Decision of the European Data Protection Authorities on the future of...
Decision of the European Data Protection Authorities on the future of the Police Working Party - Larnaka (Cipro) 10-11 maggio 2007
Spring Conference of European Data Protection Commissioners
Larnaka (Cipro), 10-11 maggio 2007
Decision of the European Data Protection Authorities on the future of the Police Working Party
I. HISTORIC DEVELOPMENT OF THE PWP
- In the early 1990s the French data protection authority - the CNIL, took the initiative of establishing a European wide working party on data protection in police matters, titled Police Working Party (PWP)
- The chairmanship of this working party subsequently moved to Peter Hustinx, president of the Netherlands data protection authority.
At this time the Working Party took on a major task of preparing for the introduction of the Europol Convention, the Customs Convention and the Schengen Convention and the establishment of the Joint Supervisory Bodies and Authority. There were frequent meetings concerned particularly with the difficult task of developing implementing rules of the Europol Convention.
- At the Spring Conference of European Data Protection Authorities in Madrid in 1994: some resolutions were adopted about the structure of the Spring Conference including its working groups ( PR working group, telecom working group and the PWP).
- The PWP (Working Party on police and other related matters) thus became a formal working group of the Spring Conference with a permanent chair and secretariat (Dutch DPA).
- At the Commissioners´ Spring Conference in 2001 it was agreed that : the Working Party should take on more of an educational and self help role for data protection authorities on policing related matters. The UK authority agreed to take on the job of organising a series of workshops and the chairmanship passed to Francis Aldhouse.
- In 2004, at the Rotterdam Spring Conference, a proposal from the UK delegation on the future of the Working Party was discussed. The Working Party was then (again) mandated to monitor third pillar developments and to advise the Conference.
- Until the next Spring Conference the Dutch DPA was appointed as chair including the secretariat. It was furthermore decided that the DPA organising a Spring Conference will also be the chair and the secretariat of the Working Party until the next Spring Conference. The joint data protection secretariat at the Council offered assistance.
- Since then the Working Party met several times under Dutch, Polish and Hungarian chairmanship.
II. RECENT DEVELOPMENTS
- One of the most important tasks of the European Data Protection Authorities´ consists in advising the authorities involved in legislative matters on data protection issues, by pointing out the risks that legislative initiatives might entail for civil liberties and by proposing alternatives which would be more respectful of individual´s rights with regard to the processing of their personal data.
- As a matter of fact the Commission, the Council and the European Parliament have been seeking such advice with increasing frequency, both in first and third pillar matters.
- Over the past few years it has become clear that third pillar initiatives require more permanent special attention from European Data Protection Authorities. The Spring Conference of Data Protection Authorities hence mandated the PWP to concentrate on a number of specific matters, like biometrics, the availability principle, and the establishment of a common European framework for inspecting police files.
- Notwithstanding the adoption by the European Data Protection Conference of the resolution stressing the need for a joint European Union forum on data protection in police and judicial co-operation matters on 14 September 2004 in Wroclaw, Poland, it has recently become clear that the current organisational arrangements for delivering high quality advice, after Europe-wide consultation and at an early stage, need a more structured approach.
- The PWP currently works under the following organisational arrangements. The Presidency and the secretariat of the group are currently assigned to the organising country of the Spring Conference, for a period of one year. This task has become more significant than it originally was expected, as the workload of the PWP has substantially increased over the past few years.
- The joint data protection secretariat for the Europol JSB, the Customs JSA and the Schengen JSA currently acts as a support to the secretariat for the Working Party as well, on a voluntary basis. This secretariat has very limited resources.
- Given this current structure, it is obvious that the European Data Protection Authorities will soon find it hard to respond adequately to forthcoming challenges in data protection in third pillar matters. They thereby run the risk to loose grip and influence in an area where data protection is fundamental and in recent years is gradually being undermined.
- The most recent version of the draft Framework Decision on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters (13 March 2007), as presented by the German presidency, indeed envisages the institutional creation of an independent Joint Supervisory Authority which is to supervise and monitor the observance of data protection rules in the processing of personal data in third pillar matters. It is envisaged that this JSA is provided with operational and investigative powers similar to those granted to the existing JSB and JSA.
- In the previous version of the draft Framework Decision a "Working Party for the protection of individuals with regard to the processing of personal data for the purpose of the prevention, investigation, detection and prosecution of criminal offences" was created the missions of which were paralleled to those of the Article 29 Working Party.
- The perspective of an institutionalised group for data protection in the third pillar is most certainly positive for the European Data Protection Authorities, as the creation of such a supervisory and advisory body would provide a stable institutional framework for them to carry out the activities which they have so far carried out, in a non EU institutional manner, through the PWP.
- Yet progress on this issue may prove to be slow. Furthermore it appears that political consensus has not yet been achieved as to the scope of the activities of the group and its precise missions.
- Until such a group or authority formally exists, the European Data Protection Authorities are bound to rely on the existing PWP and on its current structure. Yet, it is obvious that during this transitional period the PWP will be called to reflect on the tasks which an institutionalised WP or authority should be assigned thus anticipating its future role. In this context, the increasing demand to react on developments in the area of police and juridical cooperation calls for a more structured organisational framework of the PWP.
- In view of this, and for the sake of continuity, it seems necessary to appoint a chairman for a period exceeding one year and to have a permanent secretariat. Only such measures would provide efficient support to the Chairman and enable the Chairmanship to adequately deal with the present workload of the PWP. An additional essential improvement would consist in granting the PWP with a clear mandate to act which, when necessary, should not be limited to reporting to the European conference.
- In the light of the so-called "London initiative", the European Data Protection Authorities must show that they can rise to the challenge to improve their working methods and ensure that adequate means are ensured to provide for guidance and supervision in data protection matters in the third pillar.
The Conference of the European Data Protection Authorities mandates the PWP to monitor the developments in the area of law enforcement to face the growing challenges for the protection of individuals with regard to the processing of their personal data. The PWP will propose and prepare all necessary actions to be taken in this area by the Conference.
The PWP is mandated to act on behalf of the Conference when a quick reaction is urgently needed. In such cases all members and observers of the Conference shall be informed by the Chairman of the PWP on the planned action.
The Conference appoints a Chairman and a Vice-Chairman for a fixed-period of two years, once renewable. The Vice-Chairman shall not be from the same state as the Chairman.
The conference recognises the need for a permanent secretariat for the PWP. It acknowledges the important but informal role played by the Council´s data protection secretariat in recent years and wishes this to continue. Whilst it would like this role to be formalised it recognises that that this can not be achieved immediately. Until a permanent secretariat is formally established the Chairman and Vice Chairman shall between them fulfil this function taking advantage of the services of the Council´s data protection secretariat, as far as possible, to carry out the necessary tasks.
The PWP, upon proposal of the Chairman and Vice-Chairman is mandated to draft rules of procedure for adoption of opinions or resolutions. These rules as well as rules of procedure for the election of the Chairman and Vice-Chairman and the conditions for renewal of their mandates shall be submitted for approval to the Conference and if necessary for operational reasons in the calendar by written vote before the next Spring Conference. The PWP, upon proposal of the Chairman and Vice-Chairman, shall elaborate its objectives, missions and working program over the coming 2-3 years for submission to the Conference.
The Chairman and the Vice-chairman shall explore the different options to strengthen and structure the Secretariat of the PWP with a view to quickly ensure its permanency and efficiency, in particular by checking with the Council whether the mandate of its current data protection secretariat could be extended to include the secretariat of the PWP.
Cyprus, 11 May 2007