Council Framework Decision 2008/977/JHA

Okvirni sklep Sveta 2008/977/PNZ

of 27 November 2008

z dne 27. novembra 2008

on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters

o varstvu osebnih podatkov, ki se obdelujejo v okviru policijskega in pravosodnega sodelovanja v kazenskih zadevah

THE COUNCIL OF THE EUROPEAN UNION,

SVET EVROPSKE UNIJE JE –

Having regard to the Treaty on European Union, and in particular Articles 30, 31 and 34(2)(b) thereof,

ob upoštevanju Pogodbe o Evropski uniji in zlasti členov 30, 31 in 34(2)(b) Pogodbe,

Having regard to the proposal from the Commission,

ob upoštevanju predloga Komisije,

Having regard to the opinion of the European Parliament [1],

ob upoštevanju mnenja Evropskega parlamenta [1],

Whereas:

ob upoštevanju naslednjega:

(1) The European Union has set itself the objective of maintaining and developing the Union as an area of freedom, security and justice in which a high level of safety is to be provided by common action among the Member States in the fields of police and judicial cooperation in criminal matters.

(1) Evropska unija si je zastavila cilj vzdrževati in razvijati Unijo kot območje svobode, varnosti in pravice, v katerem bo zagotovljena visoka stopnja varnosti s skupnimi ukrepi držav članic na področju policijskega in pravosodnega sodelovanja v kazenskih zadevah.

(2) Common action in the field of police cooperation under Article 30(1)(b) of the Treaty on European Union and common action on judicial cooperation in criminal matters under Article 31(1)(a) of the Treaty on European Union imply a need to process the relevant information which should be subject to appropriate provisions on the protection of personal data.

(2) Skupni ukrepi na področju policijskega sodelovanja v skladu s členom 30(1)(b) Pogodbe o Evropski uniji ter skupni ukrep na področju pravosodnega sodelovanja v kazenskih zadevah v skladu s členom 31(1)(a) Pogodbe o Evropski uniji zahtevajo obdelavo ustreznih informacij, ki bi morala biti urejena z ustreznimi določbami o varstvu osebnih podatkov.

(3) Legislation falling within the scope of Title VI of the Treaty on European Union should foster police and judicial cooperation in criminal matters with regard to its efficiency as well as its legitimacy and compliance with fundamental rights, in particular the right to privacy and to the protection of personal data. Common standards regarding the processing and protection of personal data processed for the purpose of preventing and combating crime contribute to the achieving of both aims.

(3) Zakonodaja s področja naslova VI Pogodbe o Evropski uniji bi morala pripomoči k učinkovitosti policijskega in pravosodnega sodelovanja v kazenskih zadevah, pa tudi k njegovi legitimnosti in skladnosti s temeljnimi pravicami, zlasti s pravico do zasebnosti in do varstva osebnih podatkov. K doseganju obeh ciljev lahko prispevajo skupni standardi glede obdelave in varstva osebnih podatkov, ki se obdelujejo za preprečevanje kriminala in boj proti njemu.

(4) The Hague Programme on strengthening freedom, security and justice in the European Union, adopted by the European Council on 4 November 2004, stressed the need for an innovative approach to the cross-border exchange of law-enforcement information under the strict observation of key conditions in the area of data protection and invited the Commission to submit proposals in this regard by the end of 2005 at the latest. This was reflected in the Council and Commission Action Plan implementing the Hague Programme on strengthening freedom, security and justice in the European Union [2].

(4) V Haaškem programu za krepitev svobode, varnosti in pravice v Evropski uniji, ki ga je Evropski svet sprejel 4. novembra 2004, je poudarjena potreba po inovativnem pristopu k čezmejni izmenjavi informacij o kazenskem pregonu ob strogem upoštevanju ključnih pogojev na področju varstva podatkov, Komisija pa je pozvana, naj najkasneje do konca leta 2005 odda ustrezne predloge. Odraz tega je bil Akcijski načrt Sveta in Komisije o izvajanju Haaškega programa za krepitev svobode, varnosti in pravice v Evropski uniji [2].

(5) The exchange of personal data within the framework of police and judicial cooperation in criminal matters, notably under the principle of availability of information as laid down in the Hague Programme, should be supported by clear rules enhancing mutual trust between the competent authorities and ensuring that the relevant information is protected in a way that excludes any discrimination in respect of such cooperation between the Member States while fully respecting fundamental rights of individuals. Existing instruments at the European level do not suffice; Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data [3] does not apply to the processing of personal data in the course of an activity which falls outside the scope of Community law, such as those provided for by Title VI of the Treaty on European Union, nor, in any case, to processing operations concerning public security, defence, state security or the activities of the State in areas of criminal law.

(5) Izmenjava osebnih podatkov v okviru policijskega in pravosodnega sodelovanja v kazenskih zadevah, predvsem v skladu z načelom dostopnosti informacij, zapisanim v Haaškem programu, bi morala biti oprta na jasna pravila, ki bi krepila medsebojno zaupanje med pristojnimi organi ter zagotavljala varstvo zadevnih informacij, na način, da je izključena vsakršna diskriminacija glede takšnega sodelovanja med državami članicami, hkrati pa bi bile v celoti spoštovane temeljne pravice posameznikov. Veljavni instrumenti, sprejeti na evropski ravni, ne zadostujejo. Direktiva 95/46/ES Evropskega parlamenta in Sveta z dne 24. oktobra 1995 o varstvu posameznikov pri obdelavi osebnih podatkov in o prostem pretoku takšnih podatkov [3] se ne uporablja za obdelavo osebnih podatkov v sklopu dejavnosti izven področja uporabe zakonodaje Skupnosti, na primer tiste, ki jih predvideva naslov VI Pogodbe o Evropski uniji, in v nobenem primeru ne za obdelavo, povezano z javno varnostjo, obrambo, državno varnostjo ali dejavnostmi države na področjih kazenskega prava.

(6) This Framework Decision applies only to data gathered or processed by competent authorities for the purpose of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties. This Framework Decision should leave it to Member States to determine more precisely at national level which other purposes are to be considered as incompatible with the purpose for which the personal data were originally collected. In general, further processing for historical, statistical or scientific purposes should not be considered as incompatible with the original purpose of the processing.

(6) Ta okvirni sklep se uporablja le za podatke, ki jih pristojni organi zbirajo ali obdelujejo za namen preprečevanja, preiskovanja, odkrivanja ali pregona kaznivih dejanj ali izvrševanja kazni. Ta okvirni sklep bi moral prepustiti državam članicam, da na nacionalni ravni natančneje določijo, kateri drugi nameni naj bi veljali za nezdružljive z namenom, za katerega so bili osebni podatki prvotno zbrani. Nadaljnja obdelava v zgodovinske, statistične ali znanstvene namene na splošno ne bi smela veljati za nezdružljivo s prvotnim namenom obdelave.

(7) The scope of this Framework Decision is limited to the processing of personal data transmitted or made available between Member States. No conclusions should be inferred from this limitation regarding the competence of the Union to adopt acts relating to the collection and processing of personal data at national level or the expediency for the Union to do so in the future.

(7) Področje uporabe tega okvirnega sklepa je omejeno na obdelavo osebnih podatkov, ki se posredujejo ali se do njih omogoči dostop med državami članicami. Na podlagi te omejitve ne bi smelo biti mogoče povzemati nobenih sklepov o pristojnosti Unije za sprejemanje aktov, ki se nanašajo na zbiranje in obdelavo osebnih podatkov na nacionalni ravni, ali o možnosti, da bo Unija v prihodnosti imela tako pristojnost.

(8) In order to facilitate data exchanges within the Union, Member States intend to ensure that the standard of data protection achieved in national data processing matches that provided for in this Framework Decision. With regard to national data processing, this Framework Decision does not preclude Member States from providing safeguards for the protection of personal data higher than those established in this Framework Decision.

(8) Da se omogoči lažjo izmenjavo podatkov v Uniji, nameravajo države članice zagotoviti skladnost nacionalnega standarda varstva podatkov pri njihovi obdelavi s standardom, ki ga določa ta okvirni sklep. Kar zadeva obdelavo nacionalnih podatkov ta okvirni sklep državam članicam ne preprečuje sprejetja višjih zaščitnih ukrepov za varstvo osebnih podatkov od teh, ki jih uvaja ta okvirni sklep.

(9) This Framework Decision should not apply to personal data which a Member State has obtained within the scope of this Framework Decision and which originated in that Member State.

