Forensic databases in Poland. Legal issues related to right to the protection of personal data and right to privacy
Сhanges in national law and policy in processing genetic and biometric data by law enforcements. Вevelopment of DNA and fingerprint databases in Poland and compared to other European countries. The protection of personal data and right to privacy.
Рубрика | Государство и право |
Вид | статья |
Язык | английский |
Дата добавления | 21.07.2022 |
Размер файла | 334,6 K |
Отправить свою хорошую работу в базу знаний просто. Используйте форму, расположенную ниже
Студенты, аспиранты, молодые ученые, использующие базу знаний в своей учебе и работе, будут вам очень благодарны.
Размещено на http://www.allbest.ru/
Department of Forensic Science, Faculty of Law and Administration
Jagiellonian University in Krakow
FORENSIC DATABASES IN POLAND. LEGAL ISSUES RELATED TO RIGHT TO THE PROTECTION OF PERSONAL DATA AND RIGHT TO PRIVACY
Dariusz Wilk
PhD (law), PhD (chemistry)
Assistant Professor
Annotation
Forensic databases are crucial resources in criminal justice systems, which allow for detection and identification of offenders. General Data Protection Regulation and Police Directive about processing of personal data were enacted in the European Union in 2016, which implied changes in national law and policy in processing genetic and biometric data by law enforcements. Therefore, current development of DNA and fingerprint databases in Poland were revealed and compared to other European countries. Changes in the law related to processing of genetic and biometric data were analysed. Issues related to the distinction between different categories of data subject and retention time of personal data were especially commented in the view of right to the protection of personal data and right to privacy.
Key words: DNA database, fingerprint database, personal data, genetic data, privacy. right privacy genetic biometric
Анотація
СУДОВІ БАЗИ ДАНИХ В ПОЛЬЩІ. ПРАВОВІ ПИТАННЯ, ЩО СТОСУЮТЬСЯ ПРАВА НА ЗАХИСТ ПЕРСОНАЛЬНИХ ДАНИХ І ПРАВА НА КОНФІДЕНЦІЙНІСТЬ
Д. Вілк
У статті аналізуються основні судові бази даних, які на даний момент існують в Польщі. Вказується, що розвиток баз даних стало особливо помітним за останні двадцять років завдяки впровадженню аналізу ДНК в судово- медичну експертизу і впровадженню сучасних інформаційних та комунікаційних технологій, які дозволяють здійснювати швидкий пошук даних і автоматичне співставлення зразків з різних джерел.
Дається характеристика баз даних судової експертизи, які необхідні правоохоронним органам у повсякденній практиці й, відповідно, створені в Польщі. Аналіз кількості осіб, включених в базу даних ДНК, показав, що вона все ще невелика, але обсяг бази даних збільшився вдвічі порівняно з 2015 роком. Бази даних відбитків пальців в Польщі відносно великі, але кількість звернень скоротилася в останні роки з-за обмеженого збору карток з відбитками пальців від підозрюваних. Це ясно показує, що продуктивність бази даних пов'язана з її розміром, а також з постійним завантаженням плям з місця злочину й довідкових профілів осіб, які дійсно могли бути пов'язані зі злочином.
У статті вказується, що бази даних судової експертизи є найважливішими ресурсами в системах кримінального правосуддя, які дозволяють виявляти та ідентифікувати злочинців. Загальний регламент щодо захисту даних і Директива поліції про обробку персональних даних були прийняті в Європейському Союзі в 2016 році, що має на увазі зміни в національному законодавстві та політиці в області обробки генетичних і біометричних даних правоохоронними органами. Таким чином, поточний розвиток баз даних ДНК і відбитків пальців в Польщі було виявлено і зіставлено з іншими європейськими країнами. Проаналізовано зміни в законі, пов'язані з обробкою генетичних і біометричних даних. Питання, пов'язані з розходженням між різними категоріями суб'єктів даних і терміном зберігання персональних даних, прокоментовані з точки зору права на захист персональних даних і права на недоторканність приватного життя.
Ключові слова: база даних ДНК, база даних відбитків пальців, особисті дані, генетичні дані, конфіденційність.
Аннотация
СУДЕБНЫЕ БАЗЫ ДАННЫХ В ПОЛЬШЕ. ПРАВОВЫЕ ВОПРОСЫ, КАСАЮЩИЕСЯ ПРАВА НА ЗАЩИТУ ПЕРСОНАЛЬНЫХ ДАННЫХ И ПРАВА НА КОНФИДЕНЦИАЛЬНОСТЬ
Д. Вилк
В статье анализируются основные судебные базы данных, которые на данный момент существуют в Польше. Указывается, что развитие баз данных стало особенно заметным за последние двадцать лет благодаря внедрению анализа ДНК в судебно-медицинскую экспертизу и внедрению современных информационных и коммуникационных технологий, которые позволяют осуществлять быстрый поиск данных и автоматическое сопоставление образцов из разных источников.
