Why do we need to continue strengthening police cooperation in the EU?
Criminals operate across borders. According to Europol's 2021 EU Serious and Organised Crime Threat Assessment, almost 70% of criminal networks are active in more than 3 Member States and around 65% of the criminal networks active in the EU are composed of members of multiple nationalities. These criminal networks are involved in major types of cross-border crimes, including trade in drugs, property crime, trafficking in human beings and migrant smuggling.
To effectively prevent and detect crimes in the EU, police officers should be able to go after criminals across borders. The current rules on information exchange and police cooperation in the EU have proven not to be sufficiently clear, leading to uncertainty, diverging practices across Member States and practical obstacles to cooperation.
Without a good level of cooperation between police forces in Member States, criminals would continue to operate across Member States, taking advantage of the different national jurisdictions.
This is why a clearer and coherent legal framework is needed to ensure convergence of national practices and effectiveness of information exchange.
Easier police cooperation will help boost the prevention, detection and investigation of criminal offences in the EU, fostering security for everyone living and moving in the Schengen area.
What is the current framework for police cooperation and data exchange? Is it fit for purpose?
The EU has legislation in place on police cooperation and data exchange.
The Convention Implementing the Schengen Agreement sets a number of baseline rules for conducting cross-border hot pursuits and cross-border surveillance operations. The rules are however not always precise, allowing for instance Member States to decide on whether or not to set distance limitations when hot pursuits take place on their territory. This creates uncertainty and lack of clarity as to which rules police officers have to follow when intervening in another Member State.
The 2006 Council Framework Decision on simplifying the exchange of information between law enforcement authorities sets out rules for information exchange between Member States when conducting criminal investigations or criminal intelligence operations. The Decision has however proven difficult to implement and enforce, meaning rules and practices differ at national level, impeding the efficient flow of information.
Operational police cooperation between Member States is also taking place under national law, taking into account non-binding Council guidelines, for instance on setting up contact points for information exchange. Member States have set up at least 60 bilateral and multilateral cooperation agreements between themselves, all different from one another. While this allows Member States to take into account regional specificities, it has also led to fragmentation and obstacles to cooperation. As an example, in smaller or landlocked countries, law enforcement officers may have to follow up to 7 different sets of rules when conducting hot pursuits in neighbouring countries.
From a practical point of view, secured communication equipment used between different Member States is also not always compatible, meaning a police officer conducting hot pursuits in another country may not be able to communicate with colleagues from his country or from a neighbouring country once they cross a border. Additionally, Member States do not always have the necessary structures or resources in place to exchange information effectively with other Member States. A single channel for information exchange is missing, leading to duplication of requests, undue delays and occasional information loss.
Overall, the level of operational police cooperation between Member States still varies greatly. The current EU legal framework creates uncertainty and lack of clarity as to which rules police officers must follow when intervening in another Member State.
The EU also has rules in place for automated exchange under the 2008 Prüm framework, allowing police forces of EU Member States to exchange DNA, fingerprints and vehicle registration data for the purpose of preventing, detecting and investigating crime. While the framework has proven to be a successful tool for law enforcement cooperation, helping to solve crimes, several issues hamper the timely and smooth exchange of information. Some of the rules on the technical specifications of queries, security measures and communication are outdated, as forensic science and technology have significantly evolved in the past decade. Differences in national rules and procedures for following up after a “hit” can also cause significant delays in the information exchange.
What changes does the Commission propose?
Today's proposals will allow police officers across the EU to cooperate more effectively, efficiently and systematically.
The proposal for a Council Recommendation on operational police cooperation will make it easier for police officers to work in other EU countries. It will create common standards for better cooperation between police officers participating in joint operations and acting in the territory of another Member State through:
-Clearer rules for working across borders, with a common list of crimes for which hot pursuits and surveillance across border are possible and no more geographical or time limits on such operations. This also includes clear and common rules on the executive powers police officers can use when engaging in hot pursuits, surveillances and joint operations across borders. Police officers should for instance be able to conduct identity checks during joint operations, or to carry their service weapon and arrest suspects after a hot pursuit, pending the arrival of national police officers.
