Progressively entering into operation as from 2024, the framework for interoperability between EU information systems will allow the connection between databases in the fields of borders, visa, police and judicial cooperation, asylum and migration. This interoperability architecture will lead to the large scale processing of personal data of non-EU nationals, who travel or intend to travel to the EU.
Based on Regulation (EU) 2019/817 and Regulation (EU) 2019/818, this interoperability architecture introduces a new approach to the management of data for borders and security. For instance, it will become possible to simultaneously check all the EU JHA large scale IT systems, as well as Europol data and Interpol databases (Interpol Travel Documents Associated with Notices database TDWAN and Interpol Stolen and Lost Travel Document database - SLTD) using one entry point: the European Search Portal.
For the EDPS, the JHA interoperability framework presents major challenges for data protection linked to the huge volume and complexity of the data flows, multiple controllers involved, the streamlining of law enforcement access, and the blurred purposes of migration management and security.
The EDPS has started preparations to face these challenge. It is strengthening cooperation with national Data Protection Authorities (DPAs) in the EU and EU Agencies to prepare for the joint supervision of this complex architecture and to overcome its lack of transparency. In particular:
- In 2023, the EDPS developed tools to visualise data flows within the JHA interoperability framework. To bolster the understanding of interoperability, we will also organise a workshop to present these tools to DPAs.
- The EDPS will engage actively with DPAs to foster closer cooperation and prepare for coordinated supervision of the JHA interoperability framework. In particular, we will operate within the frame of the Coordinated Supervisory Committee’s meetings. We will also participate in workshops with data protection experts of national authorities to address data protection considerations at an early stage.
- Finally, the EDPS will strengthen cooperation with other EU agencies and advisory bodies mandated to protect fundamental rights, such as the European Union Agency for Fundamental Rights (FRA) or consultative committee and Fundamental Rights Office of the European Border and Coast Guard Agency (Frontex). In particular, we will actively contribute to the work of Frontex’s ETIAS Fundamental Rights Guidance Board, on topics such as the right to non-discrimination and the right to an effective remedy in the context of ETIAS screening rules.