From Schengen to Prüm: Data Protection under 3rd pillar a prerequisite

By EDRi · February 28, 2007

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

One of the main priorities of the current German presidency, the
inclusion of the Prüm’s Treaty into the EU legal framework, is likely
to be achieved before its end in 30 June 2007. During its last
meeting on 15 February the EU JHA Council agreed on incorporating
into EU legislation most of the Treaty provisions falling into the
third pillar.

This decision will create the largest pan-European network of police
database, including DNA profiles, fingerprints and other personal and
non personal data. Originally signed in May 2005 by seven EU
countries (Austria, Belgium, France, Germany, Luxembourg, The
Netherlands and Spain), later joined by nine others member States
(Bulgaria, Finland, Greece, Italy, Portugal, Romania, Slovakia,
Slovenia, and Sweden have announced their intention to adhere), the
Treaty has been designed under the lead of French-German cooperation
in view of “combating terrorism, cross-border crime, and illegal
immigration”. The Treaty has been ratified up to now by Austria,
Germany, Luxembourg, Spain, while the French Senate adopted on 21 February a
draft ratification law.

The Treaty provisions have already been used by Germany and Austria
to check their national DNA databases against each other. Although
the Treaty future incorporation into the EU legal framework would, at
least partly, answer the main criticism of creating a hierarchy
within the EU and of circumventing the Parliament, major concerns
remain, like the assimilation of illegal migrants to terrorists,
which – to say the least – questions the principle of proportionality.

Another major concern is obviously privacy and data protection. While
mutual access to databases and exchange of information to better
fight crime and terrorism is not, in principle, illegitimate in a
regional space like the EU, making this space a true area of
“Justice, Freedom and Security” needs solid prerequisites both at the
national and at the EU level.

At the national level, police databases are endlessly growing in
member States, containing more and more very sensitive information,
especially biometric data. They are no more restricted to identifying
criminals, but are now extended to the average citizen, allowing the mapping
of their daily activities, communications and movements. They are also
characterized by high error rates, due to both fault rates intrinsic to the
used technologies and to the lack of police database updates, inter alia in
accordance with judicial outcomes of the recorded cases. Sharing such files
among 27 countries would certainly increase not only massive surveillance
but also the risk of flaws endangering innocents.

At the EU level, current legislation protecting privacy and personal
data protection has little, if any, application at the third pillar
level, while EU-level information systems in this field are
broadening. Discussions have started on a Commission proposal of a
Council Framework Decision on the protection of personal data
processed in the framework of police and judicial co-operation in
criminal matters (DPFD). However the numerous reports of the
Council’s Multidisciplinary Group on Organised Crime have seriously
lowered the originally proposed level of protection, taking no
account of the Parliament and the European Data Protection Supervisor
opinions. The DPFD good proceedings have in addition been greatly
hampered by the lack of agreement between member States, to the
extent that the German presidency asked the Commission to prepare a
revised proposal. While the resulting level of protection of European
citizens’ personal data is subject to future DPFD developments, a
bottom line should reasonably be that the DPFD be adopted prior to
any further development in cross-border data exchange, most notably
before the incorporation of the Prüm’s Treaty provisions into the EU

EU JHA Council Press Release (15.02.2007)

Text of the Prüm’s Treaty (27.05.2005)

Center for European Policy Studies. “Security and the Two-Level Game:
The Treaty of Prüm, the EU and the Management of Threats” (2006)

Statewatch updated observatory of DPFD proceedings

(Contribution by Meryem Marzouki, EDRI-member IRIS)