The European Commission is facing pushback from privacy advocates over proposed changes to the European Union’s Prüm data-sharing regulations. The original Prüm was passed in 2005, while a preliminary version of Prüm II was introduced last December.
As is often the case, facial recognition is the primary point of contention. The Prüm standard is geared toward law enforcement, and gives police departments in participating European countries the ability to share information to help solve crimes across international borders. However, the law is fairly limited in terms of scope, and currently only allows the police to share fingerprints, DNA records, and vehicle registration data.
Prüm II, on the other hand, would add facial images to the mix. The police would be able to swap photos of suspected criminals, and to use facial recognition to search for potential matches in databases in other countries. For privacy advocates, that represents an overly invasive expansion of police powers that could infringe on people’s civil liberties.
For its part, the Commission argues that Prüm II has several measures in place to prevent abuses of the platform. Most notably, the Commission has tabled separate legislation that would ban large-scale surveillance applications, and Prüm adheres to that insofar as it does not allow the police to perform real-time facial recognition in public settings. Facial recognition would instead be reserved for retrospective investigations, with the police using the tech to try to identify suspects pulled from CCTV cameras or other sources.
In that regard, the police would only be able to run those new images against their existing criminal databases, and not against the public at large. The size of those databases varies from country to country, with Hungary holding 30 million images while Germany holds 5.5 million.
According to the Commission, police would only be able to use facial recognition to identify people who are suspected of a crime. A match would also not be sufficient grounds for an arrest, and would need to be corroborated through a human review as part of an investigation.
Contrary to earlier reports, Prüm II explicitly states that the EU should not build a centralized image database, and that each country would still be responsible for their own data centers. Having said that, the Commission does want to make it easier for police departments to access information in other countries with a “central router” that simplifies the exchange procedure.
The European Data Protection Supervisor believes that the Commission needs to put better safeguards in place to make sure facial recognition is used in an ethical fashion. The Commission acknowledged the concerns, and indicated that it will take them into account in future discussions about the legislation. Prüm II could also give European police access to driver’s licenses issued in other countries.
April 8, 2022 – by Eric Weiss