Nothing Special   »   [go: up one dir, main page]

Skip to main content

The Right of Access Under the Police Directive: Small Steps Forward

  • Conference paper
  • First Online:
Privacy Technologies and Policy (APF 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11079))

Included in the following conference series:

Abstract

The present article sets out to examine the right of access under Directive 2016/680, which regulates the processing of personal data by EU Member States’ law enforcement authorities. The article analyses in detail the provisions on the right of access. More precisely, it looks at whether the right provides for sufficient transparency towards the data subject and whether its scope allows for a harmonized data protection across the law enforcement sector in the EU. The article concludes that while the provisions on the right of access make a significant step towards more transparency, they also suffer from deficiencies. Also, the limited scope of the Directive takes away from the harmonization attempts.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Article 59 Directive 2016/680.

  2. 2.

    Compare Article 2 Directive 2016/680 and Article 1 2008 Framework Decision.

  3. 3.

    Recital 21 Council Decision SIS II.

  4. 4.

    Article 13 (1) EU PNR Directive.

  5. 5.

    Recital 9 VIS Council Decision.

  6. 6.

    Recital 39 EURODAC Regulation.

  7. 7.

    E.g. Article 58 Council Decision SIS II.

  8. 8.

    Article 8 (b) Council of Europe Convention 108 for the Protection of Individuals with regard to Automatic Processing of Personal Data, Strasbourg, 28.01.1981.

  9. 9.

    ECtHR, Gaskin v the United Kingdom, Application no. 10454/83, 07. 07. 1989. In casu, obtaining information about claimed abuse while in foster care.

  10. 10.

    ECtHR, Khelili v Switzerland, Application no 16188/07, 18 October 2011 (discussed below).

  11. 11.

    ECtHR, Segerstedt-Wiberg and Others v. Sweden, Application no. 62332/00, 6.06.2006; ECtHR, Amann v Switzerland, Application no. 27798/95, 16 February 2000.

  12. 12.

    CJEU, C-553/07, College van burgemeester en wethouders van Rotterdam v M.E. E. Rijkeboer, 7.05.2009 (Hereinafter “Rijkeboer”), Opinion of the Advocate General Ruiz-Jarabo Colomer, 22.12.2008, par. 33 and 34. In Rijkeboer, the applicant requested the College van burgemeester en wethouders van Rotterdam to inform him of the recipients to which it had transferred data relating to him, especially his address, in the two years preceding the request. The College provided the requested information only as regards the disclosure of the data one year prior to the request, the rest was automatically deleted.

  13. 13.

    Ibid.

  14. 14.

    See also Joined cases C‑141/12 and C‑372/12, YS v Minister voor Immigratie, Inte- gratie en Asiel and Minister voor Immigratie, Integratie en Asiel v M (Hereinafter “YS”), 17.07.2014, par. 44.

  15. 15.

    Chapter III GDPR and Directive 2016/680.

  16. 16.

    Art 10 and 11 Directive 95/46/EC, Articles 13 and 14 GDPR, Article 13 Directive 2016/680.

  17. 17.

    CJEU, C-533/07, Rijkeboer, par. 54.

  18. 18.

    ECtHR, Khelili v Switzerland, Application no. 16188/07, 18 October 2011. The Court held in favour of the applicant, because “prostitute” was not deleted for a long time, the Swiss authorities gave contradictory statements as to whether the term “prostitute” was deleted, the police could not prove the accuracy of the data and that it had been rectified/deleted (a requirement under Swiss law), par. 68–71.

  19. 19.

    CJEU, C-434/16, Peter Nowak v Data Protection Commissioner, Opinion of Advocate General Kokott, 20.07.2017, par. 38–39. The case concerns the request for access to one’s exam scripts and the comments made by the examiners. The main question was whether exam scripts qualify as personal data.

  20. 20.

    Article 2 (1) Directive 2016/680.

  21. 21.

    Article 2 (3) (b) Directive 2016/680.

  22. 22.

    Article 2 (3) (a) Directive 2016/680.

  23. 23.

    Article 14 Directive 2016/680.

  24. 24.

    Article 17 (1) (a) 2008 Framework Decision.

  25. 25.

    Article 6 GDPR.

  26. 26.

    Article 8 (1) Directive 2016/680 j Article 1 (1) Directive 2016/680 (emphasis added).

  27. 27.

    Article 8 (2) Directive 2016/680.

  28. 28.

    Article 4 (2) Directive 2016/680. The provision is similar to the requirements in Article 8.

  29. 29.

