Skip to main content
SpringerLink
Log in
Book cover

Information Sharing and Data Protection in the Area of Freedom, Security and Justice pp 371–427Cite as

Chapter D Perspectives and Suggestions for Improvement

  • Chapter
  • First Online:

  • 1455 Accesses

Abstract

As follows from the foregoing analysis, information sharing in the AFSJ has become an essential tool in recent years to contribute to EU-internal security policy. Law enforcement cooperation between Member States, EU agencies, bodies and information systems is based to a large extent on the exchange of (personal) data and plays an increasing role in the AFSJ. The Hague as well as the Stockholm programme call for an increasing interoperability of the AFSJ databases which in some cases leads to a questionable connection of systems established for different purposes.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    To the beginnings of the use of the term “interoperability” in the EU and explicit disconnection of the technical aspects from the political and legal impacts, compare De Hert and Gutwirth (2006).

  2. 2.

    Compare Chap. C and De Hert and Vandamme (September 2004), in particular p. 433.

  3. 3.

    To the background of the Charter, see Heusel (2002).

  4. 4.

    Segerstedt-Wiberg and others v. Sweden Application no. 62332/00, judgment of 6 June 2006, paras 88–92; Liberty and others v. the United Kingdom, Application no. 58234/00, judgment of 1 July 2008, para 68; Rotaru v. Romania, Application no. 28341/954, judgment of 4 May 2000, para 57; Weber and Saravia v. Germany, Application no. 54934/00, admissibility decision of 29 June 2006, paras 116 and 127.

  5. 5.

    S. and Marper v. the United Kingdom, Application nos. 30562/04 and 30566/04, judgment of 4 December 2008, para 119; Segerstedt-Wiberg and others v. Sweden Application no. 62332/00, judgment of 6 June 2006, paras 89–92.

  6. 6.

    Weber and Saravia v. Germany, Application no. 54934/00, admissibility decision of 29 June 2006, para 116; Rotaru v. Romania, Application no. 28341/954, judgment of 4 May 2000, para 57; see also Association for European Integration and Human Rights and Ekimdzhiev v. Bulgaria, Application no. 62540/00, judgment of 28 June 2007.

  7. 7.

    Rotaru v. Romania, Application no. 28341/954, judgment of 4 May 2000, para 57.

  8. 8.

    Rotaru against Romania, Application no. 28341/95, judgment of 4 May 2000, paras 55–63; Segerstedt-Wiberg and others v. Sweden Application no. 62332/00, judgment of 6 June 2006, para 121.

  9. 9.

    De Hert and Gutwirth (2006), in particular p. 30.

  10. 10.

    Weber and Saravia, Application no. 54934/00, admissibility decision of 29 June 2006, para 127.

  11. 11.

    Leander v. Sweden, Application no. 9248/81, judgment of 26 March 1987, para 55.

  12. 12.

    Weber and Saravia v. Germany, Application no. 54934/00, admissibility decision of 29 June 2006, para 125.

  13. 13.

    Case C-553/07, College van burgemeester en wethouders van Rotterdam v. M.E.E. Rijkeboer, judgment of 7 May 2009.

  14. 14.

    Ibid.

  15. 15.

    Case C-518/07, Commission v. Germany, judgment of 9 March 2010, para 36.

  16. 16.

    For instance Case C-266/05 P, Sison v. Council, judgment of 1 February 2007 and T-284/08 Organisation des Modjahedines de people d`Iran v. Council, judgment of 4 December 2008 and C-229/05P, PKK and KNK v. Council, judgment of 18 January 2007.

  17. 17.

    For an excellent analysis of this case law, see Hijmanns and Scirocco (2009), in particular p. 1509.

  18. 18.

    Article 39 TEU.

  19. 19.

    Council Decision 2009/936 of 30 November 2009 adopting the implementing rules for Europol analysis work files, OJ 2009, L-325/14; Council Decision 2009/935/JHA of 30 November 2009 determining the list of third states and organisations with which Europol shall conclude agreements, OJ 2009, L-325/12; Decision of the Europol Management Board on the conditions related to the processing of data on the basis of Article 10 (4) of the Europol Decision, 15942/09, adopted the 30 November 2009, OJ 2009, L-348/1 and Council Decision 2009/917/JHA of 30 November 2009 on the use of information technology for customs purposes, OJ 2009, L-323/20.

  20. 20.

    To Europol’s development, see De Moor and Vermeulen (2010), in particular p. 1097.

  21. 21.

    Hijmanns (2010), p. 222.

  22. 22.

    Article 12 (1) lit. b Council Decision of 6 April 2009 establishing the European Police Office, OJ 2009, L-121/37.

  23. 23.

    S. and Marper v. the United Kingdom, Application nos. 30562/04 and 30566/04, judgment of 4 December 2008.

  24. 24.

    S. and Marper v. the United Kingdom, Application nos. 30562/04 and 30566/04, judgment of 4 December 2008, para 119.

  25. 25.

    T-261/09 P, Commission v. Violetti and others, judgment of 20 May 2010.

