In October the
European Commission set out plans that would allow certain types of
law enforcement data – such as fingerprints, DNA profiles and
telephone numbers – held in one Member State, to be more easily
available to equivalent authorities in other Member States.
The proposals, in the form of a draft Framework Decision, are
based on the principle of availability, and are intended to improve
police and judicial cooperation in the era of trans-national
threats and crimes.
But Peter Hustinx, the EDPS, is concerned at a number of data
protection issues raised by the proposals, relating in particular
to the sensitivity of the data involved and the reduced control of
the use of the information.
"The principle of availability can be justified; abolishment of
internal borders calls for exchange of police information between
the Member States,” he said. “But one should keep in mind that this
network will share sensitive data, and that sensitive data always
requires specific safeguards. We must not underestimate the risks
of misuse, so let us introduce this gradually and cautiously."
In an Opinion, published yesterday, Hustinx considers the
proposals in the light of other EU initiatives, such as the
Schengen Information System and Europol, and various bilateral and
multilateral agreements between Member States.
He finds that the availability principle, while allowing an
easier flow of information, will reduce the control that Member
States have over that flow of information. Accordingly legislation
put in place by Member States to protect that information might no
longer be sufficient.
In addition, says Hustinx, the provision of the data, and the
creation of indexes in order to make the system work, will
inevitably generate more data than is available at the moment.
There is therefore a clear need for the availability principle
to be complemented by appropriate data protection rules – and
Hustinx therefore welcomes the close linking of the proposals with
another draft Framework Decision on the protection of personal data
processed in the framework of police and judicial cooperation in
criminal matters.
He advocates a gradual introduction of the system, starting with
one type of data (and not six as proposed by the Commission), to
allow regulators to monitor both the ability of the availability
principle to support law enforcement and also the data protection
risks involved.
The system could then be extended or modified as
appropriate.
He also suggests using a system of indirect access, where index
data is made available to authorities from other Member
States, allowing them to identify and request the particular
information needed. This, says Hustinx, would allow for more
control of the exchange of information than a system based on
direct access.
Finally, Hustinx calls for clarifications on the scope of the
availability principle and on how a system of index data would be
established. Special safeguards should be set up with regard to DNA
data and information exchange with Europol should be limited to the
purposes of Europol itself, he says.
