Advertisement

The Right of Access Under the Police Directive: Small Steps Forward

  • Diana DimitrovaEmail author
  • Paul De Hert
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11079)

Abstract

The present article sets out to examine the right of access under Directive 2016/680, which regulates the processing of personal data by EU Member States’ law enforcement authorities. The article analyses in detail the provisions on the right of access. More precisely, it looks at whether the right provides for sufficient transparency towards the data subject and whether its scope allows for a harmonized data protection across the law enforcement sector in the EU. The article concludes that while the provisions on the right of access make a significant step towards more transparency, they also suffer from deficiencies. Also, the limited scope of the Directive takes away from the harmonization attempts.

Keywords

Right of access Data protection Law enforcement Directive 2016/680 

References

  1. 1.
    The Schengen Information System: A Guide for exercising the right of access. SIS II Supervision Coordination Group, p. 8, October 2015Google Scholar
  2. 2.
    Charter of Fundamental Rights of the European Union, O.J. C 364, 2000/C364/01, 18 December 2000Google Scholar
  3. 3.
    Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regards to the processing of personal data and on the free movement of such data, O.J. L 251, 23 November 1995Google Scholar
  4. 4.
    Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), O.J. L 119, 4 May 2016Google Scholar
  5. 5.
    Principle 6 Recommendation No. R (87) 15, Council of Europe, Committees of Ministers to Member States regulating the use of personal data in the police sector, 17 September 1987Google Scholar
  6. 6.
    Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA, O.J. L 119/89-131Google Scholar
  7. 7.
    Council Framework Decision 2008/977/JHA of 27 November 2008 on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters, O.J. L. 350/60-71, 30 December 2008Google Scholar
  8. 8.
    Council Decision 2007/533/JHA on the establishment, operation and use of the second generation Schengen Information System (SIS II), OJ L 205, (“Council Decision SIS II”), 7 August 2007Google Scholar
  9. 9.
    Directive (EU) 2016/681 of the European Parliament and of the Council of 27 April 2016 on the use of passenger name record (PNR) data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime, OJ L 119, p. 132–149 (“EU PNR Directive”), 4 May 2016Google Scholar
  10. 10.
    Council Decision 2008/633/JHA of 23 June 2008 concerning access for consultation of the Visa Information System (VIS) by designated authorities of Member States and by Europol for the purposes of the prevention, detection and investigation of terrorist offences and of other serious criminal offences, OJ L 218, pp. 129–136 (“VIS Council Decision”), 13 August 2008Google Scholar
  11. 11.
    Regulation (EU) No 603/2013 of the European Parliament and of the Council of 26 June 2013 on the establishment of ‘Eurodac’ for the comparison of fingerprints for the effective application of Regulation (EU) No 604/2013 establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person and on requests for the comparison with Eurodac data by Member States’ law enforcement authorities and Europol for law enforcement purposes, and amending Regulation (EU) No 1077/2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice, O.J. L 180/1-30, (“EURODAC Regulation”), 29 June 2013Google Scholar
  12. 12.
    Council of Europe Convention 108 for the Protection of Individuals with regard to Automatic Processing of Personal Data, Strasbourg, 28 January 1981Google Scholar
  13. 13.
    ECtHR, Gaskin v the United Kingdom, Application no. 10454/83, 07 July 1989Google Scholar
  14. 14.
    ECtHR, Khelili v Switzerland, Application no. 16188/07, 18 October 2011Google Scholar
  15. 15.
    ECtHR, Segerstedt-Wiberg and Others v. Sweden, Application no. 62332/00, 6 June 2006Google Scholar
  16. 16.
    ECtHR, Amann v Switterland, Application no. 27798/95, 16 February 2000Google Scholar
  17. 17.
    CJEU, C-553/07, College van burgemeester en wethouders van Rotterdam v M.E. E. Rijkeboer, 7.05.2009, Opinion of the Advocate General Ruiz-Jarabo Colomer, par. 33 and 34, 22 December 2008Google Scholar
  18. 18.
