Francesco Pizzetti - 'Towards a New Role for the Police Working Party'...
Francesco Pizzetti - 'Towards a New Role for the Police Working Party' - Spring Conference of European Data Protection Commissioners - Larnaka, ...
Spring Conference of European Data Protection Commissioners
Session 5 - "Police Working Party"
Larnaka (Cipro), 10-11 maggio 2007
"Towards a New Role for the Police Working Party"
1. My presentation is meant to be sort of a "bridge" between present and future; it is an attempt at clarifying what, in my view, – but I think this is not just my view – is the quality leap the PWP should dare to do in order to allow the national data protection authorities to have their voices heard in an area that is increasingly challenging our consciences. And I think that the voice in question must be a single, far-reaching voice, capable to defend the fundamental data protection principles also in the very delicate area related to security and the fight against crime. This voice must manage to be heard very clearly by all the European institutions; it should become a reference point for all European citizens, because it is focused on protecting their data also when they are transferred – on grounds having to do with security, justice, or the fight against terrorism – outside the European Union, to third countries or international organisations.
Let me quote from the London resolution we all approved on 2 November 2006: "There is no alternative to creating a high and harmonized data protection standard in the EU Third Pillar"; at the same time, "a high standard of protection should apply to the transfer of data to third countries and international bodies, subject to an adequacy finding based on common European standards."
This is the context in which the issue of how to strengthen the PWP should be placed.
Indeed, it is necessary to afford better protection to our fellow citizens´ data also in connection with security and the fight against crime, and more generally in the so-called "Third Pillar".
As pointed out in the London declaration, this entails that "relevant data protection provisions should be adopted and applied as soon as possible in the field of law enforcement, providing for an adequate and harmonised system of data protection arrangements not only applying to data exchange between Member States but applying to all personal data processed for law enforcement purposes."
This approach has long been a feature not only of our respective Constitutional charters, but also of the Charters of Rights adopted first by the Council of Europe and subsequently by the European Union.
This is what is set forth in the important Conventions by the Council of Europe as well as in the regulations the European Union has been giving herself over the past years – more clearly and expeditiously in the First Pillar, but increasingly also in the Third Pillar.
The protection of personal data is the focus of this common effort; in a sense, it is at the peak of the development of liberty and democracy in modern societies grounded on fundamental human rights.
This is why it is necessary to become increasingly aware of the important role we are called upon to play; indeed, our role is becoming nowadays essential in defending not only our fellow citizens, but actually our societies as such against the danger that they may turn into surveillance societies because of widespread fears and claims for security – which would turn them into illiberal, increasingly less democratic societies.
2. We have heard how important the work done so far by the PWP has been, and how significantly data protection authorities have contributed to it in the past few years – despite the existing difficulties.
Judicial and police cooperation, which became a part of EU policies following the Maastricht Treaty, continues to be regulated differently as regards the legal bases of Community instruments, their development and adoption mechanisms, and the role played by the European Parliament and the Court of Justice. Although certain issues such as immigration and asylum have been meanwhile "communitarized" based on the Treaty of Amsterdam, the circles and groups dealing with such issues have remained unchanged in terms of their membership and "mentality".
Given the increased demand for security and adequate safeguards against the dangers related to today´s terrorism, we have been veritably "bombarded" with regulatory initiatives concerning fundamental issues for European citizens.
These initiatives and proposals are being handled by working groups where no data protection authority is represented; thus, it can be stated – which has been repeatedly argued by the Spring Conference as well – that their impact on fundamental human rights, in particular the right to personal data protection, is never adequately assessed. This carries even more serious consequences if one considers that the initiatives and proposals in question provide consistently for exemptions and derogations from the application of the principles laid down in directive 95/46/EC (and in directive 2002/58/EC).
It is increasingly unquestionable that supervisory authorities should, on the one hand, be capable to effectively make the difference in terms of regulation and, on the other hand, effectively supervise compliance and lawfulness of processing operations.
At the same time, it is increasingly undisputed that data protection in the Third Pillar plays a key role in defending democracy both inside and outside the EU.
There is a growing need for the national DP authorities and the EDPS to speak with one voice, working from a single political and decision-making forum capable to provide guidance for data protection in the Third Pillar.
Indeed, the proposals recently put forward by the German Presidency of the EU in the "Draft Council Framework Decision on the Protection of Personal Data Processed in the Framework of Police and Judicial Cooperation in Criminal Matters", of 13 March 2007, give out a clear-cut signal in this regard.
This is actually what I construe to be the proposal for setting up a single "Joint supervisory authority which is to supervise and monitor the observance of data protection rules in the processing of personal data in the third pillar matters."
In my view, strengthening the PWP – which is the only tool currently available in order for us to enhance our role and presence in this sector – goes in this same direction. Our initiative can be said to be authoritatively supported by the draft framework decision.
3. The political message launched several times by European data protection authorities over the past few years is beyond doubt.
The principles that should be consistently upheld in processing personal data "for purposes of security and the fight against terrorism and other serious crime" must ensure a high level of protection and comply with the existing provisions – which means, first and foremost, Convention 108 and Recommendation R(87)15 by the Council of Europe.
