This document is an excerpt from the EUR-Lex website
Document 52008XX0410(01)
Opinion of the European Data Protection Supervisor on the Initiative of the Federal Republic of Germany, with a view to adopting a Council Decision on the implementation of Decision 2007/…/JHA on the stepping up of cross-border cooperation, particularly in combating terrorism and cross-border crime
Opinion of the European Data Protection Supervisor on the Initiative of the Federal Republic of Germany, with a view to adopting a Council Decision on the implementation of Decision 2007/…/JHA on the stepping up of cross-border cooperation, particularly in combating terrorism and cross-border crime
Opinion of the European Data Protection Supervisor on the Initiative of the Federal Republic of Germany, with a view to adopting a Council Decision on the implementation of Decision 2007/…/JHA on the stepping up of cross-border cooperation, particularly in combating terrorism and cross-border crime
SL C 89, 10.4.2008, p. 1–7
(BG, ES, CS, DA, DE, ET, EL, EN, FR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)
10.4.2008 |
EN |
Official Journal of the European Union |
C 89/1 |
Opinion of the European Data Protection Supervisor on the Initiative of the Federal Republic of Germany, with a view to adopting a Council Decision on the implementation of Decision 2007/…/JHA on the stepping up of cross-border cooperation, particularly in combating terrorism and cross-border crime
(2008/C 89/01)
THE EUROPEAN DATA PROTECTION SUPERVISOR,
Having regard to the Treaty establishing the European Community, and in particular its Article 286,
Having regard to the Charter of Fundamental Rights of the European Union, and in particular its Article 8,
Having regard to Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data,
Having regard to Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data, and in particular its Article 41,
HAS ADOPTED THE FOLLOWING OPINION:
I. INTRODUCTION
1. |
On 9 November 2007, the Official Journal published the Federal Republic of Germany's initiative for a Council Decision on the implementation of Decision 2007/…/JHA on the stepping up of cross-border cooperation, particularly in combating terrorism and cross-border crime (1) (‘the initiative’). This initiative is supplemented by an Annex of 18 October 2007 containing further details concerning the implementation of Decision 2007/…/JHA (‘the Annex’) (2). |
2. |
The EDPS was not asked for advice on this initiative for an implementing decision. Therefore he issues this opinion on his own initiative, in the same way as his opinion on the initiative for a Council Decision was issued, on 4 April 2007 (3). |
3. |
Although there is no legal obligation for a Member State that takes the initiative for a legislative measure under Title VI of the EU Treaty to ask the EDPS for advice, the procedure does not preclude the request for such an advice either. Moreover, in his Opinion of 4 April 2007, the EDPS recommended adding the following sentence to Article 34 of that Council Decision: ‘The Council shall consult the EDPS on such an implementing measure’. Unfortunately, this recommendation has not been followed, despite the logic behind it: implementing measures will in this case most often affect the processing of personal data. The present initiative by the Federal Republic of Germany is a clear illustration of this logic. |
4. |
The EDPS does not draw any substantive conclusion from this result. It fits within the approach chosen by the Council to modify the initiative as little as possible, in order to ensure full compatibility with the text of the Treaty of Prüm which had been signed previously by a number of Member States. The EDPS will discuss the democratic impact of this approach further on in this opinion. |
II. CONTEXT AND LEGAL FRAMEWORK
5. |
The Treaty of Prüm was signed in May 2005 by seven Member States, outside of the framework of the EU Treaty. Subsequently, other Member States have acceded to the Treaty. |
6. |
The Treaty of Prüm is complemented by an implementing agreement, based on Article 44 of that Treaty and concluded on 5 December 2006. This implementing agreement is necessary for the functioning of the Prüm Treaty. |
7. |
The main elements of the Prüm Treaty will be included in the legal framework of the European Union, after the adoption of Council Decision 2007/…/JHA on the initiative of 15 Member States (‘the Prüm initiative’), on which a political agreement in the Council has already been reached. This inclusion was right from the start the intention of the Contracting Parties to the EU Treaty, as confirmed by the preamble of the Prüm Treaty. |
8. |
The intention during the legislative procedure leading to the adoption of the Council decision was not to discuss major issues any more, but to reach agreement on the acquis of the Prüm Treaty. This intention was all the more important since — pending this legislative procedure — the ratification process of the Treaty continued in a number of Member States and the Treaty entered into force. |
III. OBJECT AND FOCUS OF THIS OPINION
9. |
This opinion will focus on the draft Council decision on the implementing rules. The points made in the previous EDPS opinion on the Council decision on the Prüm initiative are still valid and will not be repeated, unless this is necessary to highlight those issues that the legislator could still address through the implementing rules. |
10. |
