Integrated data management concept

page

To improve Europol's effectiveness in providing accurate crime analysis to the competent authorities of the Member States, the legislator determined that the organisation should use new technologies to process data. Europol should be able to swiftly detect links between investigations and common modi operandi across different criminal groups, to check cross-matches of data and to have a clear overview of trends, while guaranteeing a high level of protection of personal data for individuals.

A core element of the ER is the introduction of an Integrated Data Management Concept (IDMC). The idea is to move away from specifically described systems towards defined purposes of processing operations which can be implemented in a technology-neutral manner. The concept is based on general data protection principles and specifically defined safeguards such as time limits for storage of information, prior consultation, implementation of data protection by design, and logging and documentation requirements.

This section includes cross-checking, strategic and thematic analysis, operational analysis, facilitation of information exchange, research and innovation projects, Europol Most Wanted list, determine the relevance of received data, determine categories of data subjects, and support of an ongoing specific criminal investigation.

  1. The Europol regime in the world of data protection
  2. Integrated data management concept
  3. Relations with partners
  4. Exercising the rules: who watches the watchdog?
  5. Data protection and law enforcement - a successful union

Integrated data management can be defined as the possibility, deriving from the ER, to use crime-related information for multiple business purposes as indicated by the data owner, allowing for its management and processing in an integrated, technology-neutral manner. In this, it differs from previous legal frameworks that were system-centric in terms of data processing.

The IDMC hence grants Europol a certain degree of flexibility on how to technically design and implement its processing environment subject to full compliance with general data protection principles and safeguards.

The ultimate decision on whether or not a new type of processing operation on personal data is deemed necessary and proportionate does not lie with Europol but with the European Data Protection Supervisor (EDPS), Europol’s competent external data protection supervisory authority.

Europol may process personal data only for the purposes of:

Art. 18(2) ER

  • Cross-checking aimed at identifying connection or relevant links between different criminal investigations;
  • Analyses of a strategic or thematic nature;
  • Operational analyses;
  • Facilitating the exchange of information between Member States, Europol, and other bodies;
  • Research and innovation projects;
  • Support Member States in informing the public about suspects or convicted individuals.

Art. 18(6) ER

  • Determining whether received data are relevant to its tasks and, if so, for which of the aforementioned purposes.

Art. 18(6a) ER

  • Determining the categories of data subjects.

Art. 18a ER

  • Support of an ongoing specific criminal investigation within the scope of Europol’s objectives.

Cross-checking

The categories of personal data and categories of data subjects whose data may be processed for the purpose of cross-checking are specifically defined in the ER.

Only persons who are suspected of having committed or taken part in a criminal offence in respect of which Europol is competent, or who have been convicted of such an offence, may be processed for the purpose of cross-checking. Furthermore, cross-checking is possible for persons regarding whom there are factual indications or reasonable grounds to believe that they will commit criminal offences in respect of which Europol is competent (potential future criminals).

Data which may be processed in this context includes an individual's name, date and place of birth, nationality, sex, place of residence, profession and whereabouts of the person concerned, social security number, driving licence(s), identification documents and passport data, and where necessary, other characteristics likely to assist in identification, including any specific objective physical characteristics not subject to change such as dactyloscopic data and DNA (established from the non-coding part of DNA). Furthermore, certain information relating to criminal offences can be stored.

Data submitted to Europol for cross-checking is directly accessible at national level with a view to enabling comparison against other data sets. This shall be without prejudice to the restrictions indicated by the provider of the personal data.

Personal data relating to minors is, however, only searchable on a hit/no-hit basis in order to grant additional protection considering their sensitivity from a data protection perspective.

Strategic and Thematic Analysis

Processing for analysis of a strategic nature means all methods and techniques by which information is collected, stored, processed and assessed with the aim of supporting and developing a criminal policy that contributes to the efficient and effective prevention of and fight against crime.

Strategic analysis aims to give a better understanding of crimes and criminal trends in general. This should enable decisions at a strategic level to influence the criminal developments in question. Examples are adjusting legislation, training and capacity-building to better investigate and prosecute, preventive measures and awareness-raising. Strategic analysis may also indicate on which points concrete thematic analysis is recommended to further specify how to address the problems concerned from an operational perspective.

