Of course, an alliance like Schengen has all sorts of advantages for its members - including in the area of Islamist counterterrorism. The individual secret services have the opportunity to exchange data in real time and can also access a common database. Sounds good, but apparently not quite compliant with the law, as now a Dutch control committee noted. The result of the audit is a number of obligations, controls and agreements of the parties involved, as well as the general recommendation of cooperation of all national data protection officers. The previous mumbling under the cloak of secrecy secrecy should in any case have an end.
In sum, the whole thing is in an "operational platform", which sits in The Hague. 29 are also part of the European intelligence community, with whom the Federal Office for the Protection of the Constitution cooperates. But the history of intelligence cooperation has started much earlier. 2001 was created by the EU intelligence services, as well as those of Norway and Switzerland, the so-called "Counter Terrorism Group" (CTG) of the so-called "Berner Club", which sets measures to combat Islamist terror both virtually and personally in The Hague ,
"Third Party Rule": All top secret!
Already the name of the "operative platform" is, well, a bit meager, we would say. And so it is in all other aspects of the grouping. In fact, nobody really knows anything about it, especially since the facility does not belong to the EU. Various parliamentary questions on personnel, costs, location or the database itself remained unanswered. Secret is and remains and secret. The secret services alone ensure this through their "Third Party Rule", which commits all parties to silence.
"Carefree" handling of data
The CTG can not do it that easy, since the "operative platform" is located on a Dutch server and therefore Dutch data protection law applies to the stored sensitive data. The Dutch Commission for the Supervision of Intelligence and Security Services (CTIVD) has not been asked twice and the A closer look at the platform, In doing so, she discovered that in some cases the data was also handled "carefree".
This report set the ball rolling and deprived the "operational platform" of its secrets. In fact, even the public has been privy to some things: the data exchange works so that newly entered data is passed on to all other parties. In addition, a "multilateral" information transfer is possible, whatever that means exactly. It could be that in this way suspects who are being controlled, for example, can be checked in real time.
All parties responsible for "adequate level of data protection"
The weaknesses in data exchange found by the Commission now have their consequences, of course. The "operational platform" is operated by the Dutch secret service AIVD, which is also responsible for them. The Commission accordingly requests that the AIVD ensure data protection and a regular review. Stupid for the Dutch secret service, good for everyone else? Far from it: the Commission also makes the other parties responsible, because they are all responsible for maintaining an "adequate level of data protection". This results in a "joint and several liability". As a result, it should be no more and everyone of the 29 actors to sign an agreement on the use of common standards and data exchange itself - so no one can no longer press or always advance the AIVD, which has so far been a very practical and common strategy was. True to the motto: I can not do anything for it ...
European Convention on Human Rights should take effect
The focus of data protection, of course, are the rights of those affected. Whether they have any knowledge about storage in the "operational database" or can inform themselves, is not clear to date. Here the Dutch Control Commission refers to the European Convention on Human Rights and intends to apply it to the database. Specifically, it is about the deletion of false or irrelevant data, a precise goal definition, more limited write and access permissions and limited storage.
Cooperation of national data protection authorities necessary
All these precautions and measures for more privacy sound good on paper. But how does one actually implement such obligations with umpteen involved secret services? After all, they appreciate their confidentiality very much. However, the report of the Dutch Commission has probably also sounded the alarm bells among colleagues in other Schengen states. If the respective data protection officers were to team up, it would be more likely to control or work through the previous working method. The Commission, which recommends cooperation, thought so too. At the moment, however, such cooperation can be virtually impossible due to the statutory confidentiality of "state secrets". This would first have to be eliminated. Another possibility would be a transnational supervisory body, but this would also be associated with considerable effort and the consent of the parties involved.
While there is no real solution to the secrecy of the secret services in relation to the "operational platform", it is gratifying that it at least comes to light. Who knows what else is going on ...