EU: Commission rules out new law enforcement databases - but seeks more data for Europol

18.12.12 - A communication from the European Commission published last Saturday states that the exchange of information amongst Europe's law enforcement agencies "generally works well" and that "no new EU-level law enforcement databases or information exchange instruments are therefore needed at this stage," [1] providing some relief to critics of what seemed to be an almost-endless expansion of European law enforcement database and computer networking projects.

However, whilst it puts a stop to the development of any new projects - including the European Police Records Index System, which would have given Member States' police forces the ability to search each other's records - [2] the Commission's communication is strident about the need for greater sharing of national data with Europol: "the time has come within the EU for a more coherent approach, one giving the Europol channel a central role."

With the revision of Europol's legal basis due next year, all the signs seem to point towards a significant expansion of the agency's ability to collect, retain and analyse vast amounts of data from across Europe and beyond.

Better implementation of information exchange instruments required

The communication examines a number of instruments used to ease the cross-border transfer of information: the Swedish Initiative, based on Framework Decision 2006/960/JHA and aimed at ensuring uniformity of treatment for all EU Member State police force requests for data; the Prüm Decision, which mandates the networking of national fingerprint, DNA and vehicle registration databases (a project currently seriously behind schedule); [3] Europol, the European police office whose work centres on the collection and analysis of vast amounts of information and intelligence; and the Schengen Information System (SIS), soon to be-replaced by SIS II. [4]

The communication also mentions the Customs Information System, Financial Intelligence Units, Cybercrime Alert Platforms, the Visa information System, EURODAC, and the proposed mass border surveillance system EUROSUR, although it neglects to mention the European Criminal Records Information System [5] and the forthcoming European Criminal Records Information System for Third-Country Nationals. [6]

Eschewing the need for new databases or instruments, the Commission says that "existing instruments need to be implemented," referring in particular to the fact that although the deadline for Prüm implementation was 26 August 2011, a significant number of Member States are not yet part of the national database networking project.

Similarly, the Swedish Initiative - a legislative framework rather than an information system - has "not yet reached its full potential." Although the majority of Member States have implemented national legislation that reflects the Swedish Initiative's principles (only Belgium, Estonia, Italy and Luxembourg have yet to do so), "it is in practice still not widely used. Reasons given include that alternatives are considered to be inadequate and that the request form is cumbersome (even in its 2010 simplified version)."

These calls echo those made in April this year in Council Conclusions on enhancing information exchange amongst law enforcement authorities [7] and give the impression of growing frustration within the EU institutions at the failure of Member States to implement tools regarded as indispensable to the creation of the EU's 'Area of Freedom, Security and Justice'.

"Convergence towards a single shared approach"

A diversity of "channels" are available to law enforcement authorities for information exchange, and the permissive legal framework surrounding them has provided the Commission with the opportunity to make recommendations that would see Europol's computer systems absorbing even more data from national authorities.

The main channels used by law enforcement authorities are: SIRENE (Supplementary Information Request at the National Entry) Bureaux, 24/7 offices used to provide further information via the SISNET network following successful searches in the SIS; Europol National Units, located in every Member State for the purpose of exchanging information with Europol or on a bilateral basis via SIENA (Secure Information Exchange Network Application); and the Interpol National Central Bureaux's I-24/7 network.

The channel used by law enforcement authorities for information exchange is "partly regulated by EU: SIS requests for post-hit supplementary information must be via SIRENE Bureaux, and information exchange with Europol via ENUs. Otherwise the choice is up to Member States."

This leaves the Commission free to suggest that the Europol channel should have a "central role". This would mean that "the Europol channel using the SIENA tool should become the default channel unless there are specific reasons to use another. Thus, for example, police cooperation requests currently made using SISNET (which will close when SIS II goes live) should in future be made using SIENA."

The Commission "disagrees" with Member States who "favour an approach that leaves wide flexibility to use different channels." Rather, "the development by all Member States of national rules on the choice of channel and their convergence towards a single shared approach would be better than the current dispersed approach."

