Smart Border is Watching You! Fundamental rights implications of automated data processing and decision-making at the EU Border
39 Pages Posted: 5 Sep 2023
Date Written: September 4, 2023
In 2013, the European Commission proposed the Smart Borders Package that aims to provide for a “modern, effective and efficient management” of the EU’s external borders. With the objective to fight irregular migration and overstays and to strengthen internal security, the Smart Borders Package comprises both, the establishment of novel tools such as the Entry/Exit System (EES) and the European Travel Information and Authorisation System (ETIAS), as well as corresponding modifications to the existing EU border framework such as the Schengen Border Code. The Smart Borders Package is accompanied by the European Interoperability Framework (EIF) that does not only establish technical interoperability of all relevant infor-mation systems, but also introduces novel tools such as the Multi-Identity Detector (MID) which will allow for the detection of multiple identities with the aim of improving identity checks and the fight against identity fraud. The Commission has furthermore proposed a Screening Regulation to ensure the screening of all Third Country Nationals (TCNs), concern-ing, among other frameworks, ETIAS and the EIF.
The aforementioned initiatives mark a trend towards the large-scale collection and processing of vast amounts of personal data for the purpose of performing automated risk assessments in an interoperable environment. Such risk assessments are especially foreseen under ETIAS and under the EIF Framework with the MID. The Passenger Name Record (PNR) Directive allows for similar data-driven risk assessments. While Smart Borders do not exclusively refer to AI technologies, such technologies – specifically models trained with Machine Learning algorithms (ML-trained models) – are already in use at the EU border and increasingly explored.
In addition, multiple Member State and Union authorities in the areas of border control and law enforcement are provided with access rights to the various relevant information systems, creating a situation in which various authorities can influence single decisions. At the same time, there are doubts about the sufficient human involvement in decisions that are supported by data-driven risk assessments. This is particularly dangerous where the risk assessments are not accurate, or the quality of the underlying data is uncertain. These reflections raise concerns especially regarding the legitimacy of decision-making processes, individual rights and access to legal remedies, and efficient independent supervision.
The considerations above are the reason why we chose to analyse in particular the MID and ETIAS in more detail. Next to the functioning and the applicable EU secondary law of the MID and ETIAS, the degree of automation in decision-making and the fundamental rights concerns triggered by such automated decisions are presented. In more detail, section 1 provides an overview of the selected instruments that exemplify the trend towards large-scale data-driven risk assessments using highly connected information systems. Section 2 analyses selected fun-damental rights concerns of the respective assessments and decisions, focusing especially on the degree of automation of decision-making processes. Section 3 draws a conclusion and provides an outlook to future work on remaining questions.
Keywords: INDIGO, Digital Governance, Law and Technology, EU Law
JEL Classification: O10, O19, O38, K39, I18, I30, G38
Suggested Citation: Suggested Citation