Reform of data protection laws will ensure smoother police cooperation in the EU

It’s taken four years of intense debate, but agreement has finally been reached on the reform of data protection laws in what some are calling the most significant piece of privacy legislation ever. The European Commission – the executive arm of the European Union (EU) – the European Parliament and EU member states last month approved the long-awaited data protection regulations that will be put in place across the EU and which will replace the UK’s Data Protection Act 1998.

This major overhaul of EU-wide data protection legislation is expected to be adopted in the spring and will give people a greater say over how their digital information is collected and managed.

Member states will then have two years to transpose the provisions of the new regulations into their national laws.

The new EU General Data Protection Regulation (GDPR) will run parallel with a new directive for police and justice issues that should enable police forces across Europe to work together faster and more efficiently to counter serious crime and terrorism.

“This is an historic agreement, since it is the first time we have fully harmonised rules covering police and criminal justice authorities on data protection in the EU,” said the European Parliament’s lead MEP on the directive, Estonia’s Marju Lauristin.

“These rules, applying to cooperation between EU member states and with other countries on transferring and processing of data, should facilitate the sharing of information, while at the same time ensuring that European citizens’ fundamental rights are not violated.

“How police and criminal authorities use personal data can affect our lives to a great extent. It, thus, has to be done correctly and under appropriate legal framework.”

She said the draft directive on the protection of individuals – with regard to the processing of personal data for the purposes of prevention, investigation, detection or prosecution of criminal offences – will be the first instrument to comprehensively harmonise 28 different law enforcement systems with respect to data processing for law enforcement purposes. It will also set minimum standards for data processing for policing purposes within each member state.

EU countries may set higher standards than those enshrined in the directive if they wish, added Ms Lauristin.

She said the rules should thus clarify police cooperation arrangements at all administrative levels and give citizens greater certainty as to the law. The safeguards will apply to everyone, whether victim, criminal or witness. The directive will set out clear rights for individuals and establish an independent supervisory authority with enforcement powers.

During the three-way-talks between the European Parliament, Council and Commission, Parliament’s negotiators insisted on the mandatory presence of a data protection officer to monitor all data transfers, as well as a prior assessment being carried out in cases where data processing is likely to entail high risk for a person’s rights and freedoms.

While the new EU GDPR will apply directly throughout the EU with the aim of bringing about a standard data protection regime, the directive relating to police and justice issues will be implemented in each member state individually.

Information Commissioner Christopher Graham, who is leaving his post in June when his term finishes, explained: “The reforms agreed will mean change. Four years of work has created a set of rules that will need adjustments from consumers, businesses and, of course, the regulator. But it’s progress that the EU is moving on from trying to regulate 21st century digital developments with legislation dating from 20 years ago. Most crucially, a new law will remind people of their data protection rights and remind organisations of their data protection responsibilities. That can only be welcomed.”

He said the priority for the Information Commissioner’s Office (ICO) this year will be will be “making sure that we do all in our power to ease the introduction of the new rules – for data controll