In this context, it is important to stress that the implementing rules vest a specific importance, because, besides some administrative and technical provisions, they define crucial aspects and tools of the system and of its functioning. For example, Chapter 1 of the implementing rules lays down the definitions of the terms used in the Council decision on Prüm. Furthermore, the implementing rules establish common provisions for data exchange (Chapter 2), and then define the specific characteristics of the exchange of DNA (Chapter 3), dactyloscopic (Chapter 4) and vehicle registration data (Chapter 5). The final provisions of Chapter 6 contain important provisions on the adoption of further implementing rules in manuals as well as on the evaluation of the application of the decision. |
11. |
Furthermore, the Annex will be considered insofar as it contributes, or should contribute, to defining the features of the proposed system and the guarantees for the data subjects. |
IV. GENERAL POINTS
Limited margin of manoeuvre
12. |
The EDPS notes that also in this case the pre-existence of implementing rules already in force for the Prüm Convention seems to strongly reduce the real margin of manoeuvre left to the Council. Indeed, Recital 3 and Article 18 of the initiative state that both the implementing decision and the manuals shall be based on the implementing provisions agreed on 5 December 2006 concerning the administrative and technical implementation of the Prüm Treaty. Therefore, according to the present initiative, the 27 Member States will have to follow the path already defined by the 7 Member States that signed the Prüm Treaty. |
13. |
This approach obstructs the development of a really transparent and democratic legislative process, since it considerably reduces the possibility of having a broad debate and of effectively taking into account the legislative role of the European Parliament and the advisory role of other institutions, such as the EDPS. The EDPS recommends that the initiative and its Annex are openly discussed by effectively profiting from the contributions of all institutional actors, also in consideration of the role of full co-legislator that the European Parliament will enjoy in this area once the Reform Treaty — signed in Lisbon on 13 December — enters into force. |
Data protection legal framework and relations with the Draft framework decision on data protection in third pillar
14. |
The applicable legal framework on data protection is complex and fluctuant. Indeed, Chapter 6 of the Prüm initiative lays down some guarantees and specific rules with regard to data protection. However, these specific rules are not stand-alone and need to base themselves for their proper functioning on a full-fledged and general framework for the protection of personal data processed by police and judicial authorities. Currently, Article 25 of the Prüm initiative refers to Convention 108 of the Council of Europe. However, the EDPS has repeatedly stressed the need to further specify the principles contained in Convention 108, thus ensuring a level of data protection which is high, harmonized, and therefore appropriate to guarantee both citizens rights and law enforcement effectiveness in an area of Freedom, Security and Justice (4). |
15. |
In this perspective, the Commission proposed already in October 2005 a general instrument, the draft Council Framework Decision on the protection of personal data processed in the framework of police and judicial co-operation in criminal matters (‘the draft framework decision on data protection in third pillar’). This proposal has not been adopted yet by the Council and is thus still subject to discussion and possible amendments, let alone further delay in adoption and implementation. However, it is clear by now that this Framework Decision, as it currently stands, would only be applicable to personal data exchanged with other Member States and not to the domestic processing of those data (5). |
16. |
Furthermore, the current text of the draft framework decision on data protection in third pillar, in spite of its objective of ensuring a high level of data protection, provides only minimal harmonization and guarantees. This means that some instruments, such as the current initiative, which could have benefited from a comprehensive general framework on data protection, are now called to deal with the lacunae left by the draft framework decision on data protection in third pillar. |
17. |
Therefore, the EDPS on the one hand reiterates that the Council decisions on Prüm should not enter into force before Member States have implemented a general framework decision on data protection in the third pillar. This condition should be specifically laid down in the initiative, and subject to appropriate prior verification of the proper functioning of the data protection guarantees within the data exchange system. In this context, it is also essential to guarantee that relations between legal instruments are clarified with a view to ensuring that the framework decision on data protection in third pillar acts as ‘lex generalis’ while allowing the applicability of further specific guarantees and tailored stricter standards laid down by the Prüm initiative (6). |
18. |
On the other hand, the legislator should clarify that the specific data protection rules relating to DNA, fingerprints and vehicle registration data in Chapter 6 of the Prüm initiative, are applicable not only to the exchange of these data, but also to their collection, storing and domestic processing, as well as to the supply of further personal data within the scope of the Council decision. This clarification would be in line with Article 24(2) of the Prüm initiative, as well as a logical consequence of the obligation for Member States to collect, store and share the abovementioned kinds of data. |
19. |
