Over two hundred years ago, British philosopher Jeremy Bentham devised the concept of the ‘Panopticon’: a prison designed so that a jailer could in principle watch any prisoner at any time. His theory was that the mere possibility of constant surveillance would induce good behaviour in prison inmates. In recent years, his idea for a panopticon has become a form of shorthand for describing developments of mass surveillance and social control.
The EU’s forays in this area began with the creation of the Schengen Information System (SIS) in the 1990s. The SIS is a well-known EU-wide database containing enormous amounts of information used by policing, immigration and criminal law authorities.
Until now, the UK has not had any access to the SIS. But this week, the EU Council finally approved the UK’s participation in the System, thereby linking the EU’s most iconic database with the intellectual home of the panopticon theory. What are the specific consequences and broader context of this decision?
The main purpose of the Schengen system is to abolish internal border checks between EU Member States, as well as some associated non-EU States. At the moment, the full Schengen rules apply to all EU Member States except the UK, Ireland, Cyprus, Romania, Bulgaria and Croatia. Those rules also apply to four associates: Norway, Iceland, Switzerland and Liechtenstein.
All of the Member States are obliged ultimately to become part of the Schengen system, except for the UK and Ireland. Those two Member States negotiated an exemption in the form of a special Protocol at the time when the Schengen rules (which originated in the Schengen Convention, ie a treaty drawn up outside the EU legal order) were integrated into the EU legal system, as part of the Treaty of Amsterdam (in force 1999).
The UK and Ireland are not entirely excluded from the Schengen system. In fact, they negotiated the option to apply to join only some of the Schengen rules if they wished. Their application has to be approved by the Council, acting unanimously. The UK and Ireland essentially chose to opt in to the Schengen rules concerning policing and criminal law, including the SIS, but not the rules concerning the abolition of internal border controls and the harmonisation of rules on external borders and short-term visas.
The UK’s application to this end was approved in 2000 (see Decision here), and Ireland’s was approved in 2002 (see Decision here). But in order to apply each Decision in practice, a separate subsequent Council decision was necessary, because the Schengen system cannot be extended before extensive checks to see whether the new participant is capable of applying the rules in practice. On that basis, most of the Schengen rules which apply to the UK have applied from the start of 2005 (see Decision, after later amendments, here). The exception is the rules on the SIS, which the UK was not then ready to apply. After spending considerable sums trying to link to the SIS, the UK gave up trying to do so, on the basis that the EU was anyway planning to replace the SIS with a second-generation system (SIS II). There’s a lot of further background detail in the House of Lords report on the UK’s intention to join the SIS (see here), on which I was a special advisor. (Note that Ireland does not apply any of the Schengen rules in practice yet).
It took ages for the EU to get SIS II up and running, and it finally accomplished this task by April 2013 (see Decision here). The UK had planned to join SIS II shortly after it became operational, but this was complicated by the process of opting out of EU criminal law and policing measures adopted before the entry into force of the Treaty of Lisbon, and simultaneously opting back in to some of them again, on December 1st 2014 (see discussion of that process here). This included an opt back in to the SIS rules.
Once that particular piece of political theatre concluded its final act, the EU and the UK returned to the business of sorting out the UK’s opt in to SIS II in practice. This week’s decision completed that process, giving the UK access to SIS II data starting from March 1st. The UK can actually use that data, and enter its own data into the SIS, from April 13th.
What exactly does participation in the SIS entail? The details of the system are set out in the 2007 Decision which regulates the use of SIS II for policing and criminal law purposes. There are also separate Regulations governing the use of SIS II for immigration purposes and giving access to SIS II data for authorities which register vehicles. The former Regulation provides for the storage of ‘alerts’ on non-EU citizens who should in principle be denied a visa or banned from entry into the EU, while the latter Regulation aims to ensure that vehicles stolen from one Member State are not registered in another one. The UK participates in the latter Regulation, but not the former, since it could only have access to Schengen immigration alerts if it fully participated in the Schengen rules on the abolition of internal border controls. On current plans, this will happen when hell freezes over.
The SIS II Decision provides for sharing ‘alerts’ on five main categories of persons or things: persons wanted for arrest for surrender or extradition purposes (mainly linked to the European Arrest Warrant); missing persons; persons sought to assist with a judicial procedure; persons and objects who should be subject to discreet checks or specific checks (ie police surveillance); and objects for seizure or use as evidence in criminal proceedings. There are also rules on the exchange of supplementary information between law enforcement authorities after a ‘hit’. For instance, if the UK authorities find that a European Arrest Warrant has been issued for a specific person, they could ask for further details from the authority which issued it.
On the other hand, the SIS does not, as is sometimes thought, provide for a basis for sharing criminal records or various other categories of criminal law data, although the EU has set up some other databases or information exchange systems dealing with such other types of data. (On criminal records in particular, see my earlier blog post here). The main point of setting up the second-generation system was to extend the SIS to new Member States (although in the end a new system wasn’t actually necessary for that purpose), and to provide for new functionalities such as storing fingerprints, which will likely be put into effect in the near future.
In practice, the UK’s participation in SIS II is likely to result in the Crown Prosecution Service receiving more European Arrest Warrants (EAWs) to process, and in more efficient processing of EAWs which the UK has issued to other Member States. It will also be easier, for instance, to check on whether a car or passport stolen in the UK has ended up on the continent, or vice versa.
As noted already, while the UK is only now joining the SIS, the System has been around for many years, and has proved to be the precursor of many EU measures in this field. Indeed, as EU surveillance measures go, the SIS turned out to be a ‘gateway drug’: the friendly puff that led inexorably to the crack den of the data retention Directive.
Of course, interferences with the right to privacy can be justified on the basis of the public interest in enforcement of criminal law and ensuring public safety – if the interference is proportionate and in accordance with the law. Compared to (for instance) the data retention Directive and the planned passenger name records system, the SIS is highly targeted, focussing only on those individuals involved in the criminal law process, or police surveillance, or banned from entry from the EU’s territory. The legitimacy of the system therefore depends upon the accuracy and legality of the personal data placed in to it, and the connected data protection rules. On this point, the EU and national data protection supervisors have reported that many data subjects do not even know about the data held on them in SIS II, and they have produced a guide to help them with accessing their data in the system.
There’s an inevitable tension between the EU’s goal to set the world’s highest data protection standards, on the one hand, while also developing multiple huge databases, information exchange systems and surveillance laws, on the other. It’s as if the brains of the utilitarian Jeremy Bentham and the libertarian John Stuart Mill were both battling for control of the same body – forcing it to draw up plans for the Panopticon at the same time as it was storming the Bastille. If this tension manifested itself in fiction, it would probably take the form of a comedy about a vegetarian butcher, or a virgin porn star. But the need to ensure that measures to protect our security do not remove all our liberty is not a laughing matter.
*This blog post is linked to ongoing research on the upcoming 4th edition of EU Justice and Home Affairs Law (forthcoming, OUP).
Image credit: nytimes.com
Barnard & Peers: chapter 25