  26. 26.

    Compare the cases discussed above: T-259/03, Nikolaou v. Commission, judgment of 12 September 2007; see also T-309/03, Camos Grau v. Commission, judgment of 6 April 2006; F-23/05, Giraudy v. Commission, judgment of 2 May 2007 and F-5/05 and 7/05, Violetti and others v. Commission, judgment of 28 April 2009.

  27. 27.

    Final report of COWI (European consulting group) of January 2009 preparing an external evaluation of Frontex provided for in Article 33 of the Council Regulation (EC) No 2007/2004 of 26 October 2004 establishing Frontex, p. 48, available at: http://www.frontex.europa.eu/specific_documents/other/ (accessed February 2011); to the cooperation between Europol and Frontex, see Holzenberger (2006).

  28. 28.

    Weber and Saravia v. Germany, Application no. 54934/00, admissibility decision of 29 June 2006, paras 80 et seq.

  29. 29.

    Compare the former practice of Spain to refuse entry into the States party to the Schengen Agreement as well as to issue a visa for the purpose of entry to a national of a third country, on the sole ground that he is a person for whom an alert was entered in the SIS, without examining the circumstances on a case-by-case bases and verifying whether the presence of that person constitutes a genuine, serious threat affecting one of the fundamental interests of society; case C-503/03 Commission v. Spain, judgment of 31 January 2006.

  30. 30.

    Peers (2006), p. 555.

  31. 31.

    Balzacq et al. (2006); De Hert and Gutwirth (2006), in particular p. 28.

  32. 32.

    Statistics of Member States, for instance Germany on data gathering operations for crime prevention purposes do not show the necessity of massive data storing; compare Kant (2006) and De Hert and Gutwirth (2006).

  33. 33.

    Opinion of the European Data Protection Supervisor on the Proposal for a Regulation of the European Parliament and of the Council concerning the Visa Information System (VIS) and the exchange of data between Member States on short stay-visas (COM(2004) 835 final), OJ 2005, C-181/13, p. 17.

  34. 34.

    Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC, OJ 2006, L-105/54.

  35. 35.

    Agreement between the European Union and the United States of America on the processing and transfer of Passenger Name Record (PNR) data by air carriers to the Unites States Department of Homeland Security (DHS), OJ 2007, L-204/18.

  36. 36.

    Proposal for a Council Framework Decision on the use of Passenger Name Record (PNR) for law enforcement purposes, COM(2007) 654 of 6 November 2007.

  37. 37.

    Council Directive 2004/82/EC of 29 April 2004 on the obligation of air carriers to communicate passenger data, OJ 2004, L-261/24.

  38. 38.

    EDPS, Opinion on the draft proposal for a Council Framework Decision on the use of Passenger Name records (PNR) for law enforcement purposes, OJ 2008, C-110/01, point 12 and Opinion of the European Union Agency for Fundamental Rights on the Proposal for a Council Framework Decision on the use of Passenger Name Record (PNR) data for law enforcement purposes, 28 October 2008. To the general concerns raised by data mining including further references, see De Hert and Bellanova (2008).

  39. 39.

    EDPS, Opinion on the draft proposal for a Council Framework Decision on the use of Passenger Name records (PNR) for law enforcement purposes, OJ 2008, C-110/01, point 22.

  40. 40.

    Gonzalez Fuster et al. (2010).

  41. 41.

    See above Chaps. B II 1 b, B II 2 b and B III 3 b; more precisely: Article 12 (1) lit. b Council Decision of 6 April 2009 establishing the European Police Office, OJ 2009, L-121/37, Article 5 (2) CIS Council Decision 2009/917, OJ 2009, L-323/20 and Article 15 (1) Eurojust Decision.

  42. 42.

    Gonzalez Fuster et al. (2010).

  43. 43.

    S. and Marper v. the United Kingdom, Application nos. 30562/04 and 30566/04, judgment of 4 December 2008.

  44. 44.

    Critical in this regard, Gonzalez Fuster et al. (2010) and Peyrou-Pistouley (2009), in particular p. 741 to the beginnings of preventive police work at EU level, see Bigo (1996), in particular pp. 333–336.

  45. 45.

    S. and Marper v. the United Kingdom, Application nos. 30562/04 and 30566/04, judgment of 4 December 2008, para 107.

  46. 46.

    Gonzalez Fuster et al. (2010).

  47. 47.

    Ibid.

  48. 48.

    To the attempt to assimilate the differences between preventive and repressive work at Europol, see Gärditz (2008), in particular pp. 212–215.

  49. 49.

    Compare for instance Article 1 of Council Decision 2008/633/JHA of 23 June 2008 concerning access for consultation of the Visa Information System (VIS) by designated authorities of Member States and by Europol for the purposes of the prevention, detection and investigation of terrorist offences and of other serious criminal offences, OJ 2008, L-218/129.

  50. 50.

    To the terms prevention and repression of crime in European law, see Gärditz (2008).

  51. 51.

    Weber and Saravia, Application no. 54934/00, admissibility decision of 29 June 2006, paras 125–129.

