Brussels, 14 September – The EDPB adopted a statement on the European Commission’s proposal for an EU Police Cooperation Code. This proposal aims to enhance law enforcement cooperation across Member States, in particular the information exchange between the competent authorities. The code is comprised of three main measures: proposal for a Prüm II Regulation, proposal for a Police Information Exchange Directive and the proposal for a Council Recommendation on operational police cooperation.
EDPB Chair Andrea Jelinek said: “While we acknowledge that police cooperation is a key element for the establishment of a well-functioning Area of Freedom, Security and Justice, there are serious risks associated with the processing of individuals’ personal data in criminal matters, especially where this concerns special categories of personal data such as biometrics. The proposals should lay down some essential safeguards to ensure that the proposed measures are necessary and proportionate to the objective of contributing to the internal security of the EU.”
Among others, the EDPB proposes laying down the types and seriousness of crimes that could justify an automated search in the databases of other Member States and making a clear distinction between the personal data of different categories of data subjects, such as convicted criminals, suspects, victims or witnesses in line with Art. 6 of the Law Enforcement Directive (LED).
In addition, the EDPB raises concerns about the envisaged automated searching and exchange of police records by the introduction of the European Police Records Index System (EPRIS) and about the default sharing of personal data with Europol via the Secure Information Exchange Network Application (SIENA).
Next, the EDPB decided upon the topic for its second coordinated enforcement action, which will concern the designation and position of the data protection officer. Further work will now be carried out to specify the details in the upcoming months. In a coordinated action, the EDPB prioritises a certain topic for data protection authorities (DPAs) to work on at the national level. The results of these national actions are then bundled and analysed, generating deeper insight into the topic and allowing for targeted follow-up on both the national and the EU level. Last year, the EDPB selected the use of cloud-based services by the public sector as its first coordinated action. The report on the outcome of the 2022 coordinated action will be adopted before the end of the year.
This new coordinated action follows the EDPB’s decision to set up a Coordinated Enforcement Framework (CEF) in October 2020. The CEF is a key action of the EDPB under its 2021-2023 Strategy, together with the creation of a Support Pool of Experts (SPE). The two initiatives aim to streamline enforcement and cooperation among DPAs.
The EDPB met with representatives from civil society organisations to discuss the challenges posed to enforcement cooperation by different procedural approaches in national law. This is a next step towards the EDPB’s objective to develop an overview of such challenges, as set out in its Vienna Statement on enforcement cooperation.