    Article 13 Directive 2016/680. See by contrast Article 13 (3) GDPR.

  30. 30.

    Recital 43 Directive 2016/680. Note that the possibility to exercise the right “at reasonable intervals” is not mentioned in the text of Article 14 itself.

  31. 31.

    Recital 43 Directive 2016/680.

  32. 32.

    Article 15 (3) GDPR.

  33. 33.

    Joined cases C‑141/12 and C‑372/12, YS v Minister voor Immigratie, Integratie en Asiel and Minister voor Immigratie, Integratie en Asiel v M (Hereinafter “YS”), 17.07.2014, par. 57–58. See also Advocate General Sharpston’s Opinion of 12.12.2013, par. 77–78. The case concerned the application of Third Country Nationals to review the legal reasoning of the Dutch authorities’ decision on their application for residence permits. The Court ruled that the analysis or the minutes are not personal data and do not fall within the scope of the right of access under Directive 95/46/EC and thus disclosing the whole legal analysis, i.e. providing a copy thereof, was not necessary, whereas a summary only of the personal data contained in the applicants’ files was enough.

  34. 34.

    Article 15 (1) (e) Directive 2016/680.

  35. 35.

    Advocate General Sharpston’s Opinion of 12.12.2013, par. 77, op. cit.

  36. 36.

    Article 3 (10) and Recital 22 Directive 2016/680.

  37. 37.

    Compare Article 15 (1) (h) GDPR.

  38. 38.

    Article 6 EU PNR Directive.

  39. 39.

    Article 52 Directive 2016/680.

  40. 40.

    Article 15 (1) Directive 2016/680.

  41. 41.

    Recital 46 Directive 2016/680 and CJEU, C-465/00, 138/01, 139/01 Öster- reichischer Rundfunk, 20.05.2003. In that case the CJEU ruled that if a limitation on the data protection rights of individuals is not compatible with the fundamental rights, e.g. to privacy as enshrined in the ECHR and by extension nowadays in the CFREU, then the limitations cannot be deemed to be compatible with provisions of secondary law, e.g. Directive 2016/680.

  42. 42.

    Opinion of Advocate General Sharpston in the YS case, op. cit., par. 93 (4).

  43. 43.

    Art. 17 (2) 2008 Framework Decision.

  44. 44.

    Article 15 (2) Directive 2016/680.

  45. 45.

    § 57 (5) German implementing law.

  46. 46.

    Ibid, § 57 (2).

  47. 47.

    Ibid, § 57 (3).

  48. 48.

    Article 15 (3) Directive 2016/680.

  49. 49.

    Article 15 (4) Directive 2016/680.

  50. 50.

    Article 17 (1) Directive 2016/680; also §57 (7) and §59 German Implementing Law.

  51. 51.

    Article 17 (2) Directive 2016/680.

  52. 52.

    Article 17 (3) Directive 2016/680.

  53. 53.

    ECtHR, Amann and Gaskin, op. cit.

  54. 54.

    Article 42 Directive 2016/680.

  55. 55.

    Article 58 (1) and (2) Council Decision SIS II; 14 (1) and (2) VIS Council Decision; Article 17 (1) (a) 2008 Framework Decision.

  56. 56.

    Article 13 (1) EU PNR Directive and 33 (1) EURODAC Regulation.

  57. 57.

    Article 12 (1) Directive 2016/680.

  58. 58.

    Article 12 (2) and (4) Directive 2016/680.

  59. 59.

    E.g. Article 14 (6) VIS Council Decision and Article 58 (6) Council Decision SIS II. How are they different.

  60. 60.

    Article 12 (3) Directive 2016/680.

  61. 61.

    ECtHR, Haralambie v Romania, application no. 21737/03, 27.10.2009. The applicant wanted to know whether the security services had a file on him from the time during the Communist regime. A file indeed existed, but the applicant was allowed to see it only 6 years after he filed the request.

  62. 62.

    ECtHR, Yonchev v. Bulgaria, application no. 12504/09, 7.12.2017, par. 61. The applicant requested access to the results of his psychological assessment as an applicant for a police mission abroad. It was refused on grounds of confidentiality. It turned out that the documents were not confidential, the decision was taken by a body which was not entitled to take such decisions and the procedure had taken too long.

  63. 63.

    Article 58 (3) Council Decision SIS II.

  64. 64.

    Article 36 EUROPOL Regulation.

  65. 65.

    EU Interoperability Proposal 1 and 2, 2017.

  66. 66.

    Regulation (EC) No 45/2001.

  67. 67.

