Europol as an - Drone Conference
Download
Report
Transcript Europol as an - Drone Conference
Europol’s
tailor-made data protection
framework
Daniel Drewer
Head Data Protection Office
Budapest 5 February 2015
Europol’s Tasks
Exchange of information
between Member States
Obtain, collate and analyze
information and intelligence
To support national
investigations
Computerized system of
collected information
Europol – the European FBI?
Any operational action by
Europol must be carried out in
liaison and in agreement with
the authorities of the Member
State or States whose territory
is concerned. The application of
coercive measures shall be the
exclusive responsibility of the
competent national authorities.
Information Exchange
Exchange of information
among the EU MS and
between the EU and third
countries involved
Direct contacts with EU MS’
experts
Cooperation with Third
States and organisations
incl. Eurojust and Interpol
Possibility to process law enforcement data
in tailor-made IT systems
Europol Information System (Article 11 ECD)
Analysis work files (Article 14 ECD)
New systems (Article 10.2 ECD)
The processing of personal data
has to be explicitly allowed and
defined in order to protect
individual’s rights!
Europol Information System
Large reference database
6
AWFs
Initiation of Investigations
operational
Support of Investigations
Analysis
Overview on Crime
Situation in EU
strategic
Decision Making
Analysis Work Files (AWFs)
Data subjects
Suspects
Witnesses
Victims
Contacts and associates
Informants
8
Key capabilities – Our information (2014)
•
Europol
Information
System
•
Analysis
Work
Files
•
Secure
Information
Exchange
Network
Application
9
255.431 data items
76.137 persons
14 countries using data loaders
103.778 searches
29 specialised analysis projects
78.798 persons in CT
672.065 persons in SOC
Modern analytical techniques, e.g. SNA
141.908 messages exchanged
8.537 new cases initiated
More than 340 competent authorities
connected
More than 4.000 users
Data Protection at Europol
Why is data protection of
particular importance to
Europol?
“Data Protection hinders effective
law enforcement” !?
Occasional prejudice in the
law enforcement community
Message to the Controllers and Processors
We are sitting in one boat!?
Data Protection leads to high quality of data
Any failure to comply with it’s tailor-made data
protection framework might prevent the criminal
from being convicted
Cases of imminent criminal danger are subject
to exemption rules
Data Protection acquis at Europol
Europol Council Decision
Implementing Rules, e.g. the
Analysis Rules, Third States,
Confidentiality
Council of Europe Convention 108
from 1981
Council of Europe Recommendation
R(87)15 – Use of personal data in
the police sector
Regulation (EC) 45/2001
Framework Decision on Data
Protection in 3rd Pillar NOT
applicable
Processing of personal data is part of
core business
Europol as an “Intelligence Broker”
Enhance “intelligence led policing”
Data protection is one important
element to be considered when
measuring Europol’s operational
powers and limits
New meaning of Data Protection in the postSnowden age?
Debate on healthy balance
between security and privacy
more important than ever!
LE operations regulated by law
in far more detail
Oversight mechanisms are more
transparent
No “full take” -> no haystack but a (pretty big) pile of needles
Supervision of Europol (Internal)
Tasks of the Data Protection Officer
Ensuring, in an independent manner, lawfulness and
compliance
Audits Europol’s systems (Information System,
AWFs)
Regular audit plans (monthly for the EIS)
Audit reports are sent to the Director, MB and JSB
Ensuring that data subjects are informed of their
rights under the ECD at their request
Cooperating with the JSB
Preparing an annual report and communicating that
report to the MB and to the JSB
16
Supervision of Europol (External)
JSB: tasks
Review the activities of Europol in order to ensure
that the rights of the individual are not violated by
the storage, processing and use of the data held by
Europol
Monitor the permissibility of the transmission of
data originating from Europol
Examining and commenting on the opening of AWFs
Providing opinions relating to implementation and
interpretation of the Europol Council Decision
Providing opinions if Europol wishes to conclude an
operational agreement with third parties
17
Supervision of Europol (Indirect)
National Supervisory Bodies
Monitor independently, in
accordance with national
law, communication of
personal data to and from
Europol
Access at national unit and
at liaison offices on Europol
premises
Data subject has a right to
request national supervisory
body to ensure that input or
communication of personal
data to Europol are lawful
Challenges ahead
New legal framework for Europol (Europol
Regulation)
Specific accommodation for Law
Enforcement purposes (tailor-made data
protection framework)
INTEGRATED DATA MANAGEMENT
Framework for Open Sources Intelligence
(OSINT)
New supervisory governance model
(coordinated supervision: DPAs and EDPS +
strong supervisory powers)
Police information collected via drones
Personal data shared with Europol has
to be lawfully obtained by national
authorities
The data collection must respect
fundamental rights and has to be in
compliance with the national law of the
contributing state
Europol has procedural measures in
place to insure that incoming data is
checked for compliance prior to data
entry
Europol has been inspected in 2014 by
the Joint Supervisory Body in relation
to the lawfulness of data collected in
the states/organisations
The inspection report is available to
the public:
http://europoljsb.consilium.europa.eu
Questions?
Thank you!
Daniel Drewer
Head Data Protection Office
[email protected]