinking the dierent goals of data protection. By focussing on the real goals of data protection, one may prevent data
protection issues from being too easily brushed aside as minor or relatively
insignicant matters.
It could be argued that data protection law includes procedural norms, rather
than substantial criteria. For example, data protection laws force the authorities
responsible for data processors to report certain data les to the data protection
authorities, to dene in advance the purpose for which the data is collected or
used and to give individuals the opportunity to apply for the right to access,
correct or delete personal information. However, as we have seen above, these
procedural rules are closely tied to substantial criteria. For example, the principle

145

146

Compare to the text of Article 27 in the version of November 2006, which referred to: the
right of every person to a judicial remedy for any breach of the rights guaranteed to him by the
applicable national law pursuant to this Framework Decision to the processing in question.
13246/5/06, 22 November 2006.
See De Hert & Guthwirth (2003), p. 111 .

240

Chapter 7

on the protection of so-called sensitive or special categories of data protects the

right of non-discrimination. The prohibition of automated individual decisions
in Article 15 of the Directive 95/46 also safeguards one of the key values of the
rule of law, namely the right to transparent and informed decision-making.
Further, the principle of purpose limitation in for example Article 6 of the EC
Directive 95/46, obliges data processors to substantiate the goals for which data
is collected and processed. Prior to the data processing, the responsible authorities must dene the explicit purposes of this data processing. These denitions of
the purposes of data processing are to be considered as substantial limitations of
the use of personal information. In principle, any use or further dissemination of
information going beyond these dened goals should be considered as unlawful.
Furthermore, the purposes should be lawful and establish that the data
processing is necessary for the tasks performed by the data processor.
Although there seems to be a general understanding on the content and the
importance of data protection principles, the applicable rules allow for many
exceptions under various circumstances. This implies the risk that many provisions of data protection will continue to be considered soft law instead of becoming hard law. Based on the text of EC Directive 95/46, national legislators may,
under certain conditions, limit individual rights or data protection principles,
including participation rights and the ban on processing sensitive data.
Furthermore, considering current developments at the national and EU level, the
importance of the purpose limitation principle seems to be increasingly neglected
and its practical meaning undermined by vague provisions. If the purpose of data
processing and the group of authorities having access to data are dened very
widely, this principle will not oer any extra safeguard for the persons concerned.
The same problem arises with regard to the principle of restricting the storage of
data over time. The obligation to apply time limits is only eective as long as
these time limits are based on a fair balance between the dierent interests at
stake. As we have seen, the applicable provisions on time limits in the instruments described above are not very rigid. In general, data processors may decide
for themselves which time limit is appropriate. However, as we have seen in
Chapter 6, legislators are bound by Article 8 ECHR. For this reason, it is important that the ECJ, in the sterreichischer Rundfunk judgment, emphasised that
the exceptions as allowed in Article 13 of Directive 95/46 must comply with the
requirement of proportionality and that this provision cannot be interpreted as
conferring legitimacy on an interference with the right to respect for private life
contrary to Article 8 ECHR.
In my nal conclusions, Chapter 14, I will apply the main principles of data
protection law as described in this Chapter to the current EU measures or proposals on the use of personal information and information technology including
SIS II, VIS, and Eurodac.

Eective Remedies under Data Protection Law

241

9.2. Eective Remedies

9.2.1. Access to Data Protection Authorities and Courts?
Regarding the availability of legal remedies, data protection law generally
provides two-fold protection. Firstly, this includes rules for the creation of supervisory bodies at national and supranational levels. These (non-judicial) bodies are
normally endowed with certain competences and powers, such as issuing opinions, ordering the blocking, erasure or destruction of data, or placing a temporary or denitive ban on data processing. They often play a mediating role
between the data subject and the data holder.
Secondly, many of the EU data protection instruments described above include
the right of data subject to bring an action or complaint before the competent
authorities or courts. This right does not always imply access to a judicial court
and is often restricted to the data subjects right of access, correction or deletion of
his data. In the sterreichischer Rundfunk case of 2003, however, the ECJ conrmed the right of an individual to seek access to a national court to prevent the
application of national rules which would be contrary to the principles as protected by the EC Data Protection Directive.147 Furthermore, as we have seen, the
Court of Justice explicitly stated that it is the task of national courts to ascertain
whether this interference with the right of private life meets the requirements of
foreseeability and whether the interference is necessary to protect legitimate
aims.148 Although the EC Directive 95/46 does not apply to SIS I, it does apply
to data processing within the scope of Community law. Therefore, the conclusions of the ECJ are important not only with regard to the use of Eurodac and the
future Visa Information System, but also with regard to the registration of
third-country nationals in SIS II on the basis of Regulation 1987/2006.
9.2.2. Accessibility
Generally, the aforementioned data protection laws do not oblige data processing
authorities to inform the data subject on his or her right to a judicial remedy.
Articles 10 and 11 of the EC Directive 95/46 however do oblige the data
controller to inform the data subject on the existence of the right to access to and
to rectify the data concerning him.
The CISA does not include any obligation for the contracting parties to inform
the data subjects on their rights. However, Article 111 CISA gives each individual the right to seek access to a competent court or authority, in every State which

147
148

Joint cases C-138/01, C-139/01 and C-465/00.

Para. 88 and 9194.

242

Chapter 7

is applying the CISA. This improves the accessibility of legal remedies as the
individual may choose in which country he or she addresses the national court or
authority. This right to apply to the court or authority of any Member State is
repeated in Article 43 of the SIS II Regulation.
9.2.3. Scope
According to Article 22 of the EC Directive 95/46, individuals have a judicial
remedy for any breach of the rights guaranteed him by the national law
applicable to the processing in question. This means that the scope of judicial
review by the national courts includes every right following from this Directive
as implemented in the national law. This goes beyond the scope of the remedies
as dened in the Eurodac Regulation and the proposed VIS Regulation which
only oer a legal remedy with regard to a refusal of the right to access, correction,
or deletion of data.
As we have seen above, Article 111 CISA (and Article 43 of the SIS II
Regulation) provides for a right for an action to correct, delete, or obtain information or to obtain compensation in connection with an alert involving them. This
implies a much broader scope of remedies, including every use of the information
held in the SIS or SIS II causing harm to the applicant.
9.2.4. Competences
In the EC Directive 95/46, the powers of national courts include the power to
order nancial repair (Article 23 EC Directive) or to impose sanctions in case of
infringement of national provisions implementing data protection law (Article 24
EC Directive).
Article 116 CISA (and Article 48 of the SIS II Regulation) provides that each
Schengen State is liable in accordance with its national law for any injury caused
to a person through the use of the national data le of the Schengen Information
System. This also applies to injury caused by the Contracting Party issuing the
alert, where the latter entered factually inaccurate data or stored data unlawfully.
Only, if the State against which an action is brought is not the issuing State, the
latter must, in principle, reimburse the sums paid out as compensation.
National data protection authorities mainly have an advisory function.
Formally, these authorities are empowered with more coercive powers, including
the power to order the blocking, erasure or destruction of data, of imposing a
temporary or denitive ban on the data processing. However, in practice these
powers seem to be rarely used. With regard to SIS II, VIS and Eurodac, the powers of national data protection authorities are not very clearly dened and seem
to be limited to assist and advise the person concerned in exercising his or her
rights. An important provision in the draft VIS Regulation and SIS II Regulation
is the obligation for Member States to ensure that their national data protection

Eective Remedies under Data Protection Law

243

authorities have sucient resources to perform their tasks. Concerning the

powers of courts, it is important to note that both the Eurodac Regulation, the
SIS II Regulation, and the proposed VIS Regulation include provisions on the
duty of Member States to impose penalties for misuse of data.149 This will give
the individuals, and national courts, an important practical tool to remedy
wrongful use of the information stored in these databases.
The role of national courts and data protection authorities with regard to the
use of SIS I in France, Germany and the Netherlands in practice, will be further
dealt with in Part III.

149

Article 25 Eurodac Regulation, Article 49 Regulation 1987/2006 on SIS II, and Article 36 of
the proposed VIS Regulation (version of June 2007).

Chapter 8
Eective Remedies in Immigration Procedures: ECHR
Even where an allegation of a threat to national security is made, the guarantee of
an eective remedy requires as a minimum that the competent independent appeals
authority must be informed of the reasons grounding the deportation decision,
even if such reasons are not publicly available. The authority must be competent to
reject the executives assertion that there is a threat to national security where it
nds it arbitrary or unreasonable.1

1. Introduction
In the last two Chapters, I have dealt with the availability of and criteria for
eective remedies in the eld of the right to privacy and data protection law. In
this Chapter and Chapter 9, I focus on the right to legal remedies in immigration
law procedures. It is clear that the use of SIS, as well as the use of Eurodac and
VIS, involve decisions in the eld of immigration law. The information stored in
these databases may lead to the refusal of admission or a visa, the detention of the
immigrant, or even his or her expulsion. Considering this use of databases for border and immigration control, the following sections will explore which criteria
apply to the remedies in immigration law procedures. Which human rights as
protected in the ECHR and the annexed protocols are relevant for the individual
at stake and when does this imply a right to a fair trial or eective remedies?
In the following sections, I will give only a brief overview of the case law of the
ECtHR with regard to the underlying subject. I will not examine substantial criteria which have been formulated by the ECtHR with regard to decisions on the
admission, expulsion or detention of third-country nationals. For a more elaborate
study of these matters, I refer to other publications.2
1

European Court of Human Rights, Al-Nashif v. Bulgaria, 20 June 2002, no. 50963/99, 137,
Jurisprudentie Vreemdelingenrecht 2002/239, annotation Elspeth Guild.
P. van Dijk, Protection of Integrated Aliens against Expulsion under the European Convention
on Human Rights, and C. Harvey, Promoting Insecurity: Public Order, Expulsion and the
European Convention on Human Rights, both published in: Guild & Minderhoud (2001),
p. 23 . and p. 41 .; N. Blake and R. Husain, Immigration, Asylum and Human Rights, Oxford/

Evelien Brouwer, Digital Borders and Real Rights, pp. 245274.

2008 Koninklijke Brill NV. Printed in the Netherlands.

246

Chapter 8

2. Article 6 (1) ECHR: The Right to a Fair Trial

2.1. Maaouia: (Non-)Applicability of Article 6 in Immigration Law Procedures?
Article 6 (1) ECHR reads:
In the determination of his civil rights and obligations or of any criminal charge
against him, everyone is entitled to a fair and public hearing within a reasonable
time by an independent and impartial tribunal established by law. Judgement shall
be pronounced publicly but the press and the public may be excluded from all or
part of the trial in the interests of morals, public order or national security in a democratic society, where the interests of juveniles or the protection of the private life of
the parties so require or to the extent strictly necessary in the opinion of the court in
special circumstances where publicity would prejudice the interests of justice.

Article 6 (1) ECHR codies the basic principle according to which individuals
have the right of access to judicial remedies. The scope of this provision is limited
by the words in the determination of his civil rights or of any criminal charge
against him. Article 6 (2) and (3) include specic safeguards for criminal law
procedures, including for example the right to be informed promptly or to have
the free assistance of an interpreter. Although this was disputed until the mid
1980s, it is now clear from various judgments by the ECtHR that Article 6 (1)
applies to administrative procedures when the rights of the individual under civil
or criminal law are at stake.3
With regard to immigration law procedures, the ECtHR has so far been reluctant to apply the standards of Article 6 (1) ECHR. In the Maaouia case of 2000, by
a majority of fteen votes to two, the ECtHR explicitly concluded that Article 6
ECHR does not apply to immigration law decisions.4 This case concerned the
appeal of a Tunisian national in France, married to a French national, who was
sentenced in 1988 to six years imprisonment for armed robbery and assault. After
his imprisonment, the French authorities issued a deportation order against him.
The applicant was never informed of this deportation order. He was confronted
with this order for the rst time on 6 October 1992 when he attended the Nice
Centre for Administrative Formalities in order to regularise his status. When he
refused to travel to Tunisia he was prosecuted again, this time for failing to comply
with a deportation order. In November 1992, he was sentenced by the Nice

New York: Oxford University Press 2003; N. Blake, Developments in the Case Law of the
European Court of Human Rights in: B. Bogusz, R. Cholewinski et al. (eds.), Irregular
Immigration and Human Rights: Theoretical, European and International Perspectives, Leiden/
Boston: Martinus Nijho Publishers 2004, p. 431 .
See Benthem v. the Netherlands, 23 October 1985, no. 8848/80, Series A, 97 and Geoure de la
Pradelle v. France, 16 December 1992, no. 12964/87, Series A, 253.
Maaouia v. France, 5 October 2000, no. 39652/98, ECHR 2000-X, 40.

Eective Remedies in Immigration Procedures: ECHR

247

Criminal Court to one years imprisonment. This judgment was accompanied

by an exclusion order, excluding him from French territory for ten years. After
lengthy procedures against the deportation and exclusion orders, these orders
were rescinded in 1994 and 1998 respectively and in 1998 Maaouia obtained
a ten-year residence permit with the right to seek employment. In his appeal
before the ECtHR, Maaouia complained that the length of the procedure
against the exclusion order was unreasonable and violated his rights under
Article 6 (1). The ECtHR held that Article 6 (1) was not applicable, stating
that Decisions regarding the entry, stay and deportation of aliens do not concern the determination of an applicants civil rights or obligations or of criminal charge against him, within the meaning of Article 6 1 of the Convention.
An important reason for this conclusion by the ECtHR was the adoption of
the 7th Protocol to the ECHR by the Contracting States, which explicitly deals
with the protection of aliens in expulsion cases. According to the ECtHR, the
existence of this Protocol would reect the intention of the contracting parties
with regard to the restricted scope of Article 6 (1) ECHR.
This decision and the association the ECtHR made between Article 6 (1) and
the 7th Protocol has been criticised in the dissenting opinions of other judges in
this case and by commentators. The main objection to this limited interpretation
of Article 6 by the ECtHR raised by Blake and Husain was the failure to promote the rule of law in the context of relations between a politically vulnerable
class of individuals in its dealings with a powerful state.5 This fundamental issue
has also been pointed out by one of the dissenting judges in the Maaouia case,
Loucaides: It would be absurd to accept that the judicial safeguards were
intended only for certain rights, particularly those between individuals, and not
for any legal rights and obligations including those vis--vis the administration
where independent judicial control is especially required for the protection of the
individuals against the powerful authorities of the State.
Interestingly, in two decisions from 1999, one year before the Maaouia judgment
was published, the ECtHR (sitting in chambers) established a more ambiguous attitude on the applicability of Article 6 (1) ECHR in immigration law procedures.6
Although, in both decisions, the appeals were declared inadmissible and the
applicability of Article 6 ECHR was rejected, the ECtHR did not completely
neglect the relevance of the criteria of this human right. In the rst case, S.N. v.
the Netherlands, the applicant complained about the lack of appeal against a decision by a regional court in his asylum procedure. He argued that this lack of

5
6

Nicholas Blake and Raza Husain, Immigration, Asylum and Human Rights (2003), p. 241248.
S.N. v. the Netherlands 4 May 1999, no. 38088/97, and J.E.D. v. the United Kingdom, 2 February
1999, no. 42225/98.

248

Chapter 8

appeal would constitute discrimination against asylum seekers, contrary to the

non-discrimination principle of Article 14 ECHR taken together with Article 6
ECHR. In this decision, in which the application was declared inadmissible, the
ECtHR considered that even supposing that proceedings concerning the grant of
residence permits and the expulsion of aliens were to come within the ambit
of Article 6, this Article did not compel the Contracting States to establish courts of
appeal or of cassation. In the second decision in J.E.D. v. the United Kingdom, the
ECtHR explicitly stated that it did not consider it necessary to examine specically whether the guarantees contained in Article 6 ECHR applied to the asylum
proceedings and whether the applicant was entitled under that provision to a
court procedure to challenge the decision rejecting his renewed asylum request.
However, in the following sentence, the ECtHR did make its own assessment of
whether there had been a fair trial. The ECtHR noted that the applicant was
able to seek a judicial review of the Secretary of States decision and that the
applicable High Court proceedings did not indicate any element of unfairness.
Additionally, the ECtHR noted that the applicant was legally represented in
those proceedings. These considerations lead it to conclude that the applicants
complaint was inadmissible, being manifestly ill-founded. Even if the ECtHR
does not revise its decision in the Maaouia case with regard to the non-application
of Article 6 (1), in my view these earlier decisions arm that the principles of
Article 6 (1) ECHR do play a role in immigration law procedures.
There is another reason why the criteria of Article 6 (1) ECHR become relevant in immigration law procedures and that reason is EU law. As we will see in
Chapter 10, the right to a fair trial which is incorporated in the EU Charter on
Fundamental Rights is directly inspired by Article 6 (1) ECHR. The EU legislator
explicitly widened the protection of this right by not limiting its scope to criminal or civil law procedures. Therefore, the criteria of this human right apply in
immigration law procedures based on EU law.
In the following sections, I describe based on the jurisprudence of the
ECtHR two situations in which Article 6 (1) ECHR can be invoked directly
where it concerns decisions in the eld of immigration law aecting the civil
rights of the individual.
2.2. Immigration Law Decisions and the Right to Financial Compensation
In Chapter 6, concerning Article 8 ECHR and the right to private life, we saw
that the ECtHR applied Article 6 (1) with regard to damages which were inicted
upon the applicants based on the use of their personal information. In the Rotaru
judgment, the ECtHR found that the refusal of the Romanian courts to deal
with the applicants claim for costs and damages was in breach of his right to fair
proceedings protected under Article 6 (1). In this case, the applicant had lodged

Eective Remedies in Immigration Procedures: ECHR

249

his claim at a national level for compensation of his costs and the non-pecuniary
damage he suered based on the infringement of his right to private life.7
By recognising the claim for nancial compensation as a civil right within the
meaning of Article 6 (1) ECHR, the ECtHR concluded that the applicant should
have had access to a fair trial in accordance with the criteria of this human right.
The right to nancial compensation as a civil right within the meaning of
Article 6 (1) ECHR may also arise with regard to national decisions involving
immigration law. Individuals may suer (non-pecuniary) damage caused by
administrative measures or decisions, including detention or expulsion or the
refusal of to grant admission, a visa or a residence permit. This damage may
consist of physical or mental harm caused by expulsion or detention, travel costs
or loss of income when, for example, the purpose of travel was employment or
business-related. If the detention measures or expulsion measures are unlawful
or if the refusal of a visa is in breach of the right to family life protected by
Article 8 ECHR, a person should have the right to lodge a claim for nancial
compensation. As we will see in the Chapter on the Netherlands, in some judgments the Dutch courts granted nancial redress with regard to (wrongful)
decisions in the eld of immigration law.
The (indirect) application of Article 6 ECHR in immigration law procedures
can be illustrated by the Coorplan-Jenni and Hascic v. Austria judgment (2006), in
which the ECtHR applied Article 6 (1) with regard to the refusal of the Austrian
government to issue an employment permit to a national of Bosnia-Herzegovina.8
In this judgment, the ECtHR rejected the submission of the Austrian government, according to which the decision regarding the issue of an employment permit to a third-country national did not concern a civil right within the meaning
of Article 6 ECHR. For the conclusion of the ECtHR, it was relevant in this case
that both the foreign employee and his employer had applied for an employment
permit. The fact that only the refusal to issue the employment permit to the
employer made it impossible for the employee to obtain this job was grounds for
the ECtHR to conclude that the refuted decision by the Austrian government was
decisive for the civil rights of both the employer and the employee.
2.3. (Non-)Registration and the Right to Financial Compensation
The Rotaru judgment established that the registration of personal data may cause
nancial harm, and thus a civil right in the sense of Article 6 (1) ECHR, if the
registration infringes the right to private life as protected in Article 8 ECHR.
However, the (non-) registration of personal data may also result in a claim for
7
8

Rotaru v. Romania, no. 28341/95, 4 May 2000. See Chapter 6, section 6.4.2.
Coorplan-Jenni and Hascic v. Austria, 27 July 2006, no. 10523/02.

250

Chapter 8

a civil right even if the protection of Article 8 ECHR is not involved. This has
been illustrated in two cases dealt with by the ECtHR, where the applicants complained about the refusal of authorities to include them on a list or in a le. The
rst case, Chevrol v. France, concerned a French national who had qualied as a
doctor in Algeria and whose repeated applications to be registered as a member of
the Medical Association (Ordre des mdecins) were refused by the French
authorities.9 The ECtHR considered that the procedure launched by the applicant
in France was a dispute over a civil right. The fact that the applicant submitted
reasonable grounds to show that, according to French law, she should have
been aorded the right to be registered as a member of the Ordre des mdecins, was
sucient grounds for the ECtHR to consider Article 6 (1) applicable in this case.
In the second comparable case, Buzescu v. Romania, the ECtHR dealt with the
complaint of a Romanian lawyer against the annulment by the Romanian
authorities of his registration at the Constana Bar.10 The authorities also refused
to renew his registration at the Bucharest Bar, after he had stayed and worked for
several years in the United States. In its judgment, the ECtHR found a breach of
Article 6 (1) with regard to the proceedings applying to Mr. Buzescus claim for
registration at the Bucharest Bar ( 74). The ECtHR accepted that the annulment of the applicants registration at the Consanta Bar had led to a loss of clientele and thus to a loss of income. This loss of income was recognised as an
interference with his right to the peaceful enjoyment of his possessions and in
breach of Article 1 of the 1st Protocol to the ECHR on the protection of property ( 98). Applying Article 41 of the Convention, which includes the ability
for the ECtHR to aord just satisfaction to the injured party, the ECtHR
repeated its earlier conclusions that, for the acceptance of the applicants claim
for pecuniary loss, a clear causal connection between the damage claimed by the
applicant and the violation of the Convention should be established. In this case,
the ECtHR found that there had been an unjustied interference with the applicants possessions, owing to the disproportionate consequences of the invalidation
of his status as a lawyer by the Romanian authorities ( 106).
The reason I consider these latter judgments important is that they establish
the link between being registered (or not) in public les and the possibility for
individuals to exercise their rights. In these judgments, the ECtHR conrmed
the relation between a decision of the authorities to refuse a persons registration
9

10

Chevrol v. France, 13 February 2003, no. 49636/99 ECHR 2003-III. The applicant held, among
other things, that on the basis of a French Declaration on an agreement between Algeria and
France, her Algerian diplomas should have been recognised in France. The Conseil dtat refused
to judge the applicability of this regulation, relying on the declaration of the French Minister of
Foreign Aairs that it was not applicable.
Buzescu v. Romania, 24 May 2005, no. 61302/00 (unreported).

Eective Remedies in Immigration Procedures: ECHR

251

and the loss of income and nancial damage caused by this refusal. The judgments in the cases of Chevrol and Buzescu make clear that the fact of (non-)
registration may also involve a civil right, even if there is no breach of the right
to private life. According to the criterion of the ECtHR, cited in the aforementioned Buzescu v. Romania case, a clear causal connection must exist between
the damage claimed and the violation of the individuals right under the ECHR.
As we have seen above, the registration in the SIS for the purpose of non-admission
means that third-country nationals are not allowed to enter the EU territory.
This may include persons who were previously issued a long-term residence permit by one of the EU Member States. The consequence of registration in SIS
(or VIS or Eurodac) could therefore be that the person concerned is restricted
in the performance of his work, which results in the loss of income. If it can be
established that the SIS alert is unlawful or inaccurate or, for example, in breach
of the individuals right of freedom of movement on the basis of the EC Treaty
(see Chapter 9), this may give rise to a claim for nancial damage or loss of
income based on the registration in the SIS, under Article 6 (1) ECHR.

3. Article 5 (1) (f ) ECHR: Right to Liberty and Security

Article 5 ECHR includes the right to liberty and security of persons. According to
this right, no-one should be deprived of his or her liberty except in the situations
described in Article 5 (1) and if this is in accordance with a procedure prescribed
by law. One of these situations of lawful arrest or detention of a person is,
according to Article 5 (1) (f ), to prevent his eecting an unauthorised entry into
the country or of a person against whom action is being taken with a view to
deportation or extradition. If Article 5 applies, Article 5 (4) obliges governments
to guarantee eective remedies against these detention measures. According to
this provision, persons who are deprived of their liberty by arrest or detention
should be entitled to take measures by which the lawfulness of his detention shall
be decided speedily by a court and his release ordered if the detention is not lawful.11 Article 5 (4) thus oers a separate legal basis for the right to eective remedies in the eld of the detention of persons for immigration law purposes: either
for the prevention of unauthorised entry or with a view to a planned deportation.
As we will see below, a very important judgment in which the ECtHR applied
and specied the criteria of Article 5 was the onka judgment of 2002.12 This case
11

12

See, for a more extended review of the meaning of Article 5: Boeles (1997), p. 226 and
G. Cornelisse, Human Rights for Immigration Detainees in Strasbourg: Limited Sovereignty or a
Limited Discourse? in: European Journal of Migration and Law, Vol. 6, no. 2, 2004, p. 93110.
onka v. Belgium, 5 February 2002, no. 51564/99, ECHR 2001-I.

252

Chapter 8

concerned the arrest and detention of a group (rejected) Romany asylum seekers
by the Belgian authorities with the aim of expelling them.

4. Protocol No. 7 to the ECHR: Procedural Safeguards Relating

to Expulsion of Aliens
Another specic provision on legal remedies in immigration law procedures is
oered by Article 1 (1) of Protocol no. 7 to the ECHR, according to which an alien
lawfully resident on the territory of a State should not be expelled from this country
except in pursuance of a decision reached in accordance with law.13 Article 1
describes the safeguards States should observe when expelling an individual. This
person should be allowed, rstly, to submit reasons against his expulsion; secondly,
to have his case reviewed and, thirdly, to be represented for these purposes before
the competent authorities or a person or persons designated by that authority.
Article 1 (2) of this 7th Protocol empowers governments to make an exception and
to expel a person before the exercise of these three safeguards if this is necessary in
the interests of public order or is based on reasons of national security.
Whether or not this Protocol provides any added protection compared to the
other rights under the ECHR has been questioned for several reasons.14 In the
rst place, Article 1 (1) of this Protocol is limited to third-country nationals with
lawful residence on the territory of a State. Secondly, the text of the Protocol
includes criteria which are considered as not very clear. For example, Article 1
does not provide any criterion with regard to the right of review or the competent authorities before which the case of alien may be represented. Also, the
exceptions to the rights mentioned in Article 1, which may be based on the
interests of public order or on reasons of national security, run the risk of being
interpreted broadly. Thirdly, and perhaps more importantly, of the EU Member
States, six Member States, including Belgium, Germany, Greece, the Netherlands,
Spain and the United Kingdom, have not ratied this 7th Protocol.15
Nevertheless, for those countries that have ratied Protocol no. 7, two judgments by the ECtHR, Lupsa v. Romania and Kaya v. Romania, illustrate that this
Protocol gives additional protection to third-country nationals.16 The rst case
Lupsa v. Romania dealt with a formal residence ban issued by the Romanian

13
14
15
16

Protocol no. 7 to the ECHR, 22 November 1984, ETS no. 117, eective 1 November 1988.
See Pieter Boeles, (1997), p. 286288.
The UK also did not sign this protocol. See http://conventions.coe.int. Status as of June 2007.
Lupsa v. Romania, 8 June 2006, no. 10337/04, Jurisprudentie Vreemdelingenrecht 2006/311,
annotation Rick Lawson. Kaya. v. Romania, 12 October 2006, no. 33970/05 (unreported).

Eective Remedies in Immigration Procedures: ECHR

253

authorities against a Yugoslavian national. Kaya v. Romania concerned the expulsion of a Turkish national from Romania on the basis of a decision by the
Romanian authorities to declare him inadmissible for 15 years. In this latter case,
the authorities justied the decision to declare the applicant inadmissible on the
basis of sucient and serious information that he was planning activities which
would endanger the national security. In both cases, the ECtHR found that the
expulsion constituted a breach of both Article 8 ECHR and Article 1 of the 7th
Protocol. With regard to the infringement of Article 1 of the 7th Protocol, the
ECtHR held that the legal basis for the expulsion did not meet the procedural
guarantees under that Article 1, since the law was not suciently accessible and
foreseeable (see further section 6.2 below).17
But even for those countries which did not ratify this Protocol, on could argue
that the rules included in Protocol no. 7 are not without relevance. Firstly, as
pointed out by Lawson in his annotation to the Lupsa judgment, the EU Member
States conrmed the applicability of the principles of the ECHR in the preamble
to Directive 2003/109 on the protection of long-term resident third- country
nationals.18 This would imply the principles which are included in the annexed
Protocols to the ECHR. Secondly, as we saw above, the ECtHR explicitly referred
in the Maaouia judgment to the 7th Protocol to justify the non-application of
Article 6 (1) ECHR. It does not make sense to restrict the application of Article 6
ECHR because the contracting parties already included necessary safeguards in the
Protocol no. 7, if these latter rules are not binding for the non-ratifying States.

5. Article 13 ECHR: The Right to Eective Remedies in Immigration

Law Procedures
5.1. When Does Article 13 Apply?
Article 13 ECHR provides:
Everyone whose rights and freedoms as set forth in this Convention are violated
shall have an eective remedy before a national authority notwithstanding that the
violation has been committed by persons acting in an ocial capacity.

In a wide range of judgments by the ECtHR Article 13, in combination with

other ECHR rights, has been applied to decisions made in national immigration
law procedures. Where an individual is refused a visa, a residence permit or entry

17
18

Lupsa 55, Kaya 55.

Lawson (ibid.) para. 6. See also preamble (4) of the Directive 2001/40 on the mutual recognition
of expulsion decisions OJ L 149, 2.6.2001.

254

Chapter 8

or when his expulsion or detention infringes one of the human rights protected
in the ECHR, the limited possibilities for challenging such a refusal may violate
the right to an eective remedy under Article 13 ECHR.19 With regard to immigration law decisions, Article 13 ECHR has been applied in conjunction with
Article 8 ECHR with regard to refusal of admission or an expulsion order in
breach of the applicants right to family life (Sen, ner); with Article 3 in expulsion cases (Al-Nashif, onka, Chahal ); with Article 4 of Protocol no. 4 on the
prohibition of collective expulsion (onka), and even regarding the freedom of
speech protected in Article 10 ECHR (Piermont).20 In the following sections,
I will focus on the jurisprudence of the ECtHR with regard to refusal of admission and with regard to expulsion or expulsion orders.
It is important that for the application of Article 13 ECHR, the ECtHR does
not nd it necessary to establish the violation of such a right either by national
courts or by the ECtHR. It is sucient for the applicant to have an arguable
claim that there has been a breach of one of the right or freedoms of the
Convention.21 Furthermore, the ECtHR emphasised in several judgments that
the right to eective remedies should be interpreted in a exible manner and
without excessive formalism.22 The ECtHR therefore accepted that, during the
national procedures, the claimant did not refer explicitly to his or her right under
the ECHR which was allegedly infringed. If the content of the claim covers this
breach of human rights, this is sucient according to the case law of the ECtHR.
5.2. Admission of Third-Country Nationals
The ECtHR has recognised, under certain circumstances, the positive obligation
of governments with regard to the admission of a person when this is considered
necessary for the protection of the applicants family life. The positive duty of a
government to give leave to enter to its national territory or to issue a residence
permit was acknowledged for the rst time in Abdulaziz, Cabales and Balkandali v.
the United Kingdom.23 Although, in this case, the ECtHR found no breach of

19

20

21

22

23

See also R. Cholewinski, No Right of Entry, in: Groenendijk, Guild & Minderhoud (2003),
p. 108109.
Piermont v. France, 27 April 1995, no. 15773-74/89, Series A, 314. The other judgments referred
to are dealt with below.
Silver and others v. the United Kingdom, 25 March 1983, no. 5947/72; 6205/73; 7052/75;
7061/75; 7107/75; 7113/75; 7136/75 Series A 61.
Cardot v. France, 19 March 1991, no. 11069/84, Series A, 200, 34, Castells v. Spain, 23 April
1992, no. 11798/85 Series A, 236, 27, Geoure de la Pradelle v. France, 16 December 1992,
no. Series A, 253-B, 26.
Abdulaziz, Cabales and Balkandali v. the United Kingdom, 28 May 1995, no. 9214/80; 9473/81;
9474/81 Series A 94.

Eective Remedies in Immigration Procedures: ECHR

255

Article 8 ECHR, it conrmed that the refusal to give spouses of legally resident
third-country nationals leave to enter or to remain in the UK could aect the
right to respect for family life under Article 8. The ECtHR rejected the governments view that Article 8 ECHR would not apply at all to immigration control,
by conrming the earlier statement by the Commission that the right of a foreigner
to enter or remain in a country is not guaranteed as such by the Convention, but
that immigration controls had to be exercised in accordance with the Convention
obligations and the exclusion of a person from a state where members of his family
were living might raise an issue under Article 8 ( 59).
In both Gl v. Switzerland and Ahmut v. the Netherlands, the ECtHR held that
a refusal to permit the applicants to remain in the country did not constitute
interference with the exercise of their right to respect for their family life.24
However, the ECtHR ruled that, based on the positive obligation of States to
respect the family life of the individual a fair balance has to be struck between
the competing interests of the individual and of the community as a whole.
Recognising a certain margin of appreciation for the State and balancing the
dierent interests at stake, the ECtHR found no violation of Article 8 ECHR in
the Gl and the Ahmut judgments.
The obligation of States, under certain circumstances, to admit relatives of settled
immigrants to their territory based on the right to family life protected in Article 8
ECHR, was cited in Sen v. the Netherlands.25 This case concerned the refusal by the
Dutch authorities to admit the daughter of Turkish parents who lived in the
Netherlands. The ECtHR ruled that, based on the positive obligations of Article 8
ECHR, the Dutch administration should have granted entry to a 13-year-old
daughter because of the major obstacles to her parents return to Turkey, their
country of origin. This decision on the positive implications of Article 8 ECHR
implies that third-country nationals applying abroad for a residence permit or a
visa for another State are entitled to a remedy against the denial of this request
when this denial is regarded as violating their right to family life.26 If, under certain
circumstances, the duty to respect the right to family life of Article 8 ECHR obliges
a State to admit a person to its territory, a refusal of admission (including refusal at
the border, of a visa or a long-term residence permit) should be considered a breach

24

25

26

Gl v. Switzerland, 19 February 1996, no. 22676/93 Reports 1996-I, 3238, Ahmut v. the
Netherlands, 28 November 1996, no. 21702/93 Reports 1996-V, 63.
Sen v. the Netherlands, 21 December 2001, no. 31465/96, Jurisprudentie Vreemdelingenrecht
2002/30 annotation S.K. van Walsum.
The ECtHR based its decision that the most appropriate place for exercising the right to family
life was in the Netherlands, in particular on the circumstances that her parents were settled in
the Netherlands and had been legally resident for years, and that two younger children had been
born in the Netherlands, the younger siblings attending school in the Netherlands.

256

Chapter 8

of the right under Article 8 ECHR. A procedure in which the individual seeks
remedy against this refusal therefore falls within the scope of Article 13 ECHR and
should meet the criteria developed under this right to eective remedies.
5.3. Expulsion and Expulsion Orders
In several cases, the ECtHR has dealt with the applicability of Article 13 ECHR
with regard to the expulsion of third-country nationals. In these judgments,
Article 13 was applied in combination with either Article 8 ECHR, where the
applicant claimed that the expulsion was in breach of his right to family life, or
Article 3 ECHR on the right not to be subjected to torture or inhuman or
degrading treatment or punishment. With regard to the right to family life, the
ECtHR allows Member States a certain margin of appreciation to consider
whether the expulsion infringes the rights of the third-country national in
question.27 However, as we will see in the sections below, with regard to claims
based on the protection of Article 3 ECHR, the ECtHR formulated more
stringent criteria with regard to the availability of eective remedies than in its
case law concerning the right to private or family life under Article 8 ECHR.
One of the earliest decisions on the expulsion of third-country nationals was
the case of Moustaquim v. Belgium.28 In this case, the ECtHR dealt with the
claim by a Moroccan national residing legally in Belgium that his expulsion by
the Belgian authorities infringed his right to family life. The applicability of
Article 13 ECHR was not raised during this trial, but the ECtHR found that the
deportation of Moustaquim was not necessary in a democratic society and therefore violated his right to respect for his private life under Article 8 ECHR. The
Al-Nashif v. Bulgaria judgment concerned the detention and deportation to Syria
of Mr. Al-Nashif, a stateless person of Palestinian origin, based on national security grounds.29 Aside from his complaint on the basis of Article 5 (4) ECHR with
regard to his detention, Al-Nashif and his children claimed that his expulsion
was in breach of his right to family life under Article 8 ECHR. In this judgment,
the ECtHR found that no eective remedy existed against this interference with
his right to family life and therefore that both Article 8 and Article 13 ECHR
were breached (see further below).

27

28

29

See M. Fasti, The restrictive approach taken by the European Court of Human Rights: deportation of long-term immigrants and right to family life (Parts 1 and 2), in: Tolleys Immigration,
Asylum and Nationality Law, Vol. 16, nos. 3 & 4, 2002.
Moustaquim v. Belgium, 18 February 1991, no. 12313/86, Series A, 193, 46. See also Nasri v.
France, 13 July 1995, no. 19465/92 Series A 320-B.
Al-Nashif v. Bulgaria, 20 June 2002, no. 50963/99, Jurisprudentie Vreemdelingenrecht 2002/239,
annotation E.Guild.

Eective Remedies in Immigration Procedures: ECHR

257

In its Vilvarajah judgment, the ECtHR applied Article 13 together with Article
3 ECHR. This case dealt with the expulsion of a Tamil family to India by the UK
authorities.30 The applicants claimed that their deportation to India violated their
right under Article 3 ECHR to be protected from inhuman and degrading
treatment. A comparable case was dealt with in the case of Chahal v. the United
Kingdom, concerning Indian asylum seekers (Sikhs) to be expelled to India on
national security grounds.31 In the Chahal judgment, the applicants invoked the
grounds that their lives were in danger in India and that the expulsion would be
in breach of Article 3 ECHR. Also, in Jabari v. Turkey, the ECtHR applied Article
13 together with Article 3 ECHR, to assess whether the judicial review proceedings which would have been available to the applicant in Turkey satised the
requirements of eective remedies.32 In this case, the applicant whose application
for asylum had been rejected claimed that her life would be at risk if she were
deported to Iran.
In several judgments, the ECtHR had to deal with an individual claim against
an expulsion order, where the applicant claimed that this order would infringe his
right to family life as protected in Article 8 ECHR. In the case of Boultif v.
Switzerland the ECtHR dened relevant criteria to use in order to assess whether
a residence ban or expulsion measure is necessary in a democratic society and
proportionate to the legitimate aim pursued.33 These criteria, repeated by the
ECtHR in ner v. the Netherlands,34 include:
the nature and seriousness of the oence committed by the applicant;
the length of the applicants stay in the country from which he or she is to be
expelled;
the time elapsed since the oence was committed and the applicants conduct
during that period;
the nationalities of the various persons concerned;
the applicants family situation, such as the length of the marriage, and other
factors expressing the eectiveness of a couples family life;
whether the spouse knew about the oence at the time when he or she entered
into a family relationship;
30

31
32
33

34

Vilvarajah and others v. the United Kingdom, 30 October 1991, no. 13163/87, Series A, 215,
117 to 127.
Chahal v. the United Kingdom, 15 November 1996, no. 22414/93, Reports 1996-V.
Jabari v. Turkey, 11 July 2000, no. 40035/98, ECHR 2000-VIII.
Boultif v. Switzerland, 2 August 2001, no. 54273/00, ECHR 2001-IX. This case concerned the
claim an Algerian national married to a Swiss national whose residence permit was not renewed
after a criminal conviction.
ner v. the Netherlands, 18 October 2006, no. 46410/99, 57, Jurisprudentie Vreemdelingenrecht
2006/417, annotation P. Boeles.

258

Chapter 8

whether there are children of the marriage, and if so, their age; and
the seriousness of the diculties which the spouse is likely to encounter in
the country to which the applicant is to be expelled.
As a national expulsion order is one of the grounds to report a third-country
national in the SIS, the criteria as dened by the ECtHR in Boultif and ner are
important tools to assess the legitimacy of these SIS reports as well.

6. Criteria for Eective Remedies

6.1. Judicial or Non-judicial Remedies
Article 6 (1) ECHR
According to Article 6 (1) ECHR, everyone has a right to a fair and public hearing
by an independent and impartial tribunal. The wordings chosen in Article 6 (1),
for example, judgment shall be pronounced publicly or, with regard to the
assessment of special circumstances for the limitation of this publicity, in the
opinion of the court, make it clear that this tribunal should be a judicial court.
This interpretation has been conrmed by the ECtHR in its jurisprudence.35
Article 5 (4) ECHR
With regard to the protection of detained persons, Article 5 (4) explicitly requires
that these persons should have access to judicial courts with regard to the review
of the lawfulness of the detention. As mentioned above, Article 1 of the 7th
Protocol on the expulsion of aliens is less clear and does not seem to require the
availability of judicial remedies.
Article 13 ECHR
As we saw in Chapter 6, when dealing with the right to private life and the
protection oered by Article 13 ECHR in combination with Article 8 ECHR,
the ECtHR explicitly accepted the availability of a non-judicial authority. Also,
with regard to the protection of human rights in immigration law procedures,
the CtHR found that the right to eective remedies under Article 13 ECHR does
not necessarily imply judicial remedies.36 However, according to the ECtHR, in
the absence of a judicial authority, the available remedies would have to meet
certain procedural guarantees and guarantees of eectiveness. In general, as we will

35

36

Belilos v. Switzerland, 29 April 1988, no. 10328/83, Series A, 132 and Oberschlick v. Austria (I),
23 May 1991, no. 11661/85, Series A, 204.
See Al-Nashif 132.

Eective Remedies in Immigration Procedures: ECHR

259

see below, in those cases the independent authority must be able to deal with the
substance of the complaint and it should be able to grant the applicant appropriate relief.37 In the Chahal judgment, the ECtHR held that the question of whether
the national remedy is eective before an authority would depend on the powers
and guarantees granted to this authority.38 On the other hand, the ECtHR made it
clear that if judicial remedies are available, this does not mean that these remedies
should automatically be considered eective. Especially if there is a real risk of
treatment in breach of Article 3 ECHR, it must be established that the independent
authority or judicial court oers sucient eective protection.39
6.2. Accessibility of Eective Remedies
Article 6 (1) ECHR
Article 6 (1) provides that an individual should have access to a court within a
reasonable time.40 Article 6 (1) ECHR, when applied to civil law procedures, does
not compel the State to provide for the assistance of a lawyer or legal aid. Only
when this proves indispensable for eective access to court, for example in complex procedures, the ECtHR held that the availability of a legal representative is a
necessary requirement. According to the jurisprudence of the ECtHR, national
law should provide a clear and coherent system of legal protection to enable an
individual to make use of his right to have an eective remedy before a court. This
requirement of a clear, practical, and eective opportunity to challenge an administrative act was stressed by the ECtHR in the Geoure de la Pradelle case.41 With
regard to the accessibility of the trial, Article 6 (1) may sometimes compel the
State to provide for the assistance of a lawyer or legal aid when this proves indispensable for eective access to court. In the Airey judgment, the ECtHR found
that this might be the case, either because legal representation is rendered compulsory, as in the domestic law of certain Contracting States for various types of litigation, or by reason of the complexity of the case procedure.42 The availability of a
legal representative is however not a prerequisite. For example, in McVicar v. the
United Kingdom, the ECtHR considered that a procedure in which the applicant
had represented himself had been in accordance with Article 6 (1) provided

37
38
39
40
41

42

See also Battjes (2006), para. 412, p. 320.

Chahal 152.
onka 75 , Vilvarajah 122126.
Zimmermann v. Switzerland, 13 July 1983, no. 8737/79, Series A, 66.
Geoure de la Pradelle v. France, 16 December 1992 l.c. 34. This case concerned the administrative appeal of the applicant against decisions by the French authorities which interfered with
his right to own land.
Airey v. Ireland 6 February 1981, no. 6289/73 Series A, 41 2633.

260

Chapter 8

national law allowed for this self-representation and provided the applicable law
was not too complex.43 It is important to note at this point that, when applying
Article 6 (1) criteria to civil law procedures, the ECtHR uses less strict criteria
than those dened for criminal law procedures. The aforementioned cases concerned civil law procedures. It seems reasonable that, when applying Article 6 (1)
to administrative law procedures, the ECtHR would dene more stringent criteria
with regard to the accessibility of procedures.
Article 5 (1) and 5 (4) ECHR
Article 5 (4) ECHR requires that national governments should provide access
to courts speedily or within specic time limits. Applying the criteria of
Articles 5 (1) f and 5 (4) ECHR, the ECtHR identied a number of factors in the
onka case which undoubtedly aected the accessibility of the remedy which the
Government claim was not exhausted.44 One of these factors was that the information on the available remedies handed to the applicants on their arrival at the
police station was printed in tiny characters. Furthermore, the text was written in
a language they did not understand and only one interpreter had been available to
a large number of Romany families. In its assessment of whether the deprivation
of liberty was in conformity with Article 5 ECHR, the ECtHR criticised the reliability of the communications sent to the applicants. According to the ECtHR this
information should be accurate irrespective of whether the recipients are lawfully
present in the country or not. Based on these considerations, the ECtHR concluded that the applicants had not had access to eective remedies. In Amuur v.
France, the ECtHR extended the scope of protection oered by Article 5 ECHR
to the transit zones of national airports.45 According to the conclusions of the
ECtHR in this judgment, States cannot argue that asylum seekers held in a transit
zone at an airport are at any time free to leave the territory and therefore not
deprived of their liberty. The ECtHR also refused to accept the argument that the
international zone where the asylum seekers were to remain could not be considered the territory of the contracting state. The legitimate concern of States to foil
the increasingly frequent attempts to circumvent immigration restrictions should
not, according to the ECtHR, deprive asylum seekers of the protection aorded
by the ECHR. With regard to the availability of remedies against prolonging the
detention, the opportunity of a speedy review should be available. Furthermore,
the legal basis for the detention should be suciently accessible and precise as to
avoid all risk of arbitrariness. In the case at stake, the text in French law would not
43
44
45

McVicar v. the United Kingdom, 7 May 2002, no. 46311/99, ECHR 2002-III.
onka v. Belgium, 5 February 2002, no. 51564/99, ECHR 2001-I 44.
Amuur v. France, 25 June 1996, no. 19776/92, Reports 1996-III, detention of asylum seekers at
Orly airport, see 4348.

Eective Remedies in Immigration Procedures: ECHR

261

allow national courts to review the conditions of detention and therefore the
ECtHR found a breach of Article 5 (1) ECHR.46
Article 1 (1) of Protocol No. 7, ECHR
With regard to the application of Article 1 (1) of Protocol no. 7, the ECtHR
considered in Lupsa v. Romania and Kaya v. Romania (see above), that the applicants were not given any eective chance to refute the expulsion decision before
a national court.47 The authorities failed to provide the applicants with the
slightest indication of the oence of which they were suspected and the public
prosecutors oce did not send the order issued against the applicants until the
day of the only hearing before the Court of Appeal. Furthermore, the ECtHR
observed that the Court of Appeal dismissed all requests for an adjournment,
thus preventing the applicants lawyer from studying the aforementioned order
and producing evidence in support of her application for judicial review of it.
Articles 13 and 8 ECHR
In the Al-Nashif case, the decision to deport the applicant was taken without
disclosing any reasons to the applicant, to his lawyer, or to any independent body
competent to examine the matter. This, according to the ECtHR, precluded the
applicant from having an eective opportunity to challenge the deportation or
refusal-of-residence order.48 In the Al-Nashif judgment, the ECtHR also applied
the criteria of Article 8 ECHR concerning whether the interference with this
right was suciently clear and foreseeable.49 This right included, according to
the ECtHR, the need for safeguards to ensure that the discretion left to the
authorities is in accordance with the law and without abuse. In the refuted case,
under Bulgarian law, the Ministry of the Interior was competent to issue
deportation orders interfering with human rights without following any form of
adversarial procedures, without giving any reasons and without any right of
appeal to an independent authority.50 Therefore, the ECtHR concluded that
there was a breach of Article 13 ECHR.
Accessibility of Right Under Article 34 ECHR
Article 34 ECHR provides individuals with the right to submit a request to the
ECtHR for an interim order if, during the national procedures, his or her rights
under this Convention are at risk of being violated by the refuted decision or
46
47
48
49
50

Amuur 43 and 50.

In both judgments 5960.
Al-Nashif, 126 and 133.
117 . Compare the jurisprudence on Article 8 ECHR as described in Chapter 6.
Al-Nashif, 126.

262

Chapter 8

measure. In Mamatkulov and Abdurasulovic v. Turkey (I), the ECtHR considered

the case of two applicants who were extradited by the Turkish authorities to
Uzbekistan on the basis of an extradition warrant issued by the latter state.51 This
extradition warrant was based on the suspicion that the applicants were involved
in homicide, causing injury by exploding a bomb in the Republic of Uzbekistan,
and an attempted terrorist attack on the President of Uzbekistan. Both applicants
were handed over to the Uzbek authorities before being able to apply their rights
under Article 34 of the ECHR, asking the Strasbourg Court for an interim relief,
arguing that their extradition would be in breach of Article 3 ECHR. In this judgment, the ECtHR ruled that it is implicit in the notion of the eective exercise of
the right of individual application that for the duration of the proceedings in
Strasbourg the principle of equality of arms should be observed and an applicants
right to sucient time and necessary facilities in which to prepare his or her case
respected. As in the present case, the applicants representatives were not able to
contact the applicants, despite their requests to the Turkish and Uzbek authorities
for permission to do so, the applicants were considered as having been denied an
opportunity to have further inquiries made in order for evidence in support of
their allegations under Article 3 of the Convention to be obtained.
6.3. Scope of Review
Article 6 ECHR
With regard to Article 6 (1), the ECtHR concluded at an early stage that fair trial
includes access to a judicial body that has full jurisdiction and the competence to
determine all aspects of the matter.52 Furthermore, it has been emphasised that
national courts should have full competence to re-examine the facts of the case
and to remedy the shortcomings found at administrative level.53 In the Chevrol v.
France case, the ECtHR dealt with the question of whether the scope of review
performed by the French Conseil dtat was in accordance with Article 6 (1) when,
in order to reach its decision, this court had relied on the evidence given by the
Ministry of Foreign Aairs with regard to the applicability of international law.54
On the basis of the fact that this Ministers involvement was decisive for the outcome of the legal procedures and was not open to challenge by the applicant, the
ECtHR concluded that the applicant did not have access to a tribunal which
had, or had accepted, sucient jurisdiction to examine all the factual and legal

51
52
53
54

Mamatkulov and Abdurasulovic v. Turkey (I), 6 February 2003, no. 46827/99 (unreported) 96.
Albert and Le Compte I and II, 10 February 1983, no. 7299/75 and 7496/76, Series A, 58.
Belilos, l.c., 7072.
Chevrol v. France, 13 February 2003, no. 49636/99 ECHR 2003-III, 8283.

Eective Remedies in Immigration Procedures: ECHR

263

issues relevant to the determination of the dispute.55 A comparable issue is dealt

with in the Obermeier case.56 Mr. Obermeier was an Austrian citizen who took
proceedings against his dismissal as an employee by a private insurance company.
In this case, the applicant submitted that he had no access to a fair trial because
the Austrian labour courts dealing with his proceedings considered themselves
bound by the decisions of the administrative authorities. According to the ECtHR,
the conditions laid down in Article 6 (1) are met only if the decisions of the
administrative authorities binding the courts were delivered in conformity with
the requirements of that provision. The ECtHR found in this judgment that the
decisions taken by the Austrian administrative authorities, declaring the dismissal
of a disabled person to be socially justied, in the majority of cases remained without any eective review by the courts. According to the ECtHR, in disputes concerning civil rights, such a limited review cannot be considered an eective judicial
review under Article 6 (1) ECHR.
Article 5 (1) and 5 (4) ECHR
According to Article 5(4) ECHR, a court should be able to decide on the lawfulness of a detention. With regard to this scope of review, the ECtHR repeatedly pointed out that this does not guarantee a right to judicial review of such
breadth as to empower the court, on all aspects of the case including questions of
pure expediency, to substitute its own discretion for that of the decision-making
authority. However, according to the ECtHR, the review should be wide enough
to bear on those conditions which are essential for the lawful detention of a
person according to Article 5 (1).57 This implies that the existence of a remedy
must be suciently certain to give the individual concerned adequate protection
against arbitrary deprivation of liberty.58
Article 13 ECHR
In general, in cases not related to immigration law procedures, the ECtHR considered the scope of review by national courts important in assessing whether
national remedies meet the standards of eective remedies within the meaning of
Article 13 ECHR.59
With regard to expulsion orders, in at least three judgments the ECtHR
explicitly considered whether the scope of review by national courts complied

55
56
57
58
59

See also Beaumartin v. France 24 November 1994, no. 15287/89, Series A, 296B.
Obermeier v. Austria, 28 June 1990, no. 11761/85, Series A, 179.
See Chahal 127.
Chahal 121122.
See Hatton and others v. the United Kingdom, 8 July 2003, no. 36022/97 ECHR 2003-VIII.

264

Chapter 8

with the requirements of Article 13. In the Vilvarajah case, mentioned above, the
applicants criticised the marginal role of the national courts in the UK.60 They
submitted that national courts did not ascertain whether the administration issuing the expulsion order (Secretary of State) was correct in assessing the risk to
which the applicants would be exposed when returned back to Sri Lanka. The
ECtHR, however, found that the national court had stressed its special responsibility to subject administrative decisions to the most anxious scrutiny in cases
where an applicants life of liberty would be at stake. Therefore, the ECtHR concluded that the powers of the national courts in this case provided an eective
degree of control over the decisions of the administrative authorities in asylum
cases and were sucient to satisfy the requirements of Article 13 ECHR.61
In the Al-Nashif case, the ECtHR emphasised that the right to an eective
remedy protected under Article 13 ECHR required that an individual be able to
challenge the executives assertion that national security is at stake.62 There should
be some form of adversarial proceedings, if necessary through a special representative after security clearance. The consideration of the ECtHR in the Al-Nashif
case is important, namely that governments may not, simply by invoking the
goals of national security, ignore the essential safeguards provided in the ECHR.
Even where an allegation of a threat to national security is made, the guarantee of
an eective remedy requires as a minimum that the competent independent
appeals authority be informed of the grounds for the deportation decision, even
if such reasons are not publicly available. National courts should be able to assess
the credibility of the governments assertion that the national security is at
stake. In other words, the authority must be competent to reject the executives
assertion that there is a threat to national security, where it nds this arbitrary or
unreasonable.
In Chapter 6, we saw that the ECtHR had held in the Leander and Klass judgments that, in these cases, a remedy that was as eective as can be would be sucient under circumstances where national security considerations did not permit
the divulging of certain sensitive information.63 In the Chahal judgment, the
ECtHR ruled that this criterion of as eective as can be would not be appropriate
in respect of a complaint that a persons deportation will expose him or her to a real
risk of treatment in breach of Article 3 ECHR: In such cases, given the irreversible
nature of the harm that might occur if the risk of ill-treatment materialised and the
60

61
62
63

Vilvarajah and others v. the United Kingdom, 30 October 1991, no. 13163/87, Series A, 215,
117 to 127.
Vilvarajah 125126.
Al-Nashif 137.
See the judgments in Klass and others v. Germany, 6 September 1978, no. 5029/71, Series A, 28,
69 and Leander, 26 March 1987, no. 9248/81, Series A, no. 116, 78.

Eective Remedies in Immigration Procedures: ECHR

265

importance the ECtHR attaches to Article 3, the notion of an eective remedy

under Article 13 requires independent scrutiny of the claim that there exist substantial grounds for fearing a real risk of treatment contrary to Article 3. This scrutiny must be carried out without regard to what the person may have done to
warrant expulsion or to any perceived threat to the national security of the expelling State.64 The ECtHR emphasised that there was a dierence between this case,
where it concerned the life and security of the person, and its earlier judgments
where the privacy of information was at risk. Also, in the Al-Nashif case, the ECtHR
explicitly made a distinction between cases of expulsion of aliens on national security grounds and cases with regard to systems of secret surveillance or secret checks,
on the same grounds. Where the ECtHR acknowledged that, in the latter cases,
such systems could only function if the individual remained unaware of the measures aecting them, it considered with regard to expulsion decisions that the
interests of preserving sensitive information were much more easily reconciled with
the rights of the individual to an eective remedy.65
The question whether individuals have an eective remedy at the national level
also plays a role with regard to the right to lodge an appeal before the ECtHR.
In its jurisprudence, the ECtHR has held that the obligation to exhaust domestic
remedies as required by Article 35 (1) ECHR, is limited to making use of those
remedies which are likely to be eective and available in that their existence is
suciently certain and they are capable of redressing directly the alleged violation of the Convention.66 This criterion was, for example, used in Salah Sheekh v.
the Netherlands concerning the claim of an asylum seeker that his expulsion to
Somalia would be in breach of Article 3 ECHR. According to the ECtHR, an
applicant cannot be regarded as having failed to exhaust domestic remedies if he
or she can show, by providing relevant domestic case-law or any other suitable
evidence, that an available remedy which he or she has not used was bound to
fail. Considering the consistent jurisprudence of the Dutch highest administrative court (Administrative Jurisdiction Division), the ECtHR found that in
practice a further appeal to this court would have had virtually no prospect of
success. Therefore the claim of the applicant was considered admissible even if
he had failed to exhaust the national remedies.

64
65
66

Chahal, 150151.
Al-Nashif 137.
Salah Sheekh v. the Netherlands, 11 January 2007, no. 1948/04, 119127. See also Azdivar v.
Turkey, 16 September 1996, no. 21893/93, dealt with in Chapter 6, section 6.4.1.

266

Chapter 8

6.4. Competences
Article 6 (1) ECHR
In Hornsby v. Greece, the ECtHR made it very clear that, in order to meet the criteria
on the eectiveness of legal remedies, the execution of a judgment given by any court
must be regarded as an integral part of the trial for the purposes of Article 6 (1)
ECHR.67 Or, in other words, if national administrations could simply ignore the decisions of their national courts, the available procedures cannot be said to be eective.
The Hornsby case concerned a British couple applying for authorisation from the
Greek authorities to start a private school (frontistirions) in Rhodes. This authorisation
was refused on the grounds that only Greek nationals could be granted such permission. According to the applicants, their right to eective remedies had been violated
by the Greek authorities because they failed to comply with two positive (to the applicants case) judgments by the Greek Supreme Administrative Court.68 The ECtHR
criticised the fact that the Greek authorities did not consider themselves bound by the
decisions of the Supreme Administrative Court. In the words of the ECtHR, it would
be inconceivable that Article 6 (1) should describe in detail procedural guarantees
aorded to the litigants that are fair, public and expeditious, without protecting the
implementation of judicial decisions. In the view of the ECtHR, the protection of
Article 6 (1) ECHR should therefore not be limited to access to a court or the conduct of proceedings as this could lead to situations incompatible with the principle of
the rule of law.
Article 5 (1) and 5 (4) ECHR
The text of Article 5 (4) is clear, stating that the court should be able to order the
individuals release if the detention is not lawful.
Article 13 ECHR
In Iatridis v. the United Kingdom, the ECtHR ruled that the availability of eective
remedies as such is not enough.69 Using motivation comparable to the Hornsby case
with regard to Article 6 (1), the ECtHR held in this case that eective remedies
according to Article 13 ECHR can only be eective if the national authorities comply
with the judgments reached by the courts during the procedure. In the words of

67
68

69

Hornsby v. Greece, 19 March 1997, no. 18357/91, Reports 1997-II.

The Greek authorities failed to implement the judgments of the EC Court of Justice and the
Greek Supreme Court with regard to allowing nationals of EC Member States to open schools
in Greece under the same conditions as those applied to Greek nationals.
Iatridis v. Greece, 25 March 1999, no. 31107/96, ECHR 1999-II. See 66. This case concerned
the claim by Iatridis with regard to his right of ownership (Article 1 of Protocol no. 1 to the
ECHR) together with his claim that his right to eective remedies had been breached.

Eective Remedies in Immigration Procedures: ECHR

267

the ECtHR, the remedy required by Article 13 must be eective in practice as well
as in law, in particular in the sense that its exercise must not be unjustiably hindered
by the acts or omissions of the authorities of the respondent State.
In the onka case, the ECtHR claried with regard to decisions on the expulsion of third-country nationals that, the notion of an eective remedy under
Article 13 requires that the remedy may prevent the execution of measures that
are contrary to the Convention and whose eects are potentially irreversible.70
Consequently, it would be inconsistent with Article 13 for such measures to be
executed before the national authorities have examined whether they are compatible with the Convention. The ECtHR stressed that the requirements of Article 13
should take the form of guarantees rather than a mere statement. It is important
to note that the ECtHR explicitly rejected the statement by the Belgian government in which the excessive workload of the Conseil dtat was presented as an
excuse for the failing system of legal remedies. It is the duty of a State to organise
its judicial system such that it is able to manage the available procedures.71
The need for courts to have the ability to suspend measures with irreversible
eects was also covered in Jabari v. Turkey.72 In this judgment on the decision of
the Turkish authorities to expel an Iranian woman to Iran, the ECtHR ruled that
the notion of an eective remedy under Article 13 requires independent and rigorous scrutiny of a claim that substantial grounds exist for the fear of a real risk
of treatment contrary to Article 3 ECHR. National courts should therefore have
the ability to suspend the implementation of the impugned measures. In this
conclusion, the ECtHR emphasised the importance of Article 3 ECHR and
the irreversible nature of the harm that might occur if the risk of torture or illtreatment alleged materialised. Along the same lines, as we have seen above, the
ECtHR held in Mamatkulov v. Turkey that Contracting States are obliged to
respect an interim measure of the ECtHR in order to avoid irreparable harm
and to abstain from any act or omission that might prejudice the integrity and
eectiveness of the ECtHRs nal judgment.73

7. The Principle of Non-discrimination: Article 14 ECHR

With regard to the question of whether dierent treatment based on nationality is
in accordance with the non-discrimination principle of Article 14 ECHR, the ECtHR
ruled in Moustaquim v. Belgium that there must be an objective and reasonable
70
71
72
73

onka v. Belgium, 5 February 2002, no. 51564/99, ECHR 2001-I, see 79.
onka 8384.
Jabari v. Turkey, 11 July 2000, no. 40035/98, ECHR 2000-VIII, 50.
Mamatkulov and Abdurasulovic v. Turkey (I), 6 February 2003, no. 46827/99.

268

Chapter 8

justication for giving a preferential treatment to nationals of other EC Member

States.74 In this case, the ECtHR found an objective and reasonable justication for
the discrimination in treatment of EU nationals and third-country nationals in the
fact that Belgium and the other EC Member States belonged to a special legal order.
In the Gaygusuz and Poirrez judgments, the ECtHR formulated a more stringent and
more specied criterion.75 The Gaygusuz case dealt with the complaint of a Turkish
national who had lived and worked in Austria for more than ten years. When he
became unemployed, the Austrian authorities refused him unemployment benets
on the grounds that he did not have Austrian nationality. The Poirrez case dealt with
the claim of a national of the Ivory Coast who was adopted by a French citizen.
Mr. Poirrez, who had been physically disabled since the age of seven, had been refused
an allowance for disabled adults on the basis of his nationality. In both cases (Gaygusuz
and Poirrez), the ECtHR found that this dierentiation based on nationality had no
objective and reasonable justication and therefore involved a breach of Article 14
ECHR in conjunction with Article 1 of Protocol No. 1 (on the right to property).
According to the ECtHR, the national authorities would have to submit very
weighty reasons before dierent treatment exclusively based on the grounds of
nationality could be regarded as compatible with the Convention.
The relevancy of the right of non-discrimination in the eld of border controls
became clear as well in the judgment of the ECtHR in Timishev v. Russia.76 This
case concerned the complaint of a Russian national of Chechen ethnicity, who
was refused by the Russian authorities to pass administrative borders within
Russia. The ECtHR ruled that there was a violation of Article 14 ECHR in combination with Article 2 of the 4th Protocol (dealing with the freedom of
movement). According to the ECtHR no dierence in treatment which is based
exclusively or to a decisive extent on a persons ethnic origin is capable of being
objectively justied in a contemporary democratic society built on the principles
of pluralism and respect for dierent cultures. It should be emphasised that the
right to liberty of movement and freedom to choose his residence within the
territory of a State as protected by the 4th Protocol applies to everyone lawfully
within that State. This includes third-country nationals.
The question is when national governments can submit very weighty grounds
or objective and reasonable justication of the discrimination in treatment with
regard to the applicable procedural guarantees. With the rejection in the onka
judgment of the arguments by the Belgian government that overworked national

74
75

76

Moustaquim v. Belgium, 18 February 1991, no. 12313/86, Series A, 193.

Gaygusuz v. Austria, 16 September 1996, no. 17371/90, Reports 1996-V, 42, and Poirrez v.
France, 30 September 2003, no. 40892/98, ECHR 2003-X, 46.
EHRM Timishev v. Russia, 13 December 2005, no. 55762/00 and 55974/00, see para. 5859.

Eective Remedies in Immigration Procedures: ECHR

269

courts and alleged abuse of national procedures would allow for fewer procedural
guarantees, the ECtHR made it clear that these grounds are unacceptable.77 This
is also evident from the judgment in the Amuur case, where the ECtHR refused to
accept the concern of States to address increasingly frequent attempts to circumvent immigration restrictions as grounds for depriving asylum seekers of the protection aorded by the ECHR. In Ludescher v. Austria, the ECtHR was not
persuaded by the Governments explanation that the delay before the Administrative
Court was caused by a rise of applications between 1990 and 1995. According to
the ECtHR, it is for Contracting States to organise their legal systems in such a
way that their courts can guarantee the right of everyone to obtain a nal decision
on disputes relating to civil rights and obligations within a reasonable time.78

8. Summary: Criteria for Eective Remedies

It is clear that human rights can be at stake with regard to immigration law decisions dealing with the (non-)admission of third-country nationals, their detention or expulsion. A person claiming that his right, protected by the ECHR, is
infringed should have eective remedies on the basis of Article 13 ECHR. Aside
from Article 13, the ECHR oers additional protection under Article 5 (4) with
regard to detained immigrants and in the 7th Protocol to the ECHR with regard
to the expulsion of lawfully resident third-country nationals. This latter Protocol
only applies in those States which ratied this instrument. However, one could
argue that by referring to the principles and rights of the ECHR in the preambles
to EC immigration law, the Member States are also bound by this Protocol.
The jurisprudence of the ECtHR is very casuistic. Nevertheless, in its jurisprudence, the ECtHR dened some important criteria for the eectiveness of the
available remedies in immigration law procedures. Generally, the ECtHR applies
more stringent criteria with regard to claims based on Article 3 ECHR. It is also
clear that the ECtHR refuses to accept grounds of national security or overburdened immigration law procedures as sole justication for limiting the rights
of individuals to legal remedies.
8.1. Non-judicial or Judicial Remedy
Both Article 6 (1) and Article 5 (4) ECHR explicitly require that persons should
have access to judicial courts. With regard to the situations in which Article 13
77

78

Compare to the Salesi judgment, 26 February 1993 Series A 257E, in which Italys claim with
regard to the nancial implications of the application of Article 6 was also rejected by the Court.
Ludescher v. Austria, 20 December 2001, no. 35019/97 23.

270

Chapter 8

ECHR applies, the judicial remedies are not considered an absolute requirement.
However, from the judgments at stake, one can conclude that the ECtHR applies
the same or comparable criteria when considering the eectiveness of the competent authorities. The question of whether the national procedure is in accordance with Article 13 ECHR depends on whether the competent authority has
sucient powers and guarantees to oer eective remedies. As we have seen, in
the judgments of Chahal and Al-Nashif, the ECtHR explicitly stated that the
requirement of a remedy which is as eective as can be is not appropriate in
respect of a complaint that a persons deportation will expose him or her to a real
risk of treatment in breach of Article 3.
The case law of the ECtHR also reveals that, for the purposes of the ECHR, the
dierentiation between judicial and non-judicial remedies is not always relevant.
From the above judgments, we learn that even if judicial remedies are available,
the ECtHR is not automatically satised that these remedies provide eective
protection for the individual. In each case, but especially if it concerns the protection under Article 3 ECHR in expulsion cases, it must be established that the
independent authority or judicial court oers sucient eective protection.
8.2. Accessibility
From the jurisprudence of the ECtHR, one can deduce the following requirements for the accessibility of remedies with regard to detention measures:
the legal basis of detention should be suciently accessible and precise (Amuur);
the detained person should have access to speedy review (Amuur);
the person should be given legible and understandable information about the
available remedies (onka);
the information provided should be accurate (onka);
the reasons for detention should be properly communicated to the detainee
(onka); and
the person should have access to an interpreter (onka).
With regard to deportation or expulsion, the ECtHR formulated the following
criteria:
the authorities should disclose the reasons for deportation(Al-Nashif );
the person should be given sucient time and the necessary facilities to prepare
his or her case (Mamatkulov).
8.3. Scope
In its jurisprudence based on both Article 13 and Article 6 (1) ECHR, the ECtHR
paid much attention to the scope of review of national courts. The ECtHR
emphasised that, in order to meet the requirements of eective remedies,

Eective Remedies in Immigration Procedures: ECHR

271

a national court or authority assessing the lawfulness of the refuted decisions or

measures should be able to enforce the substance of Convention rights. Based
on Article 6 (1), it was concluded that national courts should be able to re-examine
the facts of the case and to remedy the shortcomings observed at administrative
level. With regard to the application of Article 6 (1) ECHR, the following criteria
apply:

there should be access to a judicial body;

this body should have full jurisdiction and should be able
to determine all aspects of the matter and
to re-examine all the facts of the case.

It is evident from the jurisprudence of the ECtHR regarding Article 13 ECHR

that, in the procedures concerning the right to family life, the authority or court
should be able to strike the correct balance between the rights of the individual
and the general interest of the government. In procedures in which the
government invoked national security grounds, national courts or authorities
should be able:
to assess the credibility of the governments assertion that the national security
is at stake (Al-Nashif ); and
to strike the correct balance between the rights of the individual and the
general interest of the government (Al-Nashif ).
When the applicants right to liberty or life is at risk, more stringent scrutiny should
be exercised than for a claim concerning the right to privacy (Chahal, Al-Nashif ).
As we have seen above, in Shalah Sheekh, the ECtHR repeated its earlier statement
that national authorities cannot refer to the failure to exhaust national remedies
with regard to the admissibility of an individual claim, if in practice the appeal to
the competent court was bound to fail.
8.4. Competences
In its jurisprudence dealing with expulsion, the ECtHR ruled that national
courts or authorities should be able to prevent the execution of measures causing
irreparable or irreversible harm to human rights. This means that national legislators should provide for legal procedures in which the courts or authorities can
order interim or suspensive measures. This competence of national courts or
authorities should include the power:
to issue binding decisions (Hornsby, Iatridis);
to prevent the execution of measures causing irreparable or irreversible harm
to human rights (onka, Jabari) and;
to order interim or suspensive measures (onka, Jabari).

272

Chapter 8

In both Hornsby v. Greece, based on Article 6 (1), and Iatridis v. the United
Kingdom (Article 13), the ECtHR found that with regard to the question of
whether remedies are eective, it is necessary to establish that governments are
obliged to comply with the decisions of independent courts or authorities. This
requirement of binding (judicial) decisions can be considered an important criterion to be taken into account when assessing the eectiveness of remedies within
the framework of the use of the SIS or other EU databases. As far as I know, the
ECtHR did not deal with the need for compliance by national governments with
the judicial decisions of foreign courts.
8.5. Non-application of Article 6 (1) ECHR to Immigration Law Procedures:
Failure or No Loss?
It has been argued that, for the current law on eective remedies, the applicability
of Article 6 (1) ECHR on immigration procedures would not lead to greater procedural protection in immigration procedures.79 Based on Article 13 and other
provisions, the ECHR oers other mechanisms which provide for access to judicial courts in immigration cases. However, considering the criteria for a fair trial
given in Article 6 (1) and its further development by the ECtHR, Article 6 (1)
sometimes includes stricter rules than Article 13 ECHR, for example with regard
to the requirement of a judicial review and speedily access to courts of the claim
in question.
Other, more urgent reasons exist to explain why it could be desirable for the
ECtHR to reconsider its interpretation of Article 6 (1). For example, it is doubtful whether the classical arguments for the dierentiation between civil and
criminal law procedures on the one hand and immigration law procedures on
the other hand still apply. As we have seen above, the ECtHR has already rejected
the argument of force majeur as a reason why lesser procedural guarantees should
apply to immigration law procedures. Furthermore, the claim of state sovereignty
does not seem to be a strong argument to justify the non-application of Article 6
in this eld. Considering the legal Schengen framework and the legislative powers
based on Title IV TEC (see Chapter 9), it can no longer be said that immigration
policy is matter of state sovereignty only.80
Secondly, the current standards of immigration procedural law cannot be
regarded as a matter of course. As we will see in Part III, the acquired procedural
rights of immigrants can be withdrawn or limited whenever this is considered

79

80

Nicholas Blake and Raza Husain, Immigration, Asylum and Human Rights, Oxford/New York:
Oxford University Press, 2003, p. 241
M. Kuijer, annotation to the Maaouia judgment, NJCM Bulletin 2001, no. 6, p. 762779.

Eective Remedies in Immigration Procedures: ECHR

273

necessary by the national governments. The application of Article 6 (1) ECHR

on immigration procedures would provide a set of minimum standards from
which governments may not deviate.
Thirdly, a broad application of Article 6 would eliminate situations in which it
is unclear whether the right of an eective remedy applies in immigration appeals
where no human rights are at issue, for example in cases involving students or
businessmen. As pointed out by Van Dijk and Van Hoof: It is submitted that
the most satisfactory way to end legal uncertainty and maximize eective legal
protection is to recognize as an example of evolutive interpretation that the
rst paragraph of Article 6 is applicable to all cases in which a determination by
a public authority of the legal position of a private party is at stake, regardless
of whether the rights and obligations involved are of a private character and
regardless of whether the claim concerns a public law relationship.81
A nal and perhaps more important reason is the development in EU law. As
mentioned above, Article 6 (1) ECHR is used as a model for the right to a fair
trial, as incorporated in the EU Charter on Fundamental Rights. The authors of
this Charter explicitly conrmed that the scope of this right goes beyond the
eld of civil and criminal law. Aside from the incorporation of this human right
in the EU Charter, we will see in the next two Chapters how the right to eective
remedies gradually became rooted in EU law, also extending to measures in the
eld of asylum and immigration law. It is possible that the ECtHR accepts that,
within the law of the 27 EU Member States, higher standards apply with regard
to the scope of Article 6 (1) ECHR than the standards which apply in the States
of the Council of Europe. However, the ECtHR repeatedly conrmed its
commitment to interpreting the human rights as protected in the ECHR with
adynamic and evolutive approach and that it attaches importance to a European
or international consensus. In this light, it seems logical that the ECtHR should
abandon its narrow approach with regard to Article 6 ECHR.82

81

82

P. van Dijk and F. van Hoof, Theory and Practice of the European Convention on Human Rights,
Antwerpen/Oxford: Intersentia 2006, p. 538.
Goodwin v. the United Kingdom, 11 July 2002, no. 28957/95, 74 and 8485.

Chapter 9
Eective Remedies under EC Immigration Law
Even though the constitutional traditions of all Member States and the jurisprudence
of both the Strasbourg and Luxembourg courts underlines that the right to an eective remedy for all within the jurisdiction of Member States (which includes decisions
made in embassies and consulates) is an important legal and human right, it would
appear that the preference is to pay lip-service to important principles and cite relevant human rights instruments rather than to move towards the construction of a
modern legal framework guaranteeing the application of the rule of law in the enlarged
EU of the 21st century.1

1. Introduction
The Treaty of Maastricht of 1992 added a new objective of the Union to Article
2 of the EU Treaty (hereafter TEU): to maintain and develop the Union as an
area of freedom, security and justice, in which the free movement of persons is
assured in conjunction with appropriate measures with respect to external border
controls, asylum, immigration and the prevention and combating of crime.2
One of the central goals of this Area of Freedom, Security and Justice is to safeguard the legal protection of individuals.3 In the Tampere Conclusions of 1999,
including a ve-year programme for the Area of Freedom, Security and Justice,
the European Council stated that this freedom should not be regarded as the
exclusive preserve of the Unions own citizens. According to the heads of states, it
would be in contradiction with Europes traditions to deny such freedom to
those whose circumstances lead them justiably to seek access to our territory.4
The Tampere Conclusions further state that common policies on asylum and
immigration must be based on principles which are both clear to our own citizens

2
3

R. Cholewinski, The Need for Eective Legal Protection in Immigration Matters, EJML, 7,
2005, p. 237262.
Article 2 of the TEU, OJ C 325, 24.12 2002.
Communication of the Commission, Towards an Area of Freedom, Security and Justice, COM
(1998) 459, July 1998.
Recital 2 of the Tampere Conclusions.

Evelien Brouwer, Digital Borders and Real Rights, pp. 275302.

2008 Koninklijke Brill NV. Printed in the Netherlands.

276

Chapter 9

and also oer guarantees to those who seek protection in or access to the European
Union.5 With this phrase, the European Council explicitly recognised the obligation of the EU legislator to provide procedural guarantees not only for those
residing lawfully in the EU, but also for those applying for a residence permit or
visa in one of the EU Member States. What has been achieved since the Tampere
Conclusions with regard to the right of judicial protection in the dierent instruments adopted in the eld of immigration and asylum law?6 Do individuals have
a right to access to courts with regard to immigration law decisions, which applies
indiscriminately to third-country nationals residing in or seeking access to the
EU? Or it is fair to state, in the words of Cholewinski, that compared to EU citizens and their family members, third-country nationals are still subject to an
underdeveloped legal regime at the EU level?7
This Chapter describes to what extent the right to eective remedies is
embedded in EC immigration law. Does this right apply indiscriminately to
third-country nationals residing legally on the territory of one of the EU
Member Sates or seeking access to the EU, or is there dierentiation between
dierent categories of persons? To answer these questions, I will describe in the
following sections the relevant provisions of the dierent immigration law instruments adopted on the basis of Title IV TEC and compare these provisions with
the rules which apply to more privileged categories of persons, including EU citizens and their family members and Turkish migrant workers.8

2. Directive 2004/38/EC on the Right of Citizens and their Family

Members to Move and Reside Freely within the EU
2.1. Protecting the Free Movement of EU Citizens and their Family Members
One of the fundamental principles of Community law is the freedom of movement of EU citizens. This principle was laid down at an early stage in Directive
64/221/EC, including rules on the co-ordination of special measures concerning
the movement and residence of foreign nationals which are justied on grounds
of public policy, public security or public health in the EC.9 Based on case law of
5
6

7
8

Recital 3. Italic is mine, EB.

See, for an elaborate study of eective remedies in European immigration law in the period
before the Tampere Conclusions: P. Boeles, Fair Immigration Proceedings in Europe, The Hague/
Boston/London: Martinus Nijho Publishers 1997.
Cholewinski (2005), p. 238.
For a general study on the rights of third-country nationals in EU law I refer to: H. Staples The
legal status of third country nationals resident in the European Union, The Hague/London/Boston:
Kluwer Law International 1999.
Directive of 25 February 1964, OJ 04.04.1964, pp. 850857.

Eective Remedies under EC Immigration Law 277

the European Court of Justice (ECJ), it has been recognised that, in order to
enable EU citizens to enjoy their freedom of movement, this protection should
also apply to their family members who hold a third-country nationality.10 Based
on these rules and the criteria as developed by the ECJ, the power of Member
States to restrict the right of free movement and residence of EU citizens and
their family members is limited. One of the most important criteria as dened
by the ECJ is that Member States may, only in exceptional situations, invoke reasons of security, public order or health grounds to oppose the residence of EU
citizens and family members. According to established case law, their right to
enter the territory of another Member State, to stay there and to move within it
may only be refused when this person represents a genuine and suciently
serious threat aecting one of the fundamental interests of society.11 In the judgment MRAX v. Belgium, the ECJ ruled that a Member State may neither refuse
to issue a residence permit to a third-country national married to a national of a
Member State, who entered the territory of that Member State lawfully, nor issue
an order expelling him from the territory, solely on the grounds that his visa
expired before he applied for a residence permit.12
On 30 April 2006, Directive 64/221 was replaced by a new Directive 2004/38/
EC on the rights of citizens and their family members to move and reside freely
within the territory of the Member States.13 This Directive codies the principles
as formulated by the ECJ on the basis of the former Directive 64/221. It also
integrates the dierent existing instruments with regard to the protection of EU
citizens under community law.14 As in the former Directive 64/221, Directive
2004/38 also grants benecial rights to the spouse and family members of EU
citizens. In the new Directive, this also includes the partner with whom the EU
citizen has a durable relationship, duly attested (Article 3).
For our purposes, the relevant provisions of Directive 2004/38 are Articles 30
and 31. These provisions describe the procedural guarantees with regard to the
right to legal remedies against decisions concerning entry or the refusal to issue
or renew a residence permit, or to expulsion decisions. Compared to the rules in
Articles 8 and 9 of the former Directive 64/221, the new rules enhance the procedural rights of EU citizens and their family members. Among other things,

10

11
12
13
14

See the judgments of the ECJ in C-60/00, Carpenter, ECR [2002] I-6279 and C-459/99,
Mouvement contre le racisme, lantismitisme et la xnophobie ASBL (MRAX) v. Belgium, [2002]
ECR I-6591.
C-36/75, Rutili, [1975] ECR 1219, 28 and C-30/77, Bouchereau, [1977] ECR 1999, 35.
C-459/99 91.
Adopted on 29 April 2004. OJ L 229/35, 29.06.2004.
See also S. Carrera, What Does Free Movement Mean in Theory and Practice in an Enlarged EU?,
CEPS Working Document No. 208/October 2004, available at http://www.ceps.be.

278

Chapter 9

Article 30 of Directive 2004/38 puts more emphasis on procedural guarantees

improving the accessibility of legal remedies. According to Article 31 (1) of
Directive 2004/38, the persons concerned should have access to judicial and,
where appropriate, administrative redress procedures in the host member state to
appeal against or seek review of any decision taken against them on the grounds
of public policy, public security or health. I will further describe these criteria in
section 4 below.
2.2. Extending the Scope of Protection: Cetinkaya and Drr-nal
Based on the association agreements between the EU Member States and third
countries, nationals of those third countries enjoy a privileged position with
regard to the right to work, the right to social benets and the right to stay
within the EU territory. In the early 1960s, such an Association Agreement was
concluded between the European Communities and Turkey, also in view of the
future accession of Turkey to the Communities. In 1980 the Association Council,
established on the basis of this Agreement, adopted Decision 1/80 on the rights
of Turkish migrant workers. This Decision includes the general principle that
Turkish migrant workers should receive, in the country where they are legally
resident, the same treatment as EU workers. Based on this general principle of
equal treatment, the ECJ ruled in two important judgments that individuals
enjoying rights under Decision 1/80 should have the same procedural guarantees
with regard to these rights as EU citizens under Directive 64/221, even if this
Directive does not explicitly refer to this category of persons.
In 2004, in the Cetinkaya case, the ECJ recognised the applicability of certain
procedural guarantees of Directive 64/221 with regard to procedures reviewing
the legality of an expulsion order against a Turkish worker.15 In this judgment,
the ECJ found that national courts should have applied the principles of Article 3
of Directive 64/221 with regard to measures based on public order and security
grounds against the applicant. This meant, according to the ECJ, that courts
should have taken into consideration circumstances which arose after the nal
expulsion decision of the national immigration authorities in order to assess the
presence of an actual threat to public order caused by the personal conduct of the
applicant.
In the Drr-nal judgment of 2 June 2005, the ECJ ruled on the scope of
Directive 64/221 with regard to the rights of an EU national and a Turkish
national.16 In this case, the Court made an explicit link between rights as protected
15
16

Case C-467/02, Cetinkaya, [2004] ECR I-10895.

Case C-136/03, Drr-nal, [2005] ECR I-4759. See, for an early analysis of this judgment,
S. Peers in the ILPA European Update, June 2005, p. 710.

Eective Remedies under EC Immigration Law 279

by Community law and the ability to invoke these rights before a court. The ECJ
concluded that in order to ensure the eectiveness of the substantive rights as
protected in Decision 1/80, it is essential to grant those workers and their family
members the same procedural guarantees as those granted by Community law to
nationals of Member States.17 This means that those workers should be granted
the same guarantees laid down in Articles 8 and 9 of Directive 64/221. On the
basis of the reasoning of the ECJ in these judgments, it is to be expected that the
ECJ will continue the same reasoning with regard to Directive 2004/38.
Therefore, Member States will have to apply the procedural guarantees included
in this Directive to Turkish migrant workers and their family members as well.18
The consequence of this was that the rights of workers from a country whose
accession to the EU is far from being accomplished were better protected than
those of nationals of other third countries, such as Bulgaria and Romania in the
years before their accession to the EU. The EU signed association agreements
with those countries as well, but in these treaties the principle of equality with
EU citizens was deliberately omitted. However, as we will see in Chapter 10, this
dierential treatment became less relevant following the Panayotova judgment of
2004 of the ECJ. In this judgment, which concerned the rights of Bulgarian
nationals under the Association Agreement between the EC and Bulgaria, the
ECJ applied its more general approach on eective remedies with regard to rights
as protected under Community law to the area of visa and residence rights.
2.3. The Relationship between the VIS and SIS and the Freedom of Movement
of EU Citizens and Family Members
2.3.1. Commission v. Austria
With regard to the availability of remedies against the refusal to issue a visa to
family members of EU citizens, in 2005 the Commission brought an interesting
claim against Austria before the ECJ.19 The Commission claimed that Austria
had failed to implement the provisions of Directive 64/221, considering that
Austrian law lacked certain procedural guarantees such as motivated decisionmaking or the right to appeal against the refusal. In the rst place, the Austrian
government failed to inform the visa applicant of the full and detailed reasons for

17
18

19

Drr-nal 67.
K. Groenendijk, Citizens and Third-country nationals: Dierential Treatment or Discrimination?,
in: J.Y. Carlier and E. Guild, The Future of Free Movement of Persons in the EU, Brussels: Bruylant
2006, p. 99. See also his annotation to the Drr-nal judgment, published in JV 3 August
2005, no. 276, p. 926.
Action brought on 13 May 2005, C-209/05, OJ C171/10, 9.07.2005. The case was removed
from the ECJ register on 29 June 2006.

280

Chapter 9

the visa refusal. Secondly, the government did not grant the visa applicant the
same legal protection against this visa refusal as aorded to its own citizens in
administrative law procedures. The reaction of the Commission is noteworthy,
with regard to the claim by Austria that the refusal of legal remedies did not
harm the interests of the applicant because submitting a new application is a
quicker means of reaching ones goal than pursuing a legal remedy against the
decision. The Commission explicitly disagreed with this argument, stating that
submitting a renewed application entails the risk that the objectively incorrect
decision may simply be repeated. The Commission withdrew this claim once
Austria fullled its obligations under EU law. However, it would have been interesting to see how the ECJ would have dealt with the underlying questions. It is
not clear whether the Commission was actually thinking about the future registration of (positive and negative) visa decisions in the EU database, VIS. However,
it is precisely this point, the risk that wrongful decisions will be simply repeated,
which emphasises the importance of eective legal protection against decisions
registered in SIS, VIS or Eurodac.
2.3.2. Commission v. Spain
In the important judgment Commission v. Spain to which I already referred in
Chapters 3 and 4, the ECJ dealt explicitly with decisions based on the SIS.20
In this judgment, the ECJ declared that Spain infringed the right of free movement
of family members of EU citizens by refusing to issue a visa and allow the entry of
two nationals of a third country who are family members of European Union citizens solely on the basis of a SIS alert. The ECJ observed that their visa and entry
had been refused solely on the grounds that they were persons for whom alerts
were entered in SIS for the purposes of refusal of entry. By failing to give adequate
reasons for refusing a visa or allowing entry and without rst verifying whether the
presence of those persons constituted a genuine, present and suciently serious
threat aecting one of the fundamental interests of society, Spain did not full its
obligations under Articles 1 to 3 and 6 of the Council Directive 64/221.
During this case, the Spanish government argued that there was no obligation
for the Member States to consult the reporting State to check whether the entry
is compatible with EC law. The Spanish government referred to the Declaration
of 18 April 1996, in which the Contracting States accepted the principle that the
names of persons covered by Community law may be entered and kept in the
SIS only if that entry is compatible with Community law.21 Therefore, according
to the Spanish government, the existence of such an entry may reasonably be

20
21

C-503/03, Judgment of 31 January 2006, [2006] ECR I-1097.

Declaration of 18 April 1996, SCH/Com-ex, (96) decl. 5. Dealt with in section 4.4 of Chapter 3.

Eective Remedies under EC Immigration Law 281

regarded as evidence of a genuine and serious threat. This view was not shared by
the ECJ. The ECJ conrmed that the inclusion of an entry in the SIS in respect
of a third-country national who is the spouse of a EU national does indeed constitute evidence that there is a reason to justify refusing him entry into the
Schengen Area. However, according to the ECJ, such evidence must be corroborated by information enabling a Member State which consults the SIS to establish, before refusing entry into the Schengen Area, that the presence of the person
concerned in that area constitutes a genuine, present and suciently serious
threat aecting one of the fundamental interests of society. The ECJ explicitly
referred to Article 94 of the CISA which expressly authorises the reason for the
alert to be stated.22
Even if the Schengen acquis is based on the principle of genuine cooperation, the ECJ ruled that each State consulting the SIS should give due consideration to the information provided by the State which issued the alert. This also
implies that the latter should make supplementary information available to the
consulting State to enable it to gauge, in the specic case, the gravity of the
threat that the person for whom an alert has been issued is likely to represent.
The ECJ pointed out that exactly for this purpose the Schengen States had established the network of national SIRENE oces. It is important that the ECJ
explicitly refers to this existence of SIRENE oces and the duty of States to consult each other by using the SIRENE network. In the words of the ECJ: The
network of SIRENE Bureaux was set up specically to provide information to
national authorities faced with diculties in enforcing an alert. According to
Paragraph 2.2.1 of the SIRENE Manual, the system put in place must enable
requests for information made by the other contracting parties to be answered as
soon as possible, and the response must be given within 12 hours.23

3. Legal Remedies in Immigration and Asylum Law Based on Title IV TEC

The following sections will examine the main instruments which have been
adopted in the eld of immigration and asylum law based on Title IV TEC.
In this overview, which is given in chronological order, I will focus on the
provisions for legal remedies.24
22
23
24

See 53 of the judgment.

See 5658.
For more detailed analysis of the history and meaning of these instruments, I refer to Peers &
Rogers (2006), E. Guild, The Legal Elements of European identity. EU Citizenship and Migration
Law, The Hague: Kluwer Law International 2004, and the legislative overviews of S. Peers, Key
Legislative Developments on Migration in the European Union, EJML, no. 3, 2001, p. 231255,
and no. 5, 2003, p. 107141.

282

Chapter 9

3.1. Directive 2001/40/EC on Mutual Recognition of Expulsion Decisions

In Directive 2001/40/EC on mutual recognition of expulsion decisions, the implementation and scope of the content of the remedies are to a large extent left to
the scrutiny of the national legislator.25 The goal of this Directive, which was
based on an initiative of the French Presidency, is to facilitate the expulsion of
illegal or inadmissible immigrants present within the territory of the EU Member
States. The practical meaning of this instrument has been criticised, especially
because Member States may prefer not to use the procedures of this Directive in
order to nd out whether another Member State issued an expulsion order
against the person in question. It seems more likely that they will prefer their
own national mechanisms in order to be able to expel an immigrant more
swiftly.26 To meet the potential nancial barriers preventing the Member States
using this instrument, the Council adopted Decision 2004/191, setting out the
criteria and practical arrangements for the compensation of the nancial imbalances resulting from the application of Directive 2001/40.27 The implementation
of Directive 2001/40 is closely linked to the use of the Schengen Information
System, since it facilitates access to information about expulsion decisions of the
other Member States.
Article 4 of Directive 2001/40 provides that, Member States shall ensure that
third-country nationals may, in accordance with national law, bring proceedings
against any measure referred to in Article 1. This does not necessarily imply
access to a court, nor does the Directive provide for the suspensive eect of such
procedures. The Directive on mutual recognition of expulsion decisions does not
take into account the length of time someone has been legally resident in one of
the EU Member States: expulsion can be carried out immediately. This could in
practice lead to a situation which is in breach not only of Directive 2004/38, but
also of the Family Reunication Directive and the Directive on long-term
residents (see below).28 The Directive refers in its preamble and in Article 3 (2) to
the duty of Member States to respect human rights as protected in international
instruments, including the ECHR and the 1951 Convention on the Status of
Refugees. Despite these provisions there is a risk that the practical implementation
of the Directive will lead to an infringement of these rights because Member

25
26

27
28

OJ L 149/34, 2.6.2001, implementation date was 2 December 2002.

See K. Groenendijk, The Directive on mutual recognition of expulsion decisions: symbolic or
unbalanced politics?, in P. De Bruycker, The Emergence of a European Immigration Policy,
Bruylant: Brussels 2003, p. 447463.
OJ L 60, 27.2.2004.
See T. Eicke, Paradise Lost? Exclusion and Expulsion from the EU, in Groenendijk, Guild &
Minderhoud (2003), p. 167.

Eective Remedies under EC Immigration Law 283

States will rely on foreign expulsion decisions and their compatibility with
human rights standards.29
Interestingly, the legal procedure in the expelling state will have to deal with
the question of whether the criteria of Article 3 (1) apply: is the expulsion decision still in force and has it not been suspended? Furthermore, the national court
or authority involved will have to assess whether the national law of the issuing
state has been correctly applied. This means that the national court or authority
of the expelling state will have to rule on the legality of the decision of a court or
authority of the issuing state.
3.2. Directive 2001/55/EC on Minimum Standards for Temporary Protection
Council Directive 2001/55/EC of 20 July 2001 includes minimum standards for
providing temporary protection in the event of a mass inux of displaced persons.30
This Directive has its origins in the attempt by Member States to deal with
humanitarian crises outside the EU and with large numbers of persons seeking
asylum within the EU. By giving these persons temporary protection, Member
States tried to avoid overburdened refugee determination and asylum procedures.
The Directive seeks to harmonise the national programmes for temporary protection and to create a basis for nancial burden-sharing between Member States
with regard to the reception of these persons.31 On the basis of Article 29 of this
Directive, persons who have been excluded from the benet of temporary protection or family reunication by a Member State have the right to mount a
legal challenge in this Member State. The Directive does not include any further
rules or procedural guarantees for such remedies.
The Directive on temporary protection provides that persons enjoying temporary protection in a Member State must be able to apply for asylum any time in
that Member State (Article 17). The Directive does not include rules on the asylum procedure, nor on the availability of legal remedies against the refusal of
asylum, because the rules of the Directive on minimum standards for asylum
procedures will apply (see below section 3.7). Nor does the Directive include an
explicit right to legal remedies in the situation that a person is enforced to return
when his or her temporary protection has been ended. Article 22 (1) only provides that Member States must take the necessary measures to ensure that the
enforced return of persons whose temporary protection has ended and who are
not eligible for admission is conducted with due respect for human dignity.

29
30
31

See the legal analysis of Directive 2001/40 in Peers & Rogers (2006) p. 791.
OJ L 212, 7.8.2001. Implementation date for this Directive elapsed on 31 December 2002.
Whether this attempt has been successful is questionable: see Peers & Rogers (2006),
p. 453485.

284

Chapter 9

In the situation of enforced return, Member States must consider according to

Article 22 (2) any compelling humanitarian reasons which may make return
impossible or unreasonable in specic cases.
3.3. Directive 2003/9/EC on Minimum Standards for the
Reception of Asylum Seekers
The Directive 2003/9/EC setting forth minimum standards for the reception of asylum seekers of 27 January 2003 includes some important procedural safeguards
for individuals lodging an application for asylum in one of the Member States.32
These safeguards especially concern the duty of Member States to inform the
persons in question. Article 5 of the Directive obliges Member States to give asylum seekers written information on their obligations and rights. According to
Article 5 (1), Member States must inform asylum seekers, within a reasonable
time not exceeding fteen days after they have lodged their application for asylum with the competent authority, of at least any established benets and of the
obligations with which they must comply relating to reception conditions.
The provision in this Directive, according to which Member States must give
information on the availability of legal assistance, is important for the accessibility
of legal remedies. Article 5 (1) obliges Member States to ensure that applicants are
provided with information on organisations or groups of persons that provide specic legal assistance and organisations that might be able to help or inform them
concerning the available reception conditions, including health care. The information mentioned in Article 5 (1) must be given in writing and, as far as possible,
in a language that the applicants may reasonably be supposed to understand. Only
where appropriate, may this information also be supplied orally. This latter
exception runs the risk of being interpreted widely, however, as we have seen in the
previous Chapter it must respect the procedural guarantees as dened by the
ECtHR. Article 14 of the Directive also stipulates that legal advisors or counsellors
to asylum seekers and representatives of the United Nations High Commissioner
for Refugees or recognised non-governmental organisations shall be granted access
to accommodation centres and other housing facilities in order to assist the said
asylum seekers. Limits on such access may be imposed only on grounds relating to
the security of the centres and facilities and of the asylum seekers.
As with the other EC instruments on immigration and asylum dealt with in this
Chapter, the Directive does not include specic criteria with regard to the right to
legal remedies. Article 21 (1) of the Directive obliges Member States to ensure
that negative decisions relating to the granting of benets under this Directive or
decisions taken under Article 7 (decisions with regard to their residence and
32

OJ L31, 6.2.2003. Implementation date: 6 February 2005.

Eective Remedies under EC Immigration Law 285

freedom of movement, EB) which aect asylum seekers individually may be the
subject of an appeal within the procedures laid down in the national law.
According to the same provision, the Member States must at least in the last
instance grant the asylum seeker the right of appeal or review before a judicial
body. This means that the Member States must provide for a right to apply for
review or appeal in last instance, but may also provide for more levels of remedies. According to Article 21 (2), the national legislator must also provide for
procedures for access to legal assistance.
3.4. Directive 2003/109/EC on Long-Term Resident Third-Country Nationals
In 2003, the Council adopted Directive 2003/109/EC concerning the status of thirdcountry nationals who are long-term residents.33 This Directive dierentiates between
expulsion decisions and decisions concerning applications for long-term residence
permits. Article 20 (2) of this Directive provides that, with regard to the refusal of
long-term resident status, the withdrawal of a status or the refusal to renew a residence permit, the person should have the right to mount a legal challenge in the
Member State concerned. It is unclear what precisely is meant by legal challenge. The Member States adopting this text apparently wanted to maintain the
option of procedures other than judicial redress. They rejected the earlier proposal
by the Commission, which included an explicit right of access to courts.34 A later
draft of the Council of 2002 referred to the right to apply to the administrative
bodies and courts of the Member States concerned.35 This option was then
replaced by the much vaguer denition of the right mount a legal challenge.
Only with regard to expulsion decisions, the Directive on long-term residents
explicitly requires the availability of judicial remedies. According to Article 12 (4)
of the Directive, Member States should ensure that, in cases where an expulsion
decision has been adopted, a judicial redress procedure is available to the longterm resident in the Member State concerned. With regard to expulsion decisions,
Article 12 (5) explicitly provides for a right to legal aid for long-term residents
lacking adequate resources on the same terms as nationals of the Member State in
which they reside. The importance of reinforced protection of long-term residents
against expulsion is also conrmed in recital 16 of the preamble to this Directive.
Referring to the decisions of the ECtHR, this recital urges Member States to
provide for eective legal redress in order to ensure this protection.

33

34
35

OJ L 16/4453, 23.01.2004. This Directive was to be implemented by the Member States by 23

January 2006.
See Articles 11 (3) and 22 (2) of the Commission proposal COM (2001) 127, 13 March 2001.
Article 22 of the amended proposal of the draft Directive of 3 February 2003, Council doc.
5533/03. See also the draft of 4 June 2003, doc. 10009/03.

286

Chapter 9

An important development is the inclusion of Article 10 (1) in the Directive

on long-term residents, obliging national authorities to give reasons for any
decision rejecting an application for a residence permit. The decision should be
notied to the third-country national, in accordance with the notication procedures under the relevant national legislation. Article 10 (1) explicitly requires
that the notication should specify the possible redress procedures available and
the time limit for taking action.
3.5. Directive 2003/86/EC on the Right to Family Reunication
The negotiations on the aforementioned Directive on long-term residents took
place during almost the same period as the negotiations on Council Directive
2003/86/EC on the right to family reunication of 22 September 2003. It may
therefore be no coincidence that this latter Directive includes a similar vague
provision on legal remedies. According to Article 18 of the Directive on family
reunication, Member States should ensure that the sponsor and/or the members
of his/her family have the right to mount a legal challenge where an application
for family reunication is rejected or a residence permit is either not renewed or
is withdrawn or removal is ordered.36 Earlier drafts of the Directive on family
reunication included an explicit right for the applicant and family members to
apply to a national court against the rejection of a family reunication application, a withdrawal or refusal to renew a residence permit, or a removal order.37
A second proposal by the Commission, of 2002, also provided for the right of
the applicant and/or family members to have a de facto and de jure right to
apply to courts.38 On the basis of this latter proposal, national courts would
have the task not only of assessing the lawfulness of the administrative decision
but also of considering the factual circumstances within which the decision was
taken. According to Article 18 (2) of the Directive on family reunication, the
procedure and the competence according to which the right to appeal is to be
exercised is to be regulated by the Member States.
In its judgment in the case European Parliament v. Council, the ECJ, referring
to Article 18 of Directive 2003/86, stressed the role of national courts for the
interpretation of this Directive. The ECJ emphasised that the implementation of
36

37

38

OJ L 251/1218, 03.10.2003. The implementation deadline was 3 October 2005. The legality
of this Directive has been challenged by the European Parliament before the ECJ. See the judgment of the ECJ of 27 June 2006, in the case C-540/03, European Parliament v. the Council.
See further Chapter 10.
See Article 16 of the initial proposal by the Commission, COM (1999) 638 of 11 January
2000, OJ C 116 E/66, 26.4.2000 and Article 18 of the amended proposal COM (2002) 225,
Council doc. 10857/02, 9 August 2002.
See former draft of 9 August 2002, 10857/02.

Eective Remedies under EC Immigration Law 287

the Directive is subject to review by the national courts since, as provided in

Article 18 thereof, the Member States shall ensure that the sponsor and/or the
members of his/her family have the right to mount a legal challenge where an
application for family reunication is rejected or a residence permit is either not
renewed or is withdrawn or removal is ordered. According to the ECJ, if those
courts encounter diculties relating to the interpretation or validity of the
Directive, it is incumbent upon them to refer a question to the Court for a preliminary ruling in the circumstances set out in Articles 68 EC and 234 EC.39
The importance of preliminary proceedings and the role of national courts will
be dealt with further in Chapter 10.
As with the Directive on long-term residents, the Directive on family reunication obliges Member States to issue the decision in question in writing, stating that
this decision must include the reasons for rejection. According to Article 5 (4) of
the Directive on family reunication, this information should be submitted as soon
as possible but, in any event, no longer than nine months from the date the
application was lodged. Under exceptional circumstances, linked to the complexity
of the examination of the application this time limit may be extended.
3.6. Regulation 343/2003/EC (Dublin II)
Regulation 343/2003/EC of 18 February 2003 on the responsibility for the application for asylum in the EU Member States (Dublin II Regulation) provides criteria
for establishing which Member State is responsible for the examination of an
asylum application submitted in one of the Member States.40 The Dublin II
Regulation is based on the so-called single application principle, prohibiting a
person from applying for asylum in more than one country. Based on these criteria, Member States may decide not to examine an asylum application and to refer
the asylum applicant to the authorities of another Member State. According to
Article 19 (1) of this Regulation, when a requested Member State accepts responsibility for an applicant, the Member State in which the application for asylum
was lodged must notify the asylum applicant of its decision not to examine the
application. It will also inform the applicant that he or she will be transferred to
the responsible Member State.
Article 19 (2) of the Regulation states that the decision referred to in paragraph 1 must be motivated, setting out the grounds on which it is based. This
decision should also contain details of the time limit for carrying out the transfer.
If necessary, this decision should include information on the place and date of

39
40

C-540/03, 106.
OJ L 50/1, 25.02.2003.

288

Chapter 9

the applicants scheduled appearance, if he is travelling to the responsible Member

State under his own steam. According to the same Article 19 (2), the decision
not to examine an asylum application may be subject to an appeal or review. This
review or appeal does not automatically suspend the refuted decision. Only if
national law so provides, the competent court or bodies may decide to suspend
the implementation of the transfer on a case-by-case basis.
3.7. Directive 2005/85/EC on Minimum Standards for Asylum Procedures
Directive 2005/85/EC on minimum standards on procedures in Member States for
granting and withdrawing refugee status was adopted in December 2005.41 This
Directive is limited to the procedures with regard to the granting and withdrawing
of refugee status under the Geneva Convention on the status of refugees of 1951.
It does not apply to other instruments adopted with regard to the protection of
refugees, for example on subsidiary protection or temporary protection.
It includes basic principles and standards with regard to the asylum procedures
within the EU Member States.42
Article 39 (1) of this Directive explicitly stipulates that asylum applicants
have the right to an eective remedy before a court or tribunal. According to
Article 39 of this Directive, asylum seekers may exercise this right against
decisions taken regarding their asylum applications, refusals to re-open the examination or refusals to further examine their applications, or decisions on the
withdrawal of the refugee status. Decisions taken on asylum applications include
decisions on the inadmissibility of the application or with regard to refusals of
entry at borders or in transit zones where the person applied for asylum. Article
39 (2) obliges Member States to provide time-limits in their national laws,
together with other necessary rules for the applicant to exercise his or her right
to eective remedies, without specifying these safeguards further. According to
Article 39(4), Member States may lay down time limits for the court or tribunal
examining the decision of the determining authority.
Again, the text of the provision as nally adopted by the Council oers weaker
protection compared to earlier proposals by the Commission. These proposals
included an explicit right to eective remedies before a court and also made it
clear that this remedy should entail the possibility of an examination of both
41

42

Directive 2005/85/EC of 1 December 2005 OJ L 326/13, 13.12.2005, implementation date is

1 December 2007. See, for the original proposal of this Directive: COM (2000) 578, OJ C 62
E/231 and the amended proposal COM (2002) 326, OJ C 291 E/143. See, for the Council
negotiations: doc. 10279/02; 10235/03; 15198/03.
See, for a more extensive analysis of this Directive: H. Battjes, European Asylum Law and
International Law, Leiden/Boston: Nijho Publishers 2006, p. 289 ., and Peers & Rogers
(2006), p. 367452.

Eective Remedies under EC Immigration Law 289

facts and points of law.43 Furthermore, the initial proposals included the obligation to grant, under certain circumstances, suspensive eect to the appeal proceedings.44 The LIBE Committee of the European Parliament proposed that legal
remedies against a refusal of asylum should always have the eect of allowing the
applicant to remain in the Member State pending its outcome.45 According to
the LIBE Committee, the suspensive eect of asylum appeals would be a critical
safeguard, since many refugees are only recognised during the appeal process and
an erroneous determination in the rst instance would have serious consequences.
The current text of Article 39 (2) leaves it to the discretionary power of Member
States to decide whether and in which situations the asylum seeker is allowed to
remain on the territory of the Member State, pending the outcome of his or her
asylum procedure. The only condition formulated in Article 39 (2) is that these
rules should be in accordance with their international obligations.
With regard to decision-making, Article 38 (2) of the Directive on asylum
procedures states that the decision to withdraw refugee status should include the
reasons for this refusal and information about how to challenge this decision.
The decision and the information referred to should be given in writing.
3.8. Refusals at the Border
3.8.1. Regulation 562/2006/EC on the Rules Governing the Movement of
Persons at Borders (Schengen Borders Code)
Regulation 562/2006/EC on the Community Code governing the movement of persons at the borders (Schengen Borders Code) replaces the Schengen Common
Manual on Border Control.46 The Schengen Borders Code was adopted by a
decision of the Council on 21 February 2006. It includes rules on the measures
and powers of authorities controlling the movement of persons at the external
borders of the EU. The adopted text is entirely based on the proposal which was
agreed upon in spring 2005 by the European Parliament (EP), the Commission
and the Council on the basis of the co-decision procedure of Article 251 TEC.
Close coordination between the three institutions or the tripartite agreement
which was reached during negotiations on the Schengen Borders Code, made
it possible to adopt the Regulation during its rst reading in the Council.47

43
44
45
46

47

See Article 38 of proposal COM (2000) 578 and Article 38 of proposal COM (2002) 326.
Article 33 of proposal COM (2000) 578 and Article 39 (3) and (4) of proposal COM (2002) 326.
See the Report A6-0222/2005 of 29 June 2005, amendment 45.
Regulation 562/2006 of 15 March 2006, OJ L 105/1, 13.4.2006. Eective as from 13 October
2006. Hungary voted against and Slovenia abstained.
See, for the Commission proposal: COM (2004) 391, 26.05.2004. The report as adopted by
the European Parliament concerns A6-0188/2005, 13 June 2005.

290

Chapter 9

During these negotiations in 2005, the rapporteur of the EP, Mr. Cashman,
dropped some of his initial amendments which would have improved the legal
status of persons across EU borders. On the other hand, other proposals by MEP
Cashman extending the rights of individuals were accepted by the Council and
the Commission.
The right to remedies against refusals at borders is included in Article 13 of
the Regulation 562/2006. On the basis of Article 13 (2), a third-country
national who is refused entry based on the criteria of this Directive may only be
refused entry by a substantiated decision, stating the precise reasons for the
refusal. This decision must be taken by an authority empowered by national law
and shall take eect immediately. The decision should be given using a standard
form, as set out in Annex V, Part B, to the Regulation (to be examined in the
next section). This standard form must be handed to the third-country national
concerned, who must acknowledge receipt of the decision to refuse entry by
means of that form.
According to Article 13 (3) of the Regulation, persons refused entry shall have
the right to appeal in accordance with national law. For this purpose, third-country nationals should be given a written indication of contact points able to
provide information on legal representatives competent to act on behalf of a
third-country national. Considering the reluctance of Member States to place
persons seeking entry at their external borders in a very strong position, this right
to appeal, proposed on behalf of the EP, is a very important achievement which
survived the negotiations between the three EU institutions. A proposal to
include, in the Schengen Borders Code, a right to obtain nancial compensation
has however been deleted from the nal text.48 This proposal included the right
to nancial compensation for possible damage suered as a result of ill-founded
refusals. The EP further proposed adding the ability for Member States to suspend the entry into force of a refusal of entry if they consider it appropriate to do
so. This proposal was also rejected. Article 13 (3) now even states that initiating
an appeal process shall not suspend the decision to refuse entry.
3.8.2. The Inclusion of a Standard Refusal Form
By a Council Decision of 2004, a standard refusal form was included in the former
Common Manual on Border Control.49 This decision has been incorporated into
part B of the Schengen Borders Code of 2006, mentioned above. As from 1 June
2004, border guards are obliged to issue a refusal form to third-country nationals

48

49

Draft report, provisional version 2004/0127 (COD), 15.3.2005. This included a right to nancial compensation in the case of a wrongful decision.
Council Decision 2004/574/EC, OJ L261/36, 6.8.2004.

Eective Remedies under EC Immigration Law 291

refused entry at the borders. The decision on the standard refusal form is
important for two reasons. Firstly, the text of the standard refusal form explicitly
states that the third-country national may appeal against the refusal of entry as
provided for in national law Secondly, according to the refusal form, Member
States should substantiate the refusal decision and indicate references to national
legislation with regard to the available remedies. The refusal grounds are listed in
the standard refusal form from A to I. These grounds include, for example, the
lack of valid travel documents, visa or residence permits, the fact of carrying a
false or falsied visa or residence permits, public order and security grounds, as
well as registration in the European database, SIS, or a national database for the
purpose of refusal of entry. The limitative enumeration of refusal grounds makes
it clear to both the border authorities and the third-country national that a refusal
at the borders cannot be based on other grounds. This gives the person concerned a right to refute the reasons for refusal and subsequently to appeal against
this decision.
3.9. Proposal for a Directive on Returning Illegal Staying Third-Country Nationals
In September 2005, the European Commission published a proposal for a
Directive on returning illegally staying third-country nationals.50 Article 12 of this
proposal includes the right to an eective judicial remedy before a court or tribunal to appeal against or to seek review of a return decision and/or removal
order. According to this proposal, the remedy must either have suspensive eect
or include the right of the third-country national to apply for the suspension of
enforcement of the return decision or removal order. Furthermore, the proposal
includes the right to obtain legal advice, representation and, where necessary, linguistic assistance. In addition, the proposed Article 12 (3) provides that legal aid
shall be made available to those who lack sucient resources insofar as such aid
is necessary to ensure eective access to justice.
Taking into account the experiences with regard to the adoption of the other
instruments described above, the principles as included in this proposal will
probably be watered down during the negotiations in the Council legislation
process. The report on one of the rst discussions of the Council Working Party
dealing with this proposal supports this expectation.51 According to this report,
the Dutch delegation, supported by the delegations of Greece, Denmark, Italy
and Poland, has expressed the view that the Commission proposal grants thirdcountry nationals who are subject to return procedures excessive rights and
guarantees.
50
51

COM (2005) 391, 1.9.2005.

141814/05, 19 January 2006.

292

Chapter 9

3.10. Visas
3.10.1. Schengen Common Consular Instructions
The rules to be applied by EU consulates and embassies with regard to visa
applications have been laid down in the Schengen Common Consular Instructions
for diplomatic missions and consular posts of 14 December 1993.52 These instructions, as amended by a decision of the Executive Committee on 28 April 1999,
only became public when they were incorporated into the Schengen acquis. The
Instructions include procedural provisions with regard to the refusal of a visa
application at the consulates or embassies of the Schengen States. These provisions do not oblige Member States to provide for remedies against a visa refusal,
nor to motivate this decision. Exceptionally, if national law provides for the duty
to motivate a visa refusal, the Instructions require that this refusal refer to the
reasons for this refusal as listed in Article 15 in conjunction with 5 of the
Convention Implementing the Schengen Agreement (CISA).
In 2002, the EU Presidency forwarded a questionnaire to the Member States
in order to obtain information on the available visa procedures in the dierent
EU Member States, including the rules on notication, the grounds for visa
refusals and legal remedies.53 The object of this questionnaire was to establish
whether there was any need for harmonisation in this eld. The answers from the
Member States revealed many dierences in the applicable rules.54 According to
these answers, in some Member States a visa refusal should be in writing, in
other States not and in some Member States no reason is given at all. The answers
to the questionnaire further established that when a visa is refused on the basis of
a foreign SIS report based on Article 96 CISA, most of the Member States do not
inform the visa applicant as to which Member State reported this person to SIS.
With regard to the available remedies against visa refusals, two Member States
said they had no procedures at all for appealing against visa refusals.
3.10.2. Draft Community Code on Visas
In July 2006, the European Commission proposed a draft Regulation including a
Community Code on Visas which should replace the Schengen Common Consular
Instructions.55 Article 23 (3) of the draft proposal includes, for individuals whose

52

53
54
55

The Common Consular Instructions of 14 December 1993, amended and incorporated into
EU law, Council Decision 1999/435/EC, OJ L 176, 10.07.1999. See, for an amended version
OJ C 313, 16.12.2002 and OJ 2004 L 5/74.
See, for the answers, Council doc. 8929/02, VISA 69 COMIX 319 (21 May 2002).
R. Cholewinski (2005), p.258.
Draft proposal for a Regulation establishing a Community Code on Visas, COM (2006) 403,
19 July 2006.

Eective Remedies under EC Immigration Law 293

visa has been refused, the right to appeal. The rules on this appeal are, however,
still within the competence of the Member States. Contrary to the Schengen
rules, Article 23 (2) of the proposal states that the decision of the visa refusal
should state the precise reasons for the refusal, given using the standard form set
forth in the Annex to the proposal. This form should also be used when a visa is
refused at the border. The draft further stipulates that the applicants must receive
written information about the contact points able to provide information on
representatives competent to act on behalf of the applicants in accordance with
national law. The draft Regulation does not oblige Member States to provide for
legal remedies against a decision rejecting a request to extend a visa or a decision
annulling or revoking a visa.

4. Criteria for Eective Remedies in EC Immigration Law

4.1. Judicial or Non-Judicial Court?
4.1.1. Directive 2004/38
As we have seen above, Article 31 (1) of the new Directive 2004/38 explicitly
refers to the possibility of non-judicial remedies. According to this Article, the
person concerned should have access to judicial and, where appropriate, administrative redress procedures in the host member state to appeal against or seek
review of any decision taken against them on the grounds of public policy, public
security or health. This means that it allows Member States to provide for appeal
to administrative authorities as long this administrative redress procedure meets
the criteria of Article 31 (2) to (4). However, recital (26) of this Directive includes
a more explicit standard, stating that: In all events, judicial redress procedures
should be available to Union citizens and their family members who have been
refused leave to enter or reside in another Member State. The jurisprudence of
the ECJ on this Directive should be awaited to clarify the relationship between
this criterion in the consideration and the less stringent criteria of the text of the
Directive.
Articles 8 and 9 of the former Directive 64/221 did not require that individuals
who claim that their rights under this Directive have been breached to have
access to a judicial court. However, this Directive had already been adopted in
1964 when administrative courts were absent in most of the Member States.
Based on Article 8, Member States were obliged to provide the same legal remedies to persons falling within the scope of this Directive as those that are available
to their own nationals in respect of administrative decisions. If these administrative procedures included the access to courts, individuals protected by this
Directive should also have access to courts. In the absence of judicial proceedings,

294

Chapter 9

we have seen above that Member States should oer the procedural guarantees of
Article 9 of the Directive. The ECJ made it clear in its case law based on Article
9 that the available legal remedies should at least include two important safeguards: the court or tribunal must be independent and the court or authority
should have full competence.56
The provisions of Articles 30 and 31 of Directive 2004/38 are, unlike Directive
64/221, not explicitly based on the principle of non-discrimination compared to
nationals of the host Member States concerned. However, it is doubtful whether
this implies that Member States are no longer obliged to provide the same legal
remedies as those available to their own nationals to those falling within the
scope of this Directive. Such a limited interpretation seems contrary to the
inclusion of the non-discrimination principle in preamble 20 of the Directive.
4.1.2. EC Asylum and Immigration Law
In the asylum and immigration law instruments adopted under Title IV TEC,
the EC legislator explicitly granted Member States the choice of providing nonjudicial remedies. For example, the Directive on long-term residents, the
Directive on family reunication and the Directive on temporary protection only
refer to the availability of a right to mount a legal challenge in the Member State
concerned. According to these texts, the implementation of the right to remedies is left to the scrutiny of the national legislator. Likewise, it is not clear
whether a person should have access to a judicial court. With regard to expulsion
decisions only, the Directive on long-term residents explicitly requires the person
to be expelled to have the right to judicial redress against this decision. In Chapter
10, I will argue that, despite these vague norms, the national legislators are bound
by other, more stringent rules.
4.2. Accessibility
4.2.1. Directive 2004/38/EC
Compared with the former Directive 64/221, Article 30 of Directive 2004/38
puts more emphasis on procedural guarantees improving the accessibility to legal
remedies. Article 6 of Directive 64/221 obliged Member States to inform the
person concerned about the reasons of public order, security or health underlying the refuted decision. According to Article 7, the refusal to issue or renew a
residence permit or the expulsion decision should be communicated to the
person concerned. This information should include the time limit within which
the person concerned should leave the country. In its jurisprudence, the ECJ did
56

See Boeles (1997), p. 383384. He refers to the judgments in Adoui and Cornuaille, C-115 and
116/81 [1982] ECR 1710, and Pecastaing, C-98/79 [1980] ECR 691.

Eective Remedies under EC Immigration Law 295

not go into specic requirements regarding the accessibility of legal remedies;

however, the ECJ did stress the importance of accessible remedies and the duty
of Member States not to hamper this accessibility by placing procedural obligations upon the applicant. In the judgment in Adoui and Cornuaille, the ECJ
established on the basis of Directive 64/221 that the person concerned should be
informed of the grounds of public policy, public security or public health upon
which the decision taken in his case is based unless this is in conict with the
security of the state.57 According to this judgment, notication of the grounds
must be suciently detailed and precise to enable the person to defend his interests. Furthermore, the notication should be made in such a way as to enable the
person concerned to understand the content and eect of the decision. This
requirement has been codied in Article 30 Directive 2004/38.
According to Article 30 of this Directive, the persons concerned should be
notied in writing of any decision restricting their rights of entry or residence on
public policy, public security or public order grounds. Based on Article 30 (3),
this notication should specify the court or administrative authority with which
the person concerned may lodge an appeal and, where applicable, the time
allowed for the person to leave the territory of the Member State. Apart from
duly substantiated cases of urgency, the time allowed for leaving the territory
should not be less than one month from the date of notication.
Finally, it is useful to refer to the decision MRAX v. Belgium, in which the ECJ
ruled that Member States should not impede access to the minimum procedural
guarantees as laid down in Article 9 of former Directive 64/221, by applying
formal requirements. In this case, the ECJ concluded that these procedural guarantees would be rendered largely ineective if entitlement to them were excluded
in the absence of an identity document or visa or where one of those documents
has expired.58
4.2.2. EC Asylum and Immigration Law
Accessibility to legal procedures requires that individuals be informed of their
rights. With regard to the principle of informed decision-making, important
developments have taken place in EC law. According to the Directive 2003/109
on long-term residents, any decision rejecting an application for a residence permit has to be notied in writing to the third-country national. This decision
should specify the available redress procedures and the time limit for taking
action. The Directive 2003/86 on family reunication also obliges Member
States to ensure that negative decisions should be in writing and that these

57
58

C-115/81 and 116/81, Adoui and Cornuaille, [1982] ECR -1665, 13.
C-459/99 MRAX v. Belgian State [2002] ECR I-6591.

296

Chapter 9

decisions should include the reasons of rejection. As we have seen above, the
instruments adopted in the eld of asylum law also provide for informed decision-making, including the obligation to inform the person concerned of the
available remedies. Based on an amendment in 2004 to the Common Manual
applicable to border control, border ocials refusing a person entry at the border
are obliged to issue a standard refusal form which includes the obligation to
inform the person of the available remedies. The Schengen Borders Code of 2006
further requires that entry shall only be refused by a substantiated decision,
which should state the procedures for appeal.
4.3. Scope of Review
4.3.1. Directive 2004/38/EC
Article 31 (3) of Directive 2004/38 explicitly requires that the redress procedures
shall allow for an examination of the legality of the decision, as well as of the
facts and circumstances on which the proposed measure is based. The procedure
should further ensure that the decision is not disproportionate, particularly in
view of the requirements laid down in Article 28. This latter provision deals,
as we have seen above, with the decision to expel a person. This means that the
new Directive explicitly obliges Member States to provide for legal remedies in
which courts (or competent authorities) are able to examine the substance of the
case and to weigh the dierent interests at stake. With regard to EU citizens and
their family members, Article 28 (1) of the Directive obliges Member States to
take into account dierent considerations before reaching an expulsion decision.
This means that the new Directive explicitly obliges Member States to provide
for legal remedies in which courts (or competent authorities) are able to examine
the substance of the case and to weigh the dierent interests at stake with regard
to decisions regarding the expulsion of EU citizens and their family members.
These considerations include, for instance, how long the EU citizen has resided
in the other Member State, his or her age, state of health and his or her social and
cultural integration. The practical meaning of this provision very much depends
on how Member States will apply these criteria. In particular, the criterion of
social and cultural integration may lead to diverging policies in the individual
Member States.
As mentioned above, in its jurisprudence with regard to the Directive 64/221,
the ECJ made it clear that, in order to provide an eective remedy, the competent court or authority should be able to assess the substance of the refuted
decision by the national authorities. As far back as the Santillo case of 22 May
1980, dealing with the expulsion of an EU citizen by another Member State, the
ECJ held that a national court or authority should take into account the positive
developments and elimination of a real threat if, between the date of the decision

Eective Remedies under EC Immigration Law 297

to expel and the date of judicial scrutiny of that decision, a long period has
elapsed.59 This requirement was repeated in the Orfanopoulos case of 2004 in
which the ECJ emphasised the necessity for substantial scrutiny by the courts
during the judicial procedure.60 In this judgment, the ECJ declared that the
intervention on the part of the competent authority mentioned in Article 9(1)
of the former Directive 64/221 must make it possible for an exhaustive examination to be made of all the facts and circumstances, including the expediency of
the measure in question, before the decision is denitively adopted. According to
the ECJ, a balance should be struck between the legitimate interests of the
authorities and the special legal position of the person concerned taking into
account the fundamental character of the free movement of persons. Furthermore,
the ECJ held that national procedures would infringe the procedural guarantees
of Directive 64/221, if the courts would not consider facts which occurred after
the last government decision to expel the person concerned.
In Radiom and Shingara, the ECJ dealt with decisions by the UK authorities by
which two EU citizens, Radiom and Shingara, were refused entry on the basis of
public order and public security grounds.61 The rst applicant held both Irish and
Iranian nationalities, the second was a French national. The ECJ held that decisions prohibiting EU citizens from one Member State entering another Member
State derogate from the fundamental principle of freedom of movement. Therefore,
such a decision could not be of unlimited duration. Furthermore, the ECJ
conrmed that a Community national should be entitled to apply, under Articles
8 and 9 of Directive 64/221, to have his or her situation re-examined if he considers that the circumstances justifying the denial of his entry into the country no
longer exist. The duty of national courts to assess the compatibility of national
measures with EC law was rearmed in the Olazabal case.62 This case concerned
the territorial ban aecting a Spanish worker in France, who was suspected of having ties with the Spanish group ETA and, for this reason, convicted in Bilbao. In
this judgment, the ECJ considered whether this territorial ban was in breach of
EC law laying down the principle of free movement of workers. According to the
Court, the measure must be appropriate to secure the achievement of the objective goals which it pursues and must not go beyond what is necessary. In this case,
the ECJ made clear that it is for the national courts to determine whether the
measures taken in this case do in fact relate to individual conduct which constitutes

59
60

61
62

C-131/79.
Judgment of 29 April 2004, C-482/01 and C-493/01, 75 and 82. See also the associated
cases 115/81 and 116/81, Adoui and Cornuaille, [1982] ECR 1665, para.15.
Judgment of 17 June 1997, C-65 and C-111/95, see 4044.
26 November 2002, C-100/01, 4344.

298

Chapter 9

a genuine and suciently serious threat to public order or public security, and
whether they comply with the principle of proportionality.
In conclusion, based on the jurisprudence of the ECJ regarding Directive
64/221 and according to the new Directive 2004/38, national courts have the
explicit task of assessing the lawfulness and proportionality of the measures or
decisions at stake. In particular, with regard to the protection of family members
of EU citizens residing in or seeking access to a EU Member State, the ECJ
developed important criteria for balancing the dierent interests at stake.
4.3.2. EC Asylum and Immigration Law
The instruments of asylum and migration law adopted under Title IV TEC do
not include an explicit obligation for national courts to assess the substance of
the refuted administrative decisions or to balance the interests at stake. However,
these instruments do include substantial criteria for the decision-making of
national authorities with regard to the issue, renewal or withdrawal of residence
permits and with regard to decisions to expel a third-country national. When a
person asserts his or her right of appeal against any of the decisions referred to
above, the competent court or authority should assess whether the decision is
taken in accordance with the criteria of the instruments in question. Furthermore,
national courts or authorities should observe the protection of human rights as
protected in the ECHR, discussed in Chapter 8.
In the judgment European Parliament v. the Council, concerning Directive
2003/86 on family reunication, the ECJ made it clear that Member States are
bound to observe the principles as recognised in the EU Charter, including the
right to family life as protected in Article 7.63 The ECJ referred in this judgment to the fact that, in the second recital of the preamble to this Directive,
the EC legislator itself acknowledged the importance of the Charter. In the
preambles both to the Directive on family reunication and to the Directive
on long-term residents, the Member States acknowledged the obligation to
respect fundamental rights as protected in the ECHR and the Charter of
Fundamental Rights of the EU when adopting measures on the basis of these
directives.
Article 3 (2) of the Directive on mutual recognition of expulsion decisions
provides for an explicit obligation to respect human rights and fundamental
freedoms. National courts should therefore consider whether measures taken on
the basis of these instruments interfere with the human rights of the person
concerned.

63

Case C-540/03, European Parliament v. the Council (not yet reported but see information in
OJ C 190/1, 12.08.2006), 38 and 58.

Eective Remedies under EC Immigration Law 299

4.4. Competence of Court or Authority

4.4.1. Directive 2004/38/EC
Article 31 of the new Directive 2004/38 contains additional procedural safeguards
with regard to the right of access to judicial or administrative procedures against
any decision taken against them on the grounds of public policy, public security
or health. These safeguards include the ability of a national court to grant an
interim order to suspend enforcement of that decision. Apart from some exceptions, the person concerned may not be removed from the national territory
before the decision on the interim order has been taken.
Article 9 of Directive 64/221 provided for additional guarantees in the event
that national law does not oer judicial remedies or the legal remedy lacks suspensive eect. According to Article 9 (1), the relevant decision cannot be taken
before the applicant has obtained the opinion of a competent authority. In its
judgment in the Drr-nal case, the ECJ ruled that the procedural guarantees
set forth in Articles 8 and 9 of this Directive would preclude national law under
which appeals brought against a decision to expel have no automatic suspensive
eect and where there is no competent authority to review such decisions.64 The
ECJ made this conclusion with regard to the claim of the EU citizen in this case.
However, as we have seen above, in the same judgment the ECJ emphasised that
to ensure the eectiveness of their individual rights under the Association
Agreement, it is essential that Turkish workers be granted the same procedural
guarantees as those granted by Community law to EU nationals. This means,
according to the Court, that Member States must permit those migrant workers,
as well as their admitted family members to take advantage of the guarantees laid
down in Articles 8 and 9 of the Directive 64/221.65
4.4.2. EC Asylum and Immigration Law
The question of whether remedies are practically eective depends on the powers
of the national courts to order specic measures or to apply sanctions. The EC
instruments on asylum and immigration law described above do not explicitly
oblige national authorities to comply with the courts decisions in individual
cases. In general, most of the instruments discussed above do not include the
ability to order the suspension of national decisions or measures. If they do, the
applicable provisions are rather poorly formulated. Based on the Dublin II
Regulation and the Directive 2005/85 on minimum standards on asylum, procedures in which the national decision is reviewed according to the text of these

64
65

Drr-nal, 4857.
Drr-nal, 6768.

300

Chapter 9

instruments may have suspensive eect under certain circumstances, exclusively

in the eld of asylum law.
Here too, despite these vague norms or the lack of suspending procedures in
EC law, it follows from the case law described in Chapter 8 that, when human
rights are at stake, especially the right included in Article 3 ECHR, the national
procedures should provide essential safeguards for the person involved. This
includes the ability for national courts or competent authorities to prevent the
execution of measures causing irreparable or irreversible harm to human rights
or, if necessary, to order interim or suspensive measures.

5. Summary: Dierent Laws, Dierent Regimes?

In Community law, dierent legal regimes apply to dierent categories of persons. Not only someones nationality, but also his or her legal status of residence
determine the right to free movement, the right to work, the right to reside and
the access to social welfare, health care or education.66 Considering the instruments described above, this dierentiation in rights seems to be reected in the
applicable rules on legal remedies in EC immigration law. EU citizens, privileged
migrant workers and their family members gained a stronger position compared
to non EU citizens. The question of whether and when eective remedies are
necessary on the basis of EC law, depends on the applicable law and procedures,
the claim in question and the nationality of the individual concerned. When
examining the available provisions on eective remedies more closely, there can
be no mistake that these provisions do not oer the same standards as those
which apply to nationals of EU Member States, or their family members, based
on Directive 2004/38. This dierentiation in available remedies is visualised by
the matrix attached at the end of Part II. The matrices show, for each instrument
in question, including data protection law, which criteria regarding the right to
eective remedies apply with regard to (1) the requirement of judicial or nonjudicial remedies, (2) accessibility, (3) scope of review and (4) competence of the
courts or independent authorities involved.
However, two important developments are relevant in this eld of improving
the legal protection of third-country nationals residing within or seeking access
to the EU. A rst positive achievement is the explicit inclusion of a right to
appeal by the third-country national in the dierent instruments on immigration and asylum as adopted on the basis of Title IV TEC. Although these
provisions often lack precise and detailed procedural guarantees, the insertion of

66

See E. Guild, The Legal Framework: Who is Entitled to Move?, in Bigo & Guild (2005).

Eective Remedies under EC Immigration Law 301

the right to a legal remedy in these dierent elds of law can no longer be
overlooked by the national legislators of the EU Member States. A second
achievement is the obligation of informed decision-making in the dierent
instruments discussed above. The Schengen Borders Code, as well as other EC
instruments of asylum and immigration law stipulate that national authorities
should inform the person concerned in writing, providing him or her with the
reasons for the decision. Some provisions even require that this decision should
inform the person of the remedies which are available and of the applicable time
limits within which the appeal has to be lodged.
In conclusion, the EC instruments on immigration and asylum law do not
provide explicit guarantees with regard to scope of the available remedies and the
competences of the courts or independent authorities involved. Procedural and
substantial guarantees for the remedies at stake seem to be left to the scrutiny of
the national legislator. In the following Chapter, I will consider how the lack of
specic safeguards in EC immigration and asylum law relates to the general
principles of EU law on the right to eective remedies.

Chapter 10
Eective Remedies in the EU: A Matter
of Basic Principles
Individuals are [] entitled to eective judicial protection of the rights they derive
from the Community legal order, and the right to such protection is one of the general principles of law stemming from the constitutional traditions common to the
Member States. That right has also been enshrined in Articles 6 and 13 of the
European Convention for the Protection of Human Rights and Fundamental
Freedoms.1

1. Introduction
In Chapters 6 to 9, I described the legal framework with regard to the availability
of and criteria for eective remedies in the eld of data protection and immigration law. In this Chapter I will argue, on the basis of three basic principles of EU
law, that the national legislators are generally obliged to include in their immigration law procedures eective remedies for third-country nationals when
implementing EU or EC law. I will try to convey how this obligation goes beyond
the often vague and open norms included in data protection law and the instruments based on Title IV TEC described in Chapter 9. Finally, in section 6, I will
formulate minimum criteria for eective remedies which, in my view, can be
derived from the law described in this and the previous Chapters of Part II.

2. The First Principle: Incorporation of Human Rights in EU Law

Initially, cooperation within the framework of the European Community started
as a purely economic matter. The founding treaties of this cooperation did not
include references to the protection of human rights or the rule of law. However,

C-50/00, Unin de Pequeos Agricultores, [2002] ECR I-6677, 39. See also P. Boeles, Fair and
Eective Immigration Procedures in Europe?, EJML 7, 2005, p. 213218.

Evelien Brouwer, Digital Borders and Real Rights, pp. 303326.

2008 Koninklijke Brill NV. Printed in the Netherlands.

304

Chapter 10

based on both the jurisprudence of the ECJ and the amended texts of the EU
Treaties, there can no longer be any doubt that the contemporary EU is based on
the rule of law and respect for human rights, as protected in the European
Convention on Human Rights (ECHR).2 The emphasis on human rights and
the rule of law in the judgments of the ECJ is generally seen as an answer to the
concerns of Member States with regard to the protection of human rights within
the legal order of the Communities.3 Safeguarding human rights and the rule of
law is considered a prerequisite for the legitimacy of the European Union and the
loyalty of its Member States towards this legal framework.
The rst judgment in which the ECJ explicitly established that the implementation of Community law should respect fundamental human rights was the
Stauder v. City of Ulm case in 1969.4 In this judgment, the ECJ made its famous
reference to the meaning of human rights principles for EU law: Interpreted
this way the provision at issue contains nothing capable of prejudicing the fundamental human rights enshrined in the general principles of Community law
and protected by the Court. One year later, the ECJ repeated this general principle in the Internationale Handelsgesellschaft judgment.5 In this judgment, the
ECJ explicitly referred to the constitutional traditions of the Member States as
the inspiration for the protection of these rights. In the Nold II case of 1974, the
ECJ went further by stating that, apart from the constitutional traditions of the
Member States, international treaties for the protection of human rights should
also be used as guidelines for the interpretation of Community law by the ECJ.6
With this judgment, the ECJ conrmed the applicability of the ECHR within
the legal framework of the Communities.
With the Treaty of Maastricht of 1992, the binding role of human rights as
protected in the ECHR and the importance of constitutional traditions in the
Member States for EU law were explicitly recognised in the EU Treaty.7 The new
Article F (2), the current Article 6 (2), of this Treaty stated that The Union shall
respect fundamental rights, as guaranteed by the European Convention for the

4
5
6
7

T.C. Hartley, The foundations of European Community Law, Oxford: Oxford University Press
2003 (fth edition).
See, for a detailed analysis of the relationship between the EU and human rights: R. Lawson, Het
EVRM en de Europese Gemeenschappen, Europese Monograen no. 61, The Hague: Kluwer
1999, and Ph. Alston (ed.), The EU and Human Rights, Oxford: Oxford University Press 1999.
Judgment of 12 November 1969, C-29/69, Stauder, [1969] ECR 419.
Judgment of 17 December 1970, C-11/70, Internationale Handelsgesellschaft, [1970] ECR 1146.
Judgment of 14 May 1974, C-4/73, Nold II, [1974] ECR 507.
OJ C 191, 29.7.1992.

Eective Remedies in the EU: A Matter of Basic Principles

305

Protection of Human Rights and Fundamental Freedoms signed in Rome on

4 November 1950 and as they result from the constitutional traditions common
to the Member States, as general principles of Community law. The inclusion of
the rule of law and human rights as one of the requirements of EU membership
in the so-called Copenhagen criteria conrmed its importance as a founding
principle for the legal order of the EU.8 With the Amsterdam Treaty of 1997
entering into force on 1 May 1999, a new Article 6 (1) was added to the EU
Treaty which stated that, liberty, democracy, respect for human rights and fundamental freedoms, and the rule of law are the founding principles for the
Union and are principles which are common to the Member States.9 Finally,
with the adoption of the EU Charter of Fundamental Rights in 2000, the
European Council not only conrmed the importance of the ECHR for the legal
framework of the EU, but it also developed its own set of human rights.10
In its case law, the ECJ has dealt on various occasions with the human rights
protected in the ECHR. For example, the right to freedom of information played
a role in the judgments in Hoechst of 21 September 1989, the Grogan case of
4 October 1991 and ERT of 18 June 1991.11 As we have seen in Chapter 7, in
both the Lindqvist and sterreichischer Rundfunk judgments, the ECJ emphasised
the importance of protection of the fundamental right to privacy as protected in
Article 8 ECHR. In these judgments, the ECJ armed that this fundamental
right formed the basis for data protection rules included in the EC Directive
95/46 on the protection of personal data.12 With regard to immigration law procedures and the protection of freedom of movement, the ECJ applied the right to
family life as an important factor in assessing the lawfulness of the refuted decisions. In dierent judgments, the ECJ applied Article 8 ECHR to underline the
obligation for national authorities to take into account the right to family life
and to respect the principle of proportionality.13

8
9
10
11

12

13

European Council 2122 June 1993, SN 180/1/93 Rev. 1, OJ C 042, 15.2.1993.

OJ C 340, 10.11.1997.
Treaty of Nice, OJ C 80, 10.3.2001.
Cases C-46/87 and C-227/88, Hoechst, [1989] ECR 2859, C-159/90, Grogan, [1991] ECR
I-4685 and C-260/89, ERT, [1991] ECR I-2925.
Cases C-101/01, Lindqvist, [2003] ECR I-12971 and C-456/00, sterreichischer Rundfunk,
[2003] ECR I-4989.
See, for example, Carpenter, [2002] ECR I-6279, Akrich, [2003] ECR I-9607 and Orfanopoulos,
C-482/01 and C-493/01 (joined cases) [2004] ECR I-5257. See also the judgment European
Parliament v. Council, C-540/03 [2006] ECR I-5769, in which the ECJ explicitly refers to
preamble 2 to this Directive.

306

Chapter 10

3. The Second Principle: Eective Remedies to Secure

Rights Conferred by EU Law
3.1. The Johnston Principle
The second principle refers to the general principle of EU law that, in order to
safeguard the rights protected by Community law or EU law, individuals should
be able to invoke these rights before national courts and authorities. The ECJ
formulated this principle explicitly in the Johnston judgment of 1986.14 This case
dealt with a challenge by a female police ocer against the decision of the
Northern Ireland police force not to renew her employment contract. This decision was based on a temporary policy excluding women from certain operations
requiring police ocers to carry rearms. Mrs. Johnston claimed that the decision violated her rights under EC Directive 76/207 regarding the equal treatment of men and women in employment relations. The preliminary question,
forwarded by the national court to the ECJ, concerned the scope of the judicial
remedies provided for in Article 6 of this Directive 76/207.15 According to the
ECJ, this right means that Member States should take measures which are suciently eective to achieve the aim of this directive and that the rights thus conferred may be eectively relied upon before the national courts by the person
concerned.16 With regard to this case, the ECJ concluded that the applicable
national procedure prevented Mrs. Johnston from challenging the refuted decision and therefore did not meet the criteria of Article 6 of this Directive. Of general importance is the conclusion in this judgment that, Community law
requires eective judicial scrutiny of the decisions of national authorities taken
pursuant to the applicable provisions of Community law. According to the ECJ,
this reects a general principle of law underlying the constitutional traditions
common to the Member States, which is also laid down in Articles 6 and 13 of
the ECHR.17 It should be emphasised that, in this judgment, the ECJ refers to
Articles 6 and 13 ECHR to support the general principle of providing eective
remedies to protect Community rights. This is to be distinguished from the
principle discussed in the previous section, which refers to the binding role of

14

15

16
17

C-222/84 Johnston [1986] ECR 1651, 18. See also C-294/83, Les Verts v. European Parliament,
[1986] ECR 1339, 23.
Article 6 reads: Member States shall introduce into their national legal systems such measures
as are necessary to enable all persons who consider themselves wronged by failure to apply to
them the principle of equal treatment within the meaning of Articles 3, 4 and 5 to pursue their
claims by judicial process after possible recourse to other competent authorities.
Johnston, 17.
Johnston, 18.

Eective Remedies in the EU: A Matter of Basic Principles

307

the ECHR, including Articles 6 and 13, within the legal system of the EU and
its Member States.
In its Heylens judgment, the ECJ applied the principle of eective remedies
directly to the right to freedom of movement of workers.18 The Heylens case concerned the refusal of the French authorities to recognise the foreign diploma of a
Belgian football trainer, which prevented him from working for a French football
club. According to the ECJ, the existence of a remedy of a judicial nature against
any decision of a national authority refusing the benet of the right to free access
to employment is essential in order to secure for the individual eective protection for his right. Recalling its earlier conclusion in the Johnston case that this
requirement reects a general principle of Community law, the ECJ conrmed
that this would be a fundamental right which the Treaty conferred individually
on each migrant worker in the Community. In the Heylens judgment, the ECJ
also conrmed the obligation for national authorities to state the reasons for
national decisions aecting the fundamental rights of individuals conferred by
the EC Treaty.19 This latter requirement is repeated in later judgments.20
3.2. Applying the Johnston Principle to EC Immigration Law:
The Panayotova Case
In the Panayotova judgment of 16 November 2004, the ECJ made it clear that
the general principle of eective remedies in relation to Community rights also
applies to immigration law procedures. This case concerned the Dutch immigration law system in which the granting of a residence permit is made dependent
on a long-term visa to be obtained before the person concerned enters the Dutch
territory (known as the mvv-vereiste).21 The question arose of whether this
Dutch requirement could be invoked against the applicants, who were Bulgarian
nationals, enjoying special protection under the Association Agreement between
the EC and Bulgaria of 1994. The ECJ concluded that in principle the Association
Agreements (including the Agreements with Poland and Slovakia) did not preclude a system of prior control on the issue of a residence permit. However, this
would depend on whether the procedural rules governing the issuing of such a
temporary residence permit would not make the exercise of the rights conferred
by the Association Agreements impossible or excessively dicult. Referring to its

18
19
20

21

Judgment of 15 October 1987, C-222/86, Unectef v. Heylens, [1987] ECR 4097.

See 14 to 17.
C-70/95, Sodemare, [1997] ECR I-3395, 19. See M. Dougan, National Remedies Before the
Court of Justice. Issues of Harmonisation and Dierentiation, Oxford and Portland, Oregon: Hart
Publishing 2004, p. 11.
C-327/02, Panayotova.

308

Chapter 10

earlier ruling in the Johnston case, the ECJ added the more general consideration
that, Community law requires eective judicial scrutiny of the decisions of
national authorities taken pursuant to the applicable provisions of Community
law.22 In this Panayotova judgment, the ECJ further stated that the scheme
applicable to such long-term visas must be based on a procedural system which
is easily accessible and capable of ensuring that the persons concerned will have
their applications dealt with objectively and within reasonable time, and refusals
to grant a permit must be capable of being challenged in judicial or quasi-judicial
proceedings.
It is important to stress that, in its earlier judgments in the Drr-nal and
Cetinkaya cases, described in Chapter 9, the ECJ derived the right to legal remedies from the principle of freedom of movement and the principle of equality.
On the basis of these principles, Member States are obliged to grant Turkish
migrant workers the same procedural guarantees as those granted to EU citizens
by the former Directive 64/221. The importance of the Panayotova case lies in
the fact that in this judgment the right to accessible and eective remedies is
directly based on the constitutional principles of EU law, including the rights of
the ECHR.23 The ECJ extended the scope of this general right to individuals
who claim to have rights under EC law.
3.3. Article 47 of the EU Charter
In 2000, the European Council adopted the EU Charter of Fundamental
Rights.24 This Charter provides, in Article 47, for a general right to eective judicial remedies, which incorporates the jurisprudence of the ECJ described above.
Article 47 states:
1. Everyone whose rights and freedoms guaranteed by the law of the Union are
violated has the right to an eective remedy before a tribunal in compliance
with the conditions laid down in this Article.
2. Everyone is entitled to a fair and public hearing within a reasonable time by
an independent and impartial tribunal previously established by law. Everyone
shall have the ability of being advised, defended and represented.
3. Legal aid shall be made available to those who lack sucient resources insofar
as such is necessary to ensure eective access to justice.
Article 47 is important because it combines the criteria of Article 6 and Article 13
ECHR. As we have seen in the previous Chapter, in the Maaouia judgment
22
23
24

Panayotova 27.
Compare 6465 of the Drr-nal judgment and 27 of the Panayotova case.
OJ C 310, 16.12.2004.

Eective Remedies in the EU: A Matter of Basic Principles

309

of 2001 the ECtHR explicitly refused to apply Article 6 ECHR to immigration

law procedures. The explanatory memorandum to Article 47 now states that, in
Community law, the right to a fair hearing is not conned to disputes relating to
civil law rights and obligations. This wide interpretation is justied by the consequence that the Community is a community based on the rule of law as stated
by the ECJ in Les Verts v. European Parliament in 1986.25 Furthermore, the
explanatory memorandum conrms what was concluded in earlier judgments of
the ECJ, namely that the implementation of the right to eective remedies should
be in accordance with the criteria developed by the ECtHR on Article 13 ECHR.26
Article 47 thus not only broadens the scope of applicability of Article 6 ECHR
within the scope of the TEC, since it is not restricted to civil and criminal
law cases, but also incorporates the more explicit criteria of Article 13 ECHR.27
This means that the criteria developed by the Strasbourg Court on the basis of
Article 13 apply equally to national procedures in which national authorities
have applied or should have applied community law.
The inclusion of the right to eective remedies as a human right is important
because it includes the right of possible advice, defence or representation for the
person concerned. Furthermore, on the basis of Article 47 (3), legal aid should
be made available to those who lack sucient resources, when this is necessary
to ensure eective access to justice.
The EU Charter on Fundamental Rights was meant to achieve direct legal
eect within the EU Member States with the entry into force of the EU
Constitutional Treaty. Since the negative results of the referenda in France and
the Netherlands in 2005, the future of this Constitutional Treaty has become
uncertain. However, this uncertainty about the Constitutional Treaty is unlikely
to aect the meaning of the Charter or its Article 47. In the rst place, it is not
expected that, when redrafting the Constitutional Treaty, the EU Member States
will amend the text of the Charter that had already been adopted several years
before the adoption of the Constitutional Treaty. As we have seen above, the content of Article 47 was based on the jurisprudence of the ECJ and can therefore
already be regarded as codication of existing EU law. Secondly, the EU Charter
has already achieved a certain status within EU law regardless of whether or not
it will be inserted in the Constitutional Treaty. Aside from the references to this
Charter made in the literature and by the Advocate General in opinions before

25
26

27

C-294/83, Les Verts, [1986] ECR 1339.

As in the abovementioned Johnston case C-222/84, see also C-459/99, MRAX v. Belgium, [2002]
ECR I-6591 and C-50/00, Unin de Pequeos Agricultores, [2002] ECR I-6677.
S. Peers, Immigration, Asylum and the European Union Charter of Fundamental Rights, EJML 3,
2001, p. 141169.

310

Chapter 10

the ECJ28, the Charter is quoted in judgments of the Court of First Instance
(CFI) and the ECJ.29 In the judgments of the CFI, this Court not only referred
to the earlier jurisprudence of the ECJ with regard to the right to eective remedy as a general principle of Community law, but also to Article 47 of the EU
Charter. In June 2005, the LIBE Committee of the European Parliament referred
to Article 47 of the EU Charter to support its proposal to include the suspensive
eect of the proceedings in the draft Directive on minimum standards in asylum
procedures.30
In its judgment European Parliament v. the Council dealing with the Family
Reunication Directive 2003/86, the ECJ ruled that Member States are bound
to observe the principles which are recognised in the EU Charter, including the
right to family life of Article 7.31 The ECJ explicitly referred to the second recital
of the preamble to the Family Reunication Directive, where the EC legislator
itself acknowledged the importance of the EU Charter of Fundamental Rights.
In this judgment, the ECJ also emphasised that the Charter is to be regarded as
the codication of general principles of EU law and the constitutional traditions
of the Member States.32
After lengthy debates to overcome the institutional impasse of the EU caused
by the outcome of the referenda in France and the Netherlands, the EU head of
states nally decided at their summit of June 2007 that the Constitutional Treaty
would be replaced by a Reform Treaty.33 This Treaty, to be adopted at the end
of 2007, will amend the current EC and EU Treaties. In its conclusions, the
European Council decided that Article 1 of the EU Treaty will contain a cross
reference to the Charter on Fundamental Rights giving it legal binding value and
setting out the scope of its application.
3.4. Relationship Between the General Principle and Secondary EC Legislation
The principle that the enjoyment of Community rights requires Member States to
provide for eective judicial scrutiny of decisions aecting those rights is important
for the assessment of the national implementation of the EC immigration and
asylum law. The mere availability of legal remedies will not be sucient to meet
28

29

30

31
32
33

See the opinion of AG Kokott in C-503/03, Commission v. Spain, 42 and of AG Ruiz-Jarabo

Comer, C-176/03, 68.
T-177/01, Jgo-Qur, [2002] 41 and 42, ECR II-2365 and T-116/01, P&O European Ferries
v. European Commission, 209 [2003] ECR II-2957. See for references by the ECJ: C-540/03,
European Parliament v. the Council, dealt with below, and C-432/05, Unibet, in 37.
Amendment 45 in the Report Kreissl-Drer, A6-0222/2005, 29 June 2005. As we saw in
Chapter 9, this Directive 2005/85 was adopted in December 2005.
C-540/03, European Parliament v. the Council, 38 and 58 [2006] ECR I-5769.
C-540/03 38.
See for the text of the Presidency conclusions of 21/22 June 2007, 11177/07, 23 June 2007.

Eective Remedies in the EU: A Matter of Basic Principles

311

the criteria set by the ECJ and included in Article 47 of the EU draft Constitution.
The general principle of and criteria for eective remedies will overrule the
provisions in specic EC instruments if these latter instruments oer less protection to the individual concerned. This was claried by the ECJ in the Siples judgment of 2001. This case concerned the interpretation of Article 243 of the
Community Customs Code (Regulation 2913/92).34 This provision conferred the
power to suspend implementation of contested decisions made by national customs authorities exclusively upon the national customs authorities; national courts
did not have the power to grant interim relief. The ECJ concluded that these
weaker provisions in the EC Customs Code should be interpreted in accordance
with the more general principle of legal protection. In its judgment, the ECJ
explicitly stated that the provision in the Community Code cannot limit the
right to eective judicial protection. According to the ECJ, a court asked to
decide on a dispute governed by Community law must be in a position to grant
interim relief in order to ensure the full eectiveness of the judgment to be passed
on the existence of the rights claimed under Community law.
At this point it also important to refer to the judgment in the case Kbler v.
Austria, in which the ECJ conrmed that Member States are obliged to make
good damage caused to individuals by infringements of Community law for which
they are responsible.35 According to the ECJ, this principle also applies where the
alleged infringement stems from a decision of a court adjudicating at last instance
where the rule of Community law infringed is intended to confer rights on individuals, the breach is suciently serious and there is a direct causal link between
that breach and the loss or damage sustained by the injured parties.36 In this judgment, the ECJ declared that it is up to the legal system of each Member State to
designate the court competent to determine disputes relating to that reparation.

4. The Third Principle: Eective Judicial Remedies to Ensure

a Uniform and Clear Interpretation of EC Law
4.1. Preliminary Proceedings: The Responsibility
of National Judges and Legislators
On the basis of Article 234 TEC, the ECJ has jurisdiction to give a preliminary
ruling on the interpretation of the Treaty and on the validity and interpretation
of Community acts. National courts may ask the ECJ to give such a preliminary
ruling if they consider this necessary for their own judgments. National courts

34
35
36

C-226/99, Siples Srl., [2001] ECR I-0277, see 1719.

C-224/01, Kbler, [2003] ECR I-10239.
C-224/01 59.

312

Chapter 10

against whose decisions no judicial remedy is possible, should in this case, based
on Article 234 (2), always forward a preliminary request to the ECJ if such a
question is raised. Article 68 (1) TEC, which applies to the instruments adopted
under Title IV TEC, provides that a court against whose decision no judicial
remedy is possible is obliged to forward a preliminary question to the ECJ when
it considers this necessary for the judicial sentence in the case concerned.
This system of preliminary references guarantees a clear and coherent interpretation of Community law. On the one hand, this system requires the ECJ to
analyse the legal problems under Community law submitted by national courts
and to provide a generally applicable interpretation. On the other hand, it places
an obligation on national courts to ensure that when an issue of Community law
is at stake and needs to be claried, this issue is to be forwarded to the Community
Court. For national courts, this principle of eectiveness means a duty to ensure
full application and uniform interpretation of Community law and to eliminate
the unlawful consequences of a breach of Community law either directly or by
ensuring eective compensation for the damage resulting from it.37
The legal system as envisaged in Article 234 also implies the duty of Member
States to establish a system of legal remedies and procedures which ensures
respect for the right to eective judicial protection. In the judgment in Unin de
Pequeos Agricultores (25 July 2002), the ECJ explicitly ruled that the communitarian system of judicial review, in which national courts can or should refer a
preliminary question to the ECJ regarding the validity of acts of the institutions,
requires Member States to provide for legal remedies and procedures.38 Referring
to the provisions in Article 173 (now Article 230 TEC) and Article 184 (now
Article 241 EC) on the one hand, and Article 177 (now Article 234 TEC) on
the other hand, the ECJ reasoned that the Treaty has established a complete
system of legal remedies and procedures designed to ensure judicial review of
the legality of acts of the institutions and has entrusted such review to the
Community Courts. This obligation upon both national courts and authorities
to ensure that this system of legal remedies described by the ECJ works can also
be based on the principle of cooperation provided for in Article 10 TEC
(formerly Article 5).39 According to Article 10 TEC, Member States should take
all appropriate measures to ensure fullment of the obligations arising from the
Treaty or resulting from action taken by the institutions of the Community and
to facilitate the achievement of the Communitys tasks.
37

38
39

John Temple Lang, The Principle of Eective Protection of Community Law Rights, in: David
OKeee, Judicial Review in European Union Law, The Hague: Kluwer Law International 2000,
p. 235.
C-50/00, Unin de Pequeos Agricultores, [2002] ECR I-6677.
C-213/89, Factortame and Others, [1990] ECR I-2433, 19.

Eective Remedies in the EU: A Matter of Basic Principles

313

The judgment in Unin de Pequeos Agricultores has led to the proposal of

a new provision in Article I-29 of the draft Constitutional Treaty on the tasks
and organisation of the Court of Justice. This provision, if inserted in the new
Reform Treaty, is important because it links the competence of national courts
to forward preliminary questions to the ECJ with the obligation of Member
States to provide judicial remedies. Whereas the rst sentence of Article I-29 (1)
describes the general task of the ECJ to ensure that in the interpretation and the
application of the Constitution the law is observed, the second sentence requires
Member States to provide rights of appeal sucient to ensure eective legal
protection in the eld of Union law.
This obligation upon Member States to provide eective remedies to safeguard
the mechanism of preliminary references has been explicitly acknowledged in the
recitals of the Directive 2005/85 on minimum standards on asylum procedures.40
Recital 27 of the Directive states: It reects a basic principle of Community law
that the decisions taken on an application for asylum and on the withdrawal of
refugee status are subject to an eective remedy before a court or tribunal within
the meaning of Article 234 of the Treaty. The eectiveness of the remedy, also
with regard to the examination of the relevant facts, depends on the administrative and judicial system of each Member State as a whole. The reasoning of
this recital is not limited to asylum procedures. Since this principle of eective
judicial remedies codies an essential element of the EU legal system conrmed
in the case law of the ECJ, it also applies to procedures concerning the rights and
obligations in other instruments adopted under Title IV TEC.
4.2. Criteria of National Courts Which Fall within the Meaning
of Article 234 TEC
In a series of judgments in which it had to deal with the question of the admissibility of a preliminary request from a national authority, the ECJ applied
a number of factors in assessing whether the national authority had to be considered a court or tribunal within the meaning of Article 234 (formerly 177
TEC).41 These factors provide a minimum set of criteria for what the ECJ considers an authority or body which is able to oer the eective judicial review as
required in the EU legal system described above. These factors include:
the authority or body should be established by law;
the independence of the authority or body;

40
41

OJ L 326/13, 13.12.2005.
See, for example, C-195/98, sterreichischer Gewerkschaftbund, [2000] ECR I-10497, C-54/96,
Dorsch Consult, [1997] ECR I-4961, and C-407/98, Abrahamsson, [2000] ECR I-5539.

314

Chapter 10

the permanence of the authority or body;

compulsory jurisdiction;
adversarial proceedings (inter partes); and
the application of the rule of law.

The reference to court or tribunal in Article 234 TEC does not imply that
only judicial courts meet the aforementioned criteria. For example, in the case
of Jia v. Migrationsverket, the ECJ dealt with the preliminary request from
the Swedish immigration board, referring to this authority as referring court.42
In his opinion to this case, Advocate General Geelhoed explicitly armed the
competence to refer preliminary questions from the Swedish Utlnningsnmnden
on the basis of the consideration that this is an administrative body with quasijudicial powers, hearing appeals from decisions taken by the Swedish immigration board (Migrationsverket).43 On the other hand, in Commission v. Austria,
where the refuted decision by the Austrian authorities was only reviewed by an
independent advisory board of experts, the ECJ concluded that the criteria
of Article 234 were not met because this board lacked true decision-making
powers.44
In various judgments, the ECJ has held that national courts should be able to
suspend the refuted national measure when the legality of this measure is challenged through preliminary proceedings: The coherence of the system of interim
legal protection requires that national courts should also be able to order suspension of enforcement of a national administrative measure based on a Community
Regulation, the legality of which is contested.45
In my view, the above criteria for court or tribunals within the meaning
of Article 234 TEC must be applied with regard to the question of whether an
individual has access to eective remedies.

5. Towards Minimum Standards for Eective Remedies

5.1. Eective Remedies, Databases and Third-Country Nationals
What is the practical meaning of the aforementioned principles for our subject, the
Schengen Information System and other EU databases such as VIS and Eurodac?
Which principles and criteria apply with regard to the rights of third-country

42

43
44
45

C-1/05, 9 January 2007, 25. Published in Jurisprudentie Vreemdelingenrecht 2007/31, annotation

P. Boeles.
Opinion of 27 April 2006.
C-424/99, [2001] ECR I-9285.
C-143/88, Zuckerfabrik, [1991] ECR I-415. See also Dougan (2004) p. 321.

Eective Remedies in the EU: A Matter of Basic Principles

315

nationals registered in these databases and against whom decisions or measures are
taken on the basis of the stored information? To answer these questions, I recall the
dierent decisions at stake. For this purpose, I have made a distinction between
so-called data protection law decisions and immigration law decisions. Data protection law decisions deal with the collection, storage and processing of data, or the
refusal of the right of access, correction, or deletion. Immigration law decisions
include, on the one hand, immigration law decisions which result in reporting
a third-country national in a database, for example decisions to declare a person
inadmissible or expulsion decisions. On the other hand, they include decisions
based on these registrations such as the refusal of entry on the basis of a SIS alert.
As we have seen above, the applicable rules of data protection law and the EC
immigration and asylum law instruments provide rather open norms with
regard to the right to legal remedies, including the right to mount a legal challenge or the right to bring an action before court or authority. In this Chapter,
I tried to establish that such norms should not be considered an empty box,
but must be implemented in accordance with the general principles of EU law.
The rst of these principles is based on the incorporation of human rights and, in
particular, the ECHR within the legal framework of the EU. The standards
developed by the ECtHR on the right to eective legal remedies, which have
been incorporated in Article 47 of the draft Constitutional Treaty, apply to the
implementation of EC immigration and asylum law whenever human rights
are at stake. Secondly, we have seen that in its case law, the ECJ explicitly linked
the right to judicial protection to the principle that individuals should be able to
enforce their rights of Community law. To recall the conclusion of the ECJ in
the Panayotova case, Member States should therefore provide for eective
judicial scrutiny of the decisions of national authorities taken pursuant to the
applicable provisions of Community law. Thirdly, the ECJ associated the legal
system of the Community, including the system of preliminary references, with
the need for eective judicial procedures in order to enable both national courts
and the ECJ to guarantee a coherent and clear interpretation of Community law.
The criteria developed on the basis of these general principles go much further
than the rules adopted in the dierent instruments at stake. National legislators
should take these criteria into account, not the vague wordings in the Title IV
instruments, when implementing EC law or adopting new measures.
5.2. Criteria for Eective Remedies
5.2.1. Judicial or Non-Judicial Authority?
In its case law with regard to Article 8 ECHR, the right to private life, the ECtHR
ruled that judicial review aords the best guarantees of independence, impartiality
and a proper procedure. However, looking at the jurisprudence more generally,
the ECtHR has held that an independent countervailing mechanism other than

316

Chapter 10

a judicial court is acceptable, as long as these institutions oer eective and

adequate remedies for the person concerned. In some cases, the ECtHR even
concluded that the judicial court in question did not provide an eective remedy
because it was not able to assess the full content of the decision or the national
authorities were not obliged to await its decision before executing a deportation
order. Therefore, the distinction between judicial and non-judicial remedies does
not really seem to be the issue. What matters is that both the ECtHR and the
ECJ require legal remedies whose scope and eects are equal to the protection of
judicial remedies. Aside from the criteria described in the next sections, the following minimum standards conrmed in the case law of the ECJ with regard to
Article 234 TEC apply:
a.
b.
c.
d.

impartial tribunal previously established by law;

permanent institution;
established by law;
independent from the national authority taking the decision or measure.

5.2.2. Accessibility
The jurisprudence of both the ECtHR and the ECJ is clear with regard to the
criterion of the accessibility of legal remedies. If a national decision or measure
interferes or is at risk of interfering with the rights protected in the ECHR or in
the EU immigration and asylum law, the person concerned should be informed
of his or her rights to lodge an appeal. In the eld of data protection law, the general standard is that the data subject should be informed of the fact and purpose
of data processing and that he or she also has the right to apply for access, correction or deletion of his or her data. These rights, included in EC Directive 95/46,
may however be limited on dierent grounds. In addition, with regard to the
protection of the right to private life, included in Article 8 ECHR, the ECtHR
accepted that, under specic circumstances, persons must not be informed of
surveillance measures. Only once the use of secret surveillance measures is suspended should the authorities notify the person concerned, so as to enable him
to seek eective remedies before the courts. Considering the general principles of
EU law dealt with above, one could formulate the following four criteria:
a. written and informed decision-making including information on the reasons
for the decision, the authority which issued the decision and on the available
remedies and the time limits to be applied;
b. legal remedies should be available within a reasonable time;
c. fair and public hearing;
d. ability to be advised, defended and represented, including legal aid for those
who otherwise would have no sucient means of nding access to legal
remedies.

Eective Remedies in the EU: A Matter of Basic Principles

317

These criteria should be seen against the background of the important consideration
of the ECJ in the Panayotova case, according to which Member States must not
establish procedural thresholds impeding the accessibility of eective remedies.
5.2.3. Scope of Review
National courts or independent authorities should be able to make a substantial
review of both legal and factual issues. In data protection law, this concerns the
question of whether the administrative authorities acted in conformity with the
following principles: the purpose limitation principle; the applicable time limits;
the limitation of use and disclosure of information, etc. At rst sight, these principles do not seem to include substantial norms. However, they oblige the data
processing authority to satisfy these norms, for example, the purpose of data
processing, for how long the data will be processed and which authorities may
have access to the information. Based on these rules, which are to be dened in
advance, the national court or authority has a tool for assessing the lawfulness
and proportionality of the refuted measure.
When implementing immigration law, national decisions on expulsion, detention or refusal of entry should be in conformity with the obligations regarding
human rights in the ECHR and the right to eective remedies in EU law. With
regard to the scope of EC immigration law, the Title IV instruments described
above include specic rights for third-country nationals, for example, the right to
free movement in Directive 2004/38, or the Directives on long-term residents
and family reunication. Both EU law and the human rights protected in the
ECHR give national courts substantial criteria for assessing the lawfulness of
administrative decisions. In both EU law and with regard to the human rights in
the ECHR, the principle of proportionality plays an important role.46 To summarise,
this principle of a substantial review requires that the competent court or other
national body should be able to:
a.
b.
c.
d.

assess the legitimacy or lawfulness of the measures concerned;

assess the necessity and proportionality of these measures;
balance the individual rights against a pressing social need;
balance the competing individual rights.

5.2.4. Competences
Eective remedies include the power of the courts to prevent execution of measures
that are contrary to the ECHR. Therefore, national courts or tribunals should

46

Compare the proportionality test as used in the Berrehab judgment of the ECtHR, (appl. no.
10730/84) and in Commission v. Spain by the ECJ (C-503/03).

318

Chapter 10

have the power to suspend expulsion decisions. As we saw in Chapter 9, many

migration instruments based on Title IV TEC do not provide for the suspensive
eect of the legal procedure. Some instruments even explicitly rule that a legal
remedy does not suspend the refuted decision. These rules should be read and
applied in conformity with the criteria based on the general principles of EU law.
Another important factor in eective remedies is that the national court or tribunal is capable of providing redress in respect of the applicants complaints.
This includes the power of national courts to order nancial compensation for
costs and damages. In the eld of data protection law, courts or authorities should
have the power to order the blocking of data processing or the destruction, erasure, or rectication of the information kept in the les. National courts or (data
protection) authorities should also be able to order administrative authorities to
grant an applicant access to his or her data. In summary, the court or authority
should have at least the following powers:
a. to grant interim relief from or suspensive eect of a legal procedure;
b. to issue binding decisions;
c. to order (nancial) reparation of harm or damage.

third-country
national with long
term residence

third-country
national migrant
workers within
scope of
association
agreements

third-country
national family
members of EU
citizens

EU citizens

Articles 10, 12, and

20 Directive
2003/109

Jurisprudence ECJ:
Johnston, Heylens,
Olazabal, RadiomShingara Carpenter,
MRAX, Panayotova,
Drr-nal

Article 30 and 31
Directive. 2004/38

Sources

Dierentiation by categories of persons

right to mount a
legal challenge
against decisions of
refusal long term
residence status,
renewal, or
withdrawal

judicial- quasi
judicial

Judicial/
non judicial
remedies

with regard to
expulsion decisions

motivated decision
specifying possible
redress procedures
and time limit for
taking action

respect for human

rights

compliance with
criteria Directive
2003/109

no suspensive
eect against
decision of refusal,
refusal to renew
or withdrawal
of residence
permit

suspensive eect of
remedies against
expulsion decisions

proportionality
and necessity
of decision,
particularly in
view of expulsion
decisions

duty to communicate reasons of

decisions
formal requirements
should not impede
accessibility of
remedies

interim order
to suspend
enforcement
decision

Competences of
court or tribunal

legality of decision,
facts and
circumstances
decision is based

Scope of review

written notication
of any decision
restricting rights of
entry or residence

Accessibility of
remedies

Criteria for eective remedies in immigration and data protection law procedures

Annex to Part II

Eective Remedies in the EU: A Matter of Basic Principles

319

right of appeal or
review only if
provided for in
national law,
eective remedy
before a court or
tribunal

Article 19
Regulation
343/2003
(Dublin II)

Article 39 Directive
minimum
standards on
asylum procedure
2005/85

asylum seekers

right to mount a
legal challenge
against rejection of
application for
family reunication

informed decision,
if necessary
translation,
information how
to challenge
decision

motivated decision

written decision
including reasons
of rejection

right to legal aid

on same terms
as nationals of
Member state in
which they reside

judicial redress
procedure against
decisions of
expulsion

Article 18 Directive
2003/86

Accessibility of
remedies

Judicial/
non judicial
remedies

third-country
national with a
right to family
reunication

Sources

Dierentiation by categories of persons (cont.)

respect for human

rights and in particular principles
recognized in
EU Charter, non
refoulement and
non discrimination
principle

compliance with
criteria Directive
343/2003

respect for human

rights

compliance with
criteria Directive
2003/86

Scope of review

suspensive eect of
appeal under certain
circumstances

review or appeal will

suspend transfer of
asylum seeker only
of national law
provides so.

no provision on
suspensive eect

suspensive eect of
remedy against
expulsion order

Competences of
court or tribunal

320
Chapter 10

Article 13
Regulation
562/2006
(Schengen
Borders Code)

Article 4 Directive
2001/40 on mutual
recognition of
expulsion decisions

third-country
national at the
borders

third-country
national to be
expelled based
on decision of
another EU
Member State

Sources

Dierentiation by categories of persons (cont.)

person may bring

proceedings against
measures
according to
national law

right to appeal

Judicial/
non judicial
remedies

no provision

standard refusal
form including
reasons for decision
and available
remedies

Accessibility of
remedies

legality and validity

of foreign expulsion
decisions, correct
application of the
national law issuing
state

respect for human

rights

respect for human

rights and in
particular those
of EU Charter
(Preamble no. 20)

Scope of review

no suspensive eect

no suspensive eect
of appeal against
refusal at the
border

Competences of
court or tribunal

Eective Remedies in the EU: A Matter of Basic Principles

321

rights and
freedoms
guaranteed by
EU law

Dierentiation by rights

Jurisprudence ECJ:
Les Verts v. European
Parliament Kbler,
Siples Srl.

Article 47 EU
Charter, Article
234 TEC

Sources

independent and
impartial tribunal,
permanent
institution

Judicial/
non judicial
remedies

legal aid for those

who lack sucient
resources

ability of being
advised, defended
and represented

within reasonable
time

Accessibility of
remedies
Community EU
law rights,
fundamental
human rights,
legality acts of
institutions

Scope of review

order governments
to make good
damage caused by
infringements of
Community law
for which they
are responsible
appropriate
sanctions and
remedies for
violations of
domestic data
protection law

grant interim
relief in order to
ensure full
eectiveness of
judgment

Competences of
court or tribunal

322
Chapter 10

data protection
rights

Jurisprudence ECJ:
sterreichischer
Rundfunk case

Article 22 EC
Directive 95/46

Article 8 EU
Charter on
Fundamental
Rights

Article 8 Data
Protection
Convention 1981

Sources

Dierentiation by rights (cont.)

emphasis on
independence

judicial remedies,
national data
protection
authorities, and
supranational
data protection
authority (EDPS)

control by an
independent
authority

remedies according
to national law,
independent
supervisory
mechanism

Judicial/
non judicial
remedies

duty to inform data

subject. right of
access to personal
data

accountability data
owner for unlawful
data processing

courts have to
ascertain whether
interference meets
requirement of
foreseeability and
necessary to protect
legitimate aims

compliance with
rules of Article 8
of the Charter

right to be
informed
right of access to
personal data
purpose
specication data
processing, rights
of access to data

legitimacy of
registration
procedural
guarantees

Scope of review

principle of
transparency and
purpose
specication

Accessibility of
remedies

data protection
authorities: order
blocking, erasure or
destruction data,
temporary ban

ensure compliance
with rules of
Article 8 Charter

Competences of
court or tribunal

Eective Remedies in the EU: A Matter of Basic Principles

323

right to private
life, including
protection of
personal
infomation and
protection of
family life

Abdulaziz, Ahmut,
Sen,

Jurisprudence
ECtHR: Klass,
Gaskin, Leander,
Huvig- Kruslin

Articles 8, 13, 6
ECHR

Sources

Dierentiation by rights (cont.)

non judicial
remedies accepted
if sucient
safeguard against
abuse or
independent
controlling
mechanism by
which conicting
interests at stake
could be balanced
independent and
impartial tribunal
(judicial court)

judicial control
aords best
guarantees of
independence,
impartiality and a
proper procedure

Judicial/
non judicial
remedies

notication of
secret surveillance
measures once these
measures have been
suspended access
within reasonable
time access to legal
aid and assistance
of a lawyer if
indispensable for
eective access to
court

general criteria of
quality of law:
foreseeability and
clarity with regard
to scope and
manner of exercise
of competences
and powers of
authorities

Accessibility of
remedies

balance of dierent
interests at stake

necessity and
proportionality of
measures at stake

Scope of review

compensation of
non-pecuniary
damages and costs

nancial repair for

damages caused by
use of information

adequate and
eective remedies

appropriate relief

Competences of
court or tribunal

324
Chapter 10

Articles 3, 13
ECHR

right of
protection
against
refoulement
and torture

Jurisprudence
ECtHR:
Chahal. Al-Nashif
Vilvarajah

Article 5 (1)
and (4) ECHR
Jurisprudence
ECtHR:
onka
Chahal

Jurisprudence
ECtHR: Rotaru,
Buzescu, Chevrol

Article 6 (1)
ECHR

procedural rights
detainees

civil rights

Sources

Dierentiation by rights (cont.)

independent
authority

access to courts

Judicial/
non judicial
remedies

speedily access
clear written
information on
available remedies
in language
understandable
to applicants
disclosure of
reasons

Accessibility of
remedies

substance of
Convention rights,
assessing risk at
stake, credibility
of governmental
motive of national
security

lawfulness of
detention
protection against
arbitrariness of
detention

all aspects of the

matter factual
and legal issues
relevant to the
determination of
the dispute

Scope of review

power to prevent
execution of
measures causing
irreparable harm
powers to order
interim orders or
suspensive measures

power to order
release if detention
is unlawful

nancial repair

Competences of
court or tribunal

Eective Remedies in the EU: A Matter of Basic Principles

325

Part III
Implementation at the National Level

Chapter 11
France
Il ne faut pas ignorer non plus que ce chage informatique de grande ampleur a aussi
valeur de test lgard de tous pas seulement des trangers car ce que lon teste sur
les plus vulnrables, on peut aussi penser ltendre par la suite dautres. Nen doutons pas : lavenir dun certain fonctionnement dmocratique europen dpend des
rponses que lon apportera en terme dexercice des droits et des recours accords aux
personnes, trangres ou non, dans le cadre de ces grands systmes informatiques.1

1. Introduction
As we have seen above, the Saarbrcken Agreement of 13 July 1984 on the
abolition of internal border controls between Germany and France formed the
basis for the Schengen treaties of 1985 and 1990. This Saarbrcken Agreement
was an initiative of German Chancellor Kohl and French President Mitterrand.
As result, right from the start France was in the centre of the political negotiations leading to the Convention on the Implementation of the Schengen
Agreement (CISA). Initially, French politicians and public ocials were not
really aware of the practical implications of the Schengen cooperation. It was
only during the negotiations leading to the CISA that the French administration
and, in particular, Minister of the Interior Pasqua, who became Minister in
March 1986, expressed their reservations with regard to freedom of movement
and the lifting of internal border controls. Many of these reservations concerned
the consequences of Schengen for French immigration policy. French policymakers also criticised the potentially negative eects of lifting internal border
controls with regard to the more liberal Dutch approach on soft drugs. Other
reservations expressed by France concerned the right of hot pursuit of suspected
criminals by other Schengen States on French territory, as provided for in Article
40 CISA. The reluctance of French politicians to begin implementation of
Schengen can also be illustrated by the fact that, although the CISA ocially
entered into force on 26 March 1995, following a French request, there was a
1

S. Preuss-Laussinotte, Les chiers et les trangers au cur des nouvelles politiques de scurit, Paris:
Librairie gnrale de droit et de jurisprudence, E.J.A. 2000, p. 153.

Evelien Brouwer, Digital Borders and Real Rights, pp. 329382.

2008 Koninklijke Brill NV. Printed in the Netherlands.

330

Chapter 11

probationary period of three months. After this period, France extended this for
several additional six-month periods, in order to be able to maintain internal
border controls with Belgium on the basis of Article 2.2 CISA.2
French political motives also played a crucial role with regard to the
development and use of the NSIS. During the negotiations, the French government questioned the public order criteria, with regard to denition of persons to
be registered in the NSIS on public order grounds (Articles 99 and 96). The
French government was concerned about the fact that French ocials would be
obliged to take measures against persons who, according to French criteria, were
not considered a danger to national security (for example, the Palestinian leader
Arafat). This problem was solved by the French proposal to insert the option of
adding a ag to SIS records. This ag would indicate to the national authorities
that, during the rst 24 hours of storage, the SIS alert is not to be implemented
on the territory of the agging state. Other examples of Frances strong position
in the negotiations are the nal inclusion of data protection principles in the
CISA, the choice of headquarters for CSIS (which is in Strasbourg) and the
choice of the IT company that was commissioned to develop the NSIS.3
Despite Frances concerns and the inclusion of French goals into the Schengen
treaties, the CISA and the establishment of the NSIS has led to important amendments to French law and policy. After 1986, the French legislator had to amend
its visa rules and was forced to delete some countries from the list of countries
whose nationals needed a visa to enter France and, at an early stage, the French
immigration rules were amended in order to implement the Schengen rules.
As we will see in the following sections, France has much jurisprudence with
regard to the use of the NSIS in immigration and visa law cases. This jurisprudence gives us a valuable insight into the main legal issues and practical problems
with regard to the use of the NSIS in French immigration policy.

2. Parliamentary Involvement with CISA

2.1. Schengen in General
The French parliament (the Assemble Nationale and the Snat) was not informed
of the negotiations on the Schengen Agreement of 1985.4 The lack of information

2
3

See, on the reintroduction of border controls after 1995: Groenendijk (2004), p. 150170.
As we saw in Chapter 3, the order to develop SIS was nally given to a consortium of the AngloFrench SEMA group, the French rm Bull and the German company Siemens-Nixdorf.
The text of the Schengen Agreement was published in the Journal Ociel (hereafter JO)
5 August 1986. French ocial documents and jurisprudence can be obtained from http://www
.legifrance.gouv.fr and http://www.ladocumentationfrancaise.fr.