    Article 47 Proposals COM (2017) 794 final, Brussels 12.12.2017 and COM (2017) 793 final, 12.12.2017 op. cit.

  68. 68.

    Article 29 (2) COM (2017) 794 final, Brussels, 12.12.2017, op. cit.

  69. 69.

    See also Article 64 SIS II Proposal 2016.

  70. 70.

    Recital 14 Directive 2016/680.

  71. 71.

    Article 1 (2) EU PNR Directive.

  72. 72.

    Article 4 (1) EU PNR Directive.

  73. 73.

    Article 2 (3) Directive 2016/680.

  74. 74.

    Article 13 EU PNR Directive j Article 59 Directive 2016/680.

References

  1. The Schengen Information System: A Guide for exercising the right of access. SIS II Supervision Coordination Group, p. 8, October 2015

    Google Scholar 

  2. Charter of Fundamental Rights of the European Union, O.J. C 364, 2000/C364/01, 18 December 2000

    Google Scholar 

  3. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regards to the processing of personal data and on the free movement of such data, O.J. L 251, 23 November 1995

    Google Scholar 

  4. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), O.J. L 119, 4 May 2016

    Google Scholar 

  5. Principle 6 Recommendation No. R (87) 15, Council of Europe, Committees of Ministers to Member States regulating the use of personal data in the police sector, 17 September 1987

    Google Scholar 

  6. Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA, O.J. L 119/89-131

    Google Scholar 

  7. Council Framework Decision 2008/977/JHA of 27 November 2008 on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters, O.J. L. 350/60-71, 30 December 2008

    Google Scholar 

  8. Council Decision 2007/533/JHA on the establishment, operation and use of the second generation Schengen Information System (SIS II), OJ L 205, (“Council Decision SIS II”), 7 August 2007

    Google Scholar 

  9. Directive (EU) 2016/681 of the European Parliament and of the Council of 27 April 2016 on the use of passenger name record (PNR) data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime, OJ L 119, p. 132–149 (“EU PNR Directive”), 4 May 2016

    Google Scholar 

  10. Council Decision 2008/633/JHA of 23 June 2008 concerning access for consultation of the Visa Information System (VIS) by designated authorities of Member States and by Europol for the purposes of the prevention, detection and investigation of terrorist offences and of other serious criminal offences, OJ L 218, pp. 129–136 (“VIS Council Decision”), 13 August 2008

    Google Scholar 

  11. Regulation (EU) No 603/2013 of the European Parliament and of the Council of 26 June 2013 on the establishment of ‘Eurodac’ for the comparison of fingerprints for the effective application of Regulation (EU) No 604/2013 establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person and on requests for the comparison with Eurodac data by Member States’ law enforcement authorities and Europol for law enforcement purposes, and amending Regulation (EU) No 1077/2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice, O.J. L 180/1-30, (“EURODAC Regulation”), 29 June 2013

    Google Scholar 

  12. Council of Europe Convention 108 for the Protection of Individuals with regard to Automatic Processing of Personal Data, Strasbourg, 28 January 1981

    Google Scholar 

  13. ECtHR, Gaskin v the United Kingdom, Application no. 10454/83, 07 July 1989

    Google Scholar 

  14. ECtHR, Khelili v Switzerland, Application no. 16188/07, 18 October 2011

    Google Scholar 

  15. ECtHR, Segerstedt-Wiberg and Others v. Sweden, Application no. 62332/00, 6 June 2006

    Google Scholar 

  16. ECtHR, Amann v Switterland, Application no. 27798/95, 16 February 2000

    Google Scholar 

  17. CJEU, C-553/07, College van burgemeester en wethouders van Rotterdam v M.E. E. Rijkeboer, 7.05.2009, Opinion of the Advocate General Ruiz-Jarabo Colomer, par. 33 and 34, 22 December 2008

    Google Scholar 

  18. L’Hoiry, X., Norris, C.: Introduction – the right of access to personal data in a changing european legislative framework. In: Norris, C., de Hert, P., L’Hoiry, X., Galetta, A. (eds.) The Unaccountable State of Surveillance. LGTS, vol. 34, pp. 1–8. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-47573-8_1

    Chapter  Google Scholar 

  19. C‑141/12 and C‑372/12, YS v Minister voor Immigratie, Integratie en Asiel and Minister voor Immigratie, Integratie en Asiel v M, 17 July 2014

