If you ask an average European if they may request Google or Facebook to delete their data, they are likely to refer to the EU General Data Protection Regulation (GDPR). They are also likely to turn to a Data Protection Authority (DPA) or even directly to the domestic courts for that matter.
If you ask the same person if they may request the police to disclose if they are processing their personal data and to have these data (e.g, fingerprints, DNA samples, names, etc.) rectified or deleted, the average European might be more hesitant.
Why is this the case?
When thinking about data protection, most of us relate to the GDPR, which entered into force in May 2016. The GDPR is indeed a significant legal act which, amongst others, triggered almost each public and private entity operating in the EU to strengthen its data protection culture. It also gave more powers to private individuals to enforce their rights through the DPAs and courts. It has furthermore resulted in an increasing number of ground-breaking judgments by the Court of Justice of the European Union (CJEU).
As significant as questions such as “Should Google delete my data from its online search results?”; ‘How should my health record be protected?”; or “What remedies do I have if the misuse of my data concerns several EU Member States?” may be, individuals may not so intuitively ask themselves what happens to their data when processed by the EU Member State law enforcement authorities for the purposes of enforcing criminal law.
Not too many people are aware that in May 2016, next to the GDPR, a second legal instrument—which has remained in the shadows of the GDPR—was adopted. It is namely the EU Law Enforcement Directive (LED). The LED deserves special attention for two main reasons. First, it is the first EU instrument which harmonizes almost all aspects of data protection by police and criminal justice authorities across the EU Member States. Second, it anchors a high number of provisions, which seek to ensure a robust and a modern level of data protection in the criminal law field and which the Member States should have implemented by now in their national laws.
The LED regulates essential questions, such as when and under what conditions may the police collect and further process our personal data and transfer them to other law enforcement authorities outside the EU; when and what information should the law enforcement authorities disclose to the concerned data subjects; how long may these store the data and when are they required to delete them; how should the police differentiate between suspects, victims, and witnesses; how should individuals exercise their data protection rights against the law enforcement authorities; what powers and responsibilities do DPAs have in helping ensure that the LED provisions are fully respected; and when may individuals turn to courts in order to address their data protection grievances.
Not surprisingly, the LED provisions resemble the GDPR in many aspects, yet there are significant differences. Even similar provisions apply differently in the law enforcement field, as compared to fields such as online commence, due to the peculiarities of the criminal law sector. The national implementations add another level of complexity to the application of its provisions.
Hence, it comes as no surprise that individuals, lawyers, police officers, prosecutors, prison authorities, DPA officers, judges, and academics need guidance on the interpretation and application of the LED provisions. Our LED Commentary contains a meticulous analysis of each and every article of the LED, including practical examples and examples from the implementation of each provision into national law, as well as relevant CJEU case law which interprets a growing number of LED provisions. Last but not least, the volume contains three special chapters, in addition to the article-by-article analysis of the LED. First, there is a dedicated chapter on the criminal law cooperation between the EU Member States and UK after Brexit, highlighting the data protection-related aspects of this cooperation. Second, the volume features a chapter on the role of the Council of Europe and the case law of the European Court of Human Rights, which dates back to decades preceding the entry into force of the LED and which provides useful guidance about the interpretation of the LED. Third, due to the fact that the LED is a directive and not a regulation, the topic of the national implementations is a central one. It is therefore also tackled in a separate chapter, in addition to the examples from national law examined in each article analysis.
The contributors to the volume are an international team of renowned data protection experts in the field, who have been working especially on criminal law topics. They have included their practical experience, knowledge of national legislation, and data protection expertise, providing an in-depth analysis of each provision, inviting their broad and international audience to use the knowledge generated by this volume in order to contribute to the high level of protection in the criminal law field.
Featured image: Ferdinand Stöhr via Unsplash, public domain.
Recent Comments
There are currently no comments.