European criminal records - Automation of data exchange processes
If an EU law enforcement authority needs information on a wanted person from a database in a different country in the EU, they currently have to transmit data to identify the person (e.g. name, date and place of birth, gender) to see if there even are matching records. This is problematic for data protection reasons, especially if NO relevant data is found in the queried databases: even the request in connection with the sensitive personal data can, for example, lead to suspicion of the person. Therefore, the process of matching is currently associated with considerable administrative effort.
Therefore, the ADEP project (Automation of Data Exchange Processes) has developed a procedure for the pseudonymized identification of personal data between the information systems of EU member states. With this procedure, it can be queried whether data on suspicious persons are available within the EU without disclosing the sensitive data themselves (hit/no hit procedure). Only in the event of a hit in one of the requested information systems will further data be disclosed and, in a second step, compared according to peer-to-peer principles. On the basis of cryptographic procedures, the data of both the query and the target database are pseudonymized, so that only this pseudonymized data has to be exchanged for comparison. A retranslation into plain text is not possible. The innovation: The algorithm developed by Fraunhofer FOKUS is able to find names with a similar spelling as the one in the query, such as Thomas and Tomas, and can, therefore, also be used to identify duplicates in databases.
ADEP was developed as part of the pilot phase of the EU project EPRIS (European Criminal Records Identification System), which tests the networking of criminal files in the member states. The project is funded by the European Commission. The procedure is currently being tested in a pilot system with five EU member states and EUROPOL. The use of the ADEP system outside of police work is currently evaluated. Possible areas of use are the screening of suspicious passengers during flight and ferry operations as well as the transfer of personal data between fire departments and hospitals in local accident situations.