The European Data Protection Supervisor (EDPS) has called on the European Union to develop a more efficient system for exchanging information on the criminal records of non-EU citizens.

“There is a clear need to improve the ECRIS system to better facilitate the exchange of information on the criminal records of non-EU citizens, and we support the Commission’s efforts to do this,” said Giovanni Buttarelli, EDPS, with the publication of his Opinion on the Commission’s Proposal for a Regulation on the current European Criminal Records Information Service (ECRIS) and third-country nationals (TCN).

“At the same time, it is vital that our approach is consistent,” he added. “Firstly, this means ensuring that any difference and specificity in the treatment of the personal data of non-EU citizens and EU nationals is fully justified. Secondly, it means ensuring that the Regulation and the Directive fully respect the EU Charter of Fundamental Rights and the requirements for any lawful limitation of these rights.”

According to Buttarelli, the proposed regulation would establish a central database in which identity information, including fingerprints and facial images, would be stored. It would be hosted by eu-LISA, which currently hosts the majority of the EU’s large-scale IT databases in the area of freedom, security and justice.

The EDPS has also recommended the Commission complete a thorough impact assessment to determine whether a central database represents the least intrusive way of identifying which member states hold information on the criminal convictions of non-EU citizens.

And, since the data to be stored in ECRIS-TCN is very sensitive, the EDPS stressed it must only be processed if it is strictly necessary to do so. In cases where member states carry out a search for a purpose other than criminal proceedings, they should only be notified of a hit if the national law of the member state holding the relevant information permits this.