L’UE dans son ensemble et chacun de ses États membres sont confrontés à de nouvelles menaces contre la sécurité, menaces diverses et complexes qui sont de nature plus internationale et transfrontalière. Plusieurs outils juridiques et pratiques ont été mis en place pour lutter contre le terrorisme et la criminalité transfrontières. Plus particulièrement, les échanges d’informations et la coopération opérationnelle entre les services répressifs ont été renforcés.
Deuxième avis relatif au réexamen de la directive 2002/58/CE concernant le traitement des données à caractère personnel et la protection de la vie privée dans le secteur des communications électroniques (directive "vie privée et communications électroniques"), JO C 128, 06.06.2009, p. 28
This Opinion follows upon a first EDPS Opinion, as well as Comments, in which recommendations were made to help ensure that the proposed changes effectively provide for the best possible protection of personal data.
This Second Opinion comes as a response to the Council's Common Position which, on a number of critical points, fails to endorse some of the data protection safeguards proposed by the European Parliament and the European Commission or previously recommended by the EDPS. The recommendations presented in this Opinion aim at streamlining some of the provisions of the Directive, while at the same time ensuring an adequate level of data protection and privacy.
The Opinion particularly focuses on the provisions relating to the setting up of a mandatory security breach notification system for which the Supervisor believes there is still some room for improvement.
Avis sur le projet de décision-cadre du Conseil relative à l'utilisation des données des dossiers passagers (Passenger Name Record - PNR) à des fins répressives, JO C 110, 01.05.2008, p. 1
The European Data Protection Supervisor (EDPS) has issued an Opinion on 20 December 2007 onthe proposal of the Commission for a Council Framework Decision on the use of Passenger Name Record (PNR) data for law enforcement purposes. The proposal involves obligations for air carriers to transmit data about all passengers on flights to or from an EU Member State.
The Opinion emphasizes the major impact the proposal would have on privacy and data protection rights of air passengers. While acknowledging that the fight against terrorism is a legitimate purpose, the EDPS expresses serious concerns about the necessity and proportionality of the proposal which, in his view, are not sufficiently established in the proposal. In addition, the EDPS takes a critical stance on the lack of clarity in relation to various aspects of the proposal, in particular the applicable legal framework, the identity of the recipients of personal data, and the conditions of transfer of data to third countries.
The Opinion focuses on four key issues and draws the following conclusions:
legitimacy of the processing: the proposal does not provide for sufficient elements of justification to support and demonstrate the legitimacy of the processing of data;
applicable legal framework: a significant lack of legal certainty is noted as regards the regime applicable to the different actors involved in the matter;
the identity of data recipients: the draft Decision does not provide for any specification concerning the identity of the recipients of personal data collected by airlines companies;
transfer of data to third countries: it is imperative that conditions of transfer of PNR data to third countries be coherent and subject to a harmonised level of protection.
Finally, the EDPS advises not to adopt the draft Decision before the new Lisbon Treaty's entry into force, so that it can follow the co-decision procedure foreseen by the new Treaty and the European Parliament is fully involved.
Avis sur l'initiative de la République fédérale d'Allemagne, en vue de l'adoption d'une décision du Conseil concernant la mise en oeuvre de la décision 2007/.../JAI relative à l'approfondissement de la coopération transfrontière, notamment en vue de lutter contre le terrorisme et la criminalité transfrontière, JO C 89, 14.4.2008, p. 1
On 19 December 2007, the EDPS issued his Opinion on the German initiative establishing implementing rules which are necessary for the functioning of the Council Prüm initiative. This initiative aims to step up cross-border cooperation, particularly for fighting terrorism and cross-border crime, by establishing mechanisms to exchange personal data such as DNA profiles and fingerprints.
In his Opinion, the EDPS holds the view that a clear, effective and comprehensive legal framework - combining general provisions and specific tailored rules on data protection - should be in place before the current Prüm initiative enters into force. He also points out that the initiative's implementing rules and their annex are of particular importance since they define crucial aspects and tools of the exchanges of data that are essential to ensure guarantees for concerned persons.
More specifically, the EDPS recommends the following:
the initiative and its annex should benefit from a broad and open discussion involving all relevant actors, such as the European Parliament and Data Protection Authorities;
the accuracy in searches and comparisons of DNA profiles and fingerprints should be duly taken into account and constantly monitored, also in the light of the larger scale of the exchange;
relevant data protection authorities should be put in a position to properly carry out their supervisory and advisory role throughout all the different stages of the implementation.