Default use of the Europol channel is "justified by its advantages." For example:

"Europol Liaison Officers can be asked to intervene where necessary. SIENA [the tool used for exchange via the "Europol channel"] can be used for direct bilateral exchanges, but also facilitates sharing of information with Europol… SIENA messages are structured, can handle large data volumes and are exchanged with a high level of data security. Data protection is enhanced by exchanging information in a structured format... The suggested approach is fully in line with the Commission's forthcoming proposal for Europol reform and with the European Council's strategic guidelines in the Stockholm Programme, which state that 'Europol should become a hub for information exchange between the law enforcement authorities of the Member States, a service provider and a platform for law enforcement services'."

Member States are invited to implement these suggestions, although the Commission's communication has no binding force. Suggestions involving information exchange with Europol seem likely to be included in next year's new Europol Regulation, while other proposals - for example, for all Member States to establish "a Single Point of Contact (SPOC) covering all main channels, available 24/7, bringing together all law enforcement authorities and with access to national databases - may require more legislation if all Member States are to meet the Commission's demands.

The Commission: enthusiasts for Europol

Europol staff have no coercive powers and the agency's strengths lie in its ability to collect and analyse vast amounts of information and intelligence - what could be called 'informational superiority' - and then make the results available to Member States' authorities for the purpose of joint policing operations.

The push by the Commission for greater sharing of data by Member States with Europol comes at the end of a year in which debates have been ongoing as to what scope and tasks the agency should be given in a new Regulation, which is due to be published by the Commission early in 2013.

Article 4 of the current Europol Council Decision, dating from 2009, sets out Europol's competences - "organised crime, terrorism and other forms of serious crime [including smuggling and trafficking of human and drugs, motor vehicle crime, forgery, computer crime, corruption, and far more] affecting two or more Member States in such a way as to require a common approach by the Member States owing to the scale, significance and consequences of the offences." [8]

Related offences - those committed in order to "procure the means", "facilitate or carry out" or to "ensure the impunity of acts in respect of which Europol is competent" - are also within the agency's remit. [9]

At a discussion in the Council's Standing Committee on operational cooperation on internal security (COSI) in March this year, "most of the delegations" were against suggestions by the Danish Presidency of the Council that Europol's competences could be widened. Instead they preferred "a deepening of the current competences." [10]

It was noted that Article 10(4) of the 2009 Council Decision "authorises [Europol] to receive and store for six months any contribution, even in the absence of any tangible link to a known form of crime. Thus, activities relating to e.g. environmental crime or offences against public health could be increasingly taken into account by Europol."

As for the possibility of creating a legally binding requirement for Member States to share cross-border information exchanges with Europol, "delegations did not see a need" for such a provision. Rather, they "preferred to explore how the information exchange could be improved within the existing legal framework." [11]

Undeterred by Member States' lukewarm reception of its ideas, two weeks later the Commission issued a paper to COSI pushing again for greater data collection powers for Europol. This time it suggested that "direct contact [between Europol National Units and] national competent authorities could be enshrined in the future Regulation," that "the future Regulation could also prescribe that ENUs must have access to relevant national law enforcement databases," and that "access by Europol to private-sector held information… could notably facilitate the work of the Cybercrime Centre." [12]

April also saw the issuing of Council Conclusions on "further enhancing efficient cross-border exchange of law enforcement information" which invited Member States to "implement and fully apply all existing legal instruments for the exchange of law enforcement information", to establish Single Points of Contact, and "to further enhance the use of EUROPOL as channel for exchanging information." [13]

The EU's "criminal information hub"

The Commission's push to find ways to have more information passed from Member States to Europol is complemented by work undertaken by the agency over the past year, and work planned for next year, when it will spend over €3.5 million on new or improved information systems. [14]

These enhanced systems will be boosted by information obtained through "automatic data-loaders" which are currently used by thirteen countries [15], as well as a growing number of third states from which Europol can obtain information and intelligence. At the beginning of November, four new countries were added to "the list of third States and organisations with which Europol shall conclude agreements": Brazil, Georgia, Mexico, and the United Arab Emirates. [16]

The agency is also hoping to conclude an agreement with Russia in 2013, a country where the police "shoot, beat and torture civilians, confiscate business and take hostages," [17] and where over the last two decades the security services "have acquired so much power they can neither control themselves nor be controlled" [18] Russia's lack of compliance with international data protection standards is currently holding back finalisation of the agreement.

