Support Our Work Mailing list About / Contact
  • Home /
  • Observatories /
  • EU: Observatory on data protection and law enforcement agencies

EU: Observatory on data protection and law enforcement agencies

New ECJ ruling on data retention: Preservation of civil rights even in difficult times! (Freegroup, link) by Peter Schaar:

"The European Court of Justice has made a Christmas present to more than 500 million EU citizens. With its new judgment on data retention (C-203/15 of 21 December 2016) – the highest court of the European Union stresses the importance of fundamental rights. All Member States are required to respect the rights represented in the European Charter of Fundamental Rights in their national legislation. The ECJ issued an important signal that can hardly be surmounted taking into account the current political discussions on internal and external threats and the strengthening of authoritarian political currents providing the public with simplistic answers to difficult questions."

And: Data retention and national law: the ECJ ruling in Joined Cases C-203/15 and C-698/15 Tele2 and Watson (Grand Chamber) (EU Law Analysis, link):

"Today's judgment in these important cases concerns the acceptability from a human rights perspective of national data retention legislation maintained even after the striking down of the Data Retention Directive in Digital Rights Ireland (Case C-293/12 and 594/12) (“DRI”) for being a disproportionate interference with the rights contained in Articles 7 and 8 EU Charter of Fundamental Rights (EUCFR)."

Background: : The Members States may not impose a general obligation to retain data on providers of electronic communications services (Press release, pdf) and Full-text of CJEU judgment (pdf)

EU: DATA PROTECTION DIRECTIVE: Law enforcement agencies: Council of the European Union: Proposal for a Directive of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties and the free movement of such data (LIMITE doc no: 12643-rev-1-15, pdf) Outcome of Proceedings, 90 pages, with 129 Member State positions.

EU: "FREE MOVEMENT OF [LEA] DATA": Council of the European Union developing its negotiating position on the: Proposed Directive on the exchange of personal data between law enforcement agencies (LEAs) in the EU:

- Proposal for a Directive on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data (LIMITE doc no: 10335-15, pdf) 149 pages with 629 Member State position/amendments: "All changes made to the original Commission proposal are underlined text, or, where text has been deleted, indicated by (…). Where existing text has been moved, this text is indicated in italics. The most recent changes are marked in bold underlining."

- Chapters I, II and V (LIMITE doc no: 10133-15, 63 pages, pdf) Chapter 1: General, Chapter II: Principles and Chapter V: Transferring of personal data to third countries or international organisations. With 219 very detailed Member State positions/amendments including:

"DE, supported by FI, wanted it to be possible to transfer data to private bodies/entities, for cybercrime this was important. NL, SE and SI agreed with DE on the need for a solution on transfer to private parties in third countries...."

- Discussion on questions suggested by the Presidency (LIMITE doc no: 10208-15, pdf)

LEAs PERSONAL DATA EXCHANGE: Proposal for a Directive on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data - Chapters I and II (LIMITE doc no 7740-15, pdf) Council developing its negotiating position with 184 Member State positions/footnotes) significant points: Chapter I: General provisions and Chapter II Principles.

EU: Council of the European Union: New Directive on the "Free movement" of personal data between law enforcement agencies

Proposal for a Directive of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data (LIMITE doc no 15391-14,145 pages, pdf) With 615 Member State positions

EU: LEAs personal data exchange between Member States: Council of the European Union: Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data - Chapters I, II and V (LIMITE doc no: 15659-rev1-14, 71 pages, pdf): Major revisions to the Council's negotiating position.with 264 Member State reservations and comments. Including trying to define what role the police and their specialist units play in "internal security" which is the province of internal security and intelligence agencies::

"This Directive lays down the rules relating to the protection of individuals with regard to the processing of personal data by competent (…) authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties as well as by the police or other law-enforcement services for the purposes of maintaining law and order and the safeguarding of internal security." (14105/14).[emphasis in original] and

"take on board the above-mentioned German suggestion, with the need to better clarify what the wording "law and order" is meant to include/exclude and in particular, as far as the concept of "internal security" is concerned, in order to avoid overlapping with tasks assigned to intelligence services in order to protect the security of the State from internal threats."

