Council Decision 2008/616/JHA stipulates, with regard to the exchange of DNA data, that ‘the encryption algorithm AES (Advanced Encryption Standard) with 256‑bit key length and RSA with 1 024‑bit key length’ and ‘the hash algorithm SHA‑1 shall be applied.’ The UK‑EU Trade and Cooperation Agreement stipulates the same. However the SHA‑1 hash algorithm has effectively been broken since 2017, while 1 024‑bit RSA encryption is vulnerable to brute force attacks by more powerful modern computing.

1. What encryption and hash algorithms and what key lengths are currently being used for the cross‑border exchange of DNA data and fingerprint data?

2. Will the legal provisions mentioned above be updated to require state‑of‑the‑art encryption, and if so, when?

3. When it comes to other kinds of cross‑border cooperation on criminal or police matters, are there obligations to securely encrypt personal data? If so, please provide a list.