- Home /
- Statewatch Database /
- EU: Searching for Needles in an ever expanding haystack: Cross-border DNA exchange in the wake of the Prum Treaty by Eric Topfer
EU: Searching for Needles in an ever expanding haystack: Cross-border DNA exchange in the wake of the Prum Treaty by Eric Topfer
01 July 2008
Having “abandoned” proposals for an EU DNA database, the Member States are instead linking their national databases to achieve the same objective
Three years after the signing of the Prüm Treaty, the automated comparison of police cross-border networked DNA databases is in operation in six European countries. Core elements of Prüm were transferred into the legal framework by Council Decision 2008/615/JHA on 23 June 2008, and the other 21 EU countries will log in within the next few years. Although the establishment of the network was justified by the need to combat serious crime, interim reports reveal another story: most hits on the DNA database relate to property crime and often to anonymous “stains” (DNA from unidentified persons left at a crime scene). However, the number of stored DNA profiles is growing. More than 5.5 million people are registered in the EU member states’ databases, 13 years after the United Kingdom established the first national database in Europe, which accounts for 70 per cent of total entries.
After having “successfully” completed a test phase, Germany and the Netherlands started the comparison of their national DNA databases in late June 2008. This was reported by the German Federal Minister of the Interior, Wolfang Schäuble, and the Dutch Minister of Justice, Ernst Hirsch Ballin, at a meeting on 1 July in Berlin. Hence, the Netherlands began the operation of automated cross-national database comparison in the domain of DNA data as the sixth European country.
It was reported that for Germany, the comparison produced almost 600 hits in the Dutch database with more than 1,000 Dutch hits on the German side. These will be assessed and, if necessary, cleared. However, Schäuble was satisfied: “The benefits of data exchange are already obvious.” He stressed the “enormous time-saving effects and the significant increase in efficiency” for cross-border cooperation.[1]
The legal basis of the automated database comparison is article 4 of the Prüm Treaty which was signed on 27 May 2005 by Austria, Belgium, France, Germany, Luxemburg, the Netherlands and Spain in the German town of the same name. Prüm, also known as Schengen III, does not only govern the automated searching and comparison of police DNA databases for the purpose of criminal investigation, but the automated searching of fingerprint data and national vehicle registration data for preventive purposes and, in the case of vehicle data, even to track administrative offences. Moreover, the Treaty sets out the framework for information exchange to prevent ‘terrorist crime’ and cross-border police operations such as joint patrols and administrative assistance in case of major events or natural disasters.[2]
The Prüm Treaty has also been signed by Finland, Hungary, and Slovenia. Italy, Portugal, Slovakia, Sweden, Bulgaria, Romania and Greece are in the process of negotiating their accession. However, on the initiative of the German Presidency, the Council of the European Union decided to transfer core elements of the treaty into the legal framework of the EU on 12/13 June 2007. The recent Council Decision on “stepping up cross-border cooperation” of 23 June 2008 completed the transfer of Prüm eventually and, thus, established the legal basis for the creation of the largest pan-European network of police databases.[3] Moreover, it is planned to authorise the police to access the Visa Information System (VIS), which is supposed to start operation in 2009, and the European fingerprint database EURODAC, which is currently only allowed for asylum proceedings.[4] A joint European backbone for SIS II, VIS, EURODAC, Europol, Prüm etc. came into existence with the start of the “Secured Trans European Services for Telematics between Administrations“ (sTESTA) communications infrastructure in 2007.[5]
Furthermore, Germany and Austria in particular are striving for the further expansion of participating states: on 4 June 2008, the German government adopted an initiative by Schäuble and Justice Minister, Brigitte Zypries, to establish automated data searching procedures for DNA data (though, in contrast to Prüm, no automated comparisons) and fingerprints between Germany and the United States, designed after the Prüm model, which was already paraphrased in March, when their US colleagues Michael Chertoff and Michael Bernard Mukasey visited Berlin.[6] Austria is also examining plans for transatlantic data exchange and, following the police experts’ wish list, is striving for the integration of associated EU states such as Switzerland, Norway or Iceland into the Prüm framework.[7]
