The interoperability initiative passed in May 2019 as Regulations (EU) 2019/817 and 818 seeks new strategies for identifying dangerous individuals who use false or multiple identities. The EU’s databases in the Area of Freedom Security and Justice (AFSJ) for policing and migration purposes will be interconnected. This constitutes a paradigm shift for purpose limitation as a core element of data protection. This article identifies regulatory patterns and shortcomings in the technical and legal data protection arrangements of the interoperability regulations. The legal framework for data protection in the EU has developed considerably with the General Data Protection Regulation (GDPR) 2016/679 and with Directive 2016/680 for policing and criminal justice. The European Data Protection Board, a multilevel accountability forum in which European and national data protection authorities cooperate has been established. From a trans-disciplinary legal, public administration, and public policy perspective, this article analyses the regulatory patterns and institutional settings established for the upcoming interoperability of databases for policing and migration.