France

331

before this Agreement was signed seemed to be accepted by the members of the
Assemble Nationale on the basis of the reasoning that this Treaty would only
aect internal decision-making and not involve the adoption of formal laws.5
To the French Senate, the government justied this secrecy by referring to the
diplomatic character of the negotiations on the Schengen Agreement.6
However, the lack of information with regard to the negotiations on the CISA
between 1985 and 1990 received critical reactions. In 1988, Julien Dray,
a member of the Assemble Nationale, questioned the government about the
intergovernmental negotiations on the harmonisation of European immigration
and asylum law. He focussed on which criteria would apply to establishing which
country would be responsible for examining an asylum application.7 Answering
his question, the government informed the French parliament that, in order to
harmonise the policy on the movement of persons and to establish compensatory
measures for lifting internal border controls, the Schengen governments were
still discussing the measures requiring regulation in an international treaty. In
1989, members of the Assemble Nationale complained that the government had
failed to inform the parliament of the planned signature of the CISA. The only
available information came from the press, foreign parliaments and NGOs.
During the discussions, one member of the French parliament stated that, in
order to be informed of the content of this second Schengen treaty, it was necessary to read the Dutch newspapers because the Dutch government informed its
parliament on a regular basis.8 It was only after the Schengen states had signed
the CISA that the Senate established, on 26 June 1991, a special control committee for examining the implementation and operation of the CISA. In its
report of 11 December 1991, this committee was critical of the secrecy
surrounding the Schengen negotiations.9 The report referred to a Dutch spokesman according to whom the French government apparently urged the Dutch
government not to disclose information to its parliament during the Schengen
negotiations because this would run the risk of constituting a precedent and
could be used as a basis for identical demands from the French parliament.10
5

6
7
8

10

Puisque ses dispositions touchent seulement au domaine de rglement et non celui du loi. Report
of a meeting of the Commission on Foreign Aairs of the Assemble Nationale, 25 May 1989,
Assemble Nationale, Bulletin des Commissions, 10, p. 863. Parliamentary documents are to
nd at http://recherche.assemblee-nationale.fr.
Snat, Bulletin des Commissions, 11 December 1989, p. 1049.
Question of 24 October 1988, Assemble Nationale, 27 February 1989, no. 4406.
Assemble Nationale, 29 June 1989, p. 2613. See also Assemble Nationale, 30 June 1989 and
12 December 1989, p. 6399 and 6401.
Snat, Report no. 167 of the Senate by Xavier de Villepin (rapporteur) and P. Masson (president
of the Senate), 19911992 (I have used the English translation which was produced by the
French Senate).
Snat, Report no. 167, 19911992, p. 8.

332

Chapter 11

During the discussions on the act to approve the CISA, the French parliament
was especially concerned about the transfer of sovereignty with regard to the
French powers of border and immigration control. On the basis of Article 61 of
the French Constitution 1958, the French parliament forwarded the ratication
act of the CISA to the French Constitutional Council (Conseil Constitutionnel ).
This Council is a body which examines the compatibility of proposed laws with
the French Constitution.11 In their request, the members of parliament rst questioned whether the decision-making powers of the Schengen Executive
Committee, as provided in the CISA, would not mean a transfer of sovereign
powers which would interfere with the Constitution. The constitutional appeal
also concerned the non-applicability of the CISA to the overseas territories of
France (DOM-TOM countries) and the fact that this would result in dierent
treatment being given to French nationals living in France and those living in the
overseas countries. In its decision of 25 July 1991, the Constitutional Council
dismissed the parliamentary arguments, deciding that the content of the CISA
did not entail any transfer of powers.12 In its opinion, the crossing of internal
borders without controls on persons, was not the same as the lifting or changing
of borders which would legally limit the powers of a national state. The
Constitutional Council therefore concluded that the CISA was not in breach of
the French Constitution.
Members of the French parliament further criticised the proliferation of
bureaucratic bodies within the Schengen central negotiating group and the
absence of consultation with national parliaments. They also expressed their fear
of an increasing number of asylum seekers coming to France, caused by the
constitutional protection of the right to apply for asylum in Germany.
France was the rst Schengen state to ratify the CISA, on 30 July 1991.13 The
text of this Convention was published only ve days before the Treaty entered
into force.14 After the ratication and the implementation of the CISA, the French

11

12
13
14

In France, the Constitutional Council can be requested by a group of interested persons, the
parliament or other institutions, to give its opinion on the constitutionality of a legal proposal,
if they claim that the proposed law is (partly) in breach of the constitution. This scrutiny takes
place before the law enters into force.
Decision no. 91294, JO 27 July 1991.
Loi 91737, 30 July 1991, JO 1 August 1991.
Dcret 95304 du 21 mars 1995 portant publication de la convention dapplication de lAccord
de Schengen du 14 juin 1985 entre les gouvernements des Etats de lUnion conomique
Benelux, de la Rpublique fdrale dAllemagne et de la Rpublique franaise relatif la suppression graduelle des contrles aux frontires communes, signe Schengen le 19 juin 1990,
JO no. 69, 22 March 1995.

France

333

parliament published extensive reports in 1998 and 1999 on the implementation

of Schengen and on the integration of the Schengen acquis in the EU treaties.15
2.2. The NSIS
During the parliamentary debate in 1989, i.e. before the signature of the CISA,
members of the French parliament expressed their concerns about the provisions
for data exchange and the Schengen Information System. Their concerns touched
especially on the lack of data protection law in the other Schengen states.16
At the time of ratication, French parliamentarians and the French government
shared the presumption that French data protection legislation of 1978 provided
the highest level of protection for individuals.17 This argument was also put forward in the constitutional appeal by the French parliament on the Schengen
Ratication Act.18 In the decision of 25 July 1991, mentioned above, the
Constitutional Council also rejected this complaint. According to the Council, the
CISA included an important set of rules for the protection of the rights of individuals with regard to the processing and use of personal information, including the
provisions of Title VI.
In his report on the integration of the Schengen acquis in the Treaty of
Amsterdam of 1998, Loncle, a member of the Assemble Nationale, supported
the French motives for maintaining the SIS under the legal framework of the
third pillar.19 Much more critical was his report of 1999, in which Loncle evaluated the international Schengen cooperation. In the rst place, Loncle criticised
the lack of transparency in the implementation of Schengen. He questioned the
need not to disclose the specic motivation for the refusal of visa applications,
when this refusal is based on SIS registration.20 He further supported the position
held by certain French courts in their judgments with regard to the use of
15

16

17
18
19

20

Rapport dinformation de lAssemble Nationale 1257, Lintgration de lacquis Schengen,

Franois Loncle, 10 December 1998. Rapport dinformation de lAssemble Nationale, 1476,
Sur le bilan et les perspectives des Accords de Schengen, 17 March 1999, Commission des Aaires
trangres, Franois Loncle. Rapport dinformation de lAssemble Nationale, 1690, Sur le
bilan de la coopration transfontalire dans le cadre de la Convention de Schengen, 10 June 1999,
Jean-Marie Bockel.
Assemble Nationale, 28 June 1989, p. 2596. See also the statement by the former Minister for
European Aairs, Ms. Cresson, during the parliamentary debate, Assemble Nationale, 12
December 1989, p. 6401.
Preuss-Laussinotte (2000), p. 133.
Decision no. 91294, JO 27 July 1991.
Rapport dinformation de lAssemble Nationale 1257, Lintgration de lacquis Schengen,
Franois Loncle, 10 December 1998.
Rapport dinformation de lAssemble Nationale, 1476, Sur le bilan et les perspectives des Accords
de Schengen, 17 March 1999, Commission des Aaires trangres, Franois Loncle.

334

Chapter 11

the NSIS, in which they do not accept excessive sanctions on third-country

nationals who, following a criminal conviction, are registered in the NSIS for
refusal of entry by the French authorities. He advocated a systematic approach
for the consultation and further training of national judges regarding these types
of problems. Loncle was one of the few members of parliament who explicitly
paid attention to the problems of individuals with regard to the implementation
of their rights under the CISA. He underlined the importance of the right of
access or deletion with regard to information stored in the NSIS, even if this
information concerned minor oences or events which occurred a long time ago,
particularly if the information was based on manifest mistakes. He also warned
against creating a false sense of security by transforming the European area of
free movement into an impenetrable fortress.
In the same year, another member of the Assemble Nationale, Bockel, gave a
more positive evaluation of the Schengen cooperation. Among other things, he
underlined the practical success of the NSIS: the high number of users of the system (in 1998, 15,000 terminals in France were connected to the NSIS) and the
high number of persons and objects which had been detected using the NSIS (in
1998: 11,000 hits based on information forwarded by other Schengen States and
3,000 hits based on French information in the NSIS).21
After 1999, members of the French parliament dealt only incidentally with
Schengen and the use of the NSIS. Questions which were raised concerned the
use of the NSIS by French embassies and the further development of the NSIS
and NSIS II (see below).22 In December 2004, Philippe Vuilque (Socialists)
explicitly questioned the lack of a suspensive legal remedy for third-country
nationals who are expelled on the basis of an Article 96 entry in the SIS.23 I will
come back to this subject in sections 3.5.2 and 6.4.4.
2.3. SIS I: Comments NGOs, Lawyers and Organisations
During the period 19891990, just before the signature of CISA, French NGOs
such as Frances Terre dAsile, MRAP and GISTI expressed their concerns about
the establishment of a fortresse Europe, the lack of democratic scrutiny and the
consequences of the implementation of the CISA on the protection of asylum
seekers.24 Humanitarian and charitable organisations participated in a joint
21

22

23

24

Rapport dinformation de lAssemble Nationale, 1690, Sur le bilan de la coopration transfontalire

dans le cadre de la Convention de Schengen, 10 June 1999, Jean-Marie Bockel.
Question Thierry Mariani, question no. 30379: JO 15 December 2003, p. 9526, governmental
answer: JO 10 February 2004, p. 1004.
Question no. 54624: JO 28 November 2004 p. 10386 and governmental answer: JO 22
February 2005, p. 1959. See further details in section 7.3.2.
M.L.S. de Wit, Het Akkoord van Schengen: vergelijkend onderzoek tussen Nederland en Frankrijk,
Masters thesis, University of Nijmegen 1991, p. 58 .

France

335

Commission on the protection of the right to asylum (Commission de sauvegarde

du droit dasile, CSDA).25 In April 1989, this organisation issued a Manifesto in
which it expressed its concerns about the consequences of the Schengen treaties
on the protection of refugees and the right to asylum in France.26 In 1993, several French lawyers criticised the content of the Schengen treaties in a special
issue of Plein Droit, describing Schengen as the freedom of movement under
surveillance, and Europe as an area of soft-apartheid.27
As we saw in Chapter 7, the French Data Protection Authority, CNIL, together
with its counterparts in Germany and Luxemburg, actively lobbied for the inclusion of data protection provisions in the draft texts of the CISA. On 24 June
1989, the chairman of the CNIL, Jacques Fauvet published a critical letter on
the development of the NSIS in the French newspaper Le Monde, entitled,
Community of databases.28 In this article, which was written on the occasion
of the publication of the CNIL annual report, Fauvet described dierent problems which would have to be encountered in the light of the dierent levels of
data protection in the Schengen countries. According to Fauvet, a further debate
was necessary on the need for harmonisation of the national laws and whether
this eld should be covered by communitarian law.
After the implementation of the CISA, the practical consequences of the use
of the NSIS for third-country nationals in France were closely followed by the
French organisation Cimade. This organisation supports and informs thirdcountry nationals who are detained in special detention centres in France.
Ocials of this organisation often have to deal with detained immigrants to
whom an expulsion order applies on the basis of a SIS record. On a regular basis,
Cimade tries to attract attention for the legal position of third-country nationals
who are reported in the NSIS.29
2.4. SIS II
In July 2005, Rivire Jrme, a member of the Assemble Nationale, asked the
government to comment on the new proposals for the development of SIS II.30

25
26

27

28

29
30

Le Monde, 15 November 1989, p. 11.

Published in Lettre dInformation 74, June 1989, Spcial Europe. In this special issue, dierent
organisations and legal experts commented on the new European developments with regard to
immigrants and asylum seekers.
Plein Droit, 20 February 2003, Europe: un espace de soft-apartheid. Schengen : la circulation
sous surveillance.
Le Monde, 24 June 1989, pp. 12. Before he became the chairman of CNIL, Fauvet was the
general editor of Le Monde.
Cimade, Centres et locaux de rtention administrative, Rapport 2003, Paris: July 2004, p. 133 .
Question no. 69226, published in JO 5 July 2005, no. 6514 and answer of the government: JO
18 October 2005, no. 9699.

336

Chapter 11

In reply to this question, the French Minister of European Aairs gave a general
description of the state of aairs and the reasons for the development of SIS II.
In January 2006, the committee dealing with legal issues within French
Snat adopted a resolution on the development of SIS II.31 In this resolution, the
government was asked rstly not to agree to the proposal of the European
Commission to transfer primary responsibility for the practical operation of SIS
II from the French government to the European Commission. Secondly, the
committee opposed the proposed harmonisation of the criteria for recording
third-country nationals in SIS II and asked its government to insist upon maintaining the current criteria. The parliamentary committee was also concerned
about the possibility that national security agencies would no longer have access
to the data about inadmissible third-country nationals in SIS II during their
checks within the national territory. Furthermore, the authors of this report were
concerned that the Commission proposal would aect the eciency of the use of
SIS II in the ght against irregular immigration because 40% of identity checks
involving irregular immigrants would take place within the territory of France,
not at the borders.
In its report of April 2006, the Assemble Nationale repeated most of the points
expressed by the Senate.32 Stressing the general need for the development of SIS
II and the extension of its functionalities, the French parliament advocated maintaining the primary responsibility of France for the operation of the central part
of SIS II, not amending the criteria on inadmissible third-country nationals and
ensuring access by internal security authorities to data on third-country nationals.
With regard to the issue of data protection, this report by the French parliament
only referred to the conclusions formulated by the Article 29 Working Party and
the Joint Supervisory Authority of Schengen in their comments on the development of SIS II. The French government was asked to take into account these
conclusions to ensure an appropriate balance between the right to privacy and
the protection of the public order.

3. Implementation of Article 96 CISA

3.1. Applicable Law
Even before the CISA entered into force and before the SIS became operational,
in 1992 the French legislator adopted a law to amend the French Immigration
31

32

Rapport no. 174 (20052006) de M. Richard Yung, for the parliamentary law committee
(commission des lois), 25 January 2006 http://www.senat.fr/rap/l05174/l05174.html.
Rapport dInformation, 12 April 2006, Document E 2897, 2898, 2899.

France

337

Act of 1945 for the implementation of the CISA.33 This amendment included
the penalisation of carriers transporting third-country nationals without a valid
visa or residence permit and the expulsion of third-country nationals refused
entry on the basis of the criteria in Article 5 of the CISA. This amendment also
included the provision from (the former) Article 26 bis of the Immigration Act,
which empowered French administrative authorities to expel third-country
nationals to the borders on the basis of an Article 96 report in the NSIS (reconduite la frontire, this is now Article L. 5231, see the following section).
Measures for control and identication are regulated by a formal law of 10
August 1993.34
Based on a governmental decision of 6 August 1993, the Minister of the
Interior was authorised to start creating the national section of the Schengen
Information System.35 The general purpose and use of the French NSIS were laid
down in a ministerial decree (Ministry of the Interior) of 6 May 1995.36 A decree
of 23 March 1995 provided for the legal basis for the installation of the national
SIS database at the French Ministry of the Interior and for the establishment and
tasks of the French SIRENE oce.37 The implementation and use of the French
NSIS were further regulated in several circulars from the Minister of the Interior.
The circulars of 17 and 23 March 1995 on the implementation of the CISA
describe the situations in which the French authorities are obliged to consult the
NSIS. They also conrm the direct eect of a SIS alert on an inadmissible alien,
even if this alert has been forwarded by another Schengen State.38
3.2. National Criteria for Entering Third-Country Nationals into the NSIS
There is no formal law or decision which describes the criteria on the basis of
which French authorities may report third-country nationals in the NSIS for the
purpose of refusal of entry. Only the aforementioned decree of 6 May 1995
33

34
35
36

37
38

Loi no. 92190, 26 February 1992, amending the French Immigration Act or Ordonnance no
452658, de 2 novembre 1945 relative aux conditions dentre et de sjour des trangers en
France.
Act no. 93992, 10 August 1993, JO 11 August 1993.
Arrt du 6 aot 1993, JO 19 August 1993.
Dcret no. 95577 du 6 mai 1995 relatif au systme informatique national du systme
dinformation Schengen dnomm N-SIS, JO 7 May 1995, p. 7420.
Dcret 95315, JO 24 March 1995. See also Arrt 31 July 2001, JO 5 August 2001.
Circulaire du 17 mars 1995 du ministre de lIntrieur ayant pour objet la mise en uvre de la
convention dapplication de laccord de Schengen, and Circulaire du 23 mars 1995 relative la
mise en uvre de la convention dapplication de laccord de Schengen signe le 19 juin 1990
(dispositions autres que lasile), both published in Textes de rfrence JORF, entered into force
8 March 1996. As I was unable to retrieve a published version of these circulars, I had to rely on
the description given in: S. Preuss-Laussinotte (2000), p. 138.

338

Chapter 11

denes the categories of data to be recorded into the NSIS and the authorities
with access to the NSIS. With regard to the data to be entered into the NSIS,
this decree generally follows the categories as described in Articles 95 to 99 CISA.
More specically, with regard to Article 96, Article 3 of this decree refers to
third-country nationals reported for the purposes of refusing entry on the basis
of an administrative or judicial decision. Aside from this circular of 6 May 1995,
there is no formally published information on the criteria used for the application of Article 96 CISA. I therefore had to rely on the information which has
been forwarded to me by the persons I contacted or interviewed during this
research.39 In general, there are three categories of decision based on which thirdcountry nationals are reported in the NSIS for the purpose of refusal of entry.
Firstly, a person will be registered in the NSIS on the basis of an administrative expulsion decision, based on a decision by the Ministry of the Interior (arrt
dexpulsion) or the local prefects (arrt prfectoral de reconduite la frontire,
AFPR). These decisions normally relate to the irregular stay of the third-country
national concerned or the withdrawal of his or her residence permit. This category of registration thus corresponds to the criteria of Article 96 (3) CISA. The
expulsion decision (known as E12 les) should be notied to the person in question. It is unclear whether this notication includes the information that the person will be automatically registered in the FPR and NSIS les. Informal gures
for 2004 establish that 60% of the data in this category had been forwarded by
the Ministry of the Interior and 40% by the prefectures.40
Secondly, a third-county national may be reported in the French NSIS on the
basis of a decision by the Ministry of the Interior, more precisely the Direction of
Public Liberties and Legal Aairs (Direction des liberts publiques et des aaires
juridiques), establishing that the entry or residence of the person concerned in
France is a danger to the public order (menace lordre public). The specic
motivation for such a decision regarding these les in the NSIS (le TE02 or
opposition entre en France) is secret. The legal basis for this decision is included
in L 2131 of the French Immigration Act 2006.
Thirdly, a SIS registration may be based on a judicial decision implying a ban
on entry (Interdiction du territoire franais or ITF, or le IT01). A French court
may issue such a formal ban on entry in conjunction with the criminal conviction
of a third-country national.41 This formal ban decision has two eects: it forbids
39
40

41

This information was given by persons from the police, CNIL and CIMADE.
According to a report forwarded by CNIL in 2005 to the Schengen Joint Supervisory Authority,
in reply to a questionnaire to the Schengen Joint Supervisory Authority on the implementation
of Article 96 CISA.
The amendment of the Immigration Act in 2003 (Loi Sarkozy) was aimed at limiting the use of
this double punishment (double peine); see further section 6.1.

France

339

the alien from remaining on (or re-entering) France and, secondly, it empowers
the French authorities to expel this person. These two latter categories of criteria
can be regarded as the implementation of Article 96 (2) CISA.
In practice, registration in the NSIS follows the prior registration of thirdcountry nationals in the French police information system: Fichier des Personnes
Recherches (FPR, see section 4.1 below). The authority responsible for the information held in FPR is the central criminal documentation service (service central
de documentation criminelle), which is a branch of the Ministry of the Interior.
In general, for the three categories of les mentioned above, the data forwarded
to FPR will automatically be recorded in the NSIS. If the forwarding authorities
do not want to have this data stored in the NSIS, they have to declare this explicitly to the authorities responsible for this le. If a le is deleted from FPR, the le
will automatically be deleted from the NSIS as well. However, deletion from the
NSIS does not mean that the data will automatically be deleted from FPR.
Theoretically, if a person has been expelled on the basis of an expulsion decision
(reconduite la frontire), his or her data should be deleted from the NSIS. In
practice, it has been established that such data were maintained in the NSIS on
the basis of the second category: the ministerial decision establishing that the
person concerned is a danger to the public order.42
To summarise, the authorities competent to decide whether a person may be
recorded in the NSIS for the purposes of Article 96 CISA are the French Ministry
of the Interior, the heads of the French dpartements or the prefectures (les prfectures) and the courts ordering a formal ban on entry. The authorities authorised
to forward information to the NSIS are the French national police, the French
military police (la gendarmerie) and the judicial authorities. A coordinating role
is assigned to the central department of border police within the French Ministry
of the Interior (Direction Centrale de la Police aux Frontires or DCPAF) with
regard to the decisions on inadmissibles and thus the registrations in the NSIS on
the basis of Article 96 CISA. This department was established in 1999, replacing
the former central department on immigration control and the ght against
illegal immigration (DICCILEC).43
In his circular of 17 March 1995, the Minister of the Interior stressed the
responsibility of the French authorities with regard to protecting the public order
of the other Schengen partners, when implementing Article 96 CISA.44 According
to the Minister in the same circular, for national authorities this registration in
42
43

44

Interview with Cimade, February 2005.

See Ph. Giraud, LExprience de la France dans la mise en oeuvre de Schengen, in:
K. Hailbronner, P. Weil (eds.), From Schengen to Amsterdam. Towards a European Immigration
and Asylum Legislation, Trier: ERA Series of Publications, Vol. 29, p. 3141.
Circulaire du 17 mars 1995, see Preuss-Laussinotte (2000), p. 138.

340

Chapter 11

the CISA would imply a predetermination mechanism (dispositif de prdtermination) for inadmissible persons. This would imply that, in general, an alert in
the SIS on the basis of Article 96 CISA should result in the automatic refusal of
entry to the person concerned.

3.3. Authorities with Access to NSIS Data

Article 5 of the Decree of 6 May 1995 includes a limitative but long list of
authorities entitled to gain access to the information held in the NSIS.45 This list
does not clearly describe which authority has access to which information. Article
5 only requires that the authorities listed may have access to the information
within the framework of their competences. The authorities concerned are:
ocials and agents of the SIRENE oce, the judicial authorities, ocers of the
national police and ocials of the national military police (gendarmerie) in the
exercise of their tasks as administrative police or judicial police. More specically
with regard to immigration tasks, the French decree includes ocers of the local
police and of the central administration with the Ministry of the Interior who
are competent with regard to the policy regarding the entry, residence and expulsion of third-country nationals and with regard to missing persons. Ocials of
the Ministry of Foreign Aairs and consulates and the consular sections of
embassies may have access to the NSIS les with regard to the issue of visas.
Article 5 of this decree also empowers customs agents to gain access to the information concerning non-admissible third-country nationals. It also provides that
customs agents will be informed of the existence of other information held in the
NSIS, with the exception of the information about missing persons as intended
in Article 98 CISA.
3.4. Operation of SIRENE
The French SIRENE oce is under the direct responsibility of the Ministry of
the Interior, more specically the central division of the judicial police (Direction
Central de la Police Judiciaire). With regard to the operation of this organisation,
the Minister of the Interior is expected to cooperate with the Ministers of
Defence, Foreign Aairs, Justice and Financial Aairs.46
The oce of SIRENE is located in Nanterre, whereas the French NSIS is held
in Paris and the CSIS in Strasbourg. The French SIRENE oce holds a special
45
46

Dcret no. 95577 du 6 mai 1995, JO 7 May 1995, p. 7420.

See Article 4 of the decree no. 95315 establishing the SIRENE oce, 23 March 1995, JO 24
March 1995.

France

341

le which makes it possible to record the additional information necessary for

the implementation of Articles 95 to 100 of the CISA. These les include ngerprints. With regard to the surveillance of third-country nationals, the French
SIRENE oce performs, as in other countries, an intermediary role. The French
immigration authorities are required to consult the French SIRENE oce if a
person who is found to be in an irregular situation in France and who is applying
for a visa or a (renewal of ) a residence permit is recorded in the NSIS for the
purpose of refusal of entry.47 As in the other Schengen States, the French SIRENE
oce should be available on a 24-hour basis.
In 1999, a member of the Assemble Nationale, Mr. Bockel, pointed out the
extended tasks of the French SIRENE oce and proposed increasing the practical
and nancial resources of this organisation.48
3.5. Article 96 Hits: Duties and Responsibilities of French Authorities
The circular of 23 March 1995 explicitly indicates that the French authorities are
obliged to consult the NSIS as soon a third-country national presents him- or
herself to a public oce or is interviewed by the police.49 According to this circular, the situations in which the French authorities are obliged to consult the
NSIS include the procedures for issuing residence permits and regarding expulsions. The information held in the NSIS should also be checked every time a
third-country national presents himself to the French authorities or is questioned
by the police.
3.5.1. Refusal of Entry or Residence Based on Article 96 CISA
According to the two circulars by the Minister of the Interior of 17 and 23 March
1995, residence permits should be refused if the person is recorded in the NSIS
as to be refused entry, except on humanitarian grounds or in fullment of international obligations. According to these circulars, an example of humanitarian
grounds could be the situation that, if a person suers from a serious illness, he
or she can be allowed entry or residence, especially if the person has strong links
with France. With regard to the international obligation, the circulars refer to
the Geneva Convention and the ECHR.

47

48
49

Circular of 12 May 1995 on the consultation of SIRENE France with regard to the application
of the Schengen Convention, Textes de rfrence JORF, entered into force on 8 March 1996.
Assemble Nationale, 10 June 1999, no. 1690, p. 38.
Circular 23 March 1995: Cest le cas pour la procdure de dlivrance des titres de sjour et
pour lloignement, et donc pour la vrication de la situation du SIS de tout tranger qui se
prsente vos guichets, ou qui est interpell par la police ou dont vous avez traiter le dossier au
regard du sjour ou dun loignement ponctuel. Cited in Preuss-Laussinotte (2000), p. 138.

342

Chapter 11

3.5.2. Expulsion of Third-Country Nationals on the Basis of Article 96 CISA

Even in 1992, based on an amendment to the French Immigration Act, a new
paragraph was added to Article 26bis on the expulsion of third-country
nationals.50 On the basis of this provision, which entered into force at the same
time as the CISA, the heads of police may issue an expulsion order to thirdcountry nationals who are reported in the NSIS on the basis of Article 96.51 This
provision applies to third-country nationals who are in an irregular situation on
French territory. This rule is based on the presumption that the foreign decision
on which the report in the NSIS is based should be a nal or enforceable decision (dcision excutoire). It allows the local prefecture or police to order the direct
expulsion of a third-country national reported for the purpose of non-admission
in the NSIS.52 If this expulsion cannot be enforced immediately, the person concerned can be detained. In one of the rst judgments, published immediately
after the entry into force of the CISA in 1995, the administrative tribunal of
Lyons decided that, if it cannot be established by the French authorities that the
foreign alert in the NSIS is based on a nal decision, the expulsion decision is to
be annulled.53 It is however questionable whether the French authorities are actually obliged, when issuing an expulsion order, to check whether the foreign
Article 96 report is based on a denitive decision or whether they may presume
the nality of this foreign decision. Answering the parliamentary question from
Philippe Vuilque with regard to the lack of suspensive remedies, the Minister of
the Interior made it clear that a foreign Article 96 report in the NSIS may be
regarded as an enforceable decision taken by another Schengen partner.54 This
question is important because, as we will see in section 6.4.4, based on this
presumption of a nal foreign decision, the possibility of a suspensive remedy
against these expulsion orders has been limited in the French Immigration Act.
In its 2003 report on the retention and expulsion of third-country nationals,
the French NGO Cimade noticed an increase in the number of expulsions based
on Article 96 of the CISA.55
50
51

52

53

54

55

Act no. 92190 of 26 February 1992 implementing CISA.

Reconduites doce la frontire fondes sur un signalement aux ns de non-admission dans
le SIS.
As we will see below, in section 6.4.4, based on an amendment in 2003 to the French
Immigration Act, an appeal against an expulsion order based on a foreign SIS report will have
no suspensive eect.
Decision of Tribunal administratif de Lyon, 6 April 1995, no. 95012919501292 (Mr. & Ms.
Ciuciu).
le signalement ne fait donc que rappeler lexistence dune dcision excutoire prise par un
autre membre, donc par hypothse, notie et dont les dlais de recours sont expirs. See the
ministerial answer to the question by Vuilque, no. 54624, JO 28 November 2004, p. 10386 and
JO 22 February 2005, p. 1959.
Cimade, Centres et locaux de rtention administrative, Rapport 2003, Paris: July 2004, p. 133.

France

343

3.5.3. Article 96 Hits and Visa Applications

The French authorities involved in issuing visas to third-country nationals are
obliged to consult the NSIS.56 In general, if a person has been reported in the
NSIS for the purpose of being refused entry, this person is to be refused a visa,
except on humanitarian grounds or to full international obligations.
In 1998, the so-called Loi Chevnement extended the duty to motivate refusals of visas to several categories of visa refusals including decisions based on a SIS
registration.57 This amendment to the French Immigration Act has led to a signicant increase in procedures against visa refusals.58 The exchange of information between the central authorities and the consulates or embassies takes place
through a secured information network: the RMV or Rseau Mondial Visa (see
further section 4.3 below).
3.6. The Practical Use of the NSIS in France
Compared to the number of SIS reports by other Schengen States, approximately
7% of the Article 96 reports in the NSIS are submitted by the French authorities.59 This percentage has remained more or less the same over the past few years:
compare to 2003: 6.7% (out of 778,886 Article 96 reports, 52,383 are registered
by France) and to 2004: 6.8% (out of 785,631 Article 96 reports, 53,195 are
French).60 On 1 January 2005, of the total of 714,078 les based on Article 96
CISA, 53,487 alerts or 7.5% were entered by the French authorities.61
Although the total number of reports in the SIS submitted by the French
authorities remained high over the years, the quantity of data on third-country
nationals is relatively modest. Compare the data when the SIS rst became
operational with more recent data: in June 1995, 740,000 data items (including
cars and passports) were reported by French authorities in the NSIS. 177,000
alerts concerned persons, of which 76,000 or 43% involved third-country
nationals to be refused entry on the basis of Article 96.62 In 2002, the total number

56

57

58

59
60
61
62

The rules of the CISA with regard to visa applications were implemented in the ministerial
circular of 23 March 1995 mentioned above.
See also C. Saas, Les refus de dlivrance des visas fonds sur une inscription au Systme
Information Schengen, Cultures & Conits 4950, 2003.
See the parliamentary report on visa policy (sur les moyens des services des visas) of Yves
Tavernier, member of the Assemble Nationale, no. 1803, 8 September 1999. According to
Tavernier, this increase in administrative appeals cannot be explained solely by the new obligation
of informed decision-making, but also, paradoxically, because of the more liberal visa policy: in the
light of this liberalisation, persons refused a visa would be more reluctant to accept this refusal.
Total amount of Article 96 reports in 2003 was 778,886 (source: Statewatch report April 2005).
Source: Statewatch website, news April 2005.
Source: report C SIS Exploitation team 01/01/2005.
Report, Assemble Nationale, no. 2095. See Preuss-Laussinotte (2000), p. 82.

344

Chapter 11

of alerts on persons and objects entered by the French authorities was one million,
147,000 of which were alerts involving individuals. In the same year, 52,398 or
35.6% of these reports involving persons concerned third-country nationals to be
refused entry. In 2005, the total number of French alerts involving persons had
dropped to 103,084, of which 53,487 or 51.9% concerned Article 96 alerts.
French reports on inadmissibles travelling in other Schengen countries led to
a relatively small number of hits. In 2002, only 257 hits occurred in other
Schengen countries on the basis of a French Article 96 registration (0.5%). The
French authorities recorded 3,027 hits on third-country nationals based on a
foreign (mostly German) report.63

4. Intermezzo: French Policy Governing Third-Country Nationals

4.1. Police File on Searched Persons
As we have seen above, the storage of information in the NSIS is linked to the
central police le on searched persons (Fichier des Personnes Recherches or FPR)
which is held under the shared responsibility of the Ministry of Justice and the
Ministry of the Interior. This system is held by the police and the French state
police (gendarmerie) for judicial, military and administrative purposes. Since the
1970s, this le has been the subject of a large computerisation project. The FPR
is divided in 20 sub-les, each to be used for dierent tasks and indicating the
procedure for the consulting authorities. Some of these sub-les contain information on third-country nationals, including persons whose presence is considered a danger for the public order, persons against whom a court has issued a
formal residence ban and persons who are to be refused entry or residence on
public order grounds. Consultation of the FPR is compulsory for those authorities dealing with third-country nationals.64 The SIS was partially modelled on
this French system. After the implementation of the CISA, the competent
authorities, such as the local prefecture, may simultaneously check (parts of ) the
NSIS, FPR and the French central database on third-country nationals, as
described in the next section. As we have seen above, input into the NSIS is
based on the information stored in the FPR.
4.2. General Database on Foreigners: AGDREF
Another important database on foreigners is the so-called AGDREF (systme
informatis de gestion des dossiers des trangers en France) which was established in
63
64

Source: Bigo & Guild (2003).

See Preuss-Laussinotte (2000), p. 8384.

France

345

1982 by the French government for the purpose of issuing residence permits.65
This system was modernised in 1993, allowing for a more complete management
of les on foreigners and, especially, for the ecient registration of legally resident
third-country nationals. AGDREF is maintained under the responsibility of the
Ministry of the Interior. According to the ministerial decree of 29 March 1993,
the goals of this system are:66
a. to improve procedures with regard to the legal and administrative situation of
foreigners;
b. to ensure the delivery of residence permits and applications for a residence
permit or renewal and administration, avoiding the risks of falsication;
c. to allow verication by the French authorities of the residence status of thirdcountry nationals, and;
d. to allow the compilation of statistics for use by the Ministry of the Interior.
The information to be stored in AGDREF includes, among other things, the
nationality, civil status, profession, identication number, visa and other conditions of entry of the foreigner concerned. AGDREF also includes information
about the residence permits issued to EU and EEA nationals, although other
rules apply with regard to which categories of data are to be stored.67
As mentioned above, the French authorities competent to deal with immigrants have simultaneous access to FPR, AGDREF and the NSIS.
4.3. Database with Regard to the Issuing of Visas
Following the introduction of a general visa obligation in September 1986, the
French government established a worldwide visa information network for use by
the embassies and consular posts abroad (Rseau Mondial Visa or RMV). There is
no formal legal basis for this network, only a decision (arrt) by the Ministry of
Foreign Aairs of 20 June 1989 providing for the creation of this system.68 The
goal of this French system is to improve visa application procedures, allowing for
the exchange of information on visa applicants between the dierent French
authorities concerned. This visa network in fact contained dierent les, including a le on the information as forwarded by visa applicants and the so-called

65
66
67

68

On the basis of a ministerial decree of 27 September 1982.

JO 30 March 1993.
See, for the categories of data to be registered on EU nationals in AGDREF:
Circular of 11 October 2004, NOR/INT/D/04/00124/C available at: http://www.interieur
.gouv.fr/rubriques/b/b5_lois_decrets/recherche.
See further: Dictionnaire Permanent, Droit des trangers, Fichiers informatiques, last update of
1 June 2005, p. 891.

346

Chapter 11

les of opposition which are les on third-country nationals, compiled for

example by the Minister of the Interior on the basis of the FPR, including the
reasons for not issuing a visa, as well as a le compiled by the chief of the consular post on undesirables. Through the RMV, the French authorities obtained
direct access to the data stored in the NSIS on the basis of Article 96 CISA
during application of a visa.
Based on a ministerial decree of August 2001, the French visa system was
replaced by a more extensive and modern version, known as RMV2.69 RMV2
can be considered a predecessor to the European VIS because it establishes a centralised system of visa applications. RMV2 includes dierent databases: a le on
visa applications, visas issued and visas refused. Moreover, RMV2 includes a le
on the persons or organisations inviting a visa applicant and the so-called consular
and central les of attention (chiers dattention). These latter les are comparable
to the former les of opposition in the original RMV. These les, held by either
the Ministries of Foreign Aairs and of the Interior or the local consular posts,
include information on third-country nationals whose visa applications merit
particular attention.
Direct access to the NSIS is regulated in Article 2 of the ministerial decree of
22 August 2001. The use of the Schengen consultation network with regard to
visa applications is implemented by a French decision of 1996.70 The aim of this
Rseau de Consultation Schengen is the mutual consultation between the Schengen
partners on certain sensitive visa applications. According to this French decision, information on visa applications can be stored for two years, except refusals
of visas which are to be stored for ve years. There is a right to direct access to the
data in this system, except data forwarded by other Schengen states. The decision
of 1996 provides that this consultation network be linked to the French World
Visa Network (Rseau Mondial Visa). In fact, the decision of March 1996
describes the Schengen network as a prolongation of the French system.
4.4. Fingerprinting Third-Country Nationals
The French government promoted the use of biometrics for the implementation of
border control and visa policy at an early stage. An amendment in 1997 to the
French Immigration Act (Loi Debr) provided for the possibility of collecting,
processing and storing the ngerprints of third-country nationals in AGDREF
(Article 83 of the former Act, replaced by L. 6113 of the Immigration Act 2004).71

69

70
71

Ministerial decree of 22 August 2001, JO 14 September 2001. A (partial) positive recommendation

on a draft text for this decree was issued by the CNIL on 15 May 2001, dliberation no. 01019.
Decision (Arrt) of 8 March 1996, JO 21 March 1996.
Act of 24 April 1997, no. 97396, JO 25 April 1997.

France

347

This measure was aimed at third-country nationals applying for a long-term

residence permit, who were found illegally on French territory or who were to be
expelled from French territory. In practice, ngerprints have not been stored in
AGDREF as a result of practical deciencies in this system. An important problem
was caused by the fact that much of the data held in AGDREF is out of date. For
example, as established by the French Data Protection Authority, the French authorities would fail to delete information from this database on persons who had acquired
French nationality.72 As we saw in the previous chapters, the same problem occurred
with regard to Eurodac and the NSIS.
Article 83 (or the new L. 6113) of the Immigration Act also allows agents
empowered explicitly by the Ministry of the Interior and the state police (gendarmerie) to consult the central ngerprint database (Fichier automatis des empreintes
digitales or FAED) which is used for police purposes.
In its decision of 22 April 1997 on the draft of this Loi Debr, the French
Constitutional Council rejected the argument from complainants that the
administrative measure of taking and recording the digital ngerprints of foreigners applying for a residence permit would include an excessive breach of
individual liberty as protected in the French Constitution.73 However, the proposed possibility in this law to give ocials of the Ministry of the Interior and
the gendarmerie access to les of digital ngerprints belonging to the French
organisation for the protection of asylum seekers and stateless persons (Oce
franais de protection des rfugis et apatrides or OFPRA) was considered contrary
to the constitutional protection of asylum seekers.
An amendment to the Immigration Act in 2003 extended the possibility of collecting ngerprints with regard to third-country nationals who have been checked
when crossing external borders and who did not possess the necessary documents
for legal entry.74 This included a new Article 84 (now: L. 6116) allowing for the
collection, storage and electronic processing of digital ngerprints and photographs of visa applicants, at a consulate abroad or at the external borders of one of
the Schengen States.75 Based on this provision in the Immigration Act,
the Minister of Foreign Aairs issued a decree on 25 November 2004 on the

72

73
74
75

In December 2005, the vice-president of CNIL referred to hundreds of thousands of French

nationals who are wrongly stored in AGDREF. Oral hearing of the committee of inquiry on
immigration, French Senate, Hearing 21 December 2005, http://www.senat.fr/bulletin/20051219/
immigration.html#toc5.
Conseil Constitutionnel no. 97389 DC, 22 April 1997, JO 25 April 1997.
Loi no. 20031119, JO 27 November 2003.
F. Julien-Laferrire, La loi no 20031119 du 26 Novembre 2003 relative la matrise de
limmigration, au sjour des trangers en France et la nationalit, in: J.Y. Carlier & Ph. De
Bruycker, Immigration and Asylum Law of the EU: current debates, Paris: Bruylant 2005, p. 530 .

348

Chapter 11

experimental establishment of a central database for the storage of ngerprints of

visa applicants.76 The database, to be used for two years at seven consulates and
some border police posts, holds information on each visa applicant, including his
or her digital ngerprints and digital photographs. This experiment implies creating the rst database in France with an integrated registration of (and access to)
biometric data and other personal information. On the basis of Article 7 of the
ministerial decree, the visas issued by the French authorities will contain a special
electronic device, including the personal and biometric data of the visa holder.
This device can be a contactless chip, which should be suciently secured to protect the visa holder against risks of intrusion or dtournement de pouvoir. In 2006,
the government extended the term of the pilot by three years, and also extended
its scope of application.77
The French Data Protection Authority, CNIL (Commission Nationale Informatique
et Liberts, see section 5 below), concluded that the establishment of a le with biometric data on an experimental basis was acceptable, provided the law strictly dened
the conditions for management and access and that security measures were taken.78
However, the CNIL opposed the registration of biometric data of those third-country
nationals whose visas had been refused, considering this neither justied nor necessary. In its advice on this proposal, the CNIL explicitly motivated this by arguing
that, for the implementation of border control, only the fact of being in possession of
a visa is relevant, not whether he or she has previously applied (or not) for a visa. The
CNIL repeated its concerns about the risk of stigmatising those persons who are
refused a visa in a statement published on 21 December 2004, since these persons,
being entered into this system, would be refused a renewed application for a visa.79
The French experiment with storing ngerprints of visa applicants can be seen as a
pilot for the European Visa Information System or VIS. As we have seen, the VIS will
contain biometric data on visa applicants whose applications are rejected.
4.5. ELOI: File on Expelled Persons
Based on a ministerial decision (arrt) of 30 July 2006, a new le has been
established to facilitate the expulsion of irregular immigrants.80 In this new database, or ELOI, personal information will be stored for three years. This time
limit begins after the case on the person has been closed. The le includes, among

76
77

78
79
80

Decree of 25 November 2004, no. 20041266, JO 26 November 2004.

Dcret of 26 April 2006. See GISTI, Les Visas, Les Cahiers Juridiques, Paris: GISTI September
2006, p. 12.
Opinion no. 2004075, 5 October 2004, JO 4.12.2004.
See Lexprimentation de visas biometrique: la position de CNIL, advice of 21 December 2004.
JO no. 190, 18 August 2006.

France

349

other things, a photograph of the third-country national, the languages spoken,

his or her profession, as well as information about any children, the persons with
whom the third-country national was staying in France and persons who visited
the third-country national during his or her detention for expulsion. French
NGOs, including Cimade, GISTI and the Ligue de Droits de lHomme lodged a
request in October 2006 for annulment of this new measure before the French
Conseil dtat.81 In March 2007, the Conseil dtat annulled on procedural
grounds the decision of 30 July 2006.82 The Conseil dtat ruled that the adoption of the ELOI decision failed to meet the requirements of Article L. 6113
and L. 6115 of the French Immigration Act according to which such a decision
must be taken in a procedure before the Conseil dtat and following the advice
from the CNIL, the French Data Protection Authority.

5. Rights and Legal Remedies in Data Protection Law

5.1. Background to French Data Protection Law
The French Act on Data Processing, Data Files and Individual Liberties (Loi relatif linformatique, aux chiers et aux liberts, hereafter LIFL) belongs to the
so-called rst generation of legislation on data protection.83 The public debate on
the so-called Safari Plan with regard to the joint use of all electronic les in the
public sector encouraged the legislator to publish the rst drafts of privacy bills.84
The ministerial decree of 8 November 1974 included the governments intent to
propose, within six months, measures to guarantee that the development of
information technology in the public, semi-public and private sector would be
realised, respecting private life, individual liberties and public liberties.
A Commission on Information Technology and Freedoms (Commission
Informatique et Liberts) was set up to investigate the situation in France and
other countries and to study the earlier work done by organisations such as the
OECD, UNESCO and the Council of Europe. On 27 June 1975, this commission presented the Rapport Tricot to the French President, which included a

81
82
83

84

http://www.gisti.org/doc/actions/2006/eloi/index.htm.
CE Decision of 13 March 2007, no 297888, 297896, 298085.
Loi no 7817 of 6 January 1978 relative linformatique, aux chiers et aux liberts. Last
amendment by Loi no 200664 of 23 January 2006, JO 24 January 2006. An English version
can be downloaded from http://www.cnil.fr.
See also A.C.M. Nugter, Transborder Flow of Personal Data within the EC. A comparative analysis of
the privacy statutes of the Federal Republic of Germany, France, the United Kingdom and the Netherlands
and their impact on the private sector, Deventer: Kluwer Law Taxation Publishers 1990.

350

Chapter 11

draft bill.85 This draft included a proposal for the establishment of a national
Commission on Information Technology and Liberties (Commission Nationale
Informatique et Liberts, hereafter referred to as the CNIL) to be assigned supervisory, consultative and regulatory functions. Due to amendments required by
the French Senate, this Commission was to be partly composed of members of
the parliament. The Senate amended the original legislative proposal in order to
extend the scope of applicability to non-automated les. Instead of Loi relatif
linformatique et aux liberts, the French data protection law became the Loi relatif
linformatique, aux chiers et aux liberts.
Article 1 LIFL includes the general principle which lies at the heart of French
data protection law:
Information technology should be at the service of every citizen. Its development
shall take place within the context of international co-operation. It shall not violate
human identity, human rights, privacy or individual or public liberties.86

This principle illustrates the broader scope and goals of the French data protection
law, compared to other national laws. On the one hand, it arms that data
processing, in the rst place, should serve every citizen and should not be in
breach of the citizens rights, private life or his human identity. This positive
motivation for data processing would explain why the explanatory memoranda
to bills introducing new databases always emphasise the positive eects for individuals as well. For example, Articles 8.3 and 8.4 of the French Immigration Act
dealing with the registrations of third-country nationals start with the sentence:
To ensure a better protection of the rights of residence of third-country nationals
in a regular situation.87 On the other hand, this general principle conrms the
importance of international cooperation in this eld. The French law emphasises
the liberties of citizens, whereas the German law and, later, the Dutch law, are
more focussed on the protection of privacy or personality.
Since 1978, the French Data Protection Act has been amended several times,
including amendments to adapt the LIFL to the current provisions and standards of EC Directive 95/46 on the protection of personal data. Although the
French Data Protection Act was a model for this Directive, the French legislator
was obliged to rephrase its national principles in accordance with the wordings
chosen in the Directive. For example, the former Article 2 of LIFL included the

85

86

87

Rapport de la Commission Informatique et Liberts, Tome I et II, La Documentation Franaise,

1975.
LInformatique doit tre au service de chaque citoyen. Son dveloppement doit soprer dans le
cadre de coopration internationale. Elle ne doit porter atteinte ni lidentit humaine, ni aux
droits de lhomme, ni la vie prive, ni aux liberts individuelles ou publiques.
An de mieux garantir le droit au sjour des personnes en situation rgulire.

France

351

important principle forbidding decision-making with legal or judicial eects in

relation to individuals, based solely on the automated data processing intended
to evaluate certain aspects of the data subjects personality. Based on this French
principle, a comparable provision was provided in Article 15 of EC Directive
95/46. This Article 15 however added two exceptions to the general prohibition
of automated decision-making: with regard to the signature or execution of a
contract concerning which the individual was given the opportunity to put forward his or her opinion and with regard to decisions which satisfy the demands
of the person concerned. These more limited wordings in the EC Directive have
been incorporated into the denition of the new Article 10 LIFL.
Also based on the EC Directive, the French legislator introduced the possibility
of the appointment of data protection ocials in business or local communities,
similar to existing provisions in Germany, Sweden and the Netherlands.88
Hereafter, I refer to the French Data Protection Act of 2004 as LIFL 2004.
5.2. Third-Country Nationals and the Right of Data Protection
Based on the wording of Article 1 LIFL, information technology should be at the
service of every citizen, one could doubt whether this general principle and the
further rules of data protection apply indiscriminately to citizens and non-citizens.
In general, French law provides for dierentiation with regard to the protection of
constitutional rights for foreigners: it is accepted that not every constitutional
right applies in the same way to French citizens and foreigners. With regard to the
right of privacy and data protection, their applicability to third-country nationals
seems to be inuenced on the one hand by the jurisprudence of Article 8 ECHR
of the Strasbourg Court and, on the other hand, by the opinions of the
Constitutional Council. This institution made clear in dierent advisory opinions
regarding draft laws on the registration of foreigners, that legal safeguards as protected by the French data protection act also apply to third-country nationals. In
its opinion of 13 August 1993, the Constitutional Council referred to the fact
that the legislator explicitly extended the application of the data protection act to
third-country nationals.89 With regard to the draft law regarding the storage of
ngerprints of foreigners applying for a residence permit, the Constitutional
Council stated in its decision of 22 April 1997 that it is the task of the legislator to
determine the measures applying to third-country nationals, while respecting the
constitutional principles and taking into account the public interest involved.90
In this decision, the Council stressed the link between, on the one hand, the right
88
89
90

Loi no. 2004801, 6 August 2004, JO 7 August 2004.

Conseil Constitutionnel no. 93325 DC, 13 August 1993, JO 18 August 1993.
Conseil Constitutionnel no. 97389 DC, 22 April 1997, JO 25 April 1997.

352

Chapter 11

to individual liberty and the guarantees as provided by the French Data Protection
Act and, on the other hand, the requirement of the proportionality between the
infringement of this liberty and the proposed police ngerprinting measures. As
we saw in section 4.4, the Constitutional Council decided with regard to this proposal that ngerprinting in general was not disproportionate. However, the proposed access by security agents to the les of the French authority responsible for
asylum applications (OFPRA) was rejected, since this access would deprive asylum seekers and refugees of their constitutional protection to asylum which
includes the condentiality of their data.91
5.3. NSIS and Applicable Rules
In general, the French Data Protection Act applies to the management and use of
the NSIS. However, there are certain exceptions or limitations concerning the
applicability of LIFL.92 For example, according to Article 7 of the decree on the
NSIS of 6 May 1995, the right of opposition or the right to demand the prohibition of further processing of ones personal data does not apply to the NSIS.
In the following sections, I will describe other exceptions to the rights and legal
remedies of third-country nationals stored in the NSIS.
5.4. Duty to Inform the Data Subject
Article 32 . LIFL provides for the duty of responsible persons or authorities to
inform the data subject of the purpose, consequences and destination of personal
information held. The person should also be informed of his or her rights. This
duty does not apply, on the basis of Article 32 V and VI, to les used on behalf
of the State for the purpose of national security, defence and public order, or for
the purpose of the enforcement of criminal convictions or security measures if
this exception is necessary for the purpose pursued. Moreover, data processing
for the purpose of the prevention, investigation, establishment or pursuit of
criminal facts does not fall within the duty to inform the data subject. From this
general rule, one could deduce that the authorities are not obliged to inform
third-country nationals of their registration in the NSIS for the purpose of nonadmission because these reports are generally justied by the authorities as serving
to maintain the public order.
5.5. Right to Access, Correct or Delete Data
5.5.1. Direct and Indirect Access
The French Data Protection Act distinguishes between direct and indirect access
by individuals to their personal information held in data les. Article 39 .
91
92

See, for a more detailed analysis, Preuss-Laussinotte (2000), p. 235.

Dcret no. 95577.

France

353

LIFL describes in general the right of access. With regard to data processing in
the interests of national security, defence or public order, the individual request
for access has to be addressed to the French Data Protection Authority or the
CNIL (see the following section), in accordance with Article 41 LIFL. This
Authority will then appoint one of its members to begin the necessary investigation and procedures. The CNIL has to inform the person that a member of the
CNIL has started the verication procedure.
With regard to the right of access to the data held in the NSIS, Article 6 of the
NSIS decree of 6 May 1995 stipulates that the right to access is to be exercised in
conformity with Article 39 (now 41) of the LIFL. This means that the right of
access has to be asserted through the CNIL.93 Based on a theory of indivisibility
of data les, it was generally accepted that if a public le contains information
which should be kept secret in the interests of national security, direct access to
the whole le should be denied. Before 2002, with regard to a request for access
to the NSIS, the NSIS was considered an indivisible le. In the light of the
partial use of the NSIS for national and public security purposes, both the government and the CNIL considered the procedure of indirect access applicable.
In a judgment of 6 November 2002, the highest French administrative court
(Conseil dtat) departed from its earlier jurisprudence on indivisibility with
regard to information stored on the basis of Article 96 CISA.94 In this case,
Moon, the head of a religious movement, applied for access to the information
entered in the NSIS on behalf of the German authorities on the basis of Article
96 CISA. Mr. and Mrs. Moon are South Korean nationals, who are resident in
the United States and leaders of the religious organisation known as the
Unication Church.95 The reason for this (extended) registration is based on
German concerns that the visit by Mr. and Mrs. Moon (born in 1920 and 1942
respectively) would pose a threat to the public order. Mr. Moon and his wife
started procedures in dierent EU Member States in order to be granted access
to one of those countries, despite the German alert.
In its judgment, the Conseil dtat explicitly distinguished between, on the
one hand, information held in the NSIS, communication of which would aect
the interests of national security, defence or public order and, on the other hand,

93
94

95

Dcret no. 95577.

CE 6 November 2002, Sun Myung X (Moon), no. 194295219587. Most of the jurisprudence
of the Conseil dtat and other French courts can be downloaded from http:// www. legifrance
.gouv.fr, or, partially, via: http://www.conseil-etat.fr/ce/home/index.shtml. This judgment has
been commented upon by R. Errera in: Public Law, 2003, p. 187.
As we will see in the next chapters on Germany and the Netherlands, the Moon couple lodged
judicial remedies against this SIS report in those countries as well. Only in 2007, on the basis of a
decision of the German Federal Administrative Court, the German authorities withdrew the alert
on Mr. Moon. The report on Mrs. Moon remained in the SIS on the basis of a French decision.

354

Chapter 11

information which would not aect these interests if communicated. With regard
to the second category, the highest administrative court decided that the responsible authorities, or the CNIL with the consent of these authorities, would have
to communicate these data to the person concerned. In order to implement the
consequences of this judgment, the French legislator amended Article 39 LIFL.96
Based on this amendment, information can be communicated directly by the
CNIL to the person concerned, if the CNIL concludes that the communication
of the personal data to the data subject does not interfere with the interests of
national security, defence or public order. The amendment also made it possible
for the regulation which is the basis for the data processing in the eld of security, defence or public order, to provide for the possibility of giving the person
concerned direct access to his or her data, if this does not interfere with the
goals of the les.
With regard to the information held in the NSIS, this means that the right to
indirect access still applies. Only if this would be provided for in a special regulation, a right to direct access would be possible but, so far, such a regulation has
not been adopted.97 In 2005, the extended power of the CNIL to communicate
insensitive information directly to the person concerned was restricted again.
Based on a decree from 2005, this information may not be communicated by the
CNIL if this is prohibited by the authority responsible for the data processing.98
This means that it is no longer the CNIL which decides whether the information
can be directly communicated or not.
Notably, with regard to the establishment of the French visa information system,
or RMV2 (see above), the legislator has chosen for a mixed right to access in
Article 6 of the decree of 22 August 2001.99 With regard to the information recorded
in respect of visa applications, the applicants can assert their rights to access directly
with the consulate or embassy where the visa application was lodged, however, information which has been recorded in attention les (chiers dattention) which is likely
to pose a risk to state security, defence or public security, is only accessible thro ugh
the right of indirect access, which is through the mediation of the CNIL.
5.5.2. Application for a Right to Access and Time Limits
The LIFL itself does not include a time limit within which the CNIL has to deal
with the request from the data subject. More specic rules for the implementation
96
97

98
99

Loi no. 2003239 of 18 March 2003.

The organisation Cimade, in its report on administrative retention of 2003, criticised the lack of
an individual right to direct access with regard to SIS and advocated the adoption of such a rule,
p. 135.
Dcret no 20051309, JO 22 October 2005.
Ministerial decree of 22 August 2001, JO 14 September 2001.

France

355

of LIFL are laid down in the ministerial decree of 20 October 2005.100 Articles
8687 of this decree deal with the right to access to les relevant to state security,
defence or public security. In accordance with Article 87, the CNIL should
respond within four months to an application for access (this means informing
the applicant of the facts discovered by the CNIL). Within this period of four
months, the national authority to which the CNIL has forwarded the individual
application has a period of three months within which to respond. If the CNIL
is to collect information from a data protection authority in another EU Member
State or a third country, this period of four months will not commence, according
to Article 87 (3), until the CNIL receives the information from these authorities.
This means that persons applying for information about their record in the NSIS
can face lengthy delays before the Data Protection Authority will respond to
their application. Especially in the case of third-country nationals threatened
with expulsion based on information stored in the NSIS, the road to the CNIL
will often prove ineective.101
The length of the procedures of indirect access through the CNIL can be illustrated by a case which was brought before the Conseil dtat in 2004.102 This case
concerned an individual who applied to the CNIL for the right to indirect access
to his data, held in the NSIS. He was informed by the CNIL on 28 November
1997 that a member of the CNIL had started investigations. By a decision of the
administrative court in Paris of 26 May 1999, the CNIL was ordered to reply
within two months. Almost four year later, during which time the CNIL did not
respond, the CNIL was again ordered to reply, this time by the highest administrative court, in a judgment of 12 February 2003. Finally, in an answer of
17 November 2003, nine months later, the CNIL informed the applicant about
his NSIS report. In its judgment of 5 July 2004, when the case was again brought
before this court, the Conseil dtat did not refer to the length of time within
which this procedure took place. The Court only established that the CNIL did
nally respond to the request from the applicant which would have rendered
null and void the application for the annulment of the CNIL acts.103
5.6. Composition, Tasks and Powers of the French Data
Protection Authority (CNIL)
The French Data Protection Authority (CNIL) consists of 17 members: four
Members of the French Parliament (two from the Senate and two from the
100
101
102
103

Dcret no 20051309, JO 22 October 2005.

This problem was highlighted in the Cimade report on administrative detention of 2003, p. 133.
Conseil dtat, CE 5 July 2004, X, no. 210185.
In its annual reports, CNIL acknowledged the length of these procedures. See, for example, the
24th report on 2003, p. 51.

356

Chapter 11

National Assembly); two members of the Economic and Social Council (Conseil
conomique et social ); two members or former members of the Council of State
or Conseil dtat; two members or former members of the Cour de Cassation; and
two members or former members of the French Court of Auditors (Cour des
Comptes). Only ve persons are designated as members for the CNIL because of
their knowledge of information technology or questions with regard to individual liberties. Three of these ve specialists are assigned by the government and
two by the French parliament. The composition of the CNIL has changed over
the years. An important role was lled by Jacques Fauvet, who was chairman of
the CNIL between 1984 and 1999 and who, as we saw above, criticised the
development of the SIS.
The CNIL has primarily advisory tasks. Article 25 LIFL describes the data les
which require a positive opinion from the CNIL before their installation. Since
the French Data Protection Act was amended in 2004, Article 26 LIFL provides
for an important exception to this principle of prior authorisation by the CNIL.
Files in the interests of national security, defence or public security, or les used
for the prevention, investigation, establishment and pursuit of criminal oences
or the enforcement of criminal punishments or security measures no longer
require prior approval. According to Article 26 LIFL, these measures only need a
motivated and published opinion from the CNIL. This means that police forces
can establish new les, even if the CNIL has given a negative opinion on the proposal concerned. For example, in early 2005, the legislator proposed the reinstallation of a database on people accommodating third-country nationals (chier
relative aux hbergeants). This le has a long history within the French administration and has been previously withdrawn. The proposal for re-installation was
criticised by the CNIL. In its opinion of March 2005, the organisation criticised
the extended scope of the information to be held in this le.104 The conclusions
in this opinion were only partially followed by the legislator when adopting the
nal decree on the database.105
Initially, the CNIL had only limited powers. On the basis of Article 45 . LIFL,
the French Data Protection Authority can issue a warning against the responsible
organisation or authority failing to comply with the rules of the French Data
Protection Act. If this organisation or authority does not act upon this warning,
the CNIL may impose a nancial penalty or order the blocking of the data
processing. Since the amendment of LIFL in 2004, the CNIL has had the option
of imposing nancial sanctions if the authority or organisation concerned does

104

105

CNIL, Dlib. no. 2005052, 30 March 2005, see Bulletin Dictionnaire Permanent Droit des
trangers, no. 137, September 2005, p. 6818.
Decree no. 2005937, 2 August 2005, JO 6 August 2005.

France

357

not observe the sanctions issued by the CNIL.106 These sanctions may include
nes up to a maximum of 150,000 for the rst oence, up to a maximum of
300,000 in case of repeated oences within ve years of the rst sanction by the
CNIL becoming denitive. This new competence means an important extension
of the powers of the CNIL.107 In June 2006, the CNIL used this new competence
for the rst time and imposed a ne of 45,000 on the French bank Crdit
Lyonnais. The bank was ned following repeated complaints from customers who
were wrongfully registered in central databases of this company.108
In addition to this power of the CNIL to impose sanctions, new oences have
been added to the criminal code, punishable by nes of between 100,000 and
300,000 or even three to ve years of imprisonment.109 These oences include, for
example, failure by the authority or person responsible for the data processing to
inform the individual of the purpose and use of the le and of his rights. Also, if the
data processor exceeds he applicable time limits for the storage of information or is
keeping data for purposes other than prescribed, this person or organisation risks a
ne or imprisonment. The CNIL may submit such cases to the public prosecutor if
it nds that the rules of the French Data Protection Law have been breached.
During the period under study, the CNIL had only ve ocials available for its
control and investigative functions. This means that systems such as the NSIS,
AGDREF and the visa les were rarely, if ever, properly checked. In a press statement in 2005, Alex Trk, president of the CNIL, referred to the increasing number
of applications for access to police les which were received by the CNIL.110
According to this statement, this increase was directly related to the dierent new
measures which had recently been taken by the French government in the ght
against terrorism. In the same statement, the president of the CNIL stressed that
the organisation was no longer equipped to handle the large volume of individual
requests and that, therefore, new nancial resources would be necessary.
5.7. Practical Information on the Right to (Indirect)
Access to NSIS Information
The annual reports of the CNIL oer valuable statistical information on the use
of the individual right of (indirect) access to data held by government
106
107

108

109

110

Loi no. 2004801, 6 August 2004, JO 7 August 2004, p. 14063.

C. Pallez, LExercice du pouvoir de sanction est une rvolution culturelle pour la CNIL, Petites
aches, 29.09.2004, no. 195, p. 3.
Communication of 4 September 2006, see http://www.cnil.fr. This decision was also published
in the French newspapers Le Figaro and La Tribune of 15 August 2006.
Based on the ministerial decree on the implementation of LIFL, Code Pnal, Articles 22616
to 24.
Press statement of 20 April 2005.

358

Chapter 11

organisations.111 This also includes data on the annual number of applications

with regard to the NSIS. Between 1999 and 2003, approximately 50% of the
individual demands for indirect access submitted to the CNIL concerned data
held in the NSIS. For example, in 2000, 397 of the 817 applications for indirect
access concerned the NSIS and in 2003, 599 of the 1,163 applications. Since
2003, this relative number of applications with regard to the NSIS dropped.
Although, in 2004, there was an important increase in applications for access in
general, this did not concern the NSIS alerts. Nonetheless, of the total number
of 1,970 applications received by the CNIL, 548 concerned the NSIS. The
annual report for 2005 does not refer to the general number of applications for
indirect access but, in this year, 410 applications concerned SIS alerts.
The annual reports of the CNIL also include information on the results
achieved with regard to the individual claims submitted to this organisation.
According to the annual report for 2005, between 1995 and 2005 the CNIL
received a total of 3,142 requests for access with regard to the NSIS. Of these
3,142 applications, 1,059 persons were actually registered in the NSIS. Thirtyseven percent of these reports were entered by the German authorities, 0.7% by
the Dutch, 41% by the French and 16% by the Italian authorities. Following
intervention by the CNIL, 377 of those 1,059 reports investigated by the CNIL
had to be withdrawn from the NSIS. In other words, 35.6% of the les investigated proved unlawful or wrong.112 Note that in 2003 and 2004 this relative percentage of SIS alerts to be withdrawn was higher: of the total of 747 SIS les
investigated by 2003, 308 had to be deleted, i.e. 41%. In 2004, of the 913 les
investigated, 337 (or 37%) of the SIS alerts had to be withdrawn113
According to the report as forwarded in reply to a questionnaire from the
Schengen Joint Supervisory Authority in 2004 on the implementation of Article
96 CISA, the applicable time limits of three years had been observed by the
French authorities.114
5.8 Right to Legal Remedies
The LIFL does not provide specic rules on legal remedies, nor does this law
mention which rules apply when, for example, an individual request for access or
correction of his or her data has been refused. It is doubtful whether this lack of
an explicit reference to a judicial remedy in the French Data Protection Act is in

111

112
113
114

The reports are published at http://www.cnil.fr and http://www.lesrapports.ladocumentation

francaise.fr.
26th Rapport dActivit CNIL for 2005, published in 2006, p. 23.
See the 24th Report for 2003, p. 50 and the 25th Report for 2004, pp. 4647.
Unpublished report of CNIL, 2004.

France

359

conformity with the provision of Article 22 of EC Directive 95/46 on the protection of personal data or Article 111 CISA. Article 22 requires national law to provide for judicial remedies, even if administrative procedures before the national
data protection authority are available. However, the general rules of administrative law apply to decisions by the public authorities. This also applies to decisions
by the CNIL, which is an administrative authority. An individual may therefore
lodge an administrative appeal against the decisions of the CNIL.115

6. Rights and Remedies in Immigration Law

6.1. General Background to Immigration Law
Since 1980, French immigration law has undergone successive, major amendments. This permanent modication illustrates the political and sensitive character of immigration law. This feature is not typical of France. It occurs in other
EU countries as well. By amending immigration law (and giving these amendments their own names), successive Ministers of the Interior often responded to
current events, apparently more for political than for pragmatic reasons. For
example, in response to the terrorist attacks of 19851986, the Loi Pasqua tightened up the existing rules on expulsion and promoted the instrument of visa policy as a weapon against terrorism. In 1993, in order to deal with the increase in
numbers of refugees coming from Eastern Europe, the same Minister presented
the second Loi Pasqua, referring to a new, so-called zero immigration policy
(immigration zro). Again, in response to terrorist bombings in Paris, the Loi
Debr of 1997 tightened up the immigration rules and provided for the possibility of storing ngerprints. A more liberal approach to immigration was included
in the amendments of the Loi Chevnement of 1998. These amendments were
based, among other things, on the report by Patrick Weil of 31 July 1997, in
which a more liberal visa policy was advocated in order to improve the image of
France abroad.116
An important and major revision project was implemented by the Loi Sarkozy
of 26 November 2003 (hereafter the Immigration Act 2003).117 One of the stated
aims of this law was to ensure more ecient and fair immigration control, including the ght against illegal immigration and improvement of the expulsion policy.

115

116
117

See, for example, the judgment of the Conseil dtat, CE 5 July 2004, no. 210185, referred to
in section 5.5.2 above.
See http://www.ladocumentationfrancaise.fr/rapports-publics/994001043/index.shtml.
Code de lentre et du sjour des trangers et du droit dasile. Loi no 2003-1119, JO 27
November 2003.

360

Chapter 11

The Immigration Act 2003 included certain amendments to the law on residence
permits, with the stated aim of improving the integration of legally resident foreigners. For example, the Loi Sarkozy limited the possibility of the so-called
double punishment (double peine) whereby a judge in a criminal court could
order, in addition to the imprisonment of a convicted foreigner, his expulsion
upon release.118 Commentators criticised this so-called lifting of the double peine,
arguing that the Loi Sarkozy only modied the applicable rules and in fact
extended its application to new oences.119
In 2004, French immigration law had been re-codied to produce a more
readable text.120 Only two years later, the second immigration law reform project
of Minister Sarkozy was adopted by the French parliament. This Loi Sarkozy
2006 or the Law on Immigration and Integration (Loi relative limmigration et
lintgration) included stricter rules for the admission of third-country nationals,
including in the eld of family reunication, and provided for less stringent rules
with regard to the admission of certain categories of migrants, including labour
migrants, students and researchers.121 In the following sections, I will refer to this
new law as Immigration Law 2006.
6.2. Amendments to French Immigration Law and the NSIS
Some of the amendment projects described above included changes with regard
to the applicable law on the use of the NSIS and the availability of legal remedies.
The most important amendments which are relevant to the use of the NSIS, concern the (re-)introduction of the duty to motivate visa refusals, the establishment
of a special commission responsible for re-examining visa applications after a
refusal by the consul, and the various amendments withdrawing or reintroducing
the suspensive eect of an appeal against an expulsion.
Below, I will describe the relevance of the interim procedures before the
administrative court with regard to immigration law procedure, as provided in
Articles L. 521-1 and 5212 respectively of the Code de Justice Administrative.
These remedies include the so-called rfer-suspension and rfer-libert. As we will

118

119

120

121

See D. Turpin, Les nouvelles lois sur limmigration et lasile dans le contexte de lEurope et la
mondialisation, Revue critique de droit international priv, 93 (2) avril-juin 2004, p. 311393.
F. Julien-Laferrire, La loi no. 2003-1119 du 26 Novembre 2003 relative la matrise de
limmigration, au sjour des trangers en France et la nationalit, in Carlier & De Bruycker (2005),
p. 530558, and C. Saas, Exceptionalism and the rule of law in the EU: The changes in laws on
immigration and asylum in France in response to terrorist fears, paper for Elise, 2003. Published at:
http://www.libertysecurity.org; also published in Baldaccini & Guild (2006), p. 233 .
Code de lentre et du sjour des trangers et du droit dasile (Loi Reseda), Ordonnance no.
2004-1248, 24 November 2004, JO 25 November 2004.
Loi no 2006-911 of 14 July 2006, JO 25 July 2006.

France

361

see in the following sections, these remedies are especially important with regard
to expulsions based on NSIS reports.122 To use this procedure, two requirements
have to be fullled: rstly, the urgency of the case must justify suspensive
measures and, secondly, serious doubt must exist with regard to the lawfulness of
the decision. An appeal for a suspensive measure based on L. 521-1 should be
preceded by a procedure on the merits of the case.
Finally, for our subject it is important to refer to the French law on the rights
of citizens in their relations with the administration.123 According to Article 4 of
this law, each administrative decision should indicate the author of the decision.
Also, this law states that if the administrative authorities do not reply to an individuals application within two months, this silence is to be considered a refusal
of the application.
6.3. Duty to Motivate Decisions
Article 5 of the Immigration Act as amended in 2003 states that the access to
French territory may be refused to an alien whose presence would pose a threat
to the public order. Before 1986, these refusals had to be given in a written,
motivated decision. This requirement was based on the general principle in
French administrative law of 11 July 1979 that negative administrative decisions
should always be motivated.124 Since 1986, with the amendment of the French
Immigration Act (Loi Pasqua 1986, not to be confused with the Pasqua laws of
1993), decisions to refuse visas have been excluded from this general
requirement.125
In 1997, it was ruled that the aforementioned amendment would be contrary
to the obligations deriving from the French Data Protection Act with regard to
visa refusals based on information recorded in the NSIS. If the authorities were
not obliged to justify such decisions, data subjects would not be able to assert
their rights of access to the data le in accordance with the LIFL. This argument
had been forwarded by Patrick Weil in his report to the French legislator of
31 July 1997: it is necessary to provide the motivation for visa refusals in the case
of registration in the NSIS, to allow the person concerned to apply his right of

122

123

124
125

The availability and meaning of these suspensive procedures in immigration law are extensively
dealt with in the report of GISTI, Utiliser le rfr administrative pour la dfense des trangers,
Paris, November 2005, see http://www.gisti.org.
Act of 12 April 2000. Loi no 2000-321 relative au droits des citoyens dans leurs relations avec les
administrations. JO 13 April 2000. Entered into force on 1 November 2000.
Law on Administrative Justice of 11 July 1979, Code de Justice Administrative.
Article 16 of the Law no. 86-1 025, 9 September 1986, amending the French Act no. 79587
of 11 July 1979 with regard to the motivation of administrative acts.

362

Chapter 11

access through the CNIL.126 This consideration resulted, in 1998, with the
amendments of the Loi Chevnement, in the reintroduction of the duty of motivation with regard to certain categories of visa refusal.127 Since this amendment to
Article 5 (1) of the Immigration Act in 1998, the French authorities are obliged to
provide grounds for the reasons for the refusal of a visa in eight situations, except
if considerations of national security would prevent this motivation. One of these
situations is when the decision to refuse a visa is based on the fact that this person
has been reported in the NSIS for the purpose of refusal of entry.128
During the parliamentary debate, Minister Chevnement stressed the limited
scope of this duty to motivate.129 According to the Minister, this would not oblige
the authorities to disclose the real motives for the registration in the NSIS since
these motives could be kept condential. The only information to be communicated to the person concerned would be the fact he or she is registered and by
which country or countries. To nd out the reasons for the NSIS alert, the person
concerned would have to address these other countries.
According to the French Member of Parliament, Mr. Tavernier, this duty to
motivate visa refusals based on a registration in the NSIS would have led to an
explosive increase in judicial proceedings before the French Conseil dtat. This
jurisprudence will be dealt with in section 7.
6.4. Legal Remedies
6.4.1. The Position of the Administrative Court in Immigration Law
To understand the role of the court in French immigration law, it is necessary to
take into account several developments. Traditionally, French administrative
courts have only had a marginal role with regard to the functioning of the administration and the denition of law. This was a consequence of the general and,
perhaps, compared to other countries, stricter view with regard to the separation
of powers. It was held that the function of administrative courts was to ensure
the correct application of the law and not to dene the law, since this latter task

126

127
128

129

P. Weil, Rapports au Premier ministre. Mission dtude des lgislations de la nationalit et de

limmigration, Paris: La documentation Franaise 1997, p. 6566: il conviendrait de prvoir la
motivation des refus de visa en raison de linscription au SIS, an que la personne concerne
puisse ainsi utiliser son droit daccs la CNIL.
Loi no 98349 of 11 May 1998, JO 12 May 1998, p. 7087.
The seven other situations include, among others: persons who are a family member of an EU
or EEA citizen; family members of a French national; economic migrants who are entitled to
paid employment in France and students who are entitled under French law to receive higher
education.
Sessions 27 January 1998, JO Db. Snat, p. 444.

France

363

belonged to the sovereign power of the legislator. This exclusive role for the
legislator particularly concerned French immigration law. Applying judicial selfrestraint, administrative courts generally respected this discretionary power of
the administration. Since the late 1970s, the administrative courts, led by the
Conseil dtat, have started to play a more extensive role with regard to the eld
of immigration law. Their scope of review extended to dierent administrative
decisions relating to third-country nationals, including regulations, ministerial
circulars and individual expulsion orders. An initial reason for this extended role
by the administrative courts was the case law of the Strasbourg Court with regard
to the European Convention on Human Rights. On the basis of this case law,
it became clear that with regard to immigration measures too, the national
authorities should respect human rights as protected in the European Convention.
Another important role was played by the French NGOs. Civil rights organisations, such as GISTI, started a test case against the French government on behalf
of immigrants with regard to important institutional questions. Thirdly, the recognition of an extended role for the administrative courts was supported in different decisions of the Constitutional Council. This Council, established by the
French Constitution of 1958 as an advisory institution, departed in its conclusions from the traditional distinction between judicial and administrative courts
( juges judiciaire and juges administratives). In Article 66 of the Constitution, the
juge judiciaire was opposed to the juge administrative, declared the guardian of
individual liberties. In various opinions, the Constitutional Council emphasised
that this constitutional protection of individual liberty applies to foreigners as
well.130 Despite the wording of Article 66, the Constitutional Council seemed to
favour the competence of the administrative courts with regard to the protection
of the rights and liberties of foreigners. In its decision on the Act to adopt the
CISA, the Constitutional Council explicitly referred to the guaranties in this
Treaty with regard to the protection of the respect for personal liberty.131 Since
these guarantees are to be provided by the French Data Protection Authority,
which is an administrative authority, the Constitutional Council implicitly
accepted the power of the administrative court in this matter.
Finally, one could refer to another important development with regard to the legal
protection of individuals under administrative law, which is the introduction of the
possibility of an application for interim relief before the administrative courts.132
As mentioned above, this new law provided the possibility for administrative courts

130
131
132

Conseil Constitutionnel, dcision no. 97389, 22 April 1997, JO 25 April 1997.

Conseil Constitutionnel, dcision no 91294, 25 July 1991, JO 27 July 1991.
Loi no. 2000-597 of 30 June 2000, JO 1 July 2000, entered into force on 1 January 2001.
Articles L. 521-1 and 5212 CJA (Code de Justice Administrative).

364

Chapter 11

to issue either a suspensive injunction (rfer-suspension) or an injunction of liberty

(rfer-libert). The former decision will, during the basic procedure, suspend the
administrative decision or measure. With the latter decision, the court may order
the administrative authorities to set the applicant at liberty. As we will see in the
following sections, these suspensive remedies are an important tool in the eld of
immigration law, especially for those decisions which are excluded from the general
rules on suspensive remedies, as provided in the French Immigration Act.
6.4.2. Legal Remedies Against a Refusal of Entry
French law does not provide for a special remedy against the refusal of entry. The
general administrative procedure, mentioned above, applies to these decisions.
A person refused entry will have to lodge an appeal against the notication of
refusal within two months. This appeal has no suspensive eect. The amendment
to the Immigration Act by the Loi Sarkozy of 26 November 2003 included the
duty for ocials to issue a written motivated decision of refusal of entry. This
decision may then be executed directly (Article L. 511-II (1) ). The person concerned should immediately, after having obtained this written decision, declare in
a written and signed statement whether he or she intends to use the possibility of
appeal against this refusal. These new requirements were meant to exclude the
possibility that, without the written and signed decision, the person could argue
before the court that he or she has not been informed of his or her rights. However,
in practice, this formal requirement to submit a written statement immediately
could imply a barrier on using legal remedies for a given individual.
As a general principle, the right to appeal against a refusal of entry should not
be impeded by excessively strict formal requirements. This was conrmed in a
judgment of 1 May 2005, where the French Cour de Cassation accepted a written
text including the words, I have a passport, I have all the documents, they are
with my sister, as a suciently motivated appeal against the refusal of entry.133
In 1989, the French legislator introduced the so-called Commission for Residence
Permits (Commission du sjour) which is an administrative consultative authority,
advising the head of police when dealing with a request for (the renewal of ) a
residence permit. The procedure before this Commission only applies to thirdcountry nationals with stronger ties to France. Since the amendment to the
Immigration Act of 1993 (Loi Pasqua), the powers of this Commission have
been limited. The heads of police or prfets are no longer bound by the decisions
of this Commission.134 After this Commission had been dissolved by the Loi

133
134

Court Cass. 1st civ., Jabeur, 18 May 2005, no. 04-50-053.

J.E. Malabre, Security of residence and expulsion: protection of aliens in Europe: the French
experience, in: Guild & Minderhoud (2001), p. 129.

France

365

Debr in 1997, the Loi Chevnement re-installed a new Commission, now called
the Commission du titre du sjour. However, its practical meaning remains
relatively weak.
6.4.3. Legal Remedies Against the Refusal of a Visa
Before 2000, third-country nationals whose visas had been rejected could lodge
an appeal against this refusal with the Conseil dtat as a court of rst and last
instance. Since 1 December 2000, visa applicants now rst have to address a
special commission of appeal (Commission de recours contre les dcisions de refus de
visa). Only when this commission sustains the administrative negative decision,
the person concerned may apply to the administrative court.135 The establishment of this special commission of appeal has been justied by the French legislator because of the enormous caseload weighing on the administrative court
with regard to decisions regarding visa refusals. As mentioned in section 6.3, this
increase in judicial procedures against visa refusals based on the NSIS, is said to
be linked to the new requirement of motivated decision-making as provided for
in the Loi Chevnement of 1998.136
This commission for appeals against visa decisions should be addressed within
two months of the individual having been notied of the refusal. The Commission,
which falls under the organisation of the French Ministry of Foreign Aairs, has
only an advisory role. When it advises the Ministry of Foreign Aairs to issue the
visa, the Ministry is allowed to uphold its initial negative decision. After having
applied to this Commission, the applicant is allowed to lodge an appeal with the
administrative court. The applicant may appeal against the negative advice of the
commission, or the renewed negative decision of the Ministry of Foreign Aairs.
Despite the compulsory procedure before this Commission, in an urgent situation
it is still possible for the applicant to lodge an appeal for a suspensive measure before
an administrative court in accordance with Article 521-1 of the French Administrative
Act. Although the administrative court applies strict criteria to assess the urgency of
the situation, the suspension of a visa refusal has been ordered in cases where this
measure seemed necessary to oer the applicant the possibility of caring for minor
children, a spouse or family members in need of help.137

135

136

137

Dcret no. 2000-1093, 10 November 2000, JORF. See further GISTI, Les visas en France,
La rglementation, les recours, les textes, Les Cahiers Juridiques, Paris: GISTI, May 2003 and its
updated version: Les Visas, Les Cahiers Juridiques, Paris: GISTI, September 2006.
See P. Hubert, De Schengen Amsterdam: Questions juridiques et solutions institutionnelles,
in: K. Hailbronner, P. Weil (eds), From Schengen to Amsterdam. Towards a European Immigration
and Asylum Legislation, Trier ERA Series of Publications, Vol. 29, 1999, p. 6573.
See, for the criteria as developed by the Conseil dtat, the report of GISTI, Utiliser le rfr
administrative pour la dfense des trangers, Paris, novembre 2005, p. 2021.

366

Chapter 11

The French law on visas is almost silent with regard to which criteria apply to
visa refusals or to the issue of visas. Therefore, traditionally, the administrative
court has only a marginal role in assessing the lawfulness of decisions by the
French authorities to refuse visas. Only if the court establishes that there has
been a manifest error of evaluation (erreur manifeste dapprciation) can the
administrative decision be annulled. The jurisprudence on visa refusals and the
NSIS, described in section 7, show that the Conseil dtat used this marginal role
on a regular basis to quash refusals of visas. Generally, these annulations are based
on the grounds that the third-country complied with all the general visa
conditions or that the visa refusal is in breach with his right to family life.138
6.4.4. Legal Remedies Against Expulsion
French law distinguishes between two categories of expulsion. The rst category
concerns the decision to expel foreigners who reside legally on French territory and
who are ordered to leave France for reasons of public order or national security.
This category of expulsion is regulated by Article L. 521-1 . of the French
Immigration Act 2006. The second category concerns the decision of the French
authorities to expel a person to the external border (reconduite la frontire), based
on the fact that this person is in France illegally. This expulsion decision is provided
for in Articles L. 511-1 and L. 5313 of the Immigration Act 2006.
Both decisions (expulsion and reconduite la frontire) can be issued by the local
prefects or by the Minister of the Interior. After 2001, the Minister of the Interior
addressed the local prefectures on several occasions, demanding a more active
expulsion policy with regard to unwanted or illegal third-country nationals.
In 2005, the Minister of the Interior published a report according to which,
between 2001 and 2005, the number of current expulsions increased by 68.6%.139
Procedures against expulsions in the rst category have no suspensive eect
(Article L. 523-1), however these persons are to be informed and heard in
advance. Only procedures against an expulsion in the second category (arrts
reconduite la frontire) will automatically suspend the decision for the rst
48 hours, unless this person is registered in the NSIS on the basis of a nal decision (dcision excutoire) by one of the other Schengen States, or if the expulsion
is based on a foreign expulsion decision.140 This latter exception was added by an
amendment to the Loi Sarkozy of 2003 and is based on Directive 2001/40 on
the mutual recognition of expulsion decisions.
The lack of suspensive remedies with regard to expulsion orders on the basis of
a foreign SIS report has been questioned in the French Parliament. In reply to
138
139
140

See GISTI (2006), p. 25.

Bulletin of the Dictionnaire Permanent Droit des trangers, no. 139 (2005), p. 6775.
See Articles L.512-2 jo. 5313 of the French Immigration Act.

France

367

these questions, the Minister of the Interior made it clear that foreign decisions
to register a third-country national in the NSIS are to be considered denitive
decisions. The Minister added that hypothetically it may be presumed that this
foreign decision is notied to the person concerned and that the applicable time
limits for appeal have expired.141 This presumption would, according to this
Minister, justify immediate expulsion since the person concerned would already
have had the possibility to appeal against the decision which forms the basis for
the SIS report.142 This presumption is, however, wrong because Article 96 CISA
does not include the requirement that the alert can only be based on a nal decision by national authorities. In practice, in France, but also (as we will see in the
next Chapters) in Germany and the Netherlands, third-country nationals do not
always have the right to appeal against the decision which forms the basis for
their registration in SIS.
As mentioned above, the persons to be expelled may invoke the suspensive
remedies as based on Articles L. 521-1 and L. 5212 of the French Administrative
Act. Both the rfr-suspensive and the rfr-libert could be relevant for a person
to be expelled on the basis of a SIS report, if the court is convinced of the need to
suspend the possible expulsion, or to order the liberation of this person if he is
detained in one of the French detention centres.143

7. Case Law
7.1. Introduction
Since the NSIS became operational, French case law with regard to the use of the
NSIS in immigration law has been steadily generated. Just one week after the
NSIS became operational, the administrative court of Strasbourg issued the rst
judgment on the NSIS, in which the court annulled a decision to expel a thirdcountry national on the basis of a SIS entry.144 The most important judicial
141

142

143
144

le signalement ne fait donc que rappeler lexistence dune dcision excutoire prise par un
autre membre, donc par hypothse, notie et dont les dlais de recours sont expirs. See the
ministerial answer to the question of Vuilque, no. 54624: JO 28 November 2004, p. 10386
and JO 22 February 2005, p. 1959.
Le signalement justie donc une reconduite sans dlai et sans recours suspensif ds lors que
lintress a dj eu la facult dexercer un recours contre la dcision excutoire qui est lorigine
de ce signalement.
See further the GISTI report of 2005, pp. 5960.
TA Strasbourg, 3 April 1995, M. Igel c/Prfet de la Moselle. See, for an overview of this early jurisprudence on NSIS, E. Aubin, Le juge administrative franais face lapplication de la Convention
de Schengen dans ses dispositions sur le droit dasile. Bilan juridictionnel de lapplication en
France des accords de Schengen, Revue de droit Public no. 32000, p. 829862.

368

Chapter 11

procedures involving Article 96 CISA are the procedures against expulsion orders
and the decisions based on which visa applications have been rejected. Other
procedures, which resulted in a lesser volume of case law, concern the refusal of
entry or a residence permit based on an Article 96 report.
Important milestones in the jurisprudence, even internationally, were the
Hamssaoui and Forabosco judgments by the Conseil dtat in June 1999.145 In the
rst judgment, which dealt with the refusal of short-stay visas, the court ruled on
the duty of the French authorities to inform data subjects on the State or authority issuing a SIS alert. In the second judgment, the court annulled the refusal of a
long-term visa, acknowledging the power of national courts to assess the legitimacy
of foreign decisions to report a third-country national in the NSIS.146
7.2. Duty to Inform the Data Subject
The duty of the French authorities to motivate their decisions based on registrations in the NSIS has been a regular subject of the decisions by administrative
courts in immigration law. With regard to refusals of visas, as well as with regard
to expulsion decisions or refusals of entry to the territory, the courts did not
accept the mere reference by French authorities to the existence of the SIS report.
In 1999, in the famous Hamssaoui judgment, the Conseil dtat ruled that decisions refusing a visa to a person, based on the fact that this person is registered in
the NSIS, should indicate the foreign state which entered the applicant in the
NSIS.147 The Court referred in this decision directly to the statements by Minister
Chevnement during the parliamentary debate on the amendments providing
for this duty to motivate certain categories of visa refusals. In its judgment, the
Conseil dtat uses the words state and authority. One could therefore argue
that, according to this Court, the authorities have to inform the visa applicant
not only of which State, but also of which specic authority within this State
reported the person into the NSIS . However, given the fact that the Court refers
to the parliamentary history of this provision (during which reference is only
made to the foreign state) and the fact that the Court does not give any other
explanation, it does not seem that the Court actually meant to extend the duty of
information in this way. In later judgments, the Conseil dtat refers only to the
State which reported the person in the NSIS (ltat auteur du signalement).148

145

146

147
148

CE 9 June 1999, Mme. Hamssaoui, no. 198344, 9 June 1999, and CE 9 June 1999, M. et
Mme. Forabosco, no. 190384.
See, for an extended analysis of these and other French judgments on SIS, Elspeth Guild,
Adjudicating Schengen: National judicial control in France, European Journal of Migration and
Law, 2000/1, p. 419439.
Decision of 9 June 1999, no. 198344.
CE 20 February 2002, Boucetta, no. 220420.

