The state system for information, communication and case processing (POLIX) of the Berlin police is increasingly becoming a legally questionable data graveyard. An audit carried out in 2023 by state data protection officer Meike Kamp revealed that law enforcement currently has around 7.5 million controversial procedures from the police IT system. The inspector criticizes the fact that the police cannot sensibly justify the selection of this data, some of which is decades old. As a rule, the personal data of suspects can be stored in POLIX for five to ten years, depending on the severity of the crime. Shorter time limits apply for young people and children. Information that investigators collect preventively can be stored for up to three years.
Advertisement
“For the work of investigative committees, long-term storage of data that is actually ready for deletion is often necessary,” Kamp explained in his introduction Annual Report 2023. Nevertheless, the information cannot be stored “unconditionally”. They must be “necessary for the investigative committee to fulfil its tasks”. The commissioner therefore sees the police and parliament as having a duty to “ensure compliance with data protection requirements”: Prosecutors must be able to explain in an understandable way “why they do not delete certain data”. The requesting parliament must control and support this process.
The dispute has dragged on for quite some time. In early 2019, Kamp’s predecessor Maja Smoltzik first complained that the police had not deleted any entries in the extensive database since June 2013 and were therefore violating storage requirements. According to Berlin police staff, the concept of time limits and deletions in Polix is fundamentally “implemented and automated”. However, the authority suspended these routines completely, it said in 2019. It initially referred to a “ban on deletions” issued in 2013 as part of the NSU terrorism investigation. A second requirement not to delete data from Polix has been in effect since early 2017 due to the attack on Breitscheidplatz in December 2016.
Suspicion of “unauthorized chain storage”
According to Kamp’s current report, part of the dump now also includes “2.25 million cases that could not be clarified, 30,000 cases that were created before 1995 and 400,000 recorded traffic accidents.” Although the data has been moved to a restricted access area since 2019, it is still a very extensive collection of processes that is ready for deletion. The suspicion of “inadmissible chain storage” is obvious. Despite various appeals, the police are adamant about “indiscriminate” storage. Comparable investigations at the public prosecutor’s offices and the State Office for the Protection of the Constitution would have shown that they were able to explain how and which files that were ready for deletion were set aside due to the prohibition of deletion.
The Berlin data protection officer regularly criticizes the fact that police officers abuse access to policies to request information for non-official purposes. In 2023, Kamps initiated 35 relevant proceedings against officers and imposed a total of 32 fines. It was about attempts to flirt and pursue other, mostly private, interests. Last year, the data protection officer also issued fines totaling 549,410 euros against private entities. Two central cases: Deutsche Creditbank (DKB) had to pay 300,000 euros because it did not comply with its transparency obligations regarding automated individual decision-making using scoring. Another company monitored three trainees at their workstations using video cameras hidden in electrical outlets. This was taken lightly with a fine of 4,000 euros.
(Old)
