Forensic Data Bank Project a.k.a “Forensic Google” in the Context of Personal Data Protection

Forensic Data Bank Project a.k.a “Forensic Google” in the Context of Personal Data Protection

Forensic Data Bank Project first came to the fore in Turkey with a press release dated 10th October 2016 by the Minister of Justice; Bekir Bozdağ. According to Minister’s statement, the forensic data bank would in some respects be a “Forensic Google” which would contain data on motives of crimes and be effectively used for preventive law purposes.

Having added that a recently established commission had already been undertaking a country wide “crime-mapping”.  Minister stated that the data bank would allow citizens, academics and journalists access information on local and temporal crime density- or in the Minister’s exact words, it would provide knowledge on;

“ …which city, province, neighbourhood, whether night or day, summer of winter were the crimes committed, information on the victim’s sex, educational status, profession, age and many more information about criminality…” 

It was indicated in this statement that the implementation would start as of 1st of January, 2017 and according to what can be obtained from the press, it has. Accordingly, the Project, which is said to be realized upon the “command” of the Minister, “would be carried out under the Mandate of Ministry of Justice’s  Forensic Registry and Statistics General Directorate, Information Processing and Education Department. Court and Procutor’s Office Clerks would sign in to the data pool via the National Judicial Network (UYAP) page and the data accessed would be allocated by specialists to the related units for production of statistics. The foreseable benefit of the Project is to facilitate the shaping of the judicial policies and crime prevention measures as well as enabling the tracking of the performance of Ministry personnel alongside judges and prosecuters.”

It must have grabbed the reader’s attention that all the information above was obtained from the press. There is no text, legislation, regulation or a memorandum- nothing official whatsoever to cite about this Project which will supposedly be much influential in reshaping of the judicial policy and the fight against crime.

In the Minister’s October statement it had been emphasized that “there was no need for any legal regulation” for the Project. We don’t know whether this implies that the Project will be undertaken under great secrecy. However the facts that no legislation is in place and that citizens are informed only through a brief press release, do not suggest a good beginning.

A project of the said extent and such an important purpose as crime prevention seem to imply some sort of public interest. To be fair, a crime mapping initiative with defined boundaries is certainly capable of contributing to the availability of data on criminality as well as formation of public awareness around the issue.

Neither are such initiatives novel. Projects with similar contents came up in the USA and European Countries as well. Since it became possible to process large sets of data- thanks to developing information technologies, statistics have become the order of the day. However it is also indisputable that alongside its allignement with “benevolent” intentions and positive outcomes, technological advancement also presents new spaces for abuse which needs to be spesifically regarded, questioned and balanced.

In my opinion, any consideration about such a project should prioritize the concepts “transparency”, “data protection”, “security and privacy”. Almost all of the data that is encompassed by the crime map/database announced by the Minister are “personal data” within the meaning of Personal Data Protection Code (no: 6698). Morever, data on criminal conviction, security measures and the like are labelled as “special data”. Therefore, “forensic google” is a subject that must be handled under data protection and data security, in its entirety.

The implementation of the project also concerns fundamental rights and freedoms. As a matter of fact, article 1 of the Code No. 6698 stipulates the Code’s aim as “ protecting fundamental rights and freedoms, specifically the right to privacy in processing of personal data”.

Although the Personal Data Protection Code does not require explicit consent in the case of data processing for public purposes, such exemption does not in any way entail a total disregard for the basic principles of personal data processing. According to the article 4 of the Code, personal data can only be processed for “specified, clear and legitimate purposes”, in a way that is “related with, limited and proportional to” such purposes and may only be stored for a duration that is compatible with the purpose of processing. In other words, no matter what the purpose is, the authorization to process personal data is in no way unlimited.

Again, even though it is true that certain data processing activities are excluded from the scope of the Code  by “exemption” clauses, these must be interpreted narrowly; in a way that actually reflects the exceptional nature of the said activities. A contradicting approach would result in the exclusion of a large body of data processing, especially those carried out by public authorities from the scope of the Code and thus legal oversight.

In this perspective,  the approach that there is no need for legal regulationon such an important issue, is neither right nor acceptable. Even if the matter may be argued to be entirely within the authority of the Ministry, then the Ministry itself should definitely put in place regulations that  designate purposes, methods and responsibilities, establish compatibility with the Personal Data Protection Code, provide genuine information to the public and do all these all with a view to transparency.

It is thus very much problematic that press has been the only information source so far. The very lack of a legal process that could have clarified the implementation as well as the allocation of authorities and responsibilities on such an intriguing issue leads us to question the legitimacy of the Project itself, from its very beginning.

There are many questions related with the Project;

FROM WHICH SOURCES will the database data be gathered? WHICH data will be processed and HOW? How will the data be ANONYMIZED? Will a crime-map be formed? And if yes, what will be its SCOPE? If it is to include geographical information (geo-spatial data), what degree of detail will be provided? Who will have access to the database? Will the access be provided to everyone equally? How will such a large scale database be secured? Who will be responsible in the case of data breach, and to what extent will this responsibility be allocated?…

Without doubt, those are questions that need to be answered in legislation rather than in “press releases”.

In England, where a similar procedure under the name “crime-mapping” had been put in place, The English data protection authority pointed out (in its report dated 2014)  the possible negative consequences related with the sharing of geo-spatial data in a way that makes it possible to identify certain individuals and places. Emphasizing the importance of transparency, the authority warned against frequent and real-time updating which may increase data security risks as well as its’ tendency to form prejudice against the dwellers of certain neighbourhoods.

Furthermore, the realities of our country make the question of processing software/programme an important one. Although not included in press releases, processing raw data of such a great magnitude for certain purposes requires an algorithm and thus a software with sufficient capacity. What is the Ministery’s preference for software? Which programme is used? It is striking that no information is available on this aspect too.

In conclusion, this Project is neither novel nor unique to us. It is true that scientifically supported initiatives may be contributive to the solution of social problems. However it is not possible to accept any approach that is unilateral and authoritarian, that is without transparency and participation… It is a necessity stemming from the democratic principles that all tiers of the society should be consulted and public information should be provided in every stage of implementation. Otherwise, no one should be suprised when data that belongs to Turkish citizens are leaked to foreign countries, traded and/or processed within autocratic approaches and purposes inside the country.

If todays’ most prominent source of power and threat is information, then we should be able to know how to use it and protect ourselves, right?

(translated by Gizem Koç)