France

369

The Conseil dtat established further in the Hamssaoui judgment that the duty
to inform the applicant as mentioned above cannot be replaced by referring to the
possibility for the applicant to apply to the French Data Protection Authority for
his or her right of indirect access to the information.149 The same conclusion was
reached by the administrative court of appeal of Paris with regard to the decision
to refuse entry.150 This case concerned a third-country national, Minin, who had
been refused access to French territory based on a registration in the NSIS. During
the procedures of this case, the Minister of the Interior had argued several times
that the application for entry by Minin had to be considered a request for access
to his information. Therefore, according to the Minister, the applicant had to
apply to the French Data Protection Authority for his right of indirect access. The
higher court of Paris explicitly stated that such a reference could not replace
the obligation to motivate the decision to refuse entry in question.151
French jurisprudence is not clear on whether an administrative decision based
on the SIS information forwarded by other Schengen states should indicate the
reasons for these foreign reports. In a judgment of 20 February 2002, the Conseil
dtat decided that a French decision rejecting a visa, based on a SIS report,
should indicate the State forwarding this report to the NSIS, but not the reasons
for this report.152 A broader interpretation of the duty of motivation was given in
the aforementioned judgment in the Minin case. Here, the Paris court considered that the mere reference in the decision to the fact that Minin was a danger
to the public order, without mentioning any facts of circumstance, did not full
the legal obligations regarding motivation (as provided in the general administrative law of 1979, see section 6.3). In a decision of 2004, the administrative tribunal of Pau held that a decision by a prefect to expel a person on the basis of a
German SIS report was unlawful because the prefect failed to indicate the date
on which the German authorities had forwarded this report to the NSIS.153
An interesting issue was dealt with in the judgment of the Conseil dtat in the
Joorawon case of 10 January 2003.154 This case concerned the question of whether
the sole fact of being registered in the NSIS for the purpose of refusing entry to a
third-country national was sucient motive for the refusal of a visa, even if the
provisions of the CISA did not apply to the French overseas department, whose

149
150
151

152
153
154

See also the judgment CE 28 July 2000, no. 205435, Faifer.

Cour administrative dappel, decision of 18 January 2001, Minin, no. 99PA02845.
Other judgments in which lower courts held that the motivation for expulsion decisions based
on a SIS record was insucient: TA Nice 16 July 2002, Barzilay, no. 023061; TA Lille 16 May
2002, Valencia, no. 021741; TA Toulouse 24 October 2000, M. c/ Prfet de la Haut Garonne,
no. 003366.
CE 20 February 2002, Boucetta, no. 220420.
TA Pau, 18 November 2004, Anton, no. 0301352.
CE 10 January 2003, no 223395, Ali Mohamed Noorani Joorawon.

370

Chapter 11

consulate (at Port Louis, Mauritius) had refused the visa application. The
government, reasoned during this case, that even if the CISA did not apply to
the consulate concerned, the entry of the person into France would be contrary
to the public order of France, considering that the record in the NSIS was justied by the grave oences of which the applicant was accused. The Court rejected
this separate meaning or eect of a SIS report. Since the consulate erroneously
motivated the decision to refuse a visa, solely on the basis of the fact that the
applicant was reported in the NSIS for the purpose of being refused entry, the
consulate committed a legal error (une erreur de droit). This error could not be
replaced by the argument of the Minister of Foreign Aairs that, based on the SIS
report, the entry of the person could be regarded as a danger to the public order.
Even if this latter ground could have been a legally justied ground for refusal of a
visa application, this did not legitimise the refuted decision, which was taken solely
and mistakenly on one ground. In later judgments, the French Conseil dtat did
however accept this so-called substitution of motivation, in which the government replaced the initial (unlawful) motivation for a negative decision during the
proceedings for a lawful motivation.155
7.3. Assessing the Validity of Foreign SIS Reports
In general, French law includes the principle that an administrative decision can
be annulled by the court if this decision is based on prior, unlawful decisions.
In 1994, the Conseil dtat ruled that French courts were not competent to assess
the legality of foreign decisions.156 However, in its Forabosco judgment of 9 June
1999, the Conseil dtat departed from this line.157 In this decision, the Conseil
dtat explicitly conrmed the competence of the administrative courts to deal
with the question on the lawfulness of a foreign report in the NSIS based on
Article 96 CISA. The case concerned a Romanian national, Ms. Forabosco, who
was married to a French national; both were resident in France. Planning to stay
with her husband, she applied for a visa for a longer stay at the French consulate
in Bucharest. This visa was refused on the basis of the German registration of
Ms. Forabosco in the NSIS. In its judgment, the Court explicitly stated that, it
is the task of the administrative court, dealing with an individual appeal against
an administrative decision which is based on a report for non-admission, to

155
156

157

See, for example, CE 6 February 2004, no. 240560, Hallal.

CE 22 July 1994, Chambre syndicale du Transport Arien and CE 29 December 1997, Thorel,
see: Emmanuel Aubin, Le juge administratif franais face lapplication de la Convention de
Schengen dans ses dispositions sur le droit dasile. Bilan juridictionnel de lapplication en
France des accords de Schengen, Revue du Droit Public, no. 3, 2000, p. 847.
CE 9 June 1999, no. 190384.

France

371

consider the legitimacy of this report, even if it is made by a foreign administrative authority.158 The Conseil dtat established that the motive of the German
report was based solely on a decision which had denied Ms. Forabosco asylum in
Germany. According to the Conseil dtat, this motive did not fall within the
limitative grounds mentioned in the second and third paragraphs of Article 96
CISA. Therefore, the Court considered that there were justied grounds for
annulling the refusal of the visa.159 The Conseil dtat repeated this conclusion
with regard to the unlawfulness of German decisions to report rejected asylum
seekers in the NSIS in later judgments.160
Another German motive for registration in the NSIS was rejected in a decision by the Conseil dtat of 13 December 2002. In this case, an Algerian national,
Kouchi, had obtained refugee status in Germany, but was reported by the
German authorities in the NSIS because he had left Germany without informing
the German authorities.161 As a result of this entry, Kouchi had been refused a
short-stay visa by the French consulate in Algiers. The French Court ruled that
these motives did not full the criteria of Article 96 CISA and annulled the
refusal of the visa.
In a case where it became evident that a German decision to report a person in
the NSIS was not based on a refusal to grant asylum, but on a removal decision
against this person, which was neither reported nor suspended, the highest
French administrative court found this motive in conformity with the criteria of
Article 96 (3) CISA.162
In a judgment from 2003, the Conseil dtat explicitly dealt with the (limited)
power of the French administrative courts to assess the lawfulness of foreign decisions based on which the foreign authorities issue a SIS alert.163 This case concerned the application by a Romanian national, Mr. Gheorghita, for a short-stay
visa for France. This application had been rejected by the French visa authorities

158

159

160

161
162
163

Mais considrant quil appartient au juge administratif, saisi de conclusions diriges contre
une dcision administrative fond sur le signalement dune personne aux ns de non-admission, de se prononcer sur la bien-fond du moyen tir du caractre injusti de ce signalement
alors mme quil a t prononc par une autorit administrative trangre.
The fact that a visa had been issued to Ms. Forabosco, before this judgment, did not prevent
the Court annulling the former decision by which the visa was refused.
CE 9 July 2001, Matumona, no. 209037; CE 11 July 2001, M. and Mme. Iqbal, no. 206644;
CE 15 March 2002, Krouf, no. 221818. See also C. Saas, where she describes French jurisprudence with regard to the German criteria on the input of rejected asylum seekers into NSIS:
Les refus de dlivrance des visas fonds sur une inscription au Systme Information Schengen,
Cultures & Conits 4950, 2004.
CE 13 December 2002, Kouchi, no. 224877.
CE 29 July 2002, X, no. 236190.
CE 23 May 2003, no. 237934, Mr. Gheorghita Catrina.

372

Chapter 11

because of an Italian Article 96 alert based on a previous illegal stay by the applicant in Italy. The appeal of Mr. Gheorghita against this visa refusal was then
rejected by the special commission of appeal against refusals of visas. Dealing with
the appeal against the decision of this commission, the Court repeated its earlier
conclusion that the French administrative courts are competent to assess the lawfulness (caractre injusti) of foreign reports in the NSIS. However, the Court
added that these courts were not competent to assess the lawfulness (lgalit) of
the foreign decisions which formed the basis of the SIS reports.164 Therefore, the
Court reasoned that the applicant, who did not refute the fact that the residence
ban by the Italian authorities was one of the motives as provided in Article 96,
could not eectively establish (ne saurait utilement se prvaloir ) that the Italian
residence ban would have been irregularly imposed or would have been disproportionate to the oences committed by the applicant. The Court argued that
even if this Commission had made a legal error by basing the conclusion that the
applicant would pose a threat to the public order solely on the SIS report by
Italian authorities, the instructions deriving from Articles 5 and 96 CISA, notably, would have led to the same decision: that is refusal of the visa. The highest
French administrative court seemed to refer to the impossibility for national
courts to assess whether decisions by foreign authorities are taken in conformity
with their foreign legislation. The competence for national courts is restricted to
the assessment of whether a SIS alert and the motivation for this alert are in
accordance with the provisions of the CISA. This latter assessment is much easier
to make than the assessment of whether a foreign alert is in accordance with the
law of a foreign State which requires knowledge of this foreign law.
Finally, in the case of Mr. Moon (see also section 5.5.1), dealing with an application for access to the NSIS data now submitted by the spouse of Mr. Moon,
the Conseil dtat also seemed reluctant to assess the lawfulness of the German
reasons for reporting Mr. and Mrs. Moon in the NSIS.165 In the new judgment,
the Conseil dtat upheld the decision of the CNIL not to forward information
on the NSIS report to Mrs. Moon. The Court argued that, based on the information submitted by the German government with regard to the reasons for her
report in the NSIS, the French authorities were justied in deciding, without
making a manifest error of appreciation, that the German SIS report was not
based on any legal or factual error. Therefore, the application to annul the refusal
of rectication made by the CNIL was rejected.

164

165

il nest en revanche pas comptent pour statuer sur la lgalit des dcisions des autorits des
autres Etats parties qui fondent ce signalement.
CE 2 June 2003, no. 219588, Hak Ja Han M (Mrs. Moon).

France

373

7.4. Duty of Authorities to Balance Interests

In its decision of 25 November 2000, the Conseil dtat made it clear that decisions with regard to visa applications may cause an infringement of human rights
protected in the ECHR.166 The case concerned a Romanian national who was
married to the applicant, Mme. Cucicea-Lamblot, who held French nationality.
The husband applied for a short-stay visa to join his spouse in France. This application had been rejected by the French embassy in Bucharest in August 1999.
The Court concluded that, to understand whether the visa refusal involved a
breach of the right to private and family life under Article 8 ECHR, it is necessary to know the reasons for the SIS record. The Conseil dtat therefore ordered
the French Ministry of Foreign Aairs to forward to the administrative judge
within two months the relevant information with regard to the NSIS alert.167
Consideration of the right to family life also played a role with regard to a case
concerning the application for a long-stay visa by an Algerian national.168 This
applicant had been reported in the SIS by the German authorities after he was
sentenced to 490 days of imprisonment for a drugs oence. The applicant maintained that the refusal of his visa involved a breach of his right to private and
family life, since he was married to a French national, with whom he was not
allowed to cohabit. The Court denied there was a breach of his right to private
and family life, considering the circumstances of the case. These circumstances
included the recent character of the applicants marriage, the fact that there were
no children, the assumption that the presence of the applicant on French territory could cause an actual threat to the public order and, nally, the possibility
for his spouse to join him in Algeria.
In another case, an Algerian national applied for a short-stay visa to visit his
parents and family in France. This application was rejected on the basis of his
registration in the NSIS to be refused entry. The Conseil dtat did not consider
this refusal as a disproportionate breach of his right to private and family life,
since the applicant did not submit that it was impossible for his parents and
family to visit him in Algeria.169
The administrative courts not only regard human rights, such as the protection
of family life, as a reason to annul the refuted decision based on a SIS report. The
legal interests of the foreigner in working and staying in France have also been

166

167

168
169

CE 25 October 2000, Cucicea-Lamblot, no. 212315, AJDA 20 March 2001, p. 284286,

commented upon by R. Errera in Public Law, 2001, p. 425.
Unfortunately, I have no information on whether the requested information actually has been
submitted by the government.
CE 10 March 2004, X, no. 252269.
CE 12 February 2003, X, no. 229306.

374

Chapter 11

weighed by the courts when assessing a visa refusal on the basis of a SIS report.
In 2003, the Conseil dtat decided on a case where the French consul in
Casablanca rejected the application by a Moroccan national for a long-term visa
on the basis of an Article 96 SIS report. The person was reported by the Italian
authorities based on the persons non-compliance (non-respect ) with the Italian
immigration law. In its judgment, the Court annulled the decision of the
Commission de recours contre les dcisions de refus de visa by which the applicants
appeal against the decision of the consul was rejected. According to the Conseil
dtat, the decision of this Commission was based on a manifest wrong appreciation (une erreur manifest dapprciation). The Conseil dtat emphasised that
the applicant stayed and worked on a regular basis in France between 1993 and
2000 and that he could not be regarded as a danger to the public order solely on
the basis of the fact that he acted in breach of the Italian immigration law.170
In some cases, the Conseil dtat accepted that the authorities did not make
any attempt to balance interests. For example, this was the case in a judgment of
29 July 2002, dealing with a Cameroon national whose short-stay visa had been
rejected, based on a German report in the NSIS for refusal of entry.171 The applicant maintained that he previously resided in Germany as the spouse of a German
national but that, during this period, he had never posed a threat to the public
order. The Conseil dtat rejected his appeal, arguing that these circumstances did
not aect the lawfulness of the decision by the French embassy, since this decision
was in conformity with the provisions of the CISA.
In another judgment of 4 November 2002, the Conseil dtat accepted a period
of seven years between the date when this person was reported in the NSIS and
the date when the French authorities had refused him a visa based on this
report.172 Without going into the interests of the individual concerned, the Court
found the visa refusal justied provided the applicant did not reveal that the
report had been withdrawn by the foreign states. This case concerned an Algerian
national who had been reported by both German and Spanish authorities in the
NSIS because he had failed to comply with the national regulation on the entry
or residence of third-country nationals. In a comparable case brought before the
Conseil dtat in 2003, the Court upheld the decision by the special Commission
on visa applications in which (in 2001) an Algerian national had been refused a
visa on the basis of a report entered in the NSIS by the German authorities,
based on an expulsion order from 1993.173

170
171
172
173

CE 30 December 2003, Ramdane, no. 237808.

CE 29 July 2002, X, no. 229580.
CE 4 November 2002, X, no. 240090.
CE 14 November 2003, X, no. 234462.

France

375

7.5. Powers of the Court

As we have seen above, an important remedy for persons facing a negative decision
based on the NSIS are the suspensive procedures based on French administrative
law. This power has been used by the administrative courts to order either the suspension of the refuted expulsion, or to order the release of the person detained if
there are serious doubts as to the lawfulness of the underlying Article 96 report or
the proportionality of the refuted decision.174
Furthermore, administrative courts can order the Minister of Foreign Aairs
to provide the court with further information on the reasons for refusing a visa to
the applicant.175 In one case, the Conseil dtat considered the fact that the
Minister did not provide the court with the requested information as adequate
grounds for annulling the rejection of the visa application.176 Three years later
however, in a comparable case, the Conseil dtat explicitly held that it was not
competent to order the withdrawal of the SIS report.177
Generally, French administrative law includes the power of courts to condemn
the State to repair damage which is caused by wrongful administrative acts.178
This also concerns damage which is caused by a visa refusal, such as the separation of a family, costs of travelling or a lawyer, but also immaterial damage.
Dealing with visa refusals, the Conseil dtat uses this power on a regular basis.
For example, in 2002, the Conseil dtat condemned the French State to pay an
Algerian visa applicant and his French spouse 2,000 euros, because the Court
found that the refusal to issue him a visa was a disproportional infringement of
their right to family life.179 In 2006, the French State was ordered to pay 1,500
euros to a Senegalese visa applicant, after the French consul in Dakar refused him
a visa on the basis of an unlawful Italian SIS Article 96 alert. The fact that during
the procedure, the applicant obtained a French visa because the Italian authorities
withdrew his alert, was no reason for the Conseil dtat to reject his application
for nancial repair based on the rst, unlawful, visa refusal.180

174

175
176
177
178
179

180

See, with regard to the suspension of expulsion: TA Nice, 16 July 2002, no. 023061, Barzilay;
TA Lille, 16 May 2002, no. 021741, Valencia. See for the use of the rfr-libert: TA Pau,
31 May 2002, no. 02820, Mejri. Described in GISTI (2005), p. 5960.
CE 6 December 2002, Sahin, no. 206277.
CE 6 October 1999, M. Bafandi, no. 186082.
CE 11 March 2002, Abdelli, nos. 222137222258.
On the basis of Article L. 761-1 of the French administrative law (Code de Justice Administrative).
See for example CE 6 December 2002, M. et Mme. Amouche, no. 238288; CE 15 November
2006, M. A et Mme A, no. 276829; and CE 27 November 2006, M. et Mme A, no. 298660.
See also GISTI (2006), p. 29.
CE 10 November 2006, Mbow, no. 298272.

376

Chapter 11

7.6. Assessing the Role of the CNIL

7.6.1. Right of Indirect or Direct Access: Divisibility of the Data Files
In section 5.5.1, I described the applicable rules with regard to the right to
indirect and direct access by a data subject to his or her personal information
held by the public authorities. Based on a decision of 6 November 2002 by the
Conseil dtat in the Moon case, the former rule of the indivisibility of data
les in the Data Protection Act was changed to a more liberal approach to the
right to access.181 Based on this decision, the CNIL obtained the possibility of
granting partial access to the requested information, even if parts of the les
concerned matters of state security.
7.6.2. Duty to Play an Active Role when Assessing the Validity of a Foreign Alert
The decision of the Conseil dtat is important in the Skandrani case, dealing
with a French national living in France.182 This person had been reported by the
German authorities in the NSIS on the basis of Article 96 CISA because of his
past activities for a Tunisian opposition group.183 In this judgment, the Conseil
dtat claried the duty of the national data protection authorities to verify the
lawfulness of an alert in the NSIS and to collect information from the national
data protection authorities of other Member States if necessary. The applicant
requested both the French authorities and the French Data Protection Authority,
CNIL, to have his unlawful registration in the SIS annulled. The applicant especially complained about the procedure followed by the CNIL. At his request, the
CNIL had contacted the German Data Protection Commissioner on the basis of
Article 114 (2) CISA. This German Commissioner subsequently informed the
CNIL that, according to information from one of the regional data protection
authorities, there would be no objection to the NSIS alert in question from the
point of view of data protection law (du point de vue du droit en matire de protection des donnes). The CNIL was satised with this information and informed
the applicant, Mr. Skandrami, accordingly. In its judgment of April 2006, the
Conseil dtat disapproved of the way in which the CNIL dealt with this case and
concluded that it had not fullled its obligation under Article 114 (2) CISA.
This provision requires national data protection authorities to check the data
entered in the SIS and, if necessary, to contact a foreign supervisory authority if
the alert was entered by a foreign state. The Conseil dtat found that the CNIL
had not acted in conformity with the duty imposed by Article 114 (2) because

181
182

183

CE 6 November 2002, M. Moon, no. 194295.

From the judgment, one cannot deduce whether he already held French nationality at the time
of registration by the German authorities, or whether he became a French national later.
CE 7 April 2006, Skandrani, no. 275216.

France

377

this requires that checking the accuracy of the SIS report should be performed
in close coordination with the other data protection authorities. The French
administrative court found that, where the CNIL only relied on this single
answer from the German authorities and had not asked for further information
to support this answer, it had failed to act in accordance with the criterion of in
close coordination. Therefore, the decision by the CNIL whereby the applicant
was informed that his procedure had been closed, was annulled.
Notably, in this procedure, the claim against the French government was
dropped because the applicant had been informed by the French Minister of the
Interior, one year after the rst decision by the CNIL, that this alert would be
blocked (suppression) for the French part of the SIS.
7.6.3. Power of Foreign Data Protection Authorities
In a decision of February 2006, the Conseil dtat dealt indirectly with the powers
of national data protection authorities to order foreign authorities to delete a
wrongful SIS alert. This case concerned the case of Mr. Cherney, an Israeli
national living in Israel, reported by the French authorities in the NSIS.184
On the basis of this French alert, the applicant had been refused entry to French
territory in 2000. In 2004, a visa had been refused by the Austrian authorities.
The applicant appealed against both negative decisions. In 2001, the decision of
the refusal of entry was annulled by the administrative court of Cergy-Pontoise.
The claim by Mr. Cherney before the Conseil dtat concerned the fact that the
CNIL failed to reply for more than two months to his request to have his data
rectied in the SIS. In its decision, the Conseil dtat considered the possibility
that the applicant had been reported in the NSIS on national security grounds
and that these grounds could not to be communicated to the applicant. However,
the Conseil dtat concluded that, during the procedure, it had not been provided with sucient information by the CNIL to assess the reasons for the SIS
report in question, nor with the opportunity to assess the lawfulness of the refusal
of the CNIL to rectify or delete the data in question. Therefore, the CNIL was
ordered to provide this information within two months.
The reason I mention this judgment by the Conseil dtat at this point is because
it handled an earlier decision by the Austrian Data Protection Authority, declaring
the French alert unlawful. In this decision, the Austrian Data Protection Authority
ordered the French authorities to delete the alert concerning this person. This
caused a small diplomatic uproar and the French authorities refused to delete the
data from the SIS. The Conseil dtat refers in its judgment to the decision of the
Austrian Data Protection Authority only with regard to the question of whether

184

CE 27 February 2006, M.A., no. 274928.

378

Chapter 11

such an earlier decision could give grounds for concluding that the French alert
was unlawful. The Conseil dtat refers, for this question, to the rule in Article 106
CISA, according to which a national data protection authority, if it considers a
SIS report by a foreign country erroneous or unlawful, may issue advice to foreign
authorities. According to the Conseil dtat, this advice, dealing with a French
alert, may possibly be grounds for these authorities to give an order to the French
authorities; however, this order does not inuence the lawfulness of the refuted
decision.185 Unfortunately, the Conseil dtat does not refer to the meaning of
Article 111 (2) CISA, on the basis of which Schengen States are obliged to enforce
the nal decisions of courts or authorities dealing with individual SIS alerts (see
Chapter 7, section 8.4).

8. Conclusions
8.1. Implementation of Article 96 CISA
French statutory law does not provide a detailed regulation implementing the
Article 96 criteria for the registration of third-country nationals in the NSIS.
In general, there are three categories of decision on the basis of which a thirdcountry national may be reported in the NSIS for the purpose of refusal of entry.
Firstly, this report may be based on a courts decision including a formal residence ban (interdiction du territoire franais). Secondly, this may be based on an
expulsion decision issued by the local prefecture or the Ministry of the Interior.
This decision is generally based on an illegal stay or the withdrawal of a residence
permit from the person concerned. Thirdly, a SIS report can be based on a decision to prohibit entry by the Ministry of the Interior, based on public order
grounds. The criteria used for taking these decisions are not public and, in the
latter category of decisions, even secret. This lack of information makes it dicult to obtain a clear picture of the reasons why third-country nationals may be
reported as inadmissibles by the French authorities. It is also dicult to nd out
whether, with regard to the second category of decisions, the dierent prefectures
in France all apply the same criteria. From the available information, it cannot be
deduced that the French administration applies a strict interpretation of the
criteria as mentioned in Article 96 CISA.
Since 2001, the French government has been developing large information
systems, allowing for the use of biometrics and the networking of dierent
185

que si lavis de la Commission dinformation et des liberts dAutriche en date du 7 juin 2005
est ventuellement susceptible de fonder, sagissant dun signalement franais, une saisine des
autorits franaises par les autorits de ce pays, il na pas, par lui-mme, dincidence sur la lgalit
de la dcision attaque.

France

379

databases. French ocials have simultaneous access to dierent systems and

the national visa network is linked to the Schengen consultation network.
These developments, combined with the evidence that basic systems, such as
AGDREF, lack updated information, may cause problems with regard to reliability of information held in the NSIS. This doubt about the reliability of SIS
information is supported by the information from the CNIL. The annual
reports of the CNIL establish that, until 2005, a relatively large percentage
(35% to 40%) of the data investigated by the CNIL on the basis of an individual request had to be deleted. We may wonder whether this result is only the
top of the iceberg of all the information on third-country nationals stored in
the NSIS or, by chance, only concerns the individuals who actually made use
of their right to be informed of their report in the SIS.186 The CNIL also established that, in 2004, the NSIS still held les on EU nationals stored for the
purpose of non-admission, although this is unlawful.
8.2. Data Protection and the NSIS
At the time of the negotiations on the CISA, French politicians held the view that
their French data protection law oered a high level of protection to individuals.
Nevertheless, looking at the current provisions applying to the NSIS, the French
data protection law does not seem to place the individual in a very strong position.
One of the reasons for this weak position is the applicability of the right to indirect
access to SIS information. On the basis of this indirect access, the person concerned has to assert his or her right of access to SIS information through the intermediary of the CNIL, which generally causes long delays. Based on a judgment by
the Conseil dtat in 2002 and an amendment to LIFL in 2003, it is possible, in a
specic regulation, to provide for direct access to les, as long this information
does not aect national security, defence or public order. The possibility for the
CNIL to communicate the non-sensitive parts of public les to the person concerned has also been extended. However, with regard to the NSIS, the regulation
referred to above has not been adopted yet and, so far, the CNIL has not used its
power to provide partial information from the NSIS. In 2005, this extended power
for the CNIL was even narrowed again on the basis of a ministerial decree.
8.3. NSIS and the Right to Eective Remedies
8.3.1. Judicial and Non-Judicial Remedies
The French administrative courts have assumed an important role with regard to
the protection of third-country nationals reported as inadmissibles in the NSIS.

186

This latter assumption however seems unlikely because, as we have seen above, almost twothirds of the applicants requesting verication of their data were not registered in NSIS.

380

Chapter 11

Although, in general, respecting the margin of appreciation of the immigration

and consular authorities, these courts, especially the Conseil dtat, have formulated certain important principles with regard to measures taken or decisions
made on the basis of the NSIS. During my study, I did not come across any reasons which may give rise to doubts with regard to the independence or impartiality
of the French administrative courts. With regard to the functioning of CNIL in
the eld of individual applications for access, correction or deletion of data, we
have seen that four members of the CNIL are members of parliament and thus
have a political status. Three of the ve IT specialist members of the CNIL are
appointed by the government. This composition does not add to the independence
of this organisation.
8.3.2. Accessibility
The French law on administrative remedies in immigration law is quite complex
and has been changed several times based on amendments to French immigration law or based on decisions by the Conseil dtat. In practice, an important
problem for the accessibility of remedies is that third-country nationals who, by
decision of the prfecture, are expelled on the basis of a SIS report, are not
informed of the reasons for this decision and do not have any possibility of refuting their expulsion. Theoretically, third-country nationals may lodge an appeal
against these decisions and have automatic suspension for 48 hours. This provision does not however apply to decisions based on nal decisions of other
Schengen authorities as recorded in the NSIS (see below).
In their jurisprudence with regard to the use of NSIS, the administrative courts,
especially the Conseil dtat, emphasised the importance of informed decisionmaking. In many cases, the administrative courts annulled insuciently motivated
decisions based on a NSIS alert. Since 1998, the French Immigration Act has
explicitly obliged French visa authorities to motivate visa refusals if these are based
on information held in the NSIS. This duty is in line with the general principle of
French data protection law, according to which the administration may not issue
legally binding decisions if they are based solely on automated data les.
8.3.3. Scope of Review
In their jurisprudence, the French courts generally require balanced decisionmaking especially, but not exclusively, in situations where human rights are
involved. However, in order to be able to make such a balanced decision, the
courts in the case law described above generally require the applicants to submit
information to support their claims.
Furthermore, the administrative courts armed their competence to assess
whether foreign SIS reports are in accordance with the criteria of Article 96
CISA. In its judgments, the Conseil dtat generally applied a strict interpretation
of Article 96, second and third paragraphs. The Conseil dtat however ruled that

France

381

it was not competent to assess whether the decision forming the basis for the
foreign SIS report is in accordance with the law of the reporting state.
With regard to the scope of review of the CNIL, in 2004 its position was
weakened by an amendment to the LIFL, on the basis of which the CNIL no
longer has an approval role with regard to the establishment of government les
in the interests of state security, defence and public order, or for the purposes of
criminal investigation and prosecution or security.
8.3.4. Competences
The recognition by the Conseil dtat of the inherent power of the national courts
to demand further information from the French administration concerning the
reasons for a SIS alert is important. If these authorities do not provide the court
with this information or the court nds this information insucient, this may
be grounds for annulling the refuted decision.
In general, procedures against an expulsion order will suspend the refuted
decision for the rst 48 hours. An important limitation regarding the right to
legal remedies against decisions based on a foreign SIS alert is that this remedy
has no automatic suspensive eect if this alert is based on a foreign expulsion
decision. This is based on what I believe to be the wrongful presumption of the
French government that these foreign reports are to be considered nal decisions
and that the person concerned could have lodged an appeal in the country forwarding this report. A third-country national, threatened with expulsion on the
basis of such a SIS alert, could invoke the suspensive remedies as provided under
administrative law. However, French courts apply strict criteria with regard to
the required urgency for the use of this procedure.
French administrative courts may condemn the State to repair damage which
is caused by unlawful measures or decisions, including decisions based on SIS
alerts. The Conseil dtat used this power on a regular basis when dealing with
unlawful visa refusals.
Due to the large workload of the CNIL and the lack of sucient nancial and
personal resources, it is questionable whether this organisation is able to perform
its supervisory function very actively with regard to the NSIS. An important
tool used by the CNIL is the power to issue nes up to a maximum of 300,000
if a data processing authority acts in breach of the rules of the French Data
Protection Act. To my knowledge, this power has not yet been used with regard
to SIS alerts. In general, we have seen that it is dicult for third-country nationals to assert their rights to (indirect) access because of the lengthy procedures
before the CNIL. Particularly in the case of third-country nationals threatened
with expulsion based on information stored in the NSIS, the road to the CNIL
will often prove ineective. These persons may have been long expelled before it
is established whether the NSIS data are wrong or unlawful.

Chapter 12
Germany
Nur durch die Lschung unzulssig gespeicherter Daten kann sicher gestellt
werden, da diese Informationen nicht in fr den Betroenen negativen
Entscheidungen bercksichtigt werden. Angesichts des strengen rechtlichen
Bindungen, denen die Auslnder unterworfen sind, wre es im Interesse der
Waengleichheit unverantwortlich, die wenigen datenschutzrechtlichen Regelungen
auer Acht zu lassen, welche die Auslnderverwaltung frmlich binden.1

1. Introduction
As one of the initiators of the Schengen Agreements, Germany played an important role in the development and the architecture of Schengen, especially the
Schengen Information System. During the negotiations, the German government was, on the one hand, urged by their police organisations to seek the further
development of international judicial and police cooperation, including the sharing of information. On the other hand, German data protection authorities and
specialised lawyers urged the German government to support the inclusion of
data protection rules in the draft Convention Implementing the Schengen
Agreement (hereafter CISA). As we have seen above, this only happened in a late
stage of the negotiations.
It is not easy to describe the implementation of the CISA in Germany and,
especially, the practical operation of the NSIS and the registration of thirdcountry nationals, because of the federal structure of Germany. The authorities
in the dierent German states (Lnder), including police forces and data protection authorities, function quite autonomously. Providing a complete picture of
the German implementation of Schengen law would require thorough research
of data and case law in each of the German Lnder. The following sections should
not be considered such a complete overview. They will give, rst and foremost,

Th. Weichert, AZRG. Kommentar zum Auslnderzentralregistergesetz, Neuwied-Kriftel:

Luchterhand 1998, p. VIII.

Evelien Brouwer, Digital Borders and Real Rights, pp. 383444.

2008 Koninklijke Brill NV. Printed in the Netherlands.

384

Chapter 12

a general description of the general rules and principles which are applicable
throughout the federal state. From the laws and the case law I have found,
I will try to deduce general rules on the registration and use of data concerning
inadmissible aliens in the NSIS, especially concerning their legal protection.
Despite the fact that the autonomy and multitude of the organisations involved
render it more dicult to draw general conclusions, the federalisation of German
law and administration has also its advantages for this research. As we will see
in the following sections, the annual reports by the dierent Data Protection
Authorities of the German provide us with considerably more information on
the practical and legal issues of the NSIS, compared to the reports of their
centralised counterparts in France and the Netherlands.

2. Parliamentary Involvement with CISA

2.1. Schengen in General
Germany ratied the CISA on 15 July 1993.2 As in the other Schengen countries, the German government initially did not share much information on the
Schengen negotiations with the German parliament.3 Members of the Federal
Parliament repeatedly criticised the lack of information given by the German
government with regard to the draft provisions of the CISA. Only after an
extended list of questions, forwarded by the members of the Social Democratic
Party (SPD), the government informed its parliament in November 1988 of the
cooperation between the Schengen states on the basis of the Schengen Agreement
of 1985.4 These parliamentary questions focussed especially on the future of
German ocials working at the internal borders, who were at risk of losing their
jobs. On 8 December 1989, one week before the planned signature by the
Schengen governments, the Federal Parliament received a formal draft of the
CISA. It appears, however, that informal texts of the draft treaty were already in
circulation in September 1989. This would explain why, on 26 September 1989,
the Green party (Die Grnen) was still urging the government to publish the
draft texts of the CISA, while, two days later, during the parliamentary debate on

Law on the CISA 15 July 1993, Bundesgesetzblatt (Federal Law Gazette, hereafter BGBl.)
1993 II, p. 1010 . Entry into force notied on 20 April 1994, BGBl. II, p. 631.
This includes the Bundestag and Bundesrat. However, when referring below to Parliament,
I will generally mean the Bundestag only.
Parliamentary questions: Bundestag Drucksache 11/3104, 12.10.1988; answers by the federal
government: Bundestag Drucksache 11/3594, 30.11.1988.

Germany

385

Schengen, other members of parliament were able to quote from the draft
provisions of the CISA.5
The debate in the Federal Parliament became more lively in 1989, after the fall
of the Berlin Wall. This event, on 9 November 1989, was the reason for postponing the signature of the CISA. Members of the German parliament pressed their
government not to sign the CISA in December 1989 before the issues with regard
to its application in the former DDR had been resolved. Without extending the
application of the CISA to the territory of the former DDR, former DDR nationals would still need a visa to enter the Schengen territory. Initially, the other
Schengen partners did not accept the German proposal to attach a statement,
implying that the former DDR would not be considered a third country with
regard to the application of the CISA by (West) Germany.6 But, in May 1990, the
German government was able to inform its parliament that the other partners had
agreed to lift the visa requirement for DDR citizens and to postpone the entry
into force of the CISA until the date of the formal reunication of Germany.
When it was nally signed on 19 June 1990, the CISA was the rst international
treaty which recognised the reunication of the former East and West Germany.
New and more in-depth discussions with regard to the content and consequences of the Schengen cooperation took place during the parliamentary
debate on the act to ratify the CISA on April 1992.7 An important and controversial issue dealt with during these debates was the proposed amendment of
the right to asylum as protected in the German Constitution (Grundgesetz).
There was clear tension between, on the one hand, former Article 16 of the
German Constitution which protected the right to asylum and the duty deriving from this right to consider every asylum application and, on the other hand,
the one-chance only principle which was included in the CISA.8 A draft proposal to amend the German constitutional right to asylum resulted in long and
tense parliamentary discussions on the values of the German asylum policy.9

See the request from the Greens: Bundestag Drucksache 11/5245, 26.09.2989, and the parliamentary debate of 18.09.1989, 11/12277.
Frankfurter Rundschau, 14.12.1989, Bonn will DDR bei Unterzeichnung des Schengener
Abkommens mit einbeziehen. FAZ 16.12.1989, Kohl will Schengener Zusatzabkommen im
Frhjahr unterzeichnen.
Gesetz zum Schengen bereinkommen, Bundestag Drucksache 12/2453, Bundestag Drucksache,
12, Wahlperiode, 89 Sitzung, Bonn, 30 April 1992.
See, for an extended review of the consequences of this Europeanisation on German and French
asylum policies: S. Lavenex, The Europeanisation of Refugee Policies. Between human rights and
internal security, Aldershot, Hampshire: Ashgate 2001, see p. 154 .
Draft proposal, Amendment Article 16 of the Constitution, Bundestag Drucksache 12/2112,
18 February 1992.

386

Chapter 12

The SPD members of parliament initially insisted on prior harmonisation of

EU asylum policy before any amendment of the German constitution. Finally,
based on a compromise between the SPD and the Christian parties (CDU/
CSU) and the liberal party (FDP), a proposal to amend the text of Article 16 of
the Constitution was adopted on 26 May 1993.10 The new Article 16A, replacing the provisions of 16 (2), still included the constitutional right of politically
persecuted persons to enjoy asylum. However, the German legislator added several exceptions to this right, including the incorporation of the Dublin principle
(no access to the asylum procedure if another EU Member State is responsible for
the asylum application), the presumption of safe countries, and the provision of
accelerated asylum procedures for manifestly unfounded asylum claims.
Other important issues playing a role during the ratication procedure were
the democratic accountability of Schengen and the lack of competence for the
Court of Justice. With regard to this latter subject, only the FDP and SPD factions in the Federal Parliament (Bundestag) supported the request of the Dutch
parliament to assign competence to the Court of Justice with regard to the
interpretation of the CISA.
Comments by German non-prot organisations with regard to the ratication
of the CISA dealt mostly with the limitation of the constitutional right to
asylum. For example, in a letter of March 1992, the German section of Amnesty
International expressed its concerns about the proposed refugee denition in
Article 16 of the German Constitution and criticised the democratic decit
during the negotiations on the CISA.11
2.2. The NSIS and Data Protection
The development of the NSIS was closely linked to the general aim of the
German government to compensate for the loss of internal border controls.12
The German experience with regard to data exchange on searched persons and
objects between the Federal Criminal Police Department (Bundeskriminalamt,
hereafter BKA) and the police forces in the Lnder was an important example for
the building of the NSIS. Only after the reunication of the former DDR with
West Germany and the extension of Germans eastern borders, politicians became
more focussed on the use of the NSIS for immigration control purposes.

10

11

12

See Bundestag Drucksache 12/160. The draft bill was published in Bundestag Drucksache
12/4152.
Stellungnahme von Amnesty International zum Gesetzentwurf des Bundesregierung zu dem
Schengener bereinkommen vom 19 Juni 1990. Letter of 27.03.1992.
Bundestag Drucksache 12/14034, 17.6.1993.

Germany

387

In the rst written inquiry by the German parliament, submitted to the

government in 1988 on the implementation of the Schengen Agreement of
1985, only one question concerned the need to exchange police information.13
Answering this question, the federal government stated that a common information system would be necessary to prevent persons being searched by one of the
Schengen States from escaping this search by crossing internal borders. According
to this reply, the Schengen partners had reached agreement on the following categories of data to be stored in this common system: persons and objects searched
for criminal prosecution; unwanted aliens from third countries to be expelled;
persons wanted for secret surveillance; persons whose place of residence was
searched for criminal investigation and, nally, persons whose place of abode
was searched (Aufenthaltsermittlung). The parliament was further informed that
a discussion was continuing with regard to the registration of persons to be taken
into custody for public order and security reasons (Gefahrenabwehr). No decisions were reached with regard to data protection issues. However, the German
government stressed in its reply to the parliament that the current German data
protection standards should be used as minimum standards in the forthcoming
agreements.
The rst parliamentary discussion on the data protection implications of the
Schengen cooperation took place on 28 September 1989.14 This debate was based
on two inquiries with regard to the data protection issues: one from the Green
party and one from the SPD.15 The Greens proposed, in a declaration of
16 September 1989, rejecting the proposal for the establishment of the NSIS
because citizens would have grounds to fear that their data would be stored
alongside data on criminals without their knowledge. The SPD did not go that
far, but formulated seven minimum standards for data protection. These standards included, among other things, precise and binding criteria for the NSIS
alerts, the right of every person to demand access to or correction and deletion of
his data in every Schengen State and, nally, the right to legal remedies against
non-compliance with the aforementioned rights. Furthermore, the SPD members required an independent control mechanism in each state and a joint data
protection authority. The Data Protection Convention of 1981 and the
Recommendations with regard to the police sector of the Council of Europe

13
14
15

Bundestag Drucksache 11/3104, 12.10.1988 and Bundestag Drucksache 11/3594, 30.11.1988.

Bundestag Drucksache 11/12277, 28.09.1989.
From the Fraktion Die Grnen: 11/5245 (Datenschutzrechtliche Probleme einer Europischen
Fahndungsunion), from the SPD Fraktion: 11/5023 (Datenschutzrechtliche anforderungen and
das Schengener Informationssystem).

388

Chapter 12

should apply as minimum standards. Finally, the SPD members emphasised that
there should be no exchange of information though the NSIS before these data
protections standards had been implemented. The parliamentary members of the
other parties and the representative of the Government described these proposals
by the SPD as outdated. The proposed standards were based on the conclusions
of the meeting of the data protection authorities of Germany, France, and
Luxembourg in March 1989. Therefore, the other parties argued, they had
already been taken into account by the Schengen negotiators.16
Another important issue during the debate on data protection standards, as
well as during the debate on the ratication act of the CISA in 1993, were the
concerns of the German members of parliament with regard to the level of data
protection in the other Schengen states. One member referred to the fact that
Belgium had no data protection law at all and Luxembourg and the Netherlands
no law on police les.17 The fact that Schengen implied that the other Schengen
states were obliged to adopt data protection laws as well, was considered an
important positive side-eect of the Schengen cooperation.18
In October 1989, during a conference of the Federal Data Protection
Commissioner and the data protection authorities of the Lnder, these authorities expressed their concerns with regard to the level of data protection in the
CISA applicable to the conventional exchange of personal data, taking place
outside the scope of the NSIS.19
It is interesting that, during the ratication debate in 1993, a member of the
liberal party, Wolfgang Lder, expressed his concerns about the plans of the
German Minister of the Interior to establish an automated border control
mechanism.20 He quoted from the annual report of the Federal Data Protection
Authority in which the Ministers plans were cited. These plans would include
the inclusion of biometric data in travel documents. Lder made it clear that
central police registration at the borders, including data on the movement of
travellers, would be unacceptable to the liberal party. Ten years later, politicians,
including the liberals, were less reluctant towards the use of central databases and
biometrics at the borders.
The German parliament discussed the NSIS only occasionally once it had become
operational. In 1997, based on the rst report of the Joint Supervisory Authority,

16
17
18
19

20

Bundestag Drucksache 11/12282, 28 September 1989.

Bundestag Drucksache 11/12278.
Bundestag Drucksache 12/7279, 30.04.1992.
10th Annual report of the Federal Data Protection Authority, Bundestag Drucksache 11/6458,
pp. 9596.
Bundestag Drucksache 12/14016, 17.6.1993.

Germany

389

members of parliament questioned the functioning and especially the lack of a legal
basis for the SIRENE organisation.21
2.3. SIS II
To my knowledge, before 2004, the German parliament did not make any
substantial inquiry into the development of the second-generation SIS. In
1999 and 2001, the German parliament was informed of the development of
SIS II in the annual reports of the Federal Data Protection Commissioner.22
However, the questions and concerns raised in these reports were not followed
by parliamentary questions.
In November 2004, the German government was questioned not only about
the exchange of information between internal security agencies in the EU, but
also on the future development of the SIS.23 These questions concerned the
content of political discussions at EU level with regard to SIS II and, especially,
the proposals on the interoperability and synergy between SIS II and VIS. The
questions about SIS I and SIS II concentrated on the possibility of increasing the
eciency of SIS II, but did not deal at all with the current deciencies of SIS I or
the legal protection of data subjects.
In March 2006, members of the German parliament referred to the lack of any
substantial debate with regard to the development of SIS II.24 Quoting from the
reports of the German data protection commissioners (see below), they expressed
their concerns about the current problems with regard to the reliability of the
information in SIS II and the lack of data protection rules. Answering these questions, the government forwarded data on the current use of SIS, including the
number of reports registered by the German and other Schengen authorities in
the SIS, the number of hits and the number of terminals in Germany giving the
authorities access to the SIS. In these answers, the government stressed that SIS II
would remain basically a search tool (Fahndungssystem) and denied that the current goal of SIS would be changed by the development of SIS II. According to the
government in this same response, the right to data protection and informational
self-determination (see below) would be suciently guaranteed.

21
22

23

24

Bundestag Drucksache 13/8385, 11.08.1997.

17th (19971998) and 18th (19992000) annual reports of the Federal Data Protection
Commissioner, Bundestag Drucksache 15/850 and Bundestag Drucksache 14/5555 respectively.
Bundestag Drucksache 15/4142, 9.11.2004. Answer by the Federal government: Bundestag
Drucksache 15/368, 30.11.2004.
Bundestag Drucksache 16/868, 8.3.2006, Answer by the government was published in:
Bundestag Drucksache 16/1044, 24.03.2006.

390

Chapter 12

3. Implementation of Article 96 CISA

3.1. Applicable Law
As in the Netherlands and in France, the criteria based on which the German
authorities may report data on third-country nationals in the NSIS for the purpose of refusing entry are not regulated in a formal law. The rules included in the
German immigration law are only indirectly applicable with regard to the registration of third-country nationals. As we will see below, the Residence Act 2004
(Aufenthaltsgesetz) assigns general competence to immigration authorities to store
data on third-country nationals in police les for specic purposes, but does not
explicitly refer to the implementation of Article 96 CISA or to the storage of
information in the NSIS itself.25 The same is true for the Federal Police Act
(Gesetz ber die Bundespolizei) of 2005.26 This law which replaced the former
Border Police Act or Bundesgrenzschutzgesetz includes rules with regard to the
duty and powers of the Federal Police to store and exchange information on
third-country nationals, but without direct reference to the CISA.
More specic rules with regard to the storage of data in the NSIS and its use
are set forth in ministerial instructions of 1998: the General instructions with
regard to the implementation of the CISA (Allgemeine Anwendunghinweise zum
Schengener Durchfhrungsbereinkommen, hereafter referred to as AAH-SD).27
The AAH-SD have been developed by the Federal Minister of the Interior with
the aim of coordinating the application of the Schengen rules by the dierent
immigration oces in the Lnder. The instructions are not binding in law. The
AAH-SD are dicult to read and often refer to the general laws as mentioned
above. It is unclear to what extent the German immigration oces currently
apply these instructions. Since these rules are the only available guidelines, both
German data protection authorities and national courts refer to the AAH-SD
when dealing with questions on the interpretation of the applicable rules. The
AAH-SD are based on the former Aliens Act. At the time of completion of this
study, it was unclear whether or when they will be reviewed.
25

26

27

With the Immigration Act of 30 July 2004 (Zuwanderungsgesetz) the former Aliens Act
(Auslndergesetz) was replaced by the Residence Act (Aufenthaltsgesetz). BGBl. 2004, Teil I, nr.
41, 5 August 2004. The full title of the Immigration Act 2004 is: Act to control and restrict
immigration and to regulate the residence and integration of EU citizens and foreigners.
An ocial English translation of this law is available at http://www.bmi.bund.de.
Law changing the name of Bundesgrenzschutz into Bundespolizei, 21.06.2005, BGBl. 2002,
I, p. 1818.
No ocial publication available: published in G. Renner (introduction) Verwaltungsvorschriften
zum Staatsangehrigkeits- und zum Auslnderrecht, Baden-Baden: Nomos Verlaggesellschaft
2001, p. 575 .

Germany

391

3.2. National Criteria for Entering Third-Country Nationals in NSIS

3.2.1. General Rules
In practice, the input of information on third-country nationals for the purpose
of refusal of entry on the basis of Article 96 CISA is performed by the German
police, both the Federal Police as well as the police in the Lnder. However, the
decision to store information in the NSIS is taken either by the immigration
oces in the Lnder (Auslnderverwaltung), or by the Federal Police (former
Bundesgrenzschutz or Border Police) and the BKA. The BKA cannot report thirdcountry nationals in the NSIS itself; the Federal Police forwards the information
about persons on behalf of the BKA.
The implementation of Article 96 in German law and practice is based on a
strict dierentiation between the two categories as described in Articles 96 (2)
and 96 (3). Either persons are reported into the NSIS to be refused entry on the
basis of public order and security grounds (96 (2) ) or based on a prior decision
of expulsion, removal or deportation (96 (3) ). The majority of data in the NSIS
reported by the German authorities concerns the latter category. These data are
mostly reported in the NSIS by German immigration oces (Auslnderbehrden).28
A limited interpretation of Article 96 CISA has been advocated by Westphal, an
instructor at the Federal Police Academy (formerly the Border Police Academy).
According to him, Article 96 would not allow the systematic storage of data on
third-country nationals in the NSIS. Each report in the NSIS would have to be
based on an individual decision and each decision would require the balancing of
the dierent interests at stake.29
3.2.2. Persons to be Expelled, Removed or Deported
Registration on the basis of Article 96 (3) is based on 11 (1) together with 50 (7)
of the Residence Act 2004 ( 8 (2) and 42 (7) of the former Aliens Act) and section 2.2.1 of the general instructions, AAH-SD. These rules provide for the registration of third-country nationals who are either expelled, removed or deported.
The German Residence Act dierentiates between the requirement to leave federal
territory (Ausreisepicht); expulsion (Ausweisung); removal (Zurckschiebung),
deportation (Abschiebung) and, nally, the ban on entry (Einreise- und
Aufenthaltsverbot).30 On the basis of 11 (1) Residence Act, a person who is ordered
to leave the country or has been expelled, deported or removed, is forbidden from
re-entering Germany. Infringement of this prohibition of stay or entry is a criminal

28
29
30

There are approximately 650 immigration oces in Germany.

V. Westphal & E. Stoppa, Auslnderrecht fr die Polizei, 3. Auage, Lbeck: 2007, p. 547 .
I use the words included in the ocial English translation.

392

Chapter 12

act in accordance with 95(2) Residence Act and is punishable by a term of

imprisonment of a maximum of 3 years or a ne. This re-entry ban is the formal
grounds for storing data on third-country nationals into the NSIS on the basis of
Article 96 (3).
The criteria for expulsion decisions (and thus for registration in the NSIS
on the basis of Article 96 (3) ) are provided in 5355 and 57 of the
Residence Act 2004.31 These rules include a distinction between three categories of expulsion: criteria based on which a third-country national must
be expelled (Zwingende Ausweisung), criteria based on which the authorities
will usually expel a third-country national (Regelausweisung) and, thirdly, situations in which the authority concerned has discretionary power
(Ermessensausweisung). The rst category includes convictions for intentionally committed oences including custodial sentence for at least three years,
but also custodial sentences for smuggling of foreigners. The second category
includes criminal convictions and/or the reasonable belief that this person is
or was a member of a terrorist organisation or supports such an organisation.
Immigration authorities will have to assess the dierent interests at stake in
the third category of situations as described in 55 Residence Act. This
includes, among other things, decisions concerning the violation of immigration law, drugs oences, or the fact that the person or his or her family is
claiming social security funds. With regard to decision-making in this latter
category, immigration oces should take into account the length of stay in
Germany of the person concerned and the consequences for the remaining
family members with legal residence in Germany ( 55 (3) ). The rst criterion is comparable to the sliding-scale mechanism in the Netherlands
(see Chapter 13).
German immigration ocers are obliged to report a third-country national
who falls within the scope of 11 of the Residence Act to the NSIS without
delay.32 Both the prohibition of stay or entry and the time limit of this re-entry
ban should be registered in the NSIS. As we will see below, immigration ocers
often do not restrict the re-entry ban at all. A third-country national has the
right to apply for a restriction of the re-entry ban in time; however, this requires
an active role on the part of the third-country national involved. In practice,
third-country nationals are not aware of this right because they are not informed
by immigration ocers. Additionally, they do not always have a lawyer who
could inform them of their rights after their expulsion.

31
32

The rules on removal and deportation are provided in 5758.

2.1, 4.1.4.3 and 4.2.2 AAH-SD.

Germany

393

3.2.3. Unlawful Data Storage Regarding Rejected Asylum Seekers

The practical implementation of Article 96 (3) CISA resulted in a large number
of rejected asylum seekers who were, as we will see hereafter, unlawfully registered in the NSIS by German immigration oces. This practice led in 1999 to
the famous judgment of the highest administrative court in France, declaring
this German practice unlawful.33
The illegal storage of data on asylum seekers has its origins in an administrative
procedure which is applied in Germany to persons whose asylum application has
been denitively rejected.34 If an asylum application has been rejected, this does not
lead automatically to a prohibition of entry of this person. The decision
is linked to a time limit within which the person must leave Germany. During this
period of time, the person may lodge an appeal against this decision and the deportation order. Only if this appeal is rejected by the court, which means the person is
no longer permitted to stay in Germany, the above time limit will apply. The person
will receive an ocial warning from the immigration oce that he is obliged to
leave Germany and receives a form (Grenzbertrittbescheinigung) which he has to
hand to the border ocials upon actually leaving Germany. The border ocials are
required to return the document to the immigration oce issuing this form.
If this latter oce does not receive the form within the prescribed time, it will,
based on the assumption that this person has not left Germany, automatically report
this person to the German aliens administration (Auslnderzentralregister or AZR,
see further section 4.1 below). Based on 11 (1) of the German Residence Act, asylum seekers who have gone into hiding or who have left Germany independently
may only be registered in the AZR or INPOL, but not in the NSIS, for the purpose
of arrest or of nding their place of abode. However, in practice, the immigration
oces do not dierentiate between the AZR and the NSIS and, often, these asylum
seekers are also stored in the NSIS. The AAH-SD explicitly forbid the registration
of third-country nationals in the NSIS solely for the purpose of tracing the place of
abode of the person concerned.
This unlawful practice has been commented on in various reports and by
various authors. Despite this information and the communications which have
been specically directed by the Ministries of the Interior to their immigration
oces, immigration oces still continue this unlawful registration in the NSIS.35
In my view, this practice is caused by an unclear provision in the AAH-SD.

33
34

35

Conseil dtat, Forabosco, see above, Chapter 11, section 7.3.

See also on this practice: C. Saas, Les refus de dlivrance de visa fonds sur une inscription au
Systme Information Schengen, Cultures et Conits 2003, no. 4950.
See recent annual reports by the German Data Protection Authorities of dierent Lnder,
described in section 6.5.3.

394

Chapter 12

According to 2.2.1.2 of these instructions, immigration oces may report

third-country nationals to the NSIS on the basis of Article 96 (2) if an expulsion
has been planned but not implemented because the person concerned went into
hiding or left Germany independently. It seems odd that commentators never
took into account the ambivalent rules included in these rules from 1998. Even
if these rules are non-binding, they seem to be the only available guideline for
the authorities involved.
3.2.4. Registration Based on Public Order and Security Grounds
The second category concerns Article 96 (2) CISA and alerts on persons to be
stored in the NSIS on public order or security grounds. Although they are in
principle competent to do so, German immigration oces will rarely report
third-country nationals in the NSIS on the basis of Article 96 (2). In general, this
category of third-country nationals is reported by the Federal Police (formerly
the Bundesgrenzschutz or Border Police) on behalf of the BKA, the Federal Agency
for the protection of the Constitution (Bundesamt fr Verfassungsschutz) and the
Ministry of Foreign Aairs. The criteria upon which third-country nationals are
to be entered in the NSIS on the basis of Article 96 (2) are described in internal,
condential rules.36 However, it seems that the most important grounds being
used for the storage of this category of third-country nationals is internal security
(Gefahrenabwehr). Generally, the Federal Police will use the following criterion
for this registration: the greater the current danger or risk at stake, the less
concrete the suspicions against the person concerned need to be.37
In 2003, the Federal Commissioner for Data Protection (see section 6.5) investigated the criteria being used for registration based on Article 96 (2).38 The
Commissioner especially focussed on the responsibility of the Federal Police to
check the legality and proportionality of these reports, before forwarding the data
to the NSIS. The Data Protection Commissioner found that, in many cases, this
check was not appropriately performed and that the Border Police did not check,
using further information, whether the legality of the NSIS alerts is guaranteed.
A second problem which was raised by the Data Protection Commissioner
in his report of 2003 concerned the persons reported on the basis of information
from the Bundesverfassungsschutz or Bf V. According to the Data Protection
Commissioner, the NSIS should only contain information on individuals on the
basis of risks established by general police standards (wenn eine Gefahrenlage nach

36
37
38

Polizei Dienst Vorschrift 384-I and II.

Interview with Volker Westphal, 2005.
20th Report (Ttigkeitsbericht) of the Federal Data Protection Commissioner, 20032004, para.
3.3.2.2 and para. 5.3.8.

Germany

395

polizeirechtlichen Mastben vorliegt ). Therefore, only Article 99 CISA (secret

surveillance) would allow registration based on national security grounds forwarded by national intelligence services. The Data Protection Commissioner was
critical that, with the approval of the Federal Ministry of the Interior, Article 96 (2)
had been used to store information on persons on the basis of information from
the Bf V, for the protection of the free democratic constitution of Germany or
for purposes of public security. This practice was conrmed by the head of the
SIRENE oce at the BKA during a parliamentary hearing in 2005.39 He referred
to the reporting of third-country nationals, for example, suspected terrorists or
members of the Taliban, in the NSIS for the purpose of refusal of entry on the
sole basis of information from national security agencies, including foreign
organisations. In his evidence, he (wrongly) suggested that the Federal Data
Protection Commissioner would have approved this practice.
As we have seen above, based on Article 96 (2), Germany also inputs data on
persons on the UN terrorist lists into the NSIS. There is no ocial decision on
this matter but, in an informal agreement of the Schengen Working Party of
2004, Germany agreed to include these persons in the NSIS on behalf of the
other Schengen States.40 Until 2005, this registration, managed by the Ministry
of the Interior, was performed for 75 of the 500 listed persons because the others
could not be properly identied for the purpose of the NSIS.41
Thirdly, the Data Protection Commissioner referred to several examples in
which the category of Article 96(2) was misused for storing individuals in the
NSIS against whom another State has issued an extradition arrest, but whose
extradition was prohibited by German law. Since these persons cannot be extradited because of the applicable laws in the requesting states allowing for death
penalty or the use of torture, the German authorities list these persons in the
NSIS, to prevent them from entering the Schengen territory.
3.3. In the Beginning: Storing Old Data in the NSIS
In the run-up to the operational start-up of the NSIS between 1994 and 26
March 1995, the BKA simply copied the existing les on third-country nationals
from the Federal Police le, INPOL, into the NSIS. This meant that persons

39

40

41

Written evidence of the hearing of witnesses, 2. Untersuchungsausschuss, Deutscher Bundestag,

27. Sitzung, 22.06.2005, p. 60. These hearings concerned the parliamentary inquiry on the
fraudulent visa policy of sta members in the German embassy at Kiev.
Outcome of Article 36 Committee, 9182/03, 12 May 2003. Also dealt with in Chapter 4,
section 3.
Source: interviews held in 2005 with ocials of the BKA, the Federal Data Protection
Commissioner and the data protection authority of Hesse.

396

Chapter 12

were registered in the NSIS for oences which occurred more than ten years ago
and for reasons which were not envisaged in the CISA. As a result, Germany was
for a long time responsible for the majority of data in the NSIS, compared to the
other Schengen states. On 1 January 1997, of the 536,022 Article 96 reports in
the SIS, 444,019 were submitted by German authorities.42 A large clean-up
operation was performed by BKA in 1997. This resulted in the deletion of
207,000 records on third-country nationals to be refused entry and, on 1 January
1998, of the 603,497 reports in the NSIS, only 289,993 came from the German
authorities.
Another, smaller clean-up operation took place in 1998 on the basis of the
three-year time limit of Article 112 CISA, which forced the German authorities to
check the need for further storage. This and further clean-up operations after 1999
resulted in a further decrease in German reports on third-country nationals in the
NSIS. On 1 January 2005, 176,392 reports on third-country nationals were
reported in the NSIS by the German authorities.43
3.4. Authorities with Access to NSIS Data
According to the annual report from the SIRENE Working Party to the Council,
the following German authorities are authorised to have direct access to the category of Article 96 CISA (data on third-country nationals to be refused entry):
the police forces of the Lnder ;
the Federal Criminal Police Department (BKA);
the Federal Police (former Border Guard or Bundesgrenzschutz);
the immigration oces of the Lnder;
the Federal Oce for the Recognition of Foreign Refugees (Bundesamt fr die
Anerkenning Auslndische Flchtlinge, or BAMF);
the diplomatic and consular posts; and
the parliamentary committee on police and security matters.44

In 1998, the German authorities consulted the NSIS 65 million times; 52%
were accounted for by the German border police.45 In 2000, 14,000 police agencies had access to the NSIS, performing more than 5 million checks each month.46
In 2005, according to information submitted by the government to the parliament,

42
43

44
45
46

H. Busch, Neue Wachstumringe im SIS, Brgerrechte & Polizei/CILIP 63 (2/99), p. 8084.

This is still almost 25% of total alerts concerning third-country nationals (714,078) in SIS.
Report by the C.SIS Exploitation team, 01/01/2005.
According to the report in the Council document 16023/04, 10 December 2004.
H. Busch (1999), p. 8084.
M. Tuner, Das Schengener Informationssystem, Kriminalistik 1/00, p. 40.

Germany

397

there were 70 million consultations.47 The government could give only an

approximate number of the Federal authorities which had access to the NSIS in
2005 (12,000), but did not have any information on the number of terminals
with access to the NSIS in the Lnder.
3.5. Functioning of SIRENE
SIRENE is part of the BKA. It is located at the BKA premises in Wiesbaden.
The function of SIRENE Germany is comparable to its counterparts in the
Netherlands and France. As a result of the central position of the BKA with
regard to the implementation, coordination and political negotiations regarding
Schengen, SIRENE also seems to have an important role with regard to the
practical implementation of the NSIS.
The functions of and the relationship between SIRENE and the immigration
oces in the Lnder are regulated in 2.2.2.3 AAH-SD. SIRENE is responsible for checking whether the applicable time limits of the alerts in the NSIS are
respected. The way in which this checking takes place is discussed in section
6.4.1. SIRENE does not check the lawfulness of the grounds for the national
alerts. As in the other countries, SIRENE plays an intermediary role between
national authorities and the authorities in other Schengen states based on the
consultation procedure of Article 25 CISA. With regard to the applicable rules
and practical problems, the SIRENE oce in Wiesbaden performs the role of a
24-hour helpdesk for the dierent German oces involved in the NSIS.
3.6. Article 96 Hits: Duties and Responsibilities of German Authorities
3.6.1. Refusal of Entry
According to 1.5 AAH-SD, German ocials have the general duty to check the
NSIS with regard to every decision based on immigration law (auslnderrechtliche
Entscheidung). The German Residence Act dierentiates between situations in
which the border authorities are obliged to refuse a person entry and situations in
which they have a margin of appreciation. On the basis of 14 and 15 Residence
Act, individuals should be refused entry if they are not in the possession of the
required travel documents, if they do not have the required residence permit, or if
a re-entry ban applies to this person on the basis of 11 (1). Federal police ocers
at the borders may refuse somebody entry if they have a reasonable motive to
believe that the person intends to stay for purposes other than those communicated to the German authorities or if he or she does not meet the requirements of

47

Bundestag Drucksache 16/1044, p. 6.

398

Chapter 12

Article 5 of the CISA. This means that the refusal of entry based on an Article 96
(3) alert is only imperative if it is based on the re-entry ban of 11 (1) of the
Residence Act. This is also laid down in 5.1.3.1 AAH-SD.
3.6.2. Expulsion of Aliens on the Basis of an Article 96 CISA Hit
Based on the rather complicated regulation of 5.1.3.2 and 5.1.3.3 AAHSD, a third-country national can only be directly expelled on the basis of an
Article 96 (3) alert by German authorities. A person cannot be immediately
expelled on the basis of 96 (3) alerts which are reported by other Schengen
States, nor on the basis of Article 96 (2) alerts reported by German and foreign
authorities. This means that, in these latter situations, a German ocial can
only remove or refuse this person entry at the borders (Zurckschiebung) but not
expel him once he is in the country. In these situations, the German ocial will
have to issue a separate administrative decision. The BKA has criticised this regulation (which only applies in Germany), since this would mean that German
ocers whenever they obtain a hit in the SIS on a person during a check
within the German territory cannot expel this person immediately. In the
situation where persons have been reported to the NSIS by German authorities
on the basis of 96 (2), they will also be stored for the purpose of arrest in
INPOL. So, in this situation this problem would not arise.
3.6.3. Article 96 Hits and Visa Applications
Based on 6 of the German Residence Act, a visa can only be issued if the applicant meets (among other things) the requirements of the CISA. This means,
in accordance with Article 5 CISA, if the person has been recorded in the NSIS for
the purpose of refusal of entry, embassies and consular posts are obliged to refuse
this person a visa. Each visa application is checked against data stored
in the AZR and in the NSIS on the basis of Article 96 CISA. German consulates
and embassies have no on-line access to the NSIS.48 Every visa application is
through a German electronic network, submitted to the Ministry of Foreign Aairs
and from this organisation to the Federal Administration (Bundesverwaltungsamt).
This organisation, responsible for the Central Aliens Administration or the AZR
(see below), will check by consulting the AZR, as well as the SIS and other databases such as the German police le INPOL, whether the person in question is
reported as inadmissible. If the person is reported as such, this information will be
forwarded to the consulate or embassy involved. On the basis of this information,
the visa application will be automatically rejected without further inquiry.

48

Bundestag Drucksache 16/1044, p. 5.

Germany

399

4. Intermezzo: German Policy Governing Third-Country Nationals

4.1. The Central Aliens Administration or the AZR
4.1.1. The Need for a Legal Basis
Since 1953, a centralised administration of aliens living in Germany (Auslnderzentralregister, hereafter AZR) has been established. The automation of this administration started in 1967. This central database, long the largest database on
individuals in Germany, functioned for 40 years without a formal legal basis.
Initially, there was only a legal reference to this registration in the Act on the
Federal Administration of 28 December 1959.49 After the famous Volkszhlungsurteil
in 1983 (see section 6.2.2 below), both the legislator and commentators became
aware that this large database on aliens required a formal legal basis.50 It would
nevertheless take more than ten years before this law was adopted. This Act on the
central aliens administration (Gesetz ber das Auslnderzentralregister, hereafter
AZRG) entered into force on 1 October 1994.51
4.1.2. Content of the AZR
Based on Article 4 of the Immigration Act (Zuwanderungsgesetz) 2004, the
Federal Agency for Migration and Asylum is the authority responsible for the
AZR. In the AZR, information is stored on every non-German national (including EU nationals) residing (not temporarily) in Germany, or persons falling
within the categories listed in 2 (2) of the AZRG. This includes persons having
applied for asylum or a residence permit (visa applications excluded), persons
against whom an expulsion order has been issued, extradited persons, etc.
Although welcoming the legal basis for the AZR, many organisations and commentators opposed the functioning of the AZR.52 The Federal Data Protection
Commissioner and the data protection authorities of the Lnder expressed their
concerns with regard to the AZR at their meeting in 1994.53 Their objections

49

50
51

52

53

Gesetz ber die Errichtung des Bundesverwaltungsamtes, BGBl. I, p. 829, 6: The Federal
Administration Oce holds for the purpose of the administration the Central Administration
on Aliens [AZR] on the aliens residing in Germany.
Bundestag Drucksache 10/5859, 16.07.86.
BGBl. I, 2265; Bundestag Drucksache 12/6938, 12/7520. Further rules are included in
Verordnung zur Durchfhrung des AZR-Gesetzes (AZRG-DV) vom 17. Mai 1995 (BGBl. I,
p. 695) und der Verwaltungsvorschrift zum AZR-Gesetz (AZR-VV) vom 4. Juni 1996 (GMBl.
1996, p. 334).
A. Schriever-Steinberg, Das Auslnderzentralregistergesetz, NJW 1994, Heft 50, p. 3276 and
Th. Weichert, Auslndererfassung in der Bundesrepublik. Die informationellle Sonderbehandlung
von Immigrantinnen und Flchtlingen, Brgerrechte & Polizei-CILIP 45 (2/1993).
9 and 10 March 1994, http://www.lfd.m-v.de/beschlue/ent47.html.

400

Chapter 12

concerned, for instance, the centralised functioning of the administration of

foreigners and the large group of public authorities with on-line access to foreigner administration. They were also concerned about the fact that this database
would be accessible by police and internal security organisations and that the
data stored in the AZR was not directly obtained from the persons themselves.
Finally, they opposed the possibility included in the AZR law of retrieving information from the database about a group of persons, using proling techniques,
in other words using certain common criteria.
In September 1995, lawyers and members of civil rights organisations who were
concerned about the individual rights of the persons registered in the AZR lodged a
constitutional complaint (Verfassungsbeschwerde) against the AZRG. This complaint
was rejected by Federal Constitutional Court in 2001.54 The rejection was based on
the grounds that the law included adequate possibilities for legal remedies for individuals aected by the use of the central foreigner administration. The Constitutional
Court, however, recognised that the German AZRG did not include a right of
information for the data subject, as required by EC Directive 95/46 on the protection of personal data. According to the Constitutional Court, this did not preclude
applicants from using the available remedies in specialist lower courts.
In 2005, the AZR included 23.7 million data on persons, 6.7 million concerning
third-country nationals residing in Germany, and was used by more than 6,000
German organisations.55 By 2004, according to ocial statistics from the Federal
Agency for Migration and Refugee Policy (BAMF), 7.3 million foreigners had
apparently stayed in Germany, of whom 2.3 million were nationals of EU
Member States.56 Later, the BAMF announced that these numbers were wrong.
After the AZR had been reorganised in 2004, the number of foreigners in
Germany reported in this central le dropped from 7.3 million to 6.7 million.57
Data on foreigners, including EU citizens, are to be erased from the AZR when
the foreign national acquires German citizenship, ve years after his death or ten
years after his last departure from Germany.
In 1999, the President of the European Parliament submitted a petition to the
Federal Data Protection Commissioner concerning the fact that the AZR includes
information on EU citizens and questioning whether this was not in breach of
EC Directive 95/46.58 The Data Protection Commissioner concluded that the
storage of data on EU citizens could be necessary. However, according to the
54
55
56

57
58

Bundesverfassungsgericht 10.10.2001 - BvR 1970/95, published in InfAuslR 2/2002, p. 91.

Information provided by the Bundesverwaltungsamt, http://www.bva.bund.de (Dec. 2006).
These data are still referred to in a publication of March 2005 of the BAMF, Immigration Law
and Policy, http://www.bmi.bund.de.
BAMF, Migrationsbericht 2005, p. 103105. http://www.bmi.bund.de.
19th Report Bundesdatenschutzbeauftragten, 20012002, p. 166. http://www.bfdi.bund.de.

Germany

401

Data Protection Authority, the systematic storage of data on all EU citizens

residing in Germany would be unlawful. On 7 July 2004, the European
Commission began legal proceedings against Germany before the Court of
Justice, claiming that the registration of EU nationals is in breach of the nondiscrimination clause of Article 6 of the EC Treaty.59 On 28 December 2006, the
Oberverwaltungsgericht of North Rhine-Westphalia lodged a preliminary request
regarding the registration of EU citizens in the AZR.60 The German court submitted the question of whether the general processing of the personal data of EU
citizens in the AZR is compatible with:
a. the prohibition of discrimination on the grounds of nationality against citizens
of the Union who are exercising their right to move and reside freely within
the territory of the Member States (rst paragraph of Article 12 TEC in conjunction with Articles 17 TEC and 18(1) TEC);
b. the prohibition of restrictions on the freedom of establishment of nationals of
a Member State in the territory of another Member State (rst paragraph of
Article 43 TEC);
c. the requirement of necessity under Article 7(e) of Directive 95/46/EC on the
protection of individuals with regard to the processing of personal data and
on the free movement of such data.
4.1.3. Amendments on the Basis of the Prevention of Terrorism Act
The German Prevention of Terrorism Act (Terrorismusbekmpfungsgesetz, hereafter
TBG) of 20 December 2001 extended the competences of German authorities
in the eld of internal security and data control.61 This law provided the basis for
a variety of measures facilitating the gathering of information by security agencies and police. The new competences in the eld of information exchange and
recording were justied by a spokesman for Mr. Schily, the former Minister of
the Interior, with the argument that, data protection should not result in terrorist protection.62 With regard to information exchange in general, the Federal
Internal Security Agency (Verfassungsschutz) obtained increased powers to retrieve
information from, for instance, telecommunication and postal organisations,

59

60
61

62

According to the Federal Data Protection Commissioner in its 20. Ttigkeitsbericht 20032004
para. 6.1.4. I found no further information on this procedure.
Case C-524/06, Heinz Huber v. Germany.
BGBl. 2002 I, 361. This law entered into force on 9 January 2002. See, for a general overview of
this legislation: E. Brouwer, Germany: Controlling Data, in: Brouwer, Catz & Guild (2003),
p. 27 . See also: U. Davy, Immigration, Asylum, and Terrorism: How do they relate in
Germany?, in: Baldaccini & Guild (2006), p. 177 .
Speech of 16.10.2001, cited in the position of the German Data Protection Association of
25.09.2001.

402

Chapter 12

airlines and nancial organisations (Article 1 TBG, change to the Federal

Protection of the Constitution Act). Article 1(6) TBG introduced the obligation for
the Federal Agency for the Recognition of Foreign Refugees and the German immigration oces to forward information voluntarily to the Internal Security Agency,
each time there are actual indications that this data exchange is necessary for the
execution of the tasks of this latter institution. 16 V (1) 1 of the Asylum Procedure
Act allows for the ngerprints of asylum seekers to be compared automatically
with police data.
The TBG included some amendments to the AZRG, allowing wider use of the
data stored in the AZR. 12 AZRG already provided for the exchange of information on groups of aliens meeting the same criteria. This practice of group proling or Gruppenauskunft is allowed, rstly, when this is in the interests of this
particular group of persons, for example if the public authorities want to send
special information to this group. It is also possible to forward information on
groups of aliens from the AZR to police or security ocials, if this is necessary for
national security or a criminal investigation. This measure involving the proling
of aliens does not meet the same, stricter rules of proling as regulated in the general police laws. With the TBG, the possibility of group proling has been further
expanded. The new 12 (1) AZRG allows the collection of data on a group of
persons on the basis of the more general criterion of for the prevention of
danger, instead of the former narrower requirement of actual present danger.
With 13 (7) of the TBG, a new paragraph has been inserted in the AZRG,
granting organisations such as the police, the Federal Police (former Border
Police) and the customs authorities easier access to this database, including
on-line access. The information retrieved by these organisations may be recorded
for 510 years. Finally, a new provision in AZRG ( 3) made it possible to store
information on the religion of the person concerned in the AZR if this person
forwarded this information voluntarily.63
Many organisations have expressed concerns about the discriminatory and
stigmatising eects of the provisions under the TBG, particularly the restrictive
measures aimed at asylum seekers and immigrants. In November 2001, the
German Data Protection Association published a position specically referring
to the consequences of the draft TBG for foreigners.64 In this position paper, the
association criticised the extra measures taken to control third-country nationals,
in the form of the registration and the exchange of information.

63

64

This new provision has been described as a useless, even dangerous provision by Th. Weichert,
Datenschutz fr Flchtlinge nach der Anti-Terror-Gesetzgebung, Asylmagazin 4/2002, p. 49.
German Data Protection Association (Deutsche Vereinigung fr Datenschutz) with relation to
the provisions in the draft TBG, which especially relates to the data protection of foreigners,
15 November 2001.

Germany

403

4.2. Visa Information System

The German visa database (Visadatei) is the second largest personal database in
Germany. Although this database has been in existence since 1953 as a complement to the AZR, it was only legalised with the AZRG in 1994. The use of and
information to be stored in this database are regulated in 2833 AZRG. The
Federal Criminal Police Oce, the Federal Police and the immigration oces of
the Lnder are authorised to have access to the visa database. Originally, the German
visa database only included records on every visa application forwarded to one of
the German embassies or consular posts. On the basis of 29 AZRG, as amended
by Article 13(9) TBG, not only visa applications, but also all decisions made with
regard to this application are recorded, including the withdrawal of a visa. Moreover,
the amendment provided for the recording of photographs in the visa database.
In 2005, the time limits applying to the storage of data in the visa database
were extended. Before this amendment, data regarding visa applications were to
be stored for two or three years. The three-year time limit applied to visa applications by third-country nationals from certain countries and was justied on the
basis of internal security reasons. These time limits have been changed to ve and
10 years respectively.65
By 2004, the German visa database held 10.8 million records on persons,
including 3 million decisions with regard to visa applications and 1.7 million
photographs.66 Prior to the decision-making on VIS taken at EU level, in 2000
the German government launched a pilot project VISA 2000. This project
includes an automated data processing network, allowing every embassy and
consular post to enter their data on visa applications. Using this system, other
embassies can discover whether an applicant has already applied for a visa from
another German representative.67 As we have seen in Chapter 5, the EU Visa
Information System is based on the same idea.
4.3. Computer Proling or Dragnet Searching (Rasterfahndung)
4.3.1. Before 11 September 2001: Tracking RAF Terrorists
The practice known as computer proling or dragnet searching (Rasterfahndung 68)
was developed by the BKA during the 1970s. Introduced by Horst Herald, the
president of the BKA between 1971 and 1981, computer proling was developed
65

66
67
68

19 of the implementing rules to the AZRG (Verordnung zur Durchfhrung des Gesetzes ber
das Auslnderzentralregister - AZRG-DV), Act of 14.10.2005, I 2982.
See the 20th Report of the Federal Data Protection Commissioner, 20032004, para. 6.2.4.
19th Report 20012002, Federal Data Protection Commissioner, p. 41.
Literally, Rasterfahndung means raster or grid search. Based on the assumption that specic criteria apply to the searched person or group of persons, information on large numbers of persons
is further reduced by deleting those persons who do not meet all of these criteria.

404

Chapter 12

into a specialised technique by the German police. This technique is used to

retrieve information on suspected persons by comparing dierent public and nonpublic databases using a sociological and psychological prole of the person targeted. The rst time computer proling was claimed to have been used was in
1979, when the German police arrested Rolf Heiler, a suspected member of the
radical left-wing organisation, the RAF. Based on the assumptions that a terrorist
would only rent accommodation of 13 rooms, would not register with the local
municipality and would only pay his water and electricity bills in cash, the German
police was able to trace Heiler by comparing the dierent relevant databases.
This use of computer proling was critically received in the public arena. The
opposition was based largely on the concerns of individual data protection and
the fact that this practice lacked any legal basis. When other operations of the
BKA, involving the use of computer proling, were brought out into the open,
the Federal Minister of the Interior banned the further use of this method.69
In 1992, the German law against organised crime provided a legal basis for
so-called repressive computer proling, conned to the investigation of certain
criminal acts and bound by formal requirements such as control by the judiciary
and the duty to report the use of proling to the Federal Data Protection
Commissioner. With the exceptions of Bremen, Schleswig-Holstein and Lower
Saxony, the laws of the German Lnder regulating the tasks and powers of the
police provided for the possibility of computer proling for the general purpose
of preventing danger (Gefahrenabwehr).70 These laws included dierent criteria
on the situations in which computer proling is allowed. In Bremen, the use of
Rasterfahndung was deleted from the Lnder Police Act (Landespolizeigesetz) in
August 2001, because of the persistent critical views of this practice and the
apparently quite situation which would not require such intrusive methods.
On 25 October 2001, however, after the terrorist attacks in the United States,
the legislator of Bremen reintroduced its legal basis for Rasterfahndung.
4.3.2. After 11 September 2001: Tracking Islamic Terrorists
During a meeting of the police forces of the German Lnder in October 2001,
it was decided that the police forces would start computer proling. This decision was taken because research by the FBI showed that one or more of the
hijackers of the US airplanes, responsible for the attacks of 11 September 2001,
had been living in Hamburg for years, including Mohammed Atta. On the basis
of a prole provided by the BKA, police forces started searching for possible

69

70

B.A. Bischof, Europische Rasterfahndung grenzenlose Sicherheit oder glserne Europer?,

Kritische Justiz, Jrg. 37, Heft 42004, p. 362363.
B.A. Bischof (2004), p. 367 .

Germany

405

fundamentalist Muslim terrorists living inconspicuously in Germany, known as

sleepers (Schlfer). The prole used for this search was based on the identity of
three perpetrators of the US attacks and included criteria such as: being male
and Muslim without being fundamentalist in public, residing legally in
Germany, having no children, being (technically) a student, speaking dierent
languages, frequently applying for a visa and obtaining or holding a ying qualication. The information found by comparing population registers, the central
aliens administration or AZR and the registers of universities/polytechnics, was
forwarded by the Lnder to the BKA. The BKA stored the information thus
gathered in a specially created database on sleepers: Verbunddatei Schlfer.
In Hamburg alone, according to a German newspaper, between October 2001
and January 2002, 30,000 male students were checked and, on the basis of this
check, 140 persons were directly contacted by the police.71
Although the BKA played an important role in the whole operation, the gathering of information using data proling took place under the auspices of the
dierent Lnder. A special Coordination Group on International Terrorism
(Koordinierungsgruppe Internationaler Terrorismus, KG IntTE) coordinated the
interpretation of the information and the provision of further proles. Answering
a question from the PDS in the German Parliament on the extent and the eects
of the measure, the Federal government announced, in February 2002, that the
practice of computer proling was primarily the responsibility of the German
Lnder and that, as such, the Federal government could not give much information on the current results.72 In the light of the applicable security regulations in
the dierent Lnder, the government considered the measures legal and proportional. On 30 March 2003, the BKA stated that the data proling operation had
ceased, the special database on sleepers was erased on 30 June 2003 and all the
comparative data was deleted on 21 July 2003.73 In a nal report, the Commission
on Internal Security (Kommission Staatsschutz), under the auspices of Ministry of
the Interior, concluded that the goal of the dragnet search operation, to nd
more sleepers in Germany, had not been achieved yet. According to this unpublished report, the BKA encountered dierent problems during the operation,
such as a lack of coordination with the various Lnder and a lack of sucient
resources. This included the lack of sta to analyse the available information.

71
72
73

Der Tagesspiegel, 22.01.2002.

Bundestag Drucksache 14/8257, 18.02.2002.
M. Kant, Nothing doing? Taking stock of data trawling operations in Germany after 11
September 2001, Statewatch, May-August 2005 (Vol. 15 no. 3/4), p. 19.

406

Chapter 12

NGOs, data protection authorities and politicians strongly opposed the

practice of Rasterfahndung to trace Muslims living in Germany. In a press release
of 24 October 2001, the German Data Protection Association advocated the
termination of the computer proling because it constituted a violation of constitutional and human rights for certain groups, such as the right to privacy, freedom of religion and the presumption of innocence.74 In its annual report for
20032004, the Federal Data Protection Commissioner called for an extensive
debate on the usefulness and legality of this computer proling practice after 11
September. The Data Protection Commissioner considered a timely debate especially necessary in view of the fact that the German government tried to extend
this practice to the other EU Member States.75
4.3.3. Assessment of Data Proling by Lower German Courts
Between January and November 2002, several German courts passed judgment
on complaints from persons about the forwarding of their personal data to the
police either by universities or population oces.76 The available German jurisprudence with regard to this practice shows dierences in interpretation depending
on whether there is a current actual danger to internal security, which, according
to the applicable laws of the Lnder, is a condition for lawful computer proling.
In the majority of the judgments found, the courts accepted the prognosis of risk
as presented by the local and Federal governments for the justication of the use
of data proling.
In North Rhine-Westphalia, the local population oce and universities provided
the police with information on all males aged between 18 and 40. When a Jordanian
national lodged a complaint with the competent courts, the Court of Appeal in
Dsseldorf (Oberlandgericht) upheld the decisions of the lower courts. In these latter judgments, the use of his personal data had been considered legal because the
applicant fell within the category of the required proximity to a dangerous situation purely because of his nationality.77 The Court of Appeal ruled on 8 February
2002 that, regarding a decision as to whether there is a current danger to internal
security, lower standards may be applied to judge the actual risk of a potential danger if the expected damage is substantial. However, dealing with the complaint
from a German national, the Court of Appeal ruled on the same date that the
retrieval of information was disproportionate and therefore an infringement of the

74

75
76
77

Stellungnahmen zum Sicherheitspaket II anlsslich der Pressekonferenz im Haus der Demokratie

und Menschenrechte am 24.10.2001 in Berlin; http://www.cilip.de/terror/stellung.htm.
20th Report Federal Data Protection Commissioner 20032004, p. 55.
See for an overview and publication of this jurisprudence: http://www.cilip.de.
Decision of 8 February 2002, Az. 3 Wx 351/01. http://www.olg-duesseldorf.nrw.de.

Germany

407

applicants right to informational self-determination (see section 6.2 below).78

According to the Dsseldorf Court of Appeal, the authorities should have
assessed whether a less intrusive method could be applied. In this case, the court
found that the data proling could have been limited to males holding the
nationality of or born in one of the states listed as a risk country, or males who
were Muslim.
On 22 March 2002, the Administrative Court of Appeal of Rheinland-Pfalz
annulled the decision of the lower court, in which it was decided that computer
proling was illegal and disproportionate.79 The Court of Appeal concluded that
this measure was eective and proportionate. This reasoning was based solely on
the real chance that terrorist attacks would occur again. In a judgment of 27
February 2002, the administrative court of Hamburg explicitly found that there
was a current threat of danger during the period when the disputed computer
proling took place, i.e. the period between 19 September and 15 October
2001.80 According to this judgment, the fact that the Federal government had
announced in parliament on 12 September 2001 that there were no indications
that terrorist attacks would occur in Germany did not rule out the existence of a
current threat of danger.
In other judgments, the practice of computer proling was declared unlawful.
For example, the judgments of both the Amtsgericht in Berlin and the Landgericht
in Wiesbaden dealt with public and private organisations which had submitted
to the police, upon request, data regarding young male Muslim students from
dierent databases.81 The Berlin judgment dealt with the appeal of students from
Muslim countries, as well as several students from Israel and France. The courts
ruled that the data exchange in question was unlawful because there was no current threat to internal security. With regard to this latter assessment on the
current threat to Germany, both courts relied on various press statements by the
Minister of the Interior. In April 2002, the higher civil court (Kammergericht) of
Berlin annulled the decision of the Amtsgericht in Berlin, stipulating that the
court gave a too narrow denition of what constituted a threat to the internal
security.82 In line with the decision of the Court of Appeal of Dsseldorf, the
court of Berlin ruled that when the damage to be feared is substantial, lower
standards could be applied to the prognosis of that danger.

78
79
80
81

82

Decision of 8 February 2002, Az. 3 Wx 357/01. http://www.olg-duesseldorf.nrw.de.

Oberlandesgericht Rheinland-Pfalz, 22.3.2002, Az. 12 B 10331/02, OVG (1 L1106/O1.MZ).
Verwaltungsgericht Hamburg, 27.02.02, Az. 14 VG 446/02.
Amtsgericht Tiergarten, 15.01.2002, Az. 84 T 8/02, LG Berlin, and Landgericht Wiesbaden,
6.02.02, Az. 4 T 707/01.
Kammergericht Berlin, 16.4.2002, Az. 1 W 8998/02 (84 T 278, 288, 289, 308, 309, 348351/01.

408

Chapter 12

Finally, I refer to a judgment of November 2002, when the administrative

court of Giessen dealt with a claim from a Moroccan student, objecting to the
transmission of personal data by his university to the police.83 This court granted
him a temporary injunction, ordering the cessation of further data exchange
between the university and the police. The court found that the police order
based on which the data communication took place was not preceded by the
necessary balance of interests and lacked a specic legal basis.
4.3.4. The Constitutional Court and Data Proling Rasterfahndungsurteil
Four years after the practice of data proling had formally ceased, the
Constitutional Court published an important judgment in which it made clear
that data proling is only justied under special and specied circumstances.
This judgment, of 4 April 2006, concerned the complaint by a Moroccan student concerning whom (and 11,000 others) the police in North Rhine-Westphalia
had gathered personal information using data proling.84 This refuted practice of
data proling occurred between 2001 and 2004. According to the government,
cited in this judgment, the information gathered did not lead to any suspects.
The Constitutional Court decided that this use of data proling, based on an
earlier transmission of 5.2 million data items within North Rhine-Westphalia,
was a disproportionate breach of the applicants constitutional right to privacy.
In its judgment, the Constitutional Court explicitly referred to the extended
scope of the collection of information by the German authorities, the use of
many dierent information systems and the higher risk for the person concerned
of becoming a target of criminal investigation through this use of data proling.
The consideration of the Constitutional Court is important, according to which
data proling implies, for those whose constitutional rights are aected, the risk
of becoming the subject of further administrative control measures. The
Constitutional Court also referred to the possibility of stigmatising a group of
persons in public life, especially when it concerns, as in the refuted practice of
data proling, persons from specic countries who are also Muslim.
For those persons whose constitutional rights it aects, data proling means a
higher risk of becoming the target of further ocial investigative measures. This has
been demonstrated to a certain extent by the outcome of the data proling implemented since 11 September 2001. () Furthermore, the very fact of police data
proling having been carried out according to certain criteria if it becomes known
can have a stigmatising eect on those who meet these criteria. () It is relevant,
with regard to the intensity of the eects of the data proling carried out since

83
84

Verwaltungsgericht Giessen, 8.11.2002, Az. 10 G 4510/02.

Decision of 4 April 2006, 1 BvR 518/02, http://www.bundesverfassungsgericht.de.

