The document discusses the role of the European Data Protection Supervisor (EDPS) in advising EU institutions on counter-terrorism policy and data protection. The EDPS aims to ensure a right balance between security and data protection. The EDPS has issued several opinions calling for a more strategic, comprehensive, and transparent approach to counter-terrorism that incorporates data protection as an objective. The document also outlines basic data protection principles like purpose limitation, proportionality, transparency, and accountability that are relevant for counter-terrorism policy.
1. Data protection EU Counter-terrorism policy Katarzyna Cuadrat-Grzybowska Legal Adviser to EDPS
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
Editor's Notes
02/03/11 introduction to general frame work and principles: interlinked issues, difficult to separate give an umbrella presentation of the international and EU legal framework we will present specific issues of the single instruments, in a complex environment (multilevel, stratified/dispersed legal instruments) questions at the end
Explanation of structure: 02/03/11
A broad concept (Resolution, adopted by the Parliamentary Assembly of the Council of Europe, already in 1970): "The right to privacy consists essentially in the right to live one's own life with a minimum of interference. It concerns private, family and home life, physical and moral integrity, honour and reputation, avoidance of being placed in a false light, non-revelation of irrelevant and embarrassing facts, unauthorised publication of private photographs, protection against misuse of private communications, protection from disclosure of information given or received by the individual confidentially.” Privacy is in that sense a private sphere exempted from disclosure, which allows the individual to remain in a feeling of control over himself and the surrounding environment close to him. According to (extensive) case law of the European Court of Human Rights, privacy extends to the workplace. It thus follows that the reputation and the professional integrity of an individual forms an integral part of the notion of privacy. Warren and Brandeis (end 19 th century) 02/03/11
Art 16 TFEU: Everyone has the right to the protection of personal data concerning them. The value of fundamental right will be reinforced: EU Charter will have a binding value + EU Accession to the ECHR Specificities in the Police and Judicial cooperation. D eclarations: (No. 20) Data protection rules that may have direct implications for national security should take in due account the specific characteristics of the matter (No. 21) Specific data protection rules in police and judicial cooperation may prove necessary because of the specific nature of these fields 02/03/11
- Lawfulness: collection and processing should be according to the law: provided for by law or activities under a public assignment No data shall be collected for undefined purposes (need to know) Interconnection of files held for different purposes and or online access only on case-by-case basis and subject to clear legal provision (principle 5.6 Rec) Storage: (in particular, conclusion of an inquiry, final judicial decision – acquittal; rehabilitation, principle 7.1 rec 87(15)) Data quality Accuracy and different categories of data: As far as possible, the different categories of data stored should be distinguished in accordance with their degree of accuracy or reliability and, in particular, data based on facts should be distinguished from data based on opinions or personal assessments. (principle 3.2) Routine quality checks and before transmission As far as possible, the quality of data should be verified at the latest at the time of their communication. As far as possible, in all communications of data, judicial decisions, as well as decisions not to prosecute, should be indicated and data based on opinions or personal assessments checked at source before being communicated and their degree of accuracy or reliability indicated. (principle 5.5) Crucial element, especially when data are processed far from their origin and are continuously exchanged in broad networks (the police file is no longer on the desk of the policeman who knows the case, hard data and soft data), both for citizens and for work of law enforcement authorities 02/03/11
Information: individuals should be informed (principle 2.2) Security: appropriate measures should be taken against accidental or unauthorized destruction or loss, or unauthorized access, alteration, dissemination Right of access: individuals shall be enabled to have confirmation about whether personal data relating to them are processed and to have communication of such data in an intelligible form Rectification or erasure, when data are processed contrary to the provisions There should be a possibility of remedy (conv 108) or appeal to supervisory authority (rec 87)15 Exceptions: provided by law, necessary measure to meet a public interest or to protect the data subject or the freedoms of others In rec 87(15) specific examples are made with regard to police sector (information may be deferred insofar as the object of the police investigation is likely to be prejudiced, access as well and should in principle be motivated in writing) 02/03/11