Дается характеристика баз данных судебной экспертизы, которые необходимы правоохранительным органам в повседневной практике и соответственно созданы в Польше. Анализ количества лиц, включенных в базу данных ДНК, показал, что она все еще небольшая, но объем базы данных увеличился вдвое по сравнению с 2015 годом. Базы данных отпечатков пальцев в Польше относительно велики, но количество обращений сократилось в последние годы из-за ограниченного сбора карточек с отпечатками пальцев от подозреваемых. Это ясно показывает, что производительность базы данных связана с ее размером, а также с постоянной загрузкой пятен с места преступления и справочных профилей лиц, которые действительно могли быть связаны с преступлением.
В статье указывается, что базы данных судебной экспертизы являются важнейшими ресурсами в системах уголовного правосудия, которые позволяют обнаруживать и идентифицировать преступников. Общий регламент по защите данных и Директива полиции об обработке персональных данных были приняты в Европейском Союзе в 2016 году, что подразумевает изменения в национальном законодательстве и политике в области обработки генетических и биометрических данных правоохранительными органами. Таким образом, текущее развитие баз данных ДНК и отпечатков пальцев в Польше было выявлено и сопоставлено с другими европейскими странами. Проанализированы изменения в законе, связанные с обработкой генетических и биометрических данных. Вопросы, связанные с различием между различными категориями субъектов данных и сроком хранения персональных данных, прокомментированы с точки зрения права на защиту персональных данных и права на неприкосновенность частной жизни.
Ключевые слова: база данных ДНК, база данных отпечатков пальцев, личные данные, генетические данные, конфиденциальность.
Formulation of the problem
Forensic databases are important investigative tools applied by contemporary law enforcement agencies within criminal justice systems [1]. The development of databases have been especially noticeable from twenty years due to introduction of DNA analysis in forensics and implementation of modern information and communication technologies (ICT), which allows for fast searching data and automated matching of samples from different sources.
Usually databases contain various data about offences, offenders and items or traces collected from crime scenes. They allow for typing and detecting perpetrators, identification of crime tools or items derived from the crime, establishing links between events, places or persons and forecasting the development of crime. Samples taken from unidentified persons or corpse enables establishing their identity. Moreover, samples collected from crime scene workers (“volunteers”) can be introduced to the database for elimination purposes [2].
Analysis of recent research and publications
Central and general forensic database in Poland is the National Crime Information Centre (in Polish: Krajowe Centrum Informacji Kryminalnych, KCIK), at which the following information about persons, activities or items are collected, processed and transmitted:
- criminal activities (date, place and type of committed crime, legal classification of the event, reference number of case, authority conducting the case);
- persons against whom criminal proceedings or operational activities are conducted;
- items used to commit a crime or lost in connection with the crime;
- entrepreneurs and other subjects, which could have been used (according to the reasonable suspicion) to commit the crime;
- bank accounts or securities numbers, which could have been used (according to the reasonable suspicion) to commit the crime or which could have been used to collect funds derived from the crime;
- other activities of authorities, which are crucial for operational activities or criminal proceedings.
Detailed data about offenders and crime events in Poland are stored in the National Police Information System (in Polish: Krajowy System Informacyjny Policji, KSIP). The system contains information about offenders and their modus operandi, wanted persons and missing persons, persons registered during actions of Police or persons with prohibitions or injunctions based on administrative decisions, drivers with penal points for traffic violations, unidentified persons or corpse, gun owners and lost weapons, criminal events, items connected with the crime. The system is integrated with other Police databases and is a source of personal data for fingerprint and DNA databases. More data about road accidents, vehicles and drivers are collected in the Road Accidents and Collisions Evidence System (in Polish: System Ewidencji Wypadkow i Kolizji, SEWIK). The administrator of aforementioned databases is Commander-in-Chief of Police.
Access to information about features of comparative or reference materials and evidences connected with crimes is crucial issue for proper forensic examinations. Therefore, databases related to specified type of traces or items have been successively developed for forensic experts and crime scene workers. For example, shells and bullets from crime scene, reference weapons and ammunition, lost weapons are gathered in databases used for identification of firearms. Some databases are also helpful in detection of vehicles, i.a. the European Collection of Automotive Paints (EUCAP) and the Vehicle Identification Number (VIN).
The purpose of the study
The main purpose of the study is to give analysis of the forensic databases in Poland and to reveal legal issues to right to the protection of personal data and right to privacy.
Presentation of the main material
DNA and fingerprint databases seem to be the most important databases for identification of perpetrators, because they contain personal data and samples directly came from offenders or other persons involved in crime events (victims, witnesses, residents etc.). Benefits in tackling crime and increasing public safety in developing big databases, even included every resident or visitor in the country (universal DNA registries), are not completely agreed with civil liberties [3]. Especially collecting of DNA samples and processing of genetic data are the most susceptible for abuses and risk of improperly use, because DNA contains information about appearance, personality, health and origin of the person and family. This allows for phenotyping of perpetrators, familial searching and criminal profiling. Such databases contain specific categories of personal data (genetic and biometric data). Processing of the personal data is strongly associated with fundamental rights - right to the protection of personal data and right to privacy [4] and other ethical and social issues [5].