EU: Council of the European Union: LEAs PERSONAL DATA EXCHANGE: Transfers to non-EU states and agencies: Directive on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data - Chapter V (LIMITE doc no: 14356-14, pdf) Highlights the divergent purposes of this Directive: is it for "the protection of individuals" or to ensure the widest possible access for law enforcement agencies?

EU: Council of the European Union: LEA data exchange

LEAs EXCHANGE OF PERSONAL DATA BETWEEN EU STATES:Proposal for a Directive on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data (doc no: 11109-14, Limite, pdf) The Council developing its position - 606 Member State reservations or comments.

EU: DATA PROTECTION DIRECTIVE ON LEA DATA EXCHANGE: Latest "state of play" in the Council of the European Union: Working Party on Information Exchange and Data Protection: Discussions on its negotiating position regarding the Directive for Member State law enforcement agencies exchanging data and intelligence:

- Draft Council position: 11624-rev1-13 (88 pages, pdf) Council Presidency report on re-drafting of the Council's position with Member State positions

- Compilation of Member State responses to the above Council Presidency draft (14901-rev-2-13, 121 pages, pdf) With the positions of: Germany, Spain, Croatia, Italy, Hungary, Austria, Romania, Finland and Switzerland (This is a Mixed Committee proposal) and Sweden's position (14901-add5-13, pdf) 5 pages

- UK position (14901-add-4-13, pdf) 17 pages. The UK "opposes" or strongly opposes eight points in the Commission proposal and the supports the "removal" of 21 points in the Commission proposal. The UK proposes or opposes a large number of proposals for rights of access and mechanism for accountability. In general the UK feels that: "the text does not reflect the move towards privatisation of law enforcement activity".

- Commission proposal: Proposal for a Directive on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data (COM 10-12, pdf)

NEW DIRECTIVE ON DATA PROTECTION AND LEAs: DRAFT REPORT: on the proposal for a directive of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data (COM(2012)0010 – C7-0024/2012 – 2012/0010(COD)) Committee on Civil Liberties, Justice and Home Affairs: Rapporteur: Dimitrios Droutsas (pdf)

See: Commission proposal: Proposal for a Directive on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data (pdf)

EU: DATA PROTECTION AND LAW ENFORCEMENT AGENCIES: European Commission draft out for Inter-service consultation: Proposal for a Directive on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of crime (pdf). See also: Council Framework Decision on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters (pdf) the highly criticised measure which covers the exchange of personal data between EU Member States law enforcement agencies

The complete the Draft package of three proposals out for Inter-service consultation within the Commission:

2. Proposal for Proposal for a Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (pdf)

3. Communication Communication: Safeguarding Privacy in a Connected World A European Data Protection Framework for the 21st Century (pdf)

EU: DATA PROTECTION AND LAW ENFORCEMENT AGENCIES: European Commission draft out of Inter-service consultation: Proposal for a Directive on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of crime (pdf). See also: Council Framework Decision on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters (pdf) the highly criticised measure which covers the exchange of personal data between EU Member States law enforcement agencies

EU: DATA PROTECTION REVIEW: INCLUDING THE "FREE MOVEMENT" OF LAW ENFORCEMENT DATA: European Commission: Proposal for Proposal for a Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (pdf) This is intended to be a substantial review of data protection and is now out in the Commission for Inter-Service consultation. In fact it contains two proposals:

- a Regulation on the processing of personal data (replacing the 1995 Directive)

- and a "Directive of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data (Police and Criminal Justice Data Protection Directive)."

The Commission cites the almost universally criticised Framework Decision 2008/977/JHA for the protection of personal data in the areas of police co-operation and judicial co-operation in criminal matters as a precedent for a new measure. In 2008 the European Parliament - which was only "consulted" - voted overwhelmingly, 556 in favour to 90 against and 19 abstentions, to reiterate - for the third time - substantial amendments to the proposed Framework Decision on the transfer of personal data in police and judicial matters. See Statewatch's Observatory on data protection in police and judicial matters (2005-2008)


2005-2008

 

EU: European Parliament: Combatting terrorism/Protection of personal data: MEPs underline freedom of expression (Press release) and Resolution on the draft Council Framework Decision on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters (pdf). The parliament voted overwhelmingly, 556 in favour to 90 against and 19 abstentions, to reiterate - for the third time - substantial amendments to the proposed Framework Decision on the transfer of personal data in police and judicial matters.

