scispace - formally typeset
Search or ask a question
Journal ArticleDOI

The Police and Criminal Justice Authorities Directive: Data protection standards and impact on the legal framework

01 Jun 2017-Computer Law & Security Review (Elsevier Advanced Technology)-Vol. 33, Iss: 3, pp 324-340
TL;DR: While a considerable improvement and major step forward for the protection of personal data in its field, the Directive is unlikely to mend the fragmented legal framework and achieve the intended high level of data protection standards consistent across European Union member states.
About: This article is published in Computer Law & Security Review.The article was published on 2017-06-01. It has received 10 citations till now. The article focuses on the topics: Directive on Privacy and Electronic Communications & General Data Protection Regulation.
Citations
More filters
Journal ArticleDOI
18 Mar 2020
TL;DR: This study answers the question how a PIA should be carried out for large-scale digital forensic operations and describes the privacy risks, threats, and articulates concrete privacy measures to demonstrate compliance with the Police Directive.
Abstract: The large increase in the collection of location, communication, health data etc. from seized digital devices like mobile phones, tablets, IoT devices, laptops etc. often poses serious privacy risks. To measure privacy risks, privacy impact assessments (PIA) are substantially useful tools and the Directive EU 2016/80 (Police Directive) requires their use. While much has been said about PIA methods pursuant to the Regulation EU 2016/679 (GDPR), less has been said about PIA methods pursuant to the Police Directive. Yet, little research has been done to explore and measure privacy risks that are specific to law enforcement activities which necessitate the processing of large amounts of data. This study tries to fill this gap by conducting a PIA on a big data forensic platform as a case study. This study also answers the question how a PIA should be carried out for large-scale digital forensic operations and describes the privacy risks, threats we learned from conducting it. Finally, it articulates concrete privacy measures to demonstrate compliance with the Police Directive.

7 citations


Cites background from "The Police and Criminal Justice Aut..."

  • ...What is missing from the Police Directive is the guidelines on how to successfully implement appropriate safeguards for compliance (Marquenie, 2017)....

    [...]

01 Jan 2014
TL;DR: In this article, the authors identify data protection shortcomings in the inter-agency cooperation regime in the EU criminal justice and law enforcement area and, under six possible scenarios, the interplay among the data protection legal instruments in the law-making process today in field, as well as, the response each could provide to such shortcomings.
Abstract: This study aims, first, at identifying data protection shortcomings in the inter-agency cooperation regime in the EU criminal justice and law enforcement area and, second, at outlining, under six possible scenarios, the interplay among the data protection legal instruments in the law-making process today in field, as well as, the response each could provide to such shortcomings.

4 citations

Posted Content
TL;DR: In this paper, the authors show that due to the absence of LED adequacy decisions, personal data transfers to law enforcement authorities in third countries often occur without the appropriate scrutiny and safeguards due to system the LED establishes.
Abstract: In May 2018, EU data protection rules were not only reformed by the General Data Protection Regulation (GDPR) but also by the Law Enforcement Directive (LED). While the LED is often overshadowed by the GDPR, it nevertheless did introduce a number of crucial reforms to data protection in a law enforcement context in the EU including harmonized rules on how personal data in a law enforcement context can be transferred to other law enforcement authorities in third countries. Formally the LED rules on international transfers of personal data to third countries aim at guaranteeing that the level of protection for personal data in a law enforcement context within the EU is not undermined as soon as personal data leaves EU territory. Taking a closer look however reveals major issues with the rules foreseen for transfers in the LED as they often come down to law enforcement authorities self-assessing whether a third country would offer adequate protection within the meaning of the standard of essential equivalence as established by the Court of Justice of the European Union (CJEU) in Schrems. In this paper, I show, by relying on EU fundamental rights law and the case law of the CJEU, how due to the absence of LED adequacy decisions, personal data transfers to law enforcement authorities in third countries often occur without the appropriate scrutiny and safeguards due to system the LED establishes. Using the recent reference to the CJEU by a German Court regarding information exchanges with Interpol, I demonstrate how the created legal uncertainty can affect both the work of law enforcement authorities and the fundamental rights of individuals. I conclude that the current system for international personal data transfers within the LED is deeply flawed and potentially undermining EU personal data protection in a law enforcement context.

