Policing: EU and UK to extend post-Brexit biometric data exchange agreement


The EU and UK are to extend the application of rules that allow the cross-border searching and exchange of DNA and fingerprint data by law enforcement authorities, pending an evaluation of the UK’s data protection rules, which must take place by the end of June next year.

Support our work: become a Friend of Statewatch from as little as £1/€1 per month.

Fingerprints and DNA

The Trade and Cooperation Agreement (TCA) signed between the EU and UK at the end of 2020 maintains UK involvement in the EU’s network of police databases holding fingerprint, DNA and vehicle registration data, known as the ‘Prüm’ system.

The network makes it possible for law enforcement officials to search other states’ databases and, in the event of a match against a DNA profile or fingerprint, to request the provision of further information, such as an individual’s name, address, or other data held.

Although politicians and law enforcement officials are enthusiastic about the system, external observers are more critical. Rafaela Granja, a sociologist specialising in the transnational sharing of DNA data, told POLITICO last year:

“We have no way of actually assessing if this system is indeed contributing to international crime-fighting… Professionals working with it say it has a positive impact, but it cannot be measured with the data available.”

Evaluation procedure

Although the UK already had already joined the network by the end of 2020, when the country ceased to be bound by EU law, the TCA requires a renewed data protection and technical evaluation of the systems put in place to link the UK up with the rest of the Prüm network. That should have been carried out by the end of this September, but was not.

However, the TCA allows an extension of the data-sharing until 30 June 2022, and the EU and UK are set to agree just such an extension in the Specialised Committee on Law Enforcement and Judicial Cooperation, one of the new joint EU-UK institutions established by the TCA.

Security risks

According to the Council Decision (Council doc. 11697/21, pdf) setting out the position to be taken by the EU in the Specialised Committee, the failure to undertake the necessary evaluations by 30 September presents:

“…a significant risk that a gap in cooperation concerning DNA profiles and dactyloscopic data would arise from 1 October 2021. This would present concrete risks for the internal security of the Union.”

The Decision, which was approved by the Committee of Permanent Representatives last week (link to pdf) and will next be signed off by the Council by written procedure (Council doc. 11608/21, LIMITE, pdf), follows a letter sent by the Home Office at the end of July that said although the UK was ready to be evaluated, it accepted that the EU would not be able to conduct the procedure by the end of September, and thus: “The UK can accept this extension to accommodate the evaluation process.”

Parliamentary procedure

The taking of decisions behind closed doors is nothing new in the UK’s involvement in the Prüm system.

The Council of the EU approved the UK joining the systems for DNA and fingerprint data on the condition that the UK start sharing data on suspects as well as convicts.

In June 2020, the UK government buckled under the pressure and announced to Parliament that forces in England, Wales and Northern Ireland would make suspects’ data available for Prüm searches, and that consultations with the Scottish government on the topic were ongoing.

This makes some DNA profiles on some 5.7 million people available for searching by law enforcement authorities in EU member states.

The ministerial decision reversed parliament’s decision only to share data on those convicted of a crime, leading a House of Commons committee to note that it was:

“…deeply concerned at the Government’s lack of engagement with Parliament during the review process or involvement of Parliament in evaluating and endorsing the outcome of the review and the change in the Government’s policy...”

In a letter to James Brokenshire, the then-Security Minister, the committee underscored:

“We are also concerned that your Written Ministerial Statement makes no mention of wider stakeholder consultation on a policy change which has clear implications for the protection of civil liberties… The consequence of the Government’s policy change is that more data, with fewer safeguards, will be shared with EU Member States now that the UK has left the EU than was the case when the UK itself was a Member State.

There will be more data-sharing to come – the UK is yet to join the vehicle registration data part of the Prum network, and later this year the European Commission will announce plans to expand the system to include facial recognition databases.


Further reading

Image: police officers holding a 'spit kit' used to gather DNA samples. West Midlands Police, CC BY-SA 2.0

Our work is only possible with your support.
Become a Friend of Statewatch from as little as £1/€1 per month.


Spotted an error? If you've spotted a problem with this page, just click once to let us know.

Report error