Processing for analysis of a thematic nature means all methods and techniques by which information is collected, stored, processed and assessed with the aim of determining the operational focus and the most appropriate tactics and methods to prevent, disrupt and investigate crime.

Thematic analysis fills the space between strategic analysis and operational analysis. The focus is more concrete than strategic analysis and that makes the use of personal data more relevant. Yet the aim is not to look into concrete criminal offences, but rather to understand a criminal phenomenon, what the main factors, actors and enablers are, in order to indicate where to target the investigative resources and how to tackle the problem most effectively. As such it can direct decisions on the prioritisation or initiation of criminal investigations or other operational action.

Even though personal data may be used for processing for the purpose of strategic and thematic analysis, the results of such analysis usually do not contain any references to concrete data subjects.

Operational Analysis

The purpose of operational analysis is to support criminal investigations and criminal intelligence operations through all methods and techniques by which information is collected, stored, processed and assessed. From a data protection perspective this is the most interesting but also most intrusive processing operation – which is why the strongest data protection safeguards apply.

Operational analysis may be performed on suspects, convicted persons and potential future criminals - but, where necessary, also on contacts and associates. Furthermore, only if it is strictly necessary and proportionate, personal data relating to witnesses, victims, informants and minors can also be included.

The processing of personal data, by automated or other means, revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, and processing of genetic data or data concerning a person's health or sex life is even prohibited, unless it is strictly necessary and proportionate for preventing or combating crime that falls within Europol's objectives and if such data supplements other personal data processed by Europol. The selection of a particular group of persons solely on the basis of such personal data is not allowed.

But how does all of this work in practice? And how would a Europol analyst know if something is considered necessary – or even strictly necessary – for the purpose of a particular analysis project? The answer lies in the fact that such more intrusive processing operations with particular focus on individuals may only be performed within so-called operational analysis projects (APs):

For every AP, the Executive Director of Europol shall define the specific purpose, categories of personal data and categories of data subjects, participants, duration of storage and conditions for access, transfer and use of the data concerned, and shall inform the Management Board (MB) and the EDPS thereof. This happens by means of an Analysis Project Portfolio, which incldues specifically defined data category tables for all operational analysis projects at Europol.

Personal data may only be collected and processed for the purpose of the specified operational analysis project. Where it becomes apparent that personal data may be relevant for another operational analysis project, further processing of that personal data shall only be permitted insofar as such further processing is necessary and proportionate and the personal data are compatible with data category tables that apply to the other analysis project.

Only authorised staff may access and process the data of the relevant project.

In order for the APs to function and allow for efficient analysis, the data in the files must be thoroughly checked: high quality information generates high quality analysis. Law enforcement authorities have to be able to rely on the information provided by Europol to be correct and valid. As a result, Europol may only process data if it is accurate and up to date. After an initial check when inputting the data, regular reviews take place to ensure that the data continues to fulfil these requirements. Also regular compliance checks for the purpose of verifying the lawfulness of data processing and ensuring proper data integrity and security contribute to ensuring highest data protection standards.

Facilitation of Information Exchange

Considering Europol’s focus on information exchange, safe and swift transmission of data is essential. Information must travel amongst relevant stakeholders without the risk of interception. As is the case for the storage and analysis, transmission of data to and from Europol must follow specific data protection principles and information security standards.

The state-of-the-art secure information exchange network application (SIENA), hosted in the secure environment of Europol’s headquarters, allows Member States, Europol, other Union bodies, third countries and international organisations to communicate through a fast, secure and user-friendly channel.

Europol also maintains a number of alternative secure information exchange channels in order to cater for special operational needs such as transmission of large files, data potentially including malware, real-time communications or virtual command posts, etc. However, there are technical arrangements and policy requirements to at least mirror such alternative communications into SIENA which also serves the purpose of keeping detailed records of all operational information transfers into and out of Europol.