Civil liberties advocates and data protection officers criticise the Prüm Treaty and its transfer into EU law not only because of its limited protection of fundamental rights but also for the undemocratic nature of the proceedings.[8] Although the Treaty stipulates that database access has to be log-filed and should follow defined purposes, the automated cross-border exchange of police data is only limited by national legal protections, and these differ regarding data protection standards and the regulation of DNA analysis and DNA databases. Thus, Peter Hustinx, the European Data Protection Supervisor, called forthcoming EU-wide information sharing a ‘nightmare’ and criticised the fact that the Framework Decision on Data Protection for the Third Pillar of the EU has still not been implemented.[9]
It is also the case that Interpol has been operating a “DNA Gateway”, a platform for the international matching of DNA profiles, since 2002. But this Gateway, with around 77,000 entries from 47 countries, is an autonomous centralised database and the participating countries contribute only selected DNA profiles.[10] Moreover, as a rule Interpol member states request a matching procedure by fax and these are processed manually by the Interpol headquarters in Lyon. Although an opportunity for an automated matching procedure via the I 24/7-network for international police communication has existed in theory since 2005, so far very few member states have signed the relevant Charter. For example, Austria, which contributed significantly to the development of the “DNA Matching System”, did, while Germany is not a signatory.
Thus, Prüm was the first international treaty which arranged the automated cross-border matching of biometric data. In contrast to the networking of vehicle registers, the biometric data matching works on the basis of a hit/no-hit procedure at an index database without nominal data. In case of a hit, the requesting police department receives an index number, which can then be used under article 5 and 10 of the Prüm Treaty for administrative assistance requests for:
further personal data and other information referring to the existing source of information.
The DNA matching process was kicked-off between Germany and Austria immediately after both parties signed the Prüm Implementation Agreement ATIA on 5 December 2006; in June 2007, both parties started the automated exchange of fingerprint data and a few weeks later the networking of vehicle registers followed. In the domain of DNA data, Spain and Luxemburg, the latter established a national DNA database only in the aftermath of Prüm, were connected in May 2007. Slovenia followed – on a partial basis – in April 2008.[11] The automated searching of fingerprint databases is only in operation between Germany and Austria but tests are underway in Spain, Luxemburg and Belgium. Vehicle registers are searched on an automated basis across borders in Germany (so far limited to incoming requests), Spain, Luxemburg, the Netherlands and France.[12]
At least at the moment, it seems that the full realisation of Prüm is hindered by problems of interoperability and lack of standardisation. No surprise then, that the “Future Group” recently proposed a “convergence principle” as an “underlying thread to a coordinated management of European… security issues”,[13] and that these issues and a proposal for a three-phase “IT interoperability programme” (convergence being the final phase) were top priority at a joint seminar of the Article-36-Working-Group and the Strategic Working Group for Immigration, Border and Asylum Issues (SCIFA) held in January 2008 in Ljublijana and at the Conference of the “Chief Information Officers (CIOs) of Police Forces in Europe” held in Stockholm in June.[14]
The cross-border networking of police databases is usually justified with reference to the solving of spectacular criminal cases, for example, when the alleged perpetrators of a double murder in Tenerife were identified through a data exchange between Austria, Spain and Germany after a gang of burglars was caught in Austria.[15] But how representative are such examples? Until 24 September 2008, Germany achieved 4,170 hits in the DNA databases of Prüm signatory countries.[16] An interim report on DNA data matching with Austria, Spain and Luxemburg, published on 1 June 2007, shows that around 85 per cent (1,257 hits) of the then 1,508 hits were related to property crime, such as theft or fraud.[17] Moreover, a more detailed account of the results of German-Austrian DNA data matching published in March 2007 reveals that nearly one half of the German hits are only related to anonymous crime scene stains from Austria.[18] Thus, European data exchange has not changed the balance of the national databases: the quantitative criminalistic value lies in the domain of property crime.