  52. 52.

    DeSimone (2010); Westphal (2010).

  53. 53.

    Judgment on governmental profiling of the German Constitutional Court of 4 April 2006, Bundesverfassungsgericht, 1 BvR 518/02, para 117.

  54. 54.

    Judgment on data retention of the German Constitutional Court of 2 March 2010, Bundesverfassungsgericht, 1 BvR 256/08, 1 BvR 263/08 and 1 BvR 586/08, para 212; English press release no 11/2010 of 2 March 2010, para 3.

  55. 55.

    Ibid para 3 emphasis added.

  56. 56.

    Ibid para 4 emphasis added.

  57. 57.

    Ibid para 4.

  58. 58.

    Ibid para 4, compare Gietl (2010); Petri (2010); Roßnagel (2010a); with regard to the newly introduced duty of the processor to inform the person concerned in cases of unintentional knowledge of personal data in the German Data Protection Act, compare Eckhardt and Schmitz (2010).

  59. 59.

    Judgment on data retention of the German Constitutional Court of 2 March 2010, Bundesverfassungsgericht, 1 BvR 256/08, 1 BvR 263/08 and 1 BvR 586/08, paras 239 et seq.; English press release no 11/2010 of 2 March 2010, para 4; emphasis added.

  60. 60.

    Article 35 (1) Council Decision of 6 April 2009 establishing the European Police Office, OJ 2009, L-121/37; emphasis added.

  61. 61.

    Judgment on data retention of the German Constitutional Court of 2 March 2010, Bundesverfassungsgericht, 1 BvR 256/08, 1 BvR 263/08 and 1 BvR 586/08, para 271; emphasis added.

  62. 62.

    Ibid para 271 emphasis added.

  63. 63.

    Ibid para 271 emphasis added.

  64. 64.

    Article 35 (1) Council Decision of 6 April 2009 establishing the European Police Office, OJ 2009, L-121/37.

  65. 65.

    Rotaru against Romania, Application no. 28341/95, judgment of 4 May 2000, paras 55–63; Segerstedt-Wiberg and others v. Sweden Application no. 62332/00, judgment of 6 June 2006, para 121.

  66. 66.

    As regards the need of such a body, refer to the following section in Sect. IV 1.

  67. 67.

    Segerstedt-Wiberg and others v. Sweden Application no. 62332/00, judgment of 6 June 2006, paras 88–92; Liberty and others v. the United Kingdom, Application no. 58234/00, judgment of 1 July 2008, para 68; Rotaru v. Romania, Application no. 28341/954, judgment of 4 May 2000, para 57; Weber and Saravia v. Germany, Application no. 54934/00, admissibility decision of 29 June 2006, paras 116 and 127.

  68. 68.

    With reference to Europol and its possibility to pre-emptively process personal data under violating the German “Recht auf informationelle Selbstbestimmung”, see Schubert (2008), in particular pp. 147–151.

  69. 69.

    Segerstedt-Wiberg and others v. Sweden Application no. 62332/00, judgment of 6 June 2006, paras 88–92; Liberty and others v. the United Kingdom, Application no. 58234/00, judgment of 1 July 2008, para 68; Rotaru v. Romania, Application no. 28341/954, judgment of 4 May 2000, para 57; Weber and Saravia v. Germany, Application no. 54934/00, admissibility decision of 29 June 2006, paras 116 and 127.

  70. 70.

    EU Terrorism Situation and Trend Report TE-SAT 2010, to be found on Europol’s webpage: http://www.europol.europa.eu/index.asp?page=publications&language= (accessed February 2011).

  71. 71.

    Compare statistics in EU Terrorism Situation and Trend Report TE-SAT 2010, pp. 16 and 17 to be found on Europol’s webpage: http://www.europol.europa.eu/index.asp?page=publications&language= (accessed February 2011).

  72. 72.

    Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions – Delivering and area of freedom, security and justice for European’s citizens – Action Plan implementing the Stockholm Programme, COM(2010) 171 final, in particular p. 6.

  73. 73.

    Compare Chap. C II 4.

  74. 74.

    Joined cases C-317/04 and C-318/04, Parliament v. Council, judgment of 30 May 2006 and case C-301/06, Ireland v. Parliament and Council, judgment of 10 February 2009. To the similiarity of the cases, see Simitis (2009).

  75. 75.

    Compare Chap. A III 1 b.

  76. 76.

    Joined cases C-317/04 and C-318/04, Parliament v. Council, judgment of 30 May 2006.

  77. 77.

    The information relates to a plane trip to the USA and entails amongst other: date of reservation/issue of ticket, date(s) of intended travel, name(s), available frequent flier and benefit information (i.e. free tickets, upgrades, etc.), other names on PNR, including number of travelers on PNR, all available contact information (including originator information meaning address and telephone number at the final destination), all available payment/billing information linked to the travel transaction, travel itinerary for specific PNR, travel agency/travel agent, code share information, split/divided information, travel status of passenger (including confirmations and check-in status), ticketing information, including ticket number, one-way tickets and Automated Ticket Fare Quote, all baggage information, seat information, including seat number. See also Hasbrouck (2011).