Big changes was made in European law related to the protection of personal data in 2016. Two important acts for every citizen of European Union were introduced, i.a. General Data Protection Regulation [6] and so-called Police Directive about processing of personal data [7], which implied crucial changes in the national law. Simultaneously number of DNA profiles and fingerprints has increased in databases in the most of European countries. Overall information about development of DNA databases in selected European countries is presented in Table 1 [8-10]. The relative increase of number of reference profiles was about 15 % for most of the countries. Nevertheless, more pronounced expansion of DNA database was observed in some countries (Poland, Greece, Hungary, Norway, and Spain). This indicates that pressure for efficiency of law enforcements and policy related to developing forensic databases have not changed too much since 2016.
The aim of the paper is to reveal current situation in Poland in development of DNA and fingerprint databases. Changes in the law related to processing of genetic and biometric data are analysed. Issues related to the distinction between different categories of data subject and retention time of personal data are especially commented in the view of right to the protection of personal data and right of privacy.
Table 1
Comparison of development of DNA databases in selected European countries from 2016 to 2019 [8-10]
Country |
Total no. individuals (reference) included in the database |
Proportion of population included in the database |
||||
in 2016 |
in 2018 |
relative increas e |
in 2016 |
in 2018 |
||
Austria |
197 941 |
230 359 |
16% |
2,28% |
2,60% |
|
Czech Republic |
171 519 |
226 615 |
32% |
1,63% |
2,13% |
|
Denmark |
112 829 |
130 662 |
16% |
1,98% |
2,25% |
|
Estonia |
47 618 |
54 630 |
15% |
3,62% |
4,12% |
|
Finland |
157 303 |
180 591 |
15% |
2,87% |
3,27% |
|
France |
3 068 243 |
3 786 342 |
23% |
4,60% |
5,65% |
|
Germany |
849 907 |
871 416 |
3% |
1,03% |
1,05% |
|
Greece |
8 362 |
14 580 |
74% |
0,08% |
0,14% |
|
Hungary |
137 661 |
202 471 |
47% |
1,40% |
2,07% |
|
Norway |
66 076 |
95 525 |
45% |
1,27% |
1,79% |
|
Poland |
42 753 |
74 841 |
75% |
0,11% |
0,20% |
|
Slovakia |
51 826 |
68 584 |
32% |
0,96% |
1,26% |
|
Slovenia |
31 003 |
29 826 |
-4% |
1,50% |
1,43% |
|
Spain |
319 837 |
485 760 |
52% |
0,69% |
1,03% |
|
Sweden |
151 931 |
163 000 |
7% |
1,54% |
1,59% |
|
Switzerland |
176 758 |
181 769 |
3% |
2,12% |
2,13% |
|
UK (England and Wales) |
4 691 350 |
5 491 832 |
17% |
7,18% |
8,24% |
Source of data: for 2016 - ENFSI report [8], for 2018 - INTERPOL report [9], for UK - Home Office statistics [10]
The DNA database in Poland. Polish DNA database was officially founded in 23rd April 2007 due to introduction in the register of databases containing the personal data, which was operated by the General Inspector for Personal Data Protection [8]. Nevertheless, Police has already gained right to collecting, processing and using personal data, including genetic code data for detection and identification purposes in 19th October 2001 due to amendment of the Police Act of 6th April 1990 (article 20 item 2 point 1) [9].
As stated above, changes in the European law of the protection of personal data have coerced amendments in the national law. Presently, rules and conditions of processing and exchange of the personal and genetic data by the Police are specified in article 20 item 1a and articles 21a - 21e of the Police Act of 6th April 1990. The law have been entered into a force in 6th February 2019 in conjunction to alterations provided in Act of 14th December 2018 on the protection of personal data processed in connection with the prevention and combating of crime (Journal of Laws of 2018, item 125).
The Commander-in-Chief of the Police is administrator of the database. The database contains results from DNA analysis only from non-coding regions, personal data of different categories of data subject, which are presented in Table 2, and biological samples collected from persons (cheek swabs, blood, hair bulbs or secretions) or corpse (samples of tissues). The aim of the processing of personal and genetic data is carrying out detection and elimination activities.
It is worth to underline that regulations allow for acquiring biological samples (cheek swabs) from officers and employees of the Police, whose take official activities related to disclosing, securing or examining traces related to the suspicion of prohibited act (Article 20 item 1l of the Police Act of 6th
April 1990). The personal data and results from DNA analysis are implemented in the elimination database, which is crucial for removal contaminated samples by crime scene workers and laboratory stuff [2]. The processing of such data can be carried out only for detection and identification.
