European Data Protection Supervisor (EDPS) Peter Hustinx has issued a plea for more care in negotiations over a framework decision on data protection as it relates to crime and policing. "I fear that the negotiations in Council might lead to an inadequate outcome," said Hustinx.
The Council of Ministers is negotiating a framework of data protection in the third pillar, which means in the realm of law, policing and immigration.
"Delegations must understand that good data protection goes hand in hand with good law enforcement," said Hustinx, who is responsible for making sure that European bodies comply with data protection law.
"If they succeed in agreeing on a high level of protection for all data, including 'purely' domestic processing, they will at the same time improve trust between EU police and judicial authorities," he said.
Hustinx said that his main concern was that two classes of data files were being created, between data from one country and data from any other member state. He said that this would make it harder for citizens to exercise their rights.
Hustinx also said that there was a risk that the framework could allow for the processing of information on a person's religion, race or ethnic origin without sufficient safeguards, and that there was not enough protection against the exchange of information with bodies that were not concerned with law enforcement.
Echoing a concern in relation to economic data, he said that current plans did not ensure adequate protections for information being transferred to other countries. One European body, bank payments organisation SWIFT, has been reprimanded by data protection authorities for allowing transaction details to be transferred to the US, where data protection is weaker.
"Some basic rights for data subjects, like the right to be informed, no longer seem to be guaranteed," said a statement from Hustinx's office. "Exceptions to this right may become the rule."
Hustinx's office also signed an agreement with EU complaints body the European Ombudsman P Nikiforos Diamandouros to co-operate on complaints relating to the duties of both offices. The two bodies agreed to inform each other when complaints relevant to the other were made.
"Because maladministration includes failure by the EU institutions to comply with their data protection obligations, it is important that we coordinate on cases where our competences partly overlap," said a joint statement from the two offices. "This agreement builds upon the current practice of good cooperation between our two institutions".