  78. 78.

    For a profound analysis with further references see Papakonstantinou and De Hert (2009); Mendez (2007).

  79. 79.

    Joined cases C-317/04 and C-318/04, Parliament v. Council, judgment of 30 May 2006, paras 33–50.

  80. 80.

    Simitis (2009), in particular p. 1783.

  81. 81.

    The Court added: “While the view may rightly be taken that PNR data are initially collected by airlines in the course of an activity which falls within the scope of Community law, namely sale of an aeroplane ticket which provides entitlement to a supply of services, the data processing which is taken into account […] is, however, quite different in nature”, as a result, the PNR transfers did not concern “data processing necessary for a supply of services, but data processing regarded as necessary for safeguarding public security and for law-enforcement purposes”, see Joined cases C-317/04 and C-318/04, Parliament v. Council, judgment of 30 May 2006, para 57.

  82. 82.

    Mendez (2007); Schaar (2007).

  83. 83.

    Case C-301/06, Ireland v. Parliament and Council, judgment of 10 February 2009; Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC, OJ 2006, L-105/54, compare Chap. A III 1 b.

  84. 84.

    Article 1 (1) and (2) Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC, OJ 2006, L-105/54.

  85. 85.

    Case C-301/06, Ireland v. Parliament and Council, judgment of 10 February 2009, para 84.

  86. 86.

    Simitis (2009), in particular 1783; Braum (2009b).

  87. 87.

    Compare Chap. B III 1 b; Article 1 (1) Directive 2006/24 stipulates that: “This Directive aims to harmonise Member States’ provisions concerning the obligations of the providers of publicly available electronic communications services or of public communications networks with respect to the retention of certain data which are generated or processed by them, in order to ensure that the data are available for the purpose of the investigation, detection and prosecution of serious crime, as defined by each Member State in its national law”, emphasis added.

  88. 88.

    Case C-301/06, Ireland v. Parliament and Council, judgment of 10 February 2009, para 83.

  89. 89.

    Ibid para 84.

  90. 90.

    Ibid.

  91. 91.

    Simitis (2009), in particular 1784.

  92. 92.

    A third pillar basis would have for instance hindered a subsequent judicial control in front of the European Courts.

  93. 93.

    Judgment on data retention of the German Constitutional Court of 2 March 2010, Bundesverfassungsgericht, 1 BvR 256/08, 1 BvR 263/08 and 1 BvR 586/08 and Curtea Constitutionala, 8 October 2009 number 1258, Romanian Official Monitor no. 789 of 23 November 2009. For more details, see de Vries et al. (2010; Manolea 2010).

  94. 94.

    Compare Klass v. Germany, Application no. 5029/71, judgment of 6 September 1978, para 50, or Weber and Saravia v. Germany, Application no. 54934/00, admissibility decision of 29 June 2006, para 135.

  95. 95.

    Answer given by the British Information Commissioner when he was asked whether a simplification of the supervision of the third pillar protection arrangements appears to be necessary, in: House of Lords report: 5th report of session 2004–05, “After Madrid: the EU’s response to terrorism”, published 8 March 2005, p. 21, para 43.

  96. 96.

    Alonso Blas (2010), in particular pp. 245–249, referring to the experiences made at Eurojust.

  97. 97.

    Alonso Blas (2010), in particular pp. 245–249.

  98. 98.

    House of Lords report: 5th report of session 2004–05, “After Madrid: the EU’s response to terrorism”, published 8 March 2005, p. 21, para 44.

  99. 99.

    EDPS, third opinion of 27 April 2007 on the proposal for a Council Framework Decision on the protection of personal data processed in the framework of police and judicial co-operation in criminal matters, OJ 2007, C-139/1, para 42.

  100. 100.

    EDPS, third opinion of 27 April 2007 on the proposal for a Council Framework Decision on the protection of personal data processed in the framework of police and judicial co-operation in criminal matters, OJ 2007, C-139/1, para 41.

  101. 101.

    Compare Chap. B II 3 d.

  102. 102.

    To the beginnings of the use of the term interoperability in the EU, compare De Hert and Gutwirth (2006); to the term interoperability, see the comprehensive analysis of Wallwork and Baptista (2005).

  103. 103.

    Compare the arguments of the ECtHR with regard to surveillance measures in Weber and Saravia v. Germany, Application no. 54934/00, admissibility decision of 29 June 2006, para 135.

  104. 104.

    Compare Chap. A II 4 a.

  105. 105.

    Article 12 (1) lit. b Council Decision of 6 April 2009 establishing the European Police Office, OJ 2009, L-121/37.

  106. 106.

    Increasing transparency in European data protection law was recently underlined by the Commission in its communication on “A comprehensive strategy on data protection in the European Union”, COM(2010) 609 final of 4 November 2010, p. 6, para 2.1.2.

  107. 107.

    Compare Communication from the Commission to the European Parliament and the Council, Overview of information management in the area of freedom, security and justice, COM(2010) 385 final, p. 24.

