The European Union is restructuring its police database landscape. Existing systems are being merged and supplemented by new ones. The number of authorised users is also increasing. Following technical changes, the relevant Council working groups are now being reorganised.
The European Agency for the operational management of large-scale IT systems (eu-LISA) has carried out an upgrade for the Schengen Information System (SIS II). With version 9.3.0, the database managed by the Agency based in Tallinn, technically implements its three new regulations. In future, Europol, Eurojust and Frontex will also be able to query all types of alerts in the system, including “discreet searches”.
A total of 26 EU Member States participate in SIS II, plus Iceland, Norway, Liechtenstein and Switzerland. Last year, the database contained 81 million objects and around 900 thousand persons. In 2017, most entries (20 million) came from Italy, followed by France (11 million) and Germany (over 10 million). In 2017, the system was queried five billion times, mostly by border, police and immigration authorities. In 2018, the number of hits rose to six billion, according to eu-LISA.
New “Common Identity Repository”
For two years now, about two thirds of SIS participants have been able to search fingerprints using an Automated Fingerprint Identification System (AFIS). In this way, for example, crime scene traces of unknown suspects can be compared with SIS II. Europol, Eurojust and Frontex are now also allowed to use this function. With the upgrade to version 9.3.0, it is also possible to search so-called slaps with SIS II. These are “flat fingerprints” as they will soon be taken at all external EU borders as part of the new “Entry/Exit System” (EES) with self-service kiosks. DNA data can also be stored in SIS II, but they are not searchable.
The new SIS Regulation is part of a fundamental reorganisation of EU databases in the field of justice and home affairs. All information systems containing biometric data will be partially merged under the heading of “interoperability”. The SIS, the Eurodac fingerprint database, the visa database (VIS), the criminal record ECRIS and the “Entry/Exit System” (EES), which is still to be set up, form a “Common Identity Repository” in which fingerprints and facial images with name and date of birth are stored for each person in a single searchable file.
A “shared biometric matching service” is also planned, which will check each new entry against existing data. There are also plans for a uniform “European Search Portal” which can query several databases at once. Finally, a “Multiple Identity Detector” is also to be introduced, which will process fingerprints and facial images with personal data in the background.
According to the German Ministry of the Interior, the implementation of the “interoperability” regulations is “highly complex overall”. However, the EU Commission is currently largely on schedule. This also applies to the “European Travel Information and Authorisation System” (ETIAS), which is also planned and via which all third-country nationals must give advance notice of their entry into the EU. Only the renewal of VIS and Eurodac could be delayed. This is due to the new regulations currently being discussed by the Council, the Commission and the Parliament. However, since the “interoperability” project requires the renewal of all existing systems, the Ministry of the Interior said that the delay “could not exclude interdependencies”.
Data from the USA
The SIS II now also contains information from third countries. For example, US authorities have sent data on so-called “foreign fighters”, who are now being transferred into the system. If these are nationals of EU Member States, they take care of the storage. For a storage of third-country nationals, a willing EU member state must be found.
In addition to the technical upgrade of SIS II, the political control for the information system is also being upgraded. SIS matters are currently being dealt with in a separate Council working party. This group “SIS/SIRENE” is now to be dissolved. According to the plans, it will be transferred to the existing “Working Party on Information Exchange and Data Protection” (DAPIX)”, from which, however, data protection will be removed and also dealt with in a separate, new group.