PURPOSE: to ensure a high level of protection of fundamental rights, and in particular the right to privacy, with respect to the processing of personal data in the framework of police and judicial cooperation in criminal matters.
LEGISLATIVE ACT: Council Framework Decision 2008/977/JHA on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters.
CONTENT: the Council adopted a Framework Decision on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters. The purpose of this act is to ensure a high level of protection for the basic rights and freedoms, and in particular the privacy, of individuals, while guaranteeing a high level of public safety when exchanging personal data.
The Framework Decision sets out principles of lawfulness, proportionality and purpose. It provides that personal data may be collected by the competent authorities only for specified, explicit and legitimate purposes in the framework of their tasks and may be processed only for the same purpose for which data were collected. Processing of the data shall be lawful and adequate, relevant and not excessive in relation to the purposes for which they are collected. Further processing for another purpose is only permitted under specified circumstances.
The Framework Decision defines, among other things:
- the right of access to data;
- the right to rectification, erasure or blocking;
- the right to compensation and the right to seek judicial remedies. It does not preclude Member States from providing higher-level safeguards for protecting personal data than those established in the framework decision.
Transfer to competent authorities in third States or to international bodies: the legislation provides that personal data transmitted or made available by the competent authority of another Member State may be transferred to third States or international bodies, only under certain circumstances, inter alia, that the Member State from which the data were obtained has given its consent to transfer in compliance with its national law; and the third State or international body concerned ensures an adequate level of protection for the intended data processing.
National supervisory authorities: each Member State must provide that one or more public authorities are responsible for advising and monitoring the application within its territory of the provisions adopted by the Member States pursuant to this Framework Decision. These authorities shall act with complete independence in exercising the functions entrusted to them.
Evaluation: Member States shall report to the Commission by 27/11/ 2013 on the national measures they have taken to ensure full compliance with the Framework Decision, and particularly with regard to those provisions that already have to be complied with when data is collected.
ENTRY INTO FORCE: 20/01/2009.
TRANSPOSITION: 27/11/2010. The Council shall, before 27/11/2011, assess the extent to which Member States have complied with the provisions of this Framework Decision.