Germany

409

11 September 2001, that it is targeted at foreigners of certain origins and Muslim

beliefs, which always involves the risk of spreading prejudice and stigmatising these
population groups in the public perception.85

The Court concluded that such a measure could only be justied on the basis of
a specic threat of an attack which would cause substantial harm, where the
threat is based on concrete facts. Finally, the German Constitutional Court found
that the general situation of threat prevailing since the events of 11 September
2001 or the threat of terrorist attacks apparently caused by current foreign policy
positions or military operations were not sucient reasons to justify this practice
of data proling.
4.4. Biometrics and Border Control
Long before the discussions started at EU level, the use of biometrics for the
purposes of identity and immigration control was already on the agenda of the
German government. In 1993, during the discussions in the German Parliament
with regard to the NSIS, a member of the Liberal Party (FDP) refers to the plans
by the German Minister of the Interior to establish partly automated border
control (teilweise automatisierten Grenzkontrolle).86 These plans were to include
the use of biometric data (ngerprints and length of hand) in travel documents,
to be stored in a database.87 Since that time, the use of biometrics has regularly
reappeared on the German political agenda. After the terrorist attacks in the US
and, later, in Madrid and London, the former Minister of the Interior, Mr. Schily,
pursued a dynamic approach to the projects involving the use of biometrics for
security purposes. For example, the insertion of biometric data into the residence
permit was envisaged in the new Residence Act of 2004. Based on Article 78 (3)
of the Residence Act, a residence permit may include: a photo, biometric

85

86

87

Para. 110112. Translation Claire Singleton (Die Rasterfahndung begrndet fr die Personen,
in deren Grundrechte sie eingreift, ein erhhtes Risiko, Ziel weiterer behrdlicher
Ermittlungsmanahmen zu werden. Dies hat etwa der Verlauf der nach dem 11. September 2001
durchgefhrten Rasterfahndung gezeigt. () Ferner kann die Tatsache einer nach bestimmten
Kriterien durchgefhrten polizeilichen Rasterfahndung als solche - wenn sie bekannt wird - eine
stigmatisierende Wirkung fr diejenigen haben, die diese Kriterien erfllen. () So fllt etwa
fr die Rasterfahndungen, die nach dem 11. September 2001 durchgefhrt wurden, im Hinblick
auf deren Eingrisintensitt ins Gewicht, dass sie sich gegen Auslnder bestimmter Herkunft
und muslimischen Glaubens richten, womit stets auch das Risiko verbunden ist, Vorurteile zu
reproduzieren und diese Bevlkerungsgruppen in der entlichen Wahrnehmung zu
stigmatisieren.)
Wolfgang Lder (FDP) in Deutscher Bundestag, 12. Wahlperiode, 163. Sitzung Berlin, 17 June
1993, 14016.
See also 14th Report of the Federal Data Protection Commissioner.

410

Chapter 12

data: ngerprints, hands or face and possibility of encrypted storage. The use of
an automatic reading zone (including data on name, date of birth, gender,
nationality and residence permit) allows the German authorities to record, transmit and use these data from the automatic reading zone in the performance of
their tasks.
On 12 February 2004, the Minister of the Interior launched a pilot project on
automatic border control supported by the use of biometrics.88 The purpose of this
project, for which 8,600 persons volunteered, was to check the reliability of iris recognition for verication and identication purposes. With regard to the latter, the
test was also intended to check whether the inclusion of biometrics in travel documents could be used to search for wanted persons recorded in police les, such as
INPOL and the NSIS. In 2005, a pilot project was launched with regard to the use
of biometrics at the German embassies and consular posts abroad.
The German parliament (Bundestag) agreed in May 2007 with the amendment
of the German passport law (Passgesetz) providing for the registration of biometrics into the German passports.89 During the parliamentary discussions, the
government and its coalition parties justied this proposal by stressing the obligation to implement EC law on biometric passports. They did not mention that
during the negotiations at the EU level, it was the German government which
actively supported the use of biometrics. Because of general objections in German
policy against the central storage of biometric data, the amended passport law
explicitly provides that the passport data will not be stored into a central, federal
database. The digital photographs and ngerprints only will be inserted into the
chip included in the passport. Furthermore, the amended text provides that only
in emergency cases, law enforcement authorities will have online-access to the
passport data (Eilfall ).

5. Rights and Legal Remedies: Generally Applicable Rules

5.1. Article 19 (4) Constitution
The right to legal remedies for everyone whose constitutional rights are aected
by public administration has been incorporated in Article 19 (4) of the German
Constitution:

88
89

20th Report of the Federal Data Protection Commissioner 20032004, p. 62.

Drucksache 16/4138. The coalition parties CSU/CDU and SDP voted in favour, the opposition
parties against this amendment. See for the parliamentary discussions and plenary voting:
Plenarprotokoll 16/100, 24 May 2007. http://dip.bundestag.de/

Germany

411

Wird jemand durch die entliche Gewalt in seinen Rechten verletzt, so steht ihm
der Rechtsweg oen. Soweit eine andere Zustndigkeit nicht begrndet ist, ist der
ordentlichen Rechtsweg gegeben ().

The German Constitution dierentiates between constitutional rights which

apply universally and other rights which apply to German nationals only. These
latter, so-called basic or civil rights for Germans (Deutschen-Grundrechte or
Brgerrechte), include for example the right to free assembly (Article 8) and free
movement within the federal territory (Article 11). As long ago as 1973, the
Constitutional Court emphasised that the right to legal remedies on the basis of
Article 19 (4) applies in full to individuals holding a foreign nationality, who
claim that their constitutional rights are aected.90 The Constitutional Court
dealt in this case with an expulsion measure against persons of Palestinian Arabic
origin, which was based on a list of suspected persons compiled by the Bavarian
police after the attacks by a Palestinian organisation in Munich during the
Olympic Games. In this and subsequent judgments, the Constitutional Court
stressed the importance of legal remedies with appropriate safeguards to guarantee individuals eective judicial protection.91 The guarantees as dened by the
Constitutional Court included the possibility for the court to review the content
of the administrative decision and the requirement that access to courts should
not be made too dicult by formal requirements. The applicable procedures
should give the claimant not only access to the courts, but also the right to be
eectively heard.
In order to guarantee the right to eective judicial protection in accordance
with Article 19 (4) of the Constitution, the Constitutional Court ruled, in a
judgment of 27 October 1999, that the courts should have access to information
which forms the basis of the refuted decision, in order to be able to assess the
legality of this decision.92 This right includes the duty to transmit the information to the courts even if the les concerned are labelled as condential for
national security reasons. The case concerned the claim from an employee whose
labour contract with a Bavarian governmental agency was not renewed on the
basis of secret information from the German intelligence service (Verfassungsschutz).
The Bavarian government denied the individuals right to have the secret information assessed by an independent court, partly because the decision to refuse
this right would not infringe the data protection rights of the applicant.

90
91

92

BVerfG 18.7.1973, 1 BVR 23 155/73.

BVerfG 16.3.1999, 2 BVR 2131/95, see para. 2021, in which the Court refers to its earlier
judgments.
BVerfG 27.10.1999, 1 BvR 385/90.

412

Chapter 12

The Constitutional Court set this argument aside as irrelevant, stating explicitly
that the right to oer the court the possibility of access to the information during
the judicial process had nothing to do with data protection rights or the right to
self-determination, but everything to do with the applicants right to eective
judicial protection.
Finally, the Constitutional Court stressed, in its case law the importance of the
possibility for courts to grant a temporary injunction (vorlugen Rechtschutz93 or
zeitgerechten Rechtschutz94). According to the Court, this should as far as possible
eliminate the risk of irreparable damage being caused by the immediate execution
of the administrative measure.
Another important provision in the German Constitution is Article 103 (1),
which states that everybody has the right to be heard before a court.95 This provision and the general rule in Article 19 (4) are the basic principles with regard
to the right to eective remedies and have been further developed in the jurisprudence of the Federal Administrative Court and other courts.96 The criteria
developed on the basis of these principles are also relevant to immigration and
data protection law.
5.2. The Klass Case Before the German Constitutional Court
As we saw in Chapter 6, in the Klass judgment of 1978 the ECtHR dealt with
the relationship between the right to privacy as protected in Article 8 ECHR
and the interests of the State to protect internal security. Before this case was
brought before the Strasbourg Court, the German Constitutional Court was
questioned in 1970 on the legitimacy of the disputed legislation on eavesdropping. This practice was based on an amendment to the German Constitution of
1968, permitting wiretaps and other interferences with private letters and telephone conversations, if necessary to combat foreign and domestic enemies.97
The amendment stipulated that recourse to the courts shall be replaced by a
review of the case by bodies and auxiliary agencies to be appointed by parliament. A constitutional complaint regarding this amendment was forwarded
by several German citizens, among them a senior state prosecutor, Gerhard
Klass.98 These applicants complained, rstly, about the lack of judicial review

93
94
95
96
97
98

BVerfG 9.06.1973, 1 BvL 14/72.

BVerfG 27.03.1980, 2 BvR 316/80.
Vor Gericht hat jedermann Anspruch auf rechtliches Gehr.
BVerwG 14.03.2002, Az. 1 C 15.01.
BVerfG 15.12.1970, 2 BvF 1/69.
D.P. Kommers, The Constitutional Jurisprudence of the Federal Republic of Germany, Durham and
London: Duke University Press 1997, second edition, p. 228.

Germany

413

of administrative acts limiting the constitutional rights of citizens and, secondly,

about the fact that the amendment would infringe the essential content of the
constitutional right.
The Constitutional Court rejected this complaint using the concept of a
militant democracy which would require interpreting the Constitution so that
enemies of the Constitution must not be allowed to endanger, impair or destroy
the existence of the state while claiming the protection of rights granted by the
Constitution. According to the Constitutional Court, the substantive limits and
procedural safeguards of the statute satised the constitutional principles of legality and proportionality, while respecting the basic concept of human dignity.
With regard to the claim of the lack of independent judicial control, the
Constitutional Court considered this was not in breach of the general principle
of the separation of powers. In exceptional cases, according to the Court, the separation of powers would allow legal protection against acts by the executive furnished
not by the courts but by independent institutions, appointed or established by
parliament and operating within the framework of the executive department.
According to the Court, the essential point is that the rationale for the separation
of powers, namely reciprocal restriction and control of state power, is still fullled.99 This decision and the reference of the Court to militant democracy can
only be understood by taking into account the violent events in Germany at that
time. And even then, the Court made clear that the lack of judicial control is
only acceptable in exceptional circumstances.
After this rejection of their constitutional claim, Klass and others lodged a claim
before the institutions in Strasbourg, claiming that their rights under Articles 6, 8
and 13 ECHR, had been breached. As we have seen, the ECtHR rejected this
claim as well, but not without formulating important guarantees to be applied
with regard to the use of personal information by internal security agencies.
5.3. Rule of Law: T he Principle of Proportionality
Another principle which is important in the eld of immigration and data
protection law is contained in Article 20 (3) of the German Constitution. This
provision arms the principle of the rule of law, stating: the legislator is bound
by the constitutional order, the administration and the judiciary by the legislation and by the law. According to the Constitutional Court, this notion of the rule
of law implies the duty of proportionality (Verhltnismssigkeit or bermaverbot)
as a standard which generally applies to every state measure.100 In the literature,

99
100

Paras. 2728.
BVerfGE 92, 2777 .; BVerfG 65, 1 [44], BVerfG 23, 1333.

414

Chapter 12

it is considered that the principle of proportionality also applies to measures in

the eld of immigration law. It can be invoked by third-country nationals in
Germany, whether they are residing lawfully or unlawfully.101
5.4. Applicability of Administrative Procedural Law
5.4.1. Dierence in Remedies
The Federal Act on the Procedures of Administrative Courts (Verwaltungsgerichtsordnung, hereafter, the VwGO102) is applicable with regard to administrative
decisions based on the German Residence Act ( 77 ). Furthermore, general
administrative principles are set forth in the Administrative Act of 1976
(Verwalt-ungsverfahrengesetz, hereafter, the VwVfG).103
I will not discuss the details of the German administrative law, but only
describe those rules which are also relevant to data protection and immigration
law.104 In the rst place, German administrative law provides for the general possibility of objection to the administrative authorities (Widerspruch, 68
VwGO). This objection has to be forwarded within one month of the administrative decision being notied to the applicant concerned. With regard to the
rights on legal remedies, the VwGO dierentiates between ve types of judicial
claim, depending on which specic action or measure is required of the
administration.
The rst two claims, the Anfechtungsklage and Verpichtungsklage are regulated in
42 VwGO and include the request to order the annulment of a decision or
the withdrawal (or issue) of an administrative decision respectively. Thirdly, the
so-called Feststellungsklage refers to the request for a formal declaration on the
(non-)existence of a legal right, or the invalidity of a decision ( 43 VwGO).
Fourthly, the Leistungsklage (see 43) is the claim for a judicial order requiring the
administration to act or to abstain from certain action. This appeal can be relevant
in the situation where a person is seeking the prohibition of the transfer of his or
her data to other authorities. A nal option is the use of the so-called Fortsetzungsfeststellungsklage: this is an appeal for conrmation that the refusal concerned
was in breach of the applicable law. Such conrmation can give the applicant the
right to rehabilitation, with a complementary right to nancial compensation.
Furthermore, this conrmation may prohibit the repetition of unlawful decisions.

101

102
103
104

K. Hailbronner in: J.A. Frowein, Torsten Stein (eds.), Die Rechtsstellung von Auslndern nach
staatlichem Recht und Vlkerrecht, Berlin/Heidelberg: Springer Verlag 1987, Teil 1, p. 387.
Act of 21 January 1960, BGBl. 1960, 17.
BGBl. I 1976, 1253.
See for a general description: H. Maurer, Allgemeines Verwaltungsrecht, Mnchen: Beck 2002.

Germany

415

5.4.2. Suspensive Eect of Legal Remedies

On the basis of 80 (1) VwGO, a request for objection to an administrative
decision (Widerspruch) or an appeal before a national court against such a decision, will have automatic suspensive eect (aufschiebende Wirkung) except in the
situations as described in 80 (2). These exceptions include situations where public interests or the pressing needs of the authorities involved in the decision-making
require the immediate execution of the measure. In those cases, these interests
should be motivated in writing. This duty to motivate does not apply if the
authorities involved have to take immediate action in response to emergency situations, such as the threat of harm to life, health or property. According to Renner,
commentator on German immigration law, one of these public grounds as referred
to in 80 (2) would be a registration in the NSIS.105 This, however, would be a
far-reaching consequence. This would mean that if a person appeals against an
expulsion decision based on the NSIS, his appeal against this decision would
have no suspensive eect, nor would the immigration oces have to inform the
persons why the immediate execution of the measure in question is necessary.
Complementary to this general provision of 80 (2) VwGO, 84 of the
Residence Act describes three decisions against which an appeal for review or
judicial review does not have suspensive eect: this includes a refusal to issue or
to renew a residence permit.
5.4.3. Temporary Injunction
German administrative law provides the possibility for individuals to lodge a
request with a national court either for the suspensive eect (aufschiebende
Wirkung) of an administrative decision on the basis of 80 (5) VwGO or for the
issue of a temporary injunction (einstweilige Rechtsschutz) on the basis of 123
VwGO. On the basis of this latter provision, the courts may order a temporary
injunction, if there is a risk that through changing circumstances the exercise of
rights will be made impossible or will be hindered. Both remedies may be applied
within the same case.106 For example, in a case before the administrative court of
Dsseldorf (see section 8.2 below), this court conrmed that the person in question had a legal interest in having the eects of the withdrawal of his residence
permit suspended and his data deleted from the NSIS, applying both 80 (5) and
123 VwGO.
If 80 (5) does not apply because there is no administrative decision
(Verwaltungsakt) yet against which an appeal can be lodged, an individual has the

105

106

G. Renner (introduction), Verwaltungsvorschriften zum Staatsangehrigkeits- und zum Auslnderrecht,

Baden-Baden: Nomos Verlaggesellschaft 2001, p. 133.
Verwaltungsgericht Dsseldorf, 7 August 2002, Az. 24 L 2837/02, InfAuslR 10/2002.

416

Chapter 12

right to submit a claim on the basis of 123 VwGO. This has been conrmed by
the administrative court of Giessen, when granting a temporary injunction on
the basis of 123 to ban the further communication of data concerning the
applicant by the university to the police.107 Since there was no (public) administrative decision allowing this communication of data, the applicant had no
possibility of lodging an application against an administrative act itself.
5.5. Applicability of 6 ECHR
In a decision of 2002, the Federal Administrative Court (Bundesverwaltungsgericht)
emphasised the applicability of the criteria of Article 6 (1) ECHR on eective
remedies in procedures based on asylum and immigration law.108 The case concerned a Turkish Kurd threatened with expulsion to Turkey after his asylum request
had been rejected. The applicant claimed that this constitutional right to be heard
had been breached during the procedure before the German Court of Appeal. The
case dealt with the question of whether the applicable German rules on accelerated
procedure required the applicant to have been orally heard. The Federal
Administrative Court referred, in its conclusion, to the explanatory memorandum
of the legislator to the new amendments to this procedure. In this explanatory
memorandum, it was explicitly stated that the criteria of Article 6 ECHR apply.
The Court concluded that German administrative procedural laws had to be interpreted in accordance with this Article 6 ECHR orientation by the legislator. For
this interpretation, it was irrelevant whether the procedure dealt with civil rights
or not. Since the higher court in this case reached a decision without giving the
applicant the opportunity to submit to oral examination, the decision was in
breach of the applicable rules.

6. Legal Remedies and Data Protection Law

6.1. Background and General Principles of German Data Protection Law109
The German Federal Data Protection Law (Bundesdatenschutzgesetz) entered into
force on 1 January 1979. This law set an example for data protection laws in
other European countries. At the level of the Lnder, the adoption of data

107
108
109

Verwaltungsgericht Giessen, 8.11.2002, Az. 10 G 4510/02.

BVerwG 14.3.2002, Az. 1 C 15.01.
A general and informative overview of the history and principles of German data protection
law is given by S. Simitis (ed.), Kommentar zum Bundesdatenschutzgesetz, Baden-Baden: Nomos
Verlaggesellschaft 2003.

Germany

417

protection laws took place between 1970 and 1992. As we saw in Chapter 7, the
Hesse law of 1970 was actually the rst data protection law in Europe.
The Federal Data Protection Law, amended in December 1990, included a
more practical application of data protection rules by reducing the administrative
obligations compared to the rst law.110 In 2001, the Federal Data Protection Law
(Bundesdatenschutzgesetz 2001, hereafter BDSG 2001) was amended again, this
time as a result of the necessary implementation of the EC Directive 95/46.111
Unlike the Dutch history of data protection law, in Germany the right to
privacy was never considered the starting point for this eld of legislation. The
right to privacy played an important role with regard to the balancing of
interests, but was not seen as an appropriate basis for a general and preventive
regulation, such as data protection rules.
6.2. Constitutional Right to Informational Self-determination
6.2.1. The Mikrozensus Urteil
In the Mikrozensus Urteil of 1969, the Constitutional Court ruled for the rst
time on the constitutionality of the federal law on the census population.112
In 1960, this law was amended to require additional information on vacations
and recreational trips by household residents. A person, who had been ned
100 DM for refusing to supply his information, lodged a constitutional appeal
with the Constitutional Court. He contested in his claim that this compulsory
disclosure of private information, even if for statistical purposes, violated his
constitutional right to human dignity under Article 1 of the German Constitution.
In this judgment, the Constitutional Court gave its famous denitions of inner
space or Innerbereich of the right to self-determination, not to be intruded upon
by the state. Dealing with the collection of the information described above, the
Court however held that this did not aect the most intimate realm into which
a state may not intrude.
6.2.2. The Volkszhlungsurteil
Fourteen years later, the Constitutional Court dealt again with the German census
act in its judgment of 15 December 1983, the so-called Volkszhlungsurteil.113
The population census, as envisaged in this Act and to be held in 1981,

110
111

112
113

Gesetz von 20.12.1990, BGBl. I, p. 2954 .

Bundesdatenschutzgesetz 2001, BGBl. 2003, p. 66. This law entered into force on 23 May
2001.
27 BVerfGE I, 1.
BVerfG 15.12.1983, 1 BvR 209/83, BVerfGE 65 E 40. See, for an English summary of both
this judgment and the Mikrozensusurteil: D.P. Kommers (1997), p. 299 and 323.

418

Chapter 12

caused a general protest movement. Unlike the situation at the time of the
Mikrozensus Urteil, information technology had developed. As in the Netherlands
ten years later, the combination of a general overall collection of personal information from the population, combined with the extensive use of computers, caused
a general feeling of concern. The extended possibilities of the use of information
technology also played an important role in the considerations of the Court. The
case concerned the collective claim before the Constitutional Court of a group of
persons, including lawyers, against the new German Act on the population census
which was adopted on 25 March 1982.114 The claimants argued that the implementation of this law would be in breach of their general right to privacy (allgemeines Persnlichkeitsrecht) as protected under Article 2 (1) in conjunction with
Article 1 (1) of the German Constitution. The applicants claimed, among other
things, that the law did not adequately guarantee that the information collected for
statistical purposes would be stored anonymously and remain so, taking into
account the new possibilities of modern information technology. They further
argued that the provisions of this law, which included the possibility of forwarding
the data collected for other purposes, was in breach of the constitutional principle
of legality (verfassungsrechtliches Bestimmtheitsgebot). The Constitutional Court only
conrmed the latter claim, but did not consider the general aim and purposes of
the Volkszhlungsgesetz in breach of the Constitution. Nevertheless, these specic
considerations in which the Court described the scope and value of the general
right to privacy have been extremely important for subsequent developments with
regard to the rights of data subjects.115
First of all, the Constitutional Court armed in this case that data protection
or the right to informational self-determination (informationelles Selbstbestimmungsrecht) based on the general right to privacy (Persnlichkeitsrecht) is a constitutional right. The Court derived the right of individuals to be protected from
unlimited collection, storage, use, and transmission of personal data as a condition
of the development of his or her free personality under the modern conditions of
data processing directly from the rights as protected in Article 2 (1), in conjunction
with Article 1 (1), of the German Constitution.
Secondly, the Court described in a clear and comprehensive way the new
relationship between individuals and their government resulting from the
extended powers of the latter, based on the use of information technology. The
Court pointed out certain general problems or risks resulting from the use of
information technology and the gathering of personal information. These considerations are still valid, or even more so, with regard to current developments.

114
115

BGBl. I, p. 369 VZG 1983.

See, on the importance of this judgment: S. Simitis (2003), p. 14 .

Germany

419

For example, the Court emphasised that, the use of networks, information
shared by dierent authorities, could lead to the situation that individuals have
no control on the use and accuracy of their data. The Court further referred to
the danger of building integrated information systems using which an overall
personality picture (Persnlichkeitsbild ) could be compiled of individuals, without giving this individual the opportunity to check the accuracy or use of this
picture. In Chapter 7, section 4.1.1, I already cited the important paragraphs in
which the Constitutional Court referred to the risk of an individual who, knowing that his participation in an assembly or civil action could be registered by the
government, will refrain from exercising his constitutional rights. This eect
would not only aect the individuals chances of development, but also the common well-being: according to the Court, self-determination is a prerequisite for
a free democratic society, based on its citizens freedom to act and cooperate.
Thirdly, the judgment is important because, recognising that the right to
informational self-determination is not unlimited, the Court dened specic
guarantees which should be oered by the legislature, including organisational
and procedural measures designed to safeguard the individual from infringement
of his right to personality. One of these guarantees is the prohibition, as formulated by the Court, on collecting personal information by anticipation or stockwise if these data are to be used for non-statistical purposes (Verbot der Sammlung
personenbezogener Daten auf Vorrat).
Finally, by emphasising the need for procedural and organisational guarantees
and for restricting the multifunctional use of information, the Court dened the
function and importance of data protection law. Although Germany already had
its Data Protection Law of 1977, the considerations of the Constitutional Court
urged the legislator to look more closely at the provisions applicable to data
processing in the public sector.
6.2.3. The Duty of Immigration Oces to Keep Complete Files
In the same year as the Volkszhlungsurteil, the Constitutional Court dealt with a
claim with regard to les on aliens kept by the immigration oces.116 The case
concerned the claim by a group of persons whose application for deletion and
destruction of their les had been denied. These les were, unlike the AZR, not
computerised, but kept in paper les. According to the Court, the constitutional
rights of aliens would not be endangered by this use of the les. The Court did
not consider that retaining these les required a special legislative basis, since this
task could be derived from the general supervisory task of the immigration

116

BVerfG, Decision of 6 June 1983, 2 BvR 244, 310/83. Published in NJW, 1983, Heft 38,
p. 2135.

420

Chapter 12

authorities as provided in 20 of the (former) Aliens Act. Unlike the

Volkszhlungsurteil, the Court did not refer in this judgment to the consequences
of the automation of les, nor to the relationship between the refuted manual
les of the immigration oces with the AZR, which at that time was already
computerised. The rejection of the constitutional claim in this case has been
interpreted by Weichert to mean that the Constitutional Court attached less
importance to the protection of the right to self-determination of non-German
citizens than of German citizens.117 I doubt whether such a general conclusion
could be inferred from this case. On the contrary, based on the supplementary
conclusions in this judgment, one could say that the Court even stressed the
additional importance of those rights for third-country nationals.
In its judgment, the Court stated that maintaining les and the duty to keep
these les complete, was in the interests not only of the administration, but also of
the immigrants. What is interesting is the explicit consideration the Court makes
in relation to this duty of the administration to keep the les on immigrants complete, including negative or disputed facts. Such a duty would, according to the
Court, not relieve the authorities of their obligation to check whether the information stored is still relevant before making a decision on the basis of this information. The Court explicitly stated that immigration oces have a duty to
investigate on their own behalf the accuracy of the available information. In this
conclusion, the Court referred to an earlier decision in which the Constitutional
Court conrmed the duty of immigration authorities to consider and evaluate the
private interests of the person concerned when making a decision. According to
the Court, such a duty would be the cornerstone of general immigration law.118
6.2.4. A Constitutional Dilemma: Amtshilfe Versus
informationelle Gewaltenteilung
There seems to be a conict between two principles which are central to the
German interpretation and understanding of the rule of law. This conict lies at
the heart of the central values and problems which mark the German policy with
regard to data surveillance on the one hand and data protection on the other.
The rst principle is the so-called principle of administrative cooperation or
Amtshilfe.119 This principle refers to the constitutional duty of administrative
ocials, whenever requested, to provide reciprocal legal and professional cooperation. This duty is written into Article 35 of the German Constitution and

117
118
119

Th. Weichert (1993).

The judgment referred to is BVerfGE 49, 168 [184], NJW 1978, p. 2446.
E. Forstho, Lehrbuch der Verwaltungsrechts, 1973; B. Schlink, Die Amtshilfe. Ein Beitrag zu
einer Lehre von der Gewaltenteilung in der Verwaltung, Berlin: Duncker & Humblot 1982.

Germany

421

applies to ocials both at Federal level and at the level of the Lnder. Based on
this principle, ocials can be required to provide each other with (personal)
information if available. In fact, this (old) German principle of mutual aid can
be compared to the principle of availability which has recently been introduced
at EU level for cooperation between criminal prosecutors. It emphasises the
importance of sharing available resources within the public administration.
In contrast to Amtshilfe, we nd the principle of the informational division of
powers or informationelle Gewaltenteilung. This principle is especially supported
in literature dealing with the purposes of data protection law.120 In the 1980s, the
German commentator Podlech supported a general ban on public authorities
using information which transgressed their functional borders or powers.121
Although this informational division of powers has never been implemented or
accepted in its strict meaning, the importance of decentralising informational
powers is emphasised both in German literature and by the courts. For example,
the German Constitutional Court stressed the importance of a clear and legal
distinction between statistical administration and other public administrations,
preventing information collected for a specic purpose only from being used or
transferred by other authorities as well, for other purposes. The Court explicitly
stated that if non-anonymous personal information gathered for statistical purposes were to be transferred for administrative purposes, this would be an unacceptable infringement of the individual right to informational self-determination.
Therefore, without abandoning the principle of administrative cooperation or
Amtshilfe, individuals should be protected against alienation of purpose or
Zweckentfremdung by prohibiting the transfer or the further use of data.122
The dicult relationship between the principle of Amtshilfe on the one hand
and the principles deriving from data protection law on the other hand is illustrated in the judgment of the administrative court of Giessen dealing with the
practice of Rasterfahndung.123 In this judgment, the court ordered the university
of Giessen to cease further transmission of the applicants data to the police.
According to the court, also in the eld of Amtshilfe, the authorities concerned
should strike a balance between the advantages of data proling and the constitutional right to informational self-determination and data protection of the
person concerned.

120

121

122
123

H.P. Bull, Die Grundprobleme des Informationsrechts, Inaugural speech Universtity Tilburg,
Zwolle: W.E.J. Tjeenk Willink 1985.
A. Podlech, Verfassungsrechtliche Probleme entlicher Informationssysteme, DVR 1972/
1973, p. 149 .
Amtshilfefester Schutz gegen Zweckentfremdung durch Weitergabe- und Verwertungsverbote.
See above, section 4.3.3, Verwaltungsgericht Giessen, 8.11.2002, Az. 10 G 4510/02.

422

Chapter 12

6.3. The Applicability of Data Protection Principles and the Right

to Informational Self-determination in Immigration Law
The applicability of data protection principles in the eld of immigration law and
the fact that the constitutional right to privacy is not a privilege solely for Germans
has never been seriously disputed. This is conrmed by the Constitutional Court,
as well by the German legislator.
Firstly, as we saw in section 4.1.2, in 2001 the Constitutional Court dealt with a
collective complaint against the law regarding the central aliens administration
(AZRG). In this case, the Constitutional Court ruled that the law and thus the
AZR were not unconstitutional and that the questions which arose with regard to
the data protection issues were questions of ordinary law (einfachen Rechts), which
should be dealt with by the specialised courts (Fachgerichte). In this judgment,
however, the Constitutional Court made some general considerations which are
relevant with regard to the scope of data protection law vis--vis third-country
nationals stored in the AZR and on the availability of legal remedies.124 Referring
to the right of correction and deletion of data, as provided for in 35 AZRG, the
Court explicitly stated that if those rights were refused by the authorities, the applicants have the right to remedies before the administrative courts. For eective protection of the individual against unlawful data processing, such a remedy should,
according to the Court, include the possibility of a fast-track procedure whereby
a prohibition of processing could be ordered until a nal court decision.
Secondly, in 1990, following an amendment to the Aliens Act (Auslndergesetz),
a legal basis was established for the exchange of data on aliens ( 7580) to
meet the constitutional requirement with regard to the right of informationelle
Selbstbestimmung. On the basis of these new provisions, the public authorities
were obliged to inform the competent immigration authorities as soon they
acquired information about the illegal residence of an alien, the violation of special limitations or other reasons for expulsion. In 1991, after these informational obligations had been criticised by administrative sta and lawyers, these
legal requirements were further specied.
6.4. Principles of Data Protection and the NSIS
6.4.1. Time Limits
As we have seen above, SIRENE is responsible for controlling the time limits for
the storage of data in the NSIS. For this task, SIRENE forwards automatic reports
to the authorities concerned, informing them that the time limit is due to expire.

124

BVerfG, 10.10.2001, 1 BvR 1970/95 published in InfAuslR 2/2002, p. 9195.

Germany

423

In these reports, the authorities are asked whether the information should be
stored for a further period. On the basis of German immigration law, certain
re-entry bans for which persons can be reported in the NSIS under Article 96 (3)
apply for six years. This is interpreted by German immigration ocers to mean
that this time limit of six years for the re-entry ban also applies to storage in the
NSIS and, therefore, they are not obliged to consider whether a storage period of
longer than three years is necessary. As a consequence, the rst automatic SIRENE
report which is sent to these authorities does not have any practical eect. The
immigration oces are merely asked to check the need for further storage.
However, if they do not react to this rst warning, nothing happens. Only after
six years, when a second report is forwarded by SIRENE and if the local authorities do not respond or if they do not provide any reasons why the alert should be
stored for a longer period, is the alert in the NSIS automatically deleted. This
means that, in practice, data on third-country nationals in the NSIS Germany are
generally stored for six years, instead of three years.125 This practice is contrary to
the current rules of the CISA.
6.4.2. Duty to Inform the Data Subject
Federal law and the law of the German Lnder both apply with regard to the use of
the NSIS. However, these laws, as far as I know, do not include any obligation to
inform third-country nationals of the fact that they are reported in the NSIS. The
AAH-SD do not include such a duty and 82 (3) Residence Act only obliges
authorities to inform a third-country national of the re-entry or residence ban.
This does not include information on the fact that this ban involves registration in
the NSIS.
In general, on the basis of 19a BDSG, a person whose data has been reported
without his or her knowledge should be informed of this data processing, including the purpose of this processing and the authorities that have access to this data.
In accordance with the rules of EC Directive 95/46, this duty does not apply in
three situations: if the person has been informed of the data processing by other
means, if such notication would require unreasonable eorts by the authorities,
or if the data processing is envisaged explicitly in formal law. Irrespective of the
question of whether the rst two exceptions would apply in this case, it is doubtful whether the German ratication act of the CISA or the general instructions as
laid down in the AAH-SD fall within this denition of law. The ratication

125

This practice has been criticised by the various data protection authorities of the Lnder. See,
for example, the annual report of the Berlin Authority, 2001, p. 38. http://www.datenschutz
-berlin.de. See also the 34th Report of the Hessian Data Protection Authority of 31 January
2005, which describes this practice as a general problem (typische Fallgestaltung ), p. 51.

424

Chapter 12

act does not provide detailed rules on the German criteria for reporting thirdcountry nationals in the NSIS but only approves the establishment of the NSIS
and the fact this NSIS will be used by the Schengen States. The latter regulation,
the AAH-SD, is not a formal law.
6.4.3. Right of Access, Correction and Deletion
In accordance with the provisions of Articles 109 and 110 of the CISA, individuals
have the right to submit a request for access and, possibly, correction or deletion
of their information stored in the NSIS. In Germany, this request can be forwarded to dierent authorities. Firstly, the application may be addressed to the
Federal or Lnder authority which forwarded the data to the NSIS. Secondly, the
application may be forwarded to the Federal Data Protection Commissioner or
the data protection authority of the country responsible (depending on which
authority forwarded the data to the NSIS). Finally, the applicant may directly
address the Federal Criminal Police Department (BKA) in Wiesbaden, which is
the responsible authority for the NSIS in general.126
Generally, the right of access, correction and deletion is regulated in 19 and
20 of the BDSG. This includes the right of the data subject to be informed of the
information which is processed with regard to him or her, the purposes for which
this information is being processed and the authorities that have access to this
information. Individuals have a right to direct and indirect access. This means
they may choose to forward their request of access, correction or deletion to the
Federal Data Protection Commissioner or the authorities of the Lnder, but may
also directly address the organisation holding the data. 19 (4) BDSG provides
for three exceptions to the right of access, the wordings of which run the risk of
being interpreted widely. In the rst place, the right of access may be denied if
such notication would endanger the fullment of the public tasks of the authority involved, if the notication would aect public order and security or would
infringe the public well-being of the Federal State or the Lnder, or if the information concerned has to be kept condential on the basis of legal or other
requirements or in the interests of third parties.
By 2005, the BKA had received between 500 and 600 applications annually
concerning individual requests for access, correction or deletion of their data in
the SIS.127 The Federal Data Protection Commissioner received approximately 30
applications per month for access to data stored in the NSIS by individuals.128
If this application falls within its eld, the Federal Data Protection Commissioner
126
127
128

See, for more practical information: Westphal & Stoppa (2007), p. 550.
Source: interview with BKA, May 2005.
Source: interview with ocials of the Federal Data Protection Commisioner and the Hesse
Data Protection Commissioner, May 2005.

Germany

425

will himself deal with such an application and will ask the BKA for its view. If the
application falls within the competence of the data protection commissioners of
the Lnder, the application will be forwarded to these authorities. In every case,
the applicant will be informed of the results of the inquiry, either by the Federal
Data Protection Commissioner or by the commissioners of the Lnder.
6.5. Supervision by Data Protection Authorities
6.5.1. Introduction
Compared to their counterparts in France and the Netherlands, the data protection authorities in Germany seem to play a larger role with regard to the functioning and use of the NSIS. The importance of these authorities could be
explained in the rst place by the historical emphasis on data protection in
Germany. Secondly, the data protection authorities in Germany are in a relatively
favourable position, in the sense that their powers or functioning are enhanced
by the shared responsibility of the Federal Data Protection Commissioner and
the authorities in the states or Lnder. The annual reports from the authorities in
the Lnder and from the Federal Data Protection Commissioner are a useful
source of information with regard to the functioning of the NSIS, the registrations of third-country nationals and the general problems encountered in these
elds. On the other hand, the controlling task of the data protection authorities
seems to deal more with general issues with regard to the use of the NSIS, than
with the handling of individual complaints.
In 2004, the Federal Data Protection Commissioner and the authorities of the
Lnder performed an investigation into the practice of the use and registration of
data on third-country nationals based on Article 96. This review was coordinated
by the German Federal Data Protection authority and formed part of the international review initiated by the Joint Supervisory Authority in 20032004. The
results of these investigations were published in the annual reports of the Federal
Data Protection Commissioner and the data protection authorities in the Lnder.
6.5.2. The Federal Commissioner for Data Protection
and Freedom of Information
Since 1 January 2006, based on the new Act on the Freedom of Information, the
name of the Federal Data Protection Commissioner (Bundesbeauftragten fr den
Datenschutz) has changed to the Federal Commissioner for Data Protection and
Freedom of Information (Bundesbeauftragte fr den Datenschutz und die Informationsfreiheit).129 The tasks of this authority with regard to the supervision of data

129

Informationsfreiheitsgesetz of 5 September 2005, BGBl. I S. 2722.

426

Chapter 12

processing and the right to data protection have not been changed. In the
following sections, I will refer to the Federal Data Protection Commissioner.
The Federal Data Protection Commissioner is elected by the Federal Parliament
(Bundestag) following nomination by the government. In accordance with 22 (3)
BDSG 2001, the term of oce of the Data Protection Commissioner is ve years,
renewable only once by another period of ve years.
The controlling powers of the Federal Data Protection Commissioner only
apply to federal public agencies. His powers include questioning the responsible
authorities, the right to be granted access to the premises of the federal authorities and the right to make proposals to improve data protection ( 24 BDSG
2001). Every two years, the Data Protection Commissioner publishes an annual
report on the basis of 26 (1) BDSG 2001.
Any person may forward a complaint to the Federal Data Protection
Commissioner, if he or she assumes that his or her rights have been aected by
the collection, processing or use of personal data by public authorities of the federal government ( 21 BDSG 2001). The number of individual complaints with
regard to the NSIS dealt with by the Federal Data Protection Commissioner is,
however, relatively small. One hundred and fteen requests were dealt with by
the Federal Data Protection Commissioner in 2003 with regard to records on
third-country nationals in the NSIS. In 2004, the Data Protection Commissioner
examined 107 requests. These gures include requests made by foreign (mostly
French) data protection authorities regarding individual alerts. This low number
can be explained by dierent factors. In the rst place, as we have seen, the task
of the Federal Data Protection Commissioner only extends to federal agencies.
As long as the data fall under the responsibility of an authority in one of the
Lnder, the data protection authorities of this specic state will be competent.
On the other hand, as we have seen above, individuals may forward their claims
immediately to the administrative authority concerned on the basis of their right
to direct access.
6.5.3. Data Protection Authorities of the Lnder
The organisation of the data protection authorities of the Lnder (Lndesbeauftragte
fr den Datenschutz) and their policy with regard to their working elds are
dierent in each country. Some authorities are able to rely on more sta and
nancial resources than others. The appointment of the data protection authority and the scope of nancial resources of this organisation are decisions taken in
the parliaments of the Lnder. This explains why these issues are closely related to
the political make-up of the parliaments. Not every data protection commissioner is able to give high priority to controlling the NSIS. Some data protection
authorities are more closely involved with the NSIS. For example, the Hesse
Data Protection Commissioner is quite active with regard to the NSIS which can

Germany

427

be explained by the fact that its organisation is based in the same city as the
Federal Criminal Police Department or BKA (Wiesbaden). Furthermore, during
the period of this study, one of its ocers was member of a working group of the
Schengen Joint Supervisory Authority, together with the Federal Data Protection
Commissioner, Peter Schaar. Although the dierent data protection authorities
of the Lnder act quite autonomously, their work is coordinated in dierent
working groups attended by the specialist members of the data protection
authorities. There is also a special working group on third-country nationals.
As mentioned above, the annual reports of the data protection authorities
include interesting information on the practical implementation and current
problems of the NSIS. For example, in 2000 and 2001, the Data Protection
Commissioner of North Rhine-Westphalia reported on the large number of SIS
entries which were in breach of the provisions of the CISA. It considered the
problem of wrongful Article 96 (3) reports on rejected asylum seekers (see
section 3.2.3) and the fact that the local authorities disregarded the applicable
time limits.130 The Data Protection Commissioner in Dresden, to whom the
NSIS was a relatively new issue, expressed concern in his annual report of
19992001 about the fact that, in many cases, the local immigration oces
entered rejected asylum seekers into the NSIS on the basis of Article 96 (3).131
6.5.4. Inquiry of the Data Protection Commissioners on Article 96 CISA
Of particular interest are the ndings of the data protection authorities of the
German Lnder concerning the implementation of Article 96 CISA during
a study in 20032004. As mentioned above, this inquiry was initiated by the
Schengen Joint Supervisory Authority. The inquiry included a group of 400
records in the NSIS which were provided at random by the BKA to the Federal
Data Protection Commissioner.132 The reports by the dierent data protection
authorities established that the data held in the NSIS by the German authorities
were often not updated or correct and data were not deleted after the expiry of
the time limits. 20% of the records in the NSIS concerned people of unknown
residence, which is not legal grounds for the Article 96 entry. 50% of the Article
96 (3) records were associated with the unlimited re-entry ban of 8 (2) of the
former Aliens Act ( 11 Residence Act) which was also considered illegal.

130
131

132

See the 14th and 15th Reports of the Data Protection Commissioner of North Rhine-Westphalia.
5th Report of the Landesbeauftragten fr den Datenschutz Sachsen-Anhalt (April 1999 to March
2001), p. 10.
A summary of the ndings of this investigation can be found in the 20th report of the Federal
Data Protection Commissioner: 20032004, para. 3.3.2.2.

428

Chapter 12

Furthermore, the data protection authorities found that, in many cases, the need
for further storage had not been motivated by the responsible authorities in
accordance with Article 112 CISA.
Aside from these conclusions in their reports for the JSA inquiry, the annual
reports of the data protection authorities of the dierent Lnder establish comparable ndings. For example, in 2004, the data protection authority of North
Rhine-Westphalia checked 80 of the Article 96 alerts held in the NSIS at random.
In ve of these cases, the authority discovered that the report in the NSIS was
only for the purpose of Aufenthaltsermittlung and was therefore unlawful.133
In many other cases (the report does not mention any numbers) the necessary
time limit for the SIS registrations was not suciently documented or checked.
According to the annual report from the Hessian data protection authority, 10%
of the registrations checked by the Hessian authorities were unlawful.134 This
mainly concerned registrations in the SIS for more than three years, the need for
which was not individually checked. In addition, the data protection commissioner of Baden-Wrttemberg, who randomly checked 49 les on third-country
nationals in the NSIS and INPOL, found many irregularities with regard to these
les.135 Some reports lacked a proper legal basis and, with regard to other reports,
this data protection commissioner found that the time limits had been exceeded.
The majority of third-country nationals stored in INPOL for the purpose of arrest
had been reported without the necessary judicial warrant. Six of these 49 cases
concerned individuals whose asylum request had been rejected. Finally, the Data
Protection Commissioner of Baden-Wrttemberg discovered that the reports
included EU citizens despite the fact that this is prohibited under EU law.
6.6. Legal Remedies
6.6.1. Competence of the Administrative Court
As we have seen above, German administrative procedural law provides dierent
possibilities for individual appeals. In its judgment on the central aliens administration, or AZR, in 2001 the Constitutional Court conrmed the applicability of the
right to administrative appeal with regard to data processing in the public sector.136
This right applies irrespective of the question of whether the data processing of
information results in an administrative decision aecting the individual. In this

133
134
135
136

17th Report of 20032004, North Rhine-Westphalia.

33rd Report of the Hesse Data Protection Commissioner, para. 3.2.
25th Report 2004, p. 19 .
See the German Constitutional Court in its decision on the Central Aliens Administration,
BverG 1BvR 1970/95, 10.10.2001.

Germany

429

case, the Court conrmed that a data subject should have the right to lodge an
appeal (Leistungsklage) with the administrative court, requesting a ban on further
data processing or transmission of the personal information to other authorities.
This includes the right to appeal for a temporary injunction, claiming a ban on data
processing until a nal judgment by the court, so as to oer the individual eective
protection against unlawful data processing. According to the Constitutional
Court, administrative courts have a duty to assess the constitutionality and legal
basis of data processing.
It is also possible to lodge an administrative appeal against the decision to
refuse the right to access, correction or deletion. The person concerned may
appeal against this refusal with the administrative court which is competent in
the district of the local authority refusing the individuals claim on the basis of
52 (5) VwGO.137
6.6.2. Right to Financial Compensation
An individuals right to nancial compensation is important if he or she has
suered damaged from wrongful or unlawful data processing. This is provided
for in 7 and 8 of the Federal Data Protection Act (BDSG). 8 BDSG explicitly covers nancial compensation with regard to automated data processing by
public authorities. According to this latter provision, the public authorities have
a duty to repair the nancial damage, irrespective of whether they are at fault or
carry any responsibility for this damage. This extended duty to repair nancial
damages was introduced with the amendment of the BDSG in 1990. The right
to nancial redress covers material and immaterial loss. Unlike the Dutch Data
Protection Act, the German BDSG includes a maximum amount for nancial
compensation of 130,000.

7. Legal Remedies and Immigration Law

7.1. General Background to German Immigration Law
The rst German Aliens Act derives from 1965; a major revision of this law took
place in 1990. One of the aims of this revision was to provide more detailed rules
for the immigration authorities and thus reduce their wide margin of appreciation. However, the Aliens Act of 1990 and the more recent Residence Act
(Aufenthaltsgesetz) of 2004 have been criticised because of their complicated and
detailed regulations. The casuistic supra perfection allegedly makes the Residence

137

Westphal & Stoppa (2007), p. 552.

430

Chapter 12

Act unreadable for the average reader and even fails to meet the constitutional
principle of the rule of law in the sense that immigrants are unable to trace their
rights and duties.138
In section 5.1 we have seen that, even in 1972, the Constitutional Court made
clear that the right to legal remedies as oered by Article 19 (4) of the Constitution
applies in its entirety to non-citizens. We have also seen that the administrative
procedural rules with regard to the rights of appeal and judicial review in principle apply to immigration law decisions. In the following sections, we will discuss
certain exceptions and limitations to these rights as provided in the Residence
Act 2004.
7.2. Duty to Motivate Decisions
According to general rules of administrative law, an administrative decision may
be communicated to the person concerned orally, in writing or in electronic
form, or by other means. Only if the individual expresses an actual interest in
being informed in writing or electronically is the administrative authority obliged
to comply with this request (see 37 (1) and (2) of the German Administrative
Procedures Act, VwVfG). Based on 39 VwVfG, an administrative decision in
writing or in electronic form requires motivation of the factual and legal reasons
for the decision.
In the eld of immigration law, on the basis of 77 Residence Act, the written
form is always required for a refusal of a residence permit, a decision to limit the
right of residence in time or space and for decisions or measures of expulsion
(Ausweisung and Abschiebung). Decisions on visa applications and refusals of
entry at the borders are exempt from this obligation. According to 77 (2),
a refusal or limitation of a visa does not require the written form, a motivation or
a duty to inform the applicant of his or her right to appeal. In practice, only
when the person concerned lodges an objection against this refusal, the second
decision (Zweitbescheid ) by the administrative authority (embassy or consulate)
will include a written motivation and information about legal remedies
(Rechtsbehelfbelehrung). This does not include any right to a translation of this
decision. It seems doubtful whether the lack of informed decision-making at the
rst level is in accordance with criteria of eective remedies under Article 19 (4)
or 20 (3) of the German Constitution or the general principles of EU law and
the ECHR as described in Part II of my study.139

138

139

E. Benda et al. (eds.) Handbuch des Verfassungsrechts der Bundesrepublik Deutschland, BerlinNew York: Walter de Gruyter 1995, p. 410.
Westphal & Stoppa (2007), p. 551.

Germany

431

In addition, the lack of duty to submit a translated decision seems problematic,

from the viewpoint of both EU law and German constitutional principles.
The duty of the administrative authorities to resolve language and translation problems for persons not uent in the German language has been stressed in decisions
of both the Federal Administrative Court and the Constitutional Court.140
7.3. Legal Remedies
7.3.1. Legal Remedies Against Refusal of Entry
According to 84 of the Residence Act 2004, an application for review of
or appeal against a refusal of entry does not suspend the refuted decision.
Based on 42 VwGO, a person who has been refused entry may request the
competent court to order that leave of entry be granted (Verpichtungsklage auf
Einreisegewhrung). Such an appeal should be lodged with the court of the district in which the Federal Police has its oces. This is not always the court which
is responsible for the border crossing district.
7.3.2. Legal Remedies Against a Visa Refusal
On the basis of 83 Residence Act, refusal of a short-term visa (for tourist
purposes) or the refusal to issue a visa or travel document at the borders is not
open for review or judicial appeal. These persons are instructed to contact the
German embassies or consular posts in their country of origin.
A person whose long-term visa has been refused can either immediately lodge
an appeal before the Berlin Administrative Court or ask for review by the embassy
or consular post which rejected the application. If the person appeals against the
negative decision, the second decision (if this conrms the negative decision)
should include notication of the reasons for refusal and the available legal remedies. 52, no. 2 (4) VwGO applies with regard to this procedure. The appeal
should be lodged with the competent court of the district of the Ministry of
Foreign Aairs (Auswrtiges Amt). This used to be the Administrative Court
(VWG) of Cologne, but is now the Court of Berlin.
7.3.3. Legal Remedies Against Expulsion
An expulsion (or deportation) decision should include information on the
available remedies and the possibility of lodging an appeal within seven days of
issue of the deportation order ( 58a (4)). As we saw in section 5.4.3, a person
can either lodge an appeal for suspension on the basis of 80 (5) VwGO against
an expulsion or deportation decision, or apply for a temporary injunction based
on 123 VwGO.

140

BVerwG DVbl 1978888, BVerfGE 40, 95 [99 ].

432

Chapter 12

8. Case Law
8.1. Record in the NSIS in Conformity with Criteria of Article 96 CISA?
In an interim judgment of 7 August 2002, the administrative court of Dsseldorf
court clearly demonstrated that the reasons forwarded by the government for the
entry of a third-country national in the NSIS were in breach of the applicable
rules in Article 96 CISA.141 In this case, the long-term residence permit of a
Turkish employee, who had lived in Germany for more than 20 years, had been
withdrawn in March 1999 by the German authorities because he had not reported
within the prescribed time and his place of residence was thus considered
unknown. Based on this withdrawal of his residence permit, the Turkish national
had been recorded in the NSIS in April 1999 for the purpose of refusal of entry.
This NSIS alert resulted, in the summer of 2002, in his arrest by the Dutch border
police, following which he was kept in detention with the intention of sending
him back to Turkey. The court of Dsseldorf armed the applicants right to a
temporary injunction to prevent his expulsion. The court ordered the German
authorities to treat the applicant as if his residence permit had never been withdrawn and to delete the registration in the NSIS. In this judgment, the court
made it clear that not only were there no valid grounds for the withdrawal of his
residence permit, but also that such a withdrawal was, according to Article 96
CISA, not valid grounds for his record in the NSIS. The court did not consider
whether the SIS report was in breach of the applicants rights under the Association
Decision 1/80 between the EC and Turkey (see section 2.2 of Chapter 9).
In a decision by the administrative court of Berlin of 3 December 2004, the
court explicitly considered the meaning and relationship of the various paragraphs
of Article 96 CISA.142 The underlying case concerned a person from BosniaHerzegovina, who applied for asylum in Germany for the rst time in 1994. His
application was rejected and he was ordered to leave Germany. On 24 June 2003,
in order to leave Germany, he passed through the border control agency from
Berlin, where he was found in possession of a fake French Schengen visa. He was
prosecuted for falsifying legal documents and then, in July 2003, he was expelled
from Germany. The public prosecutor withdrew the charge on October 2003, on
the grounds that the guilt of the person concerned was limited (the person denied
he knew the visa was fake) and the fact that prosecution would have limited
meaning for the public interest because he had left Germany. Despite the fact that
the criminal charge against him had been dropped, the Berlin border police
recorded his name in the NSIS for the purpose of refusal of entry. An application

141
142

Verwaltungsgericht Dsseldorf, 7 August 2002, Az. 24 L 2837/02, InfAuslR 10/2002.

Verwaltungsgericht Berlin, 3 December 2004, Az. 1 A 151.04.

Germany

433

to delete the record was refused by the German authorities on the grounds that
the suspected criminal behaviour of the person concerned would imply a threat to
security and public order.
The Berlin court was rigorous in its interpretation with regard to the legitimacy of the reasons forwarded by the German authorities to record this person
in the NSIS. The authorities argued that, even if there had been no conviction,
the fact that the person was suspected of having committed a serious oence
(schwere Straftaten) would made the SIS record lawful on the grounds of 96 (2)
(b) CISA. The court questioned this interpretation of serious oence in
Article 96. The court did not deny that the second criterion of Article 96 (2)
applied, for which no conviction was required. However, according to the court,
the interpretation of a serious oence would have to be interpreted in accordance with the requirements of the criteria under 96 (2) (a). Since 96 (2) a required
conviction of an oence carrying a penalty involving deprivation of liberty at
least one year, the second criterion under (b) could not be interpreted as allowing
registration in the NSIS for (suspected) less serious oences.
Under German law, crimes carrying a sentence of at least one year are considered crimes, or Verbrechen. The oences of which the person was suspected, falsication of legal documents and illegal entry into and exit from German territory,
did not concern crimes, merely oences (Vergehen). In the words of the court, it
would be illogical, for the registration of a convicted person in the NSIS for refusal
of entry, to require that this conviction involves a crime (Verbrechen) whereas,
with regard to a registration which is based purely on suspicion, a criminal oence
which does not meet this threshold would be sucient. Therefore, the court
ruled that the registration was not in accordance with Article 96 CISA and ordered
the German authorities to delete the data from the NSIS. Although the direct
link which the court makes between the criteria of Article 96 (2) and (3) can be
argued, the reasoning of the court makes sense.143
In my opinion, this judgment, which seems to focus on a rather technical
interpretation of Article 96, is important. Although not dealing with it explicitly,
the Berlin court criticised the extensive interpretation of Article 96 (2) by the
German authorities. This interpretation is that third-country nationals may be
reported in the NSIS for crimes which are punishable by a sentence of one year
and more, rather than at least one year or more, latter meaning being literally the
text of Article 96 (2) (a).144 It is worrying or at least odd that, until this judgment

143

144

During interviews, spokesmen for both the BKA and the (Former Border) Police expressed
their disagreement with this judgment.
In German: instead of: die mit einer Freiheitsstrafe von mindestens einem Jahr bedroht ist,
ein Delikt dass mit eine Strafe bis zu einem Jahr oder mehr bedroht ist. See Westphal & Stoppa
(2001), p. 409.

434

Chapter 12

by the Berlin court, the storage of data on third-country nationals for minor
oences seems to have been an accepted practice in Germany.
8.2. Direct Legal Eects of a SIS Alert
In their case law, German courts had to deal with the question whether a SIS
alert has direct legal eect.145 The question at issue is whether a SIS record can be
regarded as an administrative decision (Verwaltungsakt) with direct legal eects
for the data subject and, thus, whether an individual could appeal directly against
this decision. This question was dealt with in the judgment by the administrative
court (Verwaltungsgericht) of Dsseldorf in its decision of 7 August 2002.146
Although the court considered that the registration in the NSIS was not an
administrative decision (no Verwaltungsaktqualitt ) and thus had no direct
eect, on the basis of Article 80 (5) 3 VwGO the court found there was a substantive claim by the applicant because, as we have seen above, the SIS report
and its underlying decision were considered unlawful.
Unlike the Dsseldorf court, the administrative court of Berlin, in its judgment
of 3 December 2004 (see the previous section), considered the question of
whether a SIS record can be seen as an administrative decision with direct implications for the individual, of no relevance to the assertion of this individuals
right to have data deleted from the NSIS.147 For this right, according to the court,
it is only relevant whether the storage of his or her data is unlawful.
In relation to the legitimacy of SIS alerts, there is a related discussion in the
German literature on whether the CISA implies that ocials have to check
whether information stored in the NSIS is in accordance with the law. This discussion is connected to the question whether, if the underlying decision to store
information into the NSIS is illegal, this automatically means that an administrative decision based on this information is illegal as well. Referring to a comparable
issue dealt with in judgments by administrative courts, Westphal answers this
question in the negative.148 These cases concerned administrative orders for carriers to return expelled persons to their country of origin.149 In the judgment, the
German courts ruled that carriers were not obliged to check whether the underlying expulsion was justied; the courts did not even require any incidental control.
Except in cases where the underlying decision was clearly (ensichtlich) illegal,

145
146

147
148
149

As we will see in Chapter 13, the same question arose in the Netherlands.
Verwaltungsgericht Dsseldorf, 7.8.2002, Az. 24 L 2837/02, InfAuslR 10/2002. Also covered
in section 8.1.
Verwaltungsgericht Berlin, 3.12.2004, Az. 1 A 151.04.
V. Westphal, InfAuslR 1999, p. 364.
VG Kassel 23.3.1998, Az. 12 VE 1310/95, VG Frankfurt, 7.3.1995, Az. 11E3067/94.

Germany

435

this would have been dierent. However, considering the responsibility of Member
States to ensure that their acts are in conformity with EU law and international
human rights standards, one could argue that this conclusion with regard to
private carrier organisations cannot be applied to governmental authorities.
Furthermore, as we gave seen in Chapter 9, with regard to family members of EU
citizens the ECJ conrmed in Commission v. Spain the responsibility of national
authorities to check the lawfulness of SIS alerts before enforcing them.150
8.3. Duty to Balance Interests
The German principle of proportionality or the Verhltnismssigkeitsprinzip
plays an important role in both data protection and immigration law. This principle is regarded as being directly connected to the constitutional principle of the
rule of law. On the one hand, it obliges administrative authorities to weigh the
dierent interests at stake whenever they take an individual decision. On the other
hand, it empowers national courts to assess, in each individual case, the proportionality of the measures or decisions taken against an individual. Although I have
not found any judgments which dealt explicitly with the principle of proportionality
in relation to the use of the NSIS, the jurisprudence on related matters could
indicate that national courts will also apply the proportionality test to the NSIS.
Furthermore, the decision, referred to in the previous section, by the administrative court of Berlin, illustrates that the court did not accept a broad interpretation
of Article 96 (2) as justication for a SIS entry.
As we saw in section 6.2.2, the Volkszhlungsurteil concerned the duty of the
public authorities to balance the public interest to be served by data gathering
against the individual right to privacy (Persnlichkeitsrecht) and the right, derived
from this constitutional right, to informational self-determination. The importance of this right to informational self-determination and the duty to balance
decision-making has been conrmed in the German jurisprudence with regard to
practice of Rasterfahndung after 11 September 2001. Although many courts
approved the (temporary) use of this measure, the courts made it clear that the
data search on foreigners and German nationals would have to meet the principle
of proportionality. Dealing with the question whether the data proling measure
was disproportionate, we have seen in section 4.3.3, that the Court of Appeal of
Dsseldorf applied dierent criteria to nationals of states listed as a risk country
and German citizens respectively.151 This dierence in appreciation could however
be explained by the fact that the Court of Appeal had to assess the lawfulness of
measures taken directly after the events of 11 September 2001.

150
151

See section 2.3.2 in Chapter 9.

OLG Dsseldorf, 8.3.2002, Az. 3 Wx 357/01 and 3 Wx 351/01.

436

Chapter 12

8.4. Competence of National Courts to Assess Validity of Foreign SIS Report

To my knowledge, there are no judgments in which a German court explicitly
dealt with the lawfulness of a foreign SIS alert. Of course, the decision of the
French Conseil dtat on the unlawfulness of the German records on rejected asylum seekers did not pass unnoticed in Germany. Based on this judgment, this
practice was scrutinised more closely by the data protection authorities. However,
it has not led to any in-depth discussions on the powers of national courts to
assess the legitimacy of foreign administrative decisions.
8.5. Access to Remedies After Expulsion?
One important question which has been dealt with by the German courts is
whether third-country nationals, once expelled to their country of origin or to
a third country, still have any legal interest in lodging an appeal for an interim
measure. Although such a legal interest had been denied in the judgment of
11 December 2003 by the Court of Appeal of Kassel152, the same court, composed dierently, answered this question in the armative in two other judgments in 2003 and 2004.153 The administrative court of Frankfurt am Main, in
its judgment of 21 July 2004, also ruled in the armative on this issue.154
In both the Frankfurt judgment and judgment of the Court of Appeal of Kassel
of 19 November 2003, the central question in these cases was whether, based on
Article 2 of the CISA, it was justiable to require a person crossing the German
borders to carry rather that to possess a legal travel document or passport. Since
the applicants in both cases were expelled on this ground (they were not carrying
a passport), the German courts had to consider the question of whether they still
had a legal interest in appealing against this expulsion. This was armed by both
courts. The Frankfurt court based this explicitly on the possibility for the applicant to obtain nancial reimbursement if the expulsion were to be annulled by
the court. The Court of Appeal of Kassel also dealt with the lawfulness of the
decision to report the third-country national in the NSIS on the basis of Article
96 CISA. This latter court conrmed the importance of the right to appeal, not
only against the expulsion decision, but also against the decision to report the
person to the NSIS on the basis of Article 96 (3) CISA as a direct consequence of
this expulsion.

152
153

154

VGH Kassel, 11.12.2003, Az. 9 TG 546/03.

VGH Kassel, 19.11.2003, Az. 12 TG 2668/03 and 12.01.2004, Az. 12 TG 3204/03. http://
www.vg-kassel.justiz.hessen.de.
Verwaltungsgericht Frankfurt am Main, 21.07.2004, Az. 1 E 2479/04, http://www.vg-frankfurt
.justiz.hessen.de.

Germany

437

In a judgment of December 2001, the Constitutional Court conrmed the

importance of the possibility of using the right to legal remedies against expulsions, even once the person has already been expelled and has to take legal action
from abroad.155 The Court stressed the special interests for the applicant to initiate such a procedure, even after expulsion. This would enable him or her to
forward a claim for nancial compensation, for example on the basis of illegal
detention (breach of Article 5 ECHR).
8.6. Article 96 CISA and Freedom of Religion: The Moon Case
An interesting issue has been raised before the Federal Administrative Court with
regard to the storage of data regarding the leader of a religious movement (the
Unication Church or Vereinigungskirche) in the NSIS by the German authorities.
To prevent his arrival in Germany, the Border Police of Koblenz had registered
Mr. Moon and his wife in the NSIS in 1995 for the purpose of refusal of entry,
on the basis of Article 96 (2) CISA. This measure was based on the general concern of the German government that a stay by Mr. Moon would pose a danger to
German youth and thus would cause a threat to public order and security. The
government argued that the activities of the leaders of the Unication Church
would pose a threat for the personal development of young people in Germany.
Also their public performances could lead to violent reactions (heftigen
Reaktionen) in Germany.156 In 1998, the storage of the alert on Mr. and Mrs. Moon
was extended for another 3 years. In the same year, the German church section of
the Unication Church, not Mr. and Mrs. Moon, lodged an appeal against the
SIS alert before the administrative court. This organisation held that the residence
ban applicable to their leader, Mr. Moon, would cause an infringement of their
constitutional right of freedom of religion (Article 4 (1), (2) of the German
Constitution). By making it impossible for their leader to meet members of his
religious organisation, these members would be prevented from exercising their
right to freedom of religion. Their claim, however, had been rejected in appeal
and in higher appeal.157 In 2006, the Constitutional Court annulled these decisions and referred the case back to the Court of Appeal or Oberverwaltungsgericht
of Koblenz, which declared the SIS alert unlawful.158 In this section, I will shortly
summarise the main ndings of the courts when dealing with the Moon case.
155

156

157

158

BVerfG 5.12.2001, 2 BvR 527/99, see also the judgment of the administrative higher court of
Kassel, VGH Kassel, 19.11.03, Az. 12 TG 2668/03.
These reasons of the German government were cited by the Federal Administrative Court in its
judgment BVerwG, 10.07.2001, Az. 1 C 35.00.
VG Koblenz, 9.11.1998, Az. VG 3 K 938/98.KO and OVG Koblenz, 13.09.2000, Az. OVG
11 A 10349/99.
BVerfG, 9.11.2006, BvR 1908/03 and OVG, 19 April 2007, Az. A 11437/06.

438

Chapter 12

In July 2001, the Federal Administrative Court reached its rst decision in
this case.159 In its judgment, the Court did not deny the existence of a right to
freedom of religion of third parties with regard to the SIS alert on their leader.
The Federal Court stressed that it was the duty of the state to take into account
the interests of the religious movement concerned. According to the Court, a residence ban on a religious leader could be in breach of the constitutional right to
freedom of religion of others, if the visit of the leader, according to the standards of current religious doctrine, would have signicant meaning for the common exercise of this religion. The question of whether these standards would
give the applicants a subjective right in this case was referred back to the Koblenz
Oberverwaltungsgericht.
In its judgment of June 2002, the administrative appeal court delivered a much
more strict interpretation of the freedom of religion as formulated by the Federal
Court in its judgment July 2001.160 Among other things, the Koblenz Court held
that, according to the theology of the Unication Church, the personal presence
of the leader at religious meetings would not be an absolute prerequisite, referring
to earlier satellite and internet meetings which were organised by this church.
In September 2003 (eight years after Mr. and Mrs. Moon had been registered in
the NSIS for the rst time) the Federal Administrative Court rejected the appeal
against the judgment of the Koblenz Court. Although the Federal Administrative
Court conrmed the claim of the applicants that the court of Koblenz had made
an overly strict interpretation of the specic signicant meaning of a visit of a
religious leader, it did not examine the lawfulness of the SIS alert itself.161 Again,
in this judgment, the Federal Administrative Court focussed on the freedom of
religion of members of a religious movement and on the relationship of this right
with the possibility or otherwise for these members to meet their religious leader.
Generally, the Court recognised the relationship between a residence ban and the
constitutional rights of others. However, in this case, it held that there were no
sucient grounds to conclude that the refuted decision of the German authorities
not to grant entry to Mr. and Mrs. Moon were in breach of the right of freedom
of religion of its members. In its nal consideration, the Federal Administrative
Court emphasised that this judgment did not mean that with regard to future
visits to be planned by the Moon couple, the Court would rule in the same way.
In this judgment, the Court did not go into the question of whether the public
order and security grounds as forwarded by the Koblenz authorities justied the
Article 96 (2) record on Mr. and Mrs. Moon in the NSIS.

159
160
161

BVerwG 10.07.2001, Az. 1 C 35.00, InfAuslR 2001, p. 509.

OVG Koblenz 7.6.2002, Az. OVG 12 A 10349/99.
BVerwG 4.9.2003, Az. 1 B 288.02, InfAuslR 2004, p. 38.

Germany

439

In November 2006, the Constitutional Court annulled the judgment of the

Federal Administrative Court and handed the case back to the Court of Appeal of
Koblenz.162 The Constitutional Court ruled that the constitutional right to freedom of religion included not only the right to expression of that belief but also to
enable certain practices of religion of which the content was mainly to be decided
by the religious community itself. The Constitutional Court emphasised that the
question whether a personal encounter between a religious leader and its members
was of specic importance for this religious movement, was not a matter to be
decided by the governmental institutions. The Constitutional Court therefore
criticised the fact that the Federal Administrative Court made its own assessment
of whether a meeting of the members of the Unication Church and their leader
was of specic signicance for their religious belief. More importantly, the
Constitutional Court emphasised that the Federal Administrative Court did not
assess whether the alert in the SIS was in accordance with the applicable laws. The
Constitutional Court explicitly ruled that the SIS alert which is based on Article
96 (2) CISA, requires the availability of substantial grounds ( gewisse Erheblichkeit)
that the presence of the third-country national poses a threat to public policy or
security. For this conclusion, the Court referred to the examples listed in Article
96 (2) including the fact that the person has been convicted or that there are
serious grounds to believe that he or she will commit serious crimes in future.
According to the Constitutional Court, during the procedure, it was not claried
why the visit of Mr. and Mrs Moon implied such risk. Furthermore, the
Constitutional Court held that there were no reasons to believe that the SIS alert
on Mr. and Mrs. Moon could be justied, especially when taking into account the
interests of the applicants (members of the Unication Church).
Finally, in its judgment of 19 April 2007, the Administrative Court of Appeal
ruled that the German SIS alert on Mr. and Mrs. Moon was unlawful.163
According to the Court, the German government did not produce convincing
arguments to justify the refusal of entry of Mr. and Mrs. Moon. Considering the
importance and special weight of the constitutional rights of the members of the
Unication Church, the Court of Appeal found that this right could not be limited on the basis of vague assumptions of fear (vage geltend gemachten
Befrchtungen). The German authorities did not lodge an appeal against this
decision, and nally, in 2007, after twelve years of litigation, the alerts on
Mr. and Mrs. Moon were deleted from the SIS.164

162
163
164

BVerfG 9.11.2006, BvR 1908/03, 3.

OVG Koblenz, 19.04.2007, Az. A 11437/06.
However, in June 2007, Mrs. Moon was still registered by the French authorities in the SIS for
the purpose of refusal of entry.

440

Chapter 12

9. Conclusions
9.1. Implementation of Article 96 CISA
The German rules with regard to the implementation of Article 96 CISA are not
easy to decipher. Both the criteria for and the eects of an Article 96 report lack
transparency. The criteria for the input of third-country nationals who are to be
refused entry into the NSIS are not explicitly provided for in a formal law. These
criteria are, on the one hand, based on the re-entry ban of 11 (1) of the German
Residence Act, which is connected to a decision of expulsion, removal or deportation. On the other hand, they are based on the condential rules on national
security and public order criteria as applied by the German police. More detailed
rules for the German immigration oces are laid down in ministerial instructions of 1998, the AAH-SD. These instructions are not, however, legally binding and it is unclear whether and how they are applied by each individual
immigration oce. Nevertheless, since they are the only standards applicable
in this eld, both courts and data protection authorities seem to rely on the
accuracy of the provisions in the general instructions.
Based on these instructions, one can dispute the interpretation of the Article
96 (3) criteria and the way these criteria are implemented in German law. Although
the registration of rejected asylum seekers in the SIS is formally forbidden, the
reports by the German Data Protection Commissioners conrm that the immigration authorities in Germany are still submitting data on these grounds.
The interpretation of Article 96 (2) by the (former Border) Police and BKA can
also be disputed, with regard to the meaning of an oence carrying a penalty
involving deprivation of liberty of at least one year. This is interpreted to mean
that a wide range of minor oences would justify a ban on residence for the whole
Schengen territory by storing data concerning these persons in the NSIS.
An important source of information on the implementation of Article 96
CISA is provided by the investigation performed in 2004 by the Federal Data
Protection Commissioner and the data protection authorities in the Lnder on
behalf of the Joint Supervisory Authority. This investigation highlighted the fact
that there are many problems with regard to the reliability of the information
held in the SIS, the observance of the time limits and the criteria being used for
the registration of third-country nationals. Even before 2004, however, German
data protection authorities reported on the many mistakes and the illegal practices
with regard to the storage of data on third-country nationals in the NSIS.
9.2. Germany: Strong Tradition of Collecting and Protecting Data
Germany has long-term experience with gathering personal information and the
use of databases to maintain internal security. Important developments in this

Germany

441

eld have been the establishment of INPOL and experimenting with the use of
data proling or Rasterfahndung in the ght against the RAF in the 1970s. Since
1953, Germany has a central administration for aliens a database which only
acquired a legal basis in 1994. Based on its own experiences, the German government took a leading role with regard to the development of the NSIS and later
with regard to the computerisation of border control. The establishment of a central visa database and the use of biometrics for the identication and verication
of travellers had been on the German agenda since long before the negotiations
at EU level touched on these issues.
On the other hand, Germany has a strong constitutional history of data protection and the protection of the right to personal life or privacy. The Census Judgment
or the Volkszhlungsurteil by the Constitutional Court in 1983 was decisive for the
future development of German law as well as being inuential in other European
countries. In this judgment, the German Court raised the right of data protection
(informationelle Selbstbestimmung) to a constitutional level and dened important
criteria for the protection of individuals. German data protection lobbyists such as
Simitis and other lawyers played an important role with regard to the drafting of not
only the German data protection laws, but also the data protection rules in CISA
and EC Directive 95/46. Separate from the development of data protection law, but
perhaps just as important in this eld has been the protection of the constitutional
right to eective remedies (Article 19 (4) GG) in German jurisprudence.
The judgment of the German Constitutional Court on the practice known as
Rasterfahndung after the events of 11 September 2001 also marked an important
development in German law and policy. In this judgment of 4 April 2006, the
Court ruled that the applied measures of data proling were in breach of the
constitutional right to privacy of the persons whose information it concerned.
The Constitutional Court explicitly emphasised the risk of stigmatisation of certain groups of (foreign and Muslim) individuals residing in Germany, referring
to the selected criteria on which the data proling was based.
9.3. NSIS and the Right to Eective Remedies
As we saw in section 5.1, the right to legal remedies for everyone whose constitutional rights are aected by public administration is protected in Article 19 (4) of
the German Constitution. This right forms an important basis for the question of
whether the person concerned actually has access to eective remedies. With the
exception of short-term visa applications and manifestly unfounded asylum
claims, German immigration law includes a general right to appeal. With regard to
data processing, German administrative procedural law also provides dierent
possibilities for individual appeal. A person may also lodge an administrative appeal
against the decision to refuse the right to access, correction or deletion of data.

442

Chapter 12

During my research, I found only a surprisingly small number of cases,

considering the large number of illegal or incorrect registrations in the SIS, as
established by the German data protection authorities. In these few decisions,
the German courts dealt with dierent issues, including the question of whether
a SIS report is a separate administrative act open to legal remedies, the importance of available eective remedies including the possibility of a temporary
injunction. In 2003, the Federal Administrative Court, and in 2006 the
Constitutional Court, recognised the relation between the refusal of entry based
on a SIS alert and the protection of the human rights, in this case the freedom of
religion, of others.
9.3.1. Accessibility
The accessibility of legal remedies in Germany seems to be especially hampered
by the lack of knowledge of the third-country national about his or her registration in the NSIS. This is caused by the lack of transparent rules on the implementation of Article 96 CISA and the fact that the immigration authorities will
not inform the person that he or she has been reported in the NSIS. This practice
seems to be in breach of the more general principles of German administrative
law with regard to the duty of motivated decision-making.
More in general, German courts emphasised the importance of being heard in
immigration- and asylum law procedures. As we have seen above, both the
Federal Administrative Court and the Constitutional Court emphasised the duty
of the administrative authorities to resolve language and translation problems for
those persons not able to understand the German language.
9.3.2. Scope of Review
In the few decisions I found on the use of SIS, the German courts carefully scrutinised the lawfulness of the registrations and considered whether the SIS report
complied with the criteria of Article 96 CISA. The jurisprudence on the NSIS is
to be read together with the jurisprudence on the German practice of data proling or Rasterfahndung since 11 September 2001. With regard to the practice of
Rasterfahndung, the German courts accepted national security reasons as the justication for the temporary use of data proling. However, in these judgments,
the courts also made it clear that, in their decisions on the use of these methods,
governments are obliged to balance all the interests at stake and to consider the
proportionality (Verhltnismssigkeit) of the chosen method. In the Rasterfahndung
judgment of 4 April 2006, the Constitutional Court made it clear that data proling is only justied under special and specied circumstances. The principle of
proportionality played an important role in the more recent case-law dealing
with the registration of Mr. and Mrs. Moon in the SIS. Twelve years after the
German authorities had entered their data into the SIS, the Court of Appeal of

Germany

443

Koblenz nally ruled that the Article 96 (2) alert was disproportional and therefore unlawful. With this conclusion, the Koblenz Court followed the earlier
judgment of the Constitutional Court in this case.
Other important judgments are those of the Constitutional Court and the
Federal Administrative Court with regard to the constitutional right to informational self-determination and the right to eective judicial protection. In these
judgments, the courts established clear and comprehensive criteria with regard to
the principle of proportionality and the eectiveness of legal remedies.
Finally, as we have seen above, in a judgment in 1999, the Constitutional
Court emphasised the importance for courts of having access to information
based on which the decision has been taken, in order to guarantee an eective
remedy.165 In this judgment, the German Court made it clear that the possibility
for the court to have access to the information during the judicial process had
nothing to do with data protection rights or the right to informational selfdetermination, but everything to do with the applicants right to eective judicial
protection.
9.3.3. Competences
The right to appeal under immigration law includes dierent possibilities for
restoring the interests of the applicant. This, as has been conrmed repeatedly by
the German courts, includes the possibility of obtaining a temporary injunction
or of having the eects of the administrative decision suspended.
In the case law described above, dierent German courts issued a binding
order to the administration involved when they found that a SIS alert did not
comply with the criteria of Article 96 CISA. These orders included the deletion
of the SIS alert in question, the annulment of the refuted decision based on the
SIS registration, or an interim order to prevent the expulsion of the person
concerned.
In a judgment on the AZR (dealt with in section 6.6.1), the Constitutional
Court conrmed that a data subject should have the right to lodge an appeal with
the administrative court, seeking a ban on further data processing or the transmission of the personal information to other authorities if this data processing is
considered unlawful.
Finally, it is important that an individual has the right to nancial compensation whenever he or she suers damage resulting from wrongful or unlawful data
processing. This right to nancial compensation is provided for in the Federal
Data Protection Act and covers material and immaterial loss.

165

BVerfG 27.10.1999, 1 BvR 385/90.

Chapter 13
The Netherlands
Easy as it is to point at the deciencies of the SIS, it is not easy to repair them.
Seeing the sensitivity of Member States in this eld, there is little chance that consensus can be reached on clear and precise common criteria to report a person into such
a computer system. A step forward would already be a limitation of the reporting
grounds.1

1. Introduction
Before the Netherlands joined France and Germany in their bilateral discussions
on the abolition of internal border control, this country was already cooperating
in the eld of visa and immigration policy with Belgium and Luxembourg.
In fact, the Benelux agreement of 1960 was an important source of inspiration
for the later Schengen negotiations. The Dutch government had dierent reasons
for believing it useful to extend this cooperation to France and Germany. These
reasons included the economic advantages of the abolition of internal border
controls, as well as the possibility of enhancing cooperation between police forces
and of harmonising asylum and immigration law. In general, the Dutch
government held the view that intergovernmental cooperation in the eld of
immigration and asylum law was to be considered a temporary measure. In time,
Schengen would have to be replaced by EU measures.

J.D.M. Steenbergen, All the Kings Horses Probabilities and Possibilities for the Implementation
of the New Title IV EC Treaty, European Journal of Migration and Law 1, 1999, p. 2960.

Evelien Brouwer, Digital Borders and Real Rights, pp. 445510.

2008 Koninklijke Brill NV. Printed in the Netherlands.

446

Chapter 13

2. Parliamentary Involvement with CISA

2.1. Schengen in General
The CISA was ratied by the Netherlands on 30 July 1993.2 The Dutch parliament
approved the CISA on 23 February 1993.3 The implementation of the CISA in
the Netherlands included amendments to the applicable law and practical
measures. These changes took place between the date of ratication (1993) and
the date the treaty became eectively operational in the rst Schengen states
(26 March 1995). Even during the discussions on the approval of the Schengen
Agreement of 1985, the Dutch government announced that the introduction of
the general duty of individuals to carry an identity card (algemene identicatieplicht)
would be necessary to make up for the abolition of internal border controls.4
Although, as was later admitted, this new measure would not be a formal legal
result of the CISA, according to the government this would be necessary
to improve ecient control on immigrants within the territory.5 A legal proposal including the obligation of individuals to identify themselves using an
identity card in certain situations was submitted to the Dutch parliament in July
1992. Despite opposition from civil society and certain political parties (including the larger Socialist Party), this law was adopted in 1993 and entered into
force on 1 January 1994.6 Meanwhile, the duty of identication has been
extended pursuant to a new law which entered into force on 1 January 2005.7
Despite the lack of transparency and the secrecy surrounding the negotiations
on the CISA, the Dutch parliament was relatively closely involved with regard to
the CISA. As of 19881989, the legal and organisational implications of the
draft CISA were scrutinised by the Schengen specialists in the Dutch parliament.8
One year before the signature of the CISA, members of the Second Chamber
submitted a long list of questions on the content and practical eects of the draft

4
5
6

7
8

Dutch Journal of Treaties (hereafter: Tractatenblad ) 1993, no. 115, published on 27 August
1993. (Belgium and Luxembourg ratied the CISA on 31 March 1993).
Ocial Journal of the Lower House of Parliament (hereafter: Handelingen Tweede Kamer) 22
142. Act of approval published in Dutch Ocial Journal (hereafter: Staatsblad) of 24 February
1993, no. 138.
Memorandum of the Minister of Justice, Handelingen Tweede Kamer 19861987, 20 031, no. 12.
Handelingen Tweede Kamer 19891990, 19 326, no. 11, debate of 12 June 1989.
Staatsblad 1993, no. 660. See, for a general history of Dutch policy with regard to the legal duty
of identication, A. Bcker, Identicatieplicht: oplossing of oorzaak van problemen, Reeks Recht
& Samenleving no. 17, University of Nijmegen: GNI 2002.
Staatsblad 2004, no. 300.
Organisational measures which received much attention during parliamentary debates included, for
example, the nancial and organisational problems which occurred during the preparation of the
Dutch airport Schiphol for Schengen, see Handelingen Tweede Kamer 19951996, 19 326, no. 113.

The Netherlands

447

Convention.9 These questions had been drafted by a Dutch NGO, the Meijers
Committee. They covered, for instance, the role of the European Parliament during the Schengen negotiations, the competence of the Court of Justice, future
plans with regard to the harmonisation of asylum law and visa policy, the use of
SIS and the availability of legal remedies (see below).
In the Dutch legislative process, before legal drafts are forwarded to parliament,
the Council of State (Raad van State) has to give its prior recommendation on
the proposal. In its report on the approval act of the CISA of 8 April 1991, this
Council of State was critical with regard to the content of the CISA and,
exceptionally, advised the Dutch government not to submit the act of approval
to parliament.10 One of the central concerns of the Council of State was the fact
that the CISA provided rules on which state should be responsible for an asylum
application, without harmonising the national asylum laws. The Council of State
also questioned the provisions for the exchange of personal information, the
inadequate protection of privacy and the lack of unifying supranational judicial
control with regard to the implementation of CISA. Despite this negative advice,
the Dutch government decided to submit the proposal to the parliament.
The Dutch parliament was provided with information and comments by Dutch
NGOs, including the Dutch section of Amnesty International, the Dutch Centre
for Immigrants, the Dutch Refugee Council and the aforementioned Meijers
Committee.11 Based on a draft by this latter organisation, the Dutch parliament
agreed upon an important provision to be incorporated into the ratication act of
the CISA.12 According to this provision, the Dutch government was obliged to
publish and to submit to the Dutch parliament each draft decision by the Schengen
Executive Committee with binding eects on the Netherlands. This new power for
the national parliament with regard to binding decisions taken within the intergovernmental framework of Schengen was at that time quite unique, but later also
taken up by other countries.13 A comparable provision has also been included in
the approval act of the Maastricht, Amsterdam and Nice Treaties.14
9
10
11

12

13

14

Handelingen Tweede Kamer 19881989, 19 326, no. 11, 12 June 1989.

Handelingen Tweede Kamer 19901991, 22 140, B.
A critical analysis of the CISA was given in a special issue on Schengen of the Dutch Law
Journal by members of the Meijers Committee and other lawyers, Nederlands Juristenblad, 31
January 1991, p. 161240.
Article 2 of the law of 24 February 1993, Staatsblad 1993, no. 138, based on the parliamentary
resolution Van Traa-De Hoop Scheer, Handelingen Tweede Kamer 22 140, no. 8.
Italy enacted a similar provision. See D. Curtin and H. Meijers, The Principle of Open
Government in Schengen and the European Union: Democratic Retrogression?, in: H. Meijers
et al., Democracy, Migrants and Police in the European Union: the 1996 IGC and beyond, Utrecht:
Forum 1997, p. 2526.
See, for the ratication act of the Maastricht Treaty: Staatsblad 1992, no. 692, of the Treaty of
Amsterdam, Staatsblad 1998, no. 737.

448

Chapter 13

2.2. Parliamentary Discussions on SIS

The establishment of a central, computerised database to be used by police
forces in dierent countries met with strong criticism in the Dutch media and
the parliament. In 1988, the Dutch government informed its parliament of the
feasibility study which was undertaken with regard to the establishment of the
SIS.15 The government described the SIS as an indispensable tool or as a conditio
sine qua non, making up for the abolition of internal border controls.16 The
information to be stored in the SIS would be to safeguard public order and
security in the Schengen territory and to ght criminality.17
Many of the parliamentary questions submitted during the negotiations on the
CISA in June 1989 concerned the future use of the SIS.18 These questions dealt
with the availability of legal remedies against the reporting of personal data in the
SIS and whether there would be a duty to inform a person about this registration
(see below). Furthermore, the question arose of whether rejected asylum seekers
would be registered in the SIS, which was denied by the Dutch government. The
Dutch government estimated that the SIS would contain data on 800,000 persons,
50,000 of which would be forwarded by the Dutch authorities.19 Compared to
the more recent data on input into SIS, this estimate was relatively close to the
current numbers, except for the input by the Dutch authorities, which was overestimated. For example, in 2005 the number of alerts on all categories of persons
recorded in the SIS was 818,673, of which 17,239 alerts were submitted by the
Netherlands.20
Once the SIS became operational, members of the Dutch parliament only
incidentally dealt with the functioning of the SIS. Based on this report by the
Schengen Joint Supervisory Authority (JSA) on the period 19951997, members
of parliament questioned the government about the current use and organisation
of the SIS. Among other things, they referred to the conclusions of the JSA that
the national SIS les in the various Schengen states did not include the same
information, that national security measures were either inaccurate or lacking
and that the Schengen states did not make sucient use of the possibilities of
encryption.21

15
16
17
18
19
20
21

Handelingen Tweede Kamer 19871988, 19 326, no. 7, 7 January 1988.

Handelingen Tweede Kamer 19871988, 19 326, no. 8, 30 June 1988.
Handelingen Tweede Kamer 19881989, 19 326, no. 10, 14 December 1988.
Handelingen Tweede Kamer 19891990, 19 326, no. 11, 12 June 1989.
Handelingen Tweede Kamer 19891990, 19 326, no. 11, 12 June 1989, p. 13.
Ocial data of C.SIS exploitation team for 1 January 2005.
See the written reaction by the Secretary of State for Justice, Handelingen Tweede Kamer 19 326,
170, 17 June 1997.

The Netherlands

449

The functioning of the SIS was raised again during the parliamentary debates
in response to the publication of two Dutch audits which were performed on the
functioning of the NSIS in 1997.22 These reports concerned the audit by the
Dutch Court of Auditors (Algemene Rekenkamer) and by the Dutch Data
Protection Authority. They will be discussed in sections 3.5 and 3.6.
Occasionally, members of the Dutch parliament submitted questions on security
issues in response to incidents with the SIS and SIRENE, even if these incidents
occurred abroad. For example, in 1997, a member of the Dutch Parliament raised
questions on the security and the accessibility of NSIS information following an
incident in Belgium. This concerned permanent sta members of the Belgian
SIRENE oce who were suspected of having forwarded information to members
of a criminal organisation.23 Another incident resulting in parliamentary questions
was the conduct of the French authorities in impeding research by members of the
Joint Supervisory Authority during their investigation of the CSIS premises in
Strasbourg.24
In 2005, a member of the Dutch parliament asked how many third-country
nationals were registered by the Dutch authorities in the SIS. The Minister of
Immigration responded that, based on gures from 1 January 2005 from the
C.SIS, the Dutch authorities forwarded 15,377 Article 96 alerts to the SIS.25
This answer did not result in any further questions or discussions.
2.3. Parliamentary Discussions on the SIS and the
Availability of Legal Remedies
Even before the date of signature of the CISA, members of parliament
questioned the legal protection of individuals registered in the SIS.26 In particular, the lack of judicial control in combination with the lack of harmonised
criteria for registration in the NSIS was a matter of general concern.27 In answer
to these questions, the government stated that an individual could invoke his
or her right to legal remedies in each country where a NSIS oce is located.
The Dutch government explicitly emphasised that the dierent countries
would have to respect each judgment by the national courts, including courts
of other Schengen states. The legal remedies open to individuals would be
those as provided for in national law.

22
23
24
25
26
27

Handelingen Tweede Kamer 19961997, 19 326, 161, 17 April 1997.

Aanhangsel van de Handelingen, 19971998, 29 December 1997, p. 1085, no. 531.
Handelingen Tweede Kamer 19961997, 19 326, no. 166, 23 June 1997, p. 8.
Aanhangsel van de Handelingen, 19971998, no. 531, p. 1085.
Handelingen Tweede Kamer 19891990, 19 326, no. 26
Handelingen Tweede Kamer 19891990, 19 326, no. 11, 12 June 1989.

450

Chapter 13

In the aforementioned recommendation of 8 April 1991 on the Dutch

approval act for the CISA, the Council of State explicitly dealt with the meaning
of Article 111 CISA with regard to the judicial remedies.28 According to the
Council of State, there was no clear rule on the right to legal remedies against an
alert for the purpose of refusal or expulsion. The advisory body questioned
whether a national court could make a declaration on the legitimacy of alerts
stored by another Schengen state in the SIS. The Council of State also regretted
that the negotiating partners did not rst harmonise the relevant material and
procedural rules.
In its response, the Dutch government disagreed with the conclusion of the
Council of State that the CISA would not provide clear rules on the legal remedies.29 According to the government, the CISA contained fully harmonised rules
on the standards for entering data, the use of alerts and the protection of privacy.
The national laws of the Schengen states would have to comply with these rules.
As we have seen above, this information is not accurate because, for example, the
criteria of Article 96 are not very precise. The Dutch government held that only
the procedural rules of the legal remedies had not been harmonised. This lack of
procedural rules was however resolved, according to the government, by the
principle in the CISA regarding the mutual recognition of national court decisions. A court would assess the grounds submitted by the applicant in an individual procedure and, potentially, this court could ask the issuing state for further
information. If the court decided that the alert should be deleted from the SIS,
the applicant could ask the issuing state to implement the courts decision. In
addition, the government noted that if one country rejected the request and subsequent appeal by the applicant, nothing would prevent this individual from
starting the same procedure in another Schengen country. The national court in
the other Schengen state would then be competent to start a new independent
investigation into the lawfulness of the alert.
In the same advice on the approval act of the CISA, the Council of State proposed
giving the European Court of Justice (ECJ) a supervisory role with regard to the
implementation of the CISA. According to the Council of State, the proper implementation of Schengen would require the harmonisation of the law and practice of
the Schengen countries in certain relevant elds. Supervision by an international
judicial authority would be necessary, or at least urgently required, to ensure this
harmonisation of law. This concern about the lack of a supervisory judicial authority
to interpret the provisions of the CISA was shared by some members of parliament.

