Seven countries, not including the UK, have already
agreed the Prüm Treaty, which is an agreement to share DNA,
fingerprint and vehicle registration data that was signed in the
aftermath of bomb attacks in Madrid in 2004. It is not official EU
policy and involves only the seven countries which have joined the
scheme: Germany, Spain, France, Luxembourg, the Netherlands,
Austria and Belgium.
Bulgaria, Slovenia, Italy, Finland, Portugal, Romania, Sweden
and Slovakia are now joining those countries in calling for the
Treaty to be adopted across Europe.
"The objectives of this Decision, in particular the improvement
of information exchange in the European Union, cannot be
sufficiently achieved by the member states in isolation owing to
the cross-border nature of crime fighting and security issues, and
the Member States are forced to rely on one another in these
matters, and can therefore be better achieved at European Union
level," said the proposal, published two weeks ago in the Official
Journal of the EU as a member states' initiative.
The EU itself has yet to implement a planned framework for data
protection in police matters, and the German Presidency recently
published a proposal for a framework that it hopes will be adopted
this year.
EU privacy watchdog the European Data Protection Supervisor has
backed the plan, but says that some additional data protection
measures are needed.
Data Protection Supervisor Peter Hustinx said that though the
Prüm Treaty did have data protection elements, it would need the
full EU framework to be in place if citizens are to be properly
protected once Prüm was extended across the EU.
"Data protection plays an important role in the Prüm Treaty and
the provisions have been carefully drafted," he said. "But they are
meant as specific ones, on top of a general framework for data
protection, which unfortunately has still not been adopted."
"That framework is needed to give the citizen enough protection,
since this decision will make it much easier to exchange DNA and
fingerprint data," said Hustinx.
The proposal for extension says that different kinds of
information should be treated in different ways, that more
sensitive data can be shared for more limited purposes and with
fewer people.
Hustinx also said that potential problems with the proposal are
that it does not specify who can be included in the DNA database
and does not limit the period for which data can be retained.
The proposed agreement specifies the level of data protection
that each country should give to data. "Each Member State shall
guarantee a level of protection of personal data in its national
law at least equal to that resulting from the Council of Europe
Convention for the Protection of Individuals with regard to
Automatic Processing of Personal Data of 28 January 1981 and its
Additional Protocol of 8 November 2001," it said.
"Processing of data supplied by the receiving Member State shall
be permitted solely in order to establish whether the compared DNA
profiles or dactyloscopic data match, or to prepare and submit a
police or judicial request for legal assistance in compliance with
national law if those data match," it said.