  108. 108.

    Hijmanns (2010).

  109. 109.

    For instance is the data processing in Europol’s analysis work files or in the EIS different from data processing in the SIS II or at Eurojust’s Case Management System; compare with regard to Eurojust Alonso Blas (2010), in particular pp. 236–245, with good arguments to keep the tailor-made approach.

  110. 110.

    Opinion of the EDPS of 19 December 2005 on the Proposal for a Council Framework Decision on the protection of personal data processed in the framework of police and judicial co-operation in criminal matters (COM(2005) 475 final), OJ 2006, C-47/27 and Alonso Blas (2010).

  111. 111.

    Hijmanns (2010).

  112. 112.

    Ibid.

  113. 113.

    Case C-105/03, criminal proceedings against Maria Pupino, judgment of 16 June 2005.

  114. 114.

    For instance the rules of procedure on the processing and the protection of personal data at Eurojust, OJ 2005, C-68/1.

  115. 115.

    Some AFSJ actors operate different databases or exchange systems, for instance Eurodac, which allows additional data exchange via its DubliNet system; compare Chap. B III 4 b.

  116. 116.

    Article 8 (1) CIS Council Decision 2009/917, OJ 2009, L-323/20.

  117. 117.

    The term should be further explained in the legal basis.

  118. 118.

    Article 20 (1) Council Decision of 6 April 2009 establishing the European Police Office, OJ 2009, L-121/37.

  119. 119.

    Article 21 (2) CIS Council Decision 2009/917, OJ 2009, L-323/20.

  120. 120.

    Compare Chap. C II 2 a.

  121. 121.

    All AFSJ actors keep the list of accessing actors secret, apart from the list provided for in the Eurodac Proposal (Article 21 (2) Eurodac Proposal, COM(2010) 555 of 11 October 2010).

  122. 122.

    Compare Chap. B III 2 c.

  123. 123.

    Article 12 (1) lit. b Council Decision of 6 April 2009 establishing the European Police Office, OJ 2009, L-121/37.

  124. 124.

    See for instance S. and Marper v. the United Kingdom, Application nos. 30562/04 and 30566/04, judgment of 4 December 2008, para 119 and principle 2.1. of Recommendation R (87) 15.

  125. 125.

    Article 12 (1) lit. b Council Decision of 6 April 2009 establishing the European Police Office, OJ 2009, L-121/37.

  126. 126.

    Weber and Saravia v. Germany, Application no. 54934/00, admissibility decision of 29 June 2006, para 121.

  127. 127.

    Council document no. 12537/3/04 on the SIS II functions of 30 November 2004, p. 3.

  128. 128.

    Article 17 (2) rules of procedure on the processing and the protection of personal data at Eurojust, OJ 2005, C-68/1.

  129. 129.

    Article 19 (4) Eurojust Decision.

  130. 130.

    Article 18 (6) Eurodac Regulation, OJ 2000, L-316/1.

  131. 131.

    Ibid, Article 18 (9) and (10).

  132. 132.

    Weber and Saravia v. Germany, Application no. 54934/00, admissibility decision of 29 June 2006, para 135.

  133. 133.

    Similar to Article 8 rules of procedure on the processing and the protection of personal data at Eurojust, OJ 2005, C-68/1.

  134. 134.

    Article 42 (2) (a) (ii) Regulation 1987/2006.

  135. 135.

    Article 4 (3) of Directive 2009/136/EC of the European Parliament and of the Council of 25 November 2009 amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws, OJ 2009, L-337/11.

  136. 136.

    Compare Article 32 and 34 VIS Regulation 767/2008, OJ 2008, L-218/60.

  137. 137.

    Compare Weber and Saravia v. Germany, Application no. 54934/00, admissibility decision of 29 June 2006, paras 121 and 127.

  138. 138.

    Article 35 (1) Council Decision of 6 April 2009 establishing the European Police Office, OJ 2009, L-121/37.

  139. 139.

    Opinion of the EDPS on Promoting Trust in the Information Society by Fostering Data Protection and Privacy of 18 March 2010, paras 16–30.

  140. 140.

    See Chap. B II 1 f.

  141. 141.

    Section VI 5.

  142. 142.

    As such information is not included in the annual reports of the AFSJ actors, in some cases, information can be found the in the publications of the House of Lords.

  143. 143.

    Discussion about a long-term general data exchange agreement between the EU and the US are currently taking place, see Report by the High Level Contact Group (HLCG) on information sharing and privacy and data protection, Council doc. 15815/09 of 23 November 2009 and Proposal for a Council Recommendation to authorise the opening of negotiations for an agreement between the European Union and the United States of America on protection of personal when transferred and processed for the purpose of preventing, investigating, detecting or prosecuting criminal offences, including terrorism, in the framework of police cooperation and judicial cooperation in criminal matters, COM(2010) 252, accessible at: http://www.statewatch.org/news/2010/aug/eu-usa-dp-general-em.pdf (accessed February 2011).

  144. 144.