Table 2
Categories of data subjects processed in Polish DNA database and conditions for removal of the data
Category of data subject in the database |
Conditions for removal of data from the database |
||
A |
suspects, accused and convicted persons for offenses publicly prosecuted |
- after discontinuation of the proceedings due to following circumstances: - the act has not been committed or no sufficient grounds to suspect that it the act has been committed - the act does not possess the qualities of a prohibited act - for a person: - acquitted by a final court judgment - is 100 years old - deceased |
|
B |
juveniles whose acts which are prohibited as offenses publicly prosecuted |
||
C |
people with mental disorders posing a threat to the life, health or sexual freedom of other people (from the Act of 22nd November 2013 on proceedings against persons with mental disorders posing a threat to life, health or sexual freedom of others, Journal of Laws of 2013, item 2203) |
||
D |
foreigners suspected to terrorist activities (specified in Article 10 item 1 in Act of 10th June 2016 on anti-terrorist activities and on the amendments to other acts, Journal of Laws of 2016, item 904) |
||
E |
unidentified persons |
||
F |
traces of unidentified offenders |
- the prescribed statute of limitations for offence has been lapsed |
|
G |
unidentified corpse |
- after identification |
|
H |
missing persons |
- person has been found - place of stay of the person has been established - after 55 years from the day of |
|
I |
other persons: for identification of missing person or unidentified corpse |
||
with consent of the person |
commencement of processing in the database |
||
J |
officers and employees of the Police (whose perform official activities related to disclosing, securing or examining traces related to the suspicion of committed a prohibited act), for elimination purposes |
- loss of suitability of elimination - maximum after 5 years from date of termination of the business relationship / employment |
Totally 129 242 profiles were gathered in the DNA database at the end of 2020. Most of profiles (83%) came from suspects, accused or convicted persons for publicly prosecuted offenses. The second main source of profiles in the database is crime scene stains (13,5 %). Other profiles can be connected with relatives of missing persons (2,2 %), whose provide biological samples with their consent, unidentified corpse (1,1 %) and missing persons (0,4 %). The summary data about volume of the DNA database is presented in Figure 1.
Fig. 1 Number of profiles of individuals (reference) in the DNA database in 31st December 2020 (source of data: [13])
Initially the DNA database has been developed very slowly in Poland. After ten years from the establishing the database only 52 thousand of reference profiles were uploaded to the database, which corresponds to 0,14 % of population of Poland. Similarly only 7 thousand of profiles from crime scene stains were introduced to the database. Nevertheless, an increased expansion of the database are observed from 2016 (Figure 2). Presently almost 107 thousand of reference profiles are included in DNA database, which corresponds to 0,28 % of Polish population. In comparison to other European countries, especially United Kingdom, the DNA database in Poland is still very small (see calculations in Table 1).
Fig. 2 Changes in number of profiles in the DNA database from 2007 to 2020 (source of data: [13])
Low number of reference profiles is main reason of low performance of the DNA database in Poland (Fig. 3). Performance ratio, calculated as ratio between person-crime scene (stain) matches and number of persons included in the database, has reached very low values (0.01), despite an increased number of reference profiles from 2016 (Fig. 2). This suggests that biological traces are not efficiently selected from crime scenes or irrelevant profiles are being added to the database. It is worth to underline that maximise the number of reference profiles is not direct and one way to improve utility and efficiency of the database [1]. Other conditions are also important for greater performance of the DNA database, such as proper collecting of crime scene stains and uploading only reference profiles from persons, whose could be really connected to the crime.
Fingerprint databases in Poland. Fingerprint analysis is one of the oldest identification method, which have been developed within forensic science. Implementation of reliable and fast automatic systems of processing and comparing fingerprints allowed for increase utility of such traces in investigations. Automated Fingerprint Identification Systems (AFIS) provide the ability to digitally store and search fingerprint images to reveal person identity and compare fingerprints from individuals with fingerprints collected from unsolved crimes. It can be done even for very old unsolved cases. Nowadays, fingerprints connected with the personal data are also considered as primary biometric data for confirmation of identity for access to restricted areas, places, electronic systems or financial services.
AFIS was introduced in Polish forensic practice at the beginning of new millennium [14]. Presently is one of the daily-routine system utilized for detection and identification of offenders, missing persons, unidentified persons and corpse. The rules of fingerprint databases management are defined in articles 21h - 21n of the Police Act of 6th April 1990. Fingerprint databases are divided into two parts: Central Fingerprint Database (in Polish: Centralna Registratura Daktyloskopijna, CRD), at which selected personal data and tenprint cards and palm-print cards are collected;
- Automated Fingerprint Identification System (Automatyczny System Identyfikacji Daktyloskopijnej, AFIS), at which selected personal data are processed together with images of fingerprints of known persons, unidentified persons, missing persons or latent prints.
Fig. 3 Accumulated number of hits (matches) in the DNA database from 2007-2020 (source of data: [13])
Commander-in-Chief of Police is the administrator of the fingerprints databases. The databases contain personal and biometric data of different categories of data subject, which are listed in Table 3. Personal data and fingerprints should be removed from databases after obtaining „reliable information” and when specific conditions are fulfilled (Table 3). The aim of processing of the personal data and fingerprint images or cards is carrying out identification (for categories indicated as A-G in Table 3), detection (for categories indicated as A-D in Table 3) and elimination activities (only for category J from Table 3).
Fingerprint databases in Poland contain relatively large amount of biometric data. About 4 million tenprint cards, 357 thousand of palm-print cards, 101 thousand of fingerprints collected from crime scenes and about 13 thousand of palmprints from crime scenes were placed in Polish databases at 9th May 20і8 [15]. This means that about 10 % of population of Poland were included in the database.