Let me also recall that in EU Member States the consistency I am referring to could be achieved by subjecting the processing of data in these sectors to the principles of directive 95/46/EC, i.e. to a first-pillar instrument – although with certain adjustments.
However, our recommendations are no longer enough. The risk that our citizens´ data are afforded too weak a protection is quite high.
We are all aware of the very concrete risk that the increasing pressure exerted "by" and "on" the select circles corresponding to the so-called "Community law-makers" might ultimately result into introducing legislation that impinges more and more directly on fundamental rights and freedoms.
The decisions in this sector are all too often made at supranational level and in accordance with procedures that exclude the participation and control by national Parliaments. They are not shared through a dialogue with national institutions and the public opinion in the individual States, i.e. the addressees of the instruments and decisions in question. Thus, they may easily result into downsizing the safeguards afforded at national level.
4. This is why I believe the Police Working Party should become a permanent forum for discussing and debating all the issues having to do with data protection in the Third Pillar – that is to say, the forum where national DP authorities and the EDPS can work side by side and take decisions of a "political" nature with the required rapidity and flexibility. But it should also become a body capable to adequately represent our authorities externally, also by means of an ad-hoc Presidency Bureau.
From this viewpoint, I and the Italian Garante fully support the proposal put forward at this Conference "on the future of the Police Working Party". This is, in my view, the natural evolution of what was born in 1994 as a "working group" and grew in its importance over the years until 2004, when it started working as a formally recognised arm of the Spring Conference – under the guidance of the interim Presidency of the DP authority in charge of organising the annual Spring Conference.
Thus, we should take a step forward – and the Resolution submitted to this Conference goes in the right direction.
We have repeatedly called for the need and advisability of a unified approach, at EU level, with regard to the data protection principles applying to the Third Pillar. It is high time we adequately supported this stance by laying down more specific mechanisms for the functioning of the PWP.
I said that our initiative might be regarded as the forerunner of the joint supervisory authority in the third pillar that is outlined in the text by the German Presidency – taking up the need for consistency in the approach to these issues that Italy had emphasised ever since 1998.
5. I think we should start from the assumption that the Working Party should be capable to have its voice heard directly in all the appropriate fora – starting from the European Parliament and the EU Council – with the rapidity and effectiveness made necessary by the fast, unrelenting developments that are a feature of the sector we are addressing here.
In my view, European data protection authorities should be actively participating in all the decision-making processes that affect citizens´ fundamental rights.
Our stance can be supported with more strength if we can speak with one voice as well as with a more authoritative voice; if we equip ourselves with the tools that are necessary to take steps, on the basis of a stable, unified representation to be defined in accordance with shared rules – so that we can be recognised as a stakeholder in all decision-making processes that impact on fundamental features of citizens´ lives and security.
This "quality leap" can only be made possible on the basis of a voluntary decision taken by all the authorities attending today´s Conference. There is actually no legal basis upon which we can rely to claim this role for the PWP; however, I am sure this is no news to any of us.
Still, there is the intention clearly voiced by the Spring Conference in the resolutions and declarations already approved as well as in those we hope will be approved today – I mean the intention to go forward in the direction pointed out so far.
If over thirty countries set about ensuring fundamental rights via the competent authorities on the basis of their common will, I think we have sound foundations on which to build up something new and useful to all European citizens.
6. In concrete, it will be necessary to provide for a stabler, dedicated Presidency and vice-Presidency bureau, which is currently not the case. My friend Mr. Kohnstamm is going to address this point in detail; still, I think he will agree with me if I say that the presidency and vice-presidency of the new PWP should also act as its representatives – as the spokespersons for the working party in all the relevant fora.
The secretariat will also have to be managed in principle on a stabler, dedicated basis, and we will have to develop our own internal rules of procedure to regulate our sessions and the access to documents.
Maybe one could also envisage subgroups or other bodies to deal with drafting and revising the texts to be submitted for the final decision.
The decision-making process and the representation power conferred specifically on the president and vice-president will also have to be clarified.
We might also want to discuss on the advisability of changing the name of the PWP in order to better take account of the purposes sought.
All these points have already been the subject of in-depth analysis within the PWP, and I am sure we will be given the opportunity to discuss them further during this session.
7. Lastly, let me raise an important point.
None of us are ready to accept overlaps or useless repetitions.
By strengthening the PWP as required, we do not want to step into anybody´s shoes. In fact, pending new regulatory developments, we should aim at developing all manners of co-operation with all the entities that are already tackling these issues at supranational level.
I am referring, in particular, to the joint supervisory authorities provided for by the Europol, Schengen, and CIS conventions, as well as obviously to the EDPS in his capacity as supervisory authority for the systems placed under the responsibility of Community institutions – such as the Eurodac central unit.
Laying down collaboration and co-ordination mechanisms with those authorities is yet another task to be discharged by the PWP on the basis of the mandate committed to it by the Spring Conference.
In this regard, it is unquestionable that the whole process will be managed more easily if the mandate possibly conferred by the Spring Conference leaves as little margin for doubt as possible.
This is exactly why I considered it helpful to put forward some possible proposals in my presentation.
What really matters is, however, that we can discuss them together here and today.
Thank you for your attention!