Member States’ law enforcement authorities and Europol to have access to EURODAC

To recall, last December the European Commission proposed the repeal of the 2000 EURODAC Regulation and its replacement by a new Regulation. The EURODAC database stores asylum seekers' fingerprints and has been created to facilitate the application of the Dublin II Regulation. The purpose of EURODAC is to assist in the determination of responsibility for applications for refugee status. It is important to mention that the Government has decided to opt into the EURODAC Regulation.

On 10 September, the Commission put forward a proposal amending the December 2008 proposal in order to extend the purpose of the EURODAC to preventing, detecting or investigating terrorist offences and other serious criminal offences. Moreover, the Commission adopted a proposal for a Council Decision on requesting comparisons with EURODAC data by Member States' law enforcement authorities and Europol for law enforcement purposes, under title VI of the EU Treaty. This proposal is subject to the consultation procedure and unanimity is required at the Council. However, if the Treaty of Lisbon comes into force, that would change to QMV and co-decision.

Member States' law enforcement authorities as well as Europol would have access the EURODAC central database for the purposes of prevention, detection and investigation of terrorist offences as defined in the Council Framework Decision on combating terrorism and of other serious crime as defined in the Council Framework Decision on the European arrest warrant.

It is important to recall that there are already several EU instruments that allow consultation of fingerprints as well as other data held by one Member State by another Member State. For instances, under the 2008 Prüm Decision Member States have to ensure automatic access, to law enforcement authorities of the other EU Member States, to reference data in their DNA analysis files and fingerprint identification systems. Member States will grant each other automated access to national Automated Fingerprint Identification System (AFIS) on the basis of a hit/no hit request. Hence, if a query produces a hit, additional information, including personal data, can be obtained in the Member State that recorded the fingerprint. However, there is no proper data protection.

The Commission has pointed out that the Prum decision procedure is useful for those Member States that store in their AFIS fingerprints of asylum seekers together with other fingerprints collected by law enforcement purposes but it will be ineffective for those Member States that do not store those fingerprints, except they are related to crime. If a query of a AFIS does not result in a "hit" law enforcement officials in order to know whether information is available in a database of another Member State must request the other Member State to query its databases and send the relevant information. Under the present proposal, it would be possible to identify directly at EU level the Member States which holds the asylum seeker fingerprints in question.

The Eurodac system consists of a Central Unit equipped with a computerized fingerprint recognition system and a central database of fingerprint data that is connected to Member State’s National Eurodac Systems.

The Member States’ designated authorities, authorised to access EURODAC data, and Europol, may submit a reasoned electronic request to the verifying authority for the transmission for comparison of fingerprint data to the EURODAC Central System via the National Access Point. Then, following verification of whether all conditions for access are fulfilled, the verifying authorities would forward the request for comparison through the National Access Point to the EURODAC Central System. However, the proposal would allow the verifying authority to immediately transmit the fingerprint data to the National Access Point for comparison in exceptional cases of urgency, before verifying whether all the conditions are fulfilled. But the proposal is not clear what would entail an exceptional case of urgency.

EURODAC presently does not provide the possibility to search the database on the basis of a latent which is the dactyloscopic trace which may be found at a crime scene but such search facility will be added to the EURODAC system under the Biometric Matching System (BMS) project. EURODAC would be technically amended in order to provide the possibility to carry out a comparison on the basis of a latent which would entail further costs.

Under the proposal designated authorities may request the comparison of fingerprint data with those stored in the EURODAC central database only if comparisons of national fingerprint databases and of the Automated Fingerprint Databases of other Member States under the Prum decision return negative results. Moreover, the comparison must be necessary for the purpose of the prevention, detection or investigation of terrorist offences or other serious criminal offences as well as in a specific case. Europol may requests comparison with EURODAC data where necessary for the performance of its tasks. However, such conditions are far from clear.

If a comparison results in a 'hit' reply from EURODAC it will be accompanied by all data that is held in EURODAC regarding the fingerprint.

Member States are required to ensure data security during all transmissions of data under this Decision. Namely, Member State would have to adopt a security plan, in order to protect data. The Council Framework Decision 2008/977/JHA of 27 November 2008 on the protection of personal data processed in the framework of police and judicial co-operation in criminal matters applies to the processing of personal data under this Decision. However, no one can ensure that the data will be protected.

The draft decision prohibits the transfers of personal data obtained by a Member State or Europol pursuant to this Decision from the EURODAC central database to third countries or to international bodies or to private parties.

The EURODAC central system would have to be amended in order to provide for the possibility to carry out comparisons for law enforcement purposes. The Commission has estimated costs around €2,415 million, including costs of 3 years of technical maintenance. It remains to be seen how much it will cost to the UK to set up and maintain the technical infrastructure necessary to implement this Decision.

It is important to recall that the Commission has also recently adopted a legislative package intended to establish a Regulatory Agency responsible for the operational management of the SIS II and VIS as well as EURODAC.