PURPOSE: to determine common standards to ensure the protection of individuals with regard to the processing of personal data.
PROPOSED ACT : Council Framework Decision
CONTENT: Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data contains fundamental rules on the lawfulness of the processing of personal data as well as on the rights of the data subject. It includes provisions concerning judicial remedies, liability and sanctions, the transfer of personal data to third countries, codes of conduct, specific supervisory authorities and a working party and finally community implementing rules. However, the Directive does not apply to activities that fall outside the scope of Community law such as those provided for by Title VI of the Treaty on European Union (TEU). Accordingly Member States are allowed to decide themselves on appropriate standards for data processing and protection. In the context of Title VI TEU the protection of personal data is set out in different specific instruments.
This Framework Decision ensures the protection of personal data processed in the framework of police and judicial co-operation in criminal matters between the Member States of the European Union (TEU, Title VI). It aims at improving this cooperation, in particular regarding preventing and combating terrorism, and with the strict observance of key conditions in the area of data protection. It ensures that fundamental rights, with special attention to the right to privacy and to the protection of personal data, will be respected throughout the EU, in particular, in view of the implementation of the principle of availability. It also ensures that the exchange of relevant information between the Member States will not be hampered by different levels of data protection in the Member States.
The proposed Framework Decision includes general rules on the lawfulness of:
-processing of personal data;
-provisions concerning specific forms of processing (transmission and making available of personal data to the competent authorities of other Member States,
-further processing, in particular further transmission, of data received from or made available by the competent authorities of other Member States);
-rights of the data subject;
-confidentiality and security of processing;
-judicial remedies;
-liability;
-sanctions;
-supervisory authorities;
-a working party on the protection of individuals with regard to the processing of personal data for the purpose of the prevention, investigation, detection and prosecution of criminal offences.
Particular attention is to be paid to the principle that personal data are only transferred to those third countries and international bodies that ensure an adequate level of protection. The Framework Decision provides for a mechanism aiming at EU wide compliance with this principle.
This Framework Decision is based on Articles 30, 31 and 34 (2) (b) of the TEU.
On the matter of the principle of availability, the Commission takes the position that the implementation of the principle of availability will further develop and fundamentally change the quality and intensity of the exchange of information between the Member States. Such development will greatly affect personal data and the right to data protection. It needs to be appropriately counterbalanced. Recent initiatives aiming at direct automated access, at least, on a hit/no hit basis are likely to increase the risk of exchanging illegitimate, inaccurate or non up-dated data and have to be taken into account. These initiatives imply that the data controller will no longer be able to verify in each individual case the legitimacy of a transmission and the accuracy of the data concerned. Consequently, this has to be accompanied by strict obligations to constantly ensure and verify the quality of data to which direct automated access is granted. Clear rules should be established for the protection of personal data that shall be or have been made available to competent authorities of other Member States. This implies a system ensuring the quality of processing of the data concerned. Such a system must include provisions laying down appropriate rights of the data subject and powers of the supervisory authorities as exercising those rights and powers is likely to contribute to the quality of the data concerned.
FINANCIAL IMPLICATIONS: The implementation of the proposed Framework Decision would entail only low additional administrative expenditure, to be charged to the budget of the EC, for meetings of and the secretarial services for the committee and the advisory body to be established according to Articles 16 and 31.
Period of application: starting 2006
Overall financial impact of human resources and other administrative expenditure: Total EUR 2,334 million over 5 years
Total Staff: 1.75
Overall financial impact of human resources: total EUR 189.000 per year
Other administrative expenditure deriving from the action: EUR 200.000 per year.