An appeal by two Albanian nationals which raised issues about the applicability of EU data protection laws to asylum seekers has been dismissed by the Supreme Court.
The applicants sought asylum here in December 2014 and appealed over a decision that the UK is the EU member state responsible for deciding their applications.
Under the regulatory system known as the “Dublin scheme”, the EU member state where either fingerprints are stored or an asylum claim was first made has principal responsibility for determining claims for international protection.
The Irish authorities had sent the applicants’ fingerprints, taken on their arrival here, to the UK authorities.
After the UK stated the fingerprints matched prints held on UK records for persons with different names who had been issued with multi-visit visas for the UK valid from October 2014 to late April 2015, the Refugee Appeal Tribunal upheld a finding by the Office of the Refugee Applications Commissioner (ORAC) that the UK must decide their applications. The applicants took judicial review proceedings raising issues about whether information-sharing provisions under article 34 of the Dublin III Regulation 2013 create enforceable legal rights they could potentially enforce.
They claimed the information requests sent from here to the UK did not comply with requirements of article 34 with the result that personal information about them was sent by the UK to Irish immigration authorities.
After the High Court and Court of Appeal dismissed their case, the Supreme Court agreed to hear a further appeal.
On Wednesday, the five-judge court unanimously upheld the Refugee Appeal Tribunal decision and also ruled the appeal raised no issues concerning the applicability of article 34 which required referral to the Court of Justice of the EU.
Ms Justice Elizabeth Dunne, with whom the other judges agreed, said article 34.1 and 34.2 of the Dublin III regulation contemplate a situation in which the country from which information is requested – the UK – is entitled to look for information to enable it answer that request. It is clear from article 34.2 that fingerprints can be sought by the requested country, she said. The fact the UK did not ask Ireland for fingerprints did not mean they could not be provided and the transfer and provision of these fingerprints to the UK involved no breach of article 34 or any other data protection law, she held.
While the grounds for the information request to the UK should have gone further than simply stating the applicants had claimed asylum here, such as setting out the fact they had said they had transited through the UK, “it is hardly necessary to state the obvious”, she said.
There was no breach of article 34 by providing the fingerprints in the relevant form and they were lawfully transited to the UK under the relevant provisions of the Refugee Act 1996. She also held there was no breach of the obligation under Dublin III to make “take charge” requests in respect of the applicants “as quickly as possible” or within three months of the date on which the application was lodged.
This take charge request was made exactly three months to the day from when the applicants sought asylum here and was thus made within time, she said.
In a concurring judgment, Mr Justice Peter Charleton said there “is no reality” to a judicial review seeking to overturn transfer to the UK of this international protection application where it is now admitted the applicants are different people to whom they said they were and who are liable to be processed in Britain because they had obtained a visa to visit there.
There was no “mass transfer of data” in this case and the “only reliable” information available to the Irish authorities was the applicants’ fingerprints, he said.
As a matter of law, the State is entitled to protect its border and internationally obliged under EU legislation to make this transfer, he said.