Similarly, other European countries pose a big fingerprint databases. For example, United Kingdom fingermarks database (IDENT1) as at March 2018 held about 25 million fingerprint forms relating to above 8 million individuals (12% of the population) and about 2.25 million of unidentified crime scene marks [16].
Table 3
Categories of data subjects processed in fingerprint databases and conditions for removal of the data
Category of data subject in the database |
Conditions for removal of data from the database |
||
A |
suspects, accused and convicted persons for offenses publicly prosecuted |
- after discontinuation of the proceedings due to following circumstances: - the act has not been committed or no sufficient grounds to suspect that it the act has been committed - the act does not possess the qualities of a prohibited act - for a person: - acquitted by a final court judgment - 100 years old - deceased |
|
B |
juveniles whose acts which are prohibited as offenses publicly prosecuted |
||
C |
people with mental disorders posing a threat to the life, health or sexual freedom of other people (from the Act of 22nd November 2013 on proceedings against persons with mental disorders posing a threat to life, health or sexual freedom of others, Journal of Laws of 2013, item 2203) |
||
D |
wanted persons |
||
E |
foreigners suspected to terrorist activities (specified in Article 10 item 1 in Act of 10th June 2016 on anti-terrorist activities and on the amendments to other acts, Journal of Laws of 2016, item 904) |
||
F |
foreigners in specific circumstances |
- for a person: - with Polish citizenship - 100 years old - deceased |
|
G |
traces which are probably came from missing persons |
- person has been found - place of stay of the person has been established - after 55 years from the day of commencement of processing in the database |
|
H |
latent prints (traces of unidentified offenders) |
- the prescribed statute of limitations for offence has been lapsed |
|
I |
unidentified persons or corpse, persons whose want to hide their identity |
||
J |
officers and employees of the Police (whose perform official activities related to disclosing, securing or examining traces related to the suspicion of committed a prohibited act), for elimination purposes |
- loss of suitability of elimination - maximum after 5 years from date of termination of the business relationship / employment |
About 300 thousand of tenprint cards were uploaded to the database annually until 2006 (Figure 4). Nevertheless, article 20 of the Police Act, which was legal basis for processing data by the Police, was recognized by the Constitutional Tribunal as inconsistent with article 51 item 2 in connection with article 31 item 3 of the Constitution of Poland, because conditions of collection of information from suspects and type of information for processing were not specified properly [17]. The judgment forced changes in the law and article 20 item 2c was introduced to the Police Act. Thus, collection of the information, including the personal data of suspects, was prohibited if they were not useful for detection, identification, obtaining evidence in the conducted proceedings. This leaded to enormous reduction of annual submissions of reference fingerprints in 2008 and next years (Fig. 4), because law enforcements were allowed to collect tenprint cards from suspects only if latent prints were recovered during crime scene investigation in case related to the suspect.
Fig. 4 Number of annual submissions and deletions of reference fingerprint from 2004 to 2017 (source of data: [15])
The barrier in collecting tenprint cards from suspects was removed through implementation of Directive (EU) 2016/680 [7] by act of 14th December 2018 on the protection of personal data processed in connection with the prevention and combating of crime. Presently the collecting of information, including personal or biometric data, is prohibited if the data will be not useful for detection, identification or to obtain the evidence (in accordance with article 20 item 2c of the Police Act). It means that collecting of reference fingerprints is allowed if they potentially can be used for detection, identification or obtaining the evidence. The amendment should increase submissions of tenprint cards to the database from 2019.
Number of cold hits, defined as a match between known person of offender (tenprint card) and fingerprint recovered from crime scene, from 2002 to 2007 and from 2014 to 2017 in the Polish fingerprint databases are presented in Figure 5. About three thousands of matches are provided annually in last years. It is clearly visible that the number of cold hits were reduced about 2000 hits annually after 2007 (Fig. 5), which is connected with lower amount of tenprint cards submitted to the database (Fig. 4). It confirms that database's performance in terms of person-trace matches is not always linked directly to size of the database. Crucial issue is permanent updating the database by tenprint cards collected from suspects.
Fig. 5 Annual number of hits (matches) in fingerprint databases from 2002-2017 (source of data: [18])
Moreover, by comparing the performance with the proportion of the population included in databases it can be concluded that fingerprint database is less effective than the DNA database.
Legal and ethical constrains of the processing of genetic and biometric data.
