The European Data Protection Board has held its September plenary session. During the session, it adopted a statement on the European Commission’s proposal for an EU Police Cooperation Code. This proposal aims to enhance law enforcement cooperation across member states, in particular, the information exchange between competent authorities. The code is comprised of three main measures: a proposal for a PrĂ¼m II Regulation to facilitate the automatic exchange between law enforcement authorities of DNA, fingerprint and vehicle registration data to prevent, detect and investigate criminal offences, a proposal for a Police Information Exchange Directive and a proposal for a Council Recommendation on operational police cooperation.
Among others, the EDPB proposes setting out the types and seriousness of crimes that could justify an automated search in the databases of other member states and making a clear distinction between the personal data of different categories of data subjects, such as convicted criminals, suspects, victims or witnesses, in line with Article 6 of the Law Enforcement Directive.
In addition, EDPB raises concerns about the envisaged automated searching and exchange of police records by the introduction of the European Police Records Index System (EPRIS) and about the default sharing of personal data with Europol via the Secure Information Exchange Network Application (SIENA).
Secondly, the EDPB decided upon the topic for its second coordinated enforcement action, which will concern the designation and position of the data protection officer. Further work will now be carried out to specify the details in the upcoming months. In a coordinated action, the EDPB prioritises a certain topic for data protection authorities to work on at a national level. The results of these national actions are then bundled and analysed, generating deeper insight into the topic and allowing for targeted follow-up on both a national and EU level. Last year, the EDPB selected the use of cloud-based services by the public sector as its first coordinated action. The report on the outcome of the 2022 coordinated action will be adopted by the end of 2022.
This new coordinated action follows the EDPB’s decision to set up a Coordinated Enforcement Framework (CEF) in October 2020. The CEF is a key action of the EDPB under its 2021-23 Strategy, together with the creation of a Support Pool of Experts. The two initiatives aim to streamline enforcement and cooperation among data protection authorities.
The EDPB has had discussions about the challenges posed to enforcement cooperation by different procedural approaches in national law. This is a next step towards the EDPB’s objective to develop an overview of such challenges, as set out in its Vienna Statement on enforcement cooperation.
It also issued a press release about the record level fine on Instagram, which SCL covered here.