28 March 2012
European Data Protection Supervisor says exchange of criminal records proposal is not proportionate
- will the Commission heed the Opinion?
The European Data Protection Supervisor, Peter Hustinx, has issued an Opinion on the European Commission's proposal for the exchange of information from criminal records which say that it is "not proportional", should be limited to specific serious crimes and should provide precise safeguards to the data subject.
The proposal is justified by the Commission in terms of "urgency" because at the moment there is only an obligation to transfer records annually. It is therefore intended to fill a "gap" pending a proposal for a European Criminal Register.
The Supervisor notes that:
"The Proposal has a wide scope. It is not limited to convictions for specific offences. Annex B contains a list of serious offences, but this list is not limited and some categories in this list are fairly unspecified (such as: road traffic regulations). Moreover, Article 1(b) mentions that not only judgments but also decisions of administrative authorities fall within the scope of the Proposal. This means that the Proposal goes far beyond the scope of the prevention and combat of crime as it is commonly understood."
Moreover, there are a lot of differences between national rules on time limits for keeping data an on the exchange of data with third parties - thus there is what he calls a "heterogeneous legal environment".
The Supervisor's comments on data protection in the proposal are short and to the point:
"The Proposal contains an article on data protection, that merely contains a provision on the limitation of the purposes for the exchange of data, in respect of the exchange of information from convictions on request (as mentioned in Article 4).
Data can be requested not just for the purpose of criminal proceedings:
"but also of other purposes"
The requested state "may" request information on the use of the data, but does not have to.
And the proposal:
"does not give any other guarantee in view of the fair treatment of the data subject."
Moreover, the Article on data protection:
"does not apply to own-initiative information on convictions (as mentioned in Article 3), which has as a consequence that there is no limitation of the purposes for which this information may be used."
One of the principles of EU data protection law is that data cannot be used for purposes other than which it is collected and though it may be passed on under certain conditions it should no be added to or amended. Article 3 says:
"Own-initiative information on convictions
Each central authority shall without delay inform the central authorities of the other Member States of convictions of nationals of those Member States registered in the national criminal record and of relevant subsequent entries in the criminal record."
The Opinion then details the data protection problems with the proposal:
1. "There are no guarantees that safeguards on data protection that exist under national law in respect of the disclosure of information from criminal records always apply."
2. The personal data that concern a person's criminal past is of "a sensitive nature" because:
"too wide use of the information in a criminal record might compromise the chances of social rehabilitation of the convicted person"
3. The Council of Europe Convention 108, Article 8 of the ECHR: "The result of the Proposal may not be that a private person will be deprived of or unduly restricted in the exercise of his legally enforceable rights to data protection" and the Supervisor concludes that:
"this objective has not been achieved."
4. There are no guarantees on access to the personal data and:
"There are no specified restrictions on processing and further use of the personal data that are exchanged."
5. There is doubt, says the Supervisor, whether:
"the data subject has a right to be informed, since it is optional whether the form may be given to the person concerned"
The Supervisor concludes that:
- "the proposal does not contain all the necessary guarantees for an adequate data protection in conformity with the existing legal framework and the proposal lacks precision"
- the proposal should be limited to "certain serious crimes"
- the proposal is not proportionate
- and the proposal should contain precise safeguards for the data subject
The role of the EDPS is set out in Regulation 45/2001 and in respect of issuing this kind of Opinion appears to be advisory - it will be interesting to see whether the Commission and the Council respond to it or whether, like the reports from the Article 29 Working Party on Data Protection, it will simply be ignored.
4. SEC (2005) 63, Commission Staff working paper: Annex to the WHITE PAPER
5. Regulation 45/2001 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data, 18.12.00
Spotted an error? If you've spotted a problem with this page, just click once to let us know.
Statewatch does not have a corporate view, nor does it seek to create one, the views expressed are those of the author. Statewatch is not responsible for the content of external websites and inclusion of a link does not constitute an endorsement. Registered UK charity number: 1154784. Registered UK company number: 08480724. Registered company name: The Libertarian Research & Education Trust. Registered office: c/o MDR, 88 Fleet Street, London EC4Y 1DH, UK. © Statewatch ISSN 1756-851X. Personal usage as private individuals "fair dealing" is allowed. We also welcome links to material on our site. Usage by those working for organisations is allowed only if the organisation holds an appropriate licence from the relevant reprographic rights organisation (eg: Copyright Licensing Agency in the UK) with such usage being subject to the terms and conditions of that licence and to local copyright law.