EDPS stresses again need for a comprehensive European data protection agreement with no exceptions for law enforcement

Speaking at a high-level Roundtable Discussion on the “Future of Personal Data Protection” in Brussels on the 5th of October, the EDPS said that such a framework agreement should be “an overarching instrument applying to data processing in all sectors and policy areas of the Union, ensuring an integrated approach as well as a seamless, consisted and effective protection of personal data”. He gave the following arguments to support this approach:

  • The right to privacy and the protection of personal data are inherently general in scope and do not depend on policy sector involved. This general scope is even more evident after entering into force of Lisbon Treaty (see Articles 7-8 Charter and Article 16 TFEU).
  • The first ECJ judgments on Directive 95/46 (Rechnungshof and Lindqvist) made it clear that its scope is general and only subject to explicit exceptions in Article 3(2). However, the current exception for “police and justice” is not in line with the Lisbon Treaty. The inclusion of “police and justice” in the general framework is instead a necessary consequence of Article 16 TFEU, requiring protection by EU law for all processing of personal data (including domestic processing in police and justice sector).
  • The horizontal approach is also very beneficial in practice. Interactions between public and private sector for law enforcement are increasingly relevant (e.g. airlines, banks, telecom). Some law enforcement (e.g. anti-fraud, immigration, customs) is now covered by Directive 95/46. Coherent approach would therefore result in better data protection and more consistency, also for law enforcement
  • The horizontal approach is also very beneficial in practice. Interactions between public and private sector for law enforcement are increasingly relevant (e.g. airlines, banks, telecom). Some law enforcement (e.g. anti-fraud, immigration, customs) is now covered by Directive 95/46. Coherent approach would therefore result in better data protection and more consistency, also for law enforcement.
  • All principles should be applied with due regard for the specificities of a sector (e.g. health, banking). No reason for separate treatment of law enforcement. The need for exceptions may exist everywhere and is already covered. Declaration 21 can thus be respected within one single comprehensive framework.
  • The need for further rules should be addressed, either in general or specific instrument (see e-Privacy directive). This might lead to a “layered landscape”. However, the general instrument should be leading and apply to all sectors.
  • Existing rules for police and justice, or for specific bodies, should not be excluded from review, even if they represent some of the “best practices” in the field. If general rules are to be modernized to ensure more effective protection, these rules should apply generally, unless specific exceptions are justified.
  • The need for “seamless, consistent and effective protection of personal data” also applies to arrangements for independent supervision. The current fragmentation at EU level in this field should therefore also be part of the review.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: