Second Opinion of the European Data Protection Supervisor on the Proposal for a Council Frame-work Decision on the protection of personal data processed in the framework of policy and judicial co-operation in criminal matters.
Whilst welcoming Council efforts on the proposal for the protection of personal data processed in the framework of policy and judicial co-operation in criminal matters, the European Data Protection Supervisor (EDPS) nevertheless expresses some concern regarding the direction certain developments are taking. The texts currently being discussed within Council fail to incorporate amendments proposed by the European Parliament – nor do the Council texts consider the first opinion of the EDPS. On the contrary, in quiet a few cases provisions in the Commission proposal that offer safeguards, have been deleted or substantially weakened. The EDPS warns that such weakening of safeguards could risk a level of protection that is lower than the level of protection afforded under Directive 95/46/EC or that of the more generally formulated Council of Europe Convention No 108, which is binding on the Member States. It is for these reasons that the EDPS is now issuing a second opinion.
Although the EDPS recognises the importance of adopting the Framework Decision as soon as possible, it nevertheless gives warning that a speedy solution should not be sought at the expense of lowering standards. The lack of time given to reaching a consensus should not result in the quality of the Framework Decision being compromised. Further, the protection afforded must be consistent and independent of where, by whom, or for which purpose personal data is processed. Common rules on data protection should apply to all data in the area of police and judicial co-operation, and not be limited to cross-border exchanges between Member States.
The EDPS opinion also argues that limiting the scope of the Framework Decision is unworkable and suggests that to limit the scope would result in additional complexity and increased costs. It could, in addition, harm the legal certainty of individuals.
Other concerns of the EDPS are:
- The specific provisions on data quality in the Commission proposal should not be deleted from the proposal. Nor should they be made optional.
- The Provisions on the further use of data and on special categories of data should be consistent with Directive 96/46/EC and in line with the Council of Europe Convention No 108.
- The specific provisions on data exchange, with parties other than law enforcement authorities within the EU, should not be deleted from the proposal, nor be limited in scope. As to the exchange of data with third countries, mechanisms should at the very least ensure common standards and co-ordinated decisions on adequacy are put in place. The text of the Framework Decision should provide for such mechanisms.
- Solutions making the right to information dependent upon a request by the data subject are not acceptable and are not compatible with Council of Europe Convention No 108.
- The position of the data protection authorities should be consistent with the position afforded to them under Directive 96/46/EC.
- The detailed rules on security, comparable to the rules included in the Europol-convention, should not be deleted from the proposal.
The Commission and the Council should adopt a proposal on processing specific categories of data, such as biometric data and DNA-profiles, whether related to the principle of availability or not.