EDPS Pushes Safeguards in US-EU Border-Control Data Pact

The pact would be the first to involve large-scale sharing of personal information, including biometric data, for security screenings and identity verification by a third country, the EDPS noted.

The opinion responded to a European Commission recommendation on the legal structure and conditions for data sharing. If adopted, the framework would allow EU countries to sign bilateral agreements with the U.S. for exchanging data from their national systems, the EDPS said.

The need for bilateral data exchange agreements is linked to the U.S. requirement for admission to and further participation in the U.S. Visa Waiver Program, under which the partner countries are required to sign an "enhanced border security partnership" with the Department of Homeland Security.

The opinion's recommendations seek to define the scope of the envisioned data sharing as narrowly as possible, the EDPS said.

In addition, considering the specific bans on certain data transfers under EU law, any direct or indirect sharing and transfer of data from the EU's large-scale IT systems in the areas of justice and home affairs, particularly those related to migration and asylum, "must be strictly excluded."

Other recommendations include accountability mechanisms, transparency requirements for processing by EU and U.S. authorities, and the availability of judicial redress in the U.S., regardless of citizenship.

While border security is a legitimate aim, the interference with fundamental rights from sharing personal data with a third country for immigration control is comparable to such exchanges of data for law enforcement purposes, said EDPS Wojciech Wiewiorowski.