Advantages and disadvantages of interoperability of the EU information systems in the areas of borders and security.
Qualitative Analysis
Discover the Story
This paper is a single method qualitative study. I used an inductive approach and a thematic analysis method. For the Literature Review chapter, the professional literature is analysed. For the Results and Recommendations chapters, I used purposive sampling to retrieve documents produced by the European Union Institutions and documents developed by NGOs, think tanks and academic institutions, which were the most probably to answer on the dissertation’s research questions and meet the dissertation’s objectives. All of the documents focus on two Proposals concerning interoperability: COM(2017)793 and COM(2017)794.
During the document analysis, I categorized the advantages and disadvantages of interoperability of EU information systems in the areas of borders and security into two main categories: data quality (personal data, biometrics) and data protection (data minimization, purpose limitation, data retention, access to data, sharing the data with Third countries.
I noted that the main issues of interoperability are its implementation and complexity. It is necessary to improve the data quality of the legacy systems prior to implementing interoperability. Moreover, there is a danger of purpose limitation and data minimization. Therefore, to limit this interoperability disadvantage, I proposed to limit the data stored in the databases and limit the access of law enforcement officials to CIR.
Duration of the project: 1 year
Product: dissertation
Research Origin
On 12th of December 2017 the European Commission has published two Proposals: Proposal for a Regulation on establishing a framework for interoperability between EU information systems (borders and visa) (COM (2017) 793) and Proposal for a Regulation on establishing a framework for interoperability between EU information systems (police and judicial cooperation, asylum and migration) (COM (2017) 794). These Proposals should be read together.
In their background, authors explain motivation leading to the development of these documents. According to them, the interoperability of EU information systems in the areas of border and security is an answer to the European Union citizens requesting effective border controls and checks, higher internal security and better management of migration.
These Proposals were in 2018/2019 under discussion, while the European Union Agencies (e.g. European Union Agency for Fundamental Rights, 2017), NGOs (e.g. Meijers Committee, 2017) and EU Institutions (European Parliamentary Research Service, 2017) present their arguments for and against planned interoperability of the abovementioned systems.
I intended to join this debate and aimed to identify the advantages and disadvantages of interoperability of European Union information systems in the areas of borders and security. The second aim of this dissertation was to provide recommendations for the identified challenges.
The dissertation has five main objectives:
A literature review to identify the disadvantages and advantages of interoperability;
A description of the legislative developments in EU in terms of interoperability;
Identification and description of the borders and security systems which are supposed to interoperate;
Identification of disadvantages and advantages of interoperability in terms of European Union information systems in the areas of borders and security for refugees;
Identification of recommendations for tackling the challenges and enhancing the benefits.
Methodology
Literature Review
General search
In the Literature Review chapter, which focused on the professional literature describing the topic of interoperability of information systems, the author first performed a general search for the documentary resources using combinations of term interoperability with synonymes of words advantages and disadvantages
Miller's (2000) categories
I have discovered Miller's (2000) articile in which he in his article identified and described different types of interoperability:
• Technical interoperability
• Semantic interoperability
• Political/human interoperability
• Inter-community interoperability
• Legal interoperability
• International interoperability
New search using Miller's categories and newly identified categories
I have refined search terms and started to use Mille's categories with combinations of synonymes of advantages and disadvantages. While reviewing newly found articles, I have broaden up search with terms: security, reliability and business
Methodology
Results & Recommendations
This dissertation is a single method qualitative study, where one data collection technique and the corresponding qualitative procedure are used (Saunders, Lewis and Thornhill, 2016, p. 168). The chosen approach is inductive and philosophy interpretive. The methodological choices were driven by the research questions.
The methods were chosen based on their fit for purpose and within the limits created by the constraints, among which were difficulties linked to gaining access to border and coast guards who are using information systems for processing migrants’ data, and persons responsible for the development of legislation aiming to create interoperability of the above-mentioned systems. The thematic analysis of documentary sources has been considered as a method which can support reaching the dissertation’s objectives within the allocated time and resources.
Triangulation of documentary sources
Official documents produced by the European Union Institutions, professional IT literature and documents developed by NGOs, think tanks, academic institutions provided a base for a documentary analysis. Different perspectives offered by these resources allowed me to obtain a broader scope of research results and, at the same time, it was possible for me to cross-check gathered data.