    Article 8 (4) CIS Council Decision 2009/917, OJ 2009, L-323/20.

  145. 145.

    Compare Article 26a (9) Eurojust Decision.

  146. 146.

    Ibid, Article 26a (9).

  147. 147.

    Ibid, Article 21 (3)(b).

  148. 148.

    Article 20 (3) Council Decision of 6 April 2009 establishing the European Police Office, OJ 2009, L-121/37.

  149. 149.

    Garside (2006).

  150. 150.

    Examples of data exchange in absence of a legal basis was Eurojust’s data transfer in JITs or Eurojust’s access to the CIS.

  151. 151.

    Article 5 Council Decision 2008/633, OJ 2008, L-218/129.

  152. 152.

    To the requirement to define terms such as “serious crime” in a legal act, compare ECtHR case law Kennedy v. the United Kingdom, Application no. 26839/05, judgment of 18 May 2010, para 159, discussed in Chap. A II 1 d aa (3).

  153. 153.

    Council Framework Decision 2002/475/JHA of 13 June 2002 on combating terrorism, OJ 2002, L-164/3.

  154. 154.

    Council Framework Decision 2002/584/JHA of 13 June 2002 on the European arrest warrant and the surrender procedures between Member States - Statements made by certain Member States on the adoption of the Framework Decision, OJ 2001, L-190/1.

  155. 155.

    Article 2 (a)-(g) Directive 95/46/EC includes definitions on personal data, processing of personal data, controller, processor etc.

  156. 156.

    Leander v. Sweden, Application no. 9248/81, judgment of 26 March 1987, para 55.

  157. 157.

    Similar to Article 3 (2) Council Decision 2008/633, OJ 2008, L-218/129.

  158. 158.

    Rotaru v. Romania, Application no. 28341/954, judgment of 4 May 2000, para 57.

  159. 159.

    Similar to Article 4 Council Decision 2008/633, OJ 2008, L-218/129.

  160. 160.

    Compare the similar wording of Article 4 Council Decision 2008/633, OJ 2008, L-218/129.

  161. 161.

    Similar to Article 4 Council Decision 2008/633, OJ 2008, L-218/129.

  162. 162.

    To assure transparency and to specify the conditions for Europol, some specifications could additionally apply; Europol’s access could be for instance necessary for the purpose of a specific analysis in a specific case referred to in Article 14 Europol Decision or for an analysis of a general nature and of a strategic type, as referred to in Article 14 (4) of the Europol Decision, provided that the data is rendered anonymous by Europol prior to such processing and retained in a form in which identification of the data subjects is no longer possible; data obtained by Europol could be further prevented from being introduced in Europol’s Information System, exemptions to this rule should require the consent of Europol’s supervisory body; possible additional conditions for Eurojust could also relate to the restriction not to introduce data obtained in Eurojust’s Case Management System whereby exemptions to this rule should require the consent of Eurojust’s supervisory body.

  163. 163.

    Compare Article 4 (2) Council Decision 2008/633, OJ 2008, L-218/129.

  164. 164.

    Article 9 (2) Council Decision 2008/633, OJ 2008, L-218/129.

  165. 165.

    Compare Chap. B II 1 d cc.

  166. 166.

    Europol is the only body providing for certain basic rules in cases of third party transfer, compare Council Decision 2009/934/JHA of 30 November 2009 adopting the implementing rules governing Europol’s relations with partners, including the exchange of personal and classified information, OJ 2009, L-325/6.

  167. 167.

    Council Decision 2009/934/JHA of 30 November 2009 adopting the implementing rules governing Europol’s relations with partners, including the exchange of personal and classified information, OJ 2009, L-325/6.

  168. 168.

    Compare Sect. VI 5.

  169. 169.

    Compare Sect. V 7.

  170. 170.

    Council Decision 2008/633, OJ 2008, L-218/129.

  171. 171.

    Compare Article 18 (6) Eurodac Regulation, OJ 2000, L-316/1.

  172. 172.

    Compare Article 14 (7) Council Decision 2008/633, OJ 2008, L-218/129.

  173. 173.

    Compare Article 16 Council Decision 2008/633, OJ 2008, L-218/129.

  174. 174.

    Compare Article 17 (1) Council Decision 2008/633, OJ 2008, L-218/129.

  175. 175.

    Analogous to Article 17 Council Decision 2008/633, OJ 2008, L-218/129.

  176. 176.

    Compare Article 17 (4) Council Decision 2008/633, OJ 2008, L-218/129.

  177. 177.

    Important and valuable criteria which should be applicable in JIT exchange between Member States among each other and with Europol have been developed by: Gusy (2008), in particular pp. 274–280.

  178. 178.

    The legal basis to process personal data might refer to the same crimes at Europol and Eurojust, although, for instance, OLAF does not dispose of the same comprehensive data processing possibilities.

  179. 179.

    Scirocco (2008).

  180. 180.

    Compare for the previous legal famework case C-160/03, Spain v. Eurojust, judgment of 15 March 2005, in which the Court confirmed that the acts of (former) third pillar bodies (in this case, Eurojust) did not fall within its competence.