This is even more important when considering that the scope of the draft framework decision on data protection in third pillar will probably not apply to domestic processing of personal data. The Council took this decision but at the same time specified that this choice does not limit the ability of the legal basis to cover this kind of processing operations. Against this background, since the current package of initiatives — comprising the Prüm initiative and the implementing rules — imposes the obligation to create and maintain certain databases, such as the DNA database, it should also contain guarantees concerning the processing operations — notably, the collection and storage of DNA profiles — stemming from the collection and the storage. Otherwise, if their application were to be limited to exchanged data, these legal instruments would not contain the appropriate provisions on the protection of personal data to which any action based on Article 30(1)(b) of the EU Treaty should be subject. |
20. |
The EDPS calls on the legislator to ensure, pursuant to Article 30(1)(b) of the EU Treaty, that a clear, effective and comprehensive legal framework with regard to data protection — combining different legal instruments with general provisions and specific guarantees — is in place before the current initiative enters into force. |
21. |
In this opinion, the EDPS will therefore make reference, where relevant, to those issues that have not been (completely) addressed by the draft framework decision on data protection in third pillar and should therefore be considered in the implementation of the system laid down by the current initiative. |
Transparency of decision making process and of implementing rules
22. |
The EDPS stresses that transparency is an essential element both in the decision-making process and in the implementation of the rules. Transparency therefore should allow on one hand a full and effective participation of all the relevant institutional actors involved and on the other hand should favour public debate and adequate information of the citizens. |
23. |
Unfortunately, in this case a series of circumstances affect transparency: there is no explanatory memorandum explaining the reasons behind the proposed measures, their effectiveness and the possible policy alternatives; the text of the Annex is still incomplete — for example, it has not yet been published in the Official Journal, is not translated in all official languages, references to articles and terminology are often inaccurate and declarations of Member States on the content of DNA databases are not available; the initiative itself does not lay down obligations or mechanisms to adequately inform citizens about the measures taken and amendments to those measures. |
24. |
Therefore, the EDPS recommends enhancing the transparency of the measures, by providing a definitive version of the Annex as soon as possible and by establishing mechanisms to inform citizens about the features of the systems, their rights and how to exercise them. The latter information campaigns should be explicitly laid down in the initiative or its Annex. |
Scale of the system
25. |
The current initiative closely mirrors the implementing rules established under the Prüm Treaty. However, as already noticed in the opinion on the Council Prüm initiative (§ 33-35), mechanisms that are designed for information exchange between a few Member States are not necessarily appropriate — and may therefore have to be adapted — when they are to be applied to a much larger scale system, such as an information exchange between 27 Member States. |
26. |
Indeed, small scale favours close contacts between Member States involved, both with regard to law enforcement and with regard to monitoring the risks for the protection of personal data of the persons concerned. This is not the case in a larger system, in which national practices and legal regimes broadly differ as to the collection, storage and processing of data, especially with regard to DNA profiles and fingerprints. Furthermore, the use of different languages and of different legal concepts may affect the accuracy in the exchanges of data between countries with different legal traditions. Therefore, the EDPS invites the legislator to properly take into account the scale of the system when further discussing the current initiative, by ensuring that the increase in the number of participating Member States does not entail a decrease in effectiveness. In particular specific formats for communication of data, also taking into account the language differences, should be established in the implementing rules, and the accuracy of the data exchanges should be constantly monitored. |
The involvement of data protection authorities
27. |
The initiative should recognize the important role to be played by the independent supervisory authorities in the context of large scale trans-border data exchanges, and should put them in a position to effectively carry out their tasks. |
28. |
First of all, the current legal framework does not provide for any consultation or involvement of the competent supervisory authorities about amendments to the implementing rules and their Annexes (Article 18 of the initiative), about the implementation of the data protection rules by the Member States (Article 20), or about the evaluation of data exchange (Article 21). It is, for example, particularly unfortunate that Chapter IV of the Annex, which lays down in detail the rules for assessing the implementation, does not mention at all the competent data protection authorities. The EDPS recommends that the essential advisory role played by these authorities be explicitly recognized by the abovementioned Articles. |
29. |