EU-US: Final Report by EU-US High Level Contact Group on information sharing and privacy and personal data protection (pdf) This report was presented at the EU-US Summit on 12 June 2008. The High Level Group was set up on 6 November 2006 with the brief to conduct: !discussions on privacy and personal data protection in the context of the exchange of information for law enforcement purposes as part of a wider reflection between the EU and the U.S. on how best to prevent and fight terrorism and serious transnational crime." Tony Bunyan, Statewatch editor, comments: "In fact the scope would cover "any criminal offence" however minor. There is no guarantee EU citizens will be informed that data and information on them has been transferred to the USA or to which agencies it has been passed or give them the right to correct it. Moreover, the agreement would apply to individual requests and automated mass transfers and allow the USA to give the data to any third state "if permitted under its domestic law". It would be good to say that the USA must guarantee the same rights to people when personal information is transferred between EU states but this would be meaningless as the Council is about to adopt a Framework Decision which gives individuals few if any protections against misuse and abuse."

The Council of the European Union is about to adopt a: Council Framework Decision on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters (pdf) covering the transfer of personal data and information/intelligence between EU member states. The Council has simply ignored all the criticisms of the measure from the European Parliament, the European Data Protection Supervisor, the Article 29 Working Party on data protection and civil society.

EU-USA: NEGOTIATING AWAY EU DATA PROTECTION: The EU and USA are negotiating in a secret committee - High Level Contact Group - to come up with a proposal covering data protection in all future exchanges of personal data to the USA. To this end they are discussing: Data Protection principles for which common language has been developed (EU document, pdf).

Paul Rosenzweig, Deputy Assistant Secretary for Policy at the US DHS said, in November 2007, on the EU requirement that data can only be passed to third states whose laws passed the "adequacy" test guaranteeing equivalent rights:

"The EU should reconsider its decision to apply notions of adequacy to the critical area of law enforcement and public safety. Otherwise the EU runs the very real risk of turning itself into a self-imposed island, isolated from the very allies it needs" (Privacy and Security Law)

He is also opposed to the EU's draft Framework Decision on data protection in police and criminal matters (covering the exchange of personal data within the EU), on this:

"The draft seeks to apply the same tired, failed standards of adequacy that it has applied in its commercial laws." [EC Directive 95/46/EC)

The 1974 US Privacy Law gives no protection to non-US citizens, from the EU or elsewhere.

11 December 2007: Latest draft: EU doc no: 16069/07 (pdf)

7 November 2007: EU-DATA PROTECTION: Letter (pdf) and Comments from EU Data Protection authorities to the Portuguese Council Presidency on the draft Framework Decision on personal data in police and judicial issues (pdf) The Working Party on Police and Justice - nominated by the Conference of European Data Protection Authorities observes that:

" the European States committed themselves to fully complying with Council of Europe Convention 108 of 1981 whose binding principles also cover the activities in the police and law enforcement field. Those principles were subsequently complemented by the adoption by the Committee of Ministers of a specific Recommendation (R (87) 15) regulating the use of personal data in the police sector, and by two Additional Protocols... [and] it is especially urgent to ensure that the level of protection to be afforded should not be lower than that currently set out in the existing and binding legal instruments.

The WPPJ stresses that for certain aspects the current text of the proposal does not provide for the same level of protection as defined in Convention 108. This certainly seems to be the case with the provision on the further use of data received from a Member State (Articles 3 and 12) and the right of access (Article 17)."

These Articles concern proportionality and purpose and most crucially the fact the the individual will only have access to the data held on them (subject to many exceptions) if they make a formal request (Article 12) rather than being informed automatically that data on them is being processed and further transmitted.

Latest Draft of the Framework Decision on the protection of personal data in police and judicial matters (EU doc no: 14119/07, dated: 23 October 2007, pdf)

EU-DATA-PROTECTION: Observations of the European Data Protection Supervisor on the draft Framework Decision on data protection in police and judicial matters (pdf). The European Data Protection Supervisor notes that the Council has already decided on "two fundamental issues" - the scope and rules for handing data to third states - so here makes seven "technical points".

