Bavaria’s data protection officer has asked the State Criminal Police Office (LKA) to stop testing the controversial police software VeRA with data from real people. The police must not “start testing an application using personal data in anticipation of a possible (or not!) legal processing authority,” said Thomas Petri in Munich on Friday. That’s why he asked the LKA to stop the test operation. However, the LKA does not have to comply with this requirement. The Bayerischer Rundfunk had previously reported.
The Bavarian Interior Ministry announced on Friday that it was examining Petri’s letter. A decision will then be made about how to proceed. Although the planned change to the Police Tasks Act for the use of the software is still pending, the test with real data is fine. The results would not be used for police purposes, but only for internal technical testing of the application. “In this test phase, no cross-source research and analyzes will be carried out,” said a ministry spokesman. It’s more about whether the transmission of data from various police sources to the new program works. These tests with data from real people are “indispensable for future reliable operation.”
The draft for the planned change in the law is in the final votes, but still needs to be discussed with the free voters, according to the CSU-led Interior Ministry in mid-January. Until then, the Bavarian Data Protection Act is sufficient as a legal basis for the test.
Sharp criticism also came from the ranks of the opposition in the state parliament. “This case shows how little civil rights are worth when the CSU governs,” said Green Party co-parliamentary leader Katharina Schulze on Friday. It’s about an “alarming data protection scandal”. A separate legal basis is needed for the comprehensive police analysis of personal data. “Everything else is forbidden,” said Schultze.
The SPD MP Horst Arnold called for a stop to the test operation. “It must now finally be clear to the LKA that it is of no use to its own cause to trivialize data protection law through adventurous legal constructions and excuses,” said the legal policy spokesman for the SPD parliamentary group in the state parliament. The fact that there is currently no legal basis for the test is a “clear political failure on the part of the state government”.
The cross-procedure research and analysis platform (VeRA) is intended to help Bavarian investigators read out various police data pools at the same time and create connections in the case of serious crimes. Similar programs from the US company Palantir are already in use in Hesse and North Rhine-Westphalia. The Federal Ministry of the Interior, like other countries, rejected its use in federal authorities in the summer – despite the corresponding purchase option.
Critics accuse Palantir of being too close to US secret services and fear that sensitive data could be diverted. However, a check of the source code of the software for the Bavarian LKA remained unremarkable.
According to the Bavarian Ministry of the Interior, Petri was informed about the subsequent test operation with real data in Bavaria “in a personal conversation” at the beginning of March 2023. An LKA spokesman emphasized in November that the authority had also offered Petri to provide data protection documentation. Petri only requested this on November 24th. When asked, Petri said at the time that he “didn’t want to completely rule out the possibility that the LKA president mentioned the test operation planned by the LKA in a personal conversation with me.” However, he did not have any meaningful documents. He only found out about the concrete test operation with “real data” from the BR in November and initiated an examination.