Secondly, the initiative should ensure that Member States provide data protection authorities with the (additional) resources necessary to carry out the supervisory tasks stemming from the implementation of the proposed system. |
30. |
Thirdly, the initiative should provide that competent data protection authorities regularly meet at EU level with a view to coordinate their activities and harmonize the application of these instruments. This opportunity should be expressly laid down by the initiative, to the extent that the Framework Decision on data protection in the third pillar does not establish a more general forum of data protection authorities at EU level. |
V. SPECIFIC ISSUES
Definitions
31. |
Article 2 of the initiative lays down a series of definitions, which in part mirror those contained in the Council decision. First of all, it should be underlined that the definitions contained in Article 2 of the initiative do not correspond exactly to the definitions laid down by the Council decision, in particular by its Article 24. The legislator should align the formulations of the two texts in order to prevent implementation problems. |
32. |
Secondly, the EDPS, already in his opinion on the Prüm initiative, regretted the lack of a clear definition of personal data (§ 41-43). This lack is even more regrettable in the implementing rules, which are proposed when it is already clear that the draft framework decision on data protection in third pillar will not be applicable to domestic collection and processing of personal data, and in particular of DNA profiles. The EDPS therefore calls upon the legislator once more to introduce a clear and inclusive definition of personal data. |
33. |
In this perspective, the implementing provisions should also clarify the applicability of data protection rules to unidentified DNA profiles — which have not yet been attributed to an identified person. Indeed, these data are collected, exchanged, cross-matched with a view to attribute them to the persons to which they belong. Therefore, since the objective of the system is to identify these persons and these data are in principle bound to be only temporarily ‘unidentified’, they should as well be covered by most, if not all provisions and guarantees applicable to personal data (7). |
34. |
Also with regard to the definition of the ‘non-coding part of DNA’ (Article 2(e)), the EDPS recalls once again (8) that the capacity of some chromosome regions to provide for sensitive hereditary characteristics of an organism can improve with the developments of science. Therefore, the definition of ‘non-coding part’ should be dynamic, by including an obligation to no longer use those DNA markers which, due to science developments, may provide information on specific hereditary characteristics (9). |
Accuracy in automated searches and comparisons
35. |
Article 8 of the initiative regulates automated search and comparison of DNA profiles, by establishing that automated notification of a match ‘shall only be provided if the automated search or comparison has resulted in a match of a minimum number of loci’. This minimum is set out in Chapter I of the Annex: each Member State shall ensure that DNA profiles made available contain at least 6 out of the 7 EU ‘standard’loci (§ 1.1 of Chapter I of Annex); the comparison will take place between the values of the compared loci commonly contained in the requesting and requested DNA-profiles (§ 1.2); there will be a match if all values of compared loci are the same (‘full match’) or if only one value is different (‘near match’) (§ 1.2); both full matches and near matches will be reported (§ 1.3). |
36. |
With regard to this mechanism, the EDPS notes that accuracy of the match is an essential condition. The higher is the number of loci that match, the less likely it is that there is a false match between DNA profiles that have been compared. In the current European Union context, the existence and the structure of DNA databases vary from country to country. Different numbers and different sets of loci are used in different countries. The Annex sets the minimum number of loci for a match at 6, without providing information about the envisaged error rate for this system. With regard to this issue, the EDPS notes that in many countries a higher number of loci is used with a view to increase the accuracy of the matches and reduce the false matches (10). Therefore, in order to properly assess the degree of accuracy of the envisaged system, it would be essential that information be provided about the envisaged error rate for each number of loci compared. |
37. |
This also means that the minimum number of loci is an essential element and it should therefore be established in the text of the current initiative rather than in the Annex (which, pursuant to Article 18 of the initiative, can be modified by the Council acting on qualified majority and without consulting the Parliament), in order to avoid that a decrease in the number of loci may affect the accuracy. The possibility of errors and false matches should be duly taken into account, by providing that near matches are explicitly reported as such (and therefore receiving authorities are aware that this match is not as reliable as a full match). |
38. |
Furthermore, the initiative itself recognizes the possibility that searches and comparisons generate multiple matches, as explicitly laid down by Article 8 of the initiative with regard to DNA profiles and by Chapter 3 (point 1.2) of the Annex with regard to vehicles. In all these cases, further checks and verifications should take place in order to determine which are the reasons for a multiple match and which of these matches is accurate, before carrying out further exchange of personal data based on that match. |
39. |
