Legislative Observatory
European Parliament
Please fill in this field to find a procedure

European Criminal Records Information System (ECRIS)

2008/0101(CNS)

OPINION OF THE EUROPEAN DATA PROTECTION SUPERVISOR on the Proposal for a Council Decision on the establishment of the European Criminal Records Information System (ECRIS) in application of Article 11 of Framework Decision 2008/…/JHA.

On 27 May 2008, the aforementioned proposal was sent by the Commission to the EDPS for consultation, in accordance with Article 28(2) of Regulation (EC) No 45/2001.

The proposal aims to implement Article 11 of the Council framework decision on the organisation and content of the exchange of information extracted from criminal records between Member States, in order to build and develop a computerised information-exchange system between Member States. Moreover, it establishes the European Criminal Records Information System (ECRIS) and sets up the elements of a standardised format for the electronic exchange of information, as well as other general and technical implementation aspects in order to organise and facilitate the exchanges of information.

First of all, the EDPS recommends that reference to this consultation be made in the recitals of the proposal. It is also suggested that the present occasion be used to fully modulate the form of the Council Framework Decision on criminal records, which distinguishes obligatory information, optional information, additional information and any other information.

The EDPS supports the present proposal to establish ECRIS, provided that the observations made in this opinion are taken into account, which includes:

  • the responsibility of the Commission for the common communication infrastructure should be clarified in the text for reasons of legal certainty;
  • a provision should be added to the decision stating that Regulation (EC) No 45/2001 shall apply to the processing of personal data under the responsibility of the Commission;
  • in Article 6 (implementing measures) reference must be made to a high level of data protection as a precondition for all the implementing measures to be adopted;
  • a recital should emphasise the role of the data protection authorities in relation to the implementing measures and should also encourage the data protection authorities to cooperate;
  • implementing measures must be adopted ensuring the interoperability of the software;
  • the Commission and the Member States should be obliged - probably by a Comitology procedure - to develop or identify a software system that meets all the requirements;
  • it should be laid down in the text that the Commission will be responsible for the interconnection software.

The statistical elements to be collected should also be defined in further detail and duly take into account the need to ensure data protection supervision. Moreover, appropriate mechanisms of coordination between competent data protection authorities should be established, taking into account the supervisory competence of the EDPS with regard to the S-TESTA infrastructure. Lastly, in the recitals of the Council Decision it should be specified that the use of automatic translation should not extend to the transmission of information which has not been accurately pre-translated.