At the beginning of 2008, more than 5.5 million DNA profiles of known persons were stored in the national databases of the EU-27 countries, plus 627,000 stains from unknown persons.[19] The British National DNA Database accounts for around 70 per cent of the total entries and is the largest DNA database in the world. In continental Europe, the German database run by the Federal Criminal Police Office (
Bundeskriminalamt) since April 1998 is the largest: almost 570,000 DNA profiles were stored by the end of June 2008.[20] However, in relation to its population, Estonia is second to the UK in the EU-27, with more than 20,000 entries; around 1.5 per cent of the total population are registered in the Estonian DNA databases. The number of registered Europeans is growing, not least because the legal limits for taking DNA samples from citizens are gradually weakening. For example, in Germany, where currently the police can only take a “genetic fingerprint” with the approval of a judge, crime detectives have been demanding for several years the right to make mandatory DNA sample-taking a standard measure of police recording.[21]
Eric Töpfer (toepfer@emato.de). Bürgerrechte und Polizei / Civil Liberties & Police (CILIP), Berlin. www.cilip.de
[See hard copy for table of National DNA Databases in EU-27 in 2008]
Sources
Figures on DNA data: Presentation “Exchange of DNA-profiles by the Treaty of Prüm” by C. P. von der Beek of the Dutch Forensic Institute at the conference “DNA Data Exchange in Europe”, June 5/6, 2008 in Maastricht/Heerlen. Online: http://www.dna-conference.eu [5.7.08].
1. BMI. Bundesinnenministerium: Deutschland und die Niederlande schließen Testphase beim Abgleich von DNA-Analysedateien erfolgreich ab, press release 1.7.08; cf. also: Dutch Ministry of Justice: Sucessful exchange of German and Dutch DNA data, press release 1.7.08.
2. A German version of the Prüm Treaty can be found online at: http://www.eu2007.bmi.bund.de/Internet/Content/Common/Anlagen/Themen/Polizei__und__Bundespolizei/DatenundFakten/Pruemer__Vertrag,templateId=raw,property=publicationFile.pdf/Pruemer_Vertrag.pdf.
3. Council Decision 2008/615/JHA of 23 June 2008 on the stepping up of cross-border cooperation, particularly in combating terrorism and cross-border crime, and Council Decision 2008/616/JHA of 23 June 2008 on the implementation of Decision 2008/615/JHA.
4. BMI: Herausforderungen an die europäische Sicherheitsarchitektur im 21. Jahrhundert. Rede von Bundesminister Dr. Wolfgang Schäuble am 29. Januar 2008 beim 11. Europäischen Polizeikongress: „Europäische Sicherheitsarchitekturen. Informationstechnologie – Ermittlung – Einsatz“ in Berlin, published 29.1.08.
5. European Commission signs 210 million new contract to create safer EU IT network, EU press release IP/06/1301, 3.20.06. Online: http://europa.eu/rapid/pressReleasesAction.do?reference=IP/06/1301&format=HTML&aged=1&language=EN&guiLanguage=en [25.8.08]; Umsetzung des Prümer Vertrages, Answer of the German Federal Government to a Parliamentary Request by the FDP, Deutscher Bundestag, Drucksache 16/6229, 17.8.07.
6. BMI: Bundeskabinett beschließt Abkommen zur intensivieren Zusammenarbeit bei der Bekämpfung schwerwiegender Kriminalität zwischen Deutschland und den USA, press release 4.6.08; BMI: Deutschland und USA intensivieren Zusammenarbeit bei der Bekämpfung schwerwiegender Kriminalität, press release 11.3.08. The German text of
the agreement AK Vorratsdatenspeicherung [3.10.08].: http://www.vorratsdatenspeicherung.de/content/view/253/1/lang,de/
7. Reinhard Schmid: Europäischer Datenverbund. In: Öffentliche Sicherheit (ed. by the Austrian Ministry of the Interior), 5-6/2008, p. 57; Engere Kooperation mit den USA. In: Öffentliche Sicherheit, 1-2/2008, p. 69.
