Lecture 5 - Data protection in the context of police and criminal justice (chapter 7)
BB v. France applicant convicted of a sex offense and registration of his data in the national
database had not been protected sufficiently. Court found that there were sufficient
safeguards and that there were no violations of article 8.
S. and Marper v. the UK in which two applicants’ DNA profile had been registered, they had
not been found guilty and not been convicted. Registration of this data was according to
ECHR a discriminate way of processing data and found that this broke the rules of the right
to privacy, this case lead to a lot of commotion.
Alan v UK art. 8 ECHR, prisoner had a private conversation that was recorded, no statutory
system in the UK for recording private conversations, so a violation of the article.
Class and others v Germany art. 8 ECHR, applicant claimed that several german legislative
acts allow secret surveillance violating the article. Court held that there were enough
safeguards to protect his privacy. National legislations can be quite different, ECHR has to
look at international and national safeguards which provide for enough safeguards to rely on.
The police data recommendation addresses how data files should be collected, who should
be allowed to access the files, what kind of conditions is necessary, how data subjects
should be able to access their right to privacy and data protection, how it should be
implemented. Recommendation also limits the collection of data because it should be
legitimate and serve society purpose. Also they should fall under a lawful basis. Sensitive
data should be limited to absolute necessity for the solving of crimes.
Vetter v. France case. The police was allowed to the registration of data. There was an
anonymous witness that claimed that one of his neighbours committed homicide, this
neighbour was visiting his friends often, so the police bugged his house in secret, and
wiretapping as well. Police could find evidence on the basis of this recordings. Applicant has
not been informed about it, it happened when he was not at home, so the court concluded
that it was not within the scope of article 100 of the French code so a violation of article 8.
The police provided evidence only afterwards. So the means on which the police proved that
the applicant was guilty or not were not enough. There should be made a difference between
administrative data and police data and between hard facts and what is based on guessing
or suspicion. The purpose of data must be limited and really be focussed on the case for
what is necessary. Independent supervision is important. An independent body should
always monitor the processing of data in order to prevent any problems.
An important legal instrument is the Budapest convention (cybercrime convention), it
regulates and harmonizes criminal law against electronic data protection devices. Australia,
USA, Czech republic are members as well, so it has an extraterritorial effect compared to
other legislation. Most important aim of the convention is to solve hacking, illicit cyber
activities, the breaking of copyright infringement, computer facilitated fraud and child
pornography. Another crucial point is that it provides for procedural powers (police agent can
search digital devices), it facilitates international cooperation by itself. It is not data protection
legislation, but indirectly solves as such because it aims to solve and prevent activities that
BB v. France applicant convicted of a sex offense and registration of his data in the national
database had not been protected sufficiently. Court found that there were sufficient
safeguards and that there were no violations of article 8.
S. and Marper v. the UK in which two applicants’ DNA profile had been registered, they had
not been found guilty and not been convicted. Registration of this data was according to
ECHR a discriminate way of processing data and found that this broke the rules of the right
to privacy, this case lead to a lot of commotion.
Alan v UK art. 8 ECHR, prisoner had a private conversation that was recorded, no statutory
system in the UK for recording private conversations, so a violation of the article.
Class and others v Germany art. 8 ECHR, applicant claimed that several german legislative
acts allow secret surveillance violating the article. Court held that there were enough
safeguards to protect his privacy. National legislations can be quite different, ECHR has to
look at international and national safeguards which provide for enough safeguards to rely on.
The police data recommendation addresses how data files should be collected, who should
be allowed to access the files, what kind of conditions is necessary, how data subjects
should be able to access their right to privacy and data protection, how it should be
implemented. Recommendation also limits the collection of data because it should be
legitimate and serve society purpose. Also they should fall under a lawful basis. Sensitive
data should be limited to absolute necessity for the solving of crimes.
Vetter v. France case. The police was allowed to the registration of data. There was an
anonymous witness that claimed that one of his neighbours committed homicide, this
neighbour was visiting his friends often, so the police bugged his house in secret, and
wiretapping as well. Police could find evidence on the basis of this recordings. Applicant has
not been informed about it, it happened when he was not at home, so the court concluded
that it was not within the scope of article 100 of the French code so a violation of article 8.
The police provided evidence only afterwards. So the means on which the police proved that
the applicant was guilty or not were not enough. There should be made a difference between
administrative data and police data and between hard facts and what is based on guessing
or suspicion. The purpose of data must be limited and really be focussed on the case for
what is necessary. Independent supervision is important. An independent body should
always monitor the processing of data in order to prevent any problems.
An important legal instrument is the Budapest convention (cybercrime convention), it
regulates and harmonizes criminal law against electronic data protection devices. Australia,
USA, Czech republic are members as well, so it has an extraterritorial effect compared to
other legislation. Most important aim of the convention is to solve hacking, illicit cyber
activities, the breaking of copyright infringement, computer facilitated fraud and child
pornography. Another crucial point is that it provides for procedural powers (police agent can
search digital devices), it facilitates international cooperation by itself. It is not data protection
legislation, but indirectly solves as such because it aims to solve and prevent activities that
