Directive (EU) 2016/680 of the European Parliament and of the Council (2) provides for harmonised rules for the protection and the free movement of personal data processed for the purposes of the prevention, investigation, detection or prosecution of criminal offences or execution of criminal penalties, including the safeguarding against, and the prevention of threats to public security. In accordance with that Directive, Member States should process personal data in a manner that ensures the appropriate security of the personal data. That Directive also requires the Commission to review other relevant legal acts adopted by the Union in order to assess the need to align them with that Directive and to make, where appropriate, the necessary proposals to amend those acts to ensure a consistent approach to the protection of personal data within the scope of that Directive.
(2)
Council Decision 2005/671/JHA (3) lays down specific rules on the exchange of information and cooperation concerning terrorist offences. In order to ensure a consistent approach to the protection of personal data in the Union, that Decision should be amended in order to align it with Directive (EU) 2016/680. In particular, that Decision should specify, in a manner that is consistent with Directive (EU) 2016/680, the purpose of the processing of personal data and indicate the categories of personal data that can be exchanged, in accordance with the requirements of Article 8(2) of Directive (EU) 2016/680, taking due account of the operational needs of the authorities concerned.
(3)
In the interest of clarity, the references contained in Decision 2005/671/JHA to the legal instruments governing the operation of the European Union Agency for Law Enforcement Cooperation (Europol) should be updated.
(4)
The application of Decision 2005/671/JHA, which involves the processing, including the exchange and subsequent use, of information concerning terrorist offences, involves the processing of personal data. In the interests of consistency and of the effective protection of such personal data, it is important that the processing of personal data carried out under Decision 2005/671/JHA comply with Union law, including with the rules set out in Directive (EU) 2016/680, and be in accordance with the security requirements, safeguards and data protection guarantees set out in other instruments of Union law that contain provisions on data protection, including Regulations (EU) 2016/794 (4) and (EU) 2018/1725 (5) of the European Parliament and of the Council, as well as national law.
(5)
In accordance with Article 6a of Protocol No 21 on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, as annexed to the Treaty on European Union (TEU) and the Treaty on the Functioning of the European Union (TFEU), Ireland is not bound by the rules laid down in this Directive which relate to the processing of personal data by the Member States when carrying out activities which fall within the scope of Chapter 4 or Chapter 5 of Title V of Part Three of the TFEU where Ireland is not bound by the rules governing the forms of judicial cooperation in criminal matters or police cooperation which require compliance with the provisions laid down on the basis of Article 16 TFEU.
(6)
In accordance with Articles 2 and 2a of Protocol No 22 on the Position of Denmark, as annexed to the TEU and to the TFEU, Denmark is not bound by, or subject to the application of, the rules laid down in this Directive which relate to the processing of personal data by the Member States when carrying out activities which fall within the scope of Chapter 4 or Chapter 5 of Title V of Part Three of the TFEU.
(7)
The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 and delivered an opinion on 25 January 2022,