In the same perspective, the EDPS recommends that awareness is raised, in particular among law enforcement operators dealing with DNA comparisons and searches, about the fact that DNA profiles are not unique identifiers: even full matches in a certain number of loci do not exclude the possibility of false matches, i.e. the possibility that a person is wrongly linked to a DNA profile. Indeed, DNA-profiles comparisons and searches are subject to possible errors at different stages: the scarce quality of the DNA samples at the moment of collection, possible technical errors in the DNA analysis, input errors, or just because a chance match occurs in the specific loci considered in the comparison. With regard to the last point, the error rate is likely to be higher when the number of loci diminishes and when the database expands. |
40. |
A similar reasoning can be applied with regard to the accuracy of fingerprints matching. Article 12 of the initiative establishes that the digitalisation and transmission of dactyloscopic data will be carried out in accordance with a uniform data format specified in Chapter II of the Annex. Furthermore, Member States shall ensure that dactyloscopic data are of sufficient quality for comparison by the automated fingerprint identification system (AFIS). Chapter II of the Annex provides some details on the format to be used. Against this background, the EDPS notes that, with a view to ensure accuracy of the matching process, the initiative and its Annex should harmonize as much as possible the different AFIS systems in use in the Member States and the way these systems are used, in particular with regard to the false rejection rate. According to the EDPS, this information should be included in the Manual established pursuant to Article 18(2) of the initiative. |
41. |
Another crucial element is that DNA (and fingerprints) databases should be precisely circumscribed, since they can contain, depending on the Member States, DNA profiles or fingerprints of different kinds of data subjects (criminals, suspects, other people present on the crime scene, etc.). In spite of these differences, the current initiative does not circumscribe the kinds of databases that will be used by each Member States, and declarations to this effect are not yet included in the Annex. Therefore, matches can occur between DNA and fingerprint data relating to non homogeneous, and often non relevant, categories of data subjects. |
42. |
According to the EDPS, the initiative should specify which kinds of data subjects will be involved in the exchanges of data and how their different status will be communicated to other Member States in the context of a comparison or search. For example, the initiative could establish an obligation to provide in the matching report information about which kind of data subject the DNA data or fingerprints have been matched with, to the extent this information is available to the requested authorities. |
The evaluation of the data exchange
43. |
The evaluation of the data exchange, pursuant to Article 21 of the initiative and Chapter 4 of the Annex, is welcome. However, these provisions focus merely on administrative, technical and financial implementation of automated data exchanges without even mentioning the evaluation of the implementation of the data protection rules. |
44. |
Therefore, the EDPS suggests that specific emphasis be given to the evaluation of data protection aspects of data exchanges, with specific attention to purposes for which data have been exchanged, methods of information of data subjects, accuracy of exchanged data and false matches, requests of access to personal data, length of storage periods and effectiveness of security measures. In this context, relevant data protection authorities and experts should be duly involved, for example by providing that data protection experts take part in the evaluation visits established by Chapter 4 of the Annex and that relevant data protection authorities receive the evaluation report referred to in Article 20 of the initiative and in Chapter 4 of the Annex. |
Communications network and technical aspects of the system
45. |
Article 4 of the initiative establishes that all the electronic exchanges of data will take place using the ‘TESTA II’ communications network. In this context, the Annex mentions at page 76, point 54, that ‘The system is compliant with data protection issues as stated in Regulation (EC) No 45/2001 (Articles 21, 22 and 23) and Directive 95/46/EC’. The EDPS recommends that this information be clarified, also with regard to the role that Community institutions will play in the system. In this context, both the supervisory and the advisory roles of the EDPS stemming from Regulation (EC) No 45/2001 should be fully taken into account. |
46. |
Furthermore, once the Annex is finalized and contains all the details and the declarations clarifying the features of the systems, the EDPS will consider whether to provide further advice on the more technical aspects of the system. |
VI. CONCLUSIONS
— |
The EDPS recommends that the initiative and its Annex are openly discussed by effectively profiting from the contributions of all institutional actors, also in consideration of the role of full co-legislator that the European Parliament will enjoy in this area once the Reform Treaty — signed in Lisbon on 13 December — enters into force. |
— |
The EDPS calls on the legislator to ensure, pursuant to Article 30(1)(b) of the EU Treaty, that a clear, effective and comprehensive legal framework with regard to data protection — combining different legal instruments with general provisions and specific guarantees — is in place before the current initiative enters into force.