UPDATE: Latest draft of the Framework Decision on data protection in police and judicial matters: 11365/4/07 REV 4 (pdf)

Draft Framework Decision: EU doc no: 11365/3/07 REV 3, dated 12 October 2007, pdf) and a Council Presidency Note to the JHA Counsellors meeting on 15 October: EU doc no: 13818/07 (dated 12 October 2007, pdf). See story below.

EU-DATA PROTECTION: Draft Framework Decision on data protection in police and judicial matters, new draft: EU doc no 11365/2/07 REV 2 (pdf) and EU doc no: 13496/07 (pdf). The latter document sets out "five political questions" for decisions within the Council. These include inserting a clause saying that: "This Framework Decision is without prejudice to essential national security interests and specific intelligence activities in the field of national security." (Art 1.4). Apparently "all delegations" accept that this data protection measure should not cover security services dealing with national security. It is noted that there can be extensive exchanges between the security agencies and the police. Tony Bunyan, Statewatch editor, comments: "If the security agencies are not to be covered by this Framework Decision on data protection are they to be subject to another measure, or are they above the law?"

The draft, which has been "carefully crafted", also excludes law enforcement agencies when undertaking "intelligence activities in the field of national security" from the scope of the draft Framework Decision.

Another contentious provision is a watered down provision on "processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade-union membership and the processing of data concerning health or sex life". As the Council document notes the Commission proposal called for a strict "regime" (based on the Council of Europe Convention no 108) and laid down: "a general prohibition of the processing of this type of data." The Council's draft - mindful that their position will set a "standard": "which is likely be referred to in other contexts as well (e.g. PNR negotiations with third countries)" proposes a lower "standard": "when this is strictly necessary and when the domestic law provides adequate safeguards." .

Draft: EU doc no: 11365/1/07 REV 1 (dated 21 September 2007)

14 September: Update: EU doc no: 12154/2/07 REV 2 (dated 13 September 2007, pdf). It looks like the Council is heading for a "general agreement" on the text.

13 September: "Carte Blanche" for transferring personal data outside the EU: Proposal for a Council Framework Decision on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters - Agreement on certain questions (EU doc no: 12154/1/07 REV 1, pdf). This is to be discussed at the Justice and Home Affairs Council on 18 September 2007 in Brussels. It contains the same fudges as EU doc no: 12154/07, pdf) with the additional "compromise" that member states can transfer data outside the EU to third states or international organisations:

"by giving general (rather than on a case-by-case basis) consent for categories of law enforcement information or for specified third countries" (new Recital 12a)

This has replaced the reservations of "Some delegations" (EU doc 12154/07, above) who wanted prior consent to be obtain for any such transfer outside the EU. All existing national bilateral agreements with third states are to stay in place (at the insistence of the USA). The Council is proceeding on the drafting of this Framework Decision by continuing to ignore the views of the European Parliament, the European Data Protection Supervisor and the Article 29 Working Party (all national Data Protection Commissioners).

6 September 2007: Proposal for a Council Framework Decision on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters - Agreement on certain questions (EU doc no: 12154/07, pdf) Actually this document is about disagreements over the scope of the measure - with a "substantial number" of governments opposed to bringing national data protection processing within its scope. Thus it would only apply to cross-border exchanges of personal data.

Secondly, the transfer of personal data received from another member state to third states (eg: the USA). All existing national bilateral agreements with third states are to stay in place (at the insistence of the USA). "Some delegations" want prior consent to be obtain for any such transfer outside the EU. A draft Article 14 seems to set out principles, like "adequate standards of protection" in the third state but this can be ignored at member state level where the transfer concerns "legitimate prevailing interests, especially important public interest etc" and "safeguards" (undefined) are agreed.