28
29

Handelingen Tweede Kamer 19901991, 22 140, B.

Handelingen Tweede Kamer 19901991, 22 140, B, p. 4345.

The Netherlands

451

Initially, the government replied to parliament that there were no intentions to

develop such an institution. The government referred to the fact the Schengen
Agreements were temporary measures, prior to EC regulations. Therefore, there
would be no reason to establish separate Schengen authorities with judicial control
over the implementation of Schengen law. According to the government, these cases
could be submitted to current international institutions, including the ECtHR.
In 1991, the aforementioned NGO, the Meijers Committee, proposed adding
a Protocol on the role of the Court of Justice to the ratication of the Schengen
Agreement of 1985, the CISA, and the agreement between the Schengen countries and Poland of 29 March 1991.30 Based on a draft by this NGO and the
ensuing discussions in the parliament, the Dutch government submitted a draft
for a Protocol regulating the power of the Court of Justice to its Schengen partners on 11 November 1991.31 This protocol did not receive enough support from
the other Schengen states and has therefore never been adopted. Nevertheless, in
other elds of law as well, this proposal regarding the role of the Court of Justice
remained on the political agenda of the EU Member States.32
In 2001, a member of the Dutch parliament questioned the government on
the absence of any information campaign for citizens with regard to the use of
SIS.33 In their answers, the Minister of Justice and the Secretary of State for
Foreign Aairs conrmed that the information leaets developed by the Joint
Supervisory Authority had still not been distributed in the Netherlands due to a
misunderstanding. The Ministry of Foreign Aairs would however provide
general information on the content of the Schengen Agreements, including the
freedom of movement and visa policy. Meanwhile, the Dutch Data Protection
Authority was to take over responsibility for the distribution of information
about the NSIS. However, at the time of my research (20042006), this
organisation had not disseminated any information with regard to the NSIS.
2.4. Parliamentary Debate on SIS II
Compared to the critical attitude of the Dutch parliament with regard to the
establishment of SIS I, the development of SIS II was discussed only marginally.

30

31

32

33

Annex to a letter from the Meijers Committee to Dutch NGOs of 17 May 1991, JR91179.
See also the contribution by H. Meijers, the initiator and former chairman of the Meijers Committee
in the special issue on Schengen, Nederlands Juristenblad, 31 January 1991, p. 161240.
C.A. Groenendijk, The Competence of the EC Court of Justice, in: H. Meijers et al., A New
Immigration Law for Europe?, Utrecht: Dutch Centre for Immigrants 1993, see p. 52.
A. Woltjer, Schengen: The Way of no Return?, Maastricht Journal of European and Comparative
Law 2 (1995), p. 256278.
Aanhangsel van de Handelingen, 20012002, p. 425, no. 203.

452

Chapter 13

On the few occasions when the Senate or the Second Chamber of parliament
made an inquiry about SIS II, they rarely raised fundamental questions. The parliament did not question which lessons could be learned from the current use of
the NSIS or whether this system was eective with regard to its goals.
The most extensive inquiry into SIS II was included in a letter from the
sub-committee on Justice and the Interior of the Senate of 26 November 2002.34
In this letter, the Minister of Justice was asked to provide the Senate with information on the development of SIS II in relation to the accession of new EU Member
States. Other questions raised by the Senate concerned the involvement of the
European Parliament in the decision-making on SIS II, whether the Dutch parliament would be informed of every decision regarding SIS II and whether the purpose of SIS II would be changed. It was six months before these questions were
answered by the Minister of Justice.35 The Minister informed the Senate that the
European Parliament was consulted on the SIS developments and that every decision (binding and non-binding) on SIS II would be submitted to the Dutch parliament. According to the Minister, the inaccuracy of data held in the current SIS
would be the subject of continuous concern. In this same letter, the Minister of
Justice responded to parliamentary questions in reaction to an earlier publication
by in the Dutch government journal, the Staatscourant.36 In this publication, the
journalist Jelle van Buuren dealt with the proposals for the interoperability of different databases, the consequences of these proposals for the privacy rights of individuals and changing SIS II into an investigative tool. In his response, the Minister
described this publication as a mixture of Wahrheit und Dichtung. Although he
admitted that more organisations would gain access to SIS II, he emphasised that
the responsible Council Working Group was not considering any proposal to link
SIS II to other databases. According to the Minister, SIS II would remain a database for daily use by national ocers on a hit/no hit basis. The Minister did not
inform the parliament of the fact that, as we saw in Chapters 4 and 5, even
before 2003 dierent Member States had submitted extensive proposals with regard
to the use of SIS II, for example, the possibility of searching SIS on the basis of
incomplete data.37 Moreover, even in December 2003, the European Commission
recommended the technical integration of SIS II and VIS in its Communication on
the second generation SIS and synergies with SIS II and VIS.38

34
35

36
37
38

Doc. 128949.03, available on the Senates special Europa website: http://www.europapoort.nl.

Letter from the Minister of Justice of 8 July 2003. Handelingen Tweede Kamer 20022003, 23
490, no. 8ee.
Staatscourant 19 November 2002.
Proposal by the Italian and Spanish delegation in 2001, 6164/5/01.
COM (2003) 771.

The Netherlands

453

During discussions on the forthcoming meeting of the JHA Council in June

2003, Socialist Party (PvdA) member Aleid Wolfsen questioned the proposed
purpose and content of SIS II, the authorities to be granted access to it and the
safeguards to be provided for the legal protection of individuals.39 In a response
dated September 2003, the Minister of Justice again emphasised that the SIS II
would remain a hit/no hit database, but indicated, however, that this was not a
nal option. According to the Minister, within its general purpose, attempts
would be made to adapt SIS II to changing circumstances.40
Invited by members of the parliament, in September 2006 the Minister of
Justice gave a written response to a letter from the Meijers Committee regarding
a draft text of the SIS II Regulation.41 In this letter, the Dutch NGO questioned
the rules on the deletion of data on third-country national acquiring EU citizenship and of third-country nationals with privileged rights under EC law.
Furthermore, the Meijers Committee criticised the inaccurate rules relating to
legal remedies for individuals. According to the Minister, many of these critical
issues in the former draft of the Regulation would have been improved by later
amendments. Some of these positive amendments would even be based on the
eorts of the Dutch government during the negotiations in the Council.

3. Implementation of the SIS and Registration

of Third-Country Nationals
3.1. Sources of Immigration Law
The general rules of immigration law are laid down in the Dutch Aliens Act 2000
(Vreemdelingenwet 2000). This law was adopted on 23 November 2000 and
entered into force on 1 April 2001.42 The Aliens Act 2000 replaced the former
Aliens Act 1965. This reform concerned, rstly, an amendment of Dutch asylum
law. In order to shorten the available asylum procedures, the rules governing the
procedures were simplied and the right to administrative review was withdrawn.
To prevent asylum seekers from ling successive procedures to achieve more secure
status, the legal rights inherent in dierent residence permits were unied.
The Aliens Act 2000 provides rules on the dierent categories of residence
permits and documents, the asylum procedure, the legal remedies and the rules
39
40

41

42

Handelingen Tweede Kamer 20022003, 23 490, no. 282.

Letter from the Minister of Justice of 25 September 2003 in reply to parliamentary questions.
Handelingen Tweede Kamer 20032004, 23 490, no. 293.
Handelingen Tweede Kamer, 20052006, 23 490, no. 427. This letter from the Meijers Committee
of 13 April 2006 was written by the author and is available at http://www.commissie-meijers.nl.
Staatsblad 2000, no. 495 and Staatsblad 2001, no. 144.

454

Chapter 13

on the expulsion and detention of third-country nationals. More specic and

detailed rules are included in the Aliens Decree 2000 (Vreemdelingenbesluit
2000), the Aliens Regulation 2000 (Vreemdelingenvoorschrift 2000) and the
Aliens Circular 2000 (Vreemdelingencirculaire 2000). The Aliens Circular 2000
includes instructions from the Minister of Immigration and Integration (hereafter
referred to as the Minister of Immigration) to the national immigration ocers
and to border guards.43 The instructions with regard to border controls as provided by the Aliens Circular have been amended in accordance with the Schengen
Border Code.44
These circulars, which are neither adopted nor systematically approved by parliament, include substantive criteria for policy measures. Initially, these instructions
were given by the Minister or the Secretary of State for Justice. Between
22 July 2002 and February 2007, the Minister of Immigration and Integration was
responsible for decisions in the eld of immigration and integration law.45 The
combination of the Aliens Act 2000 with the dierent ministerial circulars and
decisions makes the applicable law opaque. In particular, the fact that these rules
are often changed makes it dicult to assess which provisions currently apply.
The issue of visas is only partially dealt with in the Dutch Aliens Act. It nds its
basis in a Decree (Souverein Besluit) of 1813.46 The Minister of Foreign Aairs is
empowered to issue visas in accordance with the applicable Schengen rules and the
agreements between the Benelux countries. In 2002, the government announced
that a new comprehensive act on Dutch visa policy was being prepared.47 However,
following the recommendation of November 2005 by the Dutch Advisory Committee
on Immigration Law (Adviescommissie Vreemdelingenzaken), the government dropped
this proposal in 2006. According to this recommendation, a separate visa law would
not be necessary due to the existing and directly binding Schengen rules.48 Further
rules on visa policy not provided for in the Schengen law would be incorporated into
the general Aliens Act 2000.
Before going into the criteria based on which third-country nationals can be
registered in the NSIS, it should be noted that the Dutch Aliens Act 2000 uses the
43

44

45

46
47

48

Since February 2007, with the installation of the new government Balkenende IV, the post of
Minister of Immigration has been abolished. Since then, immigration law and policy falls under
the responsibility of the Secretary of State for Justice.
Regulation 562/2006. See Vreemdelingencirculaire, decision 2006/16, Staatscourant no. 60,
24.3.2006.
Royal Decree (Koninklijk Besluit) 22 July 2002, Staatscourant no. 140, p. 7 and Staatsblad 2002,
no. 418.
Staatscourant 1814, no. 4.
Announced in a general memorandum of 18 July 2002 on the visa law (Hoofdlijnennotitie
Visumwet), Handelingen Tweede Kamer 20002001, 26 106, no. 4.
Letter from the Minister for Immigration, 20 June 2006, just060521.

The Netherlands

455

word aliens instead of third-country nationals. According to Article 1 of the Aliens

Act 2000, aliens includes any person not holding Dutch nationality and who,
according to legal provisions, should not be treated as a Dutch national. In the following sections, I will use the word aliens when the provision in question also refers
to EU or EEA nationals. Otherwise, I will refer to third-country nationals.
3.2. Criteria for Registration in the NSIS
With regard to the registration of unwanted persons, Dutch immigration law
dierentiates between two categories of aliens: persons to whom a formal residence ban has been issued by the Minister of Immigration and Integration (ongewenst verklaarde vreemdelingen) and persons reported as unwanted aliens based
on ministerial instructions (ongewenst gesignaleerde vreemdelingen). This duality
in Dutch law has a historical basis. Whereas, in 1960, based on the Benelux treaties, the formal residence ban had been introduced into the former Aliens Act,
the administrative practice of reporting aliens on the basis of a ministerial instruction was maintained. The parallel functioning of both categories is however confusing and does not seem logical.49 Although these categories are based on
dierent regulations and have dierent legal consequences, for practical purposes
their registration has the same eect: a ban on entry.50 Furthermore, as we will
see, the criteria for both categories are sometimes very similar.
As we saw in Chapter 3, EU/EEA, and Swiss citizens cannot be registered in
the NSIS for the purpose of refusal of entry. According to Dutch law, however,
they can be declared inadmissible on the basis of Article 67 Aliens Act 2000 or
reported as inadmissible on the basis of the provisions of the Aliens Circular.
In these cases, they shall only be registered in the national investigation le or the
Dutch police le, the OPS (see below). Of course, a decision to refuse entry to a
EU/EEA or Swiss citizen or their family members based on such registration
must comply with the stringent criteria of EC law, including Directive 2004/38
discussed in Chapter 9.51
3.2.1. Formal Residence Ban
Unlike the second category of inadmissible aliens (see below), the formal residence
ban (ongewenstverklaring) has an explicit legal basis in Article 67 of the Aliens Act

49

50

51

A. Kuijer, J.D.M. Steenbergen, Nederlands Vreemdelingenrecht, The Hague: Boom Juridische

Uitgevers 2005, 9.5, p. 558. See, for a critical comment, R. Heringa, Ongewenstverklaring en
verblijfsbeindiging. Een gemiste kans, Migrantenrecht 5/01, p. 144150.
See, on the punitive nature of the Dutch residence ban, F.M.J. den Houdijker, Punitief karakter
ongewenstverklaring, -signalering en rechtsbescherming, Migrantenrecht 67, 2006, p. 239243.
See the Articles 8.5 to 8.8 of the Dutch Aliens Decree 2000.

456

Chapter 13

of 2000.52 The formal residence ban is based on a written decision by the Dutch
Minister of Justice. In general, the decision to issue a formal residence ban should
be based on considerations involving the protection of public order and national
security. A person to whom a formal residence ban has been issued and who is
found on Dutch territory is punishable on the basis of Article 197 of the Dutch
Criminal Code. This means he can be sentenced to imprisonment for a maximum
of 6 months or to pay a pecuniary ne.
Article 67 (1) of the Aliens Act 2000 describes the following categories of
persons to whom a formal residence ban can be issued:
a. a person residing without a legal basis in the Netherlands and who has
committed more than one oence which is punishable under the Aliens Act
(for example if a person does not report his or her stay to the competent authorities within the prescribed time). This does not require a criminal conviction;
b. a person with a residence permit who is convicted of a crime punishable by
a term of imprisonment of 3 years or more;
c. a person residing without a legal basis in the Netherlands and who poses a
danger to public order or national security. This includes dierent categories of
persons, including (multiple) convictions for a crime punishable by imprisonment, or a report from the national or a foreign intelligence and security
agency;
d. a person regarding whom another Schengen or Benelux State submitted a
motivated request to the Dutch government to order a formal residence ban;
e. a person who committed a serious crime outside Dutch territory and when a
formal residence ban would be in the interests of international relations.
The criterion under (a) is inserted on the basis of a resolution adopted by the
Lower House of the Dutch Parliament in 2004. In this resolution, the Minister
was asked to apply the formal residence ban more frequently with regard to illegal immigrants acting in breach of the Aliens Act.53 Article 67 (1) (b) concerns
persons who have been convicted and whose residence permit is withdrawn for
that reason. This decision, to withdraw the residence permit, should be taken by
balancing the public interests and the individual rights of the person at stake.
Since February 1990, Dutch law provides a sliding scale mechanism for the
decision to withdraw someones residence permit.54 In general, this mechanism
stipulates that the residence permit of a person staying for a longer period in the

52

53
54

The implementation rules are laid down in the Aliens Decree 2000 and in the Aliens Circular
2000.
Amendment Aliens Circular, Decision no. 2005/29, Staatscourant 23 June 2005, no. 119.
Article 3.86 Aliens Decree 2000.

The Netherlands

457

Netherlands can only be withdrawn if the prison sentence to which he or she has
been sentenced is also longer. For example, the extension of a residence permit
can be refused or a residence permit can be withdrawn if a person who has been
in the Netherlands for at least three years but less than four years has been
sentenced to more than 9 months imprisonment. With regard to a person who
has been in the Netherlands for at least 15 years but less than 20 years, the
sliding-scale mechanism states that he or she should be sentenced to a term of
imprisonment of more than 96 months. Article 3.86, paragraph (c) of the Aliens
Decree 2000 states that the decision on the extension or withdrawal of residence
permits can also be based on foreign, nal convictions.
There are no ocial time limits for the duration of a formal residence ban.
It can only be withdrawn by the Minister following an application from the
third-country national concerned.55 The Dutch Aliens Act contains strict rules if
a third-country national should apply for the withdrawal of his or her residence
ban. These rules imply that, depending on the facts forming the basis for the
formal residence ban, the person must remain outside Dutch territory for one,
ve or ten years before he or she can apply for its withdrawal.
The sliding scale criteria are subject to changes. The criteria have been tightened
for persons residing in the Netherlands for less than ve years and, eective
17 June 2002, a residence permit can be withdrawn if the person concerned has
repeatedly committed minor oences.56 In 2005 and 2006, the Minister of
Immigration announced stricter rules, including amendments stating that legally
resident third-country nationals could be more easily expelled after having
committed a criminal oence.57
3.2.2. Third-Country Nationals Reported as Unwanted
The second category, third-country nationals reported as unwanted (ongewenst
gesignaleerde vreemdelingen) constitutes the largest number of Article 96 reports in
the NSIS. This category has no formal legal basis, but the criteria for reporting
third-country nationals as unwanted in the national police les can be found in
the Aliens Circular 2000 (para. A3/9.2.2). The decision to report somebody as
unwanted is based on an instruction from the Dutch Minister of Immigration
(now: Secretary of State for Justice) to the ocers implementing the tasks of border
control and immigration law. This informal residence ban is to be considered an

55
56

57

Article 68 Aliens Act 2000 and Article 6.6 of the Aliens Decree 2000.
Article 3.86 Aliens Decree amended by Tussentijds Bericht Vreemdelingenrecht (TBV) 2002/34
in: Staatscourant 6 August 2002, p. 7.
Aanhangsel Handelingen Tweede Kamer 20052006, no. 1983, p. 4211. See also NRC
Handelsblad 14 September 2006: Vreemdeling bij iedere straf het land uit.

458

Chapter 13

administrative instruction from the Minister to the border police and the immigration ocers to refuse the person entry at the borders or to expel the person if he is
found on Dutch territory. Unlike the formal residence ban, persons who are
reported as unwanted are not informed in advance. And, unlike the formal residence ban, a third-country national reported as unwanted is not committing a
crime if he or she resides or stays within the Netherlands.
In general, the reasons for reporting a person as unwanted in the NSIS are based
on danger to public security, public order or national security. In practice, this covers a wide variety of reasons for which a person can be reported in the NSIS, including a conviction for a minor oence such as shoplifting, as well as the suspicion
that a person has ties with terrorist networks. According to text of the Aliens
Circular of July 2006, the Dutch authorities are instructed to report a third-country
national whenever the following criteria apply (the prescribed duration of the alert
is given in brackets):58
a. rst expulsion of a non-criminal alien within a period of two years (two years);
b. removal of a third-country national who has been reported (prosecuted) for
a crime related to drugs smuggling, but who has (still) not been convicted
(two years);
c. removal following a prison sentence of a maximum of three months (two years);
d. removal following a prison sentence from three to six months (three years);
e. removal following a prison sentence of six months or more (no formal residence ban) (ve years);
f. if the person has been refused entry or has been expelled because he or she
used fake or forged identication or travel papers or deliberately produced
travel or identity papers that did not belong to him (ve years);
g. if the person evades supervision, for example if the person does not comply
with detention or supervision measures listed in Articles 4.374.39 and 4.42
to 4.52 of the Aliens Decree59 (three years);
h. if the Minister of Immigration nds there are concrete indications that the
person concerned is a danger to national security (ten years).
These criteria are regularly amended or updated. For example, in 2003, the Dutch
Minister of Immigration announced in a memorandum on the Dutch expulsion
policy with regard to rejected asylum seekers that it would be necessary to intensify

58

59

Aliens Circular 2000, as amended by Wijzigingsbesluit Vreemdelingenrecht (WBV) 2006/20,

Staatscourant 14 July 2006, no. 135, p. 7.
The original text was: the person does not cooperate with his identication, the person hides or
does not leave within a reasonable time period.

The Netherlands

459

the use of the SIS for tracking persons staying illegally in the Netherlands after
their removal.60 Based on a parliamentary resolution adopted in 2004, the criterion under (a) has been amended for this purpose.61 Whereas, according to the
original text, a person could only be registered for one year in the NSIS following
a second removal within two years, third-country nationals can already be
registered after their rst removal and for two years instead of one year.
The criteria listed under (b) and (h) were added in 2003 and 2004 respectively.62
The registration of third-country nationals suspected but not convicted of a
crime related to the smuggling of drugs is used especially to facilitate the return
of drugs couriers who arrive at Schiphol airport. The criterion mentioned under (h)
concerns third-country nationals who are suspected of having connections with
terrorist networks. The decision to report a person as a suspected terrorist in the
NSIS can be based on a report by the Dutch intelligence and security agency.
However, the explanatory memorandum to this amendment claries that this
decision also can be based on other grounds, including the reports of foreign
intelligence and security agencies.
In her explanatory memorandum, the Minister of Immigration also referred
to the duties of Member States pursuant to UN Security Council Resolution
1373. This Resolution requires states to enhance their border controls in the
ght against terrorism. In general, one can question whether the reporting of
suspected terrorists in the SIS for the refusal of entry is an ecient tool in combating terrorism. The same Resolution also calls upon states to prevent the commission of terrorist acts by bringing those persons to justice. It might have been
more appropriate to register the persons in the NSIS on the basis of Article 95
(extradition) or 99 (secret surveillance), rather than on the basis of Article 96
CISA, but this issue has not been discussed.63
In July 2006, the highest Dutch administrative court ruled that a condential
report by the national security and intelligence service (AIVD) can form a sucient basis for the decision to report the person in question as an unwanted
person, even if the report itself was not made available to this person.64 It was,
however, emphasised that the use of the condential report was justied in this

60
61
62

63

64

Handelingen Tweede Kamer 20032004, 29 344, no. 1, p. 14.

WBV 2005/29.
TBV 2003/9, 17 March 2003 and the decision of the Minister of Immigration to amend the Aliens
Circular 2000, 15 September 2004, published in Staatscourant 22 September 2004, no. 182, p. 10.
See also my earlier comments to this amendment of the Aliens Circular 2000 in: Migrantenrecht
9/10, 2004, p. 371.
Afdeling Bestuursrechtspraak Raad van State, 4 July 2006, case no. 200602107/1, LJN:
AY3839.

460

Chapter 13

particular case. The person concerned had only denied the content of the (available)
information forwarded by the AIVD and had not submitted any further information
to support his view that this information was wrong.
In some of the categories mentioned above, the general limit of three years for
the storage of data, as envisaged in Article 112 CISA, expires before the national
time limit given in the Aliens Circular. According to the applicable rules of the
CISA, in those cases, the Dutch authorities must explicitly request the C.SIS to
extend the retention period.
3.3. Practical Implementation and Use of the NSIS
3.3.1. NSIS: Responsibility and Coordination
Overall responsibility for the NSIS and SIRENE is in the hands of the Dutch
National Police Services (Korps Landelijke Politiediensten, hereafter the KLPD).
This organisation falls under the responsibility of the Minister of the Interior.
The KLPD is responsible for the storage and use of data in the NSIS, including
data for criminal investigation purposes, on missing persons, stolen goods and
on third-country nationals. The Dutch Immigration and Naturalisation
Department (Immigratie- en Naturalisatie Dienst, hereafter the IND) is responsible for the registration and coordination of registrations of third-country
nationals. The IND falls under the competence of the Minister of Immigration
(since 2007, the Ministry of Justice). As we will see below, this shared responsibility has consequences for how applications for access to SIS information are
being handled.
The Dutch NSIS is linked to the automated municipal population register
(Gemeentelijke Basisadministratie or GBA), regarding the registration of stolen or
missing identication documents. Since March 1998, a link has also been maintained with the national Agency for Road Trac (Rijksdienst voor Wegverkeer
RDW) in cases concerning data on stolen or missing driving licenses.
3.3.2. Procedure for Registration in the NSIS
Before the SIS became operational, third-country nationals to be refused entry or
persons reported as missing were registered in the Dutch national investigation
le (Nationaal opsporingsregister or OPS). Anticipating the start of the SIS, on
27 July 1993 the Dutch Minister of Justice issued instructions to the national
police authorities with regard to the reporting of third-country nationals in the
OPS and the NSIS.65 With regard to the input of data into the NSIS, the Dutch
government decided to report only those data relating to facts occurring after the
date the SIS became operational, i.e. 26 March 1995. This measure, not to copy
65

Letter of 27 July 1993, 376416/93/DVZ, TBV 751.

The Netherlands

461

the old OPS data into the NSIS, would ensure that the SIS records were as clean as
possible.66 This decision was made at a time when it had been established that the
data stored in the Dutch police les were often inaccurate, wrong or wrongly
spelled.67 Therefore the Dutch authorities started to clean up these les in order
not to contaminate the new NSIS les with the old information from the police
les. To prevent duplicate registration, third-country nationals registered in the
NSIS are no longer recorded in the OPS.68 The timing of the measures to be
adopted for the implementation of the CISA almost coincided with the reorganisation of the national police force.69 The police reorganisation included a decentralised structure with more responsibilities assigned to the regional police forces.70
Initially, based on this decentralised structure, the dierent regions applied dierent criteria for the registration of data in the NSIS. After this practice had been
criticised by the Court of Auditors in 1997 (see below, section 3.5), the central
government issued instructions to the regional departments with regard to the
input of data into the Dutch NSIS. This resulted in a more uniform and structured
organisation of the input of data into the NSIS.
Whenever a national immigration ocer or a border guard considers that a
person meets the criteria of the Dutch Aliens Circular 2000, the IND should
always be asked to report this person in the NSIS. For this purpose, a special
form is used (Model M93). The Dutch Aliens Circular (A3/9.6.1) provides that
an ocer using this form should forward the ngerprints of the third-country
national and, if available, copies of the identity documents to the IND. The current storage of third-country nationals in the SIS is coordinated by ve regional
coordinators of the IND. The IND will contact the regional coordinator, who
will decide whether the alert will be submitted to the NSIS. Since 1999, a
national coordinator has supervised the criteria used by the regional units to
enter a person into the NSIS. When the IND approves the alert regarding a
third-country national, the form is forwarded to SIRENE. The SIRENE ocers
formally have to check whether the entry is in conformity with the provisions of
the CISA and whether the person has not already been reported by other

66
67

68
69
70

Handelingen Tweede Kamer 19951996, 19 326, no. 140.

Trouw 30 November 1993. Letter from the Minister of Justice, 5 March 1997, Handelingen
Tweede Kamer 19961997, 25 200, no. 3, p. 2.
Article A3/9.1.3 Aliens Circular 2000.
Police Act of 9 December 1993, Staatsblad 1993, no. 724.
Meanwhile, based on a legal proposal in 2004, Dutch policy-makers agreed to return to a more
centralised approach by the police, with more powers for the central government. Proposal to
amend the Police Act of 1993, of 1 September 2004, Handelingen Tweede Kamer 20032004,
27 904, no. 13.

462

Chapter 13

Schengen states. The requests from Dutch authorities for additional information
on a SIS report are forwarded by the regional coordinators to SIRENE.
3.3.3. Article 96 Hits and Internal and Border Controls
There are dierent procedures to be followed by immigration or border control
ocers with regard to third-country nationals who generate a hit in the NSIS or
the Dutch OPS. The Aliens Circular 2000 identies the procedure following
a hit during border control, during checks for immigration controls within the
national territory and during the application for a residence permit or asylum.
In general, a Dutch ocer should report every hit he or she nds concerning
a person when consulting the NSIS to their national SIRENE oce.71
The Dutch Military Police (Koninklijke Marechaussee), under the responsibility
of the Minister of Defence, is tasked with border controls, internal immigration
control (mobiel vreemdelingentoezicht) and with certain tasks in the asylum procedure. With regard to the two former tasks, Military Police ocers have access
to the NSIS and, if they nd a hit for a third-country national, they will contact
the IND. Military Police ocers will also have to contact the IND when dealing
with a third-country national who meets the criteria for a NSIS alert and who
should be recorded in the NSIS.
Persons encountered at border posts and registered in the SIS or the Dutch
OPS for the purpose of refusal of entry should in principle be refused entry.
Only if the person concerned falls within certain categories, should the border
ocer consult the IND.72 These categories include, for instance, EU/EEA or
Swiss nationals (this only applies to hits based on the OPS), third-country
nationals who claim they have a long-term residence permit and persons whose
refusal of entry would be in conict with serious humanitarian interests. Also, if
an important Dutch interest is at stake, the IND should be consulted rst. If a
person applies for asylum at the borders, the IND will be asked to handle the
asylum application. If a person has a legal residence permit but is reported in
the NSIS, the border ocials will have to inform both the Dutch SIRENE oce
and the IND but, in principle, will have to grant this person access to Dutch
territory. Only in cases of doubt about the residence status of the third-country
national, the border police are obliged to consult the responsible authority.
Persons checked while on Dutch territory during an immigration control and
registered in the NSIS will be transferred to a local police station or to the Military
Police, where they can be detained in order to be expelled as soon as possible from
the Netherlands.

71
72

See A3/9.3, 9.4, and 9.5 Dutch Aliens Circular 2000 (according to the text applicable in 2006).
A2/5.5.1 of the Aliens Circular 2000.

The Netherlands

463

With regard to third-country nationals applying for a residence permit, the Aliens
Circular 2000 describes four situations. Firstly, if the application concerns a thirdcountry national without a legal residence permit who is reported in the NSIS,
he or she should be expelled from the Schengen territory. The ocer involved
should inform the IND. Secondly, if the person applies for a residence permit
and is reported by the Dutch authorities, the IND should decide on the
application. If the IND issues a negative decision and there are no legal remedies left against this decision, the person should be expelled. If the IND issues a
residence permit, the SIS alert should be deleted. Thirdly, if a person applies for
a residence permit, but has been reported by another Schengen State, the IND
must consult the other State on the basis of Article 25 CISA, to decide whether
the third-country national should be granted a residence permit. During this
procedure, the person receives a special form stating that he or she has applied
for a residence permit.73 If the residence permit is refused and legal remedies
against this refusal are no longer available, this person must be expelled. Finally,
if a third-country national has a valid (temporary) residence permit for the
Netherlands but has been reported by another Schengen state, the IND will
also apply the Article 25 CISA procedure. The authority dealing with the thirdcountry national will have to check the lawfulness of the residence permit. If it
is clear that the residence permit has been issued correctly, the third-country
national will be entitled to remain in the Netherlands. If the report in the SIS
concerns a third-country national who applies for asylum, Dutch border ocials will have to forward this application to the IND. Only in cases where the
ocials have doubts about the legal status of this person, are they obliged to
contact the responsible authorities.
To summarise, a SIS report based on Article 96 CISA should only result in an
automatic refusal of admission or in expulsion if this person has no valid residence
permit, does not fall within the special categories described above and does not
le an application for asylum. In the latter situations, the responsible authorities
will have to contact the IND, examine the application for asylum or admission or
give leave to enter Dutch territory. In 2000, the Secretary of State for Justice told
the Parliament that, in each individual case, the national authorities would have
to assess whether a record in the NSIS would be a sucient reason to refuse this
person admission to the Netherlands.74 Four years later, during the parliamentary
debate on terrorism and immigration policy, the Dutch Minister of Immigration
submitted a more stringent interpretation of a SIS alert. According to the Minister,
when it has been established, for example on the basis of a NSIS alert to be

73
74

D44, TBV 1995/6.

Handelingen Tweede Kamer 19992000, 26 732, no. 12, p. 25.

464

Chapter 13

refused entry that the person concerned is a danger to public order and security,
this person must and in practice shall be refused admission.75 As we will see below,
the Minister of Immigration also advocated this automatic eect of foreign SIS
reports on third-country nationals before the Dutch court in the case of Mr. and
Mrs. Moon.
3.3.4. Article 96 Hits and Visa Applications
The Dutch rules on issuing visas are regulated in the Aliens Circular 2000.76 The
ocials at the Dutch embassies and consulates generally submit a visa application
to the Visa Agency (Visadienst) in The Hague. Formally, this Visa Agency acts on
behalf of the Minister of Foreign Aairs. Its ocials and employees, however,
operate within the premises and organisation of the IND, under the responsibility
of the Minister of Justice (formerly Minister of Immigration). In cases of doubt,
political sensitivity, or with regard to certain nationalities (for example China and
Iran), applications for short-stay visas should always be submitted to the Visa
Agency. In general, long-stay visas (or machtiging tot voorlopig verblijf, hereafter
mvv) may only be issued if the Visa Agency has approved the application.77 Sta
members of the embassies and consulates do, however, take responsibility for issuing visas to third-country nationals. Therefore, it is possible that, even if the Dutch
Visa Agency or immigration authority has given leave to issue a visa to a certain
third-country national, the sta of the embassy may still decide to reject the visa
application based on the fact that this person has been reported in the SIS.78 The
embassies obtain monthly updated versions of the NSIS les on CD-ROM. This
means that, during the period between updates of this CD-ROM, embassies will
be working with outdated les. This problem could be resolved if every Dutch
embassy obtained direct access to the NSIS through an international IT network.79
However, in 2006, most of the embassies and consulates were still receiving their
information from the CD-ROMS.80
3.4. NSIS and Article 96: Facts and Figures
The Dutch government does not publish any data on the practical use of the
NSIS. This means that there is no information on the numbers of alerts stored in

75
76
77

78

79

80

Handelingen Tweede Kamer 20032004, 27 925, no. 118, p. 9.

See for a general overview: A. Kuijer, J.D.M. Steenbergen (2005), p. 62 .
B1/1.1.2 Aliens Circular 2000. Only some consular posts are empowered to issue visas
autonomously.
As we will see in section 8.5, the responsibility of the embassies themselves has been acknowledged
by the National Ombudsman.
Reaction by the Minister for Immigration to the report of the Court of Auditors on the visa policy
(see below), Handelingen Tweede Kamer 20032004, 29 260, no. 12, p. 74.
This has been conrmed by an ocer of the IND.

The Netherlands

465

the NSIS between 1995 and 2006, the number of hits based on those alerts or
how many third-country nationals were refused entry, a visa or a residence permit
on the basis of a SIS report.
From the gures from the CSIS Exploitation team, it appears that the number
of third-country nationals reported by the Dutch authorities has increased considerably from 9,363 in 2003 to 15,377 in 2005.81 In 2005, of all the SIS alerts
on persons issued by the Dutch authorities, 89% concerned third-country
nationals to be refused entry on the basis of Article 96.
3.5. Audit Report By the Court of Auditors
In January 1997, the Dutch Court of Auditors (Algemene Rekenkamer) published
a report on the practical use of the national Schengen Information System.82 The
Court of Auditors started this audit because of the far-reaching consequences of
the use of the NSIS for the law and for individual citizens, as well as in response
to reported problems within the CSIS system in Strasbourg. The central questions
raised during this inquiry were:83
whether the national section of the SIS provided for the necessary technical
and functional requirements to ensure an ecient use of the NSIS;
whether data for the NSIS were submitted correctly and completely;
whether the available data in the NSIS were used systematically; and
whether there were practical problems and, if so, how they were resolved.
The report by the Court of Auditors on the NSIS was important for several
reasons. In the rst place, the organisation criticised the lack of information on
the eects of the use of the NSIS. According to the Court of Auditors, no procedures were in place to record the results of the alerts and the eects of the
SIS for police purposes.84 The only information available concerned Article 96
reports. According to the IND, cited in this report, 80% of the 109 foreign
hits on reports forwarded by Dutch authorities resulted in a refusal of entry or
even expulsion by the authorities in other Schengen states. In 48% of the 570
hits based on foreign reports, a hit would have led to refusal of entry by the
Dutch authorities. In 103 cases, the state which reported the person to the SIS
was asked to withdraw this alert because the Dutch authorities wanted to give
leave to enter to the person concerned. These numbers concerned the period
between 1995 and 1996.

81

82
83
84

Reports of the C.SIS Exploitation team including data as from 1 January 2003 and 1 January
2005 (unpublished).
Handelingen Tweede Kamer 19961997, 25 200, no. 12.
Audit report, p. 8.
Audit report, p.15.

466

Chapter 13

According to the Court of Auditors, the 25 regional police forces applied

dierent criteria with regard to the entry of data into the NSIS. With regard to
Article 96 entries, the Court of Auditors found that, in many regional police forces,
the possibility for recording third-country nationals into the NSIS was unknown.
In many cases, the Court of Auditors found that immigrants with a Dutch residence
permit were reported by other Schengen States, especially Germany. Furthermore,
the Court of Auditors established that more than 7,000 Dutch ocials were
authorised to retrieve information from the NSIS and more than 500 were allowed
to change the data in the NSIS. In relation to these ndings, the Court of Auditors
stressed the importance of the integrity of the users.
The Court of Auditors advised the government to take measures to facilitate an
ecient data policy, to coordinate the use of the NSIS and to develop national
criteria for the input of the SIS data. Furthermore, it would be necessary to
develop a policy for the use of the NSIS in the eld of border control by the
Dutch police, to clean the national police les and to add relevant information
from these les to the NSIS. It is important to note the conclusion of the Court of
Auditors that, due to a lack of information on the current measures taken following hits, it would be dicult to reach general conclusions on the practical eects
and eciency of the SIS. This lack of information on the eciency of use of the
NSIS has been questioned as well by the Dutch parliament. Following a request
from a member of parliament, the Minister of Justice promised to provide the
Dutch parliament with a report every six months, containing information on
the functionality and use of the NSIS.85 Earlier in the parliamentary discussions,
the Minister of Justice stated that the Dutch police would submit data monthly
concerning the hits and alerts in the SIS to the IND and that both organisations
would discuss the meaning of this information.86 To my knowledge, between
1997 and 2006 no such reports were forwarded to the parliament.
The investigation by the Court of Auditors took place between 1995 and
1996, which means it covered the rst years of operation of the SIS. As the Court
of Auditors admitted in its report, the failings found in the operation of the
NSIS could be considered childhood diseases, normal in every new system.
The fact that the problems in question were unveiled by the Court of Auditors at
this early stage can be seen as an advantage of the practical operation of the
NSIS. The audit prompted the authorities to coordinate the use of the NSIS and
to solve these problems. In response to the parliamentary debate on this report,
in March 1998 the Minister of Justice announced the measures which had been
taken with regard to the entry of data into the NSIS, eective data policy and

85
86

Handelingen Tweede Kamer 19961997, 25 200, no. 6, p. 8.

Handelingen Tweede Kamer 19961997, 25 200, no. 4, p. 4.

The Netherlands

467

security measures.87 Unfortunately, since 1997, there has been no such overall
and complete audit of the use of the NSIS in the Netherlands.
In 2003, the Court of Auditors published an audit report on the Dutch implementation of the Schengen visa policy.88 In this report, the Court of Auditors
dealt briey with the use of the NSIS with regard to the issue of visas. The Court
of Auditors criticised the fact that Dutch embassy ocers did not adequately
check international and national les with regard to visa applications, including
the NSIS. Among other things, the Court of Auditors found that the national
database on visa applications (see below) was not systematically used or updated
by the various consular posts.89 According to this report, of the 15,000 thirdcountry nationals who were refused entry at the borders in 2002, 1,789 persons
had a valid Schengen visa. Twenty-seven persons in this latter group were reported
in the SIS and, in eight cases, the visas had been issued by Dutch embassies or
consulates. Commenting on these data, the Court of Auditors concluded that, in
these eight cases, the Dutch authorities failed to act in accordance with the applicable rules with regard to the SIS. The Court of Auditors did not consider the
possibility that there could have been other legal grounds for issuing the visas to
the persons concerned.
3.6. Audit Report of the Dutch Data Protection Authority
The Dutch Data Protection Act (see section 5 below) provides for a national
supervisory body, entrusted with supervising the NSIS. In December 1998, this
Dutch Data Protection Authority (College Bescherming Persoonsgegevens, hereafter
CBP) published a report on the audits of the NSIS and SIRENE during 1997
and 1998.90 This audit dealt in particular with security issues. The central aims of
this audit were very general: to investigate the protection of privacy of the NSIS
and SIRENE and to assess which measures and procedures are available to protect integrity, exclusivity and availability.91 The audit did not deal with Article 96
alerts in the SIS. The information was gathered from visits by members of the
CBP to the premises of the Dutch police and from written questions submitted
to the organisations concerned. The CBP visited the KLPD, the SIRENE oces
and one of the regional police forces. Before publishing the report, the CBP

87
88

89
90
91

Letter of 11 March 1997, Handelingen Tweede Kamer 19961996, 25 200, no. 4.

Report of 23 October 2003, Handelingen Tweede Kamer 20032004, 29 260, no. 12. There
has been a second evaluation by the Court of Auditors on the implementation of its recommendations, November 2004.
Handelingen Tweede Kamer 20032004, 29 260, no. 1, p. 40.
Privacy audit NSIS, Rapport no. 97.U.189, December 1998, The Hague: Registratiekamer.
See p. 4 of the report.

468

Chapter 13

allowed these organisations to respond to the conclusions and to describe what

improvements could be made. These responses are included in the report of
December 1998.
In its ndings, the CBP emphasised that there were serious shortcomings in
the eld of formalisation, implementation and the control of the procedures of
data processing and management. The CBP also criticised security policy and
planning, the control of logical access to the systems and the administrative
organisation of the use of the system and its information. According to the CBP,
there were too many users with insucient knowledge of the relevant privacy
regulations and seven super users (technicians who, in the exercise of their work,
have access to all the SIS les and clearances), where three would have been
enough. The CBP also discovered that it was possible to gain unauthorised access
to the NSIS databases.
The Ministry of Justice and the police force involved stated in their response
that measures were undertaken to repair the shortcomings described in the audit
report. According to the CBP, two alerts in the SIS were deleted by the CSIS
after expiry of the time limit, without prior notication to the originating
authorities. The CBP recommended that the authorities improve the management of expiring alerts. In reaction to this nding, the KLPD informed the CBP
that a list of expiring alerts is periodically submitted by SIRENE to the regional
police stations. Furthermore, the CBP noted that the SIRENE oce did not
check the legality of requests concerning SIS information. The CBP advised
doing this periodically. In 2000, there was limited follow-up of the 1998 audit,
however, the results of this were not published. Since 2000, no other audits have
been undertaken due to a lack of nancial and practical means.92
In 2004, the Dutch CBP submitted a report on the implementation of Article 96
CISA to the Schengen Joint Supervisory Authority.93 This report which, was not
very detailed, will be discussed in section 5.5 below.

4. Intermezzo: Dutch Policy with Regard to the Administration

of Data on Third-Country Nationals
4.1. General Administration of Immigrants
Since 1994, public authorities dealing with third-country nationals have been
required to exchange their data with the Dutch Immigration and Naturalisation

92
93

According to a spokesman for the CBP.

Annual report of the CBP for 2004, p. 53.

The Netherlands

469

Department, and vice versa.94 This mutual exchange of data on third-country

nationals was facilitated by the establishment of a general database on thirdcountry nationals (Vreemdelingen Administratie Systeem, hereafter the VAS). This
system has been operational since the end of 1995 and was linked to the civilian
population administration held by the municipal authorities (Gemeentelijke Basis
Administratie or GBA). On 15 June 2003, the VAS was incorporated into the
so-called Common Immigration Network (Basis Voorziening Vreemdelingenketen,
hereafter the BVV).95 The BVV is a system providing dierent organisations
involved in immigration policy with access to the personal and administrative
data of 2.5 million third-country nationals. This system holds dierent data les,
including:
a personal registration le with name, address, nationality, date and place of, etc.;
an index le, including references to every decision or measure which has
been taken with regard to the third-country national;
a card system, including documents which have been issued by Dutch
authorities to the person concerned;
a document le, including documents which have been issued by foreign
authorities; and
a biometric le, including ngerprints, photographs and the signature of the
person concerned.
In principle, the BVV contains information on every third-country national
admitted or holding a residence permit, except short-term visitors who are admitted on the basis of Article 12 of the Aliens Act 2000 and who are not obliged to
report to the national authorities within three days of their entry into the
Netherlands. Tourists and other third-country nationals admitted for a period of
up to three months and EU nationals are not registered in the BVV.96 The
establishment of the biometric le within the BVV is a measure taken by the
Dutch government in the light of the future implementation of VIS.97
With regard to visa applications, embassies and consular authorities report
each visa issued into the Dutch visa information system (abbreviated to VIS, not
to be confused with the VIS at EU level).98

94

95

96
97
98

This obligation was based on Article 48 of the Aliens Act 1994, this is now regulated in Article
107 of the Aliens Act 2000.
Staatscourant 13 June 2003, no. 111. The BVV is regulated in section A1/6.3 of the Aliens
Circular 2000.
Articles 4.47 and 4.48 of the Aliens Decree 2000 and Article A3/7.6 of the Aliens Circular 2000.
Handelingen Tweede Kamer 20042005, 22 112, no. 364.
Handelingen Tweede Kamer 19992000, 26 106, no. 2, 25 October 1999.

470

Chapter 13

A special measure of Dutch immigration law policy is included in the socalled Linking Act (Koppelingswet) of 1998.99 This law was established to prevent
the use of social security, housing or nancing facilities, medical care and other
public facilities by individuals who are residing irregularly in the Netherlands.100
If a person is not registered with the Dutch municipal police, population or
immigrant les, this person generally should not be given access to one the
facilities mentioned above. Unlike the NSIS, which is based on the principle that
registration means exclusion, one could say that the Dutch Linking Act is based
on the principle that registration means inclusion. The implementation of this
law is closely related to the establishment and improvement of the computerised
national les.101
4.2. The Use of Biometric Data
4.2.1. Third-Country Nationals and their Biometrics
In the Netherlands, ngerprints are taken of every third-country national applying
for asylum. This practice was formalised by Royal Decree in 1994.102 The ngerprints of asylum seekers and third-country nationals who cannot be identied are
recorded in the national HAVANK system. HAVANK is linked to the BVV and,
with regard to the data on asylum seekers, to Eurodac as well. Article 54 Aliens
Act 2000 requires a third-county national to provide the national authorities with
certain information and to cooperate with identication measures. Details of this
obligation have been elaborated in Article 4.45 Aliens Decree 2000. If requested,
the third-country national must provide an accurate photograph and, if the
immigration ocer considers this necessary, he must cooperate in having his
photograph or ngerprints taken. As we have seen in the previous chapters, based
on forthcoming EC laws, every visa applicant planning to seek entry to the
Netherlands will have his or her ngerprints taken and stored in the European
VIS. The establishment of VIS was fully supported by the Dutch government,
partly because of the major role this system could play in its expulsion policy since
it would contain biometric data on every visa applicant.103
According to the general rule, a third-country national who is not an asylum
seeker can only be asked to have his photograph or ngerprints taken if this is

99
100

101

102
103

Staatsblad 1998, no. 203.

P. Minderhoud, The Dutch Linking Act and the Violation of Various International NonDiscrimination Clauses, European Journal of Migration and Law 2000, p. 185201.
See also E. Brouwer, Registratie van gegevens en de Koppelingswet, Migrantenrecht 56, 1998,
p. 168174.
Royal Decree (Koninklijk Besluit) 30 December 1993, Staatsblad 1994, no. 8.
Handelingen Tweede Kamer 20032004, 29 344, no. 1, p. 13.

The Netherlands

471

considered necessary by the ocer in charge. This rule has its origins in a decision
of the Dutch Supreme Court (Hoge Raad ) of 1993.104 In this judgment, the
Supreme Court dealt with a claim from a woman who held both British and
Nigerian nationality and her Nigerian partner, whose ngerprints were taken
during an identity check. The Supreme Court condemned the behaviour of
immigration ocers because not only had they unlawfully withdrawn the passports of the applicants, they had also taken their ngerprints. Via Interpol, these
ngerprints were transferred to other States. The Supreme Court emphasised
that the taking and processing of ngerprints represent a breach of the right to
private life as protected in Article 8 (1) ECHR. If the person in question obtains
a valid passport or comparable document which proves his identity, it would
only be appropriate under exceptional circumstances to take his or her ngerprints. Even if there are grounds for believing the passport or document to be
fake or falsied, the national authorities would still have a duty to consider other
means of nding out whether the document is genuine or not, before taking
ngerprints.
In the light of the developments since 1993, it would be interesting to nd out
whether the Supreme Court would uphold this interpretation of Article 8 ECHR.
Recent developments, at both EU and national levels, illustrate that there is a shift
in thinking about the scope of the right to private life and the question of whether
the taking of ngerprints constitutes a breach of that right. Whereas, in 1993,
there was general agreement that the taking of ngerprints was an intrusive measure, currently this measure seems to be considered an appropriate identication
tool for all kinds of reasons. This applies not only in the eld of criminal
investigation, immigration or asylum policy, but also in the private sector and for
securing passports and ID documents by every EU citizen.
4.2.2. Shared Use of Data on Criminals and Asylum Seekers
The aforementioned HAVANK system is also used for criminal investigation
purposes. Initially, the ngerprints of asylum seekers were automatically compared to the available data in HAVANK. This comparison was meant not only to
assess whether the person had previously applied for asylum, but also to check
whether the asylum applicant posed a risk to public order and security.
Before 21 October 2001, every time police ocers or public prosecutors used
HAVANK for criminal investigation purposes, the ngerprints of the recorded
asylum seekers were automatically checked as well. As we saw in Chapter 7,
Article 6 (1) b of EC Directive 95/46 on the protection of personal data prohibits

104

Hoge Raad 19 February 1993, no. 14917 in: R. Fernhout and J.D.M. Steenbergen, Rechtspraak
Vreemdelingenrecht 1993, Nijmegen: Ars Aequi Libri 1994, no. 70.

472

Chapter 13

information processed for one purpose from being automatically used for other,
not explicitly dened purposes. According to this principle, personal data stored
for immigration law purposes cannot be used for other purposes, such as criminal investigations. Since the new Dutch Data Protection Act implementing this
EC Directive entered into force on 1 September 2001, the Dutch Minister of
Justice was obliged to take measures to stop this combined use of HAVANK.105
In December 2001, the Minister of Justice described the new practice to be
followed with regard to the use of ngerprints of third-country nationals for law
enforcement purposes with eect from 25 October 2001.106 Under the new situation, law enforcement authorities are only granted access to data regarding
third-country nationals if they can establish concrete reasons to believe that the
suspect is a third-country national. Since 2001, this criterion has been extended
twice by the Minister of Justice. In the rst place, according to a letter from the
Minister of Justice, law enforcement authorities may check the information on
third-country nationals in HAVANK during criminal investigations with regard
to serious crimes aecting the social legal order (maatschappelijke rechtsorde).107
In these situations, the condition that reasonable doubt must exist that the suspect
is a third-country national does not apply. Examples of such crimes, mentioned
by the Minister, include murder, rape or terrorist acts with potentially serious
eects. Secondly, in his answers to parliamentary questions, the Minister of
Justice claried that law enforcement authorities could also have access to data
on third-country nationals if they were being sought as witnesses.108
In January 2002, some members of parliament expressed their disappointment
with the fact that data on third-country nationals in HAVANK were no longer
automatically accessible for both immigration law and law enforcement purposes.109
It was proposed that the Dutch Aliens Decree be amended, by adding a sentence
stating that the data taken from immigrants or asylum seekers will also be used for
criminal investigation purposes. This proposal was rejected by the Dutch Minister
of Justice, since it would be contrary to international data protection principles.110

105

106
107

108
109
110

Handelingen Tweede Kamer 20002001, 19 637, no. 583. See also Petra Catz on the parliamentary discussion on the use of ngerprints, The Netherlands: Small steps on beaten tracks, in:
Brouwer, Catz & Guild (2003), p. 6566.
Handelingen Tweede Kamer 20012002, 19 637, no. 635, 10 December 2001.
Letter of the Minister of Justice, 22 January 2002. Handelingen Tweede Kamer 20012002, 19
637, no. 645, p. 3.
Handelingen Tweede Kamer 20012002, 19 637, no. 663, 12 April 2002, p. 3.
Handelingen Tweede Kamer 20012002, 19 637, no. 642, 18 January 2002.
See also Handelingen Tweede Kamer 20012002, 19 637, no. 645, 22 January 2002.

The Netherlands

473

However, as we have seen in Chapter 5, at the EU level the Netherlands supported

the proposal to give law enforcement agencies, respectively security agencies access
to Eurodac and the VIS.
Between September 2002 and March 2004, there were 101 requests by the
public prosecutor to check the HAVANK database of ngerprints of third-country
nationals for investigation purposes: these requests would have resulted, in 49 cases,
in the identication of the person concerned.111
4.2.3. Storing Biometric Data for Expulsion Purposes
In 2003, the Dutch government proposed the use and scanning of biometric
data from asylum seekers by airlines for the purpose of facilitating the return of
rejected asylum seekers.112 The scanning of their ngerprints, in combination
with the duty of air carriers to make a copy of travel documents, would make it
much easier to establish the identity of these asylum seekers and the airline on
which the person travelled to the Netherlands. The government recognised that a
legal basis would be necessary for such a measure, since it would infringe the
right of privacy of the individuals concerned. Referring to the justied fear of
illegal immigration, the government found such a measure necessary and
proportional.
A pilot project was launched in June 2005 in Lagos, where International
Liaison Ocers take ngerprints from immigrants before they board an aeroplane
to the Netherlands.113
4.2.4. Biometrics and Passports and Identity Cards
The Netherlands, together with Germany, Italy and the UK, can be considered
one of the forerunners with regard to the development of a passport that includes
biometric data. Even in 1998, the Dutch government proposed including biometrics in the national passport. During discussions with the government, in
June 2001 the Dutch parliament agreed with the proposal to enter biometrics
into Dutch passports to ght identity fraud.114 A draft proposal for a new passport including biometric data was submitted to the Dutch Parliament in April
2002.115 However, the technical development of this passport and the ongoing
discussions at international level on the choice of biometric features hampered

111

112
113

114
115

Answers by Minister of Justice to parliamentary questions, Handelingen Tweede Kamer

20032004, Aanhangsel, no. 1527.
Handelingen Tweede Kamer 20032004, 29 344, no. 1, p. 13.
Handelingen Tweede Kamer 20042005, 29 344, no. 43, see also Rapportage Vreemdelingenketen
mei t/m augustus 2005, 1 November 2005, Annex to Handelingen Tweede Kamer 19637, no. 986.
Handelingen Tweede Kamer 20002001, 25 764, no. 17.
Handelingen Tweede Kamer 20012002, 28 342, no. 1.

474

Chapter 13

the nal decision-making. Implementing Regulation 2252/2004 on the EU passport, the Dutch government nally decided to introduce the electronic passport
on 26 August 2006.116
4.3. Immigration Files, Border Control and the Fight against Terrorism
In response to a recommendation by the Advisory Committee of Immigration
Aairs on Immigration Policy and Anti-Terrorism Measures, the Dutch government decided to launch a feasibility study into the possibility of including a national
security test in the regular immigration procedure. This would mean that, using
risk proles and matching dierent databases, every application for admission would
be checked against the risks to national security.117 One of the proposed measures
was to give the Dutch Intelligence and Security Agency access to the central aliens
administration, the BVV. In 2006, in a policy note on the use of border controls in
the ght against terrorism, the government emphasised the necessity of linking different databases and the use of biometrics.118 In this note, the government also
stressed the importance of screening visa applications using biometrics and by
dening the nationalities and categories of person whose visa applications would
have to be forwarded to the national intelligence and security agency.
In a letter dealing with the policy of tracing suspected terrorists on its territory,
the Ministers of the Interior and of Justice stated that, The collection, matching
and analysis of information on groups of persons is the key to preventing terrorism.119
In its response to this letter, the Dutch Data Protection Authority or CBP explicitly
disagreed with this new policy. The CBP warned against merging the tasks of the
police and the intelligence and security agencies and was especially concerned about
the protection of a large group of non-suspects.
The new emphasis on data control resulted in other proposals for the use of
biometrics, including the use of DNA materials. In a letter of 7 June 2004, the
Minister of Justice proposed the compulsory storage of biometric data from every
person using a false identity. On the same occasion, the Minister supported random
public and private identity controls in the ght against identity fraud.120
According to the Minister, this would mean that persons using a false identity

116
117
118

119

120

Handelingen Tweede Kamer 20052006, 25764, no. 30.

Press release, Ministry of Justice, 24 October 2003.
Letter from the government on the use of border controls in the ght against terrorism,
3 February 2006 Handelingen Tweede Kamer 20052006, 30 315, no. 3.
Letter of 10 September 2004, Handelingen Tweede Kamer 20032004, 29 754, no. 1. The letter
of the Data Protection Authority of 22 September 2004 can be downloaded from http://www
.cbpweb.nl.
Handelingen Tweede Kamer 20032004, 29 200 VI, no. 166, p. 23.

The Netherlands

475

would not be able to know, where, when and how they will be caught. Also in
2004, the Minister of Justice proposed registering the DNA of every (suspected
or convicted) criminal in the Netherlands, even in relation to minor oences.121
As in the other Member States, the urgent need for new security and antiterrorism measures felt by Dutch politicians was in the rst place a reaction to
the events of 11 September 2001 and, later, the events in Madrid and London.
However, the new focus on internal security was certainly also triggered by the
murders of the Dutch politician Pim Fortuyn on 6 May 2002 and of Theo van
Gogh on 2 November 2004. In particular, the murder of Theo van Gogh, committed by a Dutch national with a Moroccan background, seemed to have
changed the political agenda. According to reports by the Dutch Intelligence and
Security Agency, Theo van Goghs murderer was a member of a group of young
fundamentalist Muslims, preparing further attacks on Dutch soil. This fact
resulted in new control measures being considered justied, including new
methods of risk proling, connecting immigration and criminal law data.122

5. Rights and Legal Remedies for Individuals under

Data Protection Law
5.1. Background to Dutch Data Protection Law
The rst Dutch Data Protection Act (Wet Persoonsregistraties) entered into force
in 1989.123 Compared to other countries, the Netherlands was certainly no
pioneer in the development of data protection law. The political debate on the
need for data protection law started in 197071 in response to civil protests
against the proposals for a central population le and the use of information
technology for a national census. Alarmed by these protests, in 1972 the government established a National Committee on the Protection of Privacy with regard to
the Registration of Personal Data. This Koopmans Committee (named after its
chairman) was instructed to prepare a recommendation on the need for legislation
to protect privacy.124 An important reason for the establishment of this committee
was to remove societys resistance to plans for the computerisation of the

121

122

123
124

Draft decision on the amendment of the Regulation on the use of DNA during criminal investigation, 30 June 2004, just 040640. This draft was only questioned by members of the Dutch
Senate, Handelingen Eerste Kamer 20032004, 28 685, no. C, 7 July 2004.
In a letter of 10 November 2004 to the parliament, the Ministers of the Interior and Justice
describe the measures they think are necessary, Handelingen Tweede Kamer, 29854, no. 3.
Act of 28 December 1988, Staatsblad no. 665, Handelingen Tweede Kamer 20042005, 29 854, no. 3.
Royal Decree (Koninklijk Besluit) 21 February 1972, no. 70, Staatscourant 1972, no. 43.

476

Chapter 13

government les.125 It took ve years for the Koopmans Commission to publish

its report, including a draft of a general data protection act. According to the
report from 1977, the central conditions of this law were: making data processing transparent, protecting the position of data subjects and establishing independent supervision.126 It was not until 1981 that the government submitted a
rst draft for a Data Protection Act to the Dutch parliament.127 This draft, largely
based on the Koopmans draft, was strongly criticised by both parliament and
civil society. This proposal was considered too centralist and bureaucratic, for
example because it required licenses for each registration of personal data. In the
private sector, this draft was also criticised because the proposed rules would
excessively hinder the use of databases. Another objection was the fact that this
draft lacked clear and general principles and did not take into account the new
developments in information technology.
In July 1985, the Minister of Justice submitted a second draft for a general
data protection act.128 At the time this draft was published, three additional
incentives existed for the Dutch legislator to come forward with a proposal. The
rst incentive was the incorporation of the right to privacy with regard to data
processing as a basic right in the Dutch Constitution in 1983. Article 10.2 of the
Dutch Constitution reads:
1. Subject to the limitations of or pursuant to the law, everyone has the right to
privacy.
2. The law regulates the right to privacy with regard to the recording and provision
of personal data.
3. The law regulates the right of individuals to be informed that their personal
data is being recorded or used, as well as to correct these data.129

125

126

127
128
129

As formulated by Ch.J. Ensched at that time, without the actions against the census, there would
not have been a Koopmans Committee, in: Het interimrapport-Koopmans: een discussiebijdrage,
NJB, 28 September 1974, a. 32, p. 1030.
Eindrapport Staatscommissie Koopmans Privacy en Persoonsregistratie, The Hague: Staatsuitgeverij
1977, p. 28.
Handelingen Tweede Kamer 19811982, 17 207, no. 12.
Handelingen Tweede Kamer 19841985, 19 095, no. 13.
Article 10:
1. Ieder heeft, behoudens bij of krachtens de wet te stellen beperkingen, recht op eerbiediging
van zijn persoonlijke levenssfeer.
2. De wet stelt regels ter bescherming van de persoonlijke levenssfeer in verband met het
vastleggen en verstrekken van persoonsgegevens.
3. De wet stelt regels inzake de aanspraken van personen op kennisneming van over hen vastgelegde gegevens en van het gebruik dat daarvan wordt gemaakt, alsmede op verbetering van
zodanige gegevens.

The Netherlands

477

Secondly, the ratication of the Data Protection Convention of 1981 required

the adoption and implementation of national data protection law. Finally, the
development of data protection law in neighbouring countries motivated the
Dutch legislator not to wait any longer to adopt a national law, since the lack of
a national data protection law would prevent international data exchange with
those countries.130
The provisions of the new draft for a data protection law were less extensive and
more positively received.131 The proposal of 1985 was formally adopted in 1989.
This rst Dutch Data Protection Act (Wet Persoonsregistraties) provided for a duty
to report personal data records to a central data protection authority, known as
the Registration Chamber (Registratiekamer). Standard les, such as client or
patient records, were exempt from this duty. The Data Protection Act dierentiated between private and public les. Whereas this draft required self-regulation
for les in the public sector, the private sector was encouraged to develop specic
data protection rules. As we will see, the regulations which were drawn up for the
NSIS and SIRENE les in 1994 were based on this obligation from the former
Data Protection Act. Furthermore, the Data Protection Act of 1989 provided for
legal remedies for the individual in the civil courts, irrespective whether the data
le concerned was held by a public authority or a private organisation.
In 1995, it became clear that new legislation would be necessary, in order to
implement the provisions of EC Directive 95/46 on the protection of personal
data. As we have seen above, this Directive was to be implemented before 24
November 1998. Moreover, in 1995, researchers published two evaluation
reports regarding the Data Protection Act of 1989.132 In these evaluations, it was
established that the Data Protection Act had relatively little inuence on the
actual behaviour of data subjects and data controllers. Individuals would not be
aware of their rights according to the Data Protection Act and they would lack
information on the use of their data held by public and private organisations.
The results of the two evaluations, together with the necessary modications to
EC Directive 95/46, formed the basis of the draft of a new legislation.
The new Act on the Protection of Personal Data (Wet Bescherming Persoonsgegevens,
hereafter the WBP) entered into force on 1 September 2001.133 This was three years

130

131
132

133

The treaty was signed by the Dutch government on 21 January 1988; however, it only entered
into force for the Netherlands on 1 December 1993, after the Dutch regulation on sensitive
data was also adopted, Tractatenblad 1993, no. 157.
See, for the parliamentary discussions, Handelingen Tweede Kamer 19841985, 19 095, nos. 5 and 8.
See J.E.J. Prins et al., In het licht van de Wet persoonsregistraties: zon, maan of ster?, Alphen aan
den Rijn/Diegem: Samsom Bedrijfsinformatie bv. 1995, and G. Overkleeft-Verburg, Wet
persoonsregistraties, Norm, toepassing en evaluatie, Zwolle: W.E.J. Tjeenk Willink 1995.
Act of 6 July 2000, Staatsblad 2000, no. 302.

478

Chapter 13

after the deadline for implementation of the EC Directive 95/46 had expired.
The WBP removed the general dierence between public and private les, except
for the criteria of legal purposes for the processing of personal data and with regard
to the regulation on legal remedies. Compared to the previous law, the national
Data Protection Authority (with a new name: College Bescherming Persoonsgegevens,
hereafter CBP) acquired additional powers, including the power to impose administrative nes and to use coercive measures. The terminology used in the WBP is
more in line with EC Directive 95/46. Among other things, the new WBP envisages a decentralised control mechanism, via the appointment of data protection
ocers within private and public organisations. Furthermore, the WBP includes a
simplied reporting system which only applies to computerised databases. The
duty for data controllers in the public sector to draw up and publish specic
regulations on the use of their data les has been withdrawn.
According to Article 45 WBP, a decision with regard to a request for access,
correction or deletion of personal data taken by an administrative authority falls
within the scope of the Dutch Administrative Act, or Algemene Wet Bestuursrecht
(AWB). This means that, with regard to those decisions in relation to the use of
the NSIS, the general administrative rules apply (see further below).
Apart from the general rules in the WBP, sectoral laws also apply to the
processing of personal data in specic elds. Since 1955, a special act has applied
with regard to the use of judicial and criminal les.134 The aforementioned law
regarding the civil population administration of the municipal authorities (Wet
Gemeentelijke Basisadministratie) of 1995 also includes specic data protection
standards. The Act on Police Files of 1990 (Wet Politieregisters) also applies to
data recorded in the SIS for police and criminal investigation purposes.135
5.2. NSIS and the Applicable Rules on Data Protection
The WBP applies to data registered on the basis of Article 96 CISA. With the
new WBP, the former duty to draw up separate rules for public les has been
replaced by a duty to report these les to the Dutch Data Protection Authority.136
In accordance with Article 27 WBP, the authorities responsible for public les
have to include information in these reports about, for instance, the authority

134
135

136

Wet op de justitile documentatie en de verklaringen om het gedrag, Staatsblad 1955, no. 395.
Act of 21 June 1990, houdende regels ter bescherming van de persoonlijke levenssfeer in
verband met politieregisters, Staatsblad 1990, no. 414. The legislator is preparing a complete
revision of this law.
Based on the former law of 1989, specic rules (reglementen) were adopted for NSIS and
SIRENE with regard to the data on third-country nationals, published in: Staatscourant 90, 16
mei 1994, p. 1718. These rules no longer apply.

The Netherlands

479

responsible for the data processing, the data which are to be recorded, the purpose of the data processing and the authorities or organisations which have access
to the data. The reports can be consulted on the public website of the Data
Protection Authority. It is, however, dicult to nd a report of a specic registration without knowing the number of this report. In the report on the NSIS
which was submitted to the Dutch Data Protection Authority, the KLPD and
the IND both declare themselves responsible for the NSIS.137 This means that
a data subject may contact both organisations when requesting information
about being registered in the NSIS, or when applying for correction or deletion
of his data. However, as we will see below, based on an informal agreement
between the KLPD and the IND, every application regarding SIS alerts, including
those concerning third-country nationals to be refused entry, is dealt with initially
by the privacy ocer of the KLPD.
5.3. Duty to Inform the Data Subject
Articles 33 and 34 of the Dutch WBP describe the duty of the data controller to
inform the data subject with regard to the processing of his or her data. In accordance with the provisions of Articles 10 and 11 of EC Directive 95/46, Dutch law
dierentiates between two situations. Firstly, Article 33 WBP describes a situation where the data controller collects the information from the person himself.
At the time of this collection, the person is to be informed of the identity of the
authority responsible for the data processing, the purpose of the data processing,
as well as any further information which is necessary to guarantee the proper
and fair processing of the information. The duty to inform does not exist if the
person already has this information.
The second rule in Article 34 WBP concerns a situation where the information
has not been obtained from the data subject personally. This provision will, in
my view, apply mostly to Article 96 CISA reports in the NSIS. According to
Article 34 WBP, the data subject has to be informed at the time the information
is stored or, if the information is meant to be disclosed to third parties, at the
time the data is disclosed for the rst time. However, three important exceptions
to this principle exist. Firstly, the duty does not apply if the data subject already has
this information. Secondly, the duty to inform does not apply when the provision
of such information would be impossible or would require a disproportionate
eort by the responsible authority. If this exception applies, the data controller

137

Report no. 1230270, available in the public register of reports (meldingen) on the website of
the Dutch Data Protection Authority: http://www.cbpweb.nl.

480

Chapter 13

has to make a record of the source of the information concerned (Article 34 (4)
WBP). Thirdly, the duty to inform the person concerned does not apply if the
recording or disclosure of this information is explicitly envisaged by national law.
In the latter situation, the data controller has to inform the data subject at his or
her request about the legal provision which is the basis for the storage or disclosure
of the information about him or her (Article 35(5) WBP).
With regard to the NSIS, none of these exceptions seems to apply. Firstly, an
individual reported in the NSIS for the purpose of non-admission is not informed
of this registration. A person against whom a formal residence ban has been issued
is informed of the formal residence ban, but not the SIS alert. Also, persons falling
within the second category (reported as inadmissible) are generally not informed
at all. During interviews held for this research, spokesmen for both the KLPD
and the IND held the view that the persons reported in the NSIS would generally
be aware they had done something wrong and, for that reason, would know
about their NSIS registration. However, as we have seen above, there are many situations in which a third-country national will not be aware he or she is reported
in the SIS, for example when he or she is prosecuted (but not convicted) for a
drugs crime or suspected of having connections with terrorist networks. But also a
person leaving the Netherlands without reporting this to the local authorities can
be reported in the SIS without his knowledge.
It was also assumed that it would be too dicult to locate and inform all
persons of their registration in the NSIS. For these reasons, it was not considered
necessary or feasible to inform third-country nationals personally at the time of
registration. However, this argument does not apply to persons who have been
issued a formal residence ban. As we will see below, this decision is to be given in
person and to include information on the reasons for this decision. It does not
seem a disproportionate eort to add to this information that he or she will also
be reported in the NSIS. With regard to the second category, perhaps this argument applies to persons who have already left Dutch territory and are dicult to
trace. Even in these situations, however, it should be possible to inform the legal
representative of the person concerned or to leave information at the persons last
known address.
A third reason why the aforementioned exceptions do not apply is the fact
that, as we have seen above, both categories of decision lack a formal legal basis.
The formal residence ban itself is envisaged in the Aliens Act 2000, but the fact
that the person will be reported in the NSIS is not. The second category of
reported third-country nationals is only envisaged in the Aliens Circular 2000.
To summarise, this would mean that the failure of national authorities to
inform third-country nationals of the fact that they have been reported in the
NSIS is in breach of the Dutch WBP as well as EC Directive 95/46.

The Netherlands

481

5.4. Right to Access, Correction or Deletion of the NSIS Data

According to Articles 109 and 110 of the CISA, the right of an individual
to request access to, correction or deletion of his or her data held in the SIS can
be asserted in each Schengen country in accordance with the law of the state in
which it is asserted. With regard to the Dutch NSIS, these rights are laid down in
Articles 3536 WBP. In 2005, only ten years after the SIS became operational, a
new section was included in the Aliens Circular 2000, describing the procedures
to be followed by the Dutch immigration and police ocers when dealing with
an individual request for deletion.138
In principle, data subjects may forward their requests for access, correction or
deletion directly to the responsible authorities concerned, which means either
the IND or the Department of National Investigation and Information (DNRI,
formerly the CRI) of the Dutch police force, KLPD. The shared responsibility
between the KLPD and the IND with regard to the entry of third-country
nationals into the NSIS used to cause confusion for third-country nationals and
their lawyers with regard to which authority was to be addressed. In order to
solve this problem, both organisations reached an unpublished working
arrangement on how to handle the requests mentioned above. On the basis of
this arrangement, the IND will forward all requests regarding an Article 96 alert
to the privacy ocer of the KLPD. Even if the alert has been registered in the
NSIS, the KLPD will be asked to consider the application rst. This means in
practice that when an applicant applies to the IND for the withdrawal of a
Dutch Article 96 alert, this request is rst forwarded by the IND to the KLPD.
When the latter organisation establishes that the person has been reported in
the NSIS by the Dutch authorities, the request will be returned to the IND.
The Dutch Data Protection Authority was not involved in the negotiations on
this arrangement.
The individual applications as described above should be answered in writing
within four weeks. The privacy ocer of the KLPD received approximately 100
requests for information regarding NSIS alerts in 1998.139 Since 2004, the
number of request has been approximately 200 per year, 80% of which concern
Article 96 reports.140 These numbers have not been published.

138
139

140

Wijziging Vreemdelingencirculaire, Decision no. 2005/29, Staatscourant 23 June 2005, no. 119.
Dutch inquiry made for the Justice report: The Schengen Information System. A human rights
audit SIS (2000).
According to the data protection ocer of the KLPD. No ocial data have been published.

482

Chapter 13

5.5. Role of the Data Protection Authority

The tasks and powers of the Dutch Data Protection Authority or CBP are
described in Articles 5174 of the WBP. Since data subjects may submit their
requests for access, correction or deletion directly to the data controller in
question (see above), the CBP only intervenes when complaints between the
individual and the competent authority cannot be resolved. This explains why
the Dutch Data Protection Authority is relatively rarely involved with regard to
complaints or questions about the use of the NSIS. If an individual requests
access to his or her data in the SIS in one state and the data has been forwarded
to the SIS by another Schengen state, the requested state will contact this latter
state if the subject can be granted access to his or her data (according to Article
109 of the CISA). In the Netherlands, the data protection ocer of the KLPD
himself will make contact with the foreign authorities in the reporting state.
Only if this ocer does not receive a (timely) response from the reporting state, the
CBP will be asked to intervene. Between 1995 and 2000, the CBP received only
four complaints with regard to the NSIS. In 2004, approximately ten complaints
dealing with the NSIS were forwarded to the CBP.141
The CBP has investigative powers, either at its own initiative or when requested
by an interested party.142 The CBP may start an audit with regard to the data
processing of any organisation, in both the public and private sectors. During
this audit, the members of the CBP are entitled to gain access to the premises of
the data controller without his or her permission (Article 61 (2)). The possibility
for the Dutch CBP to impose a nancial ne is limited to the situation where the
responsible authority has violated the rules on reporting the data processing. This
means that the CBP cannot impose a ne if the data owner violates the rules on
the fair use of the personal data, the rules on data retention limits, security or
accuracy. The CBP also has no power to impose a ne if a data controller does
not respond within the prescribed time to a request for access to personal data.
For the JSA inquiry in 2004 regarding Article 96 entries (mentioned in
section 3.6), the CBP requested the cooperation of the Dutch police organisation
and the IND.143 For this inquiry, the CBP only investigated 15 or 0.1% of the
12,167 Dutch alerts on third-country nationals which were held in the NSIS in
2004. According to a sta member of the CBP, the choice for this small-scale
review was related to the limited time and capacity of the CBP. The information
submitted to the JSA with regard to the Dutch implementation of Article 96

141
142
143

According to a spokesman for the Dutch CBP.

Article 60 WBP.
I received the Dutch reports from the CBP following a formal application for access to public
documents.

The Netherlands

483

CISA has been scarce. It did not include any details on the criteria being used
for reporting third-country nationals as inadmissible. Nor did it describe any
individual case studies. Generally, the CBP found, with regard to these alerts,
that the data were accurate, up to date and lawfully processed. The CBP only
found irregularities with regard to two out of 15 alerts in the NSIS, which is
still more than 10%. In one case, the CBP found that the entry of a report on
an irregular migrant had no legal basis. In the other case, the CBP found that
the time limit for the storage of an alert had been exceeded by two months. The
ndings of this inquiry have not been published and were only submitted to the
responsible authorities in 2006. Unlike the annual reports of the German data
protection commissioners, the annual report of the CBP does not include any
details of the ndings.144
As in other countries, the Dutch Data Protection Authority is under-resourced
to perform all its legal tasks. In 2006, the CBP publicly announced that it was
forced to interrupt its work with regard to giving advice or information in more
complicated matters because of a lack of sucient means. In the longer term,
this work could be reduced by applying more stringent criteria with regard to
new requests for information.145
5.6. Right to Legal Remedies
According to the former Data Protection Act of 1989, the data subject had access to
the civil courts with regard to data processing in both the public and private sectors.
Since this was considered more logical, the current WBP dierentiates between the
private sector and the public sector (Articles 45 and 47). The administrative court is
now competent with regard to individual appeals against data processing within the
public administration. With regard to data processing in the private sector, the
individual still has to apply to a civil court. Since the WBP applies to Article 96
alerts, a third-country national has a right to appeal according to the rules of
administrative law. The right to a legal remedy concerns the following decisions:
the refusal to inform the data subject of whether his or her data is processed
(Articles 30 (3) and 35 (1) of the WBP);
the refusal to give the person access to his or her data (Article 35 (2));
the refusal to correct or delete the information concerned (Article 36); and
the refusal to inform the data subject of the third parties who received
information regarding the data subject and those who were informed of the
fact that this data has been corrected or deleted, as requested by the data
subject (Article 38(2)).
144
145

Annual report of the CBP for 2004, p. 53.

CBP, Press note of 7 August 2006, http://www.cbp.nl.

484

Chapter 13

The decisions are regarded as decisions taken by an administrative authority

under Dutch administrative law (Article 45 WBP).
Paradoxically, unlike the WBP, the Act on Police Files of 1990 maintained the
competence of the civil courts. If a person has been refused access, correction or
deletion of his or her data in a police le, he or she may lodge an appeal to a civil
court against this refusal within four weeks (Article 23 (1) and (6) of the Act on
Police Files). We will see below that, when dealing with an application as referred
to above, the civil court of Haarlem ordered the Spanish government to withdraw
an alert concerning an extradition warrant (Article 95) from the NSIS.

6. Rights of Third-Country Nationals under Immigration Law146

6.1. Application of Principles of Administrative Law
The general administrative law incorporated into the Dutch Act on Administrative
Law (Algemene Wet Bestuursrecht or AWB) applies to the procedures for review and
remedies under immigration and visa law. Decisions to refuse entry, access or a
visa, as well as the failure to decide within the prescribed period, are considered an
administrative decision by the responsible authorities. The administrative procedures of review and (higher) appeal apply to these decisions (or lack thereof ). The
Aliens Act 2000, however, includes some important exceptions to these general
rules of administrative law. These exceptions include shorter time limits with
regard to the exercise of the right to appeal and longer periods in which the
authorities or the court may deal with the appeal. Furthermore, the Aliens Act
2000 provides for specic rules with regard to the competence of the court, the
scope of review and the suspensive eect of a court decision.
Decisions on visa applications and applications for a temporary residence permit
are explicitly considered administrative decisions (beschikking) to which the right to
an administrative review and appeal applies (Article 72 of the Aliens Act 2000).
Also, practical measures by the public authorities against third-country nationals
are considered administrative decisions. As we will see below, in section 7.2, based
on this wide interpretation of an administrative decision, the Dutch courts
rejected the narrow view of the Minister of Immigration and the IND, according
to which a report in the NSIS on third-country nationals is not an administrative
decision or act.
As a consequence of the applicability of administrative law, the general principles
of fair administration as laid down in the AWB are to be applied to immigration
146

See also H. Staples, Adjudicating the Schengen Agreements in the Netherlands, European
Journal of Migration and Law 2, 2000, p. 4983.

The Netherlands

485

law decisions. Some of these principles can be considered important with regard
to decision-making based on SIS alerts. In the rst place, Article 3:4 AWB obliges
administrative authorities to strike a clear balance between the interests at stake
before taking a decision. Furthermore, according to Article 3:45, when a negative decision is made, individuals should be informed of their rights of review or
appeal. Decisions taken by administrative authorities should be appropriately
motivated and indicate the reasons and the legal provision on the basis of which
the decision has been taken (Article 3:46 AWB). Another relevant provision in
the AWB is the duty of the authorities to forward applications if they are wrongfully addressed to the competent authority (doorzendplicht, Article 2:3 AWB).
This means that if a person submits his or her request for access or information
regarding a SIS alert to an administrative authority which is not competent to
deal with this request, this authority should forward the request to the competent
authorities.
6.2. Informed Decision-making at the Borders
Initially, a refusal of entry at the borders did not require a written decision, except
for decisions with regard to EU and EEA citizens. However, according to Article
A2/5.2.1 of the Aliens Circular 2000, border ocials were obliged to give
the third-country nationals a leaet describing the available remedies. In 2006,
the provisions of the Aliens Circular 2000 were amended in accordance with the
rules of Regulation 562/2006 on the Schengen Borders Code.147 As we saw in
Chapter 9, Article 13 (2) of this Regulation states that border ocials may only
refuse a person admission on the basis of a substantiated decision, stating the
precise reasons for refusal. According to the new Article A2/5.5.2, a refusal of
entry should be submitted in writing using a standard form which also refers to
the available legal remedies. This is the standard form as included in Annex V to
Regulation 562/2006.
Interestingly, as early as July 2006, the District Court of Haarlem annulled an
oral decision by a border ocial, in which a young Nigerian woman had been
refused entry to the Netherlands.148 The Court referred, regarding this decision,
to the new rules stating that the decision should be given in writing. The Court
rejected the view of the Minister of Immigration that the amended rule in the
Aliens Circular 2000 was non-binding and would allow exceptions under certain
circumstances. According to the Court, the requirement of a written decision
was such an essential safeguard for the persons concerned that the refuted
decision should be annulled.
147
148

WBV 2006/16.
Judgment of 24 July 2006, LJN AY6520, http://www.rechtspraak.nl.

486

Chapter 13

6.3. Information on the Formal Residence Ban

As we have seen above, there are special rules with regard to persons to whom a
formal residence ban has been issued on the basis of Article 67 Aliens Act.
Before the decision on the formal residence ban is taken, the person concerned
should be heard in advance in conformity with the general principles of administrative law (4:8 AWB).149 The Minister should also submit relevant information on the reasons for this decision. A decision to impose a formal residence
ban should be given personally to the person concerned or, if this is not possible,
should be published in the Dutch Ocial Journal, the Staatscourant. The person
in question should be oered a leaet in multiple languages concerning the
formal residence ban.150 This leaet (Model M130) includes information on the
reasons why this person has been declared unwanted, the consequences of his or
her further stay in the Netherlands (criminal act according to 197 Criminal
Law Code), the possibility of raising an objection to this decision and on his or
her legal remedies. This leaet does not inform the person of his or her
registration in the NSIS.
6.4. Time Limits for Decisions in the Field of Immigration Law
Article 25 of the Aliens Act 2000 provides that, with regard to a request for a
residence permit, the national authorities have to make a decision within six months
of receipt of the application. This period during which a decision must be made can
be extended by another six months if the Minister of Justice needs additional
information from third parties or the Public Prosecutor. During the parliamentary
debate on these time limits, the Green Left Party (Groen Links) opposed this extension, claiming that, developments in the electronic age should have led to shorter
decision periods, rather than an extension.151
With regard to visa applications, the time limit for decision-making is eight
weeks and, with regard to a temporary residence permit or a long-stay visa, it is
three months. In practice, it has been established that the IND has diculty
meeting these time limits with regard to its decision-making.152

149
150
151
152

See section A5 of the Aliens Circular 2000.

Article 3:41 of the Dutch Administrative Law.
Handelingen Tweede Kamer 19992000, 26 732, no. 7.
This was criticised, for example, in a general report by the Court of Auditors on the functioning of the IND, Handelingen Tweede Kamer 20032004, 29 495, no. 12.

The Netherlands

487

6.5. Legal Remedies

6.5.1. Right to Review153
In immigration law procedures (not including asylum applications), a thirdcountry national should submit an application for review to the Minister of
Justice within four weeks of the negative decision being issued (Article 69 of the
Aliens Act 2000). In regular administrative law procedures the applicant has six
weeks to apply for review (Article 6:7 AWB). With regard to the time limit within
which the administrative authority should make a decision, the same rule as
provided for in general administrative law applies to immigration law procedures.
According to Article 7:10 AWB, the national authority should make a decision
within six weeks of receiving the request for review.
Based on Article 73 of the Aliens Act 2000, an individual request for review
or appeal against the refusal of a residence permit will suspend the eect of
the negative decision, except in the situations described in Article 73 (2).
These exceptions are: if the person concerned has no temporary residence
permit, which is required to obtain a residence permit, if the person concerned
is a danger to public order or national security or if the person is convicted by
nal decision of the court of a crime punishable by imprisonment of three
years or more.
In 2002, in the memorandum on visa policy mentioned above, the Dutch
government proposed withdrawing the right to apply for an administrative
review with regard to decisions on visa applications.154 Instead, the person concerned would be given a direct right of appeal to the court against the refusal of
a visa. This measure would shorten the time of the visa procedure. Furthermore,
the government announced that it would maintain the duty to give reasons for
the refusal of visa applications, but would make the burden of proof a greater
responsibility for visa applicants. These proposals have not yet been adopted.
It should be observed that, in its report of 23 October 2003 regarding Dutch visa
policy, the Court of Auditors found dierences between the consular posts with
regard to the policy and practice of issuing visas.155 One of these dierences concerned the way in which negative decisions were motivated and the possibilities
for review and rights of appeal.

153

154
155

In the following sections, I will not deal with the special rules applying to asylum law procedures or with regard to the detention of immigrants.
Handelingen Tweede Kamer 20002001, 26 106, no. 4 and no. 6.
Handelingen Tweede Kamer 20032004, 29 260, no. 12, p. 22.

488

Chapter 13

6.5.2. Right to Appeal

Within four weeks of the refuted decision by the immigration authorities, a person may lodge an appeal with the court (Article 69 Aliens Act 2000). This time
limit is shorter than the time limit which applies to regular administrative law
procedures, which is six weeks. Article 71 of the Aliens Act 2000 provides for a
centralised mechanism of the right to appeal to the District Court of The Hague.
However, in order to reduce its workload, this Court has specialist aliens chambers or seats in all the other District Courts in the Netherlands. According to
Article 73 of the Aliens Act 2000, if a person lodges a review or an appeal against
the rejection or the withdrawal of a residence permit, this decision will be suspended. Only if the refusal or withdrawal is based on the fact that the thirdcountry national has no temporary residence permit or is related to reasons of
public order and national security, will the remedy have no suspensive eect.
A third-country national may also apply to the court for a temporary provision
(Article 78 Aliens Act 2000). These temporary provisions may include the obligation of the immigration authorities to grant a person access to Dutch territory
or to lift a detention order.
6.5.3. Right to Higher Appeal
Article 84 Aliens Act 2000 provides for the right of higher appeal to the
Administrative Jurisdiction Division of the Council of State (Afdeling
Bestuursrechtspraak van de Raad van State). According to Article 69 of the Aliens
Act 2000, this higher appeal has to be lodged within one week of the decision by
the lower court. On the basis of Article 84 (b) Aliens Act 2000 there is no right
of higher appeal with regard to refusals of visas for a stay of three months or less
and with regard to decisions by border control authorities obliging third-country
nationals to remain within a prescribed area. According to the government in the
explanatory memorandum, a right of higher appeal in such cases would be of less
or relatively little interest.156
In the Dutch literature, the position of the highest administrative court in
immigration law cases has been criticised.157 Especially with regard to asylum law
procedures, commentators found that the administrative court adopts an
unbalanced approach, by accepting a wide margin of appreciation for the
Minister of Immigration and the IND and by placing an excessive burden of
proof on the third-country national. Accordingly, the rights of the applicants

156
157

Handelingen Tweede Kamer 19981999, 26 732, no. 3, p. 81.

See S. Essakkili, T.P. Spijkerboer, De marginale toetsing in asielzaken, NJB, A. 2006/33,
no. 1439, T.P. Spijkerboer and B.P. Vermeulen, Vluchtelingenrecht, Nijmegen: Ars Aequi Libri
2005, p. 288, and R.H. de Bock, De omvang van het geding, Nijmegen: Ars Aequi Libri 2004.

The Netherlands

489

would be interpreted too narrowly. In January 2007, this criticism found support
in the judgment Salah Sheekh v. the Netherlands of the ECtHR.158 This case dealt
with the appeal of a Somali asylum seeker against the decision of the Dutch
authorities to expel him to Somalia. The ECtHR declared the claim of the
applicant admissible, even if he had failed to exhaust domestic remedies as
required by Article 35 (1) of the Convention. The ECtHR repeated its conclusions of the Selmouni v. France case, that the obligation to exhaust domestic
remedies is limited to making use of those remedies which are likely to be eective and available in that their existence is suciently certain and that they are
capable of redressing directly the alleged violation of the Convention.159
According to the ECtHR, in practice further appeal with the Dutch Administrative
Jurisdiction Division would have stood virtually no prospect of success. The
ECtHR based this conclusion on the narrow interpretation of the Administrative
Jurisdiction Division in earlier decisions with regard to the subjects of internal
ight alternative and the singled out requirement. These subjects were substantial to the claim of mr. Salah Sheekh that his expulsion would expose him to a
treatment in breach of Article 3 ECHR (protection against torture or inhuman
or degrading treatment or punishment).

7. Case Law
7.1. Introduction: Extent and Importance of Dutch Case Law
I found fewer than 20 judgments by Dutch courts on the application of Article 96
CISA and the SIS between the date the SIS became operation in the Netherlands
(25 March 1995) and September 2006. However, since 2005, there has been an
increase in case-law dealing with SIS, also with regard to Article 95 alerts (persons
wanted for extradition). This increase could indicate that individuals and their
lawyers become more aware of their rights and the available remedies. It could
also mean that individuals are more often aected by the use of the NSIS. Despite
the current low number of judgments, the available decisions, together with their
annotations, give an important insight into major questions with regard to the
applicable law on Article 96 entries in the Netherlands.
Another important source of (non-binding) case law on the NSIS can be
found in the decisions by the Dutch National Ombudsman. This authority

158

159

Salah Sheekh v. the Netherlands, 11 January 2007, no. 1948/04, published in NJCM-Bulletin
(2007), no. 2, p. 179194, annotation A.B. Terlouw.
Salah Sheekh 121123.

