Exchange of EU police information – introduce cautiously, says watchdog

In October the European Commission set out plans that would allow certain types of law enforcement data – such as fingerprints, DNA profiles and telephone numbers – held in one Member State, to be more easily available to equivalent authorities in other Member States.

The proposals, in the form of a draft Framework Decision, are based on the principle of availability, and are intended to improve police and judicial cooperation in the era of trans-national threats and crimes.

But Peter Hustinx, the EDPS, is concerned at a number of data protection issues raised by the proposals, relating in particular to the sensitivity of the data involved and the reduced control of the use of the information.

"The principle of availability can be justified; abolishment of internal borders calls for exchange of police information between the Member States,” he said. “But one should keep in mind that this network will share sensitive data, and that sensitive data always requires specific safeguards. We must not underestimate the risks of misuse, so let us introduce this gradually and cautiously."

In an Opinion, published yesterday, Hustinx considers the proposals in the light of other EU initiatives, such as the Schengen Information System and Europol, and various bilateral and multilateral agreements between Member States.

He finds that the availability principle, while allowing an easier flow of information, will reduce the control that Member States have over that flow of information. Accordingly legislation put in place by Member States to protect that information might no longer be sufficient.

In addition, says Hustinx, the provision of the data, and the creation of indexes in order to make the system work, will inevitably generate more data than is available at the moment.

There is therefore a clear need for the availability principle to be complemented by appropriate data protection rules – and Hustinx therefore welcomes the close linking of the proposals with another draft Framework Decision on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters.

He advocates a gradual introduction of the system, starting with one type of data (and not six as proposed by the Commission), to allow regulators to monitor both the ability of the availability principle to support law enforcement and also the data protection risks involved.

The system could then be extended or modified as appropriate.

He also suggests using a system of indirect access, where index data is made available to authorities from other Member States, allowing them to identify and request the particular information needed. This, says Hustinx, would allow for more control of the exchange of information than a system based on direct access.

Finally, Hustinx calls for clarifications on the scope of the availability principle and on how a system of index data would be established. Special safeguards should be set up with regard to DNA data and information exchange with Europol should be limited to the purposes of Europol itself, he says.