Title: FORENSIC PROFILING THE OLD AND THE NEW WAY

Forensic profiling is a practice in the field of law enforcement which could be described as “the process of inferring a set of characteristics (typically behavioural) about an individual person or collective entity and then treating that person/entity (or other persons/entities) in the light of these characteristics” . This broad definition encompasses both the classical practice of ‘data matching’ and the more recent practice of ‘data mining’ or ‘risk profiling’. 

Data matching is the traditional retrospective way of offender profiling, linking individuals with personal identifying data , e.g., identifying a suspect by a fingerprint or determining the likelihood that two fingerprints were produced by the same individual. The profiling goal of data matching is “to help investigators examine evidence from crime scenes and victim and witness reports to develop an offender description. The description can include personality traits and behaviour patterns, as well as age, race or geographic location. Investigators might use profiling to narrow down a field of suspects or figure out how to interrogate a suspect already in custody” .

However, since it has become possible to interconnect databases the practice of data matching is not so “classical” anymore – raising an abundance of new questions on, e.g., the quality of the data processed, referring in particular to their accuracy and legitimacy, and how the purpose limitation principle applied to the information standing the different databases should be respected. In this respect it is good to keep in mind that “forensic information can be extracted from many electronic devices to be used in Court. However, in the examination process, it is important to consider the likely integrity of the data, i.e. how failsafe the retrieval system is, since this will undoubtedly have an impact on the identity of the real person involved as a suspect” . These issues surrounding the interconnection of databases (influencing both classical data matching as well as the new form of risk profiling described hereunder) will be discussed in more detail in section .

Apart from ‘data matching’ forensic profiling also encompasses the proactive practice of ‘data mining’ or ‘risk profiling’, i.e., finding patterns and correlations in large databases, inferring a certain algorithmic profile from these patterns and correlations and subsequently identifying people who fit these computer-generated profiles . A notable example resides in the surveillance of flight passengers where “the profile constitutes the basis for decisions on fly/no-fly, arrest, detain for questioning and so on” . In this way risk assessment techniques are used for the purpose of crime prevention. Thus, in the case of risk profiling, the problems in terms of data protection do not only reside in the interconnections of databases but also on how to protect individuals against arbitrary decisions, information asymmetry and abusive and overall surveillance. In order to prevent the negatives to overweight the positives, adequate safeguards should be installed. The specific dangers arising from risk profiling will be discussed in section . However, first we will turn our attention to the existing data protection instruments.