EPRIS-ADEP

European criminal records - Automation of data exchange processes

Data protection, binary code with European Union flag
© istock / BirgitKorber

To enable an EU authority to request information about a person from the databases and information systems of other EU countries, the data needed to identify the person (e.g. name, date and place of birth, gender) must be transmitted.

This is particularly problematic in the event that the requested authorities do NOT have any relevant data on this person for data protection reasons: the request in connection with the sensitive personal data can, for example, lead to the person being suspected. Therefore, the process of matching is currently associated with considerable administrative effort.

Privacy warning

With the click on the play button an external video from www.youtube.com is loaded and started. Your data is possible transferred and stored to third party. Do not start the video if you disagree. Find more about the youtube privacy statement under the following link: https://policies.google.com/privacy

Procedure for the pseudonymized identification of personal data between the information systems of EU Member States

The EPRIS-ADEP project (European Police Records Index System in the context of the EU strategy for the automation of data exchange processes) has therefore developed a procedure for the pseudonymized identification of personal data between the information systems of EU member states. This can be used to query whether data on suspects is available within the EU without disclosing the sensitive data itself (hit/no-hit procedure). Only if there is a match (hit) in one of the requested information systems of the EU member states will further data be disclosed and compared in a second step according to peer-to-peer principles. On the basis of cryptographic methods, the data of both the request and the target database are pseudonymized so that only these pseudonymized data need to be exchanged for a mutual comparison, but a retranslation into plain text is not possible. What is special about this is that the algorithm developed by Fraunhofer FOKUS for this purpose also finds similarly spelled names, such as Thomas and Tomas, and can therefore also be used to identify duplicates in databases.

The EPRIS-ADEP project is funded by the European Commission and is anchored in the Regulation of the European Parliament and of the Council on automated data exchange for police cooperation (Prüm II). Europol provides the software components developed by Fraunhofer FOKUS to the member states; productive use is planned for 2027. EPRIS is currently being implemented together with Europol and eleven EU member states as part of the implementation of the Prüm II Regulation. In addition, other EU member states have expressed interest in participating in the future. Other possible applications outside of police criminal prosecution that are currently being evaluated include, for example, the screening of suspicious passengers in air and ferry travel, but also the transmission of personal data between the fire department and hospitals in the event of local emergencies or the checking of multiple registrations in different domain

Research on pseudonymization and privacy by design began at Fraunhofer FOKUS in 2014 as part of the “Vernetzte Sicherheit” (networked security) project in cooperation with the Federal Ministry of the Interior (BMI). The developed code is available on request under the Creative Commons Attribution-NonCommercial 4.0 International License.