Latest draft of the Framework Decision 11365/07 (dated 13 July 2007)

European Data Protection Supervisor (EDPS) blasts the Council's attitude to data protection and calls on the incoming Portuguese Council Presidency to take a different direction: Full-text of EDPS letter to incoming Council Presidency (pdf) and Press release (pdf). The EDPS, Peter Hustinx says:

"I fear that messages such as 'no right to privacy until life and security are guaranteed' are developing into a mantra suggesting that fundamental rights and freedoms are a luxury that security can not afford. I very much challenge that view and stress that there should be no doubt that effective anti-terror measures can be framed within the boundaries of data protection"

No agreement on the draft Framework Decision on data protection in police and judicial matters under German Council Presidency - who have put forward a set of "Conclusions" to be agreed: EU doc no: 10200/1/07 (dated 4 June 2007, pdf). These Conclusions note that two issues are outstanding: "the scope of application and the provisions governing the transfer of data to third countries." There is no indication at all the the Council intends to address the fundamental criticisms by the European Parliament, the European Data Protection Supervisor and the European Data Protection Authorities.

European Parliament's adopted 2nd report (dated 24.5.07, pdf) This proposes 60 amendments to what is termed "the Commission proposal" - in fact this is the completely re-drafted German Council Presidency version of March 2007 to which the Commission acceded (this therefore replaced its original proposal of October 2005).

In the meantime the German Council Presidency has produced a new document (EU doc no: 9732/07, dated 16 May 2007) to try and deal with two issues on which the Council (the 27 governments) are divided: First, the scope of the measure - should it only cover exchanges of personal data between member states or led to new national laws? This is the most convoluted and incomprehensible idea seen in many years.

And second, what rules should govern the passing of data outside the EU. The Presidency proposal further "waters down" rules on passing personal data outside the EU by saying that instead of these states having "adequate" protections (ie: in line with EU laws) we get "appropriate safeguards". All existing bilateral and multilateral (ie: EU) agreements with the USA are left untouched in the proposal.

11 May 2007: The Council's draft Framework Decision on data protection on police and judicial cooperation has come under further strong criticism from the European Data Protection Authorities meeting in Cyprus on 11 May: Declaration by the European Data Protection Authorities (pdf) They stress that: "the version of the draft framework decision as presented by the German Presidency on 13 March 2007 does not present a solid and high data protection regime and has neither taken on board our European data protection Authorities' Opinion issued on 24 January 2006 nor the EP's opinion from May 18, 2006."

2 May 2007: New Council Draft Framework Decision on data protection in police and judicial matters (EU doc no: 7315/1/07, dated 24 April 2007, pdf). This was produced prior to European Data Protection Supervisor (EDPS) damning report on the proposed Framework Decision on data protection in police and judicial matters (see below).

30 April 2007: EU-DATA PROTECTION: European Data Protection Supervisor (EDPS) issues damning report on the proposed Framework Decision on data protection in police and judicial matters. Peter Hustinx, the EDPS, "strongly advises the Council not to adopt the current proposals without significant improvements". Full-text of Third Opinion and Press release

Statewatch analysis (19 April 2007): The Revised Framework Decision

 

At the Article 36 Committee meeting on 22-23 March the German Council Presidency: "explained that the revised draft Framework Decision had taken into account the work of the MDG on the proposal but that it had decided to restrict the scope of the proposal to the exchange of data between Member States, thus excluding data processing at a domestic level."

EU: German Council Presidency produces new draft of the Framework Decision on data protection in police and judicial cooperation: EU doc no: 7315/07 (dated 13 March 2007). After a gap of three months, during which the German Presidency asked the European Commission to prepare a new draft proposal (see below), the Presidency has produced its own new, full draft.

The Commission submitted the proposal in October 2005, the European Data Protection Supervisor (EDPS) issued an Opinion in December 2005, the European Parliament agreed its report (with 60 amendments) in May 2006 and adopted it in September 2006, in November 2006 the EDPS issued a second critical Opinion and in December 2006 the European Parliament adopted a report saying that it intended to re-examine the issue as the Council had ignored its views. Between November 2005 and November 2006 the Council's Multidisciplinary Group on Organised Crime produced 29 reports - substantially changing the Commission proposal and ignoring the views of the EDPS and the European Parliament - without reaching agreement on the text.

 

Introduction

The EU is currently discussing a draft Framework Decision on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters.

