EDPS warns against EU endangering data protection principles

By EDRi · December 6, 2006

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

The European Data Protection Supervisor (EDPS), Peter Hustinx, has issued a
second opinion, following the one issued on 19 December 2005 on the Proposal
of the Commission for a Council Framework Decision on the protection of
personal data processed in the framework of police and judicial co-operation
in criminal matters.

The Commission proposal is presently under discussion within the Council of
Ministers and although Hustinx appreciates the attention given by the
Council to this proposal, he still voices concerns regarding the outcome of
the negotiations.

The text currently discussed has not included the amendments proposed by the
European Parliament in a legislative resolution issued on 27
September 2006 or the EDPS’ opinions presented at the Conference of European
Data Protection Authorities. The amendments proposed had in view the
enhancement of the level of protection afforded by the Framework Decision.

In some cases, the provisions of the Commission proposal regarding the
protection of citizens’ data are even eliminated or very weak. Mr. Hustinx
thinks there is a great risk that the level of data protection is even lower
than before and warns the officials that they are endangering the data
protection principles.

Under the circumstances in which the exchange of police and judicial
information among Member States becomes more and more significant, a strong
legal framework should be in place to protect people’s fundamental rights,
considers the EDPS. Although he understands the necessity of adopting the
Framework Decision as soon as possible, he urges the members of the Council
to give some time to the negotiations so that they may allow sufficient
protection for the data.

“If they succeed in agreeing on a high level of protection for all data,
including ‘purely’ domestic processing, they will at the same time improve
trust between EU police and judicial authorities,” said Mr.Hustinx talking
about the Council members.

He also showed concern that the framework might allow processing of data
on religion, race or ethnic origin without sufficient protection and
also that there was not enough protection for the data obtained by the
bodies that are not involved with law enforcement. In this respect, he gave
the example of the SWIFT case where bank transaction details were
transferred to US.

The EDPS proposed a certain consistency of the data protection rules that
should apply to all the data exchanged in the police and judicial systems
that should not be limited to cross-border exchanges between Member States.

One other concern expressed by Mr.Hustinx is related to the right of a
person to be informed on the activities related to his (her) personal data.

“Some basic rights for data subjects, like the right to be informed, no
longer seem to be guaranteed,” he stated, considering that making the right
to information dependent upon request was not acceptable.

The EDPS also believes that the Council should adopt a proposal on
processing specific data such as biometric data and DNA-profiles, whether
related to the principle of availability or not.

A cooperation agreement has been signed between the EDPS’s office and the
European Ombudsman P Nikiforos Diamandouros with the purpose to inform each
other on relevant complaints.

A joint statement from both offices said: “Because maladministration
includes failure by the EU institutions to comply with their data protection
obligations, it is important that we coordinate on cases where our
competences partly overlap”.

Second opinion of the European Data Protection Supervisor on the Proposal
for a Council Framework Decision on the protection of personal data
processed in the framework of police and judicial co-operation in criminal
matters (29.11.2006)

Ombudsman and Data Protection Supervisor sign Memorandum of Understanding

Data protections are being eroded, says European watchdog (30.11.2006)