(9) Ta okvirni sklep se ne bi smel uporabljati za osebne podatke, ki jih je država članica pridobila v okviru področja uporabe tega okvirnega sklepa in ki izvirajo iz te države članice.

(10) The approximation of Member States’ laws should not result in any lessening of the data protection they afford but should, on the contrary, seek to ensure a high level of protection within the Union.

(10) Približevanje zakonodaj držav članic nikakor ne bi smelo znižati ravni varstva podatkov, ki jo te zagotavljajo; nasprotno, z njim bi si morali prizadevati za zagotavljanje visoke ravni varstva znotraj Unije.

(11) It is necessary to specify the objectives of data protection within the framework of police and judicial activities and to lay down rules concerning the lawfulness of processing of personal data in order to ensure that any information that might be exchanged has been processed lawfully and in accordance with fundamental principles relating to data quality. At the same time the legitimate activities of the police, customs, judicial and other competent authorities should not be jeopardised in any way.

(11) Opredeliti je treba cilje varstva podatkov v okviru policijskih in pravosodnih delovanj ter določiti pravila glede zakonitosti obdelave osebnih podatkov in s tem zagotoviti, da bodo vse informacije, ki bi utegnile biti izmenjane, obdelane zakonito in skladno s temeljnimi načeli, ki se nanašajo na kakovost podatkov. Hkrati pa nikakor ne bi smele biti ogrožene legitimno delovanje policije, carine, pravosodnih in drugih pristojnih organov.

(12) The principle of accuracy of data is to be applied taking account of the nature and purpose of the processing concerned. For example, in particular in judicial proceedings data are based on the subjective perception of individuals and in some cases are totally unverifiable. Consequently, the requirement of accuracy cannot appertain to the accuracy of a statement but merely to the fact that a specific statement has been made.

(12) Načelo točnosti podatkov se uporablja ob upoštevanju narave in namena zadevne obdelave. Na primer, zlasti v sodnih postopkih podatki pogosto temeljijo na subjektivnem dojemanju posameznikov in so v nekaterih primerih popolnoma nepreverljivi. Zato se zahteva po točnosti ne more nanašati na točnost izjave, ampak samo na dejstvo, da je bila podana določena izjava.

(13) Archiving in a separate data set should be permissible only if the data are no longer required and used for the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties. Archiving in a separate data set should also be permissible if the archived data are stored in a database with other data in such a way that they can no longer be used for the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties. The appropriateness of the archiving period should depend on the purposes of archiving and the legitimate interests of the data subjects. In the case of archiving for historical purposes a very long period may be envisaged.

(13) Arhiviranje v posebnih nizih podatkov bi moralo biti dovoljeno le, če se podatki več ne potrebujejo in uporabljajo za preprečevanje, preiskovanje, odkrivanje ali pregon kaznivih dejanj ali izvrševanje kazni. Arhiviranje v posebnih nizih podatkov bi moralo biti dovoljeno tudi, če so arhivirani podatki, skupaj z drugimi podatki, shranjeni v zbirki podatkov na takšen način, da se jih ne da več uporabiti za preprečevanje, preiskovanje, odkrivanje ali pregon kaznivih dejanj ali izvrševanje kazni. Čas arhiviranja bi moral biti odvisen od namenov arhiviranja in zakonitih interesov posameznika, na katerega se nanašajo osebni podatki. V primeru arhiviranja za zgodovinske namene je lahko predvideno tudi zelo dolgo obdobje.

(14) Data may also be erased by destroying the data medium.

(14) Podatki se lahko izbrišejo tudi tako, da se uniči podatkovni medij.

(15) As regards inaccurate, incomplete or no longer up-to-date data transmitted or made available to another Member State and further processed by quasi-judicial authorities, meaning authorities with powers to make legally binding decisions, its rectification, erasure or blocking should be carried out in accordance with national law.

(15) V zvezi z netočnimi, nepopolnimi podatki ali podatki, ki niso posodobljeni in ki so posredovani ali dani na razpolago drugi državi članici ter nadalje obdelani s strani organov, ki odločajo kot sodišče, s čimer so mišljeni organi, ki sprejemajo pravno zavezujoče odločitve, bi se njihovo popravljanje, izbris ali blokiranje moralo izvesti v skladu z nacionalno zakonodajo.

(16) Ensuring a high level of protection of the personal data of individuals requires common provisions to determine the lawfulness and the quality of data processed by competent authorities in other Member States.

(16) Za zagotavljanje visoke stopnje varstva osebnih podatkov posameznikov so potrebne skupne določbe, ki bodo opredeljevale zakonitost in kakovost podatkov, ki jih obdelujejo pristojni organi v drugih državah članicah.

(17) It is appropriate to lay down at the European level the conditions under which competent authorities of the Member States should be allowed to transmit and make available personal data received from other Member States to authorities and private parties in Member States. In many cases the transmission of personal data by the judiciary, police or customs to private parties is necessary to prosecute crime or to prevent an immediate and serious threat to public security or to prevent serious harm to the rights of individuals, for example, by issuing alerts concerning forgeries of securities to banks and credit institutions, or, in the area of vehicle crime, by communicating personal data to insurance companies in order to prevent illicit trafficking in stolen motor vehicles or to improve the conditions for the recovery of stolen motor vehicles from abroad. This is not tantamount to the transfer of police or judicial tasks to private parties.

(17) Primerno je, da se na evropski ravni določi pogoje, pod katerimi bi pristojni organi držav članic smeli posredovati osebne podatke, ki so jih prejeli od drugih držav članic, in omogočati dostop do njih organom in zasebnim strankam v državah članicah. Posredovanje osebnih podatkov s strani pravosodnih organov, policije ali carinskih organov zasebnim strankam je v mnogih primerih potrebno zaradi pregona kaznivih dejanj ali preprečitve neposredne in resne ogroženosti javne varnosti oziroma zaradi preprečitve hujše škode pravicam posameznikov, na primer z izdajo opozoril bankam in kreditnim institucijam v zvezi s ponarejanjem vrednostnih papirjev, ali na področju kaznivih dejanj, povezanih z vozili, s sporočanjem osebnih podatkov zavarovalnicam, da se prepreči prepovedana trgovina z ukradenimi motornimi vozili ali izboljšajo pogoji za vrnitev ukradenih vozil iz tujine. To ni enakovredno prenosu policijskih in pravosodnih nalog na zasebne stranke.

(18) The rules in this Framework Decision regarding the transmission of personal data by the judiciary, police or customs to private parties do not apply to the disclosure of data to private parties (such as defence lawyers and victims) in the context of criminal proceedings.

(18) Pravila iz tega okvirnega sklepa o posredovanju osebnih podatkov s strani pravosodnih organov, policije ali carinskih organov zasebnim strankam se ne nanašajo na razkritje osebnih podatkov zasebnim strankam (kot so odvetniki ali žrtve) v okviru kazenskega postopka.

(19) The further processing of personal data received from, or made available by, the competent authority of another Member State, in particular the further transmission of or making available such data, should be subject to common rules at European level.

(19) Nadaljnjo obdelavo osebnih podatkov, ki jih pošlje oz. do njih omogoči dostop pristojni organ druge države članice, zlasti pa nadaljnje posredovanje teh podatkov oziroma omogočanje dostopa do njih, bi bilo treba urediti s skupnimi pravili na evropski ravni.

(20) Where personal data may be further processed after the Member State from which the data were obtained has given its consent, each Member State should be able to determine the modalities of such consent, including, for example, by means of a general consent for categories of information or categories of further processing.

(20) Če se osebni podatki lahko nadalje obdelajo potem, ko je država članica, od katere so bili podatki prejeti, dala soglasje, bi lahko države članice same določile podrobnosti glede soglasja, med drugim tudi z možnostjo splošnega soglasja za vrste podatkov ali za vrst nadaljnje obdelave.

(21) Where personal data may be further processed for administrative proceedings, these proceedings also include activities by regulatory and supervisory bodies.

(21) Če se osebni podatki lahko nadalje obdelajo za namene upravnih postopkov, ti postopki vsebujejo tudi dejavnosti regulativnih in nadzornih organov.

(22) The legitimate activities of the police, customs, judicial and other competent authorities may require that data are sent to authorities in third States or international bodies that have obligations for the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties.