The DNA is very suitable for identification of offenders, but also it is huge resource of information about appearance, personality, health and origin (ethnic and genealogy) of the person and his relatives. Risks with the expansion of DNA databases were highlighted some years ago, especially in scientific papers from US and UK [3-5, 19], due to fast and large increase in the number of reference profiles in the DNA database. The current progress in using familial searching and phenotyping as an investigative tool and development of medical databases or biometric databases of foreigners caused that the following issues are more pronounced:
- obtaining and retaining DNA profiles and samples from innocent persons without having their consent;
- selective sampling of the population, that is ethnic biases in the DNA database [20];
- violation of the privacy and stigmatisation of close relatives (i.a. parents, siblings, children) of person who is in the database through searching potential suspects by partial matches of DNA profiles (familial searching);
- the risk of using the DNA database contrary to its intended purpose by law enforcements, that is beyond the investigation and detection of crime and identification of perpetrators;
- the individual's lack of control over storage, processing and using information from DNA analysis, because there is a risk that the access will be transmitted to public officials other than law enforcement or even to private sector (e.g. medical or pharmaceutical companies, insurance companies, employers, scientific institutions);
- the personal data are easily shared which allows for integration of the DNA database with biometric systems or medical records; Such large-scale genetic database can be used for surveillance of citizens;
- function creep, that is gradually widening of purposes for which DNA profiles and samples were collected and processed due to the technological innovation; In future biological samples stored in the database can be a source of more detailed information about person and his behaviour, for example for searching patterns of criminal, violent or “antisocial” behaviour (behavioural genetics). The gathered information can be potentially used for imposing legal restrictions or more intense activities (for example for an introduction of a curator, police surveillance, eviction from the home or arrest) in relation to persons with “bad” genes, especially for preventing home abuse.
The processing of fingerprints in databases is not so doubtful, because they provide only information about a person identity. This assumption is only partly true, because some general correlations were revealed between structure of fingerprints (type of print and minutiae) and job, gender and some morphological features (height, structure of the body and colour of eye, hair and skin) [22, pp. 162181]. Additionally some regularities were observed for ancestry [22, pp. 271-280] and selected pathologies [23, 24]. Nevertheless, research on using fingerprints beyond identification of persons was performed before implementation of DNA analysis in forensics and presently such approach is not applied in the practice.
Taking into account the mentioned concerns with expansion of DNA database it can be stated that precise regulations about processing of the personal data and maintenance of the database are necessary to ensure the balance between benefits for criminal justice systems and rights of the society. The legislator should specify at least the following issues:
- public bodies authorized and responsible for processing of the data;
- type of collected and processed data (samples or only profiles);
- purposes of collecting and processing of the data;
- categories of subjects, whose the data can be processed;
- retention time of processing of the data.
The European Convention of Human Rights statutes in article 8 that everyone has the right to respect for his private and family life, his home and his correspondence. Some interferences in the right to privacy by a public authority can be exceptionally introduces in the law if they are necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.
More requirements for proper legislation about processing the personal and genetic data are given in Directive (EU) 2016/680 [7]. According to article 4 item 1 of the Directive the personal data should be:
a) processed lawfully and fairly;
b) collected for specified, explicit and legitimate purposes and not processed in a manner that is incompatible with those purposes;
c) adequate, relevant and not excessive in relation to the purposes for which they are processed;
d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which they are processed;
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
As stated above, the Directive was implemented in Poland through Act of 14th December 2018 on the protection of personal data processed in connection with the prevention and combating of crime. The Act altered provisions in the Police Act for collecting samples and processing the personal data in the DNA database and fingerprints databases. Generally provisions can be rated as mostly sufficient, especially in comparison to former legal state. The Commander-in-Chief of the Police is controller (administrator) of the DNA database and fingerprint databases (articles 21a and 21h of the Police Act). Police units, other forces and public authorities, which delivered the personal data to the database, are obliged to assess purpose of processing of the data and indicate if they should be deleted as redundant (article 21e and 21e of the Police Act). The assessment should be perform at least every ten years from taking, obtaining, collecting or updating the data. Type of personal data and samples (tenprint and palm-print cards, specified biological samples) were given in articles 21a and 21h of the Police Act. Similarly, the purposes of collecting and processing of the data in specified databases were stated (articles 21d and 21k of the Police Act).
The most debatable issues for preserving the right to privacy and the right to protection of personal data are categories of subjects and retention time of processing of the data. As summarized in Tables 2 and 3, categories of subjects whose the personal data and samples can be included and processed in the database were specified in article 21a item 2 and article 21h item 2 of the Police Act. The direction of the development of databases in Poland can be assessed properly, because provisions allow to establish the elimination databases and searching the missing person or identifying corpse through DNA profiles of other persons (with consent of the person).
Nevertheless, analysis of the provisions of retention time for some categories of subjects clearly shows that some of them are not agreed with the Directive (EU) 2016/680 [7]. It was stated in the Act that the personal data and samples will be processed for various of categories of subjects, i.a. for suspects, accused and convicted persons for offenses publicly prosecuted (Tables 2 and 3), until they are 100 years old. It should be underlined that similar retention times were specified for juveniles whose acts which were prohibited as offenses publicly prosecuted. This means that processing of the data for such persons will be permanent.
Another issue is a general provision for removing the personal data and fingerprints from databases. According to article 21l item 4 of the Police Act the data is removed after obtaining „reliable information”. However it is not specified in the law what kind of information should be assessed as “reliable” to stop processing of the data. Thus too much freedom was left for law enforcements in taking the decision about erasure the data.
Therefore, the retention time is not appropriately established in the view of article 5 of the Directive (EU) 2016/680 [7] and violated the right to privacy. There is no reason for collecting and processing biometric and genetic data for whole life of the person. It could be possibly justified exceptionally for perpetrators of violent crimes against life or health or sex offenders. For other perpetrators retention time should be strictly correlated with type of the offence and the personal data should be deleted from the database after expunction of the sentence.
