L’objectif de la coopération policière et judiciaire en matière pénale est de garantir un niveau élevé de sécurité pour les personnes dans l’UE en prévenant la criminalité et en luttant contre celle-ci.
La coopération intervient entre les forces de police nationales et les autorités judiciaires nationales, avec l’aide d’agences de l’UE telles qu’Eurojust, Europol et le réseau judiciaire européen le cas échéant. Cette coopération implique la collecte et l’échange d’informations sur les personnes.
Le rapport annuel présente les éléments les plus significatifs des activités du CEPD en 2007. Il révèle l'accroissement notable du nombre de contrôles préalables des opérations de traitement des données personnelles dans les institutions et organes européens. Dans son rôle de conseiller sur les nouvelles propositions législatives européennes ayant un impact sur la protection des données, le CEPD a publié 12 avis. L'année 2007 a été celle de la signature du traité de Lisbonne qui prévoit une amélioration de la protection des données personnelles, et dont l'impact sera suivi de près par le CEPD.
Avis concernant la décision de la Commission du 12 décembre 2007 relative à la protection des données à caractère personnel dans le cadre de la mise en oeuvre du Système d'information du marché intérieur (IMI) (2008/49/CE), JO C 270, 25.10.2008, p. 1
This Opinion is part of the broader EDPS efforts to improve the data protection safeguards for this large-scale IT system operated by the European Commission to facilitate information exchanges between competent authorities in Member States in the area of internal market legislation.
The EDPS supports the establishment of this electronic system for the exchange of information. Nevertheless, establishment of a centralized electronic system also creates certain risks. These include, most importantly, that more data might be shared and more broadly than strictly necessary for the purposes of efficient cooperation, and that data, including potentially outdated and inaccurate data, might remain in the electronic system longer than is necessary. The security of a database accessible in 27 Member States is also a sensitive issue, as the system is only as safe as the weakest link in the network permits it to be.
In the Opinion, the EDPS questions the adequacy of the legal basis chosen for the adoption of the IMI Decision. The EDPS recommends that the Commission replaces the IMI Decision by a legal instrument that fulfils the requirement of legal certainty. As an ultimately most sound solution, the EDPS suggests adopting a separate legal instrument for the IMI-system, at the level of the Council and the European Parliament, similar to the Schengen Information System, Visa Information System and other large-scale IT databases.
Additionally, the Opinion provides for a number of suggestions on the provisions regulating the data protection aspects of IMI. These recommendations relate to transparency and proportionality, joint control and allocation of responsibilities, notice to data subjects, rights of access, objection, and rectification, data retention, security measures and joint supervision.
Avis sur le projet de décision-cadre du Conseil relative à l'utilisation des données des dossiers passagers (Passenger Name Record - PNR) à des fins répressives, JO C 110, 01.05.2008, p. 1
The European Data Protection Supervisor (EDPS) has issued an Opinion on 20 December 2007 onthe proposal of the Commission for a Council Framework Decision on the use of Passenger Name Record (PNR) data for law enforcement purposes. The proposal involves obligations for air carriers to transmit data about all passengers on flights to or from an EU Member State.
The Opinion emphasizes the major impact the proposal would have on privacy and data protection rights of air passengers. While acknowledging that the fight against terrorism is a legitimate purpose, the EDPS expresses serious concerns about the necessity and proportionality of the proposal which, in his view, are not sufficiently established in the proposal. In addition, the EDPS takes a critical stance on the lack of clarity in relation to various aspects of the proposal, in particular the applicable legal framework, the identity of the recipients of personal data, and the conditions of transfer of data to third countries.
The Opinion focuses on four key issues and draws the following conclusions:
legitimacy of the processing: the proposal does not provide for sufficient elements of justification to support and demonstrate the legitimacy of the processing of data;
applicable legal framework: a significant lack of legal certainty is noted as regards the regime applicable to the different actors involved in the matter;
the identity of data recipients: the draft Decision does not provide for any specification concerning the identity of the recipients of personal data collected by airlines companies;
transfer of data to third countries: it is imperative that conditions of transfer of PNR data to third countries be coherent and subject to a harmonised level of protection.
Finally, the EDPS advises not to adopt the draft Decision before the new Lisbon Treaty's entry into force, so that it can follow the co-decision procedure foreseen by the new Treaty and the European Parliament is fully involved.
Avis sur l'initiative de la République fédérale d'Allemagne, en vue de l'adoption d'une décision du Conseil concernant la mise en oeuvre de la décision 2007/.../JAI relative à l'approfondissement de la coopération transfrontière, notamment en vue de lutter contre le terrorisme et la criminalité transfrontière, JO C 89, 14.4.2008, p. 1
On 19 December 2007, the EDPS issued his Opinion on the German initiative establishing implementing rules which are necessary for the functioning of the Council Prüm initiative. This initiative aims to step up cross-border cooperation, particularly for fighting terrorism and cross-border crime, by establishing mechanisms to exchange personal data such as DNA profiles and fingerprints.
In his Opinion, the EDPS holds the view that a clear, effective and comprehensive legal framework - combining general provisions and specific tailored rules on data protection - should be in place before the current Prüm initiative enters into force. He also points out that the initiative's implementing rules and their annex are of particular importance since they define crucial aspects and tools of the exchanges of data that are essential to ensure guarantees for concerned persons.
More specifically, the EDPS recommends the following:
the initiative and its annex should benefit from a broad and open discussion involving all relevant actors, such as the European Parliament and Data Protection Authorities;
the accuracy in searches and comparisons of DNA profiles and fingerprints should be duly taken into account and constantly monitored, also in the light of the larger scale of the exchange;
relevant data protection authorities should be put in a position to properly carry out their supervisory and advisory role throughout all the different stages of the implementation.