|
— |
The EDPS recommends enhancing the transparency of the measures, by providing a definitive version of the Annex as soon as possible and by establishing mechanisms to inform citizens about the features of the systems, their rights and how to exercise them. |
— |
The EDPS invites the legislator to properly take into account the scale of the system when further discussing the current initiative, by ensuring that the increase in the number of participating Member States does not entail a decrease in effectiveness. In particular specific formats for communication of data, also taking into account the language differences, should be established in the implementing rules, and the accuracy of the data exchanges should be constantly monitored. |
— |
The EDPS recommends that the essential advisory role played by relevant data protection authorities be explicitly recognized by the Articles about amendments to the implementing rules and their Annexes (Article 18), about the implementation of the data protection rules by the Member States (Article 20), and about the evaluation of data exchange (Article 21). Furthermore, the initiative should ensure that Member States provide data protection authorities with the (additional) resources necessary to carry out the supervisory tasks stemming from the implementation of the proposed system and that competent data protection authorities regularly meet at EU level with a view to coordinate their activities and harmonize the application of these instruments. |
— |
The EDPS therefore calls upon the legislator once more to introduce a clear and inclusive definition of personal data. In this perspective, the implementing provisions should also clarify the applicability of data protection rules to unidentified DNA profiles — which have not yet been attributed to an identified person. The EDPS also recalls once again that the definition of ‘non-coding part’ should be dynamic, by including an obligation to no longer use those DNA markers which, due to science developments, may provide information on specific hereditary characteristics |
— |
The EDPS recommends that, in the context of automated searches and comparisons, accuracy of the matching process is duly taken into account.
|
— |
The EDPS suggests that specific emphasis be given to the evaluation of data protection aspects of data exchanges, with specific attention to purposes for which data have been exchanged, methods of information of data subjects, accuracy of exchanged data and false matches, requests of access to personal data, length of storage periods and effectiveness of security measures. In this context, relevant data protection authorities and experts should be duly involved. |
— |
The EDPS recommends that the use of the ‘TESTA II’ communications network and its compliance with Regulation (EC) No 45/2001 be clarified, also with regard to the role that Community institutions will play in the system. |
Done at Brussels, 19 December 2007.
Peter HUSTINX
European Data Protection Supervisor
(1) OJ C 267, 9.11.2007, p. 4.
(2) The Annex has not yet been published in the Official Journal, but is publicly available, as document number 11045/1/07 REV 1 ADD 1, at the Council register.
(3) OJ C 169, 21.7.2007, p. 2.
(4) See, more recently, EDPS opinion on Prüm, § 57-76 and EDPS Third opinion of 27 April 2007 on the proposal for a Council Framework Decision on the protection of personal data processed in the framework of police and judicial co-operation in criminal matters, § 14 (OJ C 139, 23.6.2007, p. 1).
(5) The latest draft of this proposal is available on Council register as document number 16397/07.
(6) With regard to this point, the text of Article 27b of the latest draft of the Draft framework decision on data protection in the third pillar should be carefully considered and discussed.
(7) On the applicability of data protection rules to DNA profiles, see Article 29 Working Party Opinion No 4/2007 of 20 June 2007 on the concept of personal data, WP136, p. 8-9; in the same opinion clarifications are also provided on the analogous case of the applicability of data protection rules to dynamic IP addresses, p. 16-17.
(8) See also EDPS Opinion of 28 February 2006 on the Proposal for a Council Framework Decision on the exchange of information under the principle of availability (COM(2005) 490 final), § 58-60 (OJ C 116, 17.5.2006).
(9) See, in the same line, Annex I of the Council Resolution of 25 June 2001 on the exchange of DNA analysis results (OJ C 187, 3.7.2001, p. 1).
(10) For example, in the UK the National DNA Database has increased the number of loci used for DNA profiles from 6 to 10, also with a view to enhance the reliability of the system.