Select Committee on European Scrutiny First Report


DATA PROTECTION IN THE FIELD OF JUDICIAL CO-OPERATION IN CRIMINAL MATTERS AND POLICE AND CUSTOMS CO-OPERATION


(21571)
10968/00
JAI 82

Draft Resolution on the personal data protection rules
in instruments under the third pillar of the European
Union


Legal base:
Document originated: 31 August 2000
Forwarded to the Council: 31 August 2000
Deposited in Parliament: 19 September 2000
Department: Home Office
Basis of consideration: EM of 3 October 2000
Previous Committee Report: None; but see (19836) 5643/99: HC 34-xxvi (1998-99), paragraph 5 (21 April 1999) and (21210) 7381/00: HC 23-xxi (1999-2000), paragraph 4 (14 June 2000)
To be discussed in Council: No date set
Committee's assessment: Legally and politically important
Committee's decision: Not cleared

Background

  3.1  This draft Resolution takes forward one of the three elements in the Council's current work on data protection under the Third Pillar, namely the question of whether there should be common data protection rules for all activities under Title VI of the Treaty on European Union. The other two elements are consideration of a common secretariat to service the Data Protection Joint Supervisory Bodies established under Title VI instruments, and consideration of whether there should be a single data protection supervisory body to replace such bodies.

  3.2  We considered a Presidency note on the protection of personal data at our meeting on 21 April 1999[13] when we welcomed and supported the intention to harmonise data protection provision and supervisory control in the Third Pillar. We subsequently cleared this note from scrutiny at our meeting on 14 June 2000, when we also cleared one of the elements referred to in that note, namely a draft Council Decision establishing a Secretariat for the Joint Supervisory Data Protection bodies set up by the Europol and Schengen Conventions.[14]

The document

  3.3  The proposal consists of a non-binding Resolution setting out some common principles for the protection of personal data. The preamble to the Resolution states that Directive 95/46/EC[15] does not apply to the processing of personal data in the course of an activity which falls outside Community law, and that 'a comprehensive document is needed to define the fundamental rules for data protection in the field of police, judicial and customs co-operation, not covered by Directive 95/46/EC '.

  3.4  Although the proposal is expressed in the form of a Resolution, it is in substance more akin to a model law. Indeed, it is described in the accompanying statement of reasons by the French Presidency as being 'a reference text for instruments to be drawn up in the context of the third pillar' which will 'serve as a basis for drafting future co-operative instruments of the Union, which will themselves have binding force'.

  3.5  The Resolution is in two parts. Title I sets out the general scope and provides that relevant Title VI EU instruments must specify which of the principles in Title II is to apply, and must define any exceptions. Title II sets out a number of principles, which largely follow those of Directive 95/46/EC. There are, however, some differences between the two texts.

  3.6  It is surprising that in relation to such a key matter as the processing of sensitive data (i.e. personal data revealing ethnic origin, political opinion, religious or philosophical beliefs, trade union membership, or processing of data concerning health or sex life) there is no express prohibition, unlike the position under Article 8 of Directive 95/46/EC. Instead, a prohibition is left to be deduced from a derogation under which 'exceptionally' such data processing can be authorised.

  3.7  It is also surprising that, according to the statement of reasons, provisions on the interception of communications have been removed from the text of the principle (Article 10) concerned with confidentiality.

  3.8  A similar omission concerns the provisions on remedies where, again according to the statement of reasons, the Resolution has not incorporated any principle on the possibility of remedies. Article 17 of the Resolution provides that 'observance of the principles of personal data protection is to be guaranteed and monitored by an independent public supervisory authority vested in particular with powers of investigation and intervention allowing it to rectify incomplete or inaccurate data or erase unlawfully processed data'. There is, however, no provision requiring a judicial remedy to be available. This compares unfavourably with Article 22 of Directive 95/46/EC which provides that, without prejudice to any administrative remedy for which provision may be made, 'Member States shall provide for the right of every person to a judicial remedy for any breach of the rights guaranteed him by the national law applicable to the processing in question'.

The Government's views

  3.9  In her Explanatory Memorandum, the Minister of State at the Home Office (Mrs Barbara Roche) explains the policy implications of the proposal as follows;

    "No policy implications flow from the draft Resolution itself. As already noted, it is not a legally binding instrument. However, there will be a strong expectation that future Third Pillar instruments will incorporate such of its provisions as are relevant to the subject matter of the instrument in question."

Conclusion

  3.10  We have already indicated our support for improved data protection provisions and supervision under Third Pillar instruments, but we find the proposed Resolution disappointing and inadequate in a number of respects. In particular, the Resolution does not express the prohibition on processing sensitive data sufficiently forcefully, and the provisions on judicial remedies seem to us to be inadequate. It seems to us that it would have been preferable for the Resolution to have followed Directive 95/46/EC (the Data Protection Directive) more closely.

  3.11  Before clearing the document we ask for the Minister's views on these points, and we ask her to inform us of any comments made on the Resolution by the Data Protection Registrar.


13   (19836) 5643/99; see headnote to this paragraph. Back

14   (21210) 7381/00; see headnote to this paragraph.  Back

15   OJ No L 281 of 23.11.1995 p. 31. Back


 
previous page contents next page

House of Commons home page Parliament home page House of Lords home page search page enquiries index

© Parliamentary copyright 2000
Prepared 29 December 2000