EDPS advises against new data protection framework decision

By EDRi · May 9, 2007

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

The European Data Protection Supervisor (EDPS) has shown serious concerns in
his opinion on the Commission’s new Council Framework Decision proposal
regarding the protection of personal data processed in the framework of
police and judicial co-operation in criminal matters.

Although appreciative of the German presidency’s efforts, Peter Hustinx
advised the Council against adopting the proposal considering it failed to
provide appropriate data protection. EDPS believes that a Framework Decision
on the protection of personal data in the third pillar is essential in the
development of an area of freedom, security and justice and that “the
growing importance of the police and judicial cooperation in criminal
matters as well as the actions stemming from the Hague Programme have
highlighted the necessity of common standards in the protection of personal
data in the third pillar”. At the same time, Hustinx underlines that some of
the aspects of the proposal are not in agreement with the EU Treaty and some
are even below the standards of the Council of Europe Convention 108 of

“We need to ensure high standards to guarantee both the citizens rights and
the efficiency in police and judicial cooperation. Unfortunately, this
proposal does not meet the expectations” stated the EDPS.

Two important issues Hustinx opposes to are the extension of the proposal
scope to third pillar data processing by Europol and Eurojust and the
creation of a new joint supervisory authority before including adequate
protection measures for the citizens’ data when such data are exchanged
between member states and third parties.

In his opinion, the lack of proper and broad level of data protection will
make information exchanges “subject to different national “rules of origin”
and “double standards” that strongly affect efficiency in law enforcement
cooperation while not improving the protection of personal data”.

The EDPS considers some essential data protection provisions have been taken
out from the previous text thus weakening the level of protection of
citizens and also finds the legislative quality of the text as
unsatisfactory. “Apart from the choice of legal instrument, several
provisions do not fulfil the requirements of the common guidelines for the
quality of drafting of Community legislation. In particular, the text is
not drafted clearly, simply and precisely, which makes it difficult for the
citizens to identify their rights and obligations unambiguously”.

Two of the aspects that are not properly covered by the proposal are the
limitation of the further purposes for which personal
data may be processed, and the lack of specific and strict conditions for
the data exchanges with non-law enforcement authorities.

The opinion shows there are no adequate provisions related to the quality of
data. There are no provisions regarding the differentiation of data
categories based on the accuracy degree and reliability, no distinction
between data based on facts and data based on personal opinions or
assessment. “The lack of such a common requirement could actually undermine
the data being exchanged between police authorities as they will not be able
to ascertain whether the data can be construed as “evidence”, “fact”, “hard
intelligence” or “soft intelligence”. This could have the consequence of not
only hampering security operations and intelligence.”

The privacy watchdog especially objects to the way of handling the exchange
of DNA data and urges on caution regarding the introduction of biometric
data in passports. He remarked that, in the fight against crime, data
protection adequate measures had very often been disregarded for the sake of

Third pillar data protection: EDPS strongly advises Council not to adopt
current proposal without significant improvements (30.04.07)

Third opinion of the European Data Protection Supervisor on the Proposal for
a Council Framework Decision on the protection of personal data processed in
the framework of police and judicial co-operation in criminal matters

EU Data Protection Supervisor warns against networking police databases