This week saw World Refugee Day, not a day for celebration but a day for reflection.
According to the United Nations High Commissioner for Refugees, "the number of forcibly displaced and stateless people in Europe rose to 21.8 million by the end of 2022." As the old continent witnesses the continued of far-right agendas rise in some member states, "migration has become instrumentalised; hostage to political interests," writes European Data Protection Supervisor Wojciech Wiewiórowski.
In Brussels, this comes as EU executive agencies active in the law enforcement area — related to border control among others — are under a microscope for, at best their use of and safeguards around strongly powered databases, at worse unspeakable practices that have led refugees to tragic deadly fate. Several EU agencies have seen their mandate strengthened and their use of EU's centralized data systems empowered.
These IT systems cover numerous fields of law enforcement and as many acronyms — SIS II, VIS, PNR. Since these systems came online at the EU level in the early 2000s, concerns of fundamental rights being abused or curtained have emerged. They exemplify the ongoing debate on the need to provide law enforcement agencies with the tools and means to deliver their mission and the proper balancing of safeguards of civil liberties.
For instance, the Schengen Information System was revamped in 2006 to support a common policy of border control for the 23 EU member states participating in the border-free Schengen area. Interestingly, this common policy is also seen as facilitating the free circulation of people within the Schengen area — also an EU fundamental right. That's not me saying it, it is France's Commission nationale de l'informatique et des libertes.
In other news:
- The European Parliament called for action on the aftermath of the Pegasus scandal, following the report of a parliamentary inquiry group into the use of spyware software on and by EU members states launched in April 2022. The inquiry led to a detailed report, finger-pointing to Greece, Hungary, Poland and Spain. The inquiry group also calls for clearer and stricter rules on the use of spyware by law enforcement and a common legal definition of the use of national security as grounds for surveillance.
- The European Union Court of Justice rendered a decision this week touching on the EU General Data Protection Regulation's right to access. In short, the court found that "information relating to consultation operations carried out on a data subject’s personal data and concerning the dates and purposes of those operations constitutes information which that person has the right to obtain from the controller."
- The European Data Protection Board adopted a template complaint form. The initiative is less aimed at easing the process from a complainant perspective than it is at facilitating cooperation and information exchange among DPAs. A template form will facilitate data comparison and cross-referencing of cases, leading hopefully to "saving time and resolving cross-border cases more efficiently," according to the Board.
- The IAPP wants to hear from you! The 2023 IAPP Privacy Governance Survey seeks to quantify who's likely to be involved in the design, development and deployment of AI governance. Alongside this, the survey seeks to understand the broader state of the privacy function within organization, covering topics from team structure and budget, to metrics and privacy enhancing technology usage. The survey closes on 5 July, and if you haven't already, please consider contributing 15 to 20 minutes of your time to further the privacy profession.
- The IAPP also released its AI Governance Professional Body of Knowledge, a foundational document for the upcoming AIGP certification and training for the emerging AI governance profession. The BoK documents the information and skills that will be assessed on the upcoming AIGP certification exam, with six main parts showcasing the activities an AI governance professional should undertake to guide AI implementation in a way that mitigates risk and ensures safety and trust.