On 2 and 7 March 2022, the EDPS issued two opinions on the Commission’s proposals for a Regulation on automated data exchange for police cooperation and for a Directive on information exchange between law enforcement authorities of Member States (→ eucrim 4/2021, 225-226).

The opinion on the Proposal for the Regulation on automated data exchange for police cooperation (Prüm II) criticises that the proposed new framework does not clearly lay down essential elements of the exchange of data which may justify a query, for instance the types of crimes. Furthermore, the scope of data subjects affected by the automated exchange of data is not sufficiently clear. Looking at the automated searching of DNA profiles and facial images, the EDPS recommends limiting these possibilities to individual investigations into serious crimes instead of applying it to any criminal offence. In addition, the legislator should introduce common requirements and conditions concerning the data in the national databases that are made accessible for automated searches. With regard to the automated searching and exchange of police records, the EDPS believes that the necessity of the proposed automated searching and exchange of police records data is not sufficiently demonstrated. Lastly, the EDPS finds that the proposal should be more explicit regarding the responsibility for the processing of personal data.

In his opinion on the Proposal for a Directive on information exchange between law enforcement authorities of Member States, the EDPS advocates amending the proposal in order to ensure compliance with data protection requirements. Such amendments should entail:

• Establishing a clear definition of the personal scope of the information exchange;
• Limiting the categories of personal data that may be exchanged about witnesses and victims;
• Introducing (short) storage periods for personal data stored in the case management systems of the Single Points of Contact,
• Inserting a requirement for the Member States to decide on a case-by-case basis whether Europol should receive a copy of the exchanged information, and for what purpose.

The Opinion also analyses and provides recommendations on several other specific issues, such
as the relationship of the proposed Directive with the existing data protection legal framework.