    Google Scholar 

  20. CJEU, C-434/16, Peter Nowak v Data Protection Commissioner, Opinion of Advocate General Kokott, 20 July 2017

    Google Scholar 

  21. Bäcker, M.: Art. 23 Beschränkungen. In: Jürgen Kühling, J., Buchner, B. (eds.) Datenschutz-Grundverordnung: Kommentar, p. 486, par. 14, C.H.Beck (2017)

    Google Scholar 

  22. Galetta, A., de Hert, P.: A European perspective on data protection and the right of access. In: Norris, C., de Hert, P., L’Hoiry, X., Galetta, A. (eds.) The Unaccountable State of Surveillance. LGTS, vol. 34, pp. 21–43. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-47573-8_3

    Chapter  Google Scholar 

  23. CJEU, C-465/00, 138/01, 139/01 Österreichischer Rundfunk, 20 May 2003

    Google Scholar 

  24. De Hert, P., Papakonstantinou, V.: The new police and criminal justice data protection directive: a first analysis. New J. Eur. Crim. Law 7(1), 12 (2016)

    Google Scholar 

  25. Gesetz zur Anpassung des Datenschutzrechts an die Verordnung (EU) 2016/679 und zur Umsetzung der Richtlinie (EU) 2016/680, Bundesgesetz- blatt Jahrgang 2017 Teil I Nr. 44, Bonn, (“German Implementing Law”), 05 July 2017

    Google Scholar 

  26. Computers, Privacy and Data Protection (CPDP) 2017 Conference. https://www.youtube.com/watch?v=g7YYlrxQe20

  27. ECtHR, Haralambie v Romania, application no. 21737/03, 27 October 2009

    Google Scholar 

  28. ECtHR, Yonchev v. Bulgaria, application no. 12504/09, 7 December 2017

    Google Scholar 

  29. Regulation 2016/794 of the European Parliament and of the Council of 11 May 2016 on the European Union Agency for Law Enforcement Cooperation (Europol) and replacing and repealing Council Decisions 2009/371/JHA, 2009/934/JHA, 2009/935/JHA, 2009/936/JHA and 2009/968/JHA, O.J. L. 135/53-114, (“EUROPOL Regulation”), 25 May 2016

    Google Scholar 

  30. Proposal for a Regulation of the European Parliament and of the Council on establishing a framework for interoperability between EU information systems (police and judicial cooperation, asylum and migration), COM (2017) 794 final, Brussels (“EU Interoperability Proposal 1”), 12 December 2017

    Google Scholar 

  31. Proposal for a Regulation of the European Parliament and of the Council on establishing a framework for interoperability between EU information systems (borders and visa) and amending Council Decision 2004/512/EC, Regulation (EC) No 767/2008, Council Decision 2008/633/JHA, Regulation (EU) 2016/399 and Regulation (EU) 2017/2226, COM (2017) 793 final, (“EU Interoperability Proposal 2”), 12 December 2017

    Google Scholar 

  32. Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data, OJ.L. 8/1-22, (“Regulation 45/2001”), 12 January 2001

    Google Scholar 

  33. Proposal for a Regulation of the European Parliament and of the Council on the establishment, operation and use of the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters, amending Regulation (EU) No 515/2014 and repealing Regulation (EC) No 1986/2006, Council Decision 2007/533/JHA and Commission Decision 2010/261/EUCOM (2016) 883 final, Brussels (“SIS II Proposal 2016”), 21 December 2016

    Google Scholar 

  34. The European Parliament adopted the Passenger Name Record (PNR) Directive for the Passengers with EU Air Carriers. The Republic of Bulgaria, Commission for Personal Data Protection, 19 April 2016. https://www.cpdp.bg/en/index.php?p=news_view&aid=954

  35. Article 11 (a) Law on the State Agency “National Security” of the Republic of Bulgaria, Official Journal 109, 20 December 2007. Latest amendment: 19 January 2018

    Google Scholar 

  36. European Data Protection Supervisor: Opinion of the European Data Protection Supervisor on the package of legislative measures reforming Eurojust and setting up the European Public Prosecutor’s Office (‘EPPO’), Brussels, p. 18, par. 91, 5 March 2014

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Diana Dimitrova .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Dimitrova, D., De Hert, P. (2018). The Right of Access Under the Police Directive: Small Steps Forward. In: Medina, M., Mitrakas, A., Rannenberg, K., Schweighofer, E., Tsouroulas, N. (eds) Privacy Technologies and Policy. APF 2018. Lecture Notes in Computer Science(), vol 11079. Springer, Cham. https://doi.org/10.1007/978-3-030-02547-2_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-02547-2_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-02546-5

  • Online ISBN: 978-3-030-02547-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics