Privacy watchdog finds police data riddled with errors

OUT-LAW News, 15/09/2005

One in 20 records in a database used by enforcement agencies across Europe is in breach of privacy laws, according to criticisms made by Denmark's data protection authority into the controversial Schengen Information System.

The Danish Data Protection Agency has criticised Denmark’s National Commissioner of Police for what it calls an "unacceptably high" number of errors in reporting individuals to the Schengen Information System, or SIS.

The SIS database gives enforcement agencies throughout Europe access to reports on individuals and objects, such as cars, for border control purposes, internal police checks and in some cases for the purpose of issuing visas, residence permits and dealing with those whom the system defines as aliens.

People are reported to the SIS on immigration, public order or national security grounds. Once on the SIS database, people are generally refused permission to enter or stay in the Schengen area – which covers most of Europe – although citizens from participating Member States are allowed to travel throughout the area without being subjected to checks at internal borders.

Currently, 13 of the 15 original Member States of the EU are part of SIS, plus Norway and Iceland. The UK and Ireland are only partially involved, but that could change.

The expansion of the EU last year means that the demands on the SIS are likely to increase. Political changes, particularly in the wake of 9/11, Madrid and London bombings, have led to a greater demand for information exchange between nations.

Last week, Home Secretary Charles Clarke told the European Parliament of the need to strengthen the SIS, which he described as "a critical tool for ensuring our collective security and for guaranteeing our rights." An updated system is already in the pipeline – and SIS II is expected in early 2007.

But the Danish study has cast doubt on the accuracy of the SIS data.

The Joint Supervisory Authority of Schengen – an independent watchdog made up of representatives of national data protection authorities – is reviewing processes for the reporting of data to SIS on unwanted aliens. As part of this it had asked the Danish Data Protection Agency (DDPA) to evaluate whether Denmark's reporting complied with the requirements of the Schengen Convention.

A letter sent by the DDPA to the National Commissioner of Police in June reveals the problems with the system.

According to the letter, the Danish authorities have made 443 references to the SIS. On reviewing each of those cases, the National Commissioner’s Office found that 22 cases, or 5%, had been wrongly reported.

In seventeen other cases, data had been correctly reported, but some of it had not been keyed in correctly, or completely, while in seven more cases the reporting had been made correctly but when it later turned out that the persons reported were known under false names, the data had not been corrected.

In eleven cases, reporting had been made correctly, but “by mistake no steps had been taken to allow the Immigration Service to carry through consultation” as required under the Convention.

The review also established that in eleven cases the sentences on which the SIS reporting was based were wrong in so far as expulsion was concerned, either because they had been passed incorrectly or because the sentence references were wrong.

Finally the review revealed that in a few cases in which the reporting was correct, the notice of reporting to the SIS had not been properly served on the individual concerned.

The National Commissioner has confirmed to the DDPA that steps have been taken to correct the problems. Nevertheless, the DDPA found that in some instances the National Commissioner had failed to meet the requirements of the Schengen Convention and Danish data protection laws in reporting data.

According to the letter: “Reporting to the SIS may have serious consequences for the person concerned, as according to Article 5 of the Convention a person will, as a main rule, be unable to obtain permission to enter and stay in the Schengen area.”

It concluded, “the number of errors is unacceptably high, and the Agency therefore finds the results of the review criticisable.”

The Danish authorities have made only 443 references to the SIS – and only a small percentage of these have been found to be in error. But other countries make a far greater number of references to the SIS. By 1^st February 2003, Italy had made 335,306 reports, Germany had made 267,884, and the Netherlands 9,363.

If the error rate in other countries is comparable, tens of thousands of people are likely to be affected.

See: The DDPA letter, in English (6-page / 65KB PDF)

See also:

• Clarke tells MEPs to back data retention law, OUT-LAW News, 07/09/2005
• Border controls and data sharing: plans for SIS II, OUT-LAW News, 02/06/2005
• Civil liberties groups unite against a surveillance society, OUT-LAW News, 21/04/2005

Feedback | Printer-friendly page | Latest news | | All news feeds | Ask a lawyer