-Effective access to information during cross-border operations: Member States should give police officers operating in other EU countries remote and secure access to their own databases and to EU databases as well as secure messenger tools to communicate directly with their colleagues in the host Member State.
-Joint planning and risk analysis: Existing police customs cooperation centres should become joint police stations capable of not only exchanging information, but also planning, supporting and coordinating joint operations based on shared risk analysis.
-Promoting the use of targeted joint operations to counter migrant smuggling and trafficking in human beings.
-Promoting a common EU culture of policing through joint trainings, including language courses or exchange programmes.
The proposal for a Directive on information exchange will ensure police officers make relevant information available to their counterparts in other Member States. The proposal includes:
-Precise, consistent and common rules to ensure equivalent access to information: If information is available concerning a criminal offence in a Member State, it must, as a general rule, be made available to other Member States' law enforcement authorities as well, under the same conditions.
-A single contact point and clear time limits: Member States should put in place a “Single Point of Contact”, operational 24/7, adequately staffed and acting as a "one-stop shop" for information exchange with other EU countries. The information requested should be made available within 8 hours (for urgent cases), up to maximum 7 days (in other cases). Requests can only be refused in well-defined cases, for instance if the information would jeopardise the success of an ongoing investigation, harm the vital interest of a person, go against the essential interests of the security of the Member State or if the required judicial authorisation is refused.
-A single channel for information exchange: The Secure Information Exchange Network Application (SIENA), managed by Europol, will become the default channel of communication.
-A stronger role for Europol as the EU criminal information hub: Europol should be in copy of exchanges concerning offences falling under the scope of its mandate.
The revised rules on the automated exchange of data under the Prüm framework will improve, facilitate and accelerate data exchange through:
-A simplified channel for exchanging information: Information will go through a central router to which national databases can connect, replacing the multitude of bilateral connections between national databases. The central router will not store any data, it will only act as a message broker. Member States will retain ownership and control over their data.
-A time limit for efficient information exchange: In case of a match following a query, Member States must share the information identifying the suspect or convicted criminal, including their name, nationality and date of birth, within 24 hours.
-Additional data categories: Police officers will be able to share facial images of suspects and convicted criminals and police records under the Prüm framework (in addition to DNA, fingerprints and vehicle registration data as is already the case currently).
-Allowing interoperability with other EU information systems, providing for fast and controlled access to the information that law enforcement officers need to perform their tasks and for which they have access rights.
-An enhanced role for Europol to support Member States more efficiently by allowing it to take part in the Prüm framework. Member States will be able to automatically check biometric data from non-EU countries held at Europol and Europol will be able to check data from non-EU countries against Member States' databases, helping to identify criminals known by countries outside the EU, under the strong privacy and fundamental rights safeguards established in Europol's mandate and in the Europol cooperation agreements with third countries.
How is information exchanged under the ‘Prüm' framework?
Under the ‘Prüm' framework, Member States can check whether another EU country holds DNA, fingerprint and vehicle registration data related to an ongoing criminal investigation. For instance, fingerprints found at a crime scene in one EU Member State can be compared with profiles held in the databases of other EU States in an automated manner. If any data matches, the requesting Member State receives a notification. This notification does not include data allowing for the identification of the subject of the match. After the matching data sets are verified by a forensic expert, the requesting Member State can ask to receive more information, including data allowing to identify the person concerned. In case of vehicle registration data, the additional data is provided immediately with a hit.
Why is it necessary to include more categories of data under the automated data exchange in the ‘Prüm' framework?
The exchange of information on facial images and police records is crucial for effective criminal investigations and for identifying criminals. Adding these categories of data to the automated data exchange under the Prüm framework will significantly increase the possibilities of identifying criminals and of solving criminal cases.
The exchange of facial images (i.e. photos) and police records between Member States currently takes place manually, with no efficient procedure in place to compare facial images against images stored in other Member States' databases or to find out whether relevant information on police records exists in another Member State's database.
In criminal investigations, an image of a suspect (for instance from a nearby security camera) is often the only lead available from the crime scene. Comparing this image not only to images stored in national databases, but also against images stored in other Member States' databases will significantly increase the possibilities of identifying the criminal. It could also reveal different identities used or different crimes committed by the same person in other Member States. Adding facial images of suspects and convicted criminals to the automated data exchange would provide police officers with faster and more reliable access to information, significantly increasing the possibilities of identifying criminals.