8. Cf. among others Thilo Weichert: Wo liegt Prüm? Der polizeiliche Datenaustausch in der EU bekommt eine neue Dimension. In: DANA. Datenschutznachrichten, 1/2006, pp. 12-15; Heiner Busch: Freier Binnenmarkt für Polizeidaten. EU ermöglicht gemeinschaftsweiten Zugriff auf DNA-Informationen. In: Grundrechte-Report 2008. Zur Lage der Bürger- und Menschenrechte in Deutschland, hg. von Till Müller-Heidelberg u.a., Frankfurt/Main: Fischer Taschenbuch Verlag, 2008, pp. 38-41.
9. Stefan Krempl: EU-Datenschützer tadelt Schäubles Polizei-Superdatenbank. In: heise online news, 15.5.08. Online: http://www.heise.de/newsticker/EU-Datenschuetzer-tadelt-Schaeubles-Polizei-Superdatenbank--/meldung/107948 [12.7.08].
10. Interpol: Databases Fact Sheet. COM/FS/2008-07/GI-04. Online: http://www.interpol.int/Public/ICPO/FactSheets/GI04.pdf [16.7.08]; Interpol: DNA Gateway Fact Sheet, COM/FS/2007-09/FS-01. Online: http://www.interpol.int/Public/ICPO/FactSheets/FS01.pdf [16.7.08].
11. BMI: Deutschland und Österreich beginnen als erste Staaten mit dem elektronischem Austausch von Fingerabdruckdaten, press release 4.6.07.
12. Information provided on request by the press office of the German Ministry of the Interior BMI, 2.10.08.
13. Informal High Level Advisory Group on the Future of European Home Affairs Policy: Freedom - Security – Privacy. European Home Affairs in an open world, June 2008: http://www.statewatch.org/news/2008/jul/eu-futures-jha-report.pdf .
14. Interoperabilität von Datenbanksystemen im Bereich der Inneren Sicherheit, Answer by the German Federal Government to a Parliamentary Request by the Green Party, Deutscher Bundestag, Drucksache 16/9987, 15.7.08.
15. BMI: Deutschland und Österreich beginnen als erste Staaten mit dem elektronischem Austausch von Fingerabdruckdaten, press release 4.6.07.
16. Information provided on request by the press office of the German Ministry of the Interior BMI, 2.10.08.
17. BMI: Ergebnisse auf Seiten Deutschlands im Rahmen des DNA-Datenaustausches mit Österreich, Spanien und Luxemburg nach dem Vertrag von Prüm. Online: http://www.bmi.bund.de/nn_163598/Internet/Content/Themen/Polizei/Einzelseiten/Pruem.html [3.7.08].
18. BMI: Vertrag von Prüm. Auswertung des DNA-Datenabgleichs zwischen Deutschland und Österreich. Stand 18. März 2007. Online: http://www.eu2007.bmi.bund.de/nn_1059816/Internet/Content/Common/Anlagen/Themen/Europa__Internationales/DatenundFakten/Vertrag__Pruem__DNA__Echtabgleich__de,templateId=raw,property=publicationFile.pdf/Vertrag_Pruem_DNA_Echtabgleich_de.pdf [3.7.08].
19. According to figures in the presentation “Exchange of DNA-profiles by the Treaty of Prüm” by C. P. von der Beek of the Dutch Forensic Institute at the conference “DNA Data Exchange in Europe”, June 5/6, 2008 in Maastricht/Heerlen. Online: http://www.dna-conference.eu [5.7.08].
20.BKA: Statistik DNA-Analysedatei. Online. http://www.bka.de/profil/faq/dna02.html [16.7.08].
21. BDK. Bund Deutscher Kriminalbeamter: Genetischer Fingerabdruck: Gesetzgeber muss jetzt handeln! Press release 9.7.04.