The European Commission yesterday published a comprehensive overview of the way data is collected, stored and shared throughout the EU by governments, law enforcement agencies and other bodies.
Presenting the Commission's overview, Cecilia Malmström, EU Commissioner for Home Affairs, stated: "Citizens should have the right to know what personal data are kept and exchanged about them. One of my first actions as Commissioner for Home Affairs was, therefore, to order this overview, as called for by the European Parliament.
"I am happy to be able to present the overview today, together with a series of core principles for how our policy should develop in this area. This will help us keep the bigger picture in mind as we come to review the existing tools and adapt to change over time."
What may come as a surprise is how widespread data sharing is - and just how many people can look up data about individuals.
The so-called "Swedish principle", adopted since 2006, allows law enforcement agencies across Europe to share any data held on existing criminals in an effort to encourage cross-border cooperation on investigations.
The report highlights a key success of data sharing in solving a murder in "a member state capital". Police recovered DNA from a glass the chief suspect had been drinking from, but failed to get a match on their own national DNA database. Information was release to forces across Europe, and within 36 hours a positive match had been made.
Another data sharing success was chalked up by the Terrorist Finance Tracking Program agreement with the US Treasury, which helped police convict individuals in the 2006 transatlantic liquid bomb plot.
One of the mechanisms that has seen the most effective cooperation is the Schengen Information System (SIS), which links border agencies, customs, police and judicial authorities across Europe. In 2009 alone, SIS prodced 31.5 million alerts on issues from missing persons to forged banknotes and passports.
Elsewhere, the report highlights the haphazard manner in which data is used to identify illegal migrants and counter potential terrorist threats.
The Advance Passenger Information (API) system has been adopted across Europe in stages since 2004. It was recommended by the Spanish government in the wake of the Madrid bombings, and requires airlines to collect and store additional information about passengers from the machine-readable data in their passports.
The EC report reveals that although API has been adopted across Europe, few countries actually use it.
The report's key findings are available here.