European Investigation Order in criminal matters. Initiative Belgium, Bulgaria, Estonia, Spain, Austria, Slovenia and Sweden
Opinion of the European Data Protection Supervisor on the initiative of several Member States for a Directive of the European Parliament and of the Council regarding the European Investigation Order in criminal matters.
This opinion reacts on two initiatives for a Directive of a number of Member States, as foreseen by Article 76 TFEU, namely:
- the initiative of 12 Member States for a Directive on the European Protection Order (EPO initiative),
- the initiative of seven Member States for a Directive regarding the European Investigation Order in criminal matters (EIO initiative).
Advising on these initiatives falls within the remit of the task entrusted to the EDPS in Article 41 of Regulation (EC) No 45/2001 for advising EU institutions and bodies on all matters concerning the processing of personal data. This opinion, therefore, comments upon the initiatives as far as they relate to the processing of personal data. Since no request for advice has been sent to the EDPS, this opinion is issued on his own initiative. He regrets that he was not consulted when these initiatives were issued.
Although the two initiatives have different objectives — i.e. improving protection of victims and cross-border co- operation in criminal matters through the collection of evidence cross border — they have important similarities:
- they are both based on the principle of mutual recognition of judgments and judicial decisions;
- they are rooted in the Stockholm programme; and
- they provide for exchange of personal data between Member States.
For these reasons, the EDPS considers it appropriate to examine them jointly.
The EDPS recommends with regard to both the EPO and the EIO initiatives:
· to include specific provisions stating that the instruments apply without prejudice to Council Framework Decision 2008/977/JHA of 27 November 2008 on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters,
· to include provisions requiring the Member States to ensure that:
· competent authorities have the resources necessary for the application of the proposed directives,
· competent officials shall observe professional standards and be subject to appropriate internal procedures that ensure, in particular, the protection of individuals with regard to the processing of personal data, procedural fairness and the proper observance of the confidentiality and professional secrecy provisions,
· authentication systems allow only authorised individuals to have access to both databases containing personal data or premises where evidence are located,
· tracking of accesses and operations are performed,
· audit controls are implemented.
The EDPS recommends with regard to the EIO initiative:
· to include a provision on translations, similar to Article 16 of the EIO initiative;
· to include a provision that prevents the use of evidence for purposes other than the prevention, investigation, detection or prosecution of crime or the enforcement of criminal sanctions and the exercise of the right of defence, as an exception to Article 11(1)(d) of Framework Decision 2008/977/JHA;
· to add an evaluation clause to the EIO initiative, requiring from the Member States to report on a regular basis on the application of the instrument and from the Commission to synthesise these reports and, where relevant, issue appropriate proposals for amendments.
Moreover, and more in general, the EDPS:
· recommends the Council to establish a procedure in which consultation of the EDPS will take place, in case an initiative introduced by Member States is related to the processing of personal data,
· reiterates the need for a comprehensive data protection legal framework covering all areas of EU competence, including police and justice, to be applied to both personal data transmitted or made available by competent authorities of other Member States and to domestic processing in AFSJ.