Purposive sampling
As it appeared not to be possible to analyse all documentary resources linked to the subject of this dissertation, I used purposive sampling, where I chose to analyse the documents which could potentially support answering the research questions. This type of sampling (heterogeneous purposive sampling) enables the researcher to “collect data to describe and explain the key themes that can be observed” (Saunders, Lewis and Thornhill, 2016, p. 301).
Inductive Approach
This approach “involves the search for a pattern from observation and the development of explanations – theories – for those patterns through series of hypotheses” (Bernard, 2011, p. 7) and it appeared to fit the purpose of the dissertation. Only after the careful analysis of the gathered material, it was possible for me to respond to the main research questions. Two other benefits of inductive approach belong to its flexibility in terms of developing new theories from the analysed data (Saunders, Lewis and Thornhill, 2016, p. 147) and its flexibility in terms of changing the direction of the study after the start of the research process (Dudovskiy, n.d.).
Thematic Analysis Method
As the leading method, I used thematic analysis method, which according to Saunders, Lewis and Thornhill (2016, p. 979) is considered “as a generic approach to analysing qualitative data”. It offers relative flexibility as it is not linked either to inductive or to deductive approaches. Researchers who follow this method, first need to familiarise themselves with gathered data, afterwards they code it, search for themes and relationships. With the development of new themes, they reorganise their coded data under each theme. This process helps researchers to realise the connections between different datasets.
Findings & Recommendations
Literature Review
The advantages and disadvantages of interoperability are identified in the second chapter of this dissertation – Literature Review, which focuses on the professional literature (understood as an overview of texts written by the authors with knowledge and professional experience in this topic). They are grouped into separate sectors: technical, semantic, political/human, security/reliability and business/legal. Following the Carnegie Mellon Software Engineering Institute (2004, p. 16) , I identified four themes crosscutting the above-mentioned aspects: the complexity of interoperability and its implementation, lack of links between funding and control and links between current and legacy systems which affect the work of current systems.
Results
The chapter Results reports the results of my research. It presents the historical legislative development of interoperability in the European Union, describes the borders and security systems which will interoperate, and the disadvantages and advantages of their planned interoperability.
In the last part of this chapter, I analyse the recommendations for enhancing the potential benefits of interoperability and overcoming its potential challenges. This chapter discusses their applicability to the European Union information systems in the areas of borders and security.
Within this chapter, first the findings are summarized, and only afterwards critically analysed. The trends and patterns were identified, the meaning of findings highlighted and linked to the research previously presented. To investigate the disadvantages and advantages and present the recommendations, the document analysis was performed with a focus on:
• Data quality (personal data, biometrics)
• Data protection (data minimization, purpose limitation, data retention, access to data, sharing the data with Third countries)
Solutions
Based on the Methodology and Results chapters, the solutions for both overcoming the shortcomings and enhancing the advantages of interoperability within the European Union information systems in the areas of border and security are proposed. They are described in detail in the Recommendations chapter. If known, the risks, costs or other barriers of the implementation of the proposed recommendations are drawn out.
The recommendations are based on the evidence (stated in the Results chapter). To increase the value of the research, the author of this dissertation refutes proposed solutions and compares them with recommendations proposed by other stakeholders affected by interoperability within the European Union and listed in the Results chapter.
Advantage / Disadvantage of interoperability of EU information systems in the areas of border and migration vs Recommendations
Data quality, data retention and data subject’s access to their own data
Problems with data quality (wrong matches / inaccurate data) which might be either magnified or easier to spot thanks to the interoperability (European Union Agency for Fundamental Rights, 2017, p. 30 and European Data Protection Supervisor, 2018, p.23)
To improve the data quality of legacy systems and test automatic data quality checks prior to their entry to operations (European Union Agency for Fundamental Rights, 2017, p.30):
Standardization of the data collection process (Skyttberg, N. et al., 2016);
Avoiding manual data entry, automatic error verification, double checks, data verification with data subject (European Union Agency for Fundamental Rights, 2017, p.34);
Development of the data quality checks prior to the Proposals implementation (European Data Protection Supervisor, 2018, p.25);
Ensuring that all Member States make an effort to improve the data quality (Committee on Civil Liberties, Justice and Home Affairs, 2018);
Use of Artificial Intelligence algorithms as a monitoring tool (European Economic and Social Committee, 2018, p.14)
To implement data biometrics standards:
To implement eu-LISA standard for captured and matched fingerprints and ICAO requirements for face images (European Union Agency for Fundamental Rights, 2017, p.32);
Common choice of Biometric Fingerprint File (European Commission, 2017c, p.20);
Introduction of pop-up alerts in case of biometric data with a higher risk of being false (European Union Agency for Fundamental Rights, 2017, p.14).
