Legal provisions of COM(2016)213 - Communication to EP on the Council's position on a Directive on protection of personal data with regard to prevent, investigate, detect or prosecut criminal offences - Main contents
Please note
This page contains a limited version of this dossier in the EU Monitor.
| dossier | COM(2016)213 - Communication to EP on the Council's position on a Directive on protection of personal data with regard to prevent, ... |
|---|---|
| document | COM(2016)213  |
| date | April 11, 2016 |
Brussels, 11.4.2016
COM(2016) 213 final
2012/0010(COD)
COMMUNICATION FROM THE COMMISSION
TO THE EUROPEAN PARLIAMENT
pursuant to Article 294(6) of the Treaty on the Functioning of the European Union
concerning the
position of the Council on the adoption of a Directive of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data,
and repealing Council Framework Decision 2008/977/JHA
2012/0010 (COD)
COMMUNICATION FROM THE COMMISSION
TO THE EUROPEAN PARLIAMENT
pursuant to Article 294(6) of the Treaty on the Functioning of the European Union
concerning the
position of the Council on the adoption of a Directive of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data,
and repealing Council Framework Decision 2008/977/JHA
1. Background
| Date of transmission of the proposal to the European Parliament and to the Council (document COM(2012) 10 final – 2012/0010 COD): | 25 January 2012 |
| Date of the position of the European Parliament, first reading: | 12 March 2014 |
| Date of transmission of the amended proposal: | N/A |
| Date of adoption of the position of the Council: | 8 April 2016 |
2. Objective of the proposal from the Commission
The Data Protection Directive for police and criminal justice authorities forms part of a Data Protection Reform package proposed by the Commission, which also comprises a General Data Protection Regulation.
The data protection reform package aims to build a modern, strong, consistent and comprehensive data protection framework for the European Union. It will benefit individuals by strengthening their fundamental rights and freedoms with respect to processing of personal data and their trust in the digital environment.
Council Framework Decision 2008/977/JHA of 27 November 2008 on the protection of personal data processed in the framework of police and judicial co-operation in criminal matters applies in the areas of judicial co-operation in criminal matters and police co-operation which pre-dates the entry into force of the Lisbon Treaty. The Commission had – until 30 November 2014 – no powers to enforce its rules, as it is a Framework Decision, and this has contributed to uneven implementation. In addition, the scope of the Framework Decision is limited to cross-border processing activities. This means that the processing of personal data that has not been made subject to exchanges between Member States is currently not covered by EU rules governing such processing and protecting the fundamental right to data protection. This also creates, in some cases, practical difficulties for police and other authorities for whom it may not be obvious whether data processing is to be purely domestic or cross-border; or to foresee whether domestic data might become the object of a subsequent cross-border exchange.
Ensuring a consistent and high level of protection of the personal data of individuals and facilitating the exchange of personal data between competent authorities of Member States is crucial in order to ensure effective judicial co-operation in criminal matters and police cooperation. To that aim, the level of protection of the rights and freedoms of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties must be equivalent in all Member States. Effective protection of personal data throughout the Union requires strengthening the rights of data subjects and the obligations of those who process personal data, but also equivalent powers for monitoring and ensuring compliance with the rules for the protection of personal data in Member States.
The Directive will enable law enforcement and judicial authorities to cooperate more effectively and rapidly with each other. It builds confidence and ensures legal certainty.
3. Comments on the position of the Council
The position of the Council reflects the political agreement reached between the European Parliament and the Council in informal trilogues on 15 December 2015, subsequently endorsed by the Council on 8 April 2016.
The Commission supports this agreement since it is in keeping with the objectives of the Commission proposal.
The agreement maintains the overall objective to ensure a high level of protection of personal data in the field of police and judicial cooperation in criminal matters and to facilitate exchanges of personal data between Member States' police and judicial authorities, by applying harmonised rules also to data processing operations at the domestic level. It preserves the application of the general data protection principles to police cooperation and judicial cooperation in criminal matters, while respecting the specific nature of these fields.
The agreement clarifies the material scope of the Directive by specifying that the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties include the 'safeguarding against and the prevention of threats to public security'. The agreement also includes certain private entities in the notion of competent authorities but such possibility is strictly limited to entities entrusted by national law to perform public authority or public powers for the purposes of the Directive. Given the practice in Member States to outsource to the private sector some defined activities previously conducted only by the State (e.g. privately run prisons) such possibility introduces a degree of flexibility in the Directive allowing it to adjust to a changing environment.
The agreement also provides for minimum harmonised criteria and conditions on possible limitations to the general rules. This concerns, in particular, the rights of individuals to be informed when police and judicial authorities handle or access their data. Such limitations are necessary for the effective prevention, investigation, detection or prosecution of criminal offences. It also establishes specific rules to cover the specific nature of law enforcement activities, including a distinction between different categories of data subjects whose rights may vary (such as witnesses and suspects).
The agreement strengthens the risk based approach by providing for the new obligation of the controller to carry out, in certain circumstances, a data protection impact assessment while maintaining the obligations related to data protection by design and by default and to the designation of a data protection officer.
The agreement sets outs the rules for international transfers to third countries by authorities competent for the purposes of the Directive to such authorities, while providing also for the possibility of transfers to private bodies, subject to a number of specific conditions.
4. Conclusion
The Commission supports the results of the inter-institutional negotiations and can therefore accept the Council's position at first reading.