Skip to main content
SpringerLink
Log in

The Protection of Personal Data Processed Within the Framework of Police and Judicial Cooperation in Criminal Matters

  • Chapter
  • First Online:
Transnational Inquiries and the Protection of Fundamental Rights in Criminal Proceedings

Abstract

The present paper provides a general overview of Framework Decision 2008/977/JHA on the protection of personal data processed within the framework of police and judicial cooperation in criminal matters, adopted much time after Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data—which applies only to activities falling within the scope of the former Community law and does not cover processing operations concerning the activities of the State in areas of criminal law. In line with the original three-pillar construction of the EU, such a frame results in a clear-cut distinction between the protection against data processed for commercial reasons under the former first pillar on the one hand, and the protection against data processed for crime prevention and investigation purposes under the former third pillar on the other. In the light of the entry into force of the Lisbon Treaty, which has removed the pillar structure, the present paper examines the most recent developments towards the adoption of a single legal instrument on personal data protection in the EU, aimed at replacing both the Framework Decision and the Directive.

This paper was submitted for publication by September 2011. In January 2012 the European Commission has put forward two legislative proposals: a Regulation setting out a general EU framework for data protection and a Directive on the protection of personal data processed for the purposes of prevention, detection, investigation or prosecution of criminal offences and related judicial activities. For obvious reasons, the paper does not take into account these proposals.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    On the increasing importance of information sharing at EU level, see: Gialuz (2009), 16 ff.

  2. 2.

    Council Framework Decision 2008/977/JHA of 27 November 2008 on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters, OJ L 350, 30 December 2008, p. 60.

  3. 3.

    On the difference between privacy and data protection, see: Gutwirth and De Hert (2008), pp. 278–293, and Mitsilegas (2009), pp. 276–277.

  4. 4.

    The Hague Programme: Strengthening Freedom, Security and Justice in the European Union, OJ C 53, 3 March 2005, p. 1. On the principle of availability, see: Ciampi (2009), pp. 34 ff.

  5. 5.

    OJ L 281, 23 November 1995, p. 31.

  6. 6.

    After Article 286 EC Treaty concerning data protection was introduced by the Treaty of Amsterdam, Regulation 45/2001 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies (this processing being left outside by the scope of application of Directive 95/46) has been adopted. Directive 95/46 has been further complemented by Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector (OJ L 201, 31 July 2002, p. 37).

  7. 7.

    As explained in recital 10, the approximation of Member States’ laws should not result in any lessening of the data protection they afford but should instead strive for a high level of protection within the Union.

  8. 8.

    For some critical remarks, see De Hert and Bellanova (2009), p. 6.

  9. 9.

    De Hert and Papakonstantinou (2009), p. 408.

  10. 10.

    See below, § 5.

  11. 11.

    All the data protection rules which apply to the competent authorities are also binding on persons working for a competent authority of a Member State and allowed to have access to and process personal data (Art. 21). These rules shall apply to the members and staff of the national supervisory authorities too (Art. 25, para. 4).

  12. 12.

    As pointed out by De Busser, “[…] the rule of speciality and purpose limitation both have the objective of restricting the use of data to the intended use.” However “purpose limitation is […] weaker […] in comparison to speciality.” De Busser (2007), p. 49 and p. 55.

  13. 13.

    The purposes other than those for which data can be further processed are listed under Article 11. They are: (a) the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties other than those for which data were transmitted or made available; (b) other judicial and administrative proceedings directly related to the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties; (c) the prevention of an immediate and serious threat to public security; or (d) any other purpose only with the prior consent of the transmitting Member State or with the consent of the data subject, given in accordance with national law. This provision is envisaged so as to have a broad scope. On this point see Hijmans and Scirocco (2009), p. 1494.

  14. 14.

    For some critical comments on this issue see De Hert and Papakonstantinou (2009), p. 411.

  15. 15.

    The principle of accuracy of data is to be applied taking account of the nature and purpose of the processing concerned. For example, in judicial proceedings data are based on the subjective perception of individuals and in some cases are totally unverifiable. Consequently, the requirement of accuracy cannot apply to the accuracy of a statement but merely to the fact that a specific statement has been made (point 12 of the Consideranda).

  16. 16.

    See below, § 4.

  17. 17.

