Principle of availability:Principle of availability: investigation of crime vs. data investigation of crime vs. data

protectionprotection

Julio Pérez GilJulio Pérez GilUniversity of Burgos. SpainUniversity of Burgos. Spain

Availability principle in the EU Where is it? What is it? Why Limits Future Concluding remarks

Four basic documents The Hague Programme for strengthening

Freedom, Security and Justice in the EU 5 November 2004 (till 2008)

Proposal for a Council Framework Decision on the Protection of Personal Data Processed in the Framework of Police and Judicial Co-operation in Criminal Matters (DPFD) COM (2005) 475 final, 4 October 2005

Proposal for a Council Framework Decision on the exchange of information under the principle of availability COM(2005) 490 final, 12 October 2005

Prüm Treaty Signed 27.05.2005 / In force 1.11.2006

Availability principle: Hague Programme…a law enforcement

officer in one Member State who needs information in order to perform his duties

can obtain this from another Member State

The law enforcement agency in the other Member State which holds this information

will make it available for the stated purpose, taking into account the requirement of ongoing investigations in that State…

Why? Tackle serious crime

needs information exchange within the Member

States between Member

States with third states

Police and Judicial co-operation Involves a formal

request Sometimes requires

judicial authorisation To gather data To pass on data

Takes time

One of the responses to terrorist attack of 11 March 2004 Madrid bombings

Aim Exchange of information

As large a list of information categories as possible with as little effort as possible (ie: requiring a minimum of

formalities, permissions, procedures, if any) Existing information Available to competent authorities

National law enforcement databases National administrative systems

Identity documents and registers on persons Driving licenses Vehicles Firearms Aviation and maritime registers Others

Main areas DNA fingerprints ballistics vehicle registrations telephone numbers and communications

data civil registers

Obligation to exchange information when available

Some consequences Access to any data held within the EU by

Law enforcement agencies (police, immigration and customs)

Security Agencies Eventually non-member States (USA)

External checks and controls over the exchange of information and intelligence could be excluded (“self-regulated” agencies)

It covers all crimes (or suspected crimes): not targeted only at combating terrorism

Two opposite approaches EUROPEAN COMMISION

It is not to permit that cumbersome proceedings of interchange of information avoid law and order enforcement and the investigation of trans-border crime in a free movement area…

(Communication to the Council and to European Parlamment, 10.5.2005 COM(2005) 184 final)

STATEWATCH

… a classic example of how EU governments have used the “war on terrorism” to give the emerging EU state sweeping powers of surveillance and Control

(www.statewatch.org)

Are absolutely irreconciliable? Data protection for

Gathering Processing Passing on of

personal data

“Principle of availability“ Existing information Passing on of data

Conditions

The Hague Programm Strict conditions to be observed when

applying the availability pr¡nciple protect sources of information and the

confidentiality of data guarantee the integrity of the data to be

exchanged supervision of respect for data protection appropriate control prior to and after the

exchange

Draft FD on Data Protection in Police and Judicial Co-operation

General rules on the lawfulness of processing of personal data

Specific Forms of Processing Transmission of and making available personal data to the

competent authorities of other member states Further processing, in particular further transmission and

transfer Rights of the data subject Confidentiality and security of processing Judicial remedies and liability Supervisory authority and working party on the protection

of individuals with regard to the processing of personal data

AvailabilityProposal for a Council Framework Decision

on the exchange of information under the principle of availability, COM(2005) 490 final, Brussels, 12.10.2005

Prüm Treaty (27th May 2005) Aim: help the signatories to improve information-

sharing for the purpose of preventing and combating crime in three fields Terrorism Cross-border crime Illegal migration

Austria, Belgium, France, Germany, Luxembourg, Netherlands and Spain

Finland, Italy, Portugal, Slovenia: intention Incorporate its provisions into the legal

framework of the EU ?

Contents Access to their DNA analysis and dactyloscopic

(fingerprint) databases DNA in repressive context, fingerprints also in preventive one Hit/no hit system: Police services may launch a query in the

data system of a contracting partner to find out whether it contains data concerning a specific profile, and are automatically informed of the result within a matter of minutes

Further information, such as personal data, may be communicated in the course of mutual legal assistance

Full and direct online read access to registration data held by their partners vehicle drive licenses

Exchange of data concerning potential terrorist perpetrators and hooligans

Data Data protection initiative

Who controls data?

Who accesses and/or processes data ?

Council Framework Decision on the exchange of information under the principle of availability (Proposal)

DNA profilesFingerprintsBallisticsVehicle registration information Telephone numbers and other communications dataMinimum data for the identification of persons contained in civil registers

Regulatory Committee established pursuant the Framework Decision

Member States’ designated authorities or designated parties

- Equivalent competent authorities (police, customs and other authorities of Member States)- Europol

Direct access

Prüm Convention

DNAFingerprintsVehicle registration dataData supplied in connection with major events

Contracting Parties

Contracting Parties (national contact points)

- National contact points.

Indirect access

Automatic information exchange: operational success German authorities matched DNA profiles of open

cases against data held by Austrian authorities Hits in 1510 cases 708 open traces from Germany could be

attributed to persons known to the Austrian criminal prosecution authorities 14 hits in homicide or murder cases 885(?) hits in theft cases 85 hits in robbery or extortion cases

Prosecution authorities are confident that the number of hits will increase constantly as further Prüm countries take part in this process, and that they will thus be able to solve numerous other open cases

Concluding remarks

Availability principle must play a role The main step to apply availability principle is

done… but without Framework Decision on Data Protection

Adequate data protection must be seen as a necessary consequence on a legal instrument on availability

Data protection can improve police cooperation An specific legal instrument on data protection in

the third pillar is needed

Thanks for your attention !!!!Thanks for your attention !!!!

Julio Pérez GilJulio Pérez GilUniversity of Burgos (Spain)University of Burgos (Spain)