Title: CONCLUSIONS AND RECOMMENDATIONS

Profiling in forensic science is still inchoate as we can see from the examples, although there is much research in this area. As with searches in databases, one should be aware of false interpretations of hits. False hits can be caused by the size of the database, by the techniques used, and since databases are often not very ‘clean’. The persons that interpret the information from profiling should be very aware of the limitations of the methods. In the example of the camera surveillance, one should be aware that artefacts which are used for identification can also be changed. This should always be considered in forensic evidence, and should be included in the chain of evidence. 

New ID systems with strengths to detect what was impossible previously, but weaknesses when they provide false positives, still offer new opportunities for improving and consolidating security. Indeed, electronic traces are information among others that are valuable in the context of the criminal justice system and forensic science.  

In the light of new technological advances in the field of forensic profiling, i.e. the interconnectivity databases and risk profiling, the existing data protection instruments are not always effective anymore. As commissioner Frattini recalled “the protection of fundamental human rights such as privacy and data protection stands side-by-side public safety and security. This situation is not static. It changes, and both values are able to progress in step with technological advances. But it also means that there must be lines which cannot be crossed, to protect people’s privacy” . However, as pointed out by the European Data Protection Supervisor, the different instruments adopted at European level “have in common that they enable a global monitoring of movements of individuals, even if from different perspectives. The way in which they can already contribute to the fight against forms of crimes, including terrorism, should be subject to in-depth and comprehensive analysis.” 

In that sense, the European Parliament pointed out that “Governments and EU institutions have often responded to terrorist attacks by adopting laws that have not been sufficiently discussed and some times in violation of basic human rights such as right to privacy or to a fair trial. Members call for further scrutiny of intelligence operations and for more proportionate and evidence-based legislation in the future.” 

In fact, the different norms approved at European level remain insufficient as they do not deal with the fundamental issues at stake before the widespread use of criminal intelligence, the increased monitoring of the average citizen or the increased linkage of police databases. Such instruments, fruit of difficult political consensus, implement principles broadly formulated and containing important derogations to the general data protection principles. Significant issues such as how to ensure the transparency and accountability of law enforcement activities, the quality of the data processed, e.g. the differentiation between categories of data subjects, or a strict application of the purpose specification principle remain unanswered. Moreover the comments of the European Commission, the European Data Protection Supervisor and the European Parliament are often not taken into account. At the level of the Council of Europe, the principles formulated in the eighties remain broad and subject to interpretation by Member countries.  

Another complication is that the multitude of initiative creates a complex framework prone to legal loopholes and difficult to comprehend. The draft Framework decision on data protection in the third pillar has been limited to the exchange of personal data between law enforcement authorities and fails to provide the third pillar with a comprehensive and strong data protection framework. Furthermore, the European Data Protection Supervisor stressed that for certain aspects the current text of the proposal does not provide for the same level of protection as defined in Convention 108. This certainly seems to be the case with the provision on the further use of data received from a Member State (Articles 3 and 12) and the right of access (Article 17).”  

All these factors create legal uncertainty and should lead each Member State to face individually the challenges of ensuring that the new activities developed within the law enforcement field are subject to the principles of “scrutiny”, “accountability” and “transparency”, in a context of increased international activity and exchanges of criminal data. Each country will thus be called to make the specific balance between the competing interests at stake, in particular to prevent that the increasing use of personal data for risk prediction turns into stigmatisation of parts of the population.  

It is, however, too soon to evaluate how the European Commission will implement the required safeguards and balance the different needs at stake. It suffices to say that the proposal for a Framework Decision for data protection in the third pillar constitutes a first laboratory where the aforementioned safeguards will have to be implemented.