    The Framework Decision attempts to explain how the adequacy of the level of protection might be assessed. Particular consideration should be given to: the nature of the data; the purpose and duration of the proposed processing operation or operations; the State of origin and the State or international body of final destination of the data; the rules of law, both general and sector-specific, in force in the third State or international body in question; and the professional rules and security measures which apply [Art. 13(4)]. Nonetheless, the assessment of adequacy remains difficult to carry out. For some critical remarks see: De Busser (2010), pp. 131–133; De Hert and Papakonstantinou (2009), p. 412; and Hijmans and Scirocco (2009), p. 1499. It is noteworthy that recently EU Commissioner Viviane Reding, responsible for Justice, Fundamental Rights and Citizenship, stressed the need to ensure that the principle of reciprocity of protection enjoyed by data subjects applies when data are transferred and processed outside the EU. V. Reding (2011), p. 5.

  18. 18.

    The right to information is implied in the obligation for the Member States to inform the data subjects about the collection or processing of their personal data. See above, § 3.

  19. 19.

    Andoulsi (2010), p. 377.

  20. 20.

    As explained under point 34 of the Consideranda, the supervisory authorities already established under Directive 95/46/EC will also be entrusted with the tasks to be performed under the Framework Decision.

  21. 21.

    Hijmans (2006), pp. 1341–1342.

  22. 22.

    De Hert and Bellanova (2009), p. 11.

  23. 23.

    With the only exception of protection of personal data in the area of Common Foreign and Security Policy, specifically ruled under Article 39 TEU.

  24. 24.

    Scirocco (2008) (emphasis added).

  25. 25.

    Preservation of national security interests is guaranteed, however. In the Declaration 20 attached to the Lisbon Treaty, the Conference has declared that, “whenever rules on protection of personal data to be adopted on the basis of Article 16 could have direct implications for national security, due account will have to be taken of the specific characteristics of the matter.” It has been rightly pointed out that this declaration does not add much to the current legal framework, in which exceptions for public interests and national security are already possible. See Scirocco (2008).

  26. 26.

    As pointed out by Mitsilegas (2009), p. 279, “[t]he incorporation of the Charter into EU law may prove to be extremely significant in allowing European judges to develop privacy standards to be taken into account in both the implementation of existing legislation and the formulation of subsequent laws.”

  27. 27.

    Available at: http://ec.europa.eu/governance/impact/planned_ia/docs/72_jls_data_protection_strategy_and_legal_framework_en.pdf.

  28. 28.

    COM (2010) 609 final, Brussels, 4 November 2010.

  29. 29.

    “This public consultation was intended to reach a broad range of stakeholders, based on three very open questions, leaving them as much leeway as possible in identifying new challenges, signalling out areas that would need improvement, and making suggestions on how a future legal framework could better tackle certain problems.” Reding (2010), p. 27. It is noteworthy that, in the same period, the Commission organized also a public consultation on the possibility of an agreement with the United States on data protection principles to be applied to transatlantic exchanges.

  30. 30.

    Andoulsi (2010), p. 370.

  31. 31.

    Respectively, COM (2009) 262, 10 June 2009, and COM (2010), 20 April 2010.

  32. 32.

    Thus, such a Declaration does not favour the co-existence of different legal instruments, but actually supports the creation of a single legal framework, with some specific rules where needed. Andoulsi (2010), p. 371.

  33. 33.

    De Hert and Bellanova (2009), p. 4.

  34. 34.

    It must be pointed out, though, that Europol and Eurojust pleaded for taking into account the specificities of their work regarding the coordination of law enforcement and crime prevention (see p. 4, footnote 7).

  35. 35.

    A proposal was expected from the Commission within the first half of 2011. At the time of writing no proposal is yet available.

  36. 36.

    Opinion of the European Data Protection Supervisor on the Communication from the Commission to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Region—“A comprehensive approach on personal data protection in the European Union,” Brussels, 14 January 2011.

  37. 37.

    This has been demonstrated by the ECJ rulings in the cases of PNR and the data retention Directive (respectively, joined cases C-317 & 318/04, European Parliament v. Council and Commission, 2006, and Case C-301/106, Ireland v. Parliament and Council, 2009). On this issue see: Kosta et al. (2007), pp. 2–3; Hijmans and Scirocco (2009), pp. 1501–1508; and Scirocco (2008).

  38. 38.

    “[…] discussions in the Council appeared a race to the lowest common denominator, and the final text appears too weak to substantially modify the previous context […T]he European Parliament’s amendments, that could have contributed to address some major issues, have not been integrated in the final text.” De Hert and Bellanova (2009), p. 5. See also Mitsilegas (2009), pp. 273–274.

  39. 39.