In 2011, Europol, Member States and "external partners" received 222,135 messages via the SIENA system, an increase of 34% on the previous year. 200,000 "objects" were listed in the Europol Information System at the end of October 2011. [19] The Commission's suggestions made during the past year indicate that it is hoping to increase these numbers.

The communication was not published in time for a full debate on law enforcement information exchange at last week's meeting of the Justice and Home Affairs Council, which was "briefed by the Presidency about the implementation measures undertaken to simplify the exchange of information between law enforcement authorities." [20] More extensive discussions will continue next year within the Council.

Previous coverage
- 'Plans emerge for the collection of personal data outside European borders to obtain "comprehensive situational awareness and intelligence support"', Statewatch News Online, 30 October 2012
- '"Ambitious, yet realistic": Europol seeks to further increase its role in European policing', Statewatch News Online, 14 September 2012
- 'UK influence over EU internal security policy-making is "remarkable", says Europol chief', Statewatch News Online, 11 June 2012
- 'Europol boosts its reach, scope and information-gathering', Statewatch News Online, 1 June 2012
- Statewatch analysis: 'Europol: The final step in the creation of an "Investigative and Operational" European Police Force', January 2007

[1] European Commission, 'Communication from the Commission to the European Parliament and the Council: Strengthening law enforcement cooperation in the EU: the European Information Exchange Model (EIXM)', 7 December 2012
[2] Statewatch Observatory, 'IT Systems and Information Exchange for Police and Judicial Cooperation in the European Union'
[3] The communication notes of the Prüm systems that "implementation is seriously lagging"; See also: Statewatch Analysis: '"Complex, technologically fraught and expensive" - the problematic implementation of the Prüm Decision'
[4] See 'Small steps to big brother: The development of the Visa Information System and the Schengen Information System II is back on track', Statewatch News Online, August 2011; and Statewatch Analysis: 'From the Schengen Information System to SIS II and the Visa Information System (VIS): the proposals explained'
[5] Statewatch Analysis: 'Implementing the "principle of availibility"'
[6] 'Another EU database for migrants: the European Criminal Records Information System on Third-Country Nationals', Statewatch News Online, November 2011
[7] 'Draft Council Conclusions on further enhancing efficient cross-border exchange of law enforcement information', 4 April 2012
[8] Council Decision of 6 April 2009 establishing the European Police Office (Europol) (2009/371/JHA)
[9] Annex to Council Decision of 6 April 2009.
[10] 'Summary of debate on possible future user requirements for Europol', 12 March 2012
[11] Ibid.
[12] 'Revision of Europol's legal basis', 29 March 2012
[13] Ibid. at 7.
[14] '"Ambitious, yet realistic": Europol seeks to further increase its role in European policing', Statewatch News Online, 14 September 2012
[15] 'Europol boosts its reach, scope and information-gathering', Statewatch News Online, 1 June 2012
[16] 'Draft Council Decision amending the list of third States and organisations with which Europol shall conclude agreements', 12 November 2012
[17] 'Cops for hire', The Economist, 18 May 2010
[18] Susan Richards, 'Russia's security services: back in charge, out of control', OpenDemocracy, 27 December 2010
[19] 'Report on the annual accounts of the European Police Office for the financial year 2011 together with the Office's replies', 4 December 2012
[20] '3207th Council meeting, Justice and Home Affairs', 6-7 December 2012


Spotted an error? If you've spotted a problem with this page, just click once to let us know.

Report error