(22) Legitimno delovanja policije, carine, pravosodnih in drugih pristojnih organov lahko zahtevajo, da se podatke pošlje organom v tretjih državah ali mednarodnim telesom, ki imajo obveznosti v zvezi s preprečevanjem, preiskovanjem, odkrivanjem ali pregonom kaznivih dejanj ali izvrševanjem kazni.

(23) Where personal data are transferred from a Member State to third States or international bodies, these data should, in principle, benefit from an adequate level of protection.

(23) Kadar se osebni podatki posredujejo iz države članice tretjim državam ali mednarodnim telesom, bi morali ti podatki načeloma imeti zagotovljeno ustrezno raven varstva.

(24) Where personal data are transferred from a Member State to third States or international bodies, such transfer should, in principle, take place only after the Member State from which the data were obtained has given its consent to the transfer. Each Member State should be able to determine the modalities of such consent, including, for example, by means of a general consent for categories of information or for specified third States.

(24) Kadar se osebni podatki posredujejo iz države članice tretjim državam ali mednarodnim telesom, bi moral biti tak prenos načeloma možen samo po pridobitvi soglasja države članice, ki je posredovala podatke. Vsaka država članica bi morala imeti možnost sama določiti podrobnosti glede soglasja, med drugim tudi z možnostjo splošnega soglasja za določene vrste podatkov ali za določene tretje države.

(25) The interests of efficient law enforcement cooperation require that where the nature of a threat to the public security of a Member State or a third State is so immediate as to render it impossible to obtain prior consent in good time, the competent authority should be able to transfer the relevant personal data to the third State concerned without such prior consent. The same could apply where other essential interests of a Member State of equal importance are at stake, for example where the critical infrastructure of a Member State could be the subject of an immediate and serious threat or where a Member State’s financial system could be seriously disrupted.

(25) Interesi učinkovitega sodelovanja na področju kazenskega pregona zahtevajo, da lahko v primeru, če je ogrožanje javne varnosti države članice ali tretje države tako neposredno, da ni možno pravočasno pridobiti predhodnega soglasja, bi moral pristojni organ imeti možnost posredovati ustrezne osebne podatke tretji državi brez predhodnega soglasja. Enako velja, če so ogroženi drugi, enako pomembni bistveni interesi države članice, na primer, če bi bila kritična infrastruktura države članice v neposredni in resni nevarnosti ali če bi bil resno ogrožen njen finančni sistem.

(26) It may be necessary to inform data subjects regarding the processing of their data, in particular where there has been particularly serious encroachment on their rights as a result of secret data collection measures, in order to ensure that data subjects can have effective legal protection.

(26) Lahko se zgodi, da je potrebno posameznike, na katere se osebni podatki nanašajo, obvestiti o obdelavi njihovih podatkov, zlasti v primerih posebno resnega poseganja v njihove pravice zaradi tajnega pridobivanja podatkov, in tem posameznikom tako zagotoviti možnost učinkovitega pravnega varstva.

(27) Member States should ensure that the data subject is informed that the personal data could be or are being collected, processed or transmitted to another Member State for the purpose of prevention, investigation, detection, and prosecution of criminal offences or the execution of criminal penalties. The modalities of the right of the data subject to be informed and the exceptions thereto should be determined by national law. This may take a general form, for example, through the law or through the publication of a list of the processing operations.

(27) Države članice bi morale zagotoviti, da se posameznik, na katerega se nanašajo osebni podatki, obvesti, da se osebni podatki zbirajo, obdelujejo ali posredujejo ali bi se lahko zbirali, obdelovali ali posredovali za namene preprečevanja, preiskovanja, odkrivanja in pregona kaznivih dejanj ali izvrševanja kazni. Podrobnosti glede pravice posameznika, na katerega se nanašajo osebni podatki, do obveščenosti in izjeme s tem v zvezi bi morale biti določene z nacionalnim pravom. To lahko poteka v splošni obliki, na primer z zakonom ali z objavo seznama postopkov obdelave.

(28) In order to ensure the protection of personal data without jeopardising the interests of criminal investigations, it is necessary to define the rights of the data subject.

(28) Da bi zagotovili varstvo osebnih podatkov brez ogrožanja interesov kazenskih preiskav, je treba določiti pravice posameznika, na katerega se osebni podatki nanašajo.

(29) Some Member States have provided for the right of access of the data subject in criminal matters through a system where the national supervisory authority, in place of the data subject, has access to all the personal data related to the data subject without any restriction and may also rectify, erase or update inaccurate data. In such a case of indirect access, the national law of those Member States may provide that the national supervisory authority will inform the data subject only that all the necessary verifications have taken place. However, those Member States also provide for possibilities of direct access for the data subject in specific cases, such as access to judicial records, in order to obtain copies of own criminal records or of documents relating to own hearings by the police services.

(29) Nekatere države članice so zagotovile pravico dostopa posameznikov, na katere se nanašajo osebni podatki, v kazenskih zadevah prek sistema, v katerem ima nacionalni nadzorni organ, namesto posameznika, na katerega se nanašajo osebni podatki, neomejen dostop do vseh osebnih podatkov posameznika, na katerega se nanašajo osebni podatki, in lahko tudi popravlja, briše ali posodablja netočne podatke. V takšnem primeru posrednega dostopa lahko nacionalna zakonodaja zadevnih držav članic določa, da bo nacionalni nadzorni organ posameznika, na katerega se nanašajo osebni podatki, obvestil le, da so bila opravljena vsa potrebna preverjanja. Vendar pa te države članice posamezniku, na katerega se nanašajo osebni podatki, v posebnih primerih zagotovijo tudi možnosti neposrednega dostopa, kot so dostop do sodnih spisov, pridobitev kopij lastnih kazenskih evidenc ali dokumentov v zvezi z lastnimi obravnavami s strani služb policije.

(30) It is appropriate to establish common rules on confidentiality and security of processing, on liability and penalties for unlawful use by competent authorities and on judicial remedies available to the data subject. It is, however, for each Member State to determine the nature of its tort rules and of the penalties applicable to violations of domestic data protection provisions.

(30) Primerno je, da se določijo skupna pravila o zaupnosti in varnosti obdelave, o odgovornosti in kaznih za nezakonito uporabo s strani pristojnih organov ter o pravnih sredstvih, ki so na voljo posamezniku, na katerega se osebni podatki nanašajo. Ne glede na to pa vsaka država članica določi naravo svojih odškodninskih pravil in kazni, ki se uporabljajo pri kršitvah njihovih določb o varstvu podatkov.

(31) This Framework Decision allows the principle of public access to official documents to be taken into account when implementing the principles set out in this Framework Decision.

(31) Ta okvirni sklep omogoča upoštevanje načela dostopa javnosti do uradnih dokumentov pri izvajanju načel iz tega okvirnega sklepa.

(32) When necessary to protect personal data in relation to processing which by scale or by type holds specific risks for fundamental rights and freedoms, for example processing by means of new technologies, mechanisms or procedures, it is appropriate to ensure that the competent national supervisory authorities are consulted prior to the establishment of filing systems aimed at the processing of these data.

(32) Če je pri obdelavi, ki po obsegu ali vrsti vključuje posebna tveganja za temeljne pravice in svoboščine, treba varovati osebne podatke, na primer pri obdelavi z novimi tehnologijami, mehanizmi ali postopki, je primerno zagotoviti, da se pred oblikovanjem zbirk, cilj katerih je obdelava teh podatkov, posvetuje s pristojnimi nacionalnimi nadzornimi organi.

(33) The establishment in Member States of supervisory authorities, exercising their functions with complete independence, is an essential component of the protection of personal data processed within the framework of police and judicial cooperation between the Member States.

(33) Ustanovitev nadzornih organov v državah članicah, ki popolnoma neodvisno opravljajo svoje naloge, je bistveni del varstva osebnih podatkov, ki se obdelujejo v okviru policijskega in pravosodnega sodelovanja med državami članicami.

(34) The supervisory authorities already established in Member States under Directive 95/46/EC should also be able to assume responsibility for the tasks to be performed by the national supervisory authorities to be established under this Framework Decision.

(34) Nadzorni organi, ki so že bili ustanovljeni v državah članicah v skladu z Direktivo 95/46/ES, bi morali imeti možnost izvajati tudi naloge, ki so v skladu s tem okvirnim sklepom podeljene nacionalnim nadzornim organom.

