Legislative Observatory
European Parliament
Please fill in this field to find a procedure

Exchange of information extracted from the criminal record between Member States. Framework Decision

2005/0267(CNS)

Opinion of the European Data Protection Supervisor on the Proposal for a Council Framework Decision on the organisation and content of the exchange of information extracted from criminal records between Member States.

This opinion will firstly address the context of the proposal. In a European Union without internal borders an effective combat of crime requires at least an intensive cooperation between the authorities of the Member States. However, significant obstacles for such cooperation exist, partly due to the fact that the combat of crime is primarily a competence of the Member States.

Secondly, the EDPS will take into account that a framework for the exchange of information can be established according to several models with different impacts on data protection.

This opinion will discuss the main elements of the proposal, these are: the policy choices grounding the proposal; the safeguards for data protection and the division of responsibilities.

The EDPS welcomes the policy choices grounding the proposal. In general terms, the proposal takes into account the obstacles for a really efficient exchange of information from criminal records between the Member States resulting from the differences in languages and in the technological and legal framework of the Member States. The EDPS notices that the proposal for a Council framework decision on the protection of personal data is still being discussed by the European Parliament and the Council and also fundamental issues - such as the field of application and safeguards for transfers to third countries - are far from being settled.

The EDPS recommends that:

- the present Council Framework decision should not enter into force before the date of entry into force of the Council framework decision on the protection of personal data;

- the Council should carefully link the negotiations on the present proposal to the negotiations on the Council framework decision on the protection of personal data. In case negotiations on the Council framework decision on the protection of personal data would exclude the rules concerning transfers of personal data to third countries from its field of application, more precise rules on transfers of personal data to third countries should be laid down in the current proposal.

The EDPS recommends streamlining the mechanism and providing for a limited and more precise definition of purposes, other than criminal proceedings, for which information can be requested as well as for a limitation of the group of persons that may request this information. According to the EDPS, others than the data subject himself should only be entitled to lawfully request this information under exceptional circumstances. A provision should be added to the proposal allowing data protection authorities to control this exceptional use.

The EDPS recommends clarifying the concept of ‘ownership’ in the text or in the recitals of the proposal, as well as establishing an obligation for the central authority of the convicted person's nationality to notify updates/cancellations to the central authorities of those other Member States or third countries that have requested information before it was updated or cancelled.

The EDPS requests the Community legislator to justify why the present proposal could not be limited to more serious criminal offences, inter alia in view of the limits set by the principle of proportionality.

The EDPS welcomes the additional provisions of Articles 10 and Article 11, provided that:

- Article 10 will be worded in a way that it effectively ensures a workable language regime;

- Article 11 will be modified so as to include the setting up of the format in the framework decision itself, to establish the technical specifications by a comitology procedure within a clear time limit and to

abolish the transition period for the implementation of the common format by the Member States, or if

this would be not technically feasible, to limit the period to one year.

Further recommendations of the EDPS concern:

- Article 3 (2) (Central authority), why should the General Secretariat of the Council inform Eurojust about the designation of authorities?

- Article 6(2) (Requests for conviction information), the central authority of the place of residence ‘shall’ - not ‘may’- submit the request to the central authority of the other Member State;

- Article 9 (Conditions for the use of personal data), a provision should be added in which the data protection authorities are encouraged to cooperate actively with each other.