    L’Hoiry, X., Norris, C.: Introduction – the right of access to personal data in a changing european legislative framework. In: Norris, C., de Hert, P., L’Hoiry, X., Galetta, A. (eds.) The Unaccountable State of Surveillance. LGTS, vol. 34, pp. 1–8. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-47573-8_1CrossRefGoogle Scholar
  19. 19.
    C‑141/12 and C‑372/12, YS v Minister voor Immigratie, Integratie en Asiel and Minister voor Immigratie, Integratie en Asiel v M, 17 July 2014Google Scholar
  20. 20.
    CJEU, C-434/16, Peter Nowak v Data Protection Commissioner, Opinion of Advocate General Kokott, 20 July 2017Google Scholar
  21. 21.
    Bäcker, M.: Art. 23 Beschränkungen. In: Jürgen Kühling, J., Buchner, B. (eds.) Datenschutz-Grundverordnung: Kommentar, p. 486, par. 14, C.H.Beck (2017)Google Scholar
  22. 22.
    Galetta, A., de Hert, P.: A European perspective on data protection and the right of access. In: Norris, C., de Hert, P., L’Hoiry, X., Galetta, A. (eds.) The Unaccountable State of Surveillance. LGTS, vol. 34, pp. 21–43. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-47573-8_3CrossRefGoogle Scholar
  23. 23.
    CJEU, C-465/00, 138/01, 139/01 Österreichischer Rundfunk, 20 May 2003Google Scholar
  24. 24.
    De Hert, P., Papakonstantinou, V.: The new police and criminal justice data protection directive: a first analysis. New J. Eur. Crim. Law 7(1), 12 (2016)Google Scholar
  25. 25.
    Gesetz zur Anpassung des Datenschutzrechts an die Verordnung (EU) 2016/679 und zur Umsetzung der Richtlinie (EU) 2016/680, Bundesgesetz- blatt Jahrgang 2017 Teil I Nr. 44, Bonn, (“German Implementing Law”), 05 July 2017Google Scholar
  26. 26.
    Computers, Privacy and Data Protection (CPDP) 2017 Conference. https://www.youtube.com/watch?v=g7YYlrxQe20
  27. 27.
    ECtHR, Haralambie v Romania, application no. 21737/03, 27 October 2009Google Scholar
  28. 28.
    ECtHR, Yonchev v. Bulgaria, application no. 12504/09, 7 December 2017Google Scholar
  29. 29.
    Regulation 2016/794 of the European Parliament and of the Council of 11 May 2016 on the European Union Agency for Law Enforcement Cooperation (Europol) and replacing and repealing Council Decisions 2009/371/JHA, 2009/934/JHA, 2009/935/JHA, 2009/936/JHA and 2009/968/JHA, O.J. L. 135/53-114, (“EUROPOL Regulation”), 25 May 2016Google Scholar
  30. 30.
    Proposal for a Regulation of the European Parliament and of the Council on establishing a framework for interoperability between EU information systems (police and judicial cooperation, asylum and migration), COM (2017) 794 final, Brussels (“EU Interoperability Proposal 1”), 12 December 2017Google Scholar
  31. 31.
    Proposal for a Regulation of the European Parliament and of the Council on establishing a framework for interoperability between EU information systems (borders and visa) and amending Council Decision 2004/512/EC, Regulation (EC) No 767/2008, Council Decision 2008/633/JHA, Regulation (EU) 2016/399 and Regulation (EU) 2017/2226, COM (2017) 793 final, (“EU Interoperability Proposal 2”), 12 December 2017Google Scholar
  32. 32.
    Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data, OJ.L. 8/1-22, (“Regulation 45/2001”), 12 January 2001Google Scholar
  33. 33.
    Proposal for a Regulation of the European Parliament and of the Council on the establishment, operation and use of the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters, amending Regulation (EU) No 515/2014 and repealing Regulation (EC) No 1986/2006, Council Decision 2007/533/JHA and Commission Decision 2010/261/EUCOM (2016) 883 final, Brussels (“SIS II Proposal 2016”), 21 December 2016Google Scholar
  34. 34.
    The European Parliament adopted the Passenger Name Record (PNR) Directive for the Passengers with EU Air Carriers. The Republic of Bulgaria, Commission for Personal Data Protection, 19 April 2016. https://www.cpdp.bg/en/index.php?p=news_view&aid=954
  35. 35.
    Article 11 (a) Law on the State Agency “National Security” of the Republic of Bulgaria, Official Journal 109, 20 December 2007. Latest amendment: 19 January 2018Google Scholar
  36. 36.
    European Data Protection Supervisor: Opinion of the European Data Protection Supervisor on the package of legislative measures reforming Eurojust and setting up the European Public Prosecutor’s Office (‘EPPO’), Brussels, p. 18, par. 91, 5 March 2014Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.FIZ KarlsruheKarlsruheGermany
  2. 2.Vrije Universiteit BrusselBrusselsBelgium

Personalised recommendations