(35) Such supervisory authorities should have the necessary means to perform their duties, including powers of investigation and intervention, particularly in cases of complaints from individuals, or powers to engage in legal proceedings. These supervisory authorities should help to ensure transparency of processing in the Member States within whose jurisdiction they fall. However, their powers should not interfere with specific rules set out for criminal proceedings or the independence of the judiciary.

(35) Takšni nadzorni organi bi morali imeti za opravljanje svojih nalog potrebna sredstva, vključno s pooblastili za preiskave in ukrepanje, predvsem v primerih pritožb posameznikov, ali pooblastila za sodelovanje v pravnih postopkih. Ti nadzorni organi bi morali pomagati zagotoviti preglednost obdelave v državi članici, v katere pristojnost sodijo. Vendar pa njihova pooblastila ne smejo posegati v posebna pravila, določena za kazenske postopke, ali v neodvisnost sodstva.

(36) Article 47 of the Treaty on European Union stipulates that nothing in it is to affect the Treaties establishing the European Communities or the subsequent Treaties and Acts modifying or supplementing them. Accordingly, this Framework Decision does not affect the protection of personal data under Community law, in particular as provided for in Directive 95/46/EC, in Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data [4] and in Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) [5].

(36) Člen 47 Pogodbe o Evropski uniji določa, da nobena od njegovih določb ne vpliva na Pogodbe o ustanovitvi Evropskih skupnosti ali kasnejše pogodbe in akte, ki jih spreminjajo ali dopolnjujejo. Zato ta okvirni sklep ne vpliva na varstvo osebnih podatkov po zakonodaji Skupnosti, zlasti kakor je predvideno v Direktivi 95/46/ES, v Uredbi (ES) št. 45/2001 Evropskega parlamenta in Sveta z dne 18. decembra 2000 o varstvu posameznikov pri obdelavi osebnih podatkov v institucijah in organih Skupnosti in o prostem pretoku takih podatkov [4] ter v Direktivi 2002/58/ES Evropskega parlamenta in Sveta z dne 12. julija 2002 o obdelavi osebnih podatkov in varstvu zasebnosti na področju elektronskih komunikacij (Direktiva o zasebnosti in elektronskih komunikacijah) [5].

(37) This Framework Decision is without prejudice to the rules pertaining to illicit access to data laid down in Council Framework Decision 2005/222/JHA of 24 February 2005 on attacks against information systems [6].

(37) Ta okvirni sklep ne posega v pravila, ki se nanašajo na nedovoljen dostop do podatkov, kot je določeno v Okvirnem sklepu Sveta 2005/222/PNZ z dne 24. februarja 2005 o napadih na informacijske sisteme [6].

(38) This Framework Decision is without prejudice to existing obligations and commitments incumbent upon Member States or upon the Union by virtue of bilateral and/or multilateral agreements with third States. Future agreements should comply with the rules on exchanges with third States.

(38) Ta okvirni sklep ne posega v obstoječe obveznosti in zaveze, ki jih imajo države članice ali Unija po dvostranskih in/ali večstranskih sporazumih s tretjimi državami. Prihodnji sporazumi bi morali biti skladni s pravili o izmenjavi podatkov s tretjimi državami.

(39) Several acts, adopted on the basis of Title VI of the Treaty on European Union, contain specific provisions on the protection of personal data exchanged or otherwise processed pursuant to those acts. In some cases these provisions constitute a complete and coherent set of rules covering all relevant aspects of data protection (principles of data quality, rules on data security, regulation of the rights and safeguards of data subjects, organisation of supervision and liability) and they regulate these matters in more detail than this Framework Decision. The relevant set of data protection provisions of those acts, in particular those governing the functioning of Europol, Eurojust, the Schengen Information System (SIS) and the Customs Information System (CIS), as well as those introducing direct access for the authorities of Member States to certain data systems of other Member States, should not be affected by this Framework Decision. The same applies in respect of the data protection provisions governing the automated transfer between Member States of DNA profiles, dactyloscopic data and national vehicle registration data pursuant to the Council Decision 2008/615/JHA of 23 June 2008 on the stepping up of cross-border cooperation, particularly in combating terrorism and cross-border crime [7].

(39) Več aktov, sprejetih na podlagi naslova VI Pogodbe o Evropski uniji, vsebuje posebne določbe o varstvu osebnih podatkov, izmenjanih ali drugače obdelanih na podlagi navedenih aktov. V nekaterih primerih vsebujejo navedene določbe celovit in skladen niz pravil ter zajemajo vse vidike varstva podatkov (načela kakovosti podatkov, pravila o varnosti podatkov, urejanje pravic in zaščitnih ukrepov za posameznike, na katere se osebni podatki nanašajo, organizacija nadzora in odgovornosti), te zadeve pa urejajo natančneje kakor ta okvirni sklep. Ta okvirni sklep ne bi smel vplivati na ustrezni niz določb o varstvu podatkov iz navedenih aktov, zlasti ne na tiste, ki urejajo delovanje Europola, Eurojusta, Schengenskega informacijskega sistema (SIS) in Carinskega informacijskega sistema (CIS), prav tako ne bi smel vplivati na akte, ki uvajajo neposredni dostop organov držav članic do nekaterih sistemov podatkov drugih držav članic. Isto velja za določbe o varstvu podatkov, ki urejajo avtomatiziran prenos profilov DNK, daktiloskopskih podatkov in nacionalnih podatkov o registraciji vozil med državami članicami na podlagi sklepa Sveta 2008/615/PNZ z dne 23. junija 2008 o pospešitvi čezmejnega sodelovanja, zlasti na področju boja proti terorizmu in čezmejnemu kriminalu [7].

(40) In other cases the provisions on data protection in acts, adopted on the basis of Title VI of the Treaty on European Union, are more limited in scope. They often set specific conditions for the Member State receiving information containing personal data from other Member States as to the purposes for which it can use those data, but refer for other aspects of data protection to the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data of 28 January 1981 or to national law. To the extent that the provisions of those acts imposing conditions on receiving Member States as to the use or further transfer of personal data are more restrictive than those contained in the corresponding provisions of this Framework Decision, the former provisions should remain unaffected. However, for all other aspects the rules set out in this Framework Decision should be applied.

(40) V drugih primerih je področje uporabe določb o varstvu podatkov v aktih, sprejetih na podlagi naslova VI Pogodbe o Evropski uniji, bolj omejeno. Ti akti državi članici, ki od drugih držav članic pridobiva informacije, ki vsebujejo osebne podatke, pogosto postavljajo posebne pogoje, in sicer glede namenov za katere sme uporabiti pridobljene podatke, v zvezi z drugimi vidiki varstva podatkov pa se sklicujejo na Konvencijo Sveta Evrope z dne 28. januarja 1981 o varstvu posameznikov glede na avtomatsko obdelavo osebnih podatkov ali na nacionalno zakonodajo. Nespremenjene ostanejo tudi določbe aktov, ki določajo pogoje za države članice prejemnice glede uporabe in nadaljnjega posredovanja osebnih podatkov, če so bolj omejujoče od enakovrednih določb tega okvirnega sklepa. Vendar pa bi bilo treba za vse druge vidike uporabiti pravila iz tega okvirnega sklepa.

(41) This Framework Decision does not affect the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, the Additional Protocol to that Convention of 8 November 2001 or the Council of Europe conventions on judicial cooperation in criminal matters.

(41) Ta okvirni sklep ne vpliva na Konvencijo Sveta Evrope o varstvu posameznikov glede na avtomatsko obdelavo osebnih podatkov ali na dodatni protokol k tej konvenciji z dne 8. novembra 2001 ali konvencij Sveta Evrope o pravosodnem sodelovanju v kazenskih zadevah.

(42) Since the objective of this Framework Decision, namely the determination of common rules for the protection of personal data processed in the framework of police and judicial cooperation in criminal matters, cannot be sufficiently achieved by the Member States, and can therefore, by reason of the scale and effects of the action, be better achieved at the Union level, the Union may adopt measures in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty establishing the European Community and referred to in Article 2 of the Treaty on European Union. In accordance with the principle of proportionality as set out in Article 5 of the Treaty establishing the European Community, this Framework Decision does not go beyond what is necessary to achieve that objective.