  181. 181.

    Articles 258 and 259 TFEU.

  182. 182.

    Article 8 Charter of Fundamental Rights: 1. Everyone has the right to the protection of personal data concerning him or her. 2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified. 3. Compliance with these rules shall be subject to control by an independent authority.

  183. 183.

    Compare Chap. A III 1 d.

  184. 184.

    Hijmanns and Scirocco (2009), in particular pp. 1517–1518.

  185. 185.

    For example case C-413/99, Baumbast and R, judgment of 17 December 2002, para 84.

  186. 186.

    Article 16 (2) TFEU.

  187. 187.

    Hijmanns and Scirocco (2009), in particular p. 1519 and compare above Chap. A III 2.

  188. 188.

    Hijmanns and Scirocco argue that an action for failure to act under Article 265 TFEU would be eventually possible. They refer to the case 13/83, European Parliament v. Council, judgment of 27 September 1988 concerning the transport policy in which the Court acknowledged such a possibility under the condition that the failure to act related to measures that are defined with sufficient specificity for them to be defined individually. The data protection provisions may also be qualified as sufficiently specific, compare Hijmanns and Scirocco (2009), in particular p. 1520 with further references.

  189. 189.

    S. and Marper v the United Kingdom, Application nos. 30562/04 and 30566/04, judgment of 4 December 2008.

  190. 190.

    Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions – Delivering and area of freedom, security and justice for European’s citizens – Action Plan implementing the Stockholm Programme, COM(2010) 171 final.

References

  • Bigo D (1996) Police en Réseaux – l`expérience européenne. Presses de Sciences Po, Paris

    Google Scholar 

  • Heusel W (2002) The charter of fundamental rights and constitutional development in the EU. Schriftenreihe der Europäischen Rechtsakademie Trier. Bundesanzeiger, Köln

    Google Scholar 

  • Peers S (2006) EU justice and home affairs law, 2nd edn. Oxford University Press, Oxford

    Google Scholar 

  • Schubert I (2008) Europol und der virtuelle Verdacht – Die Suspendierung des Rechts auf informationelle Selbstbestimmung. Frankfurter kriminalwissenschaftliche Studien, Band/vol 107. Peter Lang Verlag, Frankfurt am Main

    Google Scholar 

  • Alonso Blas D (2010) Ensuring effective data protection in the field of police and judicial activities: some considerations to achieve security, justice and freedom. ERA Forum 2(11):233–250

    Article  Google Scholar 

  • Balzacq T, Bigo D, Carrera S, Guild E (2006) Security and the two-level game: the treaty of Prüm, the EU and the management of the threats. Centre for European Policy Studies (CEPS) working paper, published 1 January 2006. Accessible at: http://www.ceps.eu/book/security-and-two-level-game-treaty-pr%C3%BCm-eu-and-management-threats. Accessed Feb 2011

  • Braum S (2009b) Parallelwertung in der Laiensphäre?: Der EuGH und die Vorratsdatenspeicherung. Zeitschrift für Rechtspolitk 6:174–177

    Google Scholar 

  • De Hert P, Bellanova R (2008) “Data protection from a transatlantic perspective: The EU and US move towards an international data protection agreement?”, study requested by the European Parliament’s Committee on civil liberties, justice and home affairs (LIBE), pp. 25–26 and 37–38

    Google Scholar 

  • De Hert P, Gutwirth S (2006) Interoperability of police databases within the EU: an accountable political choice? Int Rev Law Comput Technol 20(1&2):21–35

    Article  Google Scholar 

  • De Hert P, Vandamme L (September 2004) European police and judicial information-sharing, cooperation: incorporation into the community, bypassing and extension of Schengen. ERA Forum 5(3):425–434

    Article  Google Scholar 

  • De Moor A, Vermeulen G (2010) The Europol council decision: transforming Europol into an agency of the European Union. Common Market Law Rev 47(4):1089–1121

    Google Scholar 

  • De Vries K, Bellanova R, de Hert P (2010) Proportionality overrides unlimited surveillance, the German constitutional court judgment on data retention. Centre of European Policy Studies, Liberty and Security in Europe. Available at: http://www.ceps.eu/book/proportionality-overrides-unlimited-surveillance. Accessed Feb 2011

  • DeSimone C (2010) Pitting Karlsruhe against Luxembourg? German data protection and the contested implementation of the EU data retention directive. German Law J 11(3):291–318

    Google Scholar 

  • Eckhardt J, Schmitz P (2010) Informationspflicht bei Datenschutzpannen. Datenschutz und Datensicherheit 6:390–397

    Google Scholar 

  • Gärditz KF (2008) Prävention und Repression als Kategorien im Recht der Europäischen Union. In: Wolter J, Schenke W-R, Hilger H, Ruthing J, Zöller MA (eds) Alternativentwurf Europol und europäischer Datenschutz, 1st edn. C.F. Müller, Heidelberg, pp 192–232