4 citations

Book ChapterDOI
30 Oct 2018
TL;DR: The main finding is that a separate standard is not necessary; however, there is a need for setting minimum requirements, ensuring security of the information systems, that come with appropriate guidelines that help the member states to achieve the minimum requirements.
Abstract: In this paper we present the findings of a case-study on IT system security in the area of EU internal security and justice. We have analyzed the implementation of information security for the EU information systems EURODAC, SIS II and VIS in case of Estonia. The analysis comes in a situation, where there are multiple regulations, directives, guidelines; but it lacks a unified standard for the implementation of the member states subsystems. The main finding is that a separate standard is not necessary; however, there is a need for setting minimum requirements, ensuring security of the information systems, that come with appropriate guidelines that help the member states to achieve the minimum requirements. The second finding is that there is a need for greater cooperation and an increased knowledge exchange of the methods used in the member states. Following defined guidelines and exchanging knowledge would help to strengthen the level of security for the entire system.

3 citations

Journal ArticleDOI
TL;DR: In this paper, the authors present the results of the first empirical qualitative research on the provision of restorative justice (RJ) in Scotland, based on interviews with 14 practitioners.
Abstract: This article presents the results of the first empirical qualitative research on the provision of restorative justice (RJ) in Scotland, based on interviews with 14 practitioners. In Scotland, RJ has attracted the attention of penal reformers and practitioners since the late 1980s, offering an alternative to criminal justice practices based on retribution and/or rehabilitation whilst promising to reduce reoffending and heal people harmed by crime. In 2017, the Scottish Government has fully recognized the existence of RJ by issuing the first national ‘Guidance’ for the delivery of this process, followed by an ambitious ‘Action Plan’. In spite of such a long-lasting interest and recent policy recognition, there is a lack of knowledge regarding the organization and actual delivery of RJ in Scotland. In fact, research on this subject is scant, anecdotal and dated. This article addresses this knowledge gap by presenting original data on the provision of RJ within Scottish local authorities. The findings show similar understandings of RJ, context-specific organizational models and common systemic challenges characterizing RJ providers, generating evidence to critically assess recent Scottish policy on RJ, whilst drawing implications with relevance for the development of RJ across Europe.

2 citations

References
More filters
01 Jan 2014
TL;DR: In this article, the authors identify data protection shortcomings in the inter-agency cooperation regime in the EU criminal justice and law enforcement area and, under six possible scenarios, the interplay among the data protection legal instruments in the law-making process today in field, as well as, the response each could provide to such shortcomings.
Abstract: This study aims, first, at identifying data protection shortcomings in the inter-agency cooperation regime in the EU criminal justice and law enforcement area and, second, at outlining, under six possible scenarios, the interplay among the data protection legal instruments in the law-making process today in field, as well as, the response each could provide to such shortcomings.

4 citations

Journal ArticleDOI
TL;DR: In this paper, the authors identify data protection shortcomings in the inter-agency cooperation regime in the EU criminal justice and law enforcement area and, under six possible scenarios, the interplay among the data protection legal instruments in the law-making process today in fi eld, as well as, the response each could provide to such shortcomings.
Abstract: This study aims, fi rst, at identifying data protection shortcomings in the inter-agency cooperation regime in the EU criminal justice and law enforcement area and, second, at outlining, under six possible scenarios, the interplay among the data protection legal instruments in the law-making process today in fi eld, as well as, the response each could provide to such shortcomings.

3 citations

Journal ArticleDOI
TL;DR: This paper seeks to analyse the draft Directive in the context of the entire reform approach and scrutinizes a number of specific issues in regard to the scope, the requirements of data processing, notification duties and data transfer to third countries.

3 citations

Journal ArticleDOI
TL;DR: The conference "Safeguarding the right to Data Protection" as mentioned in this paper, held in Paris on 30th and 31st October 2014, looked at developments in EU data protection law with a focus on data protection as a fundamental right and discussed recent jurisprudence from the Court of Justice of the European Union (CJEU), the European Court of Human Rights (ECtHR), and national courts.
Abstract: This contribution is based on presentations and discussions at the conference “Safeguarding the Right to Data Protection”, held in Paris on the 30th and 31st October, 2014. Vladimir Marinescu, of the Academy of European Law (hereafter: ERA), in cooperation with the Cour de Cassation , organised the event. The conference looked at developments in EU data protection law with a focus on data protection as a fundamental right. Speakers discussed recent jurisprudence from the Court of Justice of the European Union (hereafter: CJEU or the Court), the European Court of Human Rights (hereafter: ECtHR) and national courts. The conference covered four main focus areas: EU data protection law; civil and criminal law aspects of data protection and the internet; data protection as a cornerstone of European fundamental rights protection; and data protection remedies. This contribution elaborates upon some of the most pertinent issues speakers discussed.

3 citations