Similarly, adding police records to the automated data exchange would provide law enforcement authorities with additional information which could contribute to solving criminal cases.
What does the inclusion of facial images entail and what fundamental rights safeguards are proposed?
The image of an unknown person associated with a criminal event (taken for instance from a surveillance camera) will be searched against a law enforcement database containing facial images of known individuals. The search will result in a list of candidates which is then reviewed by a human operator in the requesting Member State, who decides on any potential match. The search can only be made in relation to a specific criminal investigation and after a crime has been committed. Only facial images of suspects or convicted criminals can be exchanged. There will be no matching of facial images to the general population. There is also no envisaged use of artificial intelligence for the comparison of facial images under the proposed Regulation. The results of the search will be returned to the requesting Member State, which will proceed to the verification of these results and to the potential confirmation of a match. Access to data is reserved exclusively for duly authorised staff, on a ‘need to know' basis.
The Regulation does not propose the establishment of a centralised database for police facial images. It only allows Member States to search facial images of suspects and convicted criminals' on each other's databases. The search is retrospective; the proposal does not entail live facial recognition or remote biometric identification of large groups of persons in public spaces.
The addition of facial images will not lead to storing new categories of data as Member States already collect such data under national law and store them in national databases, but will constitute a new processing of data. It would be limited to the extent necessary to achieve its purpose and it would only allow for comparison of data in case-by-case situations. All its provisions are subject to the EU's data protection legislation as set out in the 2016 Law Enforcement Directive. Data identifying the suspect or convicted criminal would only be shared if there is a match following a query.
What role will Europol play under the new rules?
The proposed Directive on information exchange creates an obligation for Member States to involve Europol in information exchange for cases falling under the agency's mandate by using the Europol-managed Secure Information Exchange Network Application (SIENA) as the default channel for communications.
As regards operational police cooperation, the proposal for a Council Recommendation asks Member States to create a coordination platform, together with Europol and the Commission, to better support and target joint patrols and other joint operations across the EU.
When it comes to automated data exchange, Europol will form an integral part of the Prüm framework. Member States will be able to check biometric data from non-EU countries held at Europol. Europol could also check data from non-EU countries against Member States' national databases. This would allow for the potential identification of criminals known by countries outside the EU and guarantee that no gaps occur regarding data related to crime and terrorism received from non-EU countries.
How will data protection and privacy be guaranteed under these proposals?
Today's proposals are subject to the robust data protection rules and procedures set out in the 2016 Law Enforcement Data Protection Directive, helping to ensure full alignment with the EU's personal data protection rules
The proposals are based on the principles of data protection by design and by default. Data processing is limited to what is necessary for the purpose of preventing and detecting criminal offences and conducting criminal investigations. Access to data is reserved exclusively for duly authorised staff, on a ‘need to know' basis.
The Regulation on automated data exchange for police cooperation contains specific provisions on measures required from eu-LISA and Member States' authorities to ensure the security of data processing, the appropriate handling of security incidents, and to guarantee the rights of data subjects.
In addition, the use of the Secure Information Exchange Network Application (SIENA) as the default communication channel under the proposed directive on information exchange will also enhance the security of the personal data processing systems and their overall protection against possible abuses. Launched in 2009, SIENA is a trusted platform ensuring secure transmission of sensitive and restricted data, run by Europol.
Is financial support available to Member States to implement the changes proposed?
Financial support is available to Member States under the Internal Security Fund, whose objectives include improving and facilitating information exchange, improving and intensifying cross-border cooperation and supporting the strengthening of Member States' capabilities in preventing and combating crime, terrorism and radicalisation, as well as managing security-related incidents, risks and crises. Member States can therefore include activities relevant for implementing today's proposals in their national programmes.
For More Information
Press release: Police Cooperation Code: Boosting police cooperation across borders for enhanced security
Factsheet: Reinforcing police cooperation across Europe
Proposal for a Directive of the European Parliament and of the Council on information exchange between law enforcement authorities of Member States (see also the impact assessment and its executive summary)