Disputation in European Law: Teresa Quintel

  • Date:
  • Location: University of Luxembourg. The public will be able to participate virtually via WEBEX. Please send your registration to Vera TORDAI, vera.tordai@uni.lu, by Monday 6th of September at 18:00 at the latest. A Webex invitation will be sent to you afterwards.
  • Doctoral student: Teresa Quintel
  • Organiser: Department of Law and University of Luxembourg
  • Contact person: Estelle Lerceteau-Köhler
  • Disputation

Teresa Quintel defends her thesis Managing migration flows by processing personal data within the adequate data protection instrument - Scoping Exercise between general and law enforcement data protection rules applicable to Third Country Nationals.

Opponent: Prof Wojchiek Wiewierowski, European Data Protection Supervisor
Chairperson: Prof Mark D. Cole, University of Luxembourg

Abstract

In the aftermath of increased migration flows coming to Europe in 2015, the so-called migration crisis, irregular migration and related crimes such as migrant smuggling and human trafficking became a hotly debated topic on European Union (EU) level. The results of those discussions were the fortification of the EU’s external borders, the strengthening of the mandate of relevant EU Agencies and the establishment of new databases in the Area of Freedom, Security and Justice (AFSJ). As a final step, the European Commission was tasked to examine the possibility of establishing a legal framework to enable the sharing of information among the different databases. The long-term objective was rendering all existing and anticipated AFSJ databases interoperable in order to create more comprehensive profiles of third country nationals (TCNs) with all data available. Migration management, border control and asylum had become a relevant element in the debate of internal security within the EU with a strong focus on the processing of personal data in that context.

In May 2018, the EU Data Protection Reform entered into force and introduced, besides a Regulation covering personal data processing of general nature (General Data Protection Regulation, GDPR), a Directive applicable to the processing of personal data carried out in the context of police and criminal justice (Law Enforcement Directive, LED). The Reform had become both necessary and possible after the entry into force of the Lisbon Treaty and the Charter of Fundamental Rights of the European Union (EU Charter) becoming legally binding. In addition, under Article 16 Treaty on the Functioning of the European Union, the European Parliament as new co-legislator obtained a robust mandate to adopt, together with the Council, solid data protection rules, also in the former Third Pillar. While the GDPR emphasises the principle of transparency, in the law enforcement context many processing operations may be carried out in secrecy and without involving the individual whose personal data are processed.

Where migration and related crimes are increasingly treated as security concerns, the scope of the LED may be widened as to include processing of personal data of TCNs in the area of border control. Hence, while data protection rules should apply to everyone in the EU irrespective of their nationality, in the context of border control, migration management and asylum, where personal data are needed for the assessment of TCNs, the rights of those individuals are seemingly of secondary nature compared to those of EU citizens.

Taking into account the difference made between general processing, and processing for law enforcement purposes under EU data protection law, and a potential division between certain groups of persons, in this case EU citizens and TCNs, the following research questions will be answered: How are TCNs affected by the unclear delineation between different data protection laws, and what solutions could clarify this delineation?

While answering these research questions, this dissertation demonstrates that, in the area of migration, border control and asylum, EU data protection law potentially allows for a lowering of data protection rights of TCNs. The assessment emphasizes the way in which legislative texts inherently criminalize migrants, for instance, by streamlining law enforcement access to personal data of TCNs stored in non-law enforcement AFSJ databases. The analysis identifies situations in which data protection rules originally determined for the law enforcement context

may be applied in the area of migration. Further, potential risks for TCNs as data subjects on both national and EU level are exemplified. The concluding remarks propose several amendments to existing data protection laws in the law enforcement area that could contribute to a clearer delineation between general and law enforcement rules and thereby prevent the latter from being applied to processing in a non-law enforcement context.