The following migration-related policy recommendations are proposed for the European Commission:
- Formally adopt and apply a policy of professional project management for/to Common Implementation Plan for the Pact on Migration and Asylum (CIPPMA).
- Create a CIPPMAA Steering Committee of a manageable size; hire/appoint a fully authorised and experienced CIPPMAA Project Director + a small group of Deputy and Assistant Project Directors charged with the day-to-day management of the delivery of prioritised CIPPMAA functionality, one of whom would have overall responsibility for all IT integration and delivery within CIPMAA, and another with overall responsibility for human rights standards compliance; set up an adequately-resourced CIPPMAA Project Management Office capable of effectively monitoring the myriad activities across all CIPMAA tasks and objectives, incorporating Project Planning (including Actual vs. Planned, Budget and Financial Control functions).
- Commission the execution of an in-depth audit of the CIPPMAA project plan which should be presented for the consideration of the CIPPMAA Steering Committee
- Ensure that the revised and updated CIPPMMA implementation plan makes proper contingency provision for software design options if one or more parts of the Migration and Asylum Pact’s (MAAP) legal framework are struck down by national or European courts.
- Assign separate internal teams (with external expert assistance as and where necessary) to carry out an in-depth review of ALL functional specifications and contemplated timelines with a brief to review and propose new revised timelines after the in-depth project plan is finalised, approved and adopted without dates.
- Set aside funding explicitly earmarked for supporting expertise in the carrying out of Fundamental Rights Impact Assessments (FRIA) by individual member states as well as training in the design and carrying out of FRIAs for human resources in individual member states.
- Establish and fund new/further research topics to explore the application of OSINT technologies and AI-based tools to migration and the development of tools and protocols for the responsible use of OSINT technologies.
To implement the above recommendations the following guidelines are provided:
- As explicitly and publicly acknowledged by the European Commission (EC), the timely delivery of EURODAC and other IT tools is critical path to the success of the entire MAAP initiative.
- The Common Implementation Plan for the Pact on Migration and Asylum (CIPPMAA) does not contain the detailed project plan to be implemented by the Commission itself.
- If such a project plan already exists, this should be made public immediately in order to create transparency and boost confidence in the ability of the Commission to successfully implement a very large project within what prima facie would appear to be impossible timescales.
- If a proper project plan does not exist then, one should be drawn up as a matter of absolute priority at the correct level of detail, preferably with the assistance of an independent outside contractor specialised in delivery of project planning in similarly sized projects.
- The detailed final project plan for CIPPMAA should be capable of withstanding robust scrutiny by independent, experienced auditors well accustomed to delivering/auditing to the highest international standards of project management science.
- The plan should include contingency “privacy by design/privacy by default” modular design which would enable EURODAC and other IT software products to be capable of continuing to function despite having parts of their data hived off and rendered inaccessible should the Courts at some future point decide that the collection and processing of that data be unnecessary and/or disproportionate despite the fact that MAAP would have provided a legal basis for the processing.
- The main shortcoming of the CIPPMAA is undoubtedly the over-ambitious timescales, which should be revised to acknowledge the real pace of implementation.
- Carrying out a Fundamental Rights Impact Assessment (FRIA) is a significantly more complex exercise than a Data Protection Impact Assessment (DPIA), especially in AI-related matters.
- Resources should be allocated for the training of personnel in carrying out FRIAS.
- The legal basis for OSINT is insufficient across most EU member states and that a number of recommendations have been made in order to improve the application of OSINT technologies and AI-based tools to migration as well as the development of tools and protocols for the responsible use of OSINT technologies.
- New EC-supported research projects would help provide the critical mass to further explore such recommendations as well as other options as current and new technologies continue to be developed with a view to also being deployed in migration-related sectors.