Europol may act as technical service provider without the necessity to gain access to content. Where information exchanges exclude Europol, they shall take place under the responsibility of the entities concerned and in accordance with their law. This applies in particular to those exchanges of information that fall outside of Europol’s mandate. 

Research and Innovation Projects

Europol can process personal data for the purpose of research and innovation projects, as long as it is strictly required and duly justified to achieve the objectives of the project concerned. Moreover, special categories of personal data can be processed for this purpose if it is strictly necessary and subject to appropriate safeguards, which may include pseudonymisation.

Research and innovation projects refers to projects for the development, training, testing and validation of algorithms for the development of specific tools, and other specific research and innovation projects relevant for the achievement of Europol’s objectives.

The processing of personal data for this purpose requires the application of various safeguards. For instance, any research and innovation project requires a Data Protection Impact Assessment and prior authorisation by the Executive Director, in consultation with the Data Protection Officer and the Fundamental Rights Officer.  Moreover, the EDPS and the Management Board must be informed prior to the launch of the project.

Moreover, certain security safeguards apply:

  • the personal data to be processed has to be temporarily copied to a separate, isolated and protected data processing environment within Europol for the sole purpose of carrying out that project;
  • only specifically authorised staff of Europol can access to the personal data;
  • it cannot be transmitted or transferred or affect the data subjects;
  • shall be erased once the project is concluded or the time limit for the storage of personal data has expired;
  • the logs of the processing of personal must be kept for two years.

EU Most Wanted List

Europol supports Member States, upon their request, in informing the public about suspects or convicted individuals who are wanted on the basis of a national judicial decision. For that purpose, Europol hosts a site which lists the most wanted criminals who have been charged with or convicted of serious crimes in Europe, such as murder, sexual exploitation of children, armed robbery and terrorism.

Aiming at increasing security within the EU, Europol Most Wanted List is the first initiative on a pan-European level to jointly present a most wanted list on a common platform.

Determine the Relevance of Received Data

Europol may temporarily process data for the purpose of determining whether such data is relevant to its tasks and, if so, for which of the purposes referred to in the Europol Regulation. The time limit for the processing of such data shall not exceed six months from its receipt.

Determine categories of data subjects

Europol is entitled to process data for the sole purpose of determining the data subjects of the personal data provided to it. The time limit for the processing cannot exceed 18 months from the moment Europol ascertains that the data falls within its objectives or, in justified cases, for a longer period (a maximum of three years) where necessary for the purpose. In this case, Europol shall inform the EDPS.

This personal data shall be kept functionally separate from other data.

In the case that Europol concludes that the data provided cannot be categorised, Europol shall erase the data and, where relevant, inform the provider.

Support of an Ongoing Specific Criminal Investigation

One of the main functions of Europol is to support ongoing specific criminal investigations within the scope of Europol’s objectives. In this regard, Member States, the European Public Prosecutor’s Office (EPPO) or Eurojust can provide investigative data to Europol, and request it to support an investigation by way of operational analysis or, in exceptional and duly justified cases, by way of cross-checking.

Moreover, third countries can provide personal data for operational analysis that contributes to the specific criminal investigation in one or more Member State that Europol supports. In this case, the DPO must evaluate the data transfer, and if he or she concludes that there is an indication that such data is manifestly disproportionate or was collected in obvious violation of fundamental rights, Europol cannot process the data and has to delete it. Furthermore, the DPO has to assess if the notification to the EDPS is appropriate.

Europol shall process the aforementioned data for as long as it supports the ongoing specific criminal investigation for which the investigative data was provided, and only for the purpose of supporting that investigation (principle of purpose limitation).

Europol can store investigative data and the outcome of its operational analysis of such data beyond the processing period upon request from Member States, EPPO and Eurojust. The purpose of this function is to ensure the veracity, reliability and traceability of the criminal intelligence process, and only for as long as judicial proceedings concerning a related criminal investigation are ongoing in that other Member.

The categories of personal data that fall outside of Europol’s mandate shall be kept functionally separate from other data, and can only be processed where necessary and proportionate for the purposes of supporting a criminal investigation or ensuring the veracity, reliability and traceability of the criminal intelligence process.

Relations with partners