Feeds

Privacy chief OKs sharing criminal records if privacy tightened

Data protection measures needed

Choosing a cloud hosting partner with confidence

Europe's privacy regulator has said that he will back a pan-European criminal records system only if specific data protection measures are put in place. Because the system deals with crime and security, EU data protection law does not currently apply to it.

The European Data Protection Supervisor (EDPS) Peter Hustinx has said that the planned system to connect the criminal records databases of EU member states is a good idea, but only if the data protection regime around it is strengthened.

EU data protection laws do not apply to crime and security, areas in which EU powers are diminished. "This is unfortunate for the obvious reason of a lack of protection for the data subject, in particular since the processing of personal data relating to criminal convictions is of a sensitive nature," said an EDPS Opinion (pdf) on the system, the European Criminal Records Information System (ECRIS).

"The EDPS proposes adding a provision to the decision stating that Regulation (EC) No 45/2001 shall apply to the processing of personal data under the responsibility of the Commission," it said. Regulation 45/2001 forces EU bodies to process personal data in line with data protection laws.

Hustinx also insisted that any legal framework establishing the system specifically enshrines data protections.

"In Article 6 [of the Framework Decision establishing the ECRIS] reference must be made to a high level of data protection as a precondition for all the implementing measures to be adopted," said the Opinion. "The EDPS supports the present proposal to establish ECRIS, provided that the observations made in the present opinion are taken into account."

Hustinx suggested that the national data protection authorities in each country be given a formal role in coordinating the data protection work related to the system.

The planned system is not a giant pan-European database of criminal records but a network connecting the various national databases. Hustinx has welcomed that structure, saying that it avoids unnecessary duplication of personal data, but warned that it also carries certain risks.

"In practice, the division of responsibilities between the central authorities of the Member States does not work by itself. Additional measures are needed, for instance to ensure that the information kept by the sending and receiving Member State (state of conviction and state of nationality) are kept up to date and identical," said the Opinion.

"This architecture provokes a great diversity in the way it is applied by the different Member States, which is even more apparent in a context of great differences between national legislation (as is the case with criminal records)," it said.

Hustinx has also called for clarity on who would operate the system itself. He said that the European Commission should be responsible for the software connecting the databases and not individual countries, as the plan currently states.

He also said that any text should make it absolutely clear that the Commission is generally responsible for the communication infrastructure underlying the system.

"The processing of personal data relating to criminal convictions is of a sensitive nature, and the confidentiality and integrity of criminal records data sent to other Member States must be guaranteed," said Hustinx in a statement. "It is therefore paramount that high standards of data protection be applied to the functioning of the system, which should ensure a solid technical infrastructure, a high quality of information and an effective supervision."

The European Commission has previously made plans to ease the sharing of data in what is called the 'third pillar' of government, the area of crime and security. Hustinx has criticised and opposed the more wide-ranging proposals, claiming that one 2007 plan a "lowest common denominator approach that would hinder the fundamental rights of EU citizens".

Copyright © 2008, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Secure remote control for conventional and virtual desktops

More from The Register

next story
Bono apologises for iTunes album dump
Megalomania, generosity and FEAR of irrelevance drove group to Apple deal
HBO shocks US pay TV world: We're down with OTT. Netflix says, 'Gee'
This affects every broadcaster, every cable guy
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
French 'terror law' declares WAR on the INTERNET itself, say digi-rights folks
Liberté, Égalité, Fraternité: Two out of three ain't bad
SCREW YOU, EU: BBC rolls out Right To Remember as Google deletes links
Not even Google can withstand the power of Auntie
Arab States make play for greater government control of the internet
Nerds told to get lost in last-minute power grab bid at UN meeting
Zippy one-liners, broken promises: Doctor Who on the Orient Express
Series finally hits stride, but Clara's U-turn is baffling
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.