Data Protection Commissioner’s audit: Germany’s largest police database contains many illicit records

After ten years, the German Federal Data Protection Commissioner has again inspected the INPOL-Z file at the Federal Criminal Police. There are still considerable problems there; even administrative offenses can lead to storage. In some cases, the auditor waived a formal complaint because the police wanted to delete the data immediately.

For all German federal and state police authorities, the Federal Criminal Police Office (BKA) in Wiesbaden operates the central INPOL-Z information system. It consists of various files, including the Criminal File Index or Police Records (ED). Many millions of facial images and fingerprints of suspects and asylum seekers are stored there. This makes it the largest police database in the Federal Republic. Customs can also access it.

However, a lot of personal data is stored here illegally. The then Federal Commissioner for Data Protection and Freedom of Information (BfDI), Peter Schaar, had already pointed this out in 2011 after an audit visit to the BKA. Ten years later, his successor Ulrich Kelber has once again signed up for a „consultation and inspection visit“ in Wiesbaden to check whether the „recommendations“ made at the time have been implemented.

Storage without „prognosis decision“

The fact that many entries continue to be created unlawfully had already been presented by Kelber in his public activity report for 2021. However, details of this will only become apparent from the actual audit report, which the BfDI has now issued in response to a freedom of information request.

The depth of such a „consultation and inspection visit“ is limited because only a few entries can be randomly checked here. Before its most recent inspection, the BfDI asked for a complete INPOL extract on the first ten persons for each letter in the alphabet. This probably involved around 250 data records.

In these, the data protection commissioner found at least three cases in which the persons concerned were stored without the „prognosis decision“ required by law. This is necessary in order to weigh the available facts and document why it appears necessary to store the person in INPOL. Instead, according to Kelber, only „the copy of the mere wording of the law was entered in a free text field“.

Deletion promised „still on the spot“

The audit report does not document which police department made the erroneous storage. „By chance“ Kelber had also become aware of a case in which only the reference „Police Act BW“ (referring to the federal state Baden-Wuerttemberg) was entered as the reason for an identification service (ED) treatment.

In another case, the BKA itself had taken over records without giving a reason. Because the office promised deletion „still on the spot“, the BfDI promised to refrain from a complaint.

One of the BfDI’s recommendations is to „clarify the problem beyond these individual cases“ because it is „a fundamental problem in the BKA“. The authority had offered Kelber a „joint workshop“ on the subject.

„Deletion with transfer of ownership“

Responsibility for the data from ED handling in INPOL-Z lies with those state police authorities that store it in the system. The states must also verify compliance with deletion deadlines and justify any continued storage. According to Kelber, however, it can happen that data from another INPOL participant continues to be stored if the responsible federal state has already deleted it.

In the meantime, however, the BKA has changed the procedure. Biometric ED data would only be kept by another authority if the new owner’s own findings were available. For this, too, there must be a „prognosis decision“ documented in writing.

For this continued storage, the BKA has introduced the new functionality „deletion with transfer of ownership“. However, this is only possible if a state police authority agrees as the previous owner of the data. This transfer can be objected to by specifying a „reason for deletion“.

Procedure for „joint ownership“ of data

According to the BfDI, however, further details remained to be clarified regarding the mandatory deletion of data. For example, different data groups are „linked in different ways“ in INPOL. Accordingly, it can happen that data from ED treatments continue to be stored because another INPOL network participant has entered other information about the person. For this reason, the identification service data is to be given a separate „discard check date.“

The BKA claims to have already developed a procedure for this, which is „currently being coordinated“. Police authorities are also to be given the opportunity to mark their „co-ownership“ of ED data via an additional data field. It should help the various INPOL participants coordinate on record storage and deletion.

According to Kelber, however, there are „misapplications across participants“ in the process. The German state of Saxony-Anhalt, for example, has accidentally deleted 40,000 INPOL records because the new function was used incorrectly. The BKA now wants to counter such cases with regular meetings at the federal-state level.

Storage also for administrative offenses

In another section of the audit report, the BfDI criticizes the use of INPOL for administrative offenses as well. According to the report, however, police authorities are only allowed to store persons suspected of a criminal offense for the purpose of identification.

Nevertheless, Kelber found six cases in which persons concerned were registered for „practicing prostitution.“

Because neither the Administrative Offenses Act nor the BKA Act allow this, the BKA is now to follow up. As the agency responsible for compliance with INPOL regulations, the BfDI „urgently“ recommends excluding entries of administrative offenses from the information system by making technical changes.

Autor: Matthias Monroy

Knowledge worker, activist, editor of the German civil rights journal Bürgerrechte & Polizei/CILIP.