EDPS: EU Prescreening Regime Must Ensure Data Protection Rights

The European Travel Information and Authorisation System (ETIAS), which is similar to the U.S. Electronic System for Travel Authorization, takes effect next fall. "Momentum is building" to ensure it complies with data protection law and other rights under the EU Charter of Fundamental Rights, Wiewiorowski wrote.

The prescreening involves highly sensitive forms of data processing, such as automated cross-checking against EU and international migration and law enforcement databases, algorithmic profiling of applications against predefined risk groups, and the creation of a watch list of people who are deemed security threats.

One critical concern for those required to apply for ETIAS is whether they will have access to effective redress if they want to challenge a decision on the application, the EDPS said. In the case of a refusal arising from a data processing error, people may rely on their right to an effective judicial remedy under Article 47 of the EU Charter, he noted.

The EDPS is a member of the ETIAS Fundamental Rights Guidance Board, which is charged with linking personal data protection rights with other key rights, Wiewiorowski said. Other members are the European Data Protection Board, EU Fundamental Rights Agency, Frontex Fundamental Rights Office and Frontex Consultative Forum.

The guidance board provides a laboratory for integrating data protection with other rights under the EU Charter and encouraging collaboration with key fundamental rights bodies that take part in it, the EDPS noted.

"It may serve as an interesting template as the role of data protection supervisory authorities evolves to supervise new technologies such as AI and the wide repercussions they have on individuals' fundamental rights," he added.