490

Chapter 13

investigates the behaviour of the public authorities. These investigations take

place either at the initiative of the Ombudsman or following an individual
complaint. The decisions of this authority are not binding, but only include an
opinion on whether the public authority concerned behaved properly (behoorlijk)
or not. The Ombudsman receives an important number of complaints regarding
visa applications at Dutch embassies abroad. Some of these cases concern the
rejection of a visa application on the basis of an Article 96 entry. In its decisions,
discussed in section 7.7 below, the National Ombudsman formulated important
principles with regard to the obligations of administrative law and the use of the
NSIS in immigration law procedures. Even if not binding, these decisions cannot
be overlooked when dealing with the practice of the Dutch authorities.
7.2. Legal Status of Article 96 Reports: Possibility of Legal Redress
In several procedures in which a third-country national disputed the lawfulness
of a SIS report, the Minister of Immigration held the view that the decision to
report a third-country national in the NSIS is not an administrative decision.
Based on this reasoning, it was held that the person in question could not appeal
directly against a NSIS alert. This view has been rejected by lawyers and nally
by the Dutch courts as well.160 Only in one of the rst decisions in 1999 in
which this question was raised, did the District Court of Amsterdam accept the
arguments of the Minister.161 The case concerned a Nigerian national who, at his
request, had been informed by the IND that he was registered in the NSIS.
Therefore, he submitted a direct request to the IND to delete this information
from the NSIS. The IND declared the request inadmissible, whereupon the
applicant led an appeal with the Court. The applicant motivated his appeal by
stating that the alert in the NSIS was a decision with legal implications, against
which legal redress should be possible. Neither the IND nor the Court accepted
this reasoning. Interestingly, during the oral submissions, an ocer from the
IND had initially conrmed that an alert is an administrative decision. This
statement was later withdrawn in a written memorandum. In its judgment, the
Court based its conclusion that an alert is not an administrative decision on the
exception grounds of Article 5(2) CISA. The possibility for national authorities,
under certain circumstances, to grant a person leave to enter the national territory was sucient reason for the Court to rule that the decision to issue an alert
was a non-binding decision. This conclusion, which was not followed by other

160

161

See, for example Th. Holterman, Ongewenst signalering getoetst, Migrantenrecht 1994/5, p. 96
and K. Groenendijk and P. Boeles in their annotations to the judgments referred to below.
Decision of 24 September 1999, Jurisprudentie Vreemdelingenrecht 2000/8, annotation
K. Groenendijk.

The Netherlands

491

courts in later judgments, is open to criticism. The fact that, under certain circumstances, national authorities are competent to depart from a SIS report for
the refusal of entry does not imply that this report has no legal consequences in
other situations where these exceptional circumstances do not apply.162 During
this procedure, the District Court of Amsterdam also dealt with the question of
whether the applicant had any interest in the withdrawal of his SIS alert. The
Court denied such an interest, since he could have applied for a visa (or a temporary residence permit, or mvv) rst when he was, at the time of the procedure,
still in Nigeria. If this application were to be rejected, the Court held, the applicant could have appealed against this refusal. With this decision, the Court chose
a formal and narrow interpretation of the interests and rights at stake.
In another judgment from 1999, the President of the Court of The Hague
reached the opposite conclusion. The President explicitly ruled that a NSIS alert
is to be considered a decision that is intended to have legal eects.163 This case
concerned eight applicants of Polish nationality who had asked the IND to delete
the reports concerning them in the NSIS. The applicants, working illegally in
Dutch greenhouses, were registered by the Dutch authorities in the NSIS on the
basis of the criterion as provided for in the Aliens Circular, that they had been
repeatedly expelled or had evaded expulsion. The IND refused to delete their SIS
reports. The Polish workers appealed against this refusal on the basis of the Dutch
Aliens Act and subsequently sought a temporary provision to suspend the alert
during this procedure. During the procedure, the IND stated that this appeal
was inadmissible because the applicants should have used the procedure under
the Dutch Data Protection Law. In his judgment, the President of the Court
referred especially to the right to judicial remedies as provided for in Article 111
CISA. Rejecting the claim of inadmissibility of the IND, the President ruled that
even if other legal procedures based on the Dutch Data Protection Act were available, this would not stand in the way of the special procedure based on the Aliens
Act. The President granted the temporary measure to suspend the SIS alert until
four weeks after the nal decision, at the applicants request, because he found
there was at least a reasonable doubt about whether the disputed SIS report was
in conformity with Article 96 CISA.
The view of the Dutch immigration authorities that an alert in systems such as
the NSIS and the OPS is not covered by the notion of an administrative decision
was also rejected by the Court of The Hague in a decision of 8 March 2002.164

162

163
164

See Groenendijk in his annotation to this decision (ibid.) and Boeles in his annotation to the
judgment of the Court of The Hague, 5 January 2000, Jurisprudentie Vreemdelingenrecht 2000/51.
Decision of 8 December 1999, Jurisprudentie Vreemdelingenrecht 2000/59.
Jurisprudentie Vreemdelingenrecht 2002/162.

492

Chapter 13

This case concerned a German national who was reported by the Dutch authorities
into the OPS police le (not NSIS) for a violation of the Dutch Opium Act. The
German national submitted a letter to the Dutch authorities, in which he asked
both whether he was reported as unwanted alien and, if so, whether this report
could be withdrawn. The Minister of Justice did not respond to this request. Not
until one year later, after repeated requests, was the applicant informed that his
request had been forwarded to the special department of the Dutch police
(KLPD). The applicant appealed against this letter from the Minister. What is
important is the explicit statement by the Court that, even if it could be argued
that the decision to report a person as unwanted was not intended to have legal
eects, it still has to be considered a measure by an administrative authority
against an alien in accordance with Article 72 (3) of the Aliens Act 2000,
provided that the rules on administrative remedies apply.
In the same judgment, the Court also rejected the formal reasoning of the
Minister that the applicant should have addressed the KLPD rst. The Court
explicitly dierentiated between, on the one hand, the procedure by the applicant which is directed against the refusal to withdraw the SIS alert, and the
procedure which is directed against the (informal) decision to report a person as
an unwanted alien. According to the Court, the initial letter from the applicant
should be taken as a complaint against the decision to declare him an unwanted
alien. Therefore, the Dutch authorities should have made a decision with regard
to this request at once even if, in parallel to this procedure, the KLPD still had to
consider the request for deletion of the alert. In its decision, the Court ordered
the Dutch immigration authority to decide within six weeks on the request
against the report as an unwanted alien.
In a judgment of 2005, the Court of The Hague again emphasised that an
alert should be considered an administrative decision with legal eects in accordance with Article 72 (3) Aliens Act 2000 and therefore falls within the scope of
Article 1:3 AWB.165 Therefore, the Court concluded it was competent to deal
with the case at stake.
Despite these judgments, in which the Dutch courts recognised the direct legal
eects of a SIS alert, the IND and the former Minister of Immigration maintained the view that a SIS report is a practical measure against which no right of
appeal is possible. In June 2005, the Aliens Circular 2000 was amended, describing the procedures to be followed with regard to individual remedies against alerts
registered in the NSIS.166 In this text in the Aliens Circular, it was again explicitly

165

166

Court of The Hague, Aliens Chamber, Breda session, decision of 11 March 2005, no. AWB
04/24331. This judgment will be dealt with further in section 7.4.
Wijziging Vreemdelingencirculaire, Decision 2005/29, Staatscourant, 23 June 2005, no. 119.
See para. A3/9.6.3.3.

The Netherlands

493

stated that a national decision to report a SIS alert into the NSIS is not an administrative decision. It does stress, however, that procedures against a refusal to
withdraw such a SIS report should be in accordance with Article 111 CISA.
7.3. Conformity with Article 96 CISA
7.3.1. National Administrative Decisions
In the abovementioned judgment of 8 December 1999 on the Polish applicants,
the President of the Court of The Hague explicitly questioned whether the disputed alert in the NSIS was in conformity with Article 96 CISA. The President
did not reach any substantive conclusions, but stated that it was unclear whether
the Dutch implementation rules met the procedural and the material requirements of the former Border Control Circular (now included in the Aliens
Circular 2000).167 To my knowledge, the merits of this case have not been dealt
with in further proceedings.
7.3.2. Foreign Administrative Decisions
Initially, the Dutch courts were hesitant to consider themselves competent to
rule on the lawfulness of decisions taken by other Schengen States. An example
of such a careful approach is the decision of 18 August 1999 by the President of
the Haarlem Court.168 This case concerned the appeal of an American national
whose entry to Dutch territory was refused based on a NSIS report by the
German authorities pursuant to Article 96 CISA. The American had been refused
a residence permit by the German authorities because he had no health insurance and because he had applied for social security assistance. In 1998, he was
expelled by the German authorities to the United States. As a result of this expulsion, he was reported by the German authorities in the SIS. The American
national was detained by the Dutch border guards in order to await his expulsion. He applied to the Court of Haarlem, requesting a temporary suspension of
the refusal of entry, including the suspension of expulsion. In his judgment of 18
August 1999, the President of the Court explained that a person recorded in the
SIS has the right to challenge the lawfulness of this SIS alert even if another state
is responsible for the correctness and accuracy of these data. Referring to the special procedures of the then applicable Data Protection Act of 1989, the Court
concluded that it was not competent to assess the lawfulness of the alert itself.
Only if it were crystal clear (zonneklaar) that the SIS report is illegal did the
Court believe it would be competent to order temporary measures. Assessing the
lawfulness of the SIS alert and nding that the person was not reported on
unlawful grounds, the Court rejected the complaint.

167
168

Jurisprudentie Vreemdelingenrecht 2000/59.

Jurisprudentie Vreemdelingenrecht 1999/269.

494

Chapter 13

The competence of national courts to rule on the lawfulness of alerts reported

by the authorities of other Schengen States was more elaborately dealt with in a
decision by the Court of The Hague (civil chamber) of 5 January 2000.169 The
procedure in this case is complex because the applicant applied simultaneously to
both the French and Dutch authorities. The applicant in this case (of unknown
nationality) rst submitted a request for withdrawal of the alert with the French
authorities. The decision by the French Ministry of the Interior to reject this
request was annulled by the French administrative court in a decision of 2 April
1999. The applicants lawyer asked the department of the KLPD dealing with
the NSIS to withdraw the report. This request was refused. The Dutch Data
Protection Authority was asked to negotiate and to ensure that the French alert
would be deleted. Based on the information which the Dutch Data Protection
Authority received from its French colleagues, the Dutch CBP found that the
alert was not in breach of the CISA and rejected the request of the applicant.
When he was informed by the latter institution that the French authorities had
refused to delete his record, the person submitted an appeal against the French
authorities and, a year later, the Dutch authorities as well before the Court of
The Hague. The Court was asked to order the Dutch and French authorities to
provide information on the alert, to delete the data from the SIS and to inform
third parties who had access to the SIS data that the data had been deleted. The
Court of The Hague held that the complaint against France was not admissible,
reasoning that a Dutch court is not competent to deal with a complaint against
another state. The Court, however, concluded that when assessing the national
SIS it was competent to deal with the lawfulness of a foreign alert. The Court
declared the application against the Dutch government admissible, even though
the applicant had failed to observe the applicable time limits. Considering it
necessary to have all the necessary documents, the Court, in an interim decision,
asked the applicant to give consent for the Court to take note of the underlying
documents of the alert the le, without the applicant having access himself.
The Dutch government successfully appealed against this decision. In a judgment of 16 November 2000, the Court of Appeal of The Hague annulled the
decision by the lower court and rejected the claim of the applicant.170 Unlike the
District Court, the Court of Appeal found no justication for the fact the applicant failed to respect the prescribed time limits when lodging an appeal against
the Dutch state. The Court of Appeal did not accept the argument made by the
applicant that this eld of law was unexploited, which would justify the delay.
According to the Court of Appeal, the applicant was duly informed by the Dutch

169
170

Jurisprudentie Vreemdelingenrecht 2000/51, annotation P. Boeles.

Administratiefrechtelijke Beslissingen 2002/10, annotation E.R. Brouwer.

The Netherlands

495

Data Protection Authority and was even assisted by a lawyer. Unfortunately, the
Court of Appeal did not deal further with the competence of national courts to
assess the lawfulness of decisions by foreign authorities.
In 2005, for the rst time a District Court (civil chamber) ordered the
authorities of another Schengen State to remove a SIS alert.171 This judgment is
important as it could pave the way for other courts when dealing with the
interpretation of Article 111 CISA. In this judgment, the Haarlem Court dealt
with an Article 95 report, but the reasoning of the Court can be applied to reports
on third-country nationals as well. The applicant was a woman (of unknown
nationality) residing in the Netherlands, who had been arrested in 1993 in Spain.
She was suspected of involvement with criminal drugs-related oences. She was
detained but, due to a lack of evidence against her, the prosecution was interrupted
by the Spanish authorities. Nevertheless, the Spanish authorities reported her in
the NSIS in 1996 for the purpose of arrest for extradition (Article 95 CISA). For
several years, the woman took action unsuccessfully against the Spanish authorities for the withdrawal of this request for extradition. Finally, she submitted
a request to the Dutch authorities responsible for the NSIS, the KLPD, to have her
NSIS report deleted. She also submitted a complaint to the Dutch CBP. Whereas
the latter organisation informed the applicant that the alert itself was not unlawful, the KLPD repeatedly petitioned the Spanish authorities to have this report
deleted. The Spanish authorities did not respond to any of these requests.
Following the applicable procedure under the Dutch Act on Police Files, the
applicant lodged an appeal against the negative decision by the Dutch Data
Protection Authority before the civil chamber of the Court of Haarlem.
This Court, in an admirably short sentence, decided that the report in the NSIS
was unlawful, assessing the facts described above and the fact that the Spanish
authorities had never lodged an ocial extradition request for this applicant.
The Court ruled that it was clear that the Article 95 report issued by the Spanish
authorities did not serve the purposes for which this report was actually intended.
Therefore, the Court ordered the Spanish government to delete this report.
According to the data protection ocer of the KLPD, it took a long time before
the Spanish authorities were willing to execute this order. This was only done after
lengthy procedures and diplomatic pressure from the Dutch authorities. The
follow-up to this judgment showed that Article 111 CISA, obliging national
authorities to enforce the national judgments mutually, met with strong resistance
from the Spanish authorities.

171

Judgment of the Court of Haarlem (civil chamber) of 6 December 2005, LJN: AW2418,
published at: http://www.rechtspraak.nl. See also the judgment of the Court of Alkmaar, 10
November 2005, no. 79543/HA.

496

Chapter 13

7.3.3. A Foreign Alert: The Moon Case

As we have seen in the chapters on Germany and France, Mr. and Mrs. Moon,
leaders of the religious organisation the Unication Church proceeded more
then 12 years against their registration in the SIS by German authorities. In 2005,
they also lodged an appeal with the Dutch courts against the decision of the
IND and the Minister of Immigration refusing them entry to the Netherlands.
Initially, the Dutch authorities had allowed the Moons several times temporary
access to the Netherlands for short visits, despite the German alert. These visits
were allowed under certain conditions, among other things, promises from Mr.
and Mrs. Moon not to seek public attention or contact with the press during
their visit. These visits occurred in 1997, 1999 and 2000. In 2005, however, the
Dutch Minister of Immigration refused the applicants permission to enter Dutch
territory for a short visit. This refusal resulted in several procedures before the
Dutch courts, in which the applicants sought entry to the Netherlands. These
procedures dealt, among other things, with the question of why the Dutch
government refused to apply the provision of Article 5 (2) CISA, which made it
possible to grant a third-country national access to its territory on humanitarian
grounds, despite an alert by another Schengen State. These cases and, especially,
the view taken by the Dutch government during the procedures, illustrate the
practical scope and meaning of the principle of mutual trust inherent to the SIS.
In one of the Dutch cases, the Moons invoked freedom of religion, which was
allegedly breached by the refusal to grant them permission to visit the Netherlands.
As we saw in section 8.6 of the previous chapter, the right to freedom of religion
of the members of the Unication Church was nally recognised by the German
courts and the alert on Mr. and Mrs. Moon was declared unlawful.
Three judgments from 2005 and 2006 deserve attention at this point. In 2005,
Mr. and Mrs. Moon began proceedings against the refusal of the Minister of
Immigration to grant them access to the Netherlands. In order to make it possible
to visit the Netherlands for three days in November 2005, they applied for
a temporary provision to the District Court of Amsterdam. This temporary provision was granted on the 21 October 2005.172 The Court ordered the Dutch
authorities to treat the Moon couple as third-country nationals not to be refused
entry on the basis of Article 5 CISA, for three days in the period around
3 November 2005, in connection with Article 3 of the Aliens Act 2000. In order
to reach this decision, the Court rst rejected the formal viewpoints of the
Minister. As in other procedures described above, the Minister took the view that
the applicants had no right of appeal since there was no administrative decision.

172

District Court of Amsterdam, 21 October 2005, Jurisprudentie Vreemdelingenrecht 2006/69,

annotation B. Olivier.

The Netherlands

497

Among other things, the Minister argued that citizens could not invoke the provision of Article 5 (2) CISA because it was not directly applicable. This argument
was rejected by the Amsterdam Court, referring to the meaning of Article 111
CISA. Even if the Court considered that the lawfulness of the German alert
could not be discussed during this procedure, it emphasised that the German
alert aected the applicants within the Dutch legal framework based on the
intention of the Dutch authorities to deny the applicants the right of entrance.
The Court ruled that the Dutch government attached legal consequences to the
German alert and therefore the applicants should have the right of appeal against
the decision of the Minister which made it clear they would be refused entry. The
Court also rejected the arguments of the Minister with respect to the content. In
a letter of 18 May 2005, which was cited during this procedure, the Minister of
Immigration stressed the increasing importance of respecting the SIS alerts of
other Schengen partners, especially considering the fact that Europe was getting stronger, but also because of the changed situation with regard to security
in the world. The Court, however, rejected this argument as unfounded. In its
conclusion, it referred to the earlier decisions of the Dutch government, granting
the Moons access to the Netherlands, and to the earlier statement by the German
authorities that they would not object to such a temporary admission.
The Minister of Immigration appealed against this temporary provision.
During the same appeal procedure, the applicants asked the Court to impose
a penalty of 1 million per day in the event of non-compliance by the Dutch
authorities. Both appeals were rejected by the Court on 1 November 2005.173
Interestingly, during this procedure, the Dutch government was able to forward
further information on the lawfulness of the German alert. Firstly, it was stated
that, apart from Germany, the French and the Portuguese authorities had also
reported the Moons as unwanted in the SIS. Secondly, it was held that, in several
judgments the German courts concluded that the alert in question was lawful.
Thirdly, the Minister of Immigration produced a memo dated 27 October 2005
at a meeting between the IND ocers and a German liaison ocer. During this
meeting, the German ocer had emphasised the German objections to a visit to
the Netherlands by Mr. and Mrs. Moon. All these grounds were rejected by the
Dutch Court. With regard to the alerts of the two other Schengen States, the
Court found that these were not substantiated during the proceedings. With
regard to the more recent decisions of the German court, the Dutch Court
stressed that these judgments were applicable to the German situation and could
not have any meaning for the (Dutch) dispute at issue. Finally, the memo of
October 2005 was considered irrelevant as well, since it did not provide any

173

District Court of Amsterdam, 1 November 2005, AWB 05/48355, AWB 05/48358.

498

Chapter 13

information on new facts or circumstances which should have lead to the withdrawal of the temporary provision.
The third judgment (in fact two judgments) was issued by the same District
Court on 23 June 2006.174 These judgments concerned a renewed application
from Mr. and Mrs. Moon of 2 June 2006 for admission into the Netherlands,
this time only for 24 hours. This request was declared inadmissible by the
Minister of Immigration, after which the applicants again lodged an appeal for a
temporary provision. In these judgments, the District Court of Amsterdam
refused to consider the application for a temporary provision, but decided immediately on the merits of the appeal. This judgment, although dealing with the
same issue, is important because the Court rmly rejected a new formal ground
which was invoked by the Minister of Immigration to limit the applicants right
of appeal. According to the Minister, the question of whether or not Mr. and
Mrs. Moon should be granted access was a decision to be taken by the Dutch
border police. Since the applicants had not yet travelled to the Netherlands and
had not submitted their request at the border to the appointed ocers, the
Minister held that they had not been formally refused entry. Therefore, according to the Minister, there was no decision against which they could lodge an
appeal. At this point, it should be noted that the applicants are South Korean
nationals who are not obliged to hold a visa in order to enter the Netherlands for
a short stay. Their only way of knowing whether they would be admitted to
Dutch territory before starting their journey was to ask for this permission in
advance. The Court rejected the Ministers viewpoint. The Court stated that it is
the responsibility of the Minister of Immigration to decide whether or not to
refuse entry to the Netherlands. Since the request by the applicants of 2 June
2006 was to be considered a request for an administrative decision, the Minister
acted unlawfully when she rejected this request as inadmissible. The Court
ordered the Dutch government to reach a new decision within six days of the
date of publication of this judgment, so as to allow the applicants to make their
travel arrangements. In this judgment, the Court did not deal with the substantial grounds on which the Moons were registered in the SIS.
In March 2007, the District Court of Amsterdam rejected the appeal of
Mr. and Mrs. Moon against a renewed negative decision of the Minister of
Immigration. In this case, the applicants referred to their rights of freedom
of religion and freedom of speech as protected in Articles 9 and 10 ECHR.175
They also claimed that the decision of the Minister was insuciently motivated.

174
175

District Court of Amsterdam, 23 June 2006, AWB 06/27382, AWB, 06/27348.

Rechtbank Amsterdam, 23 March 2007, Jurisprudentie Vreemdelingenrecht 2007/245, annotation
E.R. Brouwer.

The Netherlands

499

Based on rather formal grounds, the Amsterdam Court this time rejected these
claims and held that the Minister rightly had put more weight on the Schengen
obligations. According to the court, the Dutch authorities were not obliged to
specify the reasons of this refusal, even if in previous years Mr. and Mrs. Moon
had been granted access to the Netherlands.176
7.4. Balance of Interests Proportionality of a SIS Report
In 2001, the President of the Court of The Hague ruled on the duty for national
authorities to assess the proportionality of retaining an alert in the NSIS.177 This
judgment concerned the case of a Jordanian applicant recorded in the NSIS by
the Dutch authorities because of his use of a false passport. As we saw above, in
section 3.2, the act of using false identity papers or travel documents is one of
the criteria mentioned in the Aliens Circular for reporting third-country nationals in the NSIS for a period of ve years. Based on the provisions of Article 34 of
the former Data Protection Act 1989, the applicant requested the President of
the civil court to order the Dutch authorities to withdraw the alert from the
NSIS. This request was rejected by the President of the Court of The Hague in a
judgment of 10 January 2001. Nevertheless, the President emphasised that, when
dealing with the request to withdraw the SIS alert, the Dutch authorities should
reconsider the circumstances of the case.
In the proceedings on the merits of this case, the Court of The Hague agreed
with the argument of the applicants lawyer, that there is a duty for the authorities
to assess the proportionality of retaining the SIS entry.178 The Court further rejected
the governments view that Article 96 CISA would leave no margin of appreciation
regarding the applicants circumstances and the severity of the criminal acts he
committed (false documents). Accordingly, the President found that there was a
duty for the IND to assess the circumstances of the case before reporting this
person to the NSIS. In this particular case, the interests of the state, to keep out
third-country nationals who pose a threat to public order or state security, overrode
the interests of the applicant. Since the use of false documents was rightly considered
a serious crime, the Court found the entry in the NSIS legitimate.
Interestingly, two judgments, both from 2005, concerned the question of
whether the Dutch authorities are obliged to assess the proportionality of the
decision to record a person as unwanted in the NSIS, even if the potential negative eects of this alert arise in another Schengen State. The rst judgment of the

176
177
178

Appeal against this judgment is pending.

Judgment of 10 January 2001, Jurisprudentie Vreemdelingenrecht 2001/52.
Judgment of 14 March 2001, Rechtspraak Vreemdelingenrecht 2001/52, annotation A.B. Terlouw.

500

Chapter 13

District Court of Breda concerned a person (of unknown nationality) who had
been reported in the NSIS for ve years by the Dutch authorities.179 This report
was based on the fact that he had used fake or falsied travel or identity documents. He applied for a review of the decision to report him and, at the same
time, deletion of the report. Both requests were rejected by the Dutch Minister
of Immigration. As in the other judgments described above, this Court ruled
that the person in question had a right to appeal against the refusal to withdraw
the alert and declared the appeal admissible. With regard to the procedural
aspects of this case, the Court found that the applicant was not to blame for the
fact that he failed to respect the applicable time limits for forwarding his appeal.
According to the Court, the ministerial decision rejecting his rst request did not
include an appropriate clause on the applicable time limits. The Court, however,
did not accept the applicants claim that his stay in Spain would be made impossible as result of the Dutch report. The Court found that the applicant had not
forwarded any individual or specic grounds based on which the Dutch authorities should have withdrawn or limited the territorial scope of the SIS alert. The
applicant had only argued that the Dutch authorities should have used their
inherent right, based on administrative law, to withdraw the SIS limit or to limit
the eect of this alert to Dutch territory or in time.
In the same year, the District Court of Alkmaar dealt with a comparable case.
In this judgment, however, the Court considered in more detail the consequences
of a Dutch alert with regard to the residence rights of a third-country national in
another Schengen State.180 The case concerned a Colombian national against
whom a formal residence ban had been issued by the Dutch authorities in 1998,
based on which he was reported in the NSIS. During that time, the applicant
held a valid residence permit for Spain and, for some reason, the Dutch authorities did not contact the Spanish authorities with regard to Article 25 (2) of the
CISA. Unfortunately, in its judgment, the Court did not enquire why the Dutch
authorities had not applied this consultation procedure. In 2003, the Spanish
authorities refused to renew his residence permit on the basis of the Dutch alert.
In 2004, the applicant applied for withdrawal of the formal residence ban. This
request was rejected and, during the procedure before the Court, the applicant
held that the Dutch decision to maintain the report in the NSIS constituted a breach
of his right to family life in Spain, contrary to Article 8 ECHR. According to the
applicant, the Dutch government failed to strike a fair balance between the circumstances of his family life on the one hand and Dutch interests in maintaining
the formal residence ban on the other hand. In this judgment, the applicants

179
180

Decision of 11 March 2005, no. AWB 04/24331.

Decision of 24 August 2005, no. LJN AU3548, JV 2005/447, annotation P. Boeles.

The Netherlands

501

claims were rejected. The Court denied the direct relationship between the Dutch
decision to report the applicant in the SIS and the Spanish decision not to renew
his residence permit. According to the Court, the Dutch formal residence ban
did not in itself prevent the applicant from enjoying his family life in Spain. It
would be the responsibility of the Spanish government to decide whether a residence permit should be granted or not and to consider the applicants right to
family life as protected under Article 8 ECHR. Note the Courts comment that it
presumes, on the basis of the principle of mutual trust between the states (interstatelijk vertrouwensbeginsel ), that Spain would comply with its treaty obligations
towards the applicant.
One could agree with the conclusion of the Court that the Spanish authorities
are, in the rst place, responsible for respecting the human rights of the applicant.
These authorities should strike a balance between the interests at stake: the Dutch
residence ban or the applicants right to reside in Spain and to enjoy his family
life.181 However, it is arguable whether the Dutch government does not have any
responsibility with regard to the rights of the person concerned. In the rst place
and it would be interesting to know whether a civil court would not have made a
dierent assessment one could argue that there is a clear causal link between the
Dutch alert and the Spanish decision to withdraw the applicants residence permit. Secondly, as has been pointed out by Boeles in his annotation to this judgment, the Dutch authorities have obligations not only based on Article 8 ECHR,
but also based on the EC Directive 2003/86 on family reunication and Directive
2003/109 on long-term resident third-country nationals, described in Chapter 9.
These Directives include the obligation for national authorities to consider the
dierent interests and rights at stake before taking a removal decision. Therefore,
it could be reasoned that the Dutch authorities should have taken into account
the family life of the applicant in Spain as well.
7.5. Right to Financial Compensation
Although they are not related to the Schengen Information System, I refer briey
to judgments in which Dutch courts ordered nancial compensation with regard
to (wrongful) decisions in the eld of immigration law. These judgments show
that it is not inconceivable for a national court to grant an individual nancial
compensation if it is established that this person suered nancial loss caused by
a (wrongful) SIS alert. For example in one case, the District Court of The Hague
considered the claim of an Iranian refugee that she had lost income from work
and pension during the ve years of her asylum procedure, when she was not
allowed to work.182 The Court found that, due to the lengthy procedure, the

181
182

See also Boeles in his annotation to this judgment, ibid.

8 December 2005, no. 03/890, published in NAV, no. 2, April 2006, p. 111.

502

Chapter 13

Minister of Immigration had acted incorrectly. The person in question was

granted 20,815 for loss of income for the ve years she was unable to work.
In dierent judgments, the Dutch authorities were ordered to grant nancial
compensation to third-country nationals who had been unlawfully detained. In
dierent judgments, courts granted nancial repair to third-country nationals
who had been detained with a view to their expulsion, but whose expulsion could
not be enforced for dierent reasons.183 Financial repair also has been granted to
a third-country national who was detained on the basis of an unlawful decision
to declare the person unwanted.184 Generally, the Dutch authorities are ordered
to pay 70 to 95 for each day a person was unlawfully detained.185
7.6. Preliminary Request to the ECJ
In 2005, a Dutch court submitted a preliminary request for the rst time on the
interpretation of a provision in the CISA regarding the SIS to the Court of Justice
(ECJ). This question was raised during a civil law procedure by the Court of Den
Bosch. In this case, the Court had to assess the lawfulness of an Article 95 alert
by the Italian authorities for the purpose of arrest for extradition. The applicant
had asked the Dutch police authorities (KLPD) to have this SIS alert deleted.
This request was rejected on the grounds that the Dutch authorities could not
delete a foreign alert in the SIS. The person in question lodged an appeal with
the Court of Den Bosch. Importantly, this Court explicitly declared itself competent to deal with this case on the basis of Article 111 CISA, even though the
alert in question could only be deleted by the Italian authorities. The applicants
lawyer held that the Italian alert was contrary to the ne bis in idem principle as
laid down in Article 54 CISA, because the decision to report him in the NSIS
would be based on an Italian conviction from 1999 for a crime for which his client had already been convicted in the Netherlands, in 1983. In an initial decision, the Court decided that, in order to rule on the lawfulness of this SIS report,
the cooperation of the Italian government was required.186 The Court therefore
decided to invite ocers of the Italian SIRENE oce to give testimony during
the further course of the proceedings. In a second decision, the Court decided to
submit a preliminary question on this case to the ECJ. On the basis of the information forwarded by the Italian government, the Court concluded that it was

183
184
185
186

See for example, judgment of the District Court Amsterdam, 2 October 2006, LJN: AY9280.
District Court Assen, 22 December 2006, AWB 06/58704.
See District Court Groningen, 1 February 2006, LJN: AV0808.
Judgment of 16 July 2004, LJN: AR7219.

The Netherlands

503

unclear whether the oences of which the applicant had been convicted in Italy
for a second time had to be regarded as the same oences of which the person
had been convicted in 1983 in the Netherlands. It also submitted the question of
whether a judgment in which the applicant was (partially) acquitted of the charge
fell within the meaning of nal disposal of a trial as meant in Article 54
CISA.187 This procedure illustrates that national courts can play an active role
with regard to conicts arising in the eld of the application of SIS, rstly, by
inviting foreign authorities to submit their view on the facts of the case and,
secondly, by submitting preliminary requests regarding legal questions which the
court considers too dicult to answer.
The ECJ ruled on this case in its judgment Van Straaten of 28 September
2006.188 The ECJ answered both questions from the Dutch court in the armative and claried the narrow meaning of the same oences as intended in
Article 54 CISA. The ECJ also made it clear that the ne bis in idem principle of
Article 54 applies in respect of a decision by the judicial authorities of a
Contracting State whereby the accused is acquitted nally due to lack of evidence. In this judgment, the ECJ concluded that the lack of harmonisation of
national criminal law, which forms the basis for a national SIS alert, might create
as many barriers to freedom of movement within the Schengen area as there are
penal systems in the Contracting States (paragraph. 47). Therefore, the ECJ
considered that the relevant criterion for the purposes of the application of
Article 54 is the identity of the material acts, to be understood as the existence of
a set of oences which are inextricably linked together, irrespective of the legal
classication given to them or the legal interest protected. With this decision by
the ECJ, the Dutch court was given a tool to declare the Italian alert in the SIS
unlawful and to order the Italian authorities to withdraw this alert.189
The consideration of the ECJ on the lack of harmonised criteria and its relation
to the freedom of movement is also important with regard to the SIS alerts based
on immigration law. This judgment should be taken together with its earlier
judgment in Commission v. Spain which dealt with an alert based on Article 96
CISA.190 In this judgment, the ECJ clearly established that there are important
limitations with regard to the sovereignty of Member States to decide on the
basis of foreign reports in the SIS.

187

188
189
190

See, for the rst judgment of the ECJ on the interpretation of Article 54 CISA: 11 February
2003, in the combined cases C-187/01(Gztok) and C-385/01 (Brgge).
Case C-150/05, Van Straaten v. the Netherlands, ECR I-9327.
See the judgment of the District Court Den Bosch of 4 April 2007, LJN: BA2132.
I have dealt with this judgment before in Chapter 3, section 4.4 and Chapter 9, section 2.3.2.

504

Chapter 13

7.7. Decisions of the National Ombudsman

7.7.1. Duty of Informed Decision-making
The National Ombudsman repeatedly emphasised the importance of informing
individuals in visa application cases adequately and in a timely manner. In a report
from 1999, the National Ombudsman found that the Dutch authorities neglected
their active duty to inform the applicant about the fact that he was registered in the
SIS.191 The person concerned applied to the Dutch embassy in Bucharest in 1996
for a visa for a longer stay (machtiging tot voorlopig verblijf or mvv). The embassy
forwarded this request to the national Visa Agency (Visadienst), noting that the
applicant had been recorded in the SIS as a person to be refused entry. The Ministry
of Foreign Aairs rejected the request for a visa. However, this rejection was not
based on the SIS alert, but on the grounds that the applicant concerned did not
meet all the requirements for residence with a partner. Six months later, the Dutch
Visa Agency authorised the embassy to issue a visa, but the embassy still refused to
do so on the basis of the SIS alert. After consultations between the Dutch authorities and the reporting state (Germany), the entry in the SIS was withdrawn and the
applicant nally received his visa. The person lodged a complaint with the National
Ombudsman, claiming that the embassy, when forwarding the request to the
Dutch Ministry, failed to inform the person of the fact that he was registered in the
SIS. Even if the negative decision by the Ministry of Foreign aairs was not based
on the SIS alert, the applicant argued that it was important for him to be informed
of the alert, so he could have submitted a complaint earlier. In his report, the
National Ombudsman emphasised this interest on the part of the applicant: From
the point of view of an active duty to inform individuals and the principles of fair
administration, the Ombudsman concludes that the authorities should have
informed the person of the SIS alert. The right to be informed also applies when
alerts have been forwarded by other countries.
The National Ombudsman reached a comparable conclusion in a decision
dated 29 October 2003.192 In this case, the applicant had initially been
informed by the Dutch Visa Agency that there was no objection to the decision to issue a long-stay visa (mvv) to her husband, a Moroccan national who
wanted to stay with his Dutch spouse in the Netherlands. Despite this positive
advice from the Visa Agency, the embassy in Rabat informed the applicant in
June 2002 that no visa was to be issued and that she had to contact the Visa
Agency. On 11 September 2002, the Visa Agency informed the applicant that
her husband was registered into the SIS by German authorities, which could
mean that he would not be allowed to enter the Netherlands. The Ombudsman
191
192

Report of 8 July 1999, no. 1999/300.

Decision of 29 October 2003, report no. 2003/388.

The Netherlands

505

emphasised rst of all that embassies have their own responsibility for issuing
visas, despite prior advice from the Dutch Visa Agency. In this case, the denial
of the visa was not considered unjustied. However, the Ombudsman concluded
that the Visa Agency had failed in its duty to inform the applicant adequately,
correctly and completely. In his reply of 11 September 2002, the Visa Agency
failed to inform the applicant of the precise meaning of a SIS alert and on the
reasons why information about her spouse had been recorded. Moreover, the
Visa Agency should have informed the applicant of how long the negotiations
with the German authorities would take and when a denitive decision, based
on the information acquired from these authorities, was to be expected concerning
the visa application.
7.7.2. Duty to Make Decisions in Good Time
In another case, the National Ombudsman was asked to consider an individual
complaint about the way her husbands visa application had been handled by the
Dutch Visa Agency.193 The Turkish husband of the applicant was registered in the
NSIS by the German authorities with regard to an attempt to trade one gram of
heroin. During subsequent consultations between Dutch and German authorities, it was found that the German prosecutor had dropped the case. The applicant complained, among other things about the long delay (six months) between
the date of the rst application for a long-stay visa (mvv) and the date when she
was informed there was no objection to issuing the visa to her husband. The
National Ombudsman concluded that the Dutch Visa Agency exceeded the time
limits of 8 weeks, prescribed in Article 4:14 AWB, to decide on a visa application. Furthermore, while this time limit was exceeded, the Visa Agency failed in
its duty to inform the applicant of the reasons for the delay. With regard to the
third complaint by the applicant, regarding the way the Visa Agency had dealt
with the information based on the SIS, the National Ombudsman did not nd
the authorities had behaved improperly. The responsible ocer had contacted
the German authorities according to the applicable rules.
7.7.3. Duty of Proportional Decision-making
Finally, in a decision dated 1998, the National Ombudsman questioned the need
for a NSIS alert based on Article 96.194 The applicant, an asylum seeker of
Azerbaijani nationality, complained about the fact that he was recorded by the
Dutch Immigration and Naturalisation Oce in the national investigation le,
OPS, without justied grounds. The person was registered in OPS in 1995

193
194

Decision of 28 January 2000, report no. 2000/28.

Decision of 14 May 1998, report no. 1998/164.

506

Chapter 13

because his asylum application had been rejected and he failed to report to the
responsible authorities. After having applied for asylum a second time, his asylum request was accepted and during this second asylum procedure he resided
lawfully within the Netherlands. However, the applicant and his family had also
been registered by the German authorities in the SIS, because of their withdrawal
from supervision measures. As a consequence of the entry in the OPS and the
German SIS alert, the asylum seeker was arrested in 1997 and detained for a certain period by the police in Flevoland. The National Ombudsman stated in his
conclusions that persons should only be recorded in the OPS for as long as
strictly necessary. Since the applicant had a residence permit during his asylum
procedure, the report from 1995 in the OPS should have been withdrawn. With
regard to the German SIS alert, the Ombudsman concluded that the Dutch
authorities had not acted appropriately either, as they did not issue a form to the
applicant, which would have shown that the applicant was residing lawfully in
the Netherlands during his asylum procedure.

8. Conclusions
8.1. Implementation of Article 96 CISA
The criteria based on which third-country nationals can be reported into the
NSIS for the purpose of non-admission are dened by the Ministry of
Immigration (since 2007: Justice) without any involvement of the national parliament. This applies to both categories of person to be registered into the NSIS:
the formal residence ban and third-country nationals to be reported as unwanted.
Although, with regard to the second category, the Aliens Circular 2000 oers
centralised rules on the situations in which data can be stored in the NSIS, these
criteria can be broadened by the responsible Minister on a fairly ad hoc basis.
The application of these criteria leaves a considerable margin of appreciation for
the national authorities involved. At an early stage of the implementation of CISA,
it was established that there were dierences in application between the national
police regions. For the purpose of coordinating the application of Article 96 CISA,
regional SIS coordinators and, at central level, one national coordinator have
been appointed. No updated information is available about how this coordination works and on which criteria third-country nationals are currently reported
into the NSIS.
Considering the consequences of being registered in the NSIS as an inadmissible
person, the Dutch criteria in the Aliens Circular could be described as reasonably
light. Even minor oences or the fact of being suspected of such an oence can
lead to a SIS alert based on Article 96. Special doubts can be raised about the

The Netherlands

507

proportionality of the criterion that if a person fails to report within the prescribed
period to the immigration authorities, he or he will be reported in the NSIS for
three years.
According to Article 96 (2) and 96 (3) CISA, decisions to report somebody
as unwanted may only be based on two grounds. Firstly, the presence of the
person must be considered a threat to public policy or security. Secondly, if a
third-country national fails to comply with national regulations concerning
entry and, based on this failure, has been subjected to deportation or refusal
measures, including or accompanied by a ban on residing on the national territory. With regard to the former criterion, the Schengen governments have a
margin of appreciation to dene the situations in which this threat applies, but
it is clear that not all the criteria as provided for in the Aliens Circular 2000 fall
within the general condition of a threat to public policy or security. With
regard to the second criterion, the Dutch provisions allow for the registration of
a third-country national in the NSIS even if he or she has not been the subject
of expulsion. As we have seen above, someone can even be reported in the NSIS
if he or she fails to comply with national immigration rules. Therefore, one has
to conclude that the Dutch criteria are not in conformity with the criteria of
Article 96 CISA.195
8.2. Data Protection and Data Control
As in Germany and France, between 2001 and 2006, there has been increasing
emphasis in the Netherlands on the use of databases and the storage of personal
information as the ultimate solution to dierent problems. Dierent measures
have been proposed and adopted to extend the powers for national authorities to
carry out identity checks or to control persons in the Netherlands. Compared to
the strong public resistance in the 1970s to a central population registration and
the census, current developments do not meet with many critical responses. This
lack of public discussion could be explained by the fact that, in the Netherlands,
the principal notions of the right to privacy or informational self-determination
or even the division of powers are less dogmatically developed than, for example,
in Germany. As we saw in the previous Chapter, in this country the lawfulness
and proportionality of, for example, data proling and the central aliens
administration received a much more critical response.

195

See also P. Boeles, who argues that some of the Dutch criteria are in breach of the general criteria and purpose of Article 96, in his annotation to the decision of the Court of The Hague of 5
January 2000 mentioned in section 7.3.2. above, Jurisprudentie Vreemdelingenrecht 2000/51.
See also my conclusions in: Grensbewaking en het SIS, in: E. Brouwer, K. Groenendijk (eds.),
Derdelanders in de Europese Unie, Utrecht: Forum 2001, p. 49.

508

Chapter 13

8.3. NSIS and the Right to Eective Remedies

8.3.1. Judicial and Non-judicial Remedies
From the law described above, it follows that a person registered in the NSIS for
the refusal of entry may start various proceedings against this registration or
against decisions based on the NSIS alert. Generally, the rules of administrative
law will apply and the administrative court is competent to deal with both decisions based on the Dutch Data Protection Act and immigration law decisions.
The Dutch Data Protection Authority or CBP has a relatively limited role with
regard to individual complaints or questions on the NSIS les. This is due to the
system chosen in Dutch data protection law, in which individuals can directly
contact the police or immigration authorities involved. The CBP will only be
involved as an intermediary when, for example, foreign authorities have to be
consulted with regard to individual claims and this causes long delays.
The Data Protection Authority, the National Ombudsman and the lower
Dutch courts involved with the applications of third-country nationals reported
in the NSIS meet the criteria of independent authorities: they are permanent
institutions, established by law and independent of the national authority issuing
the refuted decision or measure. In practice, the data protection ocer of the
KLPD performs a crucial and active role with regard to individual requests dealing with their registration into the NSIS. This authority will deal in the rst
place with individual requests for information stored within the NSIS, including
when this concerns third-country nationals reported as inadmissible. Only when
Dutch alerts are involved, these applications will be submitted to the Dutch
immigration authorities or the IND. The accessibility of this authority is generally known and, during the time of my research, even lawyers and NGOs in
other Schengen States contacted the KLPD data protection ocer when dealing
with NSIS alerts regarding their clients. Formally, the data protection ocer does
not respond to the requests of an independent authority which is part of the
national governmental organisation which is also responsible for executing the
NSIS alerts. However, in practice, this ocer may be more eective than the
Dutch Data Protection Authority.
8.3.2. Transparency Accessibility of Remedies
The application of the general principles of administrative law means that, with
regard to decisions based on SIS entries, the Dutch authorities should inform
this person accurately. This active duty to inform, concerning decisions based on
the NSIS entries, has been emphasised by the National Ombudsman. However,
in practice, national authorities do not comply with this obligation and thirdcountry nationals are not informed of the decisions to report them in the NSIS.
There is a formal dierence between the formal residence ban and the decision to

The Netherlands

509

report a third-country national as inadmissible. The person in question is only

informed of decisions into the former category and has a direct right to appeal.
However, the information given to the third-country nationals does not include
the information that the person is registered in NSIS and that the person will be
refused entry by other Schengen states as well. This lack of information hinders
the accessibility to legal remedies. A third-country national who has a reason to
believe he or she is reported in the NSIS will rst have to ask for conrmation of
the report and may then lodge an appeal for the withdrawal of this report.
It is important that, in dierent judgments, the Dutch courts found that the
national authorities may not hinder the accessibility of legal remedies based on
formal requirements. For this reason, Dutch District Courts rejected the repeated
statement by the Dutch Minister of Immigration that the decision to report
someone in the NSIS is not an administrative decision for which a direct remedy
is possible. Despite these judgments, the Minister of Immigration maintained
this formal interpretation in the Aliens Circular.
In the aforementioned Moon case, the District Court of Amsterdam rejected
the formal reasoning of the Minister of Immigration, according to which a
request to review an earlier decision refusing the Moon couple leave to enter
would be inadmissible. The Minister maintained that there was no formal decision by the border guards against which Mr. and Mrs. Moon could lodge an
appeal. The Court made it clear, however, that the applicants cannot be asked to
travel to the Dutch border rst in order to appeal against the decision to refuse
them entry even if, based on earlier letters from this Minister, they knew their
(short) stay would be refused.
As mentioned above, the data protection ocers of the KLPD are easily accessible and seem to handle complaints or questions from the persons concerned
regarding the NSIS adequately and in the shortest time possible. The problems
and delays in answering those questions occur mostly when other (national or
foreign) authorities have to be contacted.
8.3.3. Scope of Review
Based on the application of the general principles of administrative law, the
administrative authorities must weigh the dierent interests at stake before
reporting a person to the SIS or before making a decision or taking a measure on
the basis of a SIS report. This duty has been acknowledged by several courts.
According to these judgments, the responsible authorities should weigh the different interests at stake not only before reporting a person in the NSIS, but also
when a person is refused entry on the basis of a Dutch or foreign SIS report. This
interpretation, if it were generally followed, means rstly that national authorities cannot report a person into the SIS automatically once the legal criteria are
met. Secondly, it means that a SIS alert should not have automatic implications.

510

Chapter 13

The authorities involved should always assess the proportionality of the eects of
the refusal of entry together with the circumstances and interests of the person
concerned.
During the judicial procedure in the Moon case, the Minister of Immigration
expressed the more formal position that the reports by other Schengen countries
should in general be observed. This position on the automatic eect of SIS alerts
(interstatelijk vertrouwensbeginsel ) was also held by this Minister during parliamentary debates on immigration law and anti-terrorism measures. According to
the Minister and the IND, there would be little scope for national considerations
with regard to the admission of third-country nationals reported in the NSIS by
other Schengen States. With few exceptions, Dutch courts generally have been
reluctant to accept this position and required additional information from the
Dutch government as to why, in this specic case, no exception could be made.
On the other hand, the courts also required additional information from applicants to support their claims that a NSIS report is unlawful or disproportionate in
that specic situation. If no such information is submitted during the procedure,
this was considered sucient reason to reject this claim.
8.3.4. Competences
In immigration law procedures, Dutch courts can issue temporary provisions such
as ordering the national authorities to grant a person access to Dutch territory or to
lift a detention order. Until 2006, the case-law in which this competence was used
with regard to the Schengen Information System is scarce. However, the decision
of the Haarlem Court to order the Spanish authorities to withdraw a NSIS alert
based on Article 95 CISA can be considered an important breakthrough in the way
Dutch courts handle individual claims against NSIS reports. Another important
example is the judgment in the Moon case of the Amsterdam Court of 21 October
2005 in which the Dutch authorities were ordered to grant the Moons temporary
access to Dutch territory, despite the German alert in the SIS.196
Furthermore, even if they do not relate to NSIS alerts, the judgments described
in section 7.5 illustrate that national courts have the power to impose nancial
nes on national authorities in immigration law procedures in the case of unlawful or untimely decisions.
Considering the powers of the Data Protection Authority, it should be seen as
unfortunate that this authority only can impose a nancial ne when a data controller does not report a registration to the CBP. With regard to infringements of
more substantial standards of data protection law, the CBP has no such power.

196

Only in 2007, as we have seen above, the Amsterdam Court took up a more formal position
and refused the applicants request for a temporary provision granting them access for two days
to the Netherlands.

Chapter 14
Conclusions
in an age when the freedom of movement, especially across borders, is considered essential for the full development of private life, especially for people such as
the applicant, who have family, occupational and economic ties in more than one
country, denial of that freedom by the State without any good reason constitutes a
serious failure on its part to discharge its obligations to those under its
jurisdiction.1

1. Third-Country Nationals: Their Data and Their Rights

In December 2006, the German Presidency of the EU announced that the
German delegation was preparing a proposal for a Council decision concerning
access to Eurodac by Member States police and law enforcement authorities
for the purposes of preventing, detecting or investigating criminal oences,
in particular terrorist oences.2 The Presidency Programme on Police and Judicial
Co-operation of 22 December 2006 explicitly refers to the need for Expanding
the European information network in relation to the use of SIS, VIS and
Eurodac.3 In the same Programme, the proposed access to Eurodac by law
enforcement authorities was justied by stating that: Frequently, asylum-seekers
and foreigners who are staying in the EU unlawfully are involved in the preparation of terrorist crimes, as was shown not least in the investigations of suspects in
the Madrid bombings and those of terrorist organizations in Germany and other

2
3

letmi v. Turkey, 5 December 2005, appl. no. 29871/96, 50. This judgment is only available in
French, the quotation is from the ECtHR press release, 6.12.2005. The original text of 50
reads: A une poque o la libert de circulation, et en particulier la circulation transfrontalire,
est considre comme essentielle pour lpanouissement de la vie prive, surtout quand il sagit de
personnes, tel le requrant, ayant des liens familiaux, professionnels et conomiques ancrs dans
plusieurs pays, refuser cette libert sans aucune motivation une personne relevant de sa juridiction
constitue, de la part dun Etat, un manquement grave ses obligations.
16982/06, 20 December 2006.
17102/06, 22 December 2006, p. 3.

Evelien Brouwer, Digital Borders and Real Rights, pp. 511536.

2008 Koninklijke Brill NV. Printed in the Netherlands.

512

Chapter 14

Member States.4 This statement illustrates how, in recent policy, third-country

nationals both legally and illegally resident within the EU are increasingly linked
to acts of terrorism or crime.
At the time of completing this study, the future use of SIS II, VIS and Eurodac
and the possible interlinking of these databases is still unclear. What is clear
and what I have tried to develop further in this study is that governmental
powers to collect, store and use personal information on third-country nationals
are not unlimited. Governments have to take into account the rights of these
individuals and the general principles of the rule of law. These rights stem from
dierent elds of law: privacy law, data protection law, immigration law and EU
law. In order to be able to enforce these rights, in Chapter 10 I advocated a
general right to eective remedies for third-country nationals reported in a database,
such as the SIS.
After having summarised the relevant rights, in section 4 below, I will examine
the question of whether the development of the so-called European information network can be reconciled with the basic principles of data protection law
as described in Chapter 7. In section 5, I summarise my main ndings with
regard to the law and practice in France, Germany and the Netherlands. Finally,
I will consider the new Regulation 1987/2006 regarding SIS II of December
2006 against the background of my ndings on SIS I. In an attempt to learn
from the past, I will formulate some recommendations for the future.
However, before going into the legal boundaries of the so-called European
information network, I make some general remarks with regard to the use of
databases in the eld of border and immigration control.

2. Third-Country Nationals: Their Data

Considering the development of the aforementioned databases on third-country
nationals, one could note that this development is based on two presumptions,
both of which can be criticised. Firstly, the decision-making seems to lack sucient information on the expected eciency and reliability of those systems.
Secondly, the use of the EU databases is increasingly linked to the idea that
immigrants must be considered potential criminals or terrorists. Based on this
presumption, third-country nationals risk to be more exposed to supervision and
control measures than EU citizens.

Ibid., p. 6.

Conclusions

513

2.1. Questioning the Eciency and Quality of the Information Network

The decision-making on the technical feasibility of SIS II, Eurodac and VIS
preceded the political decisions on the desirability or even necessity of these systems.5 The decisions to develop Eurodac, VIS and SIS II were taken without
a fundamental discussion of the expected eciency of these systems, the consequences for individual rights or the need to balance the interests at stake. For
example, considering the relatively large number of data held on inadmissible
migrants in SIS I, one would also expect a relatively high success rate for the
use of this database. In other words, if national authorities consult the NSIS during external or internal border controls or police checks, it seems likely that these
authorities will more often nd hits on the basis of an Article 96 alert than
based on other alerts. However, we have seen that, starting in 2001, statistics on
the use of SIS I establish that alerts on third-country nationals to be refused
entry result in relatively a small number of hits.6 This seems to indicate that,
although the Schengen States are reporting a large number of inadmissibles in
the SIS, the success or eciency of this registration is relatively low.
Furthermore, the aforementioned measures are based on an absolute trust in
the reliability and eciency of the information held in these systems. The question
is whether this trust is justied, considering the available information on the accuracy and lawfulness of data held in the current SIS. The national evaluations of
Article 96 alerts, performed in 2004 for the Joint Supervisory Authority, showed
that in the three countries (France, Germany and the Netherlands), the SIS
included wrongful or unlawful data on third-country nationals. In particular, the
reports of the French and German data protection authorities established that, in
many cases, the data were stored in SIS I for unlawful purposes, that they were
not deleted within the required time limits or that they were inaccurate.
With regard to Eurodac, we have seen that the annual reports of the Commission
did not include an overall cost-benet analysis of the use of Eurodac, including
questions on whether Member States or the EU save money by being able to send
asylum seekers back to other EU countries or receive asylum seekers from other
countries, or whether it is ecient to redistribute asylum seekers within the EU.
Looking at the table of hits based on Eurodac, one could ascertain a status quo
among the larger countries in terms of receiving or sending asylum applicants.
Eurodac, SIS II and VIS will all include biometric data to be used as a search
tool and as a mechanism to interlink the dierent systems. This use of biometrics

5
6

See, for the decision-making on Eurodac: Aus (2006), p. 15.

As we have seen in Chapter 3, national authorities in the 15 states using the SIS in 2006 found
only 21,090 hits based on Article 96 alerts.

514

Chapter 14

as an identication tool or search key has been criticised by dierent organisations

and experts, due to its unreliability and vulnerability to fraud.
Finally, the involvement of a large group of EU and non-EU Member States
may also aect the quality of the information. Diverging criteria on the basis of
which personal data are stored by national authorities put the quality and accuracy of these data at risk. As a result, the eciency of these databases for their
purposes, including countering terrorism, must be questioned.
2.2. Identifying, Tracking or Stigmatising Immigrants?
SIS II, Eurodac and the VIS have the common feature that they are centralised
large-scale databases focussing on the registration and the identication of thirdcountry nationals. The creation of these centralised databases is closely linked to the
aim of the EU governments to obtain an extra tool or mechanism for controlling the
entry and movement of migrants. This includes persons staying irregularly on their
territory and migrants declared inadmissible by national authorities, as well as regular migrants such as visa applicants and asylum seekers. SIS II, VIS and Eurodac
will not only be accessible at the external borders of the Member States, but also
within the national territory and at embassies and consulates in third countries.
The use of these European databases implies a presumption on the legal or virtual
status of an individual. This means that the rights or legal position of a person are
constructed on the basis of the information held on this person in these les.
A third-country national reported in SIS II on the basis of Article 24 of Regulation
1987/2006 is presumed inadmissible based on public order or security grounds or
because he or she would have infringed national immigration law. A hit based on
Eurodac implies that the person concerned is presumed to have arrived through the
territory of another Member State and thus may be sent back to this country. Finally,
a person whose visa has expired according to the information stored in VIS could be
expelled when his or her VIS record is checked by a national authority.
The fact that these databases are to be used for both immigration law and
criminal law purposes implies that persons registered for immigration law purposes will be at greater risk of being aected by law enforcement measures or
secret surveillance. Identity checks and the consultation of the above databases
are generally based on data proling. Using general criteria dealing with the risk
factors of specic categories of persons, authorities place these groups of persons
under extra surveillance. This criminalisation of individuals especially aects
certain groups of thirdcountry nationals, for example, persons applying for
asylum or citizens requiring a visa to come to the EU.7

See further section 3.4 below.

Conclusions

515

3. Third-Country Nationals and Their Rights

3.1. Recovering the Right to Privacy
The powers of national authorities to collect, store or use personal information
are limited by the right to privacy, protected by Article 8 ECHR and further
developed in the case law of national courts, the ECtHR, and the ECJ. The
collection and storage of a large amount of data, for a lengthy or even undened period, may under certain circumstances cause a breach of the right to
private life of the individuals concerned. These circumstances include, for
example, if the data concern the past or political life of the person in question,
if the data were not provided voluntarily or if the storage of these data has consequences for the daily life of the persons or limit their freedom of movement.
To protect the right to privacy, national legislation should provide for procedural safeguards as dened by the ECtHR. These safeguards include, for example, explicit limitations on the exercise of powers to store and use personal
information; the duty to inform persons in advance with regard to the storage
of their information; denition of situations in which information may be disclosed to others, and; safeguards protecting the quality of data and protecting
sensitive data.
As established in Chapter 6, the limitations formulated by the ECtHR apply
on several grounds to our subject: the registration of third-country nationals in
EU databases. In the rst place, the ECtHR emphasised that surveillance measures such as the systematic collection and storage of personal information by
governments fall within the scope of protection oered under Article 8 ECHR.
Secondly, it is clear that the right to privacy is at stake if sensitive information
such as biometric data is to be registered in SIS II and VIS. Thirdly, the frequent
controls to be performed on the basis of this registration may cause disproportionate interference with the travellers right to privacy, including his freedom of
movement. This is especially the case when these controls are combined with
practices often embarrassing for travellers, such as taking the person aside, questioning the person, collecting biometric data and carrying out body searches.
Fourthly, based on plans for the interoperability of EU databases described
above and the proposals for access to these systems by internal security agencies,
it is clear that SIS II is becoming a tool for surveillance measures. Furthermore,
the Commission is preparing a proposal for an entry-exit system to control
whether a third-country national is overstaying his or her visa or residence
permit. These proposals might lead to the semi-permanent control over the
movement of the persons registered in SIS II, VIS or Eurodac, which is facilitated by the use of biometric data and the inclusion of these data in passports
and visas.

516

Chapter 14

3.2. Immigration Law and the Protection of Human Rights

With regard to immigration law decisions based on the data held in the SIS,
national authorities have to take into account the protection of human rights as
protected in the ECHR and other international treaties. The relevant rights in
the ECHR include in particular the right of protection from torture or inhuman
treatment (Article 3), the right to liberty (Article 5 (4) ), the right to family life
(Article 8), the prohibition of discrimination (Article 14), as well as freedom of
religion (Article 9) or speech (Article 10). As we have seen in Chapter 8, a
decision by which a person is refused entry, denied a visa or detained or expelled
on the basis of a SIS registration can be annulled if this decision violates the
human rights of the third-country national concerned. Even if the jurisprudence
of the ECtHR is very casuistic, this Court dened some important criteria for
the eectiveness of the available remedies in immigration law procedures. In general, the ECtHR applies more stringent criteria with regard to claims based on
Article 3 ECHR. Furthermore, we have seen that the ECtHR refuses to accept
grounds of national security or overburdened immigration law procedures as
sole justication for limiting the rights of individuals to legal remedies.
Furthermore, the emphasis on data surveillance measures aecting specic
groups of persons based on their ethnic origin or nationality is dicult to
reconcile with the non discrimination principle in Article 14 ECHR. As we
have seen in Chapter 8, the relevancy of this right in the eld of border
controls has been emphasised by the ECtHR in Timishev v. Russia. The ECtHR
ruled that a selective approach towards Russian nationals of Chechen ethnicity constituted a violation of Article 14 ECHR in combination with Article 2
of the 4th Protocol (dealing with the freedom of movement). In its judgment,
the ECtHR explicitly ruled that no dierence in treatment which is based
exclusively or to a decisive extent on a persons ethnic origin is capable of
being objectively justied in a contemporary democratic society built on the
principles of pluralism and respect for dierent cultures. This conclusion
should be considered as an important assignment to the EU legislator and
Member States.
3.3. Rights and Freedoms Guaranteed by EU Law
In Chapter 9 we saw that dierent instruments adopted on the basis of Title IV
TEC grant rights, for example, to asylum seekers, long-term resident thirdcountry nationals and third-country nationals who have the right to family
reunication. Furthermore, certain categories of privileged third-country
nationals gained extra protection, such as the family members of EU citizens,
Turkish migrant workers or persons deriving rights from special agreements
between the EU and third countries.

Conclusions

517

There is some tension between the rights of the categories of persons mentioned above and the possibility of these persons being reported in the SIS for the
refusal of entry. In 2006, this tension became clear in the judgment of the ECJ in
the case of the Commission v. Spain. Here, the ECJ left no doubt about the fact
that an automatic refusal of entry or a visa to a third-country national who is
married to an EU citizen, solely on the basis of a SIS alert, violates the principle
of free movement which is central to the communitarian system. To take this
negative decision without verifying whether the person concerned imposes a genuine and suciently serious threat to the fundamental interest of society implied
a breach of the rights as laid down in Directive 2004/38.8
3.4. Data Protection Rights
In general, data protection law provides for procedural guarantees safeguarding,
among other things, the transparency of the use of personal information and databases. This transparency regarding the use of data allows the individual to be
informed of the authority collecting his or her information and of the purposes of
this data processing. It enables an individual to exercise the right of access, deletion
and correction and obliges the authorities to take these requests seriously and to
handle them within a preset or reasonable time limit. In Chapter 7, I described the
central principles of data protection law and considered the added value of data
protection. I have argued that the primarily procedural norms of data protection
are closely tied to more substantial criteria such as the non-discrimination principle, the limitation on the processing of sensitive data and the ban on automated
decision-making. In the following paragraphs, I will set out why in my view current EU measures are dicult to reconcile with these principles. It should be noted
however, that this subject requires a more in-depth analysis. The following paragraphs should only be considered as a rst exercise to describe the tension between
data protection law and the current measures of data surveillance in the EU.
1. At EU level, the principle of purpose limitation is undermined by the inclusion
of vague and open criteria in the applicable rules and the new emphasis on the
interoperability of information systems and the availability of information.
Furthermore, the creation of large, multipurpose databases such as VIS and
SIS II is in conict with this principle of purpose limitation, including limits
on the use and disclosure of personal information. The establishment of these
databases also conicts with the principle that aimless data collection should
be banned. In their proposals for the storage of biometrics and the interoperability of dierent databases, Member States are explicitly envisaging the future
use of personal information, unknown at the time of its registration.
8

I will come back to this subject in section 6.1.2, dealing with the new Regulation 1987/2006.

518

Chapter 14

2. The creation of multipurpose central databases such as the VIS and, possibly,
Eurodac and SIS II, impedes the transparency of the storage and further use of
personal information in these systems. Generally, persons whose data are
stored by one Member State will not be aware that these data are accessible to
the authorities of the other Member States, and eventually third countries, as
well. With regard to the use of SIS I, we have seen that generally, in France,
Germany and the Netherlands, third-country nationals are not informed at
all about their registration in the SIS I.
However, the data protection principle of transparency is bolstered by the
rules on informed decision-making in EC immigration and asylum law.
An example is the Schengen Borders Code, obliging border ocials to inform
a person in writing of the reasons for refusing him entry. One of the valid
reasons for border ocials to refuse a person entry to their territory is an alert
in the SIS. This means that the aforementioned obligation enables the person
refused entry to nd out that he or she is registered in the SIS.
3. EU legislation allowing for the collection and storage of specied information such as health (biometric data) and religious beliefs (especially Muslims,
in measures aimed at combating terrorism) or ethnic origin (data on foreigners used for immigration control) erode the principle based on which extra
safeguards are to be provided for sensitive or special categories of data. As mentioned above, EU measures in the eld of Freedom, Security and Justice are
increasingly based on the general assumption that migrants within the EU
are to be treated as suspected persons or potential terrorists. Such a policy
runs against the general accepted principle of non-discrimination and equality, which is one of the goals of the extra protection of sensitive or special categories of data. This policy also has a negative impact for the position of
migrants and their further integration into the society of EU Member States.
4. The principle that data holders or processors should take measures to guarantee the quality of data is jeopardised by the establishment of large, multipurpose databases. As we observed, diverging criteria based on which personal
data are stored by national authorities, diverging implementation of EU standards and non-compliance with time limits aect the quality and accuracy of
the data. The ndings of the national data protection authorities with regard
to Article 96 CISA, discussed in Part III, showed that the reliability of the
information stored in SIS is dubious, that national authorities are using SIS
for dierent purposes and that authorities disregard the rules protecting the
rights of individuals, such as time limits. Furthermore, it is questionable
whether, in their ght against terrorism, including the retrieval of information
on potential or possible terrorists, the national authorities are still considering
the importance of treating soft data and hard data dierently. SIS II and
VIS will also include information which is based on soft data rather than

Conclusions

519

hard data. For example, as we have seen with regard to SIS I, national
authorities report individuals on the basis of suspicions that this person has
committed a serious crime or is involved in terrorist activities. There is a risk
that due to the interlinking of databases such as SIS II and VIS and the access
granted to internal security organisations, the distinction between reliable
hard data and unreliable soft data becomes blurred. This makes it dicult
not only for the person involved, but especially for the user authorities and
the courts or supervisory authorities involved in assessing which information
is accurate and which is not.
The use and storage of biometrics also may cause problems with regard to
the quality of information. Dierent specialists and data protection authorities, including the EDPS, explicitly have warned against the use of biometrics
as a primary key. A primary key can be described as an instrument enabling the identication of a person and, based on this identication, a very
rapid search through dierent databases. Since biometrics are always based on
probabilities, they will never deliver the unambiguous key that is by denition
required for a primary key for databases. As emphasised by the EDPS, for
example, such use will probably result in a breach of the principle of data
quality.
5. Formally, the principle of individual participation includes the right of data
subjects to be informed, their right of access to information and the right to
request correction or deletion. Generally, these rights have been incorporated
in the legislation dealing with EU databases described above. However, these
rights are subject to limitations. Furthermore, in practice, these rights seem to
be dicult to achieve due to a lack of knowledge about the existence of databases and the fact of being registered at all. Also, as we have seen with regard
to the use of SIS I, it is not easy for individuals to ascertain which authority is
responsible for the data processing or to nd information about the available
rights and remedies.
6. The ban on automated decision-making is not an absolute right of data protection. National legislation already provides for accepted limitations to this
principle, for example, in tax law or in trac law. The extended use of systems such as SIS, VIS and terrorist lists seems, however, to imply an additional and less acceptable deterioration of this principle. Through these
systems, Member States are prepared to rely increasingly on the national decisions of foreign authorities. Since these decisions are stored in shared information systems and based on the so-called principle of mutual trust, the use
of these systems will lead to automatic decisions which are dicult to refute
by the individual concerned.
7. The principle of security of information systems containing personal data generally receives a lot of attention in EU policy. Dierent proposals explicitly

520

Chapter 14

refer to technological safeguards protecting data systems against loss, destruction or unauthorised access. National and EU policy-makers are also investing
in the so-called Privacy Enhancing Technologies. However, in practice, the
centralised storage of data, their multipurpose use, and the increase in numbers
of authorities (including those from non-EU Member States) and organisations
gaining access to these systems are likely to result in a loss of security.
8. The principle of accountability is included in the dierent legal instruments
concerned. They provide for rules on the liability of the data processor for
damage suered by individuals caused by the use of information systems for
which the data controller is responsible. Although not explicitly covered in
my study, a problem of accountability may arise, considering the responsibility of EU institutions or Member States for the management of the central
databases of SIS II, Eurodac or VIS. The creation of separate, independent
EU Management Authorities or Agencies must be accompanied by clear
rules on accountability, liability and transparency.
9. The non-discriminatory application of data protection is included in EC
Directive 95/46 and the Data Protection Convention. Article 8 of the EU
Charter explicitly stipulates that everyone has the right to protection of personal
data concerning him or her. As we have seen in Chapter 7, data subjects
rights may be restricted on the basis of legal exceptions as described in Article
13 of EC Directive 95/46. These exceptions include the need to safeguard
national security, defence, public security or criminal investigation. On these
grounds, Member States may restrict certain rights of individuals, including
the right to obtain information on the data processing in question (purposes,
data controller, recipients of information) and the right to access, correction or
deletion of his or her information. In practice, the use of these legal limitations
of certain rights could result in the discriminatory application of data protection
principles. In the ght against terrorism, certain activities by governmental
organisations are targeting foreigners or individuals with a Muslim background. Therefore, even if data protection law itself does not discriminate,
its practical implementation, the way individual applications for access or
information will be treated, may be dierent for dierent groups.

4. The Right to Eective Remedies

In my study, I have made a distinction between data protection law decisions
(refusal of the right of access, correction or deletion) and immigration law
decisions (report of inadmissibility in SIS; refusal of entry, refusal of visa
application, residence permit, withdrawal of residence permit; expulsion, detention). I pointed out certain weaknesses which, in my view, are inherent in the

Conclusions

521

procedures in both data protection and immigration law. For example, the scope
of review by data protection authorities is restricted and the independence and
eciency is threatened by their lack of power and nancial resources. EC instruments on asylum and immigration generally refer to the right to legal remedies
for third- country nationals, but the applicable rules are not very detailed with
regard to the content, the scope, or the eects of the remedies. Procedural guarantees are left to the scrutiny of the national legislator and access to an independent court or tribunal is not always guaranteed. Although there are some positive
developments with regard to the duty of informed decision-making, this duty to
inform third-country nationals of their rights remains void if national laws do
not provide for these rights.
In Chapter 10, I developed three principles of EU law, arguing why the right
to eective remedies applies to both immigration law and data protection law
decisions relating to the use of databases, such as the SIS. The rst of these principles
is based on the incorporation of human rights and the ECHR within the legal
framework of the EU. It is clear that the standards on the right to eective legal
remedies in the ECHR, and further developed by the ECtHR, apply to the
implementation of EC immigration and asylum law in cases where human rights
are at stake. Secondly, I pointed out the right to judicial protection to enable
individuals to enforce their rights under Community law. In the words of the
ECJ in the Panayotova case, Member States must provide for eective judicial
scrutiny of the decisions of national authorities taken pursuant to the applicable
provisions of Community law. Thirdly, the right to eective remedies follows
on from the legal system within the Community which includes the system of
preliminary references. Here, the right to remedies is necessary in order to enable
both national courts and the ECJ to guarantee a coherent and clear interpretation
of Community law.
As we have seen, the criteria developed on the basis of these general principles
go much further than the rules adopted in the dierent instruments at stake.
From the law described in Part II of my study, I derived the following minimum
criteria: access to an impartial tribunal, which might be a judicial or a non-judicial
authority provided it is a permanent institution, established by law and independent of the national authority taking the decision or measure. Secondly, on the criterion of accessibility, we have seen that the decision-making should be in writing,
indicate the reasons for the decision and include information on the authority
taking the decision, the available remedies and the applicable time limits. The
legal remedies should be available within a reasonable time and the person concerned should have the option to be advised, defended and represented during the
procedure. To guarantee the accessibility of remedies there must be access to legal
aid for those who otherwise would have no sucient means of nding access to
legal remedies. The court or tribunal dealing with the individual complaint or

522

Chapter 14

appeal should be able to consider all relevant aspects of the case. In other words,
its scope of review should include the legitimacy or lawfulness of the measures
concerned and the necessity and proportionality of these measures. This applies,
in our case, to the decisions of national authorities to report individuals in the
SIS, as well as to the decisions or measures which are based on those SIS reports.
Furthermore, the court or tribunal should be able to balance the individual rights
against a pressing social need or to balance the competing interests at stake.
Finally, a court or tribunal should have sucient powers, in the words of Boeles,
to overcome fait accompli. This means that the court or tribunal should be able
to grant interim relief or suspensive eect to a legal procedure, to impose binding
decisions or nes and, if necessary, to order (nancial) repair of damage.

5. Comparing the Law and Practice in France,

Germany and the Netherlands
5.1. National Criteria for Storing Third-Country Nationals in SIS I
In both France and Germany, the criteria based on which third-country nationals
may be reported in SIS I are not very clear. In France, there is no formal publication of the criteria applied. The decision to report a third-country national is
based on either an administrative decision (by the Minister of the Interior or the
prefecture) or a judicial decision. In Germany too, there is no formal denition of
the criteria, aside from ministerial instructions of 1998 and the criteria as included
in Article 96 CISA itself. Only in the Netherlands are the criteria more transparent,
since they are explicitly laid down in the Aliens Circular 2000. However, these
criteria are dened by the government without scrutiny by the national parliament.
In addition, these rules are regularly amended and further extended.
In these three countries, the registration of a third-country national as
unwanted in SIS I can be based on his or her irregular stay or the withdrawal of
his residence permit, as well as on the grounds of public order. In France, if a
person is reported for the latter grounds, the exact reasons for such a residence
ban remain secret.
Since the applicable criteria are not published in France or Germany, it is dicult to assess whether they meet the criteria of Article 96 CISA. The fact that the
French data protection authority, CNIL, when investigating SIS alerts following
individual requests, has found that the alerts were unlawful or wrong in a large
number of these cases (almost 40%) indicates that there is a real problem with
regard to the lawfulness of the data stored in SIS I. In Germany, national data
protection authorities (both at federal level and in the Lnder) repeatedly pointed
out the unlawful practice of national immigration oces in reporting rejected

Conclusions

523

asylum seekers in the SIS. Also, in general, the annual reports by the German
data protection authorities established the unlawfulness and inaccuracy of the
information held on third-country nationals. The applicable criteria in the
Netherlands must be regarded as very broad and are dicult to reconcile with
the criteria of article 96 (2) and (3) CISA. According to the Dutch criteria, a person may be reported in the SIS for relatively minor oences or even on the basis
of a suspicion.
More recently, in France and the Netherlands, the responsible Ministers
underlined the importance not only of a systematic input of data into the NSIS,
but also of a systematic refusal of entry based on a SIS report. Based on this policy,
national authorities are expected to report a person in the SIS as soon he or she
meets the criteria for a SIS alert. Additionally, if the authorities nd a report for
the purpose of refusal of entry, this person should automatically be refused entry.
In the Netherlands, the latter policy has been advocated with regard to reports
on the basis of public order or security grounds. Also in 2005 and 2006, the
Dutch authorities referred before courts to the changed situation with regard to
security in the world and the increasing importance of respecting the SIS alerts
of other Schengen partners. These arguments were used to justify the refusal of
entry to persons on the basis of a, in this particular case, clearly disputable foreign
alert. This negative decision was remarkably because in previous years, the same
applicants had been granted access to the Netherlands in spite of the foreign
alert. In France, the presumption of inadmissibility even has consequences for
the availability of legal remedies in cases of expulsion. The French legislator considers a foreign SIS alert as a nal decision by another Schengen State, assuming
that the person involved could already have lodged an appeal against this decision in the issuing State. Based on this assumption of a nal decision, the right
to suspensive remedies against expulsion orders on the basis of these foreign
reports has been limited in the French Immigration Act.
5.2. SIS and Data Protection Rights of Individuals
In France, Germany and the Netherlands, national law provides no duty for
public authorities to inform a person that he or she is reported in the SIS. The
French Data Protection Act includes the principle of indirect access, meaning
that a person who wants to know whether he or she is reported in the SIS and on
what grounds must apply to the CNIL. This procedure leads to lengthy procedures and the rights of the applicant are dependent on an active approach by the
French Data Protection Authority, CNIL. In Germany and the Netherlands, the
persons may directly address the authorities concerned with an application for
access, correction or deletion of their data. In the Netherlands, individuals will
have to submit their request concerning data held in the SIS to the privacy ocer

524

Chapter 14

of the Dutch police force. Although this ocer is easily accessible and wellinformed, the procedure chosen for requests from third-country national seems
illogical and time-consuming. A person who applies to the Immigration Oce
with the request for information will be informed that he or she should apply
rst to the privacy ocer of the police force. This ocer will then return this
request to the immigration ocer for processing.
The German and French data protection authorities seem to be more actively
involved in individual applications with regard to the SIS than the Dutch Data
Protection Authority, the CBP. Whereas both the French CNIL and the German
Federal Data Protection Commissioner received more than 500 individual applications annually for (indirect) access to the NSIS alerts (not only Article 96
alerts), the Dutch CBP only dealt with fewer than ten individual applications
per year. This very low number of applications with regard to SIS information in
the Netherlands could be explained by the active role of the privacy ocer in the
Dutch police force. The latter ocer dealt with approximately 200 applications
each year.
In 2004, the national data protection authorities investigated the Article 96
alerts held in the SIS I within the framework of the general inquiry by the
Schengen Joint Supervisory Authority. In particular, the reports of the German
data protection authorities included important conclusions with regard to the
data held on third-country nationals and the ndings were thoroughly discussed
in the various annual reports by these data protection authorities. In France and
the Netherlands, the data protection authorities only performed very marginal
research on the Article 96 alerts. The reports were not ocially published. In the
Netherlands, the Data Protection Authority only investigated 15 out of a total
of 12,167 Dutch alerts on third-country nationals to be refused entry. This
was explained by a lack of time and capacity. Generally, in all three countries
the data protection authorities lack nancial and personal resources. However,
in Germany, the parallel functioning of the Federal Data Protection Commissioners
and the data protection authorities in the Lnder, each with their own resources
and sta, seem to result in a more active scrutiny of the functioning of the SIS.
Unlike the Dutch Data Protection Authority, the French and German data protection authorities have the competence to impose heavy penalties on organisations
or persons who act in breach of the applicable data protection rules.
Despite these short-comings, future investigations performed by national
(or European) data protection authorities should be encouraged, not least because
of the potential discovery of irregularities in the SIS II or other databases. These
general inquiries or audits make national authorities aware of their obligations
regarding the lawfulness and quality of data held in the SIS. It also emphasises
the watchdog role of national and European data protection authorities.

Conclusions

525

5.3. Eective Remedies

5.3.1. Case Law
There is a striking contrast between the high number of judgments by French
courts with regard to Article 96 alerts in the SIS and the scarcity of case law in
Germany and the Netherlands. There seems to be no single explanation for this
amount of jurisprudence in France. It may be explained by the relatively weak
position of CNIL, urging individuals to seek judicial review earlier. The high
number of French judgments with regard to visa refusals based on SIS alerts
has been explained by the amendment of the French Immigration Act in 1998.
On the basis of this amendment, visa refusals must be issued together with a
motivated decision. When such a refusal is based on a SIS alert, the applicant will
be directly informed of the fact that he or she is registered in the SIS. Furthermore,
two important decisions dealing with SIS by the Conseil dtat in 1999 resulted in
a more general awareness of the rights and legal remedies for third-country nationals reported in the SIS. This awareness could explain why French lawyers became
more active in launching judicial procedures when dealing with a SIS alert.
I found very few German judgments dealing with the SIS. This might be
explained by the more active role of the data protection authorities in Germany,
but also seems to be related to a lack of information by the individuals and lawyers
involved. However, the very few judgments dealing with the SIS, as well as those
dealing with related issues such as data proling, provide some important general
principles on the lawfulness and proportionality of the measures involved.
In the Netherlands, the national courts initially seemed cautious when dealing
with SIS alerts and were reluctant to develop any general principles with a view to
the use of the SIS. Since 2005, it has been possible to observe a more active and
critical approach by the Dutch courts. With few exceptions, Dutch courts increasingly have been emphasising the obligation of Dutch authorities to assess the proportionality of maintaining alerts in the SIS. With regard to an Article 95 alert in
SIS I (extradition), one civil court submitted a preliminary request to the ECJ. This
resulted in the Van Straaten judgment by the ECJ, dealing with the interpretation
of the ne bis in idem principle of Article 54 CISA. The Dutch National Ombudsman
has dealt regularly with complaints from persons with regard to their registration in
the SIS. Although these decisions are non-binding, the considerations of this
authority with regard to the obligation of informed, timely and proportional
decision-making are important and deserve more attention in further research.
5.3.2. Accessibility
In the three countries, the national courts underlined the importance of the
accessibility of legal remedies. In France, the Conseil dtat in particular ruled on

526

Chapter 14

the necessity of informed decision-making, not only in its Hamssaoui judgment

of 1999, but repeatedly in other judgments as well dealing with visa refusals.
In both Germany and the Netherlands, the courts clearly did not accept the formal
grounds on which the national administration sought to restrict accessibility to
legal remedies. In both countries, the national authorities contended that a thirdcountry national cannot lodge an appeal directly against the SIS alert itself since
this would have no direct legal eect within the meaning of administrative
procedural law. This argument has been explicitly rejected by the Dutch courts
(except for one early decision in 1999), stressing the fact that a SIS alert does
result in direct legal eect for the person involved. Also in Germany, courts found
this argument irrelevant and found themselves competent to deal with the
lawfulness of the SIS alert itself or the decision on which the SIS alert was based.
5.3.3. Scope
I found only French and Dutch judgments with regard to the question of whether
a national court can assess the lawfulness of a foreign alert. In both countries, the
national courts explicitly found themselves competent to assess whether foreign
alerts were in accordance with the criteria of Article 96 CISA. Especially in
France, several courts explicitly ruled that the German practice of reporting
rejected asylum seekers was unlawful.
In the case law I found, the courts in France, Germany and the Netherlands
did not consider themselves competent to question whether an immigration law
decision on which a foreign alert is based is taken in accordance with the national
law of that foreign state. For example, this competence was explicitly denied in
a judgment of 2003 by the French Conseil dtat. This means that national courts
nd themselves competent to assess whether a foreign alert falls within the applicable criteria of Article 96 CISA (or 24 of the new Regulation on SIS II), rather
than assessing the lawfulness of a foreign administrative decision.
5.3.4. Competences
Article 111 CISA on access to legal remedies is based on the principle of mutual
recognition of courts decisions with regard to SIS alerts. In the very few cases
I found, the decisions of a national data protection authority or a court ruling that
a foreign authority should delete a SIS report met with strong resistance from the
national authorities involved. For example, the French authorities refused to
implement the decision in 2005 by the Austrian Data Protection Authority, which
ordered the French authorities to delete an Article 96 alert from the SIS. Dealing
with the same case, the French Conseil dtat seemed to deny the competence of
a foreign data protection authority to order the authorities of another state to
delete the information from the SIS. However, it recognised that such a decision
by a foreign data protection authority could be used as grounds for the French
data protection authorities to order the French authorities to delete the alert.

Conclusions

527

In a judgment of 2005, a Dutch court, nding that an Article 95 alert (extradition) did not meet the CISA criteria, ordered the Spanish authorities to withdraw
this alert from the SIS. Also this decision met with strong opposition from the
Spanish authorities. Only after diplomatic pressure, involving the national data protection authorities and the privacy ocer of the Dutch police force, were the Spanish
authorities willing to follow the courts decision and to delete the SIS reports.

6. The New SIS II Regulation 1987/2006: Learning from the Past?

6.1. Criteria for Reporting Third-Country Nationals in SIS II
6.1.1. Lack of Harmonisation
Which lessons have been drawn from more than ten years of using the SIS I?
Considering the criteria of third-country nationals to be reported in the SIS II,
the current text in the new Regulation 1987/2006 is disappointing. Article 24 of
the SIS II Regulation maintained the same criteria as in Article 96 CISA. As we
have seen, these criteria include two categories of decision. Firstly, third-country
nationals may be reported in the SIS based on public order or security grounds.
This includes a third-country national who has been convicted of an oence by
a Member State which is punishable by a term of imprisonment of at least one
year. This also includes a third-country national concerning whom there are serious grounds for believing that he has committed serious criminal oences or
concerning whom there are clear indications of an intention to commit such
oences on the territory of a Member State. Secondly, third-county nationals
may be reported to the SIS on the basis of an immigration law decision which
involves his expulsion, refusal of entry or removal.
These criteria are problematic for two reasons. Firstly, with regard to the rst
criterion, we have seen that these criteria oer a very low threshold for the registration of inadmissible third-country nationals in the SIS. On the basis of the
rst criterion, third-country nationals may be reported for minor oences. The
denitions of serious criminal oences, serious grounds and clear evidence
leave the Member States a wide margin of interpretation and allow them to extend
the categories of serious oences every time this is considered politically necessary
or desirable. Based on the second criterion, third-country nationals may be
expelled and subsequently registered in the SIS if they have violated a relatively
unimportant rule of immigration law. For example, if a person applies too late
(by even a day or a week) for the renewal of his or her residence permit, or if he
does not submit complete information on time (which may be for reasons beyond
his control), he or she may be registered in the SIS. These reasons for reporting
someone in the SIS seem disproportionate, considering that this measure results in
a ban on entry to the entire EU territory for a minimum of three years.

528

Chapter 14

Secondly, the fact that these decisions are based on the national discretionary
power of the States causes a problem for the national courts or authorities in
assessing the lawfulness of SIS reports. For example, a SIS alert based on the suspicion of a serious criminal oence opens the door for very wide application.
Furthermore, in France, Germany and the Netherlands, third-country nationals
may be declared inadmissible or unwanted on the basis of condential reports
from internal security agencies, resulting in registration in the NSIS. This
information cannot be eectively scrutinised by the individual or by the courts.
The need for a common interpretation of the reasons for excluding an individual
from the territory of the EU derives both from the principle of equal treatment
and the duty of Member States to respect the rights of third-country nationals
as described above (ECHR, rights of employees under third country agreements,
family reunication).9 The harmonisation of the criteria for reporting persons in
the SIS II is also necessary to provide the individual in question with eective
remedies, in which national courts or tribunals are able to assess the criteria for
SIS reporting and refusal. For these reasons, it is unfortunate that the development of SIS II was not used to provide for more harmonised criteria. As we have
seen, the attempt of the European Commission to achieve this harmonised
approach was not accepted by the governments of the EU Member States. Article
24 (5) Regulation regarding SIS II only states that the Commission shall review
the application of this Article three years after the Regulation enters into force.
The Commission will then, based on this review, use its right of initiative and
make the necessary proposals to amend this provision, to achieve a higher level
of harmonisation of the criteria for entering the alerts.
Despite this lack of harmonised criteria, the new SIS II Regulation includes
two important limitations with regard to the criteria for reporting third-country
nationals in the SIS, compared to the provision of Article 96 CISA. In the rst
place, the SIS II Regulation explicitly includes a proportionality clause which
goes further than the former proportionality clause of Article 94 CISA. This
Article 21 provides that a Member State issuing an alert should not only determine whether the case is important enough, but also whether this case is adequate and relevant to warrant an entry in the SIS II. Secondly, in addition to
this proportionality clause, Article 24 of the Regulation 1987/2006 requires that
every decision to issue an alert on a third-country national be taken on the basis
of an individual assessment. Furthermore, Article 24 (1) explicitly provides that
appeals against these decisions shall lie in accordance with national legislation.

See also Guild (2001), p. 28. The challenge of the Schengen system is the basis on which
common control of the denition of risk should be founded.

Conclusions

529

These two limitations and the explicit reference to the possibility of appeal oer
national courts and data protection authorities a tool to assess the lawfulness and
proportionality of reporting third-country nationals in the SIS II.
Until a further harmonisation of criteria takes place, the lack of material criteria should be compensated by procedural guarantees. This includes the safeguarding of applicable time limits for the storage of data, informed decision-making,
the possibility of imposing nes if national authorities act in breach of the applicable law and, last but not least, eective remedies for the person involved,
including the right to nancial compensation.
6.1.2. Protecting EU Citizens and Beneciaries of EC Law
The drafters of the SIS II Regulation clearly have taken into account the recent
jurisprudence of the ECJ with regard to the protection of rights of EU citizens
and beneciaries of EU law. However, the extra safeguards included in this
Regulation still provide for some loopholes. Based on Article 25 (2), if a hit is
found for a third-country national who is a beneciary of the Community right of
free movement, the executing state must immediately consult the issuing Member
State via the SIRENE oce in order to decide without delay on the action to be
taken. This provision does not describe the procedure to be followed when the
Member States disagree upon the action to be taken, or when one Member State
does not respond without delay to the request from the other State.
Furthermore, Article 30 of the Regulation 1987/2006 includes the obligation
for Member States to delete alerts on persons reported in SIS II on the basis of
Article 24 as soon as the Member State issuing the alert is informed or becomes
aware that the person has acquired the citizenship of any State whose nationals
are beneciaries of the Community right of free movement. This Regulation does
not oblige Member States, although this has been proposed by the Commission,
to delete data on third-country nationals who become family members of EU
citizens. Nor does it include such an obligation for long-term resident thirdcountry nationals. This could mean that those persons are registered in the SIS II
in conict with the criteria of the Directive on long-term resident third-country
nationals or the Directive on family reunication.
Even if the duty to delete an alert from the SIS II were extended to the aforementioned categories of third-country nationals, it is questionable whether this
rule will be eectively implemented. The practice of the current use of the SIS
and Eurodac has shown that unless the person concerned actively pursues the
deletion of his own record, data on recognised refugees or EU citizens respectively are not automatically or swiftly deleted, as prescribed by European or
national law. Therefore, the duty to delete a report as soon as a Member State
becomes aware that the person concerned falls within one of these categories is
only eective if accompanied by stricter safeguards.

