Statewatch News Online: EU: Member States and Europol seek to ease EU-wide access to police databases through "automation of the data exchange process"

Support our work: become a Friend of Statewatch from as little as £1/€1 per month.

Member States and Europol seek to ease EU-wide access to police databases through "automation of the data exchange process"

A project proposed by France that seeks to automate the searching of national police databases has survived the Commission's December call for a halt to new police databases and computer networks at EU level. Europol and a number of other Member States have also expressed an interest in the project, 'Automation of the Data Exchange Process' (ADEP), which does "not intend to create new legislation but to enhance information exchange by automation of current manual procedures." [1]

ADEP would allow "the widest possible automation of time consuming manual activities," and was originally conceived as part of the European Police Records Information System (EPRIS) project, which was declared unnecessary by the Commission in a Communication on the European Information Exchange Model issued in December. [2]

EPRIS would have granted Member States' law enforcement authorities the ability to search national databases directly in order to see if records on particular persons existed, without providing access to the information contained within the records. This would have been obtained by a formal follow-up request.

Currently, searches are undertaken by staff at National Contact Points (NCPs) following requests from another Member State. The Member State making the request is then told whether the information they are seeking is available, leading to a subsequent formal request for it.

EPRIS may be gone, but the project that attempts to automate database searches lives on: a January meeting of the Working Group on Information Exchange and Data Protection (DAPIX) added the initiative to the third "action list" that will feed into the forthcoming EU Information Management Strategy. [3]

At the same meeting, a data protection impact assessment for the Information Management Strategy was scrapped due to the completion of the Commission's Communication on the European Information Exchange Model, which said of data protection that "safeguards in the existing instruments must be carefully observed" and that "the data protection rules in existing instruments will need to be reviewed to assess the need to align them with the new Directive," which will cover data protection in the police and criminal justice sectors. [4]

January's agreement amongst Member States in DAPIX was based on a document issued by France and Finland in October last year, which noted that "the main activity of daily police information exchange between National Contact Points (NCPs) consists primarily of checking whether relevant data are available in the general police databases of the requested Member State(s)." [5]

"It is estimated that currently 65% of the requests are not replied to at all and only 35% get a positive or negative answer," the document continued. "In view of the considerable amount of manual work involved, it seems plausible that a lot of possible requests are not sent at all in order to avoid unnecessary efforts in the requested Member States but thereby neglecting assumedly essential investigative approaches."

The note went on:

"The widest possible automation of time consuming manual activities would therefore help to allocate the limited resources (most notably personnel) in the NCPs to prioritised tasks, better address complex request [sic] and aid investigations… Particularly in view of the economic situation within the EU, the automation and restructuring of the current manual or unstructured processes would have economic and financial advantages compared to the development of a completely new system for information exchange."

France and Finland stated that they consider the project to be of "urgent" importance. Hungary and Spain also expressed interest in the project, and the four Member States have since been joined by Europol and potentially other national delegations - recent documents do not provide clarity on the matter. [6]

At a meeting of the DAPIX working party on 31 January, the Italian delegation stated that it wanted to withdraw the ADEP project from the third action list, but this "was not supported by the meeting and the Presidency explained that the project did not intend to create new legislation but to enhance information exchange by automation of current manual procedures." [7]

The project may raise concerns about the possibility for police to engage in "fishing expeditions" across national databases - searching at random in the hope of unearthing previously unknown information.

In 2008, it was revealed that fishing expeditions in national police DNA, fingerprint and vehicle registration databases may have damaged the functioning of the databases, as well as information contained within them. An official note on "good practice" in conducting searches said that:

"The varying scale of national databases, partly linked to population size, has led experts to doubt whether the databases of the less-populated States are able to deal with other States' searches. At times there are even concerns that databases may be damaged by overwhelming search volumes." [8]

So far, there has been no public mention of the need for safeguards to protect against this under the French and Finnish project, nor any concern noted over the implications of providing police forces across the EU with new powers to conduct automated continent-wide database searches.

[1] DAPIX, Summary of discussions, 5964/13, 31 January 2013
[2] European Commission, Strengthening law enforcement cooperation in the EU: the European Information Exchange Model (EIXM), COM(2012) 735 final, 7 December 2012
[3] DAPIX, Summary of discussions, 17313/12, 3 December 2012
[4] European Commission, Proposal for a directive of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data ("Police and Criminal Justice Data Protection Directive"), Version 34, 29 November 2011)
[5] French and Finnish delegation, IMS Action List No 3 EPRIS/ADEP: Automation of the data exchange process, 14944/12, 15 October 2012,
[6] Ibid. at [2]; COSI, Summary of discussions, 6318/13, 13 February 2013
[7] Ibid. at [1]
[8] Automated searches ("fishing expeditions") may be damaging national police databases, Statewatch News Online, August 2009
Search our database for more articles and information or subscribe to our mailing list for regular updates from Statewatch News Online:

Home page | Statewatch News Online | In the News & News Digest | What's New | Statewatch Journal

© Statewatch ISSN 1756-851X. Personal usage as private individuals/"fair dealing" is allowed. We also welcome links to material on our site. Usage by those working for organisations is allowed only if the organisation holds an appropriate licence from the relevant reprographic rights organisation (eg: Copyright Licensing Agency in the UK) with such usage being subject to the terms and conditions of that licence and to local copyright law.

Our work is only possible with your support.
Become a Friend of Statewatch from as little as £1/€1 per month.


Spotted an error? If you've spotted a problem with this page, just click once to let us know.

Report error