    Google Scholar 

  • Garside A (2006) The political genesis and legal impact of proposals for the SIS II: what cost for data protection and security in the EU? Sussex Migration Working Paper no. 30, March 2006, p 16. Accessible at: http://www.sussex.ac.uk/migration/documents/mwp30.pdf. Accessed Feb 2011

  • Gietl A (2010) Die Zukunft der Vorratsdatenspeicherung – Anmerkungen zum Urteil des BVerfG vom 2. März 2010. Datenschutz und Datensicherheit 6:398–403

    Google Scholar 

  • Gonzalez Fuster G, de Hert P, Ellyne E, Gutwirth S (2010) Huber, Marper and others: throwing new light on the shadows of suspicion, CEPS working paper, Centre for European Policy Studies, No. 8/June 2010, p. 2. Accessible at: http://www.ceps.eu/book/huber-marper-and-others-throwing-new-light-shadows-suspicion. Accessed Feb 2011

  • Gusy C (2008) Europäischer Datenschutz. In: Wolter J, Schenke W-R, Hilger H, Ruthing J, Zöller MA (eds) Alternativentwurf Europol und europäischer Datenschutz, 1st edn. C.F. Müller, Heidelberg, pp 265–280

    Google Scholar 

  • Hasbrouck E (2011) comment on “What’s in a passenger name record (PNR)?”. Available at: http://www.hasbrouck.org/articles/PNR.html. Accessed Feb 2011

  • Hijmanns H (2010) Recent developments in data protection at European Union level. ERA Forum 2(11):219–231

    Article  Google Scholar 

  • Hijmanns H, Scirocco A (2009) Shortcomings in EU data protection in the third and the second pillars. Can the Lisbon Treaty be expected to help? Common Market Law Rev 46:1485–1525

    Google Scholar 

  • Holzenberger M (2006) Europols kleine Schwester – Die Europäische Grenzschutzagentur Frontex. Bürgerrechte und Polizei/CILIP 2(84):56–63

    Google Scholar 

  • Kant M (2006) Nothing doing? Taking stock of data trawling operations in Germany after 11 September 2001. Accessible at: http://www.statewatch.org/news/2006/aug/profil.pdf. Accessed Feb 2011

  • Manolea B (2010) Implementation of EU data retention directive unconstitutional. Computer Law Rev Int 2:49–51

    Google Scholar 

  • Mendez M (2007) Passenger name record agreement, European court of justice. Eur Constitut Law Rev 3:127–147

    Article  Google Scholar 

  • Papakonstantinou V, De Hert P (2009) The PNR agreement and transatlantic anti-terrorism cooperation: no firm human rights framework on either side of the Atlantic. Common Market Law Rev 46(3):885–919

    Google Scholar 

  • Petri T (2010) Verfassungskonforme Speicherung von Nutzerdaten – Gestaltungsanforderungen nach dem Urteil des Bundesverfassungsgerichts vom 2. März 2010. Recht der Datenverarbeitung 26(5):197–202

    Google Scholar 

  • Roßnagel A (2010a) Das Bundesverfassungsgericht und die Vorratsdatenspeicherung in Europa. Datenschutz und Datensicherheit 8:544–548

    Google Scholar 

  • Schaar P (2007) EuGH-Entscheidung zur Fluggastdatenübermittlung – Grund zur Begeisterung? Multimedia und Recht 6:425–426

    Google Scholar 

  • Scirocco A (2008) The Lisbon Treaty and the protection of personal data in the European Union. No. 5 February 2008. Available at: http://www.dataprotectionreview.eu/. Accessed Feb 2011

  • Simitis S (2009) Der EuGH und die Vorratsdatenspeicherung oder die verfehlte Kehrtwende bei der Kompetenzregelung. Neue Juristische Wochenzeitschrift 25:1782–1786

    Google Scholar 

  • Wallwork A, Baptista J (2005) Unterstanding interoperabilty. In: Backhouse J (ed) Structured account of approaches on interoperability, Chap 4, D4.1. Future of Identity in the Information Society (FIDIS), 6th Framework Programme, EU Commission, published 12 July 2005, pp 19–28. Available at: http://www.fidis.net/fileadmin/fidis/deliverables/fidis-wp4-del4.1.account_interoperability.pdf. Accessed Feb 2011

  • Westphal D (2010) Leitplanken für die Vorratsdatenspeicherung –Abrücken von Solange – Das Urteil des BVerfG vom 2.3.2010. Europäische Zeitschrift für Wirtschaftsrecht (13):494–499

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Interdisciplinary Centre for Security, Reliability and Trust (SnT), University of Luxembourg, 6, rue Richard Coudenhove Kalergi, 1359, Luxembourg, Luxembourg

    Dr. Franziska Boehm

Authors
  1. Dr. Franziska Boehm
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Franziska Boehm .

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Boehm, F. (2012). Chapter D Perspectives and Suggestions for Improvement. In: Information Sharing and Data Protection in the Area of Freedom, Security and Justice. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22392-1_5

Download citation

Publish with us

Policies and ethics

Search

Navigation