To promote Universal Message Format (UMF) (Europol, 2014 and High-level expert group on information system and interoperability, 2017, p. 34)
To add the requirement of revision and update of the user profiles within central management of the interoperable system (European Data Protection Supervisor, 2018, p. 19)
Training (European Union Agency for Fundamental Rights, 2017, p. 19)
To define a valid search mode for the European Search Portal (European Commission, 2017c, p. 21)
To add a flag in a system, when yellow alert appear as a result of inconsistencies with data stored in ETIAS (European Union Agency for Fundamental Rights, 2017, p. 37)
To designate eu-LISA and authorities in the Member States as a joint data quality controllers (European Data Protection Supervisor, 2018, p.25)
To add child protection objective (European Union Agency for Fundamental Rights, 2017, p. 36).
Unclear procedure for data’s subject to access, rectify, erase and restrict the data (European Data Protection Supervisor, 2018, p. 23)
To create an EU-wide portal handling requests related to the data access, rectification, erasure, restriction and data’s subject claims for changing decisions based on the data stored in the system (European Union Agency for Fundamental Rights, 2017, p. 41)
ESP will query Interpol databases, which might contain biased data (European Union Agency for Fundamental Rights, 2018, p. 19)
To create a safeguard, that the owners of Interpol data (Third countries) will not have access to the information that their data was accessed and by which country (European Union Agency for Fundamental Rights, 2018, p. 20)
Different retention periods in the interoperable systems (Meijers Committee, 2018, Data retention, para 2.)
To clarify the data retention policy (European Union Agency for Fundamental Rights, 2017, p.22)
To shorter time limits for data preservation in the case of minors (Committee on Civil Liberties, Justice and Home Affairs, 2018)
Advantage / Disadvantage of interoperability of EU information systems in the areas of border and migration vs Recommendations
Data minimization, purpose limitation, access to data, sharing the data with Third countries
Potential undermining data minimization principle (Quintel, T, 2018, p. 15 and Article 29 Data Protection Working Party, 2018, p. 3).
BMS should match the data not to store it (European Union Agency for Fundamental Rights, 2017, p. 24)
To remove unnecessary data from CIR (European Union Agency for Fundamental Rights, 2018, p.24)
To remove ECRIS-TCN from MID (European Union Agency for Fundamental Rights, 2018, p. 39)
Potential undermining purpose limitation principle (Quintel, T, 2018, p. 15 and Article 29 Data Protection Working Party, 2018, p. 3).
Broader access of law enforcement officers to the data in CIR (European Union Agency for Fundamental Rights, 2018, p. 10)
To allow law enforcement access CIR only for “the purposes of preventing, detecting and investigating terrorist offences or other serious criminal offences in a specific case” (Article 22, COM(2017)793) (European Union Agency for Fundamental Rights, 2018, p.26)
To introduce safeguards for protecting the data against unauthorised access (European Union Agency for Fundamental Rights, 2017, p.26)
To clarify the conditions under which eu-LISA has access to the interoperable databases (European Data Protection Supervisor, 2018, p. 28)
Advantage / Disadvantage of interoperability of EU information systems in the areas of border and migration vs Recommendations
System governance
Need for increased system governance (Committee on Civil Liberties, Justice and Home Affairs, 2018)
To improve the governance of the interoperable systems
Annual reporting of eu-LISA to EDPS and Commission on the implementation of interoperability and reporting every two years on the impact of interoperability on fundamental rights (Committee on Civil Liberties, Justice and Home Affairs, 2018)
Designation of Member States a central verification authority (European Union Agency for Fundamental Rights, 2018, p.34)
Reflection
The African proverb says “if you want to go fast go alone. If you want to go far, go together”. Looking carefully into its sense, it is possible to see, that it can concern both the interoperability and the idea standing behind the European Union.
The European Union is based on mutual trust and this is also the base for the interoperability efforts. The information systems in the areas of borders and security aim to protect one of the main achievements of the European Union: free movement of people within the Schengen Area.
Up till now, all systems were working separately and there were gaps between them causing information to get lost. The terrorist attacks were exploring those gaps and in response, in 2016 the European Commission published a Communication Stronger and smarter information systems for borders and security.
This Communication marks a starting point for a more serious debate over the information systems and the ways of connecting them. This dissertation aimed to present the advantages and disadvantages of the interoperability of the above-mentioned systems and to provide the recommendations for overcoming the challenges.