Conclusions
Various forensic databases were established in Poland which are necessary for law enforcements in daily-routine practice. Analysis of number of individuals included in the DNA database showed that it is still small, but volume of the database has doubled from 2015. The fingerprint databases in Poland are relatively large, but number of cold hits were reduced in recent years due to limited collecting of tenprint cards from suspects. It clearly shows that the performance of database is connected with its size, but also with permanent uploading crime scene stains and reference profiles from persons, whose could be really connected to the crime.
General Data Protection Regulation and the Directive (EU) 2016/680 implied changes in national law and policy in processing the genetic and biometric data by law enforcements. Provisions in the Police Act can be generally assessed as suitable, especially in comparison to former legal state. Different categories of data subject and retention time of personal data were specified. Nevertheless, some regulations about retention time of the data are not agreed with the right to privacy and right to the protection of personal data, because processing of the data collected from several categories of subjects will be permanent.
Посилання
1. Santos F., Machado H., Silva S. Forensic DNA databases in European countries: is size linked to performance? Life Science, Society and Policy. 2013, vol. 9, article 12.
2. Lapointe M., Rogic A., Bourgoin S., Jolicoeur C., Seguin D. Leading-edge forensic DNA analyses and the necessity of including crime scene investigators, police officers and technicians in a DNA elimination database. Forensic Science International: Genetics. Elsevier, 2015, vol. 19, P. 50-55.
3. Wallace H. The UK National DNA Database: Balancing crime detection, human rights and privacy. EMBO Reports, European Molecular Biology Organization, 2006, vol. 7, P.26-30.
4. Roman-Santos C. Concerns associated with expanding DNA databases. Hastings Science & Technology Law Journal. University of California Hastings College of the Law, 2010, vol. 2, P. 267-299.
5. Levitt M. Forensic databases: benefits and ethical and social costs. British Medical Bulletin. Oxford University Press, 2007, vol. 83, P. 235-248.
6. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official Journal of the European Union from 4th May 2016, no. L119, P. 1-88.
7. Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA,
References
1. Santos, F., Machado, H., Silva, S. (2013). Forensic DNA databases in European countries: is size linked to performance? Life Science, Society and Policy. vol. 9, article 12. (in English).
2. Lapointe, M., Rogic, A., Bourgoin, S., Jolicoeur, C., Seguin, D. (2015). Leading- edge forensic DNA analyses and the necessity of including crime scene investigators, police officers and technicians in a DNA elimination database. Forensic Science International: Genetics. Elsevier, vol. 19, P. 50-55. (in English).
3. Wallace, H. (2006). The UK National DNA Database: Balancing crime detection, human rights and privacy. EMBO Reports, European Molecular Biology Organization, vol. 7, P.26-30. (in English).
4. Roman-Santos, C. (2010). Concerns associated with expanding DNA databases. Hastings Science & Technology Law Journal. University of California Hastings College of the Law, vol. 2, P. 267-299. (in English).
5. Levitt, M. (2007). Forensic databases: benefits and ethical and social costs. British Medical Bulletin. Oxford University Press, vol. 83, P. 235-248. (in English).
6. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official Journal of the European Union from 4th May 2016, no. L119, P. 1-88. (in English).
7. Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Official Journal of the European Union from 4th May 2016, no. L119, P. 89-131.
8. ENFSI DNA Working Group DNA database management. Review and recommendations, 2016. https://enfsi.eu/wp- content/uploads/2016/09/final_version_enfsi_ 2016_document_on_dna- database_management_0.pdf
9. Interpol. Global DNA Profiling Survey Results 2019, https://www.interpol.int/content/download/154 69/file/INTERPOL%20Global%20DNA%20Profiling%20Survey%20Results%202019.pdf
10. Home Office. National DNA Database statistics, 2020. https://www.gov.uk/govern- ment/statistics/national-dna-database- statistics
11. Jurga A., Mondzelewski J. Functioning of DNA Database in Poland. Issues in Forensic Sciences. Central Forensic Laboratory of the Polish Police, 2017, vol. 297 (3), P. 59-65.
12. Act of 27th July 2001 amending the Act on the Police, the Act on the Insurance Activity, the Banking Law Act, the Act on County SelfGovernment and the Act about regulations introducing the acts reforming public administration. Journal of Laws of 2001, No. 100, item 1084. (in Polish).
13. Central Forensic Laboratory of the Polish Police. Statistical data about the DNA database, 2021 https://clkp.policja.pl/clk/baza- danych-dna/dane-statystyczne (in Polish).
14. Krzeminska B. AFIS system in the Polish Police - yesterday, today, tomorrow. Issues of Forensic Sciences. Central Forensic Laboratory of the Polish Police, 2018, vol 300 (2), pp. 76-86.
15. Central Forensic Laboratory of the Polish Police. Statistical data about the AFIS database, 2021. https://clkp.policja.pl/clk/ zbiory-danych-d/dane-statystycz/163191, Liczba-kart-w-zbiorze-danych-Framework Decision 2008/977/JHA, Official Journal of the European Union from 4th May 2016, no. L119, P. 89-131. (in English).
