Technological Experimentation Without Adequate Safeguards? Interoperable EU Databases and Access to the Multiple Identity Detector by SIRENE Bureaux

The Interoperability Regulations that were adopted in May 2019 are expected to connect all large-scale EU databases and shall establish three new centralised components to store personal data of all third country nationals coming or seeking to come to the European Union (EU). One of the interoperability components is the Multiple Identity Detector (MID), which is supposed to link personal data that exist in more than one of the underlying databases in order to alert competent authorities where there is a suspicion of identity fraud. The authorities that are granted access to the MID, and therewith to data held in the underlying databases, include the national SIRENE Bureaux, specialised police units responsible for exchanging information with their counterparts, which are currently set up to manage alerts in the Schengen Information System (SIS) as their primary task.
This chapter questions both the legal basis and the purposes allowing SIRENE Bureaux to access the MID and critically assesses necessity and proportionality of such access in the light of Article 52(1) of the Charter of Fundamental Rights of the European Union (CFREU). In addition, the chapter will take into consideration the risks for data subjects regarding the right to be informed and the right to an effective remedy when data exchanges take place between multiple authorities and on different levels. The chapter concludes that the interoperable system might open a backdoor for law enforcement authorities to obtain access to personal data stored in systems that they were previously not authorised to consult.