Fight against crime: general availability of information for Member States' law enforcement authorities and for Europol officers

This document consists of the European Data Protection Supervisor’s (EDPS) opinion on the proposal for a Council Framework Decision on the exchange of information under the principle of availability.

The EDPS will be available for further consultation at a later stage, following relevant developments in the legislative process on this proposal as well as on other related proposals.

According to the EDPS, the principle of availability should be implemented into a binding legal instrument by way of a more cautious, gradual approach which involves one type of data and to monitor to what extent the principle of availability can effectively support law enforcement, as well as the specific risks for the protection of personal data. This more cautious approach could include starting with the implementation of the availability principle only by way of indirect access, via index data. Based on these experiences, the system could possibly be extended to other types of data and/or modified in order to be more effective.

The EDPS makes the following recommendations aiming to modify the present proposal:

1) clarifying the scope of the principle of availability as follows: adding a clear and precise definition of the data that will be considered available; limiting the scope of the principle of availability to information controlled by competent authorities; in case of a broader scope, ensuring sufficient safeguards for the protection of personal data;

2) direct access to databases by a competent authority of another Member State: the issue has to be properly addressed since, in case of direct access, the designated authorities of the originating Member State have no control over the access and the further use of the data; the proposal may not promote an unconditional interconnection of databases and thus a network of databases which will be hard to supervise;

3) establishment of a system of index data: the proposal should provide for adequate rules, at least on the creation of index data, on the management of the filing systems of index data and on the adequate

organisation of the access to the index data; the definition of index data needs to be clarified; the proposal should clarify the role of national contact points as regards index data; the basic rules for the creation of index data should be included in the Framework Decision itself and not left to implementing legislation in accordance with the comitology-procedure.

4) exchanges of DNA data: clearly limit and define the type of DNA information which may be exchanged (also with regard to the fundamental difference between DNA samples and DNA profiles); set up common technical standards aimed at avoiding that variations in practices on forensic DNA databases in Member States could lead to difficulties and inaccurate results when data are exchanged; provide for appropriate legally binding safeguards aimed at preventing that the developments of science

would result in obtaining from DNA profiles personal data which are not only sensitive, but also unnecessary for the purpose for which they were collected; only be adopted after an impact assessment.

5) limiting the information exchange with Europol to the purposes of Europol itself, as mentioned in Article 2 of the Europol Convention and the Annex thereof.