thoughts and observations of a privacy, security and internet researcher, activist, and policy advisor

Sunday, December 09, 2012

EU Commission: No new law enforcement databases needed

In a communication and a press release, somewhat hidden on a Saturday Friday for whatever reasons, European Union Home Affairs Commissioner Cecilia Malmström announced that her services had done an assessment of EU-wide law enforcement information exchange mechanisms. She concluded that
information exchange generally works well, and no new EU-level law enforcement databases are therefore needed at this stage.
This is the first time in a long while that a top-level home affairs official has said that they don't need more new databases. Emphasis is added in the quote for a reason!

This conclusion is based on an "Overview of information management in the area of freedom, security and justice" which the Commission had released in 2010 and which introduced a number of criteria for further policy development in this field:
  • Safeguarding fundamental rights, in particular the right to privacy and data protection
  • Necessity
  • Subsidiarity
  • Accurate risk management
  • Cost-effectiveness
  • Bottom-up policy design
  • Clear allocation of responsibilities
  • Review and sunset clauses
In the new communication, the Commission examines a number of EU-wide information exchange instruments among law enforcement agencies. Oddly enough, they mix existing EU stuff such as Europol and the Schengen Information System (SIS) with projects started by a number of member states which have not yet been Europeanised, such as the Püm Decision or the European Border Surveillance System EUROSUR.

The Commission does also not address a number of other initiatives and databases that are currently in the legislative pipeline:
  • Eurodac, the database of fingerprints of asylum seekers, where Parliament and Council are currently debating law enforcement access;
  • EU-PNR, the proposed system of EU-wide gathering, profiling, and retention of data on all air passengers entering or leaving Europe (and with an extension to inner-European flights under discussion);
  • Smart Borders, a legislative package probably coming in early 2013, which would collect data about everbody entering and leaving the EU, including fingerprints (Entry-Exit System) and which would allow easier entering of the EU if travellers were pre-checked and profiled.
The Commission is to be applauded for such a sober look at the state of play in information exchange. Members of the European Parliament as well as several stakeholders had repretedly asked "when is it enough?" after the Commission in alliance with the Member States had pushed through massive surveillance projects such as telecommunications data retention, bulk bank data transfers to U.S.  financial intelligence services through the SWIFT agreement or air passenger mass surveillance through the PNR-agreements with Australia and the U.S. Good to finally see a red line here.

However, this raises urgent questions about the need for the above-mentioned measures still in the pipeline. The European Parliament is about to vote on the negotiation mandate for EU-PNR and Eurosur, and on the final agreements for law enforcement access to Eurodac. And one can wonder how the Commission will justify its "smart borders" package next year.

It seems the EU institutions should stop current initiatives and have a more general debate on further databases and information exchange in the field of justice and home affairs. It would make sense to align this with the debates on the work programme of the upcoming Irish Council presidency as well as the legislative reports from the Parliament on the EU data protection reform, which both will be debated in the Civil Liberties, Justice and Home Affairs Committee on 10th January 2013. 


Post a Comment

<< Home