Information management in the area of freedom, security and justice: EDPS welcomes the overview as a first step in the evaluation process

Today, the European Data Protection Supervisor (EDPS) issued an opinion on the Commission's communication of 20 July 2010 (*) providing a comprehensive overview of EU instruments that regulate the collection, storage or cross-border exchange of personal data for law enforcement or migration management purposes (Schengen Information System, EURODAC and Prüm Decision on DNA data exchange are examples of those instruments). The Communication also sets out the core principles that the Commission intends to use in the future as a benchmark for the initiation and evaluation of policy proposals.

The EDPS welcomes and fully supports the objectives and the main content of the Communication. In many of his opinions and comments, the EDPS has indeed repeatedly advocated the need for an assessment of all existing instruments on information exchange before proposing new ones. He also welcomes that the Communication makes a clear link with other exercises launched by the Commission to take stock and evaluate the exchange of information in the area of freedom, security and justice.

The EDPS however draws attention to the fact that this initiative should only be considered as a first step in the evaluation process. Such an exercise should be followed by further concrete measures, the outcome of which should be a well-structured, integrated and comprehensive EU policy on information exchange and management.

Peter Hustinx, EDPS, says: "I fully support the ongoing work on the evaluation of all instruments dealing with information exchange in the area of freedom, security and justice. There is a need for a comprehensive policy based on a real and in-depth assessment of this area. I consider this Communication as an important first step in that direction and will follow closely further developments in this field.”

The opinion also includes, amongst others, the following main recommendations:

• objective and balanced assessment: assessment of information management should not only focus on successful aspects, but also report on deficiencies and weaknesses of the systems (e.g. number of people wrongly arrested or inconvenienced following a false hit in the system);
• alignment of data subjects' rights: it should be ensured that citizens benefit from similar data protection rights across all different EU systems and instruments dealing with information exchange;
• privacy and data protection assessment: the EDPS believes that the Communication provides a good opportunity to better analyse what is meant by a "privacy and data protection assessment", and recommends that specific indicators and features be developed to that end;
• biometrics and system interoperability: the EDPS invites the Commission to develop a more coherent and consistent policy on the prerequisites for use of biometrics and a policy on systems interoperability.

(*) Communication of 20 July 2010 from the Commission to the European Parliament and the Council "Overview of information management in the area of freedom, security and justice" (COM(2010) 385 final)