The Commission supports the political agreement reached between the European Parliament and the Council in informal trilogues on 15 December 2015, since the agreement is in keeping with the objectives of the Commission proposal.
To recall, the draft directive for police and criminal justice authorities forms part of a Data Protection Reform package proposed by the Commission, which also comprises a General Data Protection Regulation.
It aims to repeal Framework Decision 2008/977/JAI in order to ensure a consistent high level of protection of the personal data of natural persons and facilitate the exchange of personal data between competent authorities of the Member States, in order to ensure effective judicial cooperation in criminal matters and police cooperation. The directive will enable law enforcement and judicial authorities to cooperate more effectively and rapidly with each other, and build confidence and ensure legal certainty.
The Commission notes that the agreement:
· maintains the overall objective to ensure a high level of protection of personal data in the field of police and judicial cooperation in criminal matters and to facilitate exchanges of personal data between Member States' police and judicial authorities, by applying harmonised rules also to data processing operations at the domestic level;
· preserves the application of the general data protection principles to police cooperation and judicial cooperation in criminal matters, while respecting the specific nature of these fields;
· clarifies the material scope of the directive by specifying that the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties include the "safeguarding against and the prevention of threats to public security";
· includes certain private entities in the notion of 'competent authorities' but such possibility is strictly limited to entities entrusted by national law to perform public authority or public powers for the purposes of the directive;
· provides for minimum harmonised criteria and conditions on possible limitations to the general rules. This concerns, in particular, the rights of individuals to be informed when police and judicial authorities handle or access their data;
· establishes a distinction between different categories of data subjects whose rights may vary (such as witnesses and suspects);
· strengthens the risk based approach by providing for the new obligation of the controller to carry out, in certain circumstances, a data protection impact assessment while maintaining the obligations related to data protection by design and by default and to the designation of a data protection officer;
· sets outs the rules for international transfers to third countries by authorities competent for the purposes of the Directive to such authorities, while providing also for the possibility of transfers to private bodies, subject to a number of specific conditions.
Accordingly, the Commission can accept the position adopted by Council in first reading.