The Police finds it detrimental to the internal security of the Schengen area that Finland should prohibit, based on its Aliens Act, the storage of registered fingerprints and photos in the SIS (Schengen Information System) to prevent serious crime, terrorism and illegal entry into the country – despite the European Commission’s request to do so.
The work to develop the EU-wide information systems aims at improving the pooling and usability of the data held by the authorities as well as the utilisation of biometric identifiers to improve internal security. This would be done without compromising the protection of privacy, protection of basic and human rights or data protection. Our national regulation is now taking us in a different direction.
The Schengen information system is one of the most important compensatory measures to safeguard the area of freedom of movement through the cooperation between the authorities. The SIS is also important for Finland since crimes increasingly take place across national borders.
One objective of the ongoing reform of the SIS is to increase the use of biometric data which is a reliable method of identifying individuals. However, in preventing terrorism, serious crime and illegal entry into the country, the Finnish national legislation will only allow for the stored crime-related identification data to be included in the SIS alerts. Only a limited part of the identification data stored on the basis of the Aliens Act can be included in the SIS alerts, mainly to prevent the exportation of lost or vulnerable persons out of the country.
All over the EU, the authorities make use of the Schengen information system to make or search alerts on wanted or missing persons and objects. The system contains about 90 million alerts, and the authorities made almost seven billion searches in the system in 2021.
Finland has chosen to limit the use of the biometric data more strictly than the SIS-regulations demand, despite the fact that the regulations are in line with EU data protection requirements. According to the basic premise, the alerting country is responsible for the contents of the alert. The country in question must ensure that the information is truthful, updated and stored lawfully in the SIS.
National data protection authorities supervise the application of data protection regulations in their respective countries while the European Data Protection Supervisor monitors the respect of data protection rules in the central system managed by eu-LISA (European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice). The parties collaborate to ensure that supervision is coordinated throughout the chain of use of the data.
Our interest is a shared interest, and the EU aims at guaranteeing the security of its citizens and areas by developing and improving the existing tools. Internal and external security are increasingly intertwined. The Commission of the European Union wants to improve the exchange of information between the Police authorities of the Member States, also to maintain the security of citizens in each country.
The EU information systems used by the authorities in crime prevention, border control and immigration flow management are not interconnected which causes gaps in the information. Problems in information exchange and combining have been noticed, for example, in connection with the terror attacks that have taken place in Europe.
The EU has tried to find solutions to mitigate these problems - problems in ways to improve the collecting and exchange of information to prevent illegal immigration and stays in Europe and to prevent and investigate serious crime and terrorism.
Due to the challenges caused by changing immigration movements and security issues, the need for successful solutions is constantly growing. At present, the EU is implementing the interoperability of EU-level information systems. This solution will combine, at systems level, the information held by various authorities with significance in view of the maintained internal security.
In 2019, the thew Council of the European Union adopted two regulations generating a framework for the interoperability of EU information systems for the needs of border, security and immigration management and controls.
The new rules will allow for the creation of an European search portal whereby the authorities can perform searches in several information systems simultaneously:
This biometric identification functionality makes it easier and faster to clarify a person’s identity. The access to biometric identifiers on a national level is especially emphasised as concerns the interoperability and efficient utilisation of the search portal – to maintain people’s safety and security.
Finland’s revised national regulation concerning the use of biometric identifies in the SIS limits the country’s possibilities to implement the tasks assigned to the authorities on the basis of EU regulations, and to safeguard the Union’s internal security and control illegal immigration. Storing of biometric identifies in SIS alerts is important for them to function and be effective.
During the Schengen country evaluation made in Finland, focusing on the use of the SIS, the Commission took notice of the fact that the current Finnish person alerts already now contain very few photos and fingerprints. Based on the Commission recommendations, the biometric identifiers should be more frequently and consistently added to future alerts.
In its document on the follow-up measures of the Schengen country evaluation, the Commission notes that Finland’s national view – presented in the follow-up report, stating that the photos and fingerprints stored in the national registers based on the Aliens Act are not, due to the principle of purpose limitation, available and cannot be included in the SIS entry ban alerts – is against the SIS regulations. According to the Commission, the EU SIS regulations require that fingerprints and photos or face images be added in the alerts to ensure reliable identification.
In the future, the same problem will burden the new alerts on third-country citizens subject to a decision of forced return. Likewise, the revised national legislation will not allow the use of the biometric identifiers taken on the basis of the Aliens Act in these SIS alerts. The SIS regulations require that all alerts related to forced return should always include photos and fingerprints.
The alerts related to the refusal of entry and stay aim at tackling illegal immigration, at the same time increasing the rate of return of those who have received an EU decision of forced return.
The rapid and reliable identification of persons is of paramount importance for these alerts. In cases of illegal immigration or stay in the country, it is usual for people to use false personal data, and if the SIS alerts have no biometric data at all, it is virtually unlikely that a false identity is detected. By adding biometric data, the EU is trying to solve the problems caused by false identities.
In the future, the SIS will be one of the central systems among the EU interoperative data system. Limited by the national amended legislation, the majority of the SIS alerts downloaded by Finland will have no photos and fingerprints, and therefore, we will not benefit from the effectiveness of SIS in terms of our internal security, potentially provided by these systems as intended by the Commission and the Council.
The Police presented all of the above considerations during legal preparation work but irrespective of these views, our national legislation will limit such core exchange of information with other EU countries as would help us maintain our internal security. Besides weakening Finland’s own performance, this will also impact the security of the entire Schengen area.
Finland will be subject to the following Schengen evaluation in 2023, and we will have the Commission’s reaction on the compatibility of our views with the Schengen regulations.
Hannu Kautto Assistant Police Commissioner National Police Board Twitter @HannuKautto