    As affirmed by the current EDPS, Peter Hustinx (2010), p. 1, “[o]n the basis of Article 16, a comprehensive legal framework for data protection, combining consistency and solidity, will no longer be wishful thinking but a feasible policy objective.”

Abbreviations

CIS:

Customs Information System

EDPS:

European Data Protection Supervisor

EU FRCh:

Charter of Fundamental Rights of the European Union

SIS:

Schengen Information System

TEU:

Treaty on the European Union

TFEU:

Treaty on the Functioning of the European Union

References

  • Andoulsi I (2010) Personal data protection and the first implementation semester of the Lisbon Treaty: achievements and prospects. NJECL 3:362–384

    Google Scholar 

  • Ciampi S (2009) Principio di disponibilità e protezione dei dati personali nel “terzo pilastro” dell’Unione europea. In: Peroni F, Gialuz M (eds) Cooperazione informativa e giustizia penale nell’Unione europea. Edizione Università di Trieste, Trieste, pp 34–100

    Google Scholar 

  • De Busser E (2007) The architecture of data exchange. Revue Internationale de Droit Pénal 78:35–55

    Article  Google Scholar 

  • De Busser E (2010) Transatlantic adequacy and a certain degree of perplexity. Eucrim 1:30–36

    Google Scholar 

  • De Hert P, Bellanova R (2009) Data protection in the Area of Freedom, Security and Justice: a system still to be fully developed? Study requested by the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE). Policy Department C, Citizens’ Rights and Constitutional Affairs. http://www.europarl.europa.eu/activities/committees/studies/download.do?language=en&file=25213

  • De Hert P, Papakonstantinou V (2009) The data protection framework decision of 27 November 2008 regarding police and judicial cooperation in criminal matters – a modest achievement however not the improvement some have hoped for. Comput Law Secur Rev 25:403–414

    Article  Google Scholar 

  • Gialuz M (2009) La cooperazione informativa quale motore del sistema europeo di sicurezza. In: Peroni F, Gialuz M (eds) Cooperazione informativa e giustizia penale nell’Unione europea. Edizione Università di Trieste, Trieste, pp 15–33

    Google Scholar 

  • Gutwirth S, De Hert P (2008) Regulating profiling in a democratic constitutional state. In: Hildebrandt M, Gutwirth S (eds) Profiling the European Citizen. Springer, pp 271–293

    Chapter  Google Scholar 

  • Hijmans H (2006) The European data protection supervisor: the institutions of the EC controlled by an independent authority. CMLR 43:1313–1342

    Google Scholar 

  • Hijmans H, Scirocco A (2009) Shortcomings in EU data protection in the third pillar and the second pillars. Can the Lisbon Treaty be expected to help? CMLR 46:1485–1525

    Google Scholar 

  • Hustinx P (2010) Editorial. Eucrim 1:1

    Google Scholar 

  • Kosta E, Coudert F, Dumortier J (2007) Data protection in the third pillar: in the aftermath of the ECJ decision on PNR data and the data retention directive. BILETA, 2007 Annual Conference, Hertfordshire 16–17 April: 1–12

    Google Scholar 

  • Mitsilegas V (2009) EU criminal law. Hart Publishing, Oxford and Portland, Oregon

    Google Scholar 

  • Reding V (2010) Data protection in the EU – challenges ahead. Eucrim 1:25–30

    Google Scholar 

  • Reding V (2011) The upcoming data protection reform for the European Union. Int Data Privacy Law 1:3–5

    Article  Google Scholar 

  • Scirocco A (2008) The Lisbon Treaty and the protection of personal data in the European Union. Digital magazine Dataprotectionreview.eu. “Experts opinion”:1. http://www.dataprotectionreview.eu/

Download references

Author information

Authors and Affiliations

  1. Department “Seminario giuridico”, University of Catania, Via Gallo No. 24, Catania, Italy

    Rosanna Belfiore

Authors
  1. Rosanna Belfiore
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rosanna Belfiore .

Editor information

Editors and Affiliations

  1. , Department of Public Law "T. Martines", University of Messina, Piazza Pugliatti 1, Messina, 98100, Messina, Italy

    Stefano Ruggeri

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Belfiore, R. (2013). The Protection of Personal Data Processed Within the Framework of Police and Judicial Cooperation in Criminal Matters. In: Ruggeri, S. (eds) Transnational Inquiries and the Protection of Fundamental Rights in Criminal Proceedings. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32012-5_24

Download citation

Publish with us

Policies and ethics

Search

Navigation