(42) Ker cilja tega okvirnega sklepa, in sicer določitve skupnih pravil za varstvo osebnih podatkov, ki se obdelujejo v okviru policijskega in pravosodnega sodelovanja v kazenskih zadevah, države članice same ne morejo zadovoljivo doseči,in jih je zato zaradi obsega in učinkov ukrepov lažje doseči na ravni Unije, lahko Unija sprejme ukrepe v skladu z načelom subsidiarnosti iz člena 5 Pogodbe o ustanovitvi Evropske skupnosti in iz člena 2 Pogodbe o Evropski uniji. V skladu z načelom sorazmernosti iz člena 5 Pogodbe o ustanovitvi Evropske skupnosti, ta okvirni sklep ne prekoračuje tistega, kar je potrebno za doseganje navedenega cilja.

(43) The United Kingdom is taking part in this Framework Decision, in accordance with Article 5 of the Protocol integrating the Schengen acquis into the framework of the European Union annexed to the Treaty on European Union and to the Treaty establishing the European Community, and Article 8(2) of Council Decision 2000/365/EC of 29 May 2000 concerning the request of the United Kingdom of Great Britain and Northern Ireland to take part in some of the provisions of the Schengen acquis [8].

(43) Združeno kraljestvo sodeluje pri tem okvirnem sklepu v skladu s členom 5 Protokola o vključitvi schengenskega pravnega reda v okvir Evropske unije, ki je priložen Pogodbi o Evropski uniji in Pogodbi o ustanovitvi Evropske skupnosti, in v skladu s členom 8(2) Sklepa Sveta 2000/365/ES z dne 29. maja 2000 o prošnji Združenega kraljestva Velika Britanija in Severna Irska za sodelovanje pri izvajanju nekaterih določb schengenskega pravnega reda [8].

(44) Ireland is taking part in this Framework Decision in accordance with Article 5 of the Protocol integrating the Schengen acquis into the framework of the European Union annexed to the Treaty on European Union and to the Treaty establishing the European Community, and Article 6(2) of Council Decision 2002/192/EC of 28 February 2002 concerning Ireland’s request to take part in some of the provisions of the Schengen acquis [9].

(44) Irska sodeluje pri temu okvirnemu sklepu v skladu s členom 5 Protokola o vključitvi schengenskega pravnega reda v okvir Evropske unije, ki je priložen Pogodbi o Evropski uniji in Pogodbi o ustanovitvi Evropske skupnosti, in s členom 6(2) Sklepa Sveta 2002/192/ES z dne 28. februarja 2002 o prošnji Irske za sodelovanje pri izvajanju nekaterih določb schengenskega pravnega reda [9].

(45) As regards Iceland and Norway, this Framework Decision constitutes a development of provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the latter’s association with the implementation, application and development of the Schengen acquis [10], which fall within the area referred to in Article 1, points H and I of Council Decision 1999/437/EC [11] on certain arrangements for the application of that Agreement.

(45) V zvezi z Islandijo in Norveško, pomeni ta okvirni sklep razvoj določb schengenskega pravnega reda v smislu Sporazuma med Svetom Evropske unije in Republiko Islandijo ter Kraljevino Norveško o pridružitvi obeh k izvajanju, uporabi in razvoju schengenskega pravnega reda [10], ki sodi na področje iz točk H in I člena 1 Sklepa Sveta 1999/437/ES o nekaterih izvedbenih predpisih za uporabo tega sporazuma [11].

(46) As regards Switzerland, this Framework Decision constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis [12], which fall within the area referred to in Article 1, point H and I of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2008/149/JHA [13] on the conclusion of that Agreement on behalf of the European Union.

(46) V zvezi s Švico pomeni ta sklep razvoj določb schengenskega pravnega reda v smislu Sporazuma med Evropsko unijo, Evropsko skupnostjo in Švicarsko konfederacijo o pridružitvi Švicarske konfederacije k izvajanju, uporabi in razvoju schengenskega pravnega reda [12], ki sodi na področje točk H in I člena 1 Sklepa 1999/437/ES v povezavi s členom 3 Sklepa Sveta 2008/149/PNZ [13] o sklenitvi Sporazuma v imenu Evropske unije.

(47) As regards Liechtenstein, this Framework Decision constitutes a development of the provisions of the Schengen acquis within the meaning of the Protocol signed between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis, which fall within the area referred to in Article 1, point H and I of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2008/262/JHA [14] on the signature of that Protocol on behalf of the European Union.

(47) Ta okvirni sklep predstavlja za Lihtenštajn nadaljnji razvoj določb schengenskega pravnega reda v smislu Protokola, podpisanega med Evropsko unijo, Evropsko skupnostjo, Švicarsko konfederacijo in Kneževino Lihtenštajn o pristopu Kneževine Lihtenštajn k Sporazumu med Evropsko unijo, Evropsko skupnostjo in Švicarsko konfederacijo o pridružitvi Švicarske konfederacije k izvajanju, uporabi in razvoju schengenskega pravnega reda, ki sodijo na področje iz točk H in I člena 1 Sklepa 1999/437/ES v povezavi s členom 3 Sklepa Sveta 2008/262/PNZ o podpisu navedenega protokola v imenu Evropske unije [14].

(48) This Framework Decision respects the fundamental rights and observes the principles recognised in particular by the Charter of Fundamental Rights of the European Union [15]. This Framework Decision seeks to ensure full respect for the rights to privacy and the protection of personal data reflected in Articles 7 and 8 of the Charter,

(48) Ta okvirni sklep spoštuje temeljne pravice in upošteva načela, ki jih priznava zlasti Listina Evropske unije o temeljnih pravicah [15]. Namen tega okvirnega sklepa je zagotoviti popolno spoštovanje pravic do zasebnosti in varstvo osebnih podatkov, kakor je podano v členih 7 in 8 Listine –

HAS ADOPTED THIS FRAMEWORK DECISION:

SPREJEL NASLEDNJI OKVIRNI SKLEP:

Article 1

Člen 1

Purpose and scope

Namen in področje uporabe

1. The purpose of this Framework Decision is to ensure a high level of protection of the fundamental rights and freedoms of natural persons, and in particular their right to privacy, with respect to the processing of personal data in the framework of police and judicial cooperation in criminal matters, provided for by Title VI of the Treaty on European Union, while guaranteeing a high level of public safety.

1. Namen tega okvirnega sklepa je, da se pri obdelavi osebnih podatkov v okviru policijskega in pravosodnega sodelovanja v kazenskih zadevah, predvidenega v naslovu VI Pogodbe o Evropski uniji, zagotovi visoka raven varstva temeljnih pravic in svoboščin fizičnih oseb ter zlasti njihovo pravico do zasebnosti, hkrati pa tudi visoka raven javne varnosti.

2. In accordance with this Framework Decision, Member States shall protect the fundamental rights and freedoms of natural persons, and in particular their right to privacy when, for the purpose of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, personal data:

2. Države članice v skladu s tem okvirnim sklepom varujejo temeljne pravice in svoboščine fizičnih oseb ter zlasti njihovo pravico do zasebnosti, kadar se za namene preprečevanja, preiskovanja, odkrivanja ali pregona kaznivih dejanj ali izvrševanja kazni osebni podatki

(a) are or have been transmitted or made available between Member States;

(a) posredujejo ali so bili posredovani med državami članicami, ali pa so le te omogočile dostop do njih;

(b) are or have been transmitted or made available by Member States to authorities or to information systems established on the basis of Title VI of the Treaty on European Union; or

(b) posredujejo oziroma so bili posredovani organom ali informacijskim sistemom, vzpostavljenim na podlagi Naslova VI Pogodbe o Evropski uniji, ali je tem organom in informacijskim sistemom omogočen dostop do njih, ali

(c) are or have been transmitted or made available to the competent authorities of the Member States by authorities or information systems established on the basis of the Treaty on European Union or the Treaty establishing the European Community.

(c) posredujejo ali so bili posredovani pristojnim organom držav članic ali jim je bil omogočen dostop do njih s strani organov ali informacijskih sistemov, vzpostavljenih na podlagi Pogodbe o Evropski uniji ali Pogodbe o ustanovitvi Evropske skupnosti.

3. This Framework Decision shall apply to the processing of personal data wholly or partly by automatic means, and to the processing otherwise than by automatic means, of personal data which form part of a filing system or are intended to form part of a filing system.

3. Ta okvirni sklep se uporablja za obdelavo osebnih podatkov v celoti ali delno z avtomatskimi sredstvi in za drugačno obdelavo kakor z avtomatskimi sredstvi za osebne podatke, ki sestavljajo del zbirke ali so namenjeni oblikovanju dela zbirke.