 

The European Commission produced a draft proposal on 4 October 2005. The European Parliament finally adopted its report on 27 September - a "partial vote" in July voted through all 60 amendments agreed by the Committee on Civil Liberties (LIBE). On this issue the parliament is only "consulted" - which means that its views can be disregarded by the Council of the European Union (the 25 EU governments).

The Council has taken months looking at the Commission proposal and have changed it substantially in favour of "self-regulation" by the agencies and removing the rights of data subjects to information held on them and the possibility to correct it.

The proposal is being discussed in the Council by the Multidisciplinary Group on Organised Crime (MDG) whose primary interest is to ensure the greatest possible powers to exchange any and all data between all agencies - at the national, European and international levels - with the fewest possible obstacles created by data protection rights.

Lord Avebury (UK House of Lords Select Committee on the EU) will put it to the European Parliament on 3 October 2006 in the following terms, the MDG's: "primary interest is to make life difficult for criminals, not to have regard to the interests of data subjects" [The full-text of Lord Avebury's speech to the EP on data protection and the principle of availability (pdf)]

Peter Hustinx, the European Data Protection Supervisor, expressed similar concerns to the UK House of Lords Select Committee on the EU inquiry (Behind Closed Doors, see below), discussions he said were progressing very slowly, partly because: "national delegations tend to come from law enforcement areas which, up to now, largely prefer to ignore data protection”.

The legitimacy of the decision-making process is also of concern on such an important issue. The European Parliament only has powers of "consultation" nevertheless it adopted a report with 60 amendments to strengthen the Commission's proposal - a final vote was delayed from July until September in the hope that the incoming Finnish Council Presidency would be "willing to take into account Parliament's demands", there is little evidence that it has done so. If the final version agreed within the Council is substantially different from that put forward by the Commission the parliament can insist that it is consulted again - unless it does there will be no time at all for a debate in parliaments and outside.

Tony Bunyan, Statewatch editor, comments:

"This is going to be a momentous decision affecting existing national laws on data protection, and the exchange of data within the EU and around the globe. It is also going to the the foundation of the right of data protection in a host of planned and future EU measures, including the new Schengen Information System (SIS II).

The Commission draft proposal is being substantially re-written by the Council's Multidisciplinary Group on Organised Crime including removing the rights of data subjects and obstacles to the passing of data to third countries outside the EU.

Until the Council finishes its so-called "second reading" the final text will not been known - when they are intending to simply "nod" it through. If it does so without the opportunity for national and European parliaments and civil society to express their views it will utterly lack legitimacy"

Key documents (latest first)

Council of the European Union

 

- Measure as prepared for adoption: Council Framework Decision on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters (24 June 2008, pdf)

- European Parliament: 2nd consultation response: Report on the proposal for a Council Framework Decision on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters (renewed consultation) Committee on Civil Liberties, Justice and Home Affairs: Rapporteur: Martine Roure (24 May 2008)

- Draft: 11 December 2007: Latest draft: EU doc no: 16069/07 (pdf)

- Draft: 14119/07, dated: 23 October 2007

- : Observations of the European Data Protection Supervisor (EU doc: 14043/07)

- Draft: 11365/4/07 REV 4 (16 October 2007)

- EU doc no: 11365/3/07 REV 3, (dated 12 October 2007)

- Council Presidency Note to the JHA Counsellors meeting on 15 October: EU doc no: 13818/07 (dated 12 October 2007).

- EU doc no: 13496/07 (dated 9 October 2007, pdf).

- EU doc no 11365/2/07 REV 2 (dated 1 October 2007, pdf)

- Draft: EU doc no: 11365/1/07 REV 1 (dated 21 September 2007)

- Update: EU doc no: 12154/2/07 REV 2 (dated 13 September 2007)

- Latest compromises: 12154/1/07 REV 1 (dated 11 September 2007)

- Latest compromises: EU doc no: 12154/07 (dated 4 September 2007)

- Draft: EU doc no: 11365/07 (dated 13 July 2007)

- Draft: EU doc no: 7315 rev 2 (dated 6 June 2007).