16. ENFSI DNA Working Group (2016). DNA database management. Review and recommendations. Retrieved from: https://enfsi.eu/wp- content/uploads/2016/09/final_version_enfs i_2016_document_on_dna- database_management_0.pdf (in English).
17. Interpol (2019). Global DNA Profiling Survey Results 2019, Retrieved from:https://www.interpol.int/content/downlo ad/15469/file/INTERPOL%20Global%20DN A%20Profiling%20Survey%20Results%202 019.pdf (in English). Home Office (2020). National DNA Database statistics. Retrieved from:https://www.gov.uk/government/statisti cs/national-dna-database-statistics (in English).
18. Jurga, A., Mondzelewski, J. (2017). Functioning of DNA Database in Poland. Issues in Forensic Sciences. Central Forensic Laboratory of the Polish Police, vol. 297 (3), P. 59-65. (in English).
19. Act of 27th July 2001 amending the Act on the Police, the Act on the Insurance Activity, the Banking Law Act, the Act on County Self-Government and the Act about regulations introducing the acts reforming public administration. Journal of Laws of 2001, No. 100, item 1084. (in Polish).
20. Central Forensic Laboratory of the Polish Police (2021). Statistical data about the DNA database. Retrieved from: https://clkp.policja.pl/clk/baza-danych- dna/dane-statystyczne (in Polish).
21. Krzeminska, B. AFIS system in the Polish Police - yesterday, today, tomorrow (2018). Issues of Forensic Sciences. Central Forensic Laboratory of the Polish Police, vol 300 (2), P. 76-86. (in English).
22. Central Forensic Laboratory of the Polish Police. (2021). Statistical data about the AFIS database. Retrieved from: https://clkp.policja.pl/clk/zbiory-danych-d/ dane-statystycz/163191,Liczba-kart-w- daktyloskopijnych.html (in Polish).
23. National DNA Database Strategy Board. Biennial Report 2018-2020. https://assets.publishing.service.gov.uk/gover nment/uploads/system/uploads/attachment_d ata/file/913011/NDNAD_Strategy_Board_AR_2018-2020_Web_Accessible.pdf
24. Judgement of the Constitutional Tribunal of 12 December 2005, reference number K 32/04.
25. Central Forensic Laboratory of the Polish Police. Statistical data about hits in the AFIS database, 2021. https://clkp.policja.pl/clk/zbiory-danych- d/dane-statystycz/163193,Liczba-dopasowan- HIT.html
26. Human Genetics Commission. Nothing to hide, nothing to fear? Balancing individual rights and the public interest in the governance and use of the National DNA Database. 2009. http://www.statewatch.org/news/2009/nov/uk- dna-human-genetics-commission.pdf
Подобные документы
The principles of personal safety in the application of physical restraint. Improving the practice of physical restraint in the activities of the tax police to enhance personal safety. Legal protection of the tax police in applying physical effects.
курсовая работа [0 b], добавлен 08.10.2012The system of executive authorities. Legislation of Ukraine as sources of social protection. The mechanism and contents of social protection tax. Benefits as the main element of the special legal status of a person. Certain features of protection.
реферат [18,9 K], добавлен 30.09.2012The constitution, by the definition of K. Marx, the famous philosopher of the XIXth. Real purpose of the modern Constitution. Observance and protection of human rights and a citizen. Protection of political, and personal human rights in the society.
реферат [19,2 K], добавлен 10.02.2015Protection of band names as a product of development of a civilization and commodity economy. Concept of band names, the courts and judges in USA. Band Protection in China. Conditions of advancement of the international cooperation in the field of band.
реферат [24,2 K], добавлен 19.07.2010The concept of special tools and equipment. Implementation of technical means in the work of the Interior. Organizational-methodical and tactical basics of using technology in law enforcement agencies. Methods of the active defense, personal protection.
реферат [35,6 K], добавлен 08.10.2012Lack of protection and increased vulnerability. Refusal to grant asylum to citizens of the CIS countries and China. Abduction, deportation and extradition. Asylum seekers and refugees from Uzbekistan - a group at risk. Migration Policy in Kazakhstan.
реферат [17,2 K], добавлен 16.04.2014The steady legal connection of the person with the state, expressing in aggregate of legal rights and duties. The Maastricht Treaty of 1992. Establishment of the European Economic Community. Increase of the number of rights given to the citizens.
реферат [22,5 K], добавлен 13.02.2015Concept of development basic law. Protection of freedom through the implementation of the principle of subsidiarity. Analysis of the humanitarian aspects of the legal status of a person. Systematic review of articles of the constitution of Russia.
реферат [21,2 K], добавлен 14.02.2015General characteristics of the personal security of employees. Bases of fight against a corruption in the tax service of Ukraine. Personal safety of the tax police, concept, content, principles. Legislative regulation of non-state security activity.
реферат [24,7 K], добавлен 08.10.2012The role of constitutional justice in strengthening constitutional legality. Protection of the constitutional rights, freedoms, formation of the specialized institute of judicial power. The removal of contradictions and blanks in the federal legislation.
реферат [24,0 K], добавлен 14.02.2015