With the implementation of the interoperability architecture foreseen by 2024, the linking of EU border management and criminal databases will lead to the large scale processing of personal data of almost every third country national travelling to, moving within, and exiting the EU (and for years after). In 2018, the EDPS stated that the decision of the EU legislator to make large-scale IT systems interoperable would ‘not only permanently and profoundly affect their structure and their way of operating, but would also change the way legal principles have been interpreted in this area so far and would as such mark a “point of no return.”’ With that point now approaching, the sheer volume and complexity of the data flows foreseen, multiplicity of controllers, and facilitation of law enforcement access are confronting supervisory authorities with significant challenges, and require thorough consideration.
• How to uphold principles of transparency and fairness, and ensure data subject rights?
• How to supervise an ecosystem of processing operations across multiple controllers?
• How to audit algorithmic profiling (embedded in ETIAS and VIS) to ensure it is targeted, proportionate and non-discriminatory?
• What does interoperability mean concretely for individuals: its impact on fundamental rights, on human agency, autonomy and human dignity; as well as on certain categories of individuals, and for our societies?