- Presidency adopted Conclusions: EU doc no: 10200/1/07 (dated 4 June 2007)

- Presidency Note: EU doc no: 9732/07, (dated 16 May 2007)

- Presidency new draft of the Framework Decision: EU doc no: 7315/1/07 (dated 24 April 2007)

- Presidency new draft of the Framework Decision: EU doc no: 7315/07 (dated 13 March 2007)

- Note for discussion at the Article 36 Committee on 25-26 January: EU doc no: 5435/07 (pdf)

- 15431/1/06 Questions on scope to the Council, dated 22 November 2006

- 13246/5/06 Draft as at 22 November 2006 - still with reservations by member states and with a number of outstanding questions within the Council (see 15431/06 below)

- 13246/4/06 Draft as at 17 November 2006 - with a number of outstanding questions within the Council (see 15431/06 below)

- 15431/06 Questions on scope to the Council, dated 17 November 2006

- 13246/3/06 Draft as at 13 November 2006

- 13918/1/06, dated 31 October 2006. Question of scope being put to COREPER - domestic law as well as cross-border exchanges?

- 13246/2/06, dated 25 October 2006: Full draft. Contains revisions by the Presidency and puts substantial issues to the Articles 36 Committee meeting on 10 November.

- 13918/06, dated 13 October 2006: Question on scope: Note to Article 36 Committee on the draft Framework Decision should cover only exchanges between member states (international) or domestic (national) processing as well. Six member states "have expressed doubts" as the measure covering domestic processing - Switzerland, Czech Republic, Denmark, Ireland, Sweden and UK.

- 13958/06, dated 16 October 2006: List provided by the General Secretariat of the Council on data protection provisions in other third pillar instruments. It does not cover the Schengen agreement whose provisions are stricter than the draft proposal. Most importantly, provisions in all other measures and proposals which refer to the Council of Europe Convention 1981 and Recommendation (87) 15 on the use of personal data in the police sector would automatically be replaced by the new DPFD (see Recital 25) - which, on the evidence of the current Council draft, will set far lower standards for those member states who sought to implement CoE standards.

- 13246/1/06 REV1, 9 October 2006. It will be seen in the introduction (p2, pt 4) that the draft "departs from the point of view that the FD will also be applicable to domestic data processing"

- 13246/06, dated 27 September 2006. Full-text of the Council's current draft. First six pages set out issues for the Multidisciplinary Group on Organised Crime to discuss as the Council starts its "second reading"

- 12294/06, dated 19 September 2006 - "Issues paper"

- 12432/06 - Questions on scope, 6 September 2006

- 11547/3/06 Full-text of the Council's draft at 13 September 2006

"At the meetings of the MDG - Mixed Committee of 8 February, 9 and 31 March, 25 April and 19 May 2006 the first two chapters were discussed in-depth. At the meetings of 20 June, 7 and 25 July 2006, Chapter III was discussed. At the meeting of 4 September 2006, Chapters IV and V were discussed. Delegations are invited to discuss of Chapters VI, VII and VIII."

- 11547/2/06 Full-text of the Council's draft at 24 August 2006

- 11547/06 Full-text of the Council's draft at 13 July 2006

- 8175/2/06 - Information on state of play of discussions, 25 April 2006

- 8175/1/06 - Information on state of play of discussions, 24 April 2006

- 8175/06 Scope: application to processing of data in a purely domestic context, 6 April 2006

- 6450/5/06 Full-text of the Council's draft at 23 June 2006

- 6450/4/06 Full-text of the Council's draft at 7 July 2006

- 6450/3/06 Full-text of the Council's draft at 11 May 2006

"At the meetings of the MDG - Mixed Committee of 8 February, 9 and 31 March, 25 April and 19 May 2006 the first two chapters were discussed in-depth. Further to those discussions the Presidency has amended the text of the relevant provisions of Chapter II, which has a pivotal position in the draft Framework Decision." (emphasis added)

- 6450/2/06 Full-text of the Council's draft at 19 April 2006

- 6450/1/06 Full-text of the Council's draft at 23 March 2006

- 6450/06 Full-text of the Council's draft at 28 February 2006

- 5485/06 Discussion of issues, 23 January 2006

- 5193/06 Changes to the preamble ("Recitals"), 11 January 2006

- 15554/05 Discussion of issues: 21 December 2005

- 14326/05 Discussion of issues: 15 November 2005

The final report issued by the Council's Information Systems and Data Protection Working Party in April 2001 (it met between 1998-2001) - the Working Party was formally abolished in 2002:

- Draft Resolution on the personal data protection rules in instruments under the third pillar of the European Union (6316/2/01)

European Parliament

1. European Parliament's adopted 2nd report, 24 May 2007

2. Report formally adopted on 27 September 2007

3. Report dated 18 May 2006

European Commission

1. Proposal for a Council Framework Decision on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters COM(2005) 475 final, 4.10.05

2. Commission Staff working document: SEC(2005) 1241: Annex to the: Proposal for a Council Framework Decision on the protection of personal data processed in the framework of police and judicial co-operation in criminal matters IMPACT ASSESSMENT

European Data Protection Supervisor

1. Full-text of EDPS letter to incoming Council Presidency (12 June 2007) and Press release .

2. Third Opinion of the EDPS 30 April 2007

3. Second Opinion of the European Data Protection Supervisor on the Proposal for a Council Framework Decision on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters (COM (2005) 475 final) 29 November 2006 (pdf)

4. Opinion of the European Data Protection Supervisor on the Proposal for a Council Framework Decision on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters (COM (2005) 475 final) 19 December 2005

Opinion of European data protection authorities

1. European Data Protection Authorities meeting in Cyprus on 11 May 2007: Declaration by the European Data Protection Authorities

2. Conference of European Data Protection Authorities, Brussels, 24 January 2006

3. Declaration adopted at the Conference of European Data Protection Authorities in Budapest from 24 to 25 April 2006

4. Declaration by the European Data Protection Authorities, 2 November 2006

5. EU-Data protection: The Council of Europe: Consultative Committee of the Convention for the Protection of Individuals with regard to automatic processing of personal data (T-PD) (pdf) The Committee is concerned about transfers of data to third states and that "the legal basis for future treaties with third countries that do not have an adequate level of protection should be clarified". The Committee also believes - like the European Parliament, the EU Data Protection Authorities and the European Data Protection Supervisor - that the proposed Framework Decision on data protection in police and judicial matters should cover exchanges between states and national law in each member states so that two different sets of rules are not in place. (March 2007)

National parliaments

UK: House of Commons: The Select Committee on European Scrutiny has so far discussed the measure on three occasions: 27 July 2006 (link), 11 January 2006 (link) and 16 November 2005 (link)

UK: House of Lords: Select Committee on the European Union: Its report "Behind Closed Doors" covers the proposed Framework Decision and includes evidence from the European Data Protection Supervisor: Behind Closed Doors (pdf)

Civil society reactions

1. Statewatch analysis: EU data protection in police and judicial cooperation matters: Rights of suspects and defendants under attack by law enforcement demands (October 2006)

2. Statewatch analysis (19 April 2007): The Revised Framework Decision

1995 Directive on data protection

1. Directive 95/46/ECon the protection and processing of personal data ("first pillar", including immigration)
2. First, and only report, produced by the Commission on the implementaion of 95/46/EC, 15.5.03.
2a. Extract from above report on the major shortcomings of resources and compliance
3. Technical annexe to Commission report on implementation above
4. Letter from the USA to the EU Article 29 working party on data protection concerning the implementation report, xx August 2002
5. EU policy “putsch”: Data protection handed to the DG for “law, order and security”

 

Spotted an error? If you've spotted a problem with this page, just click once to let us know.

Report error

Statewatch does not have a corporate view, nor does it seek to create one, the views expressed are those of the author. Statewatch is not responsible for the content of external websites and inclusion of a link does not constitute an endorsement. Registered UK charity number: 1154784. Registered UK company number: 08480724. Registered company name: The Libertarian Research & Education Trust. Registered office: MayDay Rooms, 88 Fleet Street, London EC4Y 1DH. © Statewatch ISSN 1756-851X. Personal usage as private individuals "fair dealing" is allowed. We also welcome links to material on our site. Usage by those working for organisations is allowed only if the organisation holds an appropriate licence from the relevant reprographic rights organisation (eg: Copyright Licensing Agency in the UK) with such usage being subject to the terms and conditions of that licence and to local copyright law.

About | Contact | Privacy Policy