4. This Framework Decision is without prejudice to essential national security interests and specific intelligence activities in the field of national security.

4. Ta okvirni sklep ne posega v bistvene interese nacionalne varnosti in posebne obveščevalne dejavnosti na področju državne varnosti.

5. This Framework Decision shall not preclude Member States from providing, for the protection of personal data collected or processed at national level, higher safeguards than those established in this Framework Decision.

5. Ta okvirni sklep državam članicam ne preprečuje sprejetja višjih zaščitnih ukrepov za varstvo osebnih podatkov, ki se jih na nacionalni ravni zbira ali obdeluje, od teh, ki jih uvaja ta okvirni sklep.

Article 2

Člen 2

Definitions

Opredelitev pojmov

For the purposes of this Framework Decision:

V tem okvirnem sklepu:

(a) "personal data" mean any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;

(a) "osebni podatek" pomeni katero koli informacijo, ki se nanaša na določeno ali določljivo fizično osebo ("posameznik, na katerega se nanašajo osebni podatki"); določljiva oseba je tista, ki se jo lahko neposredno ali posredno identificira, predvsem s sklicevanjem na identifikacijsko številko ali na enega ali več dejavnikov, ki so značilni za njeno fizično, fiziološko, duševno, ekonomsko, kulturno ali socialno identiteto;

(b) "processing of personal data" and "processing" mean any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction;

(b) "obdelava osebnih podatkov" in "obdelava" pomeni kakršen koli postopek ali niz postopkov, ki se izvajajo v zvezi z osebnimi podatki z avtomatskimi sredstvi ali brez njih, kakršno je zbiranje, beleženje, urejanje, shranjevanje, prilagajanje ali predelava, iskanje, vpogled, uporaba, razkritje s posredovanjem, širjenje ali drugačno omogočanje dostopa, prilagajanje ali kombiniranje, blokiranje, izbris ali uničenje;

(d) "personal data filing system" and "filing system" mean any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;

(d) "zbirka osebnih podatkov" in "zbirka" pomeni vsak strukturiran niz osebnih podatkov, ki je dostopen v skladu s posebnimi merili, naj bo centraliziran, decentraliziran ali razpršen na funkcionalni ali geografski podlagi;

(e) "processor" means any body which processes personal data on behalf of the controller;

(e) "obdelovalec" pomeni katero koli telo, ki obdeluje osebne podatke v imenu upravljavca;

(f) "recipient" means any body to which data are disclosed;

(f) "prejemnik" pomeni katero koli telo, ki so mu bili podatki razkriti;

(g) "the data subject’s consent" means any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed;

(g) "privolitev posameznika, na katerega se nanašajo osebni podatki" pomeni vsako prostovoljno dano posebno in ozaveščeno izjavo volje, s katero posameznik, na katerega se osebni podatki nanašajo, izrazi soglasje k obdelavi z njim povezanih osebnih podatkov;

(h) "competent authorities" mean agencies or bodies established by legal acts adopted by the Council pursuant to Title VI of the Treaty on European Union, as well as police, customs, judicial and other competent authorities of the Member States that are authorised by national law to process personal data within the scope of this Framework Decision;

(h) "pristojni organi" pomenijo agencije ali telesa, ustanovljene na podlagi pravnih aktov Sveta v skladu z naslovom VI Pogodbe o Evropski uniji, ter policijske, carinske, pravosodne in druge pristojne organe držav članic, ki so po zakonodaji države pooblaščeni za obdelavo osebnih podatkov v okviru področja uporabe tega okvirnega sklepa;

(i) "controller" means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data;

(i) "upravljavec" pomeni fizično ali pravno osebo, javni organ, agencijo ali katero koli drugo telo, ki sam ali skupaj z drugimi določa namene in sredstva obdelave osebnih podatkov;

(j) "referencing" means the marking of stored personal data without the aim of limiting their processing in future;

(j) "napotitev" pomeni označevanje shranjenih osebnih podatkov brez omejevanja njihove obdelave v prihodnosti;

(k) "to make anonymous" means to modify personal data in such a way that details of personal or material circumstances can no longer or only with disproportionate investment of time, cost and labour be attributed to an identified or identifiable natural person.

(k) "anonimizirati" pomeni spremeniti osebne podatke na način, da podrobnosti o osebnih in materialnih okoliščinah ni mogoče več pripisati določenemu ali določljivi fizični osebi, oziroma je to mogoče le z nesorazmerno količino vloženega časa, stroškov in truda.

Article 3

Člen 3

Principles of lawfulness, proportionality and purpose

Načela zakonitosti, sorazmernosti in namena

1. Personal data may be collected by the competent authorities only for specified, explicit and legitimate purposes in the framework of their tasks and may be processed only for the same purpose for which data were collected. Processing of the data shall be lawful and adequate, relevant and not excessive in relation to the purposes for which they are collected.

1. Pristojni organi lahko osebne podatke zbirajo le za posebne, jasno določene in zakonite namene v okviru svojih nalog, in jih lahko obdelujejo le za namen, za katerega so bili ti osebni podatki zbrani. Obdelava podatkov je zakonita in primerna, ustrezna in ne preobsežna v zvezi z nameni, za katere so bili zbrani.

2. Further processing for another purpose shall be permitted in so far as:

2. Nadaljnja obdelava za drug namen je dovoljena, če:

(a) it is not incompatible with the purposes for which the data were collected;

(a) ni nezdružljiva z nameni, za katere so bili podatki zbrani,

(b) the competent authorities are authorised to process such data for such other purpose in accordance with the applicable legal provisions; and

(b) so pristojni organi pooblaščeni za zbiranje takšnih podatkov za takšen drug namen v skladu s z veljavnimi pravnimi predpisi, ter

The competent authorities may also further process the transmitted personal data for historical, statistical or scientific purposes, provided that Member States provide appropriate safeguards, such as making the data anonymous.

Pristojni organi lahko posredovane podatke naprej obdelujejo za zgodovinske, statistične ali znanstvene namene, če države članice poskrbijo za ustrezne zaščitne ukrepe, kot je zagotovitev anonimnosti podatkov.

Article 4

Člen 4

Rectification, erasure and blocking

Popravljanje, izbris in blokiranje

1. Personal data shall be rectified if inaccurate and, where this is possible and necessary, completed or updated.

1. Če so osebni podatki netočni, se popravijo in, če je to možno in potrebno, dopolnijo ali posodobijo.

2. Personal data shall be erased or made anonymous when they are no longer required for the purposes for which they were lawfully collected or are lawfully further processed. Archiving of those data in a separate data set for an appropriate period in accordance with national law shall not be affected by this provision.

2. Osebni podatki se izbrišejo ali anonimizirajo, ko niso več potrebni za namene, za katere so bili zakonito zbrani ali za katere se zakonito nadalje obdelujejo. Ta določba se ne nanaša na arhiviranje navedenih podatkov v posebnem nizu podatkov za ustrezno obdobje v skladu z nacionalno zakonodajo.

3. Personal data shall be blocked instead of erased if there are reasonable grounds to believe that erasure could affect the legitimate interests of the data subject. Blocked data shall be processed only for the purpose which prevented their erasure.

3. Osebni podatki se ne izbrišejo, temveč se blokirajo, če obstajajo utemeljeni razlogi za sum, da bi izbris lahko vplival na legitimne interese posameznika, na katerega se nanašajo osebni podatki. Blokirani podatki se obdelujejo le za namen, ki je preprečil njihov izbris.

4. When the personal data are contained in a judicial decision or record related to the issuance of a judicial decision, the rectification, erasure or blocking shall be carried out in accordance with national rules on judicial proceedings.

4. Če se osebni podatki nahajajo v sodni odločbi ali sodnem spisu, povezanem z izdajo sodne odločbe, se popravljanje, izbris ali blokiranje izvaja v skladu z nacionalnimi predpisi o sodnih postopkih.

Article 5

Člen 5

Establishment of time limits for erasure and review

Določitev rokov za izbris in preverjanje

Appropriate time limits shall be established for the erasure of personal data or for a periodic review of the need for the storage of the data. Procedural measures shall ensure that these time limits are observed.

Določijo se ustrezni roki za izbris osebnih podatkov ali za občasno preverjanje potreb shranjevanja podatkov. Spoštovanje teh rokov se zagotovi s postopkovnimi ukrepi.

