• Home /
• News /
• 2009 /
• August /
• EU: Automated searches "fishing expeditions" may be damaging national police databases

EU: Automated searches "fishing expeditions" may be damaging national police databases

28 March 2012

In June 2008 the policing aspects of the "Prum Treaty" passed into EU law with the adoption of the Council Decision on the stepping up of cross-border cooperation, particularly in combating terrorism and cross-border crime (Full-text, pdf). The Decision allows automated access to national police databases holding biometrics and data on DNA, fingerprints and vehicle registrations.

It allows access to personal data for the purposes of:

"For the prevention of criminal offences and in maintaining public order and security for major events with a cross-border dimension, in particular for sporting events or European Council meetings, Member States shall, both upon request and of their own accord, supply one another with personal data if any final convictions or other circumstances give reason to believe that the data subjects will commit criminal offences at the events or pose a threat to public order and security, in so far as the supply of such data is permitted under the supplying Member State's national law."

The Decision covers any criminal offence affecting public order and security. It covers convictions and the euphemism "or other circumstances give reason to believe that the data subjects will commit criminal offences", shorthand for "intelligence".

However, with the system up and running grave doubts were being expressed by December 2008:

"The varying scale of national databases, partly linked to population size, has led experts to doubt whether the databases of the less-populated States are able to deal with other States' searches. At times there are even concerns that databases may be damaged by overwhelming search volumes."

The larger Member States were meant under Article 13.1 to limit their automated searches so as not to exceed the capacities of the requested Member States' databases but they clearly were.

The "solution" was either to limit the number of daily searches allowed and/or to follow "good practice". "Good practice" is was proposed that police agencies should not go on "fishing expeditions" and not carry out "repeated searches". The decision to carry out a search should be taken on a case-by-case basis and:

"should not be predetermined systematically"

More obviously national police agencies should not search other states' databases for fingerprints until it has searched its own database. The report concludes that "General searches should only be undertaken" after the "good practice" of assessing the seriousness of the offence, targeting countries likely to be involved and identifying the concrete needs of the investigation.

The question of how to "share" (give automated access to) national police data and intelligence is an ongoing debate within the EU. Theoretically it is cheaper to give direct access to national databases than it is to create a new one at EU level. The technical problems this creates are referred to in the EU Future Group report in the run-up to the new Stockholm Programme and in the Commission's proposals. In these there is talk of standardising computer hardware and software and seeking to negotiate EU-wide licences with manufacturers. With the expressed desire to harness the "digital tsunami" of personal data in the ether for "public security" purposes it may be that smaller EU states may have to replace their existing database systems to accommodate the demands of the larger ones who want unlimited access to all available data and intelligence.

Sources

Council Decision on the stepping up of cross-border cooperation, particularly in combating terrorism and cross-border crime (pdf)

Implementation of the Prüm framework decision on fingerprints – Good practice for consulting Member States' databases (pdf)