EU: Council of the European Union: Data protection to be subsumed under Information Exchange

Support our work: become a Friend of Statewatch from as little as £1/€1 per month.

he issue of data protection in the old “third pillar” was first raised in the Council of the European Union (the 27 governments) in May 1998, as the 1995 EU Directive on Data Protection did not cover justice and home affairs issues (“third pillar”). The Action Plan of the Council and the Commission on how best to implement the provisions of Amsterdam establishing an area of freedom, security and justice (13844/98) said that data protection issues in the “third pillar” should be: “developed with a two year period” (IV.47(a)).

A Council Working Party on Data Protection was set up in 1998 and a draft Resolution was drawn up and revised five times - the last being on 12 April 2001 under the Swedish Presidency of the EU (EU doc no: 6316/2/01) when agreement appeared to have been reached and the Article 36 Committee was asked to address outstanding reservations. From this point on there was silence - and the Working Party was formally abolished in a re-organisation of Council’s working parties in 2002.

Then it was ressurected in 2006 when it met three times to consider the contentious "Proposal for a Council Framework Decision on the protection of personal data processed in the framework of police and judicial co-operation in criminal matters" over which it had no influence [1]. It met twice in 2007 and once in 2008 then finally in March 2010 - to learn of its amalgamation with the Ad Hoc Group on Information Exchange.

There seems to be some confusion over the title of the new Council Working Group the official post-Lisbon list of new JHA Working Groups calls it: "The Working Party on Information Exchange and Data Protection" (see EU doc no: 17653/09). However, the Council Presidency website (Belgium) calls it: "The Working Party on Data Protection and Information Exchange".

The reality slipped out in the Outcomes (Minutes) of the Ad Hoc Group on Information Exchange meeting of 21 January 2010 which state:

"Since it will deal both with information and data protection issues, it will be renamed "Working Party on Information Exchange and Data Protection" and may meet in different formations and sub-groups with data protection being discussed as the need arises." (emphasis added) (EU doc no: 5858/10)

The Ad Hoc Group on Information Exchange

The Ad Hoc Group on Information Exchange was formally set up in March 2006, Setting up of Ad Hoc Group on Information Exchange on DNA (EU doc no: 6259/06) which only met twice. But by December 2008 its scope had been significantly enlarged to "Information Exchange" in general (EU doc no: CM 4471/08). Discussions in the JHA Council in March and May 2009 set out the scope of its work in: "Follow-up on the outcome of the January Informal JHA Ministerial Meeting in the field of Modern Technologies and Security" (EU doc no: 10143/09) which stated:

"Practical requirements of the law enforcement community:
Assessment of the added value of the proposal, its necessity and usefulness, with regards to the needs and requirements of the law enforcement community. The development of new technologies and systems must be the outcome of requirements and needs of these entities in MS. Therefore, it is essential to focus on how newly proposed solutions will contribute to supporting the activities and strengthening cooperation of specific law enforcement entities and those ensuring internal security."

Law enforcement agencies are to "define" their business requirements and the EU Member States to find "common solutions".

In simple terms the Ad Hoc Group on Information Exchange was charged with bringing into effect the "principle of availability" of information and intelligence to ensure "internal security". Among its tasks is the implementation of the "Information Management Strategy for EU internal security" (EU doc no: 6660/10).

Tony Bunyan, Statewatch editor, comments:

"The track record of the Council shows that it has never taken data protection seriously. The Stockholm Programme states that personal privacy is fundamental but that this can be "interfered" with by "public authorities" (ie: state agencies).

When "balancing" the demands of internal security and against the right to personal privacy there is little doubt which will win."


[1] [see The Shape of Things to Come, Chapter 7).
[2] See also: EU policy “putsch”: Data protection handed to the DG for “law, order and security”

Our work is only possible with your support.
Become a Friend of Statewatch from as little as £1/€1 per month.


Spotted an error? If you've spotted a problem with this page, just click once to let us know.

Report error