Article 6

Člen 6

Processing of special categories of data

Obdelava posebnih vrst podatkov

The processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade-union membership and the processing of data concerning health or sex life shall be permitted only when this is strictly necessary and when the national law provides adequate safeguards.

Obdelava osebnih podatkov, ki razkrivajo rasno ali etnično poreklo, politična prepričanja, verska ali filozofska prepričanja, pripadnost sindikatu, ter podatkov o zdravstvenem stanju ali spolnem življenju je dovoljena samo, če je to nujno potrebno in če so v nacionalni zakonodaji zagotovljeni ustrezni zaščitni ukrepi.

Article 7

Člen 7

Automated individual decisions

Avtomatizirane posamezne odločitve

A decision which produces an adverse legal effect for the data subject or significantly affects him and which is based solely on automated processing of data intended to evaluate certain personal aspects relating to the data subject shall be permitted only if authorised by a law which also lays down measures to safeguard the data subject’s legitimate interests.

Odločitev, ki ima škodljive pravne učinke za posameznika, na katerega se osebni podatki nanašajo, ali ki nanj znatno vpliva in temelji zgolj na avtomatski obdelavi podatkov za namene ocene posameznih osebnih vidikov posameznika, na katerega se nanašajo osebni podatki, je dovoljena le, če tako določa zakon, ki opredeljuje ukrepe za varovanje legitimnih interesov posameznika, na katerega se osebni podatki nanašajo.

Article 8

Člen 8

Verification of quality of data that are transmitted or made available

Preverjanje kakovosti podatkov, ki se posredujejo oziroma do katerih se omogoči dostop

1. The competent authorities shall take all reasonable steps to provide that personal data which are inaccurate, incomplete or no longer up to date are not transmitted or made available. To that end, the competent authorities shall, as far as practicable, verify the quality of personal data before they are transmitted or made available. As far as possible, in all transmissions of data, available information shall be added which enables the receiving Member State to assess the degree of accuracy, completeness, up-to-dateness and reliability. If personal data were transmitted without request the receiving authority shall verify without delay whether these data are necessary for the purpose for which they were transmitted.

1. Pristojni organi sprejmejo vse primerne ukrepe, da se prepreči posredovanje in dostop do netočnih in nepopolnih osebnih podatkov ali osebnih podatkov, ki niso bili posodobljeni. V ta namen pristojni organi pred posredovanjem osebnih podatkov ali omogočanjem dostopa do njih preverijo, če je to izvedljivo, njihovo kakovost. Pri vsakem posredovanju podatkov se dodajo, če je to mogoče, razpoložljive informacije, ki državi članici prejemnici omogočajo oceno stopnje točnosti, popolnosti, posodobljenosti in zanesljivosti. Če so bili osebni podatki posredovani brez zahteve, organ, ki jih prejme, nemudoma preveri, ali so ti podatki potrebni za namene, za katere so bili posredovani.

2. If it emerges that incorrect data have been transmitted or data have been unlawfully transmitted, the recipient must be notified without delay. The data must be rectified, erased, or blocked without delay in accordance with Article 4.

2. Če so bili posredovani netočni podatki ali da so bili podatki posredovani nezakonito, je to treba nemudoma sporočiti prejemniku. Podatke je treba v skladu s členom 4 nemudoma popraviti, izbrisati ali blokirati.

Article 9

Člen 9

Time limits

Roki

1. Upon transmission or making available of the data, the transmitting authority may in line with the national law and in accordance with Articles 4 and 5, indicate the time limits for the retention of data, upon the expiry of which the recipient must erase or block the data or review whether or not they are still needed. This obligation shall not apply if, at the time of the expiry of these time limits, the data are required for a current investigation, prosecution of criminal offences or enforcement of criminal penalties.

1. Pri posredovanju podatkov ali omogočanju dostopa do podatkov lahko organ, ki posreduje podatke skladno z nacionalno zakonodajo in v skladu s členoma 4 in 5 navede roke za hrambo podatkov, po preteku katerih mora prejemnik izbrisati ali blokirati podatke oziroma preveriti, če so ti še potrebni. Ta obveznost se ne uporablja, če so podatki ob izteku teh rokov potrebni za tekoče preiskave, pregon kaznivih dejanj ali izvrševanje kazenskih sankcij.

2. Where the transmitting authority has not indicated a time limit in accordance with paragraph 1, the time limits referred to in Articles 4 and 5 for the retention of data provided for under the national law of the receiving Member State shall apply.

2. Če organ, ki posreduje podatke, ni navedel roka v skladu z odstavkom 1, se v skladu s členoma 4 in 5 uporabijo roki za hranjenje podatkov, določeni v nacionalni zakonodaji države članice, ki prejme podatke.

Article 10

Člen 10

Logging and documentation

Prijavljanje in dokumentiranje

1. All transmissions of personal data are to be logged or documented for the purposes of verification of the lawfulness of the data processing, self-monitoring and ensuring proper data integrity and security.

1. Vsako posredovanje osebnih podatkov se zaradi preverjanja zakonitosti obdelave podatkov, notranjega spremljanja ter zagotavljanja neoporečnosti in varstva podatkov prijavi in dokumentira.

2. Logs or documentation prepared under paragraph 1 shall be communicated on request to the competent supervisory authority for the control of data protection. The competent supervisory authority shall use this information only for the control of data protection and for ensuring proper data processing as well as data integrity and security.

2. Prijave ali dokumentiranje iz odstavka 1 se na zahtevo sporočijo pristojnemu nadzornemu organu, ki opravi nadzor varstva podatkov. Pristojen nadzorni organ uporabi te informacije le za nadzor varstva podatkov, za zagotavljanje pravilne obdelave podatkov ter njihove neoporečnosti in varnosti.

Article 11

Člen 11

Processing of personal data received from or made available by another Member State

Obdelava osebnih podatkov, ki jih je posredovala druga država članica oziroma do katerih je omogočila dostop

Personal data received from or made available by the competent authority of another Member State may, in accordance with the requirements of Article 3(2), be further processed only for the following purposes other than those for which they were transmitted or made available:

Osebni podatki, ki jih je posredoval pristojni organ druge države članice oziroma do katerih je omogočil dostop v skladu z zahtevami iz člena 3(2), se lahko nadalje obdelujejo le za naslednje namene, ki se razlikujejo od namenov, za katere so bili posredovani ali je bil do njih omogočen dostop:

(a) the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties other than those for which they were transmitted or made available;

(a) preprečevanje, preiskovanje, odkrivanje ali pregon kaznivih dejanj ali izvrševanje kazni, ki niso tiste, za katere so bili podatki posredovani ali je bil do njih omogočen dostop;

(b) other judicial and administrative proceedings directly related to the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties;

(b) druge sodne in upravne postopke, ki so neposredno povezani s preprečevanjem, preiskovanjem, odkrivanjem ali pregonom kaznivih dejanj ali izvrševanjem kazni;

(d) any other purpose only with the prior consent of the transmitting Member State or with the consent of the data subject, given in accordance with national law.

(d) vse druge namene, vendar le s predhodnim soglasjem države članice, ki je posredovala podatke, ali privolitvijo posameznika, na katerega se osebni podatki nanašajo, v skladu z nacionalno zakonodajo.

Pristojni organi lahko posredovane podatke naprej uporabijo za zgodovinske, statistične ali znanstvene namene, če države članice poskrbijo za ustrezne zaščitne ukrepe, kot je na primer anonimizacija anonimnosti podatkov.

Article 12

Člen 12

Compliance with national processing restrictions

Upoštevanje nacionalnih omejitev glede obdelave

1. Where, under the law of the transmitting Member State, specific processing restrictions apply in specific circumstances to data exchanges between competent authorities within that Member State, the transmitting authority shall inform the recipient of such restrictions. The recipient shall ensure that these processing restrictions are met.

1. Če v skladu z zakonodajo države članice, ki posreduje podatke, v posebnih okoliščinah veljajo omejitve obdelave pri izmenjavi podatkov med pristojnimi organi v tej državi članici, organ, ki posreduje podatke, obvesti prejemnika o teh omejitvah. Prejemnik zagotovi, da se upoštevajo te omejitve obdelave.

2. When applying paragraph 1, Member States shall not apply restrictions regarding data transmissions to other Member States or to agencies or bodies established pursuant to Title VI of the Treaty on European Union other than those applicable to similar national data transmissions.

