- There are three different types of intelligence that can be shared by law enforcement and intelligence agencies:
- strategic intelligence
- operational intelligence and,
- tactical intelligence.
- Strategic intelligence is often shared more than operational and tactical one, as a result of it generating less operational and legal concerns due to its aggregated nature.
- The level of interference with the rights of individuals is different for each type of intelligence.
- Operational intelligence is often more intrusive and more able to present risks for the protection of the rights of individuals since it might affect them directly. This can be seen also in the framework of the risk categories introduced by the draft AI Act. The high-risk qualification is reserved to those systems that directly affect the situation of a natural person.
- However, the risks for an individual are less prominent in strategic or tactic intelligence, the results of which do not target directly natural persons.
- From a degree of processing intelligence sharing may include either:
- Raw intelligence data and/or
- Analytical products.
- These different intelligence products might also have an implication for the protection of the rights of individuals. While above it was argued that the risks for data subjects would be minimized if they are not directly affected by the results of intelligence sharing, the reliability of the data used for training AI system still remains a point of concern.
- Unreliable data, at personal or aggregated level, will have as a consequence unreliable result and, even if not directly, they might indirectly effect data subjects crossing a border.
- Furthermore, concerns about data security would continue to be present together with the difficulty of ensuring that the data minimization principle is complied with.
- Thus, it becomes crucial to pay extra attention to the raw data collected and potentially shared. This might also present the risk of being back washed – raw data that present biases or have been collected unlawfully in a jurisdiction might be re-presented back in the form of analytical intelligence product from a different jurisdiction.
- Intelligence sharing may also occur in the context of public-private partnerships. While one could argue that protection of human rights follows the same standards due to the international treaties and agreements between countries, this conclusion is not straight forward when private parties are involved.
- For the Court of Justice of the EU, the involvement of economic operators in the internal market triggers the application of EU laws and standards also in fields that otherwise would have been excluded from such application, such as for example in the field of national security and intelligence operations. [Note: see Cases C-511/18, C-512/18 and C-520/18 La Quadrature du Net and others and C-623/27 Privacy International.] In this light, it becomes difficult to maintain the same standards for sharing personal data with third countries where private operators are not required to follow EU law standards.
- For example, the countries of the Western Balkans must in principle present the same standards for data protection as the EU in light of their obligations under the Stabilization and Association agreements and the candidate-country statuses. However, none of them is found thus far as to have an adequate level of data protection as required by the EU. Thus, mechanisms that provide for adequate safeguards need to be considered for the protection of the rights of individuals in the present of intelligence transfers that include public-private partnerships.
Resources
Born et al., (2015) et al., Making International Intelligence Cooperation Accountable, DCAF.
Corbett et. Al (2022). Beyond NOFORN: Solutions for increased intelligence sharing among allies. Available at https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/beyond-noforn-solutions-for-increased-intelligence-sharing-among-allies/.
Court des competes (2024). La Politique de lute contre l’immigration irrégulière. Rapport public thématique. Available at https://www.ccomptes.fr/sites/default/files/2024-01/20240104-Politique-lutte-contre-immigration-irreguliere.pdf.
EDPS (2023). Audit Report – Executive Summary – on the European Border and Coast Guard Agency (Frontex). Available at https://edps.europa.eu/data-protection/our-work/publications/audits/2023-05-24-audit-report-frontex_en.
Lefebvre, S. (2003). The Difficulties and Dilemmas of International Intelligence Cooperation, International Journal of Intelligence and CounterIntelligence, 16:4, 527-542, DOI: 10.1080/716100467.
Maras, M. (2017) Overcoming the intelligence-sharing paradox: Improving information sharing through change in organizational culture, Comparative Strategy, 36:3, 187-197, DOI: 10.1080/01495933.2017.1338477.
AI Act Regulation (EU) 2024/1689. Available at https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai.
