Data protection standards ‘inadequate’

The EU’s top data protection official has warned that adequate safeguards do not exist for citizens’ information held by law enforcement agencies.

Peter Hustinx also criticised attempts by some member states to water down a proposal to set up protection for data held by police, immigration or customs agencies.

There was a "patchwork" of legislation throughout the EU states and rules provided by Council of Europe conventions were "very general", he told a European Parliament hearing on police co-operation. "Current standards are inadequate…they don’t meet basic criteria in effectiveness," he said.

Hustinx’s comments come as the German presidency prepares to push early next year for agreement among justice ministers on data protection legislation for law enforcement agencies. Some member states want to limit a proposal for data protection to cross-border exchanges of data (such as Schengen and visa databases) rather than national police databases. But Hustinx warned that trying to separate out such information would lead to additional costs for law enforcement agencies and would not provide the consistency needed for data protection across the EU.

He added that it was important to adopt wide-ranging legislation on data protection which would cover agreements with third countries, such as the Passenger Name Record deal struck with the US.

French Socialist MEP Martine Roure, the Parliament’s rapporteur on the data protection legislation, said after the hearing that the Council of Ministers was ignoring concerns about the proposal being watered down. "If there is such a small scope it will be a very bad thing for data protection," said Roure.

Parliament has only been consulted on the proposal but was willing to block other proposals where it had the power of co-decision with member states, such as the Visa Information System (VIS), to gain some leverage on data protection, she said. "I am insisting this is not about blackmail but about giving a proper level of protection to European citizens’ data," she added.

Günter Krause, head of the directorate-general for police matters in the German ministry of interior, said he had not heard of complaints about data protection in the law enforcement area. Stringent data protection safeguards had been built into the Treaty of Prüm, a data-exchange treaty agreed last year outside the EU institutions by seven member states. The treaty is to be brought into EU law during the German presidency. "This means we have excellent provisions in place under the third pillar and if Prüm is transferred to community law things will look even rosier," said Krause.

But Franco Frattini, European commissioner for justice, freedom and security, disagreed, saying the treaty "should be complemented by a coherent and complete data protection regime at EU level and applicable across all third pillar issues".

The EU’s top data protection official has warned that adequate safeguards do not exist for citizens’ information held by law enforcement agencies.

• Primary Source