EU data chief urges limits on joint police powers

03.06.13 @ 17:45

  1. By Nikolaj Nielsen
  2. Nikolaj email
  3. Nikolaj Twitter

BRUSSELS - The EU's data privacy chief wants tough new limits imposed on EU police agency Europol.

  • Hustinx will oversee data rule compliance at the EU police agency (Photo: Asteris Masouras)

"A strong framework of data protection is important not only for those under suspicion or involved in an investigation, but also contributes to the success of police and judicial co-operation," Peter Hustinx, the European Data Protection Supervisor (EDPS), said in a statement on Monday (3 June).

Hustinx says Europol should only collect personal information for specific investigations.

He says the data should not be used for other purposes aside from the reasons it was collected in the first place.

The Hague-based police agency co-ordinates national forces' investigations by pooling data sets from different authorities and then sharing them with the relevant national investigators.

In March, the European Commission put forward proposals to boost Europol's powers.

But Hustinx voiced concerns over some of the proposals, such as cross-referencing information stored in different databases to check if someone is suspected of more than one crime.

“The increased flexibility to cross check information should be balanced, for example, by specifying the purpose and in general by keeping a high level of data protection,” he said.

The police agency also has operational agreements with the US, Australia, Canada and Interpol and around a dozen other non-EU countries.

It is now in the process of concluding bilateral agreements with Brazil, Mexico, Georgia, and the United Arab Emirates.

Under the commission’s proposal, the EDPS' role at Europol will also be upgraded to ensure the agency adheres to EU rules on data protection.

The commission in a memo in December called upon member states to share more national data with the police agency as it attempts to better co-ordinate crime stopping investigations.

Existing arrangements, it noted, did not warrant new EU-level law enforcement databases or other types of EU information exchange.

Some of those arrangements include the now two-year-behind-schedule "Prum" decision, which mandates the networking of national fingerprint, DNA and vehicle registration databases.

Hustinx said there is a logical emphasis on information exchange in the absence of a European police force, but warned it must not come at the expense of fundamental rights on privacy.

Meanwhile, EU officials remain silent over concerns that US law enforcement will be able to snoop on EU citizens' data stored on US Cloud providers such as Amazon or Google.

One official told this website on Monday that EU interior ministers have yet to discuss the issue in the context of the draft data protection regulation currently under legislative review.

New provisions in the heavily-lobbied data bill include a line on binding corporate rules for companies that process data on the Cloud.

The rules outline standards and practices in a corporate entity and its subsidiaries on how to handle personal data transmitted into and from countries with a sub-par level of data protection rules.

The regulation would require Cloud providers to hire a private-sector audit company to certify the generic Cloud system for security.

Industry has welcomed the ideas as a means to build trust in the "free flow."

But a handful of privacy specialists say it is riddled with loopholes that make it impossible to enforce.

A European Parliament report out last year says it will enable US authorities by way of the amended Foreign Intelligence Amendments Act (FISA) to conduct political surveillance on foreigners' data accessible in US Cloud providers.

US authorities have denied the claims.

The commission, for its part, has yet to issue an official comment to or take a position.

“Reconfirming that we still have no comment on this,” EU spokeswoman Mina Andreeva told this website by email in mid-May.