530

Chapter 14

6.2. Data Protection Rights

6.2.1. Right of Information
Only once individuals are informed about the registration of their data or of their
legal remedies, can they seek judicial redress against this registration. In principle,
according to Article 42 of the SIS II Regulation, third-country nationals who are
the subject of an alert should be informed in accordance with 10 and 11 of EC
Directive 95/46. This information must be provided in writing, together with a
copy or a reference to the national decision which is the basis for the SIS II alert.
However, as we have seen in Chapter 7, Article 42 (2) of the SIS II Regulation
includes some important limitations to this right. Firstly, Member States are
exempt from their duty to provide information where the personal data (read: the
data stored into the SIS II) have not been obtained from the third-country
national in question. This exception, which circumvents the provision in Article 11
of the EC Directive 95/46, applies in many, if not all the cases in which an alert
on a third-country national to be refused entry is recorded in SIS II. Furthermore,
the information must not be provided if the provision of information proves
impossible or would involve a disproportionate eort or where the third-country
national already has the information. National authorities could be tempted to
invoke this exception frequently as well. As we have seen in the previous Chapter,
the Dutch authorities held the view that it is not necessary to inform third-country
nationals of their registration in the SIS I, because these persons would generally
be aware they had done something wrong and, for that reason, would know
about their NSIS registration. Finally, according to Article 42 (2) of the SIS II
Regulation, the duty to inform the third-country national does not apply where
national law allows for this right to be restricted, in particular in order to safeguard national security, defence, public security and the prevention, investigation,
detection and prosecution of criminal oences. Also this latter exception runs
the risk of being interpreted and applied very widely.
With regard to the right to access, correction or deletion of information, it is
important that Article 41 (6) of the SIS II Regulation provides that the individual
shall be informed as soon as possible and in any event no later than 60 days
from the date he or she applied for access. This provision, however, does not specify precisely which information should be submitted to the person concerned and
implies the risk that national authorities will only give the applicants short notice
that his or her application for access is being processed. With regard to the followup given to the exercise of his rights of correction or deletion, Article 41 (7) of the
Regulation 1987/2006 stipulates that the person concerned should be informed
as soon as possible and in any event no later than three months from the date of
application for correction or deletion. However, three months must be considered
a very long waiting period, especially for a person applying for a short-term visa
or trying to gain access to the territory of one of the Schengen States.

Conclusions

531

As we have seen above, these information rights are bolstered by the rights
included in EC immigration and asylum law. The Schengen Borders Code obliges
authorities refusing a person entry to their territory to issue a substantiated and
written decision, stating the procedures for appeal. Other instruments regarding
immigration and asylum law adopted under Title IV TEC also include provisions
concerning the duty of informed decision-making.
6.2.2. Cooperation Between Data Protection Authorities
Practice with the current SIS has shown that procedures by which an individual
seeks to obtain information about the reasons for a SIS alert or to have this alert
deleted from the SIS, often take a long time. Even if the national data protection authorities are actively involved, their power to act is limited if a national
administration fails to respond in a timely manner to the questions involved.
For this reason, it is important that the new Regulation regarding SIS II provides for the cooperation of the dierent data protection authorities involved.
According to Article 46 (1), national supervisory authorities and the EDPS
must cooperate actively, within the framework of their responsibilities and
shall ensure coordinated supervision of SIS II. In addition, Article 46 (f ) of
Regulation 45/2001 regarding the processing of data by Community institutions and bodies states that the EDPS should cooperate with the national supervisory authorities to the extent necessary for the performance of their respective
duties, in particular by exchanging all useful information, requesting such
authority or body to exercise its powers or responding to a request from such
authority or body.
Article 34 (3) and (4) of the Regulation 1987/2006 provides for a special procedure if a Member State has evidence that information stored in SIS II is incorrect or unlawful. This rule had already been included in Article 106 (2) and (3)
CISA, but the new provision now includes a time limit. According to Article 34 (3),
if a Member State not issuing the alert has evidence suggesting that an item of
data is factually incorrect or has been unlawfully stored, it shall, by exchanging
supplementary data, inform the issuing Member State at the earliest opportunity
and no later than ten days after it became aware of the said evidence. The issuing State must then check the communication and, if necessary, correct or delete
the item in question without delay. In practice, it will be dicult to establish
exactly when a Member State has to inform an issuing State of the alleged wrongfulness or unlawfulness of an alert. Furthermore, the fact that there is no time
limit within which the issuing State should delete or correct the refuted data also
makes it doubtful whether this rule will be eective in practice.
According to Article 34 (4), if the aforementioned Member States are unable
to reach agreement within two months, the Member State not issuing the alert
shall submit the case to the EDPS. The EDPS then has to act jointly with the
national supervisory authorities as mediator.

532

Chapter 14

Finally, it is a positive achievement that Article 44 (3) of the SIS II Regulation

obliges Member States to ensure that their national supervisory authorities have
sucient resources to full the tasks entrusted to them under this Regulation.
At the time of this research, data protection authorities lack sucient resources to
perform their numerous tasks eciently. The implementation of this provision
therefore needs careful scrutiny by national parliaments.
6.3. Right to Remedies
The wording of the right to remedies in Article 43 of Regulation 1987/2006,
as cited in Chapter 7, is almost the same as included in Article 111 CISA with
regard to SIS I. The implementation of this Article 43 should be in accordance
with the general principles on eective remedies as described in Chapter 10. This
means that national courts (or competent authorities) should have the power to
decide on the lawfulness of (national and foreign) reports or the decisions or
measures based on these reports. This assessment includes the issue of whether the
SIS II alert responds to the criteria of Article 24 of the Regulation on SIS II.
Furthermore, they will have to deal with the question of whether this report
infringes the rights of the person involved, including his or her human rights and
the rights deriving from EU law. National courts or authorities should be able to
assess the proportionality of the reasons for reporting a person in the SIS, including the requirement of individual assessment of Article 24 and the proportionality
clause of Article 21 of the Regulation on SIS II.
In Chapters 6 and 8, I referred to the individual right to a nancial claim
based on Article 6 (1) ECHR with regard to damage resulting from decisionmaking based on the use of the SIS. Article 49 of the SIS II Regulation obliges
Member States to ensure that any misuse of data entered into the SIS II or any
exchange of supplementary information contrary to this Regulation is subject to
eective, proportionate and dissuasive penalties in accordance with national
law. To ensure that the rights of individuals are respected with regard to the storage
and use of data held in the SIS, this new provision should be complemented with
strict rules on the liability of the data holder or data user. This allows national
courts or data protection authorities to impose sanctions when necessary.
Article 43 (3) of the SIS II Regulation stipulates that the rules on remedies
will have to be evaluated by the Commission by 17 January 2009. This evaluation should be used for strengthening the legal position of third-country nationals
in the SIS II and not for weakening the rules on remedies. If this provision should
be redrafted, the right of any individual to bring an action before the national
court or authority in connection with an alert relating to him or her should be
maintained, as well as the provision that Member States should mutually enforce
the nal decisions of national courts or authorities (see below). The accessibility
of remedies could be improved by an explicit provision in the SIS II Regulation

Conclusions

533

obliging Member States to inform a person as soon he or she is registered in the

SIS II of the alert and the available remedies.
6.4. Mutual Enforcement of National Decisions
Article 43 (2) of the new Regulation regarding SIS II includes the same principle
as in Article 111 (2) CISA, obliging the Member States mutually to enforce the
national judgments with regard to the SIS alerts. Where national authorities do
not have any problem recognising and enforcing foreign SIS reports, they generally nd it dicult to accept the binding force of decisions by foreign courts or
data protection authorities. Based on the principle of sovereignty, it is held that
national courts cannot assess the lawfulness of foreign administrative decisions.
The question is whether this principle is still valid in this eld of law. The use of
SIS I and SIS II, as well as Eurodac and VIS, is based on the principle that
authorities should respect and enforce the alerts entered by the authorities of
other Member States on the basis of the principle of mutual trust. In Part III,
on the national implementation of Schengen, we have seen that in France and
the Netherlands in particular, policy-makers referred to this principle of mutual
trust between the Schengen States, advocating the systematic implementation of
foreign reports in the SIS. It should be clear that the principle of mutual trust at
the heart of the Schengen cooperation involves the mutual enforcement not only
of the national decisions to report a person in the SIS, but also of the courts
decisions on the lawfulness of the SIS reports. The very use of a database such as
SIS I or SIS II already implies a loss of sovereignty.10 Furthermore, it must
be observed that the sovereignty of the national legislator is limited under EC
immigration and asylum law.11
The principle of the mutual enforcement of national courts decisions as
included in CISA and the new SIS II Regulation could be enforced by the establishment of so-called transnational preliminary procedures. This mechanism was
proposed by Gautier, discussing the competence of national courts to consider foreign administrative decisions.12 According to Gautier, national courts must be able
to submit questions to courts in other Member States on the meaning and content
of their national law. In my view, the option of a preliminary transnational question (question prjudicielle transnationale) could be complemented by the establishment of one specialised coordination point within the court system in each

10

11
12

Having to refuse a person entry because of having to blindly follow the instruction of another
state is also loss of sovereignty, Steenbergen (1999), p. 2960.
Cholewinski (2005), p. 238.
M. Gautier, Le dpassement du caractre national de la juridiction administrative franaise:
le contentieux Schengen, Droit Administratif, May 2005, pp. 7 .

534

Chapter 14

Member State. These coordination points could ensure that each request from a
foreign court dealing with a SIS alert is dealt with in a timely and ecient manner.
This procedure could be accompanied by appropriate time limits, ensuring a swift
response by the authorities involved. A comparable mechanism has been chosen
for the SIRENE manual with regard to the coordinating role of national SIRENE
oces for the administrative authorities when dealing with a SIS alert and the
issue of residence permits and visas. These oces operate 24 hours a day, seven
days a week and must respond within 12 hours of submission of the request.13

7. Final Remarks
In 1985, in the White Paper on the Internal Market, the Commission underlined the symbolic meaning of borders by stating that the formalities aecting
individual travellers were, a constant and concrete reminder to the ordinary citizen that the construction of a real European Community is far from complete.14
The Commission referred to the police checks relating to the identity of persons
and the safety and customs checks concerning the goods they were carrying, even
though these controls were often no more than spot checks. These checks would
be seen as, the outward sign of an arbitrary administrative power over individuals and an aront to the principle of freedom of movement within a single
Community. The Commission did not foresee the development of high-tech
control and surveillance measures to which individuals travelling around Europe
are now exposed. The question arises of whether these new measures are not precisely the same as those which the Commission tried to abandon in 1985. The
establishment of the European information network includes the storage of
data in large-scale databases, the increase in identication measures and the use
of biometrics. It is clear that these measures entail a risk to the protection of
human rights such as the right to privacy and the right to data protection, but also
the freedom of movement of persons and the principle of non-discrimination.
These rights and freedoms protect both non-EU citizens and EU citizens. Once
the above measures are applied, it may become dicult to restore these rights
and freedoms. Even if we are able to grant individuals eective remedies, it would
have been better to draft these controlling measures in such a way that individuals
would not need to seek legal redress.

13
14

OJ L 317/41, 16.11.2006, para. 1.4.5.

Considerations 47 and 48 of the White Paper, COM (85) 310, Brussels, 14 June 1985.

Conclusions

535

To make a nal conclusion, I would like to stress the important role of individual practitioners, whether they work for NGOs assisting immigrants, or as a
lawyer or a judge. Without their knowledge on the applicable laws and available
rights and remedies, the position of third-country nationals seeking protection
and access to justice will remain weak. There is a special task for judges using
their powers in the broadest extent, balancing the dierent interests at stake and
assessing the lawfulness of decisions involved. In a eld were the use of databases
and the mutual recognition of national decisions become increasingly important,
courts should be able to look further than their own national laws. Dealing with
databases such as the Schengen Information System, they should be competent
to assess the lawfulness of foreign decisions aecting individuals rights. Finally,
courts must be made aware of their power to submit preliminary requests to the
Court of Justice. Even if, in the short term, a preliminary procedure will not restore
the rights of the person concerned, in the long-term it might help to safeguard
a coherent and clear interpretation of EU law.

Bibliography
Alston (1999)
Ph. Alston (ed.), The EU and Human Rights, Oxford: Oxford University Press 1999.
Anderson & Bigo (2003)
M. Anderson and D. Bigo, What are EU frontiers for and what do they mean? in: Groenendijk,
Guild & Minderhoud (2003), p. 725.
Ashbourne (2006)
J. Ashbourne, Societal Implications of the Wide Scale Introduction of Biometrics and Identity
Management, Background paper for the Euroscience Open Forum ESOF 2006 in Munich,
July 2006.
Aubert (2002)
F. Aubert, Laccs aux donnes personnelles du systme dinformation Schengen, AJDA, 18
novembre 2002, p. 1208.
Aubin (2000)
E. Aubin, Le juge administrative franais face lapplication de la Convention de Schengen dans
ses dispositions sur le droit dasile. Bilan juridictionnel de lapplication en France des accords
de Schengen, Revue de droit Public, no. 32000, p. 829862.
Aus (2006)
J.P. Aus, Eurodac: A Solution Looking for a Problem? Working Paper no. 9, Centre for European
Studies, University of Oslo, May 2006 http://www.arena.uio.no/publications/
Baldaccini & Guild (2006)
A. Baldaccini and E. Guild, Terrorism and the Foreigner A Decade of Tension around the Rule of
Law in Europe, Leiden/Boston: Martinus Nijho Publishers 2006.
Baldaccini, Guild & Toner (2007)
A. Baldaccini, E. Guild and H. Toner (eds.), Whose Freedom, Security and Justice? EU Immigration
and Asylum Law and Policy Oxford: Hart Publishers, 2007.
Balzacq, Bigo, Carrera & Guild (2006)
T. Balzacq, D. Bigo, S. Carrera, E. Guild, Security and the Two-Level Game: The Treaty of Prm,
the EU and the Management of Threats, CEPS Working Document no. 234, January 2006.
Balzacq & Carrera (2006)
T. Balzacq and S. Carrera, Security versus Freedom? A Challenge for Europes Future, Aldershot:
Ashgate 2006.
Balzacq & Carrera (2006a)
T. Balzacq and S. Carrera, The Hague Programme: The Long Road to Freedom, Security and
Justice, in: Balzacq & Carrera (2006), p. 132.
Barendt (2001)
E. Barendt (ed.), Privacy, Aldershot: Ashgate 2001.
Barnard & Scott (2002)
C. Barnard & J. Scott (eds.), The law of the single European market: unpacking the premises,
Oxford: Hart 2002.
Evelien Brouwer, Digital Borders and Real Rights, pp. 537552.
2008 Koninklijke Brill NV. Printed in the Netherlands.

538

Bibliography

Battjes (2002)
H. Battjes, A Balance between Fairness and Eciency? The Directive on International Protection
and the Dublin Regulation, EJML, 4, 2002, p. 159192.
Battjes (2006)
H. Battjes, European Asylum Law and International Law, Leiden/Boston: Martinus Nijho
Publishers 2006.
Baudouin, Boeles, Kuijer & Spijkerboer (2001)
P.J.A.M. Baudoin, P. Boeles, A. Kuijer, T.P. Spijkerboer, Vreemdelingenwet. Gevolgen voor de
rechtspraktijk, Utrecht: OSR Juridische Opleidingen 2001.
Benda (1995)
E. Benda et al. (eds.), Handbuch des Verfassungsrechts der Bundesrepublik Deutschland, BerlinNew York: Walter de Gruyter 1995.
Bennett (1992)
C.J. Bennett, Regulating Privacy. Data Protection and Public Policy in Europe and the United
States, Ithaca and London: Cornell University Press 1992.
Benyekhlef (1993)
K. Benyekhlef, La protection de la vie prive dans les changes intenationaux dinformations,
Montral: Ed. Thmis 1993.
Bigo (2006)
D. Bigo, Liberty, whose Liberty? The Hague Programme and the Conception of Freedom, in:
Balzacq & Carrera (2006).
Bigo & Guild (2003)
D. Bigo and E. Guild, La mise lcart des trangers: la logique du visa Schengen, Cultures &
Conits, 2003, no. 4950.
Bigo & Guild (2005)
D. Bigo and E. Guild (eds.), Controlling Frontiers. Free movement into and within Europe,
Aldershot: Ashgate 2005.
Billaud (1993)
P. Billaud, La protection des donnes informatiques dan le cadre du Accord de Schengen, in:
Pauly (1993), p. 25 .
Bing & Torvund (1995)
J. Bing, O. Torvund (eds.), 25 Years Anniversary Anthology, Tano: Norwegian Research Center
For Computer and Law 1995.
Bisschof (2004)
B. A. Bisschof, Europische Rasterfahndung grenzelose Sicherheit oder glserne Europer?
Kritische Justiz, Jrg. 37, Heft 4, 2004, p. 361380.
Blake (2004)
N. Blake, Developments in the Case Law of the European Court of Human Rights, in: Bogusz
& Cholewinski (2004), p. 431 .
Blake & Husain (2003)
N. Blake and R. Husain, Immigration, Asylum and Human Rights, Oxford/New York: Oxford
University Press 2003.
Blok (2001)
P. Blok, De splitsing van privacy. Advies over het grondrecht op privacy in het digitale tijdperk,
Ars Aequi 50 (2001), p. 6.
Blok (2002)
P.H. Blok, Het recht op privacy. Onderzoek naar de betekenis van het begrip privacy in het
Nederlandse en het Amerikaanse recht, The Hague: Boom Juridische Uitgevers 2002.

Bibliography

539

de Bock (2004)
R.H. de Bock, De omvang van het geding, Nijmegen: Ars Aequi Libri 2004.
Bcker (1998)
A. Bcker (ed.), Regulation of Migration. International Experiences, Amsterdam: Het Spinhuis
Publishers 1998.
Boeles (1997)
P. Boeles, Fair Immigration Proceedings in Europe, The Hague/Boston/London: Martinus Nijho
Publishers 1997.
Boeles et.al (2004)
P. Boeles, E. Brouwer, A. Woltjer and K. Alfenaar, Border control and movement of persons.
Towards eective legal remedies for individuals in Europe, Utrecht: Forum, 2004.
Boeles (2005)
P. Boeles: Fair and Eective Immigration Procedures in Europe? EJML 7, 2005, p. 213218.
den Boer (1995)
M. den Boer, Moving between bogus and bona de: the policing of inclusion and exclusion in
Europe, in: Miles & Thrnhardt (1995), p. 92 .
den Boer (1996)
M. den Boer, Justice and Home Aairs: Cooperation without integration, in: Wallace & Wallace
(1996), p. 389409.
den Boer et al. (1998)
M. den Boer, A. Guggenbhl, S. Vanhoonacker, Coping with Flexibility and Legitimacy after
Amsterdam, Maastricht: EIPA 1998.
den Boer & Corrado (1999)
M. den Boer and L. Corrado (1999), For the Record or O the Record: Comments About the
Incorporation of Schengen into the EU, European Journal of Migration and Law, 1, 1999,
p. 397418.
den Boer (2000)
M. den Boer (ed.), Schengen Still Going Strong. Evaluation and Update, Maastricht: EIPA
2000.
Bogusz, Cholewinski (2004)
B. Bogusz, R. Cholewinski et al. (eds.), Irregular Immigration and Human Rights:
Theoretical, European and International Perspectives, Leiden/Boston: Martinus Nijhoff
Publishers 2004.
Bonjour (1999)
F. Bonjour, Pour la dfense des trangers, Paris : GISTI Recueil de jurisprudence 1999.
Boswinkel (1993)
B.J. Boswinkel, De privacyrichtlijn begrensd, SEW Sociaal Economisch Weekblad, 7/8, July/
August 1993, p. 551.
Bracke (2001)
N. Bracke, Flexibility, Justice Cooperation and the Treaty of Amsterdam, in: L. Marinho (2001),
p. 55 .
Brochmann, Hammar (1999)
G. Brochmann, T. Hammar, Mechanisms of Immigration Control: A Comparative Analysis of
European Regulation Policies, Oxford-New York: Berg 1999.
Brouwer (1998)
E. Brouwer, Registratie van gegevens en Koppelingswet, Migrantenrecht 56, 1998, p. 164174.
Brouwer (2001)
E. Brouwer, Grensbewaking en het SIS, in: Brouwer & Groenendijk (2001), p. 45 .

540

Bibliography

Brouwer (2002)
E. Brouwer, Eurodac: its Limitations and Temptations, European Journal of Migration and Law,
4, 2002, p. 231247.
Brouwer (2003)
E. Brouwer, Immigration, asylum and terrorism: A changing dynamic legal and practical developments in the EU in response to the terrorist attacks of 11.09, European Journal of Migration
and Law 4, 2003, p. 399424.
Brouwer (2006)
E. Brouwer, Data surveillance and border control in the EU: Balancing eciency and legal
protection of third-country nationals, in: Balzacq & Carrera (2006), p. 137154.
Brouwer & Groenendijk (2001)
E. Brouwer and K. Groenendijk (eds), Derdelanders in de Europese Unie, Utrecht: Forum 2001.
Brouwer, Catz & Guild (2003)
E. Brouwer, P. Catz and E. Guild, Immigration, Asylum and Terrorism. A Changing Dynamic in
European Law, Series Recht & Samenleving no. 19, Nijmegen: University of Nijmegen 2003.
De Bruycker (2003)
Ph. De Bruycker (ed.), The Emergence of a European Immigration Policy, Brussels: Bruylant 2003.
De Bruycker & Carlier (2005)
Ph. De Bruycker and J.Y. Carlier, Immigration and Asylum Law of the EU, current debates,
Brussels: Bruylant 2005.
Bull (1984)
H.P. Bull, Datenschutz oder die Angst vor dem Computer, Mnchen-Zrich: Piper 1984.
Bull (1985)
H.P. Bull Die Grundprobleme des Informationsrechts, Inaugural speech Universtity Tilburg,
Zwolle: W.E.J. Tjeenk Willink 1985.
Burkens et al. (2006)
M. Burkens et al., De beginselen van de democratische rechtsstaat, Alphen aan den Rijn:
Kluwer 2006.
Busch (1999)
H. Busch, Neue Wachstumringe im SIS, Brgerrechte & Polizei/CILIP, 63(2) 1999, p. 8084.
Bygrave (1998)
L.A. Bygrave, Data Protection pursuant to the Right to Privacy in Human Rights Treaties,
International Journal of Law and Information Technology, 1998, Vol. 6, p. 247284.
Bygrave (2003)
L.A. Bygrave, Data Protection Law: approaching its rationale, logic and limits, The Hague: Kluwer
Law International 2003.
Bygrave (2004)
L.A. Bygrave, Privacy Protection in a Global Context A Comparative Overview, Scandanavian
Studies in Law, 2004, vol. 47, p. 324.
Bygrave & Berg (1995)
L.A. Bygrave and Jens Peter Berg, Reections on the rationale for data protection laws, in: Bing
& Torvund (1995), p. 3 .
Carlier & De Bruycker (2005)
J.Y. Carlier and Ph. De Bruycker, Immigration and Asylum Law of the EU: current debates,
Brussels: Bruylant 2005.
Carlier & Guild (2006)
J.Y. Carlier and E. Guild, The Future of Free Movement of Persons in the EU, Brussels:
Bruylant 2006.

Bibliography

541

Carrera (2004)
S. Carrera, What Does Free Movement Mean in Theory and Practice in an Enlarged EU? CEPS
Working Document No. 208/ October 2004 available at: http://www.ceps.be
Catala (1983)
P. Catala, Ebauche dune thorie juridique de linformation, Revue de droit prospectif, 1983, no. 1
Catz (2003)
P. Catz, The Netherlands: small steps on beaten tracks, in: Brouwer, Catz & Guild (2003), p. 57 .
Cholewinski (2000)
R. Cholewinski, The EU Acquis on Irregular Migration: Reinforcing Security at the Expense of
Rights, European Journal of Migration and Law 2, 2000, p. 361405.
Cholewinski (2003)
R. Cholewinski, No Right of Entry, in: Groenendijk, Guild & Minderhoud (2003), p. 105 .
Cholewinski (2004)
R. Cholewinski The Need for Eective Remedies in Matters of Immigration and Border Control,
Migrantenrecht 7, 2004, p. 259262.
Cholewinski (2005)
R. Cholewinski, The Need for Eective Individual Legal Protection in Immigration Matters,
European Journal of Migration and Law, 7, 2005, p. 237262.
Cimade (2003)
Cimade, Centres et locaux de retention administrative, rapport 2003, Paris: 2003.
Cornelisse (2004)
G. Cornelisse, Human Rights for Immigration Detainees in Strasbourg: Limited Sovereignty or
a Limited Discourse? European Journal of Migration and Law 6, 2004, p. 93110.
Craig & Brca (1999)
P. Craig and B. de Brca (eds.), The evolution of EU law, Oxford: Oxford University Press 1999.
Curtin & Meijers (1997)
D. Curtin and H. Meijers, The Principle of Open Government in Schengen and the European
Union: Democratic Retrogression? in: Meijers (1997), p. 13 .
Davy (2006)
U. Davy, Immigration, Asylum and Terrorism: how do they relate in Germany? in: Baldaccini
& Guild (2006), p. 177 .
Dias Urbano De Sousa & De Bruycker (2004)
C. Dias Urbano De Sousa and Ph. De Bruycker (eds.), The emergence of a European asylum
policy/Lmergence dune politique europenne dasile, Brussels: Bruylant 2004.
van Dijk (2001)
P. van Dijk, Protection of Intergrated Aliens against Expulsion under the European Convention
on Human Rights, in: Guild & Minderhoud (2001), p. 23 .
van Dijk & van Hoof (2006)
P. van Dijk and F. van Hoof, Theory and Practice of the European Convention on Human Rights,
Antwerpen/Oxford: Intersentia 2006.
Donner (1993)
J.P.H. Donner, Abolition of Border Controls, in: Schermers et al. (1993), p. 5 .
Dougan (2004)
M. Dougan, National Remedies Before the Court of Justice. Issues of Harmonisation and
Dierentiation, Oxford and Portland, Oregon: Hart Publishing 2004.
Dumortier (1992)
J. Dumortier Het Schengen Informatie Systeem en de bescherming van persoonsgegevens, in:
Fijnaut, Stuyck & Wytinck (1992), p. 119 .

542

Bibliography

Dumortier (1997)
J. Dumortier, Protection of Personal Data in the Schengen Convention, International review of
law, computers and technology, p. 93106 1997.
Eicke (2003)
T. Eicke, Paradise Lost? Exclusion and Expulsion from the EU, in: Groenendijk, Guild
& Minderhoud (2003), p. 147 .
Elgesem (1999)
D. Elgesem, The structure of rights in Directive 95/46 on the protection of individuals with
regard to the processing of personal data and the free movement of such data, Ethics and
Information Technology 1, 1999, p. 283293.
Ellger (1991)
R. Ellger, Datenschutz und Europischen Binnenmarkt (Teil I), RDV 1991/2, p. 5765.
Elzinga (1989)
D.J. Elzinga, De democratische rechtsstaat als ontwikkelingsperspectief. Over machtsregulering
als ontwikkelingslijn, in: Engels & Middel (1989).
Engels & Middel (1989)
J.W.M. Engels, E.M. Middel (eds.), De rechtsstaat herdacht, Zwolle: W.E.J. Tjeenk Willink 1989.
Ensched (1974)
Ch.J. Ensched, Het interim-rapport Koopmans: een discussiebijdrage, NJB, 28 september
1974, a. 32, p. 1030.
Essakkili & Spijkerboer (2006)
S. Essakkili, T.P. Spijkerboer, De marginale toetsing in asielzaken, NJB, A. 2006/33, no. 1439.
Fasti (2002)
M. Fasti, The restrictive approach taken by the European Court of Human Rights: deportation
of longterm immigrants and right to family life (Part 1 and 2), Tolleys Immigration, Asylum and
Nationality Law, Vol. 16, nos 3 & 4, 2002.
Fernhout & Steenbergen (1994)
R. Fernhout and J.D.M Steenbergen, Rechtspraak Vreemdelingenrecht 1993, Nijmegen: Ars Aequi
Libri 1994.
Fijnaut (1993)
C.J.C.F. Fijnaut, Police cooperation in Western Europe, in: Schermers et al. (1993), p. 75 .
Fijnaut & Hermans (1987)
C. Fijnaut and R. Hermans (eds.), Police Co-operation in Europe, Lochem: J.B. van den Brink
1987.
Fijnaut, Stuyck & Wytinck (1992)
C. Fijnaut, J. Stuyck, P. Wytinck, Schengen: Proeftuin voor de Europese Gemeenschap? Antwerpen:
Gouda Quint 1992.
Flaherty (1989)
D.H. Flaherty, Protecting Privacy in Surveillance Societies. The Federal Republic of Germany,
Sweden, France, Canada and the United States, Chapel Hill: University of North Carolina
Press 1989.
Fode (1993)
H. Fode, Nordic Experience on Criminal Law, in: Schermers et al. (1993), p. 6169.
Forstho (1973)
E. Forstho, Lehrbuch des Verwaltungsrechts, Mnchen: C.H. Beck 1973.
Frowein & Stein (1987)
J.A. Frowein, Torsten Stein, Die Rechsstellung von Auslndern nach staatlichem Recht un
Vlkerrecht, Teil 1, Berlin/ Heidelberg: Springer Verlag 1987.

Bibliography

543

Garside (2006)
A. Garside, The political genesis and legal impact of proposals for the SIS II: what cost for data
protection and security in the EU? Sussex Migration Working Paper no. 30, March 2006, available
at http://www.sussex.ac.uk
Gautier (2005)
M. Gautier, La dpassement du caractre national de la juridiction administrative franaise:
le contentieux Schengen, Droit Administratif, Mai 2005, p. 7 .
Geddes (2000)
A. Geddes, Immigration and European Integration. Towards Fortress Europe? Manchester:
Manchester University Press 2000.
Giraud (1999)
Ph. Giraud, Lexprience de la France dans la mise en oeuvre de Schengen, in: Hailbronner &
Weil (1999), p. 3141.
GISTI (2003)
GISTI, Contrler, surveiller et punir, Analyse de la rforme Sarkozy sur lentre et le sjour des
trangers en France, Paris: GISTI April 2003.
GISTI (2003a)
GISTI, Les visas en France. La rglementation, les recours les texts, Paris: GISTI May 2003.
GISTI (2005)
GISTI, Utiliser le rfr administrative pour la dfense des trangers, Paris: GISTI November
2005.
GISTI (2006)
GISTI, Les Visas, Les Cahiers Juridiques, Paris: GISTI September 2006.
Giuseppin & Jansen (1996)
P.R. Giuseppin and W.A.M Jansen, Het Akkoord van Schengen en vreemdelingen. Een ongecontroleerde grens tussen recht en beleid? Verslag studiedag OSR 31 oktober 1996, Utrecht: NCB 1996.
Groenendijk (1993)
C.A. Groenendijk, The competence of the EC Court of Justice, in: Meijers et al. (1993),
p. 45 .
Groenendijk (2003)
K. Groenendijk, New Borders Behind Old Ones: Post-Schengen Controls Behind Internal
Borders and Inside the Netherlands and Germany, in: Groenendijk, Guild & Minderhoud
(2003), p. 131 .
Groenendijk (2003a)
K. Groenendijk, The Directive on mutual recognition of expulsion decisions: symbolic or unbalanced politics? in: P. de Bruycker (2003), p. 447463.
Groenendijk (2004)
K. Groenendijk, Re-instatement of controls at the internal borders of Europe: why and against
whom? European Law Journal 2, 2004, p. 150170.
Groenendijk (2006)
K. Groenendijk, Citizens and Third-Country Nationals: Dierential Treatment or Discrimination?
in: Carlier & Guild (2006), p. 79 .
Groenendijk, Guild & Minderhoud (2003)
K. Groenendijk, E. Guild, and P. Minderhoud (eds.), In Search of Europes Borders, The Hague/
London/New York: Kluwer Law International 2003.
Groeneweg, van den Berg, Verhey (2001)
H.W. Groeneweg, I.H. van den Berg, M. Verheij, Teksten en toelichting op de Vreemdelingenwet
2000, The Hague: SDU Uitgevers 2001.

544

Bibliography

Guild (2000)
E. Guild, Adjudicating Schengen: National judicial control in France, European Journal of
Migration and Law 1, 2000, p. 419439.
Guild (2000a)
E. Guild, European Community Law from a Migrants Perspective, The Hague/London/Boston:
Kluwer Law International 2000.
Guild (2001)
E. Guild, Moving the Borders of Europe, Inaugural lecture, Nijmegen: University of Nijmegen 2001.
Guild (2003)
E. Guild, The Borders Abroad Visas and Border Controls, in: Groenendijk, Guild & Minderhoud
(2003).
Guild (2004)
E. Guild, The Legal Elements of European identity. EU Citizenship and Migration Law, The Hague:
Kluwer Law International 2004.
Guild (2005)
E. Guild, The Legal Framework: Who is Entitled to Move? in: Bigo & Guild (2005), p. 14 .
Guild (2006)
E. Guild (ed.), Constitutional challenges to the European Arrest Warrant. A challenge for European
Law: the merging of international and external security. Nijmegen: Wolf Legal Publishers
2006.
Guild (2007)
E. Guild, Unreadable Papers? The EUs rst experiences with biometrics: Examining Eurodac
and the EU Borders, in: J. Lodge (ed.), Are you who you say you are? Liberty and security in the
EU, Nijmegen: Wolf Legal Publishers 2007, (forthcoming).
Guild & Niessen (1996)
E. Guild and J. Niessen, The Developing Immigration and Asylum Policies of the European Union,
The Hague/London/Boston: Kluwer Law International 1996.
Guild & Minderhoud (2001)
E. Guild and P. Minderhoud, Security of Residence and Expulsion: protection of aliens in Europe,
Leiden/Boston: Martinus Nijho Publishers 2001.
Guild & Geyer (2006)
E. Guild and F. Geyer, Getting local: Schengen, Prm and the dancing procession of Echternach
Three paces forward and two back for EU police and judicial cooperation in criminal matters,
December 2006, available at: http://www.ceps.be
Gutmann (1999)
R. Gutmann, Datenschutz und europischen Aufenthaltsrecht, ZAR 5, 1999, p. 229231.
Hailbronner (2000)
K. Hailbronner, Immigration and Asylum Law and Policy of the EU, The Hague: Kluwer Law
International 2000.
Hailbronner & Weil (1999)
K. Hailbronner and P. Weil (eds.), From Schengen to Amsterdam. Towards a European Immigration
and Asylum Legislation, Trier: ERA Series of Publications, Vol. 29, 1999.
Hartley (2003)
T.C. Hartley, The foundations of European Community Law, Oxford: Oxford University
Press 2003.
Harvey (2001)
C. Harvey, Promoting Insecurity: Public Order, Expulsion and the European Convention on
Human Rights, in: Guild & Minderhoud (2001), p. 41 .

Bibliography

545

Hayes (2004)
B. Hayes From the Schengen Information System to SIS II and the Visa Information System (VIS):
the proposals explained, Statewatch analysis, February 2004, http:// www.statewatch.org
Hayes (2005)
B. Hayes (2005), SIS II: fait accompli? Construction of EUs Big Brother database underway
Statewatch analysis, May 2005, http://www.statewatch.org
Hemesath (1995)
W. Hemesath, Das Schengener Informationssystem SIS , Ausschreibungskategorien und Aus
schreibungsmodalitten, Kriminalistik, 3/1995, p. 169171.
de Hert & Guthwirth (2003)
P. de Hert and S. Guthwirth, Making sense of privacy and data protection: a prospective overview
in the light of the future identity, location-based services and virtual residence, Annex 1 to the
report Security and Privacy for the Citizen in the Post-September 11 Digital Age: A Prospective Overview,
Technical Report Series, Institute for Prospective Technological studies, Brussels, July 2003.
de Hert & Gutwirth (2006)
P. de Hert and S. Gutwirth, Interoperability of Police Databases within the EU: An Accountable
Political Choice? International Review of Law Computers & Technology, Vol. 20, Nos. 1 & 2,
p. 2135.
de Hert, Schreurs & Brouwer (2006)
Paul de Hert, Wim Schreurs and Evelien Brouwer, Machine-Readable Identity Documents with Biometrical Data in the EU (Part I), Keesing Journal of Documents & Identity, Issue no. 21, 2006, p. 3 .
Hoeksma & Rensen (1990)
J.W. Hoeksma and H.L. Rensen, SIS moet voldoende bieden, niet meer en niet minder, Algemeen
Politieblad, nr. 8, 14 April 1990, p. 179183.
Holterman (1994)
Th. Holterman, Ongewenst signalering getoetst, Migrantenrecht 1994/5, p. 96.
Hondius (1975)
F.W. Hondius, Emerging Data Protection in Europe, Amsterdam: North-Holland Pub. Company
1975.
Hoogenboom (1992)
T. Hoogenboom, Free movement of non-EC nationals, Schengen and beyond, in: Meijers et al.
(1992), p. 74 .
den Houdijker (2006)
F.M.J. den Houdijker, Punitief karakter ongewenstverklaring, -signalering en rechtsbescherming, Migrantenrecht 67, 2006, p. 239243.
House of Lords (2006)
House of Lords, European Union Committee, Schengen Information System II (SIS II), Report
with Evidence, 9th report of session 200607, London: 2006.
Hreblay (1998)
V. Hreblay, Les Accords de Schengen. Origine, Fonctionnement, Avenir, Bruxelles: Bruylant 1998.
Hubert (1999)
P. Hubert, De Schengen Amsterdam: Questions juridiques et solutions institutionnelles, in:
Hailbronner & Weil (1999), p. 65 .
Hurwitz (1999)
A. Hurwitz, The 1990 Dublin Convention: A Comprehensive Assessment, International Journal
of Refugee Law 11 (4), 1999, p. 646677.
Jessurun dOliveira (1990)
H.U. Jessurun dOliveira, Schengen uitgerangeerd? NJB, 1990, nr. 4, p. 129131.

546

Bibliography

de Jong (1993)
C.D. de Jong, Cooperation in the eld of Aliens Law, in: Schemers (1993), p. 183 .
Julien-Laferrire (2005)
F. Julien-Laferrire, La loi no. 2003-1119 du 26 Novembre 2003 relative la matrise de
limmigration, au sjour des trangers en France et la nationalit, in : Carlier & De Bruycker
(2005), p. 530558.
Justice (2000)
Justice, The Schengen Information System. A human rights audit, London: Justice 2000.
Kant (2001)
M. Kant, Nothing doing? Taking stock of data trawling operations in Germany after 11
September 2001, Statewatch, May-August 2005 Vol. 15, no. 3/4, p. 19.
Karanja (2002)
S.K. Karanja, The Schengen Information System in Austria: An Essential Tool in Day to Day
Police and Border Control Work? The Journal of Information, Law and Technology 2002 (1), p.
Kaspersen & Oskamp (1990)
H.W.K. Kaspersen and A. Oskamp (eds.), Amongst Friends in Computers and Law. A Collection of
Essays in Remembrance of Guy Vandenberghe, Deventer/Boston: Kluwer Computer/Law Series 1990.
Kayser (1990)
P. Kayser, La protection de la vie prive, Marseille: Economica Presses universitaires dAixMarseille 1990.
Kayser (1995)
P. Kayser, La protection de la vie prive par le droit: protection du secret de la vie prive,
Aix-en-Provence: Economica Presses universitaires dAix-Marseille 1995.
de Kerchove (1998)
G. de Kerchove, Une espace de libert, de scurit et de justice, in: den Boer et al. (1998),
p. 197204.
Kjaer (2003)
K. Kjaer, How Many Borders in the EU? in: Groenendijk, Guild & Minderhoud (2003),
p. 169 .
Kleijne (2001)
J. Kleijne, Artikelsgewijs commentaar op de Vreemdelingenwet 2000 en het Vreemdelingenbesluit
2000, Deventer: Kluwer 2001.
Klip (1997)
A.H. Klip, Uniestrafrecht is op hol geslagen, NJB 11 April 1997, a. 15, p. 663671.
Kommers (1997)
D.P. Kommers, The Constitutional Jurisprudence of the Federal Republic of Germany, Durham and
London: Duke University Press 1997.
Kor (1990)
D. Kor, The Schengen Information System: also a question of data protection, in: Mols (1990),
p. 67 .
Kroon (1997)
L.M.N. Kroon, European information systems: beyond borders? Barriers within the development
process of the Schengen Information System and the Social Security Network, Delft: Eburon 1997.
Kuijer/Steenbergen (2005)
A. Kuijer et al., Nederlands Vreemdelingenrecht, Den Haag: Boom Juridische Uitgevers 2005.
Kunig (1989)
Ph. Kunig, Das Rechtsstaatsprinzip: berlegungen zu seiner Bedeutung fr das Verfassungsrecht der
Bundesrepublik Deutschland, Tbingen: Mohr (Siebeck) 1989.

Bibliography

547

Lavenex (2001)
S. Lavenex, The Europeanisation of Refugee policies. Between human rights and internal security,
Aldershot: Ashgate 2001.
Lawson (1999)
R. Lawson, Het EVRM en de Europese Gemeenschappen, Europese Monograen no. 61, The
Hague: Kluwer 1999.
Lecucq (2004)
O. Lecucq, Lexamen par le Conseil Constitutionnel de la nouvelle lgislation sur limmigration,
AJDA, 22 mars 2004, p. 599606.
Leutheusser-Schnarrenberger (2004)
S. Leutheusser-Schnarrenberger, Ein System gert ausser Kontrolle: Das Schengener
Informationssystem, Zeitschrift fr Rechtspoltik, 14 Juni 2004, 37. Jahrgang, p. 97101.
Lodge (2005)
J. Lodge, eJustice, Security and Biometrics: the EUs Proximity Paradox, European Journal of
Crime, Criminal Law and Criminal Justice, Vol. 13/4, 2005, p. 533564.
Magnon (2003)
X. Magnon, Le champ dapplication territorial de laccord de Schengen, Lactualite juridique,
Droit administratif 13, 2003, p. 683684.
Malabre (2001)
J.E. Malabre, Security of residence and expulsion: protection of aliens in Europe: the French
experience, in Guild & Minderhoud (2001), p. 125137.
Marinho (2001)
L. Marinho, Asylum, Immigration and Schengen Post Amsterdam, Maastricht: EIPA 2001.
Marx (2004)
R. Marx, Terrorismusvorbehalte des Zuwanderungsgesetzes, ZAR, 8/2004, p. 275282.
Maurer (2002)
H. Maurer, Allgemeines Verwaltungsrecht, Mnchen: C.H. Beck 2002.
Meijers (1992)
H. Meijers et al., Schengen Internationalisation of central chapters of the law on aliens, refugees,
privacy, security and the police, Leiden: Stichting NJCM-Boekerij 1992.
Meijers (1993)
H. Meijers et al., A New Immigration Law for Europe? Utrecht: Centre for Immigrants 1993.
Meijers (1997)
H. Meijers (ed.), Democracy, Migrants and Police in the European Union: the 1996 IGC and
beyond, Forum: Utrecht 1997.
Melis (2001)
B. Melis, Negotiating Europes Immigration Frontiers, Deventer: Kluwer Law International 2001.
Michael & Heimans (1990)
P.A. Michael and D. Heimans, Privacybescherming in SIS is uitvoerig geregeld, Algemeen
Politieblad, nummer 9, 28 april 1990, p. 203 .
Miles & Thrnhardt (1995)
D. Miles, D. Thrnhardt Migration and European Integration, London: Pinter Publishers
1995.
Minderhoud (2000)
P. Minderhoud, The Dutch Linking Act and the Violation of Various International NonDiscrimination Clauses, European Journal of Migration and Law 2000, p. 185201.
Mols (1997)
G.P.M.F. Mols (ed.): Dissonanten bij het Schengen akkoord, Deventer: Kluwer 1990.

548

Bibliography

Monar (2000)
J. Monar, The Impact of Schengen on Justice and Home Aairs, in: Den Boer (2000), p. 21 .
Nascimbene (2001)
B. Nascimbene (ed.), Expulsion and detention of aliens in the European Union countries, Milan:
Giur Editore 2001.
Niessen (1996)
J. Niessen, The European Unions Migration and Asylum Policies, in: Guild & Niessen (1996), p. 3 .
Noll & Vedsted-Hansen (1999)
G. Noll and J. Vedsted-Hansen, Non-Communitarians: Refugee and Asylum Policies, in: Alston
(1999), p. 359 .
Nugter (1990)
A.C.M. Nugter, Transborder Flow of Personal Data within the EC. A comparative analysis of the
privacy statutes of the Federal Republic of Germany, France, the United Kingdom and the Netherlands
and their impact on the private sector, diss., Deventer: Kluwer Law and Taxation Publishers
1990.
OKeee (1993)
D. OKeee, Convention on Crossing External Borders, in: Pauly (1993), p. 171 .
OKeee (2000)
D. OKeee, Judicial Review in European Union Law, The Hague: Kluwer Law International
2000.
Overkleeft-Verburg (1995)
G. Overkleef-Verburg, Wet persoonsregistraties, Norm, toepassing en evaluatie, Zwolle: W.E.J.
Tjeenk Willink 1995.
Pallet (2001)
L. Pallet, The UK position. Implementing the Schengen Protocol, in: Marinho (2001), p. 9195.
Pallez (2004)
C. Pallez, LExercise du pouvoir de sanction est une rvolution culturelle pour la CNIL, Petites
aches, 29.09.2004, no. 195, p. 3.
Pauly (1993)
A. Pauly (ed.), Les accords du Schengen: Abolition des frontires intrieures ou menace pour les libert
publiques? Maastricht: EIPA 1993.
Pauly (1996)
A. Pauly (ed.), De Schengen Maastricht: voie royale et course dobstacles, Maastricht: EIPA 1996.
Peers (2001)
S. Peers, Key Legislative Developments on Migration in the European Union (1) European
Journal of Migration Law 3, 2001, p. 231255.
Peers (2001a)
S. Peers, Immigration, Asylum and the European Union Charter of Fundamental Rights,
European Journal of Migration Law 3, 2001, p. 141169.
Peers (2002)
S. Peers, EU Immigration and Asylum law after Seville, Tolleys Immigration, Asylum and
Nationality Law, vol. 16, no. 3, 2002.
Peers (2003)
S. Peers, Key Legislative Developments on Migration in the European Union (2) European
Journal of Migration Law 5, 2003, p. 107141.
Peers (2006)
S. Peers, From Black Market to Constitution: The Development of the Institutional Framework
for EC Immigration and Asylum Law, in Peers & Rogers (2006), p. 19 .

Bibliography

549

Peers & Rogers (2006)

Steve Peers and Nicola Rogers (eds.), EU Immigration and Asylum Law: Text and Commentary,
Leiden/Boston: Martinus Nijho Publishers 2006.
Pinckaers (1996)
J.C.S. Pinckaers, From privacy towards a new intellectual property right in persona: the right of
publicity (United States) and portrait law ( Netherlands) balanced with freedom of speech and free
trade principles, The Hague: Kluwer Law International 1996.
Podlech (1973)
A. Podlech, Verfassungsrechtliche Probleme entlicher Informationssysteme, DVR 1972/1973,
p. 149 .
Poullet (1990)
Y. Poullet, Data Protection Between Property and Liberties. A Civil Law Approach, in: Kaspersen
& Oskamp (1990), p. 161 .
Preuss-Laussinotte (2000)
S. Preuss-Laussinotte, Les chiers et les trangers au cur des nouvelles politiques de scurit, Paris:
Librairie gnrale de droit et de jurisprudence, E.J.A. 2000.
Prins (1995)
J.E.J. Prins et.al., In het licht van de Wet persoonsregistraties: zon, maan of ster? Alphen aan den
Rijn/Diegem: Samsom Bedrijfsinformatie bv. 1995.
Prins (1998)
C. Prins, Biometric Technology Law. Making our bodies identify for use: Legal implications of biometric technologies, Computer Law & Security Report, Vol. 14, no. 3, 1998,
p. 159165.
Puntervold B (1998)
B. Puntervold B, The Use of Visa Requirements as a Regulatory Instrument for the Restriction
of Migration, in: Bcker (1998), p. 191202.
Renner (2001)
G. Renner, Verwaltungsvorschriften zum Staatsangehrigkeit-und zum Auslnderrecht, BadenBaden: Nomos Verlaggeselschaft 2001.
Rigaux (1990)
F. Rigaux, La protection de la vie prive et des autres biens de la personnallit, Brussels: mile
Bruylant 1990.
Rule (1974)
J.B. Rule, Private Lives and Public Surveillance, London: Allen Lane 1974.
Saas (2003)
C. Saas, Les refus de dlivrance des visas fonds sur une inscription au Systme Information
Schengen, Cultures & Conits 4950, 2003.
Saas (2006)
C. Saas, The changes in laws on immigration and asylum in France in response to terrorist fears,
in: Baldaccini & Guild (2006), p. 233 .
Schattenberg (1993)
B. Schattenberg, SIS : Privacy and Legal Protection, in: Schermers et al. (1993), p. 43 .
Schermers (1993)
H.G. Schermers et al., Free Movement of Persons in Europe: Legal Problems and Experiences,
Dordrecht/Boston/London: Martinus Nijho Publishers 1993.
Schlanitz (1993)
E. Schlanitz, Lchange international dinformations de police dans le cadre des systems
dinformation dInterpol et de Schengen, in: Pauly (1993), p. 39 .

550

Bibliography

Schlink (1982)
B. Schlink, Die Amtshilfe. Ein Beitrag zu einer Lehre von der Gewaltenteilung in der Verwaltung,
Berlin: Duncker & Humblot 1982.
Schmahl (2004)
S. Schmahl, Internationaler Terrorismus aus der Sicht des deutschen Auslnderrechts, ZAR
7/2004, p. 217225.
Schmid (2003)
Ch. Schmid, Eurodac Verordnung. Europisches System zur Identizierung von Fingerabdrcken,
Wien: NWV Verlag 2003.
Schmid-Drner
Marion Schmid-Drner, Der Begri der entlichen Sicherheit und Ordnung im Einwanderungsrecht
ausgewhlter EU-Mitgliedstaaten: Status quo und Reformbedarf auf europischer Ebene, BadenBaden: Nomos Verlag 2007.
Schriever-Steinberg (1994)
A. Schriever-Steinberg, Das Auslnderzentralregistergesetz, NJW 1994, Heft 50, p. 32763277.
Schrder (2001)
B. Schrder, Das Fingerabdruckvergleichssystem EURODAC, in ZAR 2/2001, p. 7176.
Schutte (1990)
J.J.E. Schutte, Strafrecht in Europees verband, Justitile verkenningen, 1990.
Simitis (1990)
S. Simitis, Datenschutz und Europischen Gemeinschaft, RDV 1990, Heft 1, p. 323.
Simitis (1999)
S. Simitis, Revisiting Sensitive Data, Review of the answers to the Questionnaire of the
Consultative Committee of the Convention for the Protection of Individuals with regard to
Automatic Processing of Personal Data (ETS 108), Strasbourg, 2426 November 1999.
Simitis (2006)
S. Simitis (ed.), Bundesdatenschutzgesetz, Baden-Baden: Nomos 2006.
Spijkerboer & Vermeulen (2005)
T.P. Spijkerboer and B.P. Vermeulen, Vluchtelingenrecht, Nijmegen: Ars Aequi Libri 2005.
Staples (1999)
H. Staples, The legal status of third country nationals resident in the European Union, The Hague/
London/Boston: Kluwer Law International 1999.
Staples (2000)
H. Staples, Adjudicating the Schengen Agreements in the Netherlands, European Journal of
Migration Law 2, 2000, p. 4983.
Steenbergen (1992)
J.D.M. Steenbergen, Schengen and the movement of persons, in: Meijers et al. (1992), p. 57 .
Steenbergen (1997)
J.D.M. Steenbergen, De grenzen van Schengen, in: Giuseppin & Jansen (1997), p. 1825.
Steenbergen (1999)
J.D.M. Steenbergen, All the Kings Horses Probabilities and Possibilities for the Implementation
of the New Title IV EC Treaty, European Journal of Migration Law 1, 1999, p. 2960.
Swart (1978)
A.H.J. Swart, De toelating en uitzetting van vreemdelingen, Deventer: Kluwer 1978.
Swart (2001)
A.H.J. Swart, Een ware Europese rechtsruimte, Deventer: Gouda Quint 2001.
Temple Lang (2000)
John Temple Lang, The Principle of Eective Protection of Community Law Rights, in: OKeee
(2000), p. 235 .

Bibliography

551

Tuner (2000)
M. Tuner, Das Schengener Informationssystem (SIS), Ein Quantensprung der polizeilichen
Fahndung in Europa, Kriminalistik 1/00, p. 3943.
Turpin (2004)
D. Turpin, Les nouvelles lois sur limmigration et lasile dans le contexte de lEurope et la mondialisation, Revue critique de droit international priv, 93 (2) avril-juin 2004, p. 311393.
Vedsted-Hansen (2001)
J. Vedsted-Hansen, Abolition of Border Controls within the Nordic Region and Security of
Residence in Denmark, in: Guild & Minderhoud (2001), p. 91 .
Verhey (1991)
L.F.M. Verhey, Privacy aspecten van de uitvoeringsovereenkomst van het Akkoord van Schengen,
NJB 31 januari 1991, a. 5, p. 217 .
Verhey (1992)
L.F.M. Verhey, Privacy aspects of the Convention, in: Meijers et.al. (1992), p. 110 .
Verschueren (1992)
H. Verschueren, Vrij verkeer van personen in Schengen-verdragen, in: Fijnaut, Struijk &
Wytinck (1992), p. 1354.
Wallace & Wallace (1996)
H. Wallace and W. Wallace, Policy-Making in the European Union, Oxford: Oxford University
Press 1996.
Warren & Brandeis (1890)
S.D. Warren and L.D. Brandeis, The Right to Privacy, Harvard Law Review, Vol. IV, 15
December, no. 5, 1890.
Wayman (2006)
J. Wayman, Linking Persons to Documents with Biometrics. Biometric systems from the 1970s
to date, Keesing Journal of Documents & Identity, Issue 16, 2006, p. 14.
Webber (1996)
F. Webber, Crimes of Arrival: Immigrants and Asylum-seekers in the New Europe, London:
Statewatch Publications 1996.
Weichert (1990)
Th. Weichert, Das geplante Schengen-Informationssystem, Computerrecht 1/1990.
Weichert (1993)
Th. Weichert, Auslndererfassung in der Bundesrepublik. Die informationele Sonderbehandlung
von Immigrantinnen und Flchtlingen, Brgerrechte & Polizei/CILIP 45, 2/1993.
Weichert (1998)
Th. Weichert, AZRG. Kommentar zum Auslnderzentralregistergesetz, Neuwied-Kriftel:
Luchterhand 1998.
Weichert (2002)
Th. Weichert, Datenschutz fr Flchtlinge nach der Anti-Terr0r-Gesetzgebung, Asylmagasin
4/2002, p. 49.
Weil (1997)
P. Weil, Rapports au Premier Ministre. Mission dtudes des lgislations de la nationalit et de
limmigration, Paris: La documentation franaise 1997.
Westphal (1999)
V. Westphal, Die Ausschreibung zur Einreiseverweigerung im Schengener Informationssystem Vorraussetzungen, Wirkungen und Rechtsschutzmglichkeiten, InfAuslR 1999,
p. 361365.
Westphal & Stoppa (2007)
V. Westphal and E. Stoppa, Auslnderrecht fr die Polizei, Lbeck: Westphal/ Stoppa 2007.

552

Bibliography

Wilkesmann (1999)
P. Wilkesmann, Pldoyer fr das Schengener Informationssystem, NStZ 1999, Heft 2, p. 6871.
Westin (1967)
A.F.Westin, Privacy and Freedom, New York: Athenaeum 1967.
van Winckel (1982)
J.J.A.M van Winckel, Het personenverkeer in de Benelux, SEW 7/8, 1982, p. 552562.
de Wit (1991)
M.L.S. de Wit, Het akkoord van Schengen: vergelijkend onderzoek tussen Nederland en Frankrijk,
Mast. Thesis, University Nijmegen 1991.
Woltjer (1995)
A. Woltjer, Schengen: The Way of No Return? Maastricht Journal of European and Comparative
Law 2, 1995, p. 256278.
de Zwaan (1993)
J. de Zwaan, Institutional Problems and Free Movement of Persons, in: Schermers et al. (1993),
p. 335 .

Jurisprudence
European Court of Human Rights (http://www.echr.coe.int/)
Klass v. Germany, 6 September 1978, no. 5029/71, Series A 28 .................... 160,
167169, 174, 175, 196, 201, 264, 324, 412
Airey, 9 October 1979, no. 6289/73 Series A 32 ................................... 163, 259
Albert and Le Compte I and II, 10 February 1983, nos. 7299/75
and 7496/76 Series A 58 ........................................................................... 262
Silver and others v. United Kingdom, 25 March 1983, no. 5947/72,
Series A 61 ................................................................................................ 254
Zimmermann v. Switzerland, 13 July 1983, no. 8737/79, Series A 66 ............ 259
Malone v. United Kingdom, 2 August 1984, no. 8691/79,
Series A 82 ........................................................................ 160, 164, 169, 173
Benthem v. Netherlands, 23 October 1985, no. 8848/80, Series A 97 ............. 246
Rees v. United Kingdom, 17 October 1986, no. 8532/81, Series A 106 .......... 156
Leander v. Sweden, 26 March 1987, no. 9248/81,
Series A no. 116 ........ 153, 154, 164, 166168, 170, 173175, 199, 264, 324
Belilos v. Switzerland, 29 April 1988, no. 10328/83, Series A 132 ......... 258, 262
Gaskin v. United Kingdom, 7 July 1989, Series A no. 160 ..................... 155, 156,
167, 169, 173, 175, 199, 324
Kruslin and Huvig v. France, 24 April 1990 (joined cases) nos. 11801/95
and 11105/84, Series A 176 A and B ........................ 164, 165, 168, 173, 324
Obermeier v. Austria, 28 June 1990, no. 11761/85, Series A 179 ................... 263
Moustaquim v. Belgium, 18 February 1991, no. 12313/86,
Series A 193 ...................................................................................... 256, 268
Cardot v. France, 19 March 1991, no. 11069/84, Series A 200 ...................... 254
Oberschlick v. Austria (I), 23 May 1991, no. 11661/85, Series A 204............. 258
Vilvarajah and others v. United Kingdom, 30 October 1991,
no. 13163/87, Series A 215 ............................................... 257, 259, 264, 325
Castells v. Spain, 23 April 1992, no. 11798/85, Series A 236 ......................... 254
Geoure de la Pradelle v. France, 16 December 1992, no. 12964/87,
Series A 253 .............................................................................. 246, 254, 259
Niemietz v. Germany, 16 December 1992, no. 13710/88
Series A 251B............................................................................ 153, 155, 197
Evelien Brouwer, Digital Borders and Real Rights, pp. 553562.
2008 Koninklijke Brill NV. Printed in the Netherlands.

554

Jurisprudence

Salesi v. Italy, 26 February 1993, Series A 257E............................................. 269

Beaumartin v. France, 24 November 1994, no. 15287/89 Series A 296B ....... 263
Ruiz Torija v. Spain, 9 December 1994, Series A 303-A................................. 172
Piermont v. France, 27 April 1995, no. 15773 and 15574/89,
Series A 314 .............................................................................................. 254
Abdulaziz, Cabales and Balkandali v. UK, 28 May 1995,
nos. 9214/80, 9473/81, 9474/81 Series A 94 .................................... 254, 324
Nasri v. France, 13 July 1995, no. 19465/92 Series A 320-B.......................... 256
Gl v. Switzerland, 19 February 1996, no. 22676/93, Reports 1996-I ........... 255
Amuur v. France, 25 June 1996, no. 19776/92,
Reports 1996-III................................................................ 260, 261, 269, 270
Akdivar v. Turkey, 16 September 1996, Reports 1996-VI ............................... 171
Gaygusuz v. Austria, 16 September 1996, no. 17371/90,
Reports 1996-V ......................................................................................... 268
Chahal v. United Kingdom, 15 November 1996, no. 22414/93,
Reports 1996-V ......................................... 257, 259, 263265, 270, 271, 325
Ahmut v. Netherlands, 28 November 1996, no. 21702/93,
Reports 1996-V ................................................................................. 255, 324
Z. v. Finland, 25 February 1997, no. 22009/93,
Reports 1997-I .................................................................. 155, 166, 173, 175
Hornsby v. Greece, 19 March 1997, no. 18357/91, Reports 1997-II ....... 266, 271
Sheeld and Horsham v. United Kingdom, 30 July 1998,
nos. 22985/93 and 23990/94 Reports 1998-V .......................................... 156
S.N. v. Netherlands, 4 May 1999 (dec.) no. 38088/97................................... 247
J.E.D. v. UK, 2 February 1999 (dec.) no. 42225/98 ..................................... 247
Iatridis v. Greece, 25 March 1999, no. 31107/96, ECHR 1999-II ......... 266, 271
Amann v. Switzerland 16 February 2000, no. 27798/95
ECHR 2000-II ......................................................... 157, 158, 160, 169, 173
Rotaru v. Romania, 4 May 2000, no. 28341/95 ECHR 2000-V ........... 154, 157,
159, 160, 165, 167, 169, 171176, 197, 249, 325
Jabari v. Turkey, 11 July 2000, no. 40035/98,
ECHR 2000-VIII ..................................................................... 257, 267, 271
Maaouia v. France, 5 October 2000, no. 39652/98,
ECHR 2000-X ......................................................... 246248, 253, 272, 308
P.G. and J.H. v. the United Kingdom, 25 September 2001
no. 44787/98 ECHR 2001-IX .......................................... 153, 159160, 173
Boultif v. Switzerland, 2 August 2001, no. 54273/00, ECHR 2001-IX .......... 257
Ludescher v. Austria, 20 December 2001, no. 35019/97 (unreported) ........... 269
Sen v. Netherlands, 21 December 2001,
no. 31465/96 (unreported) ...................................................... 254, 255, 324

Jurisprudence

555

onka v. Belgium, 5 February 2002, no. 51564/99,

ECHR 2001-I ...................................251, 254, 259, 260, 267, 268, 270, 325
McVicar v. United Kingdom, 7 May 2002, no. 46311/99,
ECHR 2002-III ........................................................................................ 260
Al-Nashif v. Bulgaria, 20 June 2002, no. 50963/99, JV 2002/239......... 245, 254,
256, 258, 261, 264, 265, 270, 271, 325
Christine Goodwin v. United Kingdom, 11 July 2002,
no. 28957/95 (unreported) ...................................................................... 156
Peck v. United Kingdom, 28 January 2003, no. 44647/98,
ECHR 2003-I ................................................... 153, 160, 161, 173, 174, 206
Mamatkulov and Abdurasulovic v. Turkey (I), 6 February 2003,
no. 46827/99 (unreported) ...................................................... 262, 267, 270
Chevrol v. France, 13 February 2003, no. 49636/99
ECHR 2003-III ................................................................ 250, 251, 262, 325
Hatton and others v. United Kingdom, 8 July 2003, no. 36022/97
ECHR 2003-VIII ..................................................................................... 263
Perry v. United Kingdom, 17 July 2003, no. 63737/00,
ECHR 2003-IX ................................................................ 160, 161, 173, 174
Smirnova v. Russia, 24 July 2003, nos. 46133/99 and 48183/99,
ECHR 2003-IX ........................................................................ 161, 162, 173
Poirrez v. France, 30 September 2003, no. 40892/98,
ECHR 2003-X ......................................................................................... 268
Buzescu v. Romania, 24 May 2005, no. 61302/00 (unreported) .... 250, 251, 325
Iletmi v. Turkey, 6 December 2005,
no. 29871/96 (unreported) ...................................................... 162, 173, 511
Lupsa v. Romania, 8 June 2006, no. 10337/04, JV 2006/311 ............... 252, 261
Segerstedt-Wiberg and others v. Sweden, 6 June 2006,
no. 62332/00 ECHR 2006, 89 ................. 153, 154, 159, 165, 170, 173175
Coorplan-Jenni and Hascic v. Austria, 27 July 2006,
no. 10523/02 (unreported) ...................................................................... 249
Kaya v. Romania, 12 October 2006,
no. 33970/05 (unreported) ...................................................... 252, 253, 261
ner v. the Netherlands, 18 October 2006, no. 46410/99, 57,
JV 2006/417 .................................................................................... 254, 257
Salah Sheekh v. the Netherlands, 11 January 2007, no. 1948/04 ............ 265, 489
European Court of Justice (http://curia.europa.eu/)
C-29/69 Stauder [1969] ECR 419................................................................ 304
C-11/70 Internationale Handelsgesellschaft [1970] ECR 1146 ....................... 304

556

Jurisprudence

C-4/73 Nold II [1974] ECR 507 .................................................................. 304

C-36/75 Rutili [1975] ECR 1219 ................................................................ 277
C-30/77 Bouchereau [1977] ECR 1999 ............................................ 62, 64, 277
C-131/79 Santillo [1980] ECR 1585 ................................................... 296, 297
C-115-116/81 Adoui and Cornuaille v. Belgium (joined cases) [1982]
ECR 1665 .......................................................................... 62, 294, 295, 297
C-222/84 Johnston [1986] ECR 1651 .......................................... 306, 307, 319
C-294/83 Les Verts [1986] ECR 1339 .......................................................... 306
C-281/85 Germany, France, the Netherlands, Denmark and
United Kingdom v. Commission [1987] ECR 3203 ...................................... 18
C-222/86 Unectef v. Heylens [1987] ECR 4097 ............................................ 307
C-46/87 and C-227/88 Hoechst [1989] ECR 2859 ...................................... 305
C-321/87 Commission v. Belgium [1989] ECR 997 ........................................ 15
C-143/88 Zuckerfabrik [1991] ECR I-415 ................................................... 314
C-68/89 Commission v. the Netherlands [1991] ECR I-2637 ........................... 65
C-213/89 Factortame and others [1990] ECR I-2433.................................... 312
C-260/89 ERT [1991] ECR-I 2925 ............................................................. 305
C-159/90 Grogan [1991] ECR I-4685 ......................................................... 305
C-445/93 European Parliament v. Commission, OJ 1994 C 13/1 (unpublished) .... 20
C-65/95 and C-111/95 Shingara and Radiom (joined cases) [1997]
ECR I-3343 ..................................................................................... 297, 319
C-70/95 Sodemare [1997] ECR I-3395 ........................................................ 307
C-54/96 Dorsch Consult [1997] ECR I-4961 ................................................ 313
C-195/98 sterreichischer Gewerkschaftbund [2002] ECR I-10497 ............... 313
C-407/98 Abrahamsson [2000] ECR I-05539 ............................................... 313
C-226/99 Siples Srl. [2001] ECR I-0277 .............................................. 311, 322
C-424/99 Commission v. Austria [2001] ECR I-9285 ................................... 314
C-459/99 MRAX v. Belgium [2002] ECR I-6591 ................. 277, 295, 309, 319
C-465/00 sterreichischer Rundfunk [2003] ECR I-4989 .................... 152, 189,
197, 223, 305, 323
C-50/00 Unin de Pequeos Agricultores [2002] ECR I-6677 ........ 303, 309, 312
C-60/00 Carpenter [2002] ECR I-6279........................................ 277, 305, 319
C-100/01 Olazabal [2002] ECR I-10981..................................................... 297
C-101/01 Lindqvist [2003] ECR I-12971 .................................................... 305
C-109/01 Akrich [2003] ECR I-9607 .......................................................... 305
C-187/01 and C-385/01 Gztok - Brgge (joined cases) [2003]
ECR I-1345 ....................................................................................... 44, 503
C-224/01 Kbler [2003] ECR I-10239................................................. 311, 322
C-482/01 and C-493/01 Orfanopoulos and Oliveri (joined cases) [2004]
ECR I-5257 ............................................................................................. 297
C-327/02 Panayotova [2004] ECR I-11055 ................................. 279, 307, 308,
315, 317, 319, 521

Jurisprudence

557

C-467/02 Cetinkaya [2004] ECR I-10895 ................................................... 278

C-136/03 Drr and nal [2005] ECR I-4759 ...................... 278, 299, 308, 319
C-503/03 Commission v. Spain [2006] ECR I-1097 ........................ 64, 98, 218,
280, 310, 317, 435, 503, 517
C-540/03 Parliament v. Council [2006] ECR I-5769 ............................ 286, 305
C-1/05 Jia v. Migrationsverket JV 2007/31 .................................................... 314
C-150/05 Van Straaten [2006] ECR I-9327 ..................................... 8, 235, 503
C-241/05 Bot [2006] ECR I-9627 ................................................................. 45
C-432/05 Unibet (unpublished) ................................................................... 310
Pending:
C-524/06, Heinz Huber v. Germany ............................................................. 401
Court of First Instance
T-177/01 Jgo Qur [2002] ECR II-2365 .................................................... 310
T-116/01 P&O European Ferries v. European Commission [2003]
ECR II-2957 ............................................................................................ 310

France
(most of the following decisions can be found at http://www.legifrance.gouv.fr)
Conseil Constitutionnel
25 July 1991, no. 91294, JO 27 July 1991 ......................................... 332, 333
13 August 1993, no. 93325 DC JO 18 August 1993 .................................. 351
22 April 1997, no. 97389 DC, JO 25 April 1997 ....................... 347, 351, 363
Cour de Cassation
18 May 2005, Jabeur, no. 04-50-053 ........................................................... 364
Conseil dtat
CE 22 July 1994, Chambre syndicale du Transport Arien, no. 145606 .......... 370
CE 29 December 1997, Thorel, no. 140325 ................................................. 370
CE 9 June 1999, Hamssaoui, no. 198344 ..................................................... 368
CE 9 June 1999, M. et Mme. Forabosco, no. 190384 ............................ 368, 370
CE 6 October 1999, Bafandi, no. 186082 .................................................... 375
CE 28 July 2000, Faifer, no. 205435 ............................................................ 369
CE 25 October 2000, Cucicea-Lamblot, no. 212315 .................................... 373
CE 9 July 2001, Matumona, no. 209037 ...................................................... 371

558

Jurisprudence

CE 11 July 2001, M. and Mme. Iqbal, no. 206644....................................... 371

CE 20 February 2002, Boucetta, no. 220420 ........................................ 368, 369
CE 11 March 2002, Abdelli, no. 222137222258 ........................................ 375
CE 15 March 2002, Krouf, no. 221818 ........................................................ 371
CE 29 July 2002, X, no. 236190 .................................................................. 371
CE 29 July 2002, X, no. 229580 .................................................................. 374
CE 4 November 2002, X, no. 240090 .......................................................... 374
CE 6 November 2002, Sun Myung X (Moon),
no. 194295219587......................................................................... 353, 376
CE 6 December 2002, Sahin, no. 206277 .................................................... 375
CE 6 December 2002, M. et Mme. Amouche, no. 238288 ............................ 375
CE 13 December 2002, Kouchi, no. 224877 ................................................ 371
CE 10 January 2003, Noorani Joorawon, no. 223395 .................................... 369
CE 12 February 2003, X, no. 229306 .......................................................... 373
CE 23 May 2003, Gheorghita Catrina, no. 237934 ...................................... 371
CE 2 June 2003, Hak Ja Han X. (Moon), no. 219588 ................................... 372
CE 14 November 2003, X, no. 234462 ........................................................ 374
CE 30 December 2003, Ramdane, no. 237808 ............................................ 374
CE 6 February 2004, Hallal, no. 240560 ..................................................... 370
CE 10 March 2004, X, no. 252269 .............................................................. 373
CE 5 July 2004, X, no. 210185 ............................................................ 355, 359
CE 27 February 2006, M.A., no. 274928 ..................................................... 377
CE 7 April 2006, Skandrani, no. 275216 ..................................................... 376
CE 10 November 2006, Mbow, no. 298272................................................. 375
CE 15 November 2006, M. A et Mme A, no. 276829................................... 375
CE 27 November 2006, M. A et Mme A, no. 298660................................... 375
Cour administrative dappel
Cour administrative dappel de Paris, Minin, 18 January 2001,
no. 99PA02845 ........................................................................................ 369
Tribunal administratif
Tribunal administratif Strasbourg, M. Igel c/Prfet de la Moselle,
3 April 1995 ............................................................................................. 367
Tribunal administratif Lyon, M. and Mme. Ciuciu, 6 April 1995,
no. 95012919501292............................................................................. 342
Tribunal administratif Toulouse, M. c/ Prfet de la Haut Garonne,
24 October 2000, no. 003366 .................................................................. 369
Tribunal administratif Lille, Valencia, 16 May 2002, no. 021741 ......... 369, 375
Tribunal administratif Pau, Mejri, 31 May 2002, no. 02820......................... 375

Jurisprudence

559

Tribunal administratif Nice, Barzilay, 16 July 2002, no. 023061 .......... 369, 375
Tribunal administratif Pau, Anton, 19 November 2004, no. 0301352 .......... 369

Germany
Bundesverfassungsgericht (http://www.bundesverfassungsgericht.de)
BVerfG 15.12.1970, 2 BvF 1/69 .................................................................. 412
BVerfG 09.06.1973, 1 BvL 14/72 ................................................................ 412
BVerfG 18.07.1973, 1 BvR 23 155/73 ......................................................... 411
BVerfG 26.09.1978, 1 BvR 525/77 NJW 1978, Heft 48, p. 2446 ................ 420
BVerfG 27.03.1980, 2 BvR 316/80 .............................................................. 412
BVerfG 06.06.1983, 2 BvR 244, 310/83 ...................................................... 419
BVerfG 15.12.1983, 1 BvR 209/83, BVerfGE 65 E 40 ........................ 198, 417
BVerfG 16.03.1999, 2 BvR 2131/95 ............................................................ 411
BVerfG 27.10.1999, 1 BvR 385/90 ...................................................... 411, 443
BVerfG 10.10.2001, BvR 1970/95 ............................................... 400, 422, 428
BVerfG 05.12.2001, 2 BvR 527/99 .............................................................. 437
BVerfG 04.04.2006, 1 BvR 518/02 .............................................................. 408
BVerfG 09.11.2006, BvR 1908/03 ....................................................... 437, 439
Bundesverwaltungsgericht (http://www.bundesverwaltungsgericht.de)
BVerwG 10.07.2001, Az. 1 C 35.00 .................................................... 437, 438
BVerwG 14.03.2002, Az. 1 C 15.01 .................................................... 412, 416
BVerwG 04.09.2003, Az. 1 B 288.02 ........................................................... 438
Verwaltungsgerichtshof Kassel (http://www.vg-kassel.justiz.hessen.de)
19.11.2003, Az. 12 TG 2668/03 .......................................................... 436, 437
11.12.2003, Az. 9 TG 546/03 ...................................................................... 436
12.01.2004, Az. 12 TG 3204/03 .................................................................. 436
Oberverwaltungsgericht Dsseldorf (http://www.olg-duesseldorf.nrw.de)
8 February 2002, Az. 3 Wx 351/01 .............................................................. 406
8 February 2002, Az. 3 Wx 357/01 .............................................................. 407
Oberverwaltungsgericht Koblenz (http://cms.justiz.rlp.de)
22.3.2002 Az. 12 B 10331/02 ...................................................................... 407
07.06.2002, Az. 12 A 10349/99 ................................................................... 438
19.04.2007, Az. A 11437/06 ........................................................................ 439

560

Jurisprudence

Verwaltungsgericht
Verwaltungsgericht Frankfurt am Main, Az. 07.03.1995,
Az. 11 E 3067/94 (http://www.vg-frankfurt.justiz.hessen.de) ................... 434
Verwaltungsgericht Kassel, 23.03.1998, Az. 12 VE 1310/95
(http://www.vg-kassel.justiz.hessen.de) ..................................................... 434
Verwaltungsgericht Koblenz, 09.11.1998, Az. VG 3 K 938/98.KO
(http://cms.justiz.rlp.de) ........................................................................... 437
Verwaltungsgericht Hamburg, 27.02.2002, Az. 14 VG 446/02
(http://lrha.juris.de/cgi-bin/laender_rechtsprechung/ha_frameset.py)....... 407
Verwaltungsgericht Dsseldorf, 07.08.2002, Az. 24 L 2837/02,
InfAusIR 10/2002 (http://www.justiz.nrw.de) ........................... 415, 432, 434
Verwaltungsgericht Giessen, 08.11.2002, Az. 10 G 4510/02
(http://www.vg-kassel.justiz.hessen.de) ..................................... 408, 416, 421
Verwaltungsgericht Frankfurt am Main, 21.07.2004,
Az. 1 E 2479/04 (www.vg-frankfurt.justiz.hessen.de) ............................... 436
Verwaltungsgericht Berlin, 3 December 2004, Az. 1 A 151/04 ............. 432, 434
Amtsgericht
Amtsgericht Tiergarten, 15.01.2002, Az. 84 T 8/02 ..................................... 407
Landgericht
Landgericht Wiesbaden, 6.02.02, Az. 4 T 707/01 ........................................ 407
Kammergericht
Kammergerichts Berlin, 16.04.2002 zur Rasterfahndung Az. 1
W 8998/02 ............................................................................................ 407

The Netherlands
(many of the following decisions can be found at
http://www.rechtspraak.nl)
Afdeling Bestuursrechtspraak Raad van State
4 July 2006, case no. 200602107/1, LJN: AY3839 ....................................... 459
Hoge Raad
19 February 1993, no. 14917, RV 1993/70 .................................................. 471

Jurisprudence

561

Gerechtshof
Gerechtshof Den Haag, 16 November 2000, AB 2002/10............................ 494
Rechtbank
Rechtbank Haarlem, 18 August 1999, JV 1999/269 .................................... 493
Rechtbank Amsterdam, 24 September 1999, JV 2000/8............................... 490
Rechtbank Den Haag, 8 December 1999, JV 2000/59 ......................... 491, 493
Rechtbank Den Haag, 5 January 2000, JV 2000/51 ..................... 491, 494, 507
Rechtbank Den Haag, 10 January 2001, JV 2001/52 ................................... 499
Rechtbank Den Haag, 14 March 2001, RV 2001/52 .................................... 499
Rechtbank Den Haag, 8 March 2002, JV 2002/162..................................... 491
Rechtbank Den Bosch, 16 July 2004, LJN: AR7219 .................................... 502
Rechtbank Breda, 11 March 2005, AWB 04/24331 ............................. 492, 500
Rechtbank Alkmaar, 24 August 2005, LJN: AU3548, JV 2005/447 ............. 500
Rechtbank Amsterdam, 21 October 2005, JV 2006/69 ................................ 496
Rechtbank Amsterdam, 1 November 2005, AWB 05/48355,
AWB 05/48358 ........................................................................................ 497
Rechtbank Alkmaar, 10 November 2005, no. 79543/HA ............................. 495
Rechtbank Haarlem, 6 December 2005, LJN AW2418 ................................ 495
Rechtbank Den Haag, 8 December 2005, no. 03/890 NAV no. 2,
April 2006, p. 111 .................................................................................... 501
Rechtbank Groningen, 1 February 2006, LJN: AV0808 ............................... 502
Rechtbank Amsterdam, 23 June 2006, AWB 06/27382,
AWB, 06/27348 ....................................................................................... 498
Rechtbank Haarlem, 24 July 2006, LJN: AY6520 ........................................ 485
Rechtbank Amsterdam, 2 October 2006, LJN: AY9280 ............................... 502
Rechtbank Assen, 22 December 2006, AWB 06/58704................................ 502
Rechtbank Amsterdam, 23 March 2007, LJN: BA3547, JV 2007/245 ......... 498
Rechtbank Den Bosch of 4 April 2007, LJN: BA2132 ................................. 503
Nationale Ombudsman (http://www.nationaleombudsman.nl)
Decision of 14 May 1998, report no. 1998/164 ........................................... 505
Decision of 28 January 2000, report no. 2000/28 ........................................ 505
Decision of 29 October 2003, report no. 2003/388 ..................................... 504

Index
A
AAH-SD 390, 391, 392, 393, 397, 398,
423
Abschiebung 391, 430
Ad Hoc Group of Immigration 24
Afdeling Bestuursrechtspraak van de Raad
van State 488
AGDREF 344, 345, 346, 347, 357, 379
AIVD 459
algemene identicatieplicht 446
Amsterdam Treaty 29, 30, 39, 41, 42, 43,
57, 72, 120, 190, 305
Amtshilfe 202, 420, 421
Area of Freedom, Security, and Justice 29
Asylum 2, 3, 15, 23, 24, 26, 27, 28, 29, 31,
32, 34, 38, 41, 42, 46, 56, 60, 63, 74, 77,
90, 101, 114, 117, 118, 119, 120, 121,
122, 123, 124, 125, 126, 128, 132, 133,
134, 135, 137, 141, 142, 143, 150, 211,
247, 252, 257, 260, 264, 265, 269, 273,
275, 281, 283, 284, 287, 288, 289, 294,
295, 296, 298, 299, 300, 301, 310, 313,
315, 316, 320, 331, 332, 334, 335, 347,
352, 360, 371, 385, 386, 393, 399, 402,
416, 427, 428, 432, 436, 440, 441, 442,
445, 447, 448, 453, 458, 462, 463, 470,
471, 472, 473, 487, 488, 501, 505, 513,
514, 516, 518, 521, 523, 526, 531, 533
Aufenthaltsgesetz 390, 429
Auslndergesetz 390, 422
Ausreisepicht 391
AWB 478, 484, 486, 487, 492, 497, 498,
500, 502, 505
AZR 393, 398, 399, 400, 402, 403, 405,
419, 422, 428, 443
AZRG 383, 399, 400, 402, 403, 422
B
BDSG 417, 423, 424, 426, 429

Benelux Agreement 20, 27, 47

biometrics 135, 138, 139, 140, 409, 473
BKA 9, 386, 391, 394, 395, 396, 397, 398,
403, 404, 405, 424, 427, 433, 440
Bundesamt fr Verfassungsschutz 394
Bundesgrenzschutz 390, 391, 394, 396
Bundesverwaltungsgericht 416
C
CNIL 9, 185, 187, 335, 338, 346, 347, 348,
349, 350, 353, 354, 355, 356, 357, 358,
359, 362, 372, 376, 377, 379, 380, 381,
522, 523, 524, 525
Commission de recours contre les dcisions
de refus de visa 365, 374
Commission du titre du sjour 365
Common Consular Instructions 14, 36, 37,
136, 139, 292
Conseil dtat 9, 250, 262, 267, 349, 353,
355, 356, 359, 362, 363, 365, 366, 368,
369, 370, 371, 372, 373, 374, 375, 376,
377, 379, 380, 381, 393, 436, 525, 526
Constitutional Treaty 309, 310, 313, 315
Copenhagen criteria 40, 188, 305
Cour de Cassation 356, 364
D
data proling 158, 163, 405, 406, 407,
408, 409, 421, 435, 441, 442, 507,
514, 525
Data Protection Convention 148, 155, 157,
165, 174, 177, 178, 179, 181, 183, 184,
185, 186, 187, 189, 190, 191, 200, 203,
204, 207, 209, 211, 212, 213, 214, 215,
217, 219, 220, 221, 222, 223, 229, 231,
234, 323, 387, 477, 520
Direction Central de la Police
Judiciaire 340
double peine 338, 360

Evelien Brouwer, Digital Borders and Real Rights, pp. 563566.

2008 Koninklijke Brill NV. Printed in the Netherlands.

564

Index

Dublin Convention 2, 24, 29, 34, 46, 118,

119, 120, 123, 128, 130, 150
Dublin Regulation 118, 126
E
EDPS 127, 139, 151, 152, 203, 220, 227,
228, 231, 233, 323, 519, 531
ELOI 348
entry/exit system 134, 136, 150
EU Charter of Fundamental Rights 193,
305, 308, 310
EU citizenship 97, 453
Eurodac 2, 3, 7, 10, 60, 66, 75, 77, 92, 103,
114, 117, 118, 119, 120, 121, 122, 123,
124, 125, 126, 127, 132, 133, 135, 137,
138, 141, 142, 143, 144, 149, 150, 174,
177, 178, 211, 220, 226, 228, 231, 237,
240, 241, 242, 243, 245, 251, 280, 314,
347, 470, 473, 511, 512, 513, 514, 515,
518, 520, 529, 533
Eurojust 13, 14, 73, 74, 81, 85, 87, 91, 105,
106, 191
European Arrest Warrant 14, 83, 84, 92, 94,
111
European Data Protection Supervisor (EDPS)
127, 190, 220
Europol 13, 14, 24, 30, 32, 66, 73, 74, 77,
81, 85, 87, 91, 105, 106, 113, 132, 143,
177, 191, 238
expulsion 21, 64, 65, 245, 256, 282,
342, 398
external borders 2, 3, 13, 14, 16, 20, 22, 26,
28, 32, 33, 35, 39, 41, 47, 53, 57, 60, 72,
87, 91, 118, 124, 126, 131, 141, 230, 289,
290, 347, 514
F
FAED 347
fair trial
right to a 162, 172, 245, 246, 248, 249,
262, 272, 273
family life
right to 152, 156, 194, 249, 254, 255,
256, 257, 271, 298, 305, 310, 324, 366,
373, 375, 500, 501, 516
family reunication 41, 65, 283, 286, 287,
294, 295, 298, 317, 320, 360, 501, 516,
528, 529

nancial repair
right to 242, 324, 325, 375, 502
FPR 338, 339, 344, 345, 346
freedom of movement 7, 15, 25, 30, 56, 63,
75, 97, 133, 162, 163, 173, 174, 251, 268,
276, 279, 285, 297, 305, 307, 308, 329,
335, 451, 503, 511, 515, 516, 534
G
GBA 199, 460, 469
Gendarmerie 9
H
Hague Programme 31, 74
HAVANK 470, 471, 472, 473
Hoge Raad 471
I
IND 9, 460, 461, 462, 463, 464, 465, 466,
479, 480, 481, 482, 484, 486, 488, 490,
491, 492, 496, 497, 499, 508, 510
informational division of powers 201, 202,
208, 421
informationelle Gewaltenteilung 420, 421
informationelles Selbstbestimmungsrecht 418
interdiction du territoire franais 378
interlinking 101, 113
internal borders 16, 17, 19, 21, 35, 45, 56,
65, 332, 384, 387
internal security 3, 22, 25, 32, 78, 93, 100,
107, 128, 130, 132, 133, 134, 138, 143,
144, 169, 172, 174, 336, 385, 389, 394,
400, 401, 403, 406, 407, 412, 413, 440,
475, 515, 519, 528
interoperability
principle of 2, 101, 117, 133, 134, 174,
389, 452, 515, 517
Interpol 24, 51, 84, 85, 105, 471
J
Joint Supervisory Authority (JSA) 10, 219,
229, 448
JSA 66, 70, 94, 185, 219, 229, 230, 231,
428, 448, 482
K
KLPD 9, 460, 467, 468, 479, 480, 481, 482,
492, 494, 495, 502, 508, 509

Index

L
LIFL 349, 350, 351, 352, 353, 354, 356,
357, 358, 361, 379, 381
Loi Chevnement 343, 359,
362, 365
Loi Debr 346, 347, 359, 365
Loi Pasqua 359, 361, 364
Loi Sarkozy 338, 359, 360, 364, 366
M
Mikrozensusurteil 417
N
national security 2, 35, 47, 48, 49, 52, 54,
61, 63, 65, 89, 96, 101, 107, 108, 132,
152, 154, 157, 164, 166, 167, 207, 217,
222, 223, 245, 246, 252, 253, 256, 257,
264, 269, 271, 325, 330, 336, 352, 353,
356, 362, 366, 377, 379, 395, 402, 411,
440, 442, 448, 456, 458, 459, 474, 487,
488, 516, 520, 530
non-discrimination principle 221, 248, 267,
294, 517
Nordic Passport Union 21
O
OECD 179, 182, 183, 204, 349
OFPRA 347, 352
ongewenst gesignaleerde vreemdelingen 455,
457
ongewenst verklaarde vreemdelingen 455
ongewenstverklaring 455
OPS 455, 460, 462, 491, 505
P
Passport Union 16
Persnlichkeitsrecht 418, 435
preliminary
proceedings 44, 58, 71, 287, 306, 311,
312, 313, 314, 315, 401, 502, 521, 525,
533, 535
questions 44, 58, 71, 287, 306, 311, 312,
313, 314, 315, 401, 502, 521, 525, 533,
535
request 44, 58, 71, 287, 306, 311, 312,
313, 314, 315, 401, 502, 521, 525,
533, 535

565

proportionality
principle of 94, 95, 107, 142, 144, 150,
151, 152, 165, 167, 169, 196, 197, 222,
223, 240, 298, 305, 317, 319, 324, 352,
375, 394, 413, 435, 442, 443, 499, 507,
510, 522, 525, 528, 532
Prm Treaty 46
purpose limitation 185, 198, 202, 204,
205, 207, 208, 209, 213, 223, 239, 240,
317, 517
R
Rasterfahndung 403, 404, 406, 409, 421,
435, 441, 442
RMV 343, 345, 346
rule of law 40, 164, 165, 167, 175, 195, 200,
201, 208, 240, 247, 266, 275, 303, 305,
309, 314, 360, 413, 420, 430, 435, 512
S
Schengen acquis 36, 38, 39, 40, 41, 42, 43,
44, 57, 58, 59, 63, 72, 86, 89, 90, 121,
189, 281, 292, 333
Schengen Borders Code 62, 100, 289, 290,
296, 301, 321, 454, 485, 518, 531
sensitive data 150, 156, 158, 166, 174, 175,
212, 213, 240, 477, 515, 517
Single Market 18, 21, 23
SIRENE 9, 53, 58, 68, 69, 76, 81, 83, 87,
92, 97, 99, 103, 109, 128, 210, 219, 337,
340, 341, 389, 395, 396, 397, 422, 449,
460, 461, 462, 467, 468, 477, 478, 502,
529, 534
SIRPIT 99, 116
suspensive eect 5, 282, 289, 291, 299, 300,
310, 318, 319, 320, 321, 342, 360, 364,
366, 381, 415, 484, 488, 522
T
Tampere Conclusions 30, 89, 275, 276
terrorist lists 79, 96, 97, 519
Treaty of Amsterdam 41, 57, 58, 333, 447
Treaty of Maastricht 8, 275, 304
Treaty of Rome 15
U
bermaverbot 413

566

Index

UN Security Council Resolution 1373 459

UN terrorist list 79, 97, 107, 115, 395

Vreemdelingencirculaire 2000 454

Vreemdelingenwet 2000 453

V
Verfassungsbeschwerde 400
Verhltnismssigkeit 413, 442
Volkszhlungsurteil 197, 199, 202, 399, 417,
419, 435, 441
Vreemdelingenbesluit 2000 454

W
WBP 477, 478, 479, 480, 481, 482, 483, 484
Z
Zurckschiebung 391, 398
Zuwanderungsgesetz 390, 399