2. Države članice pri uporabi odstavka 1 ne uporabljajo omejitev za prenos podatkov drugim državam članicam ali agencijam ali telesom, ustanovljenim v skladu z naslovom VI Pogodbe o Evropski uniji, razen tistih, ki se uporabljajo za podobne nacionalne prenose podatkov.

Article 13

Člen 13

Transfer to competent authorities in third States or to international bodies

Prenos pristojnim organom v tretjih državah ali mednarodnim organom

1. Member States shall provide that personal data transmitted or made available by the competent authority of another Member State may be transferred to third States or international bodies, only if:

1. Države članice zagotovijo, da se lahko podatki, ki jih je posredoval pristojni organ druge države članice, ali podatki, do katerih je omogočil dostop, posredujejo tretjim državam ali mednarodnim telesom, samo če

(a) it is necessary for the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties;

(a) je to potrebno zaradi preprečevanja, preiskovanja, odkrivanja ali pregona kaznivih dejanj ali izvrševanja kazni;

(b) the receiving authority in the third State or receiving international body is responsible for the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties;

(b) je organ tretje države ali mednarodno telo, ki prejme podatke, pristojen za preprečevanje, preiskovanje, odkrivanje ali pregon kaznivih dejanj ali izvrševanje kazni;

(c) the Member State from which the data were obtained has given its consent to transfer in compliance with its national law; and

(d) the third State or international body concerned ensures an adequate level of protection for the intended data processing.

(d) zadevna tretja država ali mednarodno telo zagotovi ustrezno raven varstva podatkov pri predvideni obdelavi podatkov.

2. Transfer without prior consent in accordance with paragraph 1(c) shall be permitted only if transfer of the data is essential for the prevention of an immediate and serious threat to public security of a Member State or a third State or to essential interests of a Member State and the prior consent cannot be obtained in good time. The authority responsible for giving consent shall be informed without delay.

2. Prenos brez predhodnega soglasja je v skladu z odstavkom 1(c) je dovoljen le v primeru, če je prenos podatkov bistvenega pomena za preprečitev neposredne in resne ogroženosti javne varnosti države članice ali tretje države ali bistvene interese države članice in če ni mogoče pravočasno zagotoviti predhodnega soglasja. O tem se nemudoma obvesti organ, pristojen za izdajo soglasja.

3. By way of derogation from paragraph 1(d), personal data may be transferred if:

3. Z odstopanjem od odstavka 1(d), so lahko osebni podatki posredovani, če

(a) the national law of the Member State transferring the data so provides because of:

(a) to določa nacionalna zakonodaja države članice, ki posreduje podatke, zaradi:

(i) legitimate specific interests of the data subject; or

(i) posebnih legitimnih interesov posameznika, na katerega se nanašajo osebni podatki, ali

(ii) legitimate prevailing interests, especially important public interests; or

(ii) legitimnih prevladujočih interesov, še zlasti pomembnih javnih interesov ali

(b) the third State or receiving international body provides safeguards which are deemed adequate by the Member State concerned according to its national law.

(b) tretja država ali mednarodno telo, ki prejme podatke, zagotovi ustrezne varnostne ukrepe, ki jih zadevna država članica v skladu s svojo nacionalno zakonodajo oceni kot primerne.

4. The adequacy of the level of protection referred to in paragraph 1(d) shall be assessed in the light of all the circumstances surrounding a data transfer operation or a set of data transfer operations. Particular consideration shall be given to the nature of the data, the purpose and duration of the proposed processing operation or operations, the State of origin and the State or international body of final destination of the data, the rules of law, both general and sectoral, in force in the third State or international body in question and the professional rules and security measures which apply.

4. Ustreznost ravni varstva iz odstavka 1(d) se oceni glede na vse okoliščine v zvezi s postopkom prenosa podatkov ali niza takšnih postopkov. Posebna pozornost se nameni vrsti podatkov, namenu in trajanju predlaganega postopka ali postopkov obdelave, državi izvora ter državi ali mednarodnemu telesu, ki je končna prejemnica podatkov, splošni in sektorski pravni ureditvi, ki velja v zadevni tretji državi ali za mednarodno telo, ter strokovnim predpisom in varnostnim ukrepom, ki se uporabljajo.

Article 14

Člen 14

Transmission to private parties in Member States

Posredovanje zasebnim strankam v državah članicah

1. Member States shall provide that personal data received from or made available by the competent authority of another Member State may be transmitted to private parties only if:

1. Države članice zagotovijo, da so osebni podatki, ki jih je posredoval ali dal na voljo pristojni organ druge države članice, posredovani zasebnim strankam le, če:

(a) the competent authority of the Member State from which the data were obtained has consented to transmission in compliance with its national law;

(a) pristojni organ države članice, ki je posredovala podatke, da soglasje za prenos v skladu z nacionalno zakonodajo;

(b) no legitimate specific interests of the data subject prevent transmission; and

(b) ni posebnih zakonitih interesov posameznika, na katerega se nanašajo osebni podatki, ki bi preprečevali posredovanje in

(c) v posebnih primerih, če je prenos bistvenega pomena za pristojni organ, ki posreduje podatke zasebni stranki, zaradi:

(i) the performance of a task lawfully assigned to it;

(i) izvajanja naloge, ki mu je bila zakonito dodeljena;

(ii) the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties;

(ii) preprečevanja, preiskovanja, odkrivanja ali pregona kaznivih dejanj ali izvrševanja kazni;

(iii) the prevention of an immediate and serious threat to public security; or

(iii) preprečevanja neposredne in resne ogroženosti javne varnosti ali

(iv) the prevention of serious harm to the rights of individuals.

(iv) preprečevanja resnih kršitev pravic posameznikov.

2. The competent authority transmitting the data to a private party shall inform the latter of the purposes for which the data may exclusively be used.

2. Pristojni organ, ki posreduje podatke zasebni stranki, slednjo obvesti o izključnih namenih, za katere se lahko uporabljajo podatki.

Article 15

Člen 15

Information on request of the competent authority

Informacije na zahtevo pristojnega organa

The recipient shall, on request, inform the competent authority which transmitted or made available the personal data about their processing.

Prejemnik na zahtevo obvesti pristojni organ, ki je posredoval osebne podatke oziroma do njih omogočil dostop, o njihovi obdelavi.

Article 16

Člen 16

Information for the data subject

Obveščanje posameznika, na katerega se nanašajo osebni podatki

1. Member States shall ensure that the data subject is informed regarding the collection or processing of personal data by their competent authorities, in accordance with national law.

1. Države članice zagotovijo, da pristojni organi posameznika, na katerega se osebni podatki nanašajo, v skladu z nacionalno zakonodajo obvestijo o zbiranju ali obdelavi osebnih podatkov.

2. When personal data have been transmitted or made available between Member States, each Member State may, in accordance with the provisions of its national law referred to in paragraph 1, ask that the other Member State does not inform the data subject. In such case the latter Member State shall not inform the data subject without the prior consent of the other Member State.

2. Če so bili osebni podatki posredovani ali je bil do njih omogočen dostop med državami članicami, lahko posamezna država članica v skladu z določbami nacionalne zakonodaje iz odstavka 1 drugo državo članico prosi, da posameznika, na katerega se osebni podatki nanašajo, ne obvesti. V takšnem primeru slednja država članica posameznika, na katerega se osebni podatki nanašajo, ne obvesti brez predhodnega soglasja druge države članice.

Article 17

Člen 17

Right of access

Pravica dostopa

1. Every data subject shall have the right to obtain, following requests made at reasonable intervals, without constraint and without excessive delay or expense:

1. Vsak posameznik, na katerega se nanašajo osebni podatki, ima pravico, da na zahteve, podane v razumnih časovnih razmikih, prejme brez omejitev, večjih zamud ali stroškov:

(a) at least a confirmation from the controller or from the national supervisory authority as to whether or not data relating to him have been transmitted or made available and information on the recipients or categories of recipients to whom the data have been disclosed and communication of the data undergoing processing; or

(a) vsaj potrditev od upravljavca ali nacionalnega nadzornega organa, ali so bili podatki v zvezi z njim posredovani oziroma je bil do njih omogočen dostop, ter informacije o prejemnikih ali kategorijah prejemnikov, ki so jim bili podatki razkriti, in poročilo o podatkih, ki so v obdelavi, ali

(b) at least a confirmation from the national supervisory authority that all necessary verifications have taken place.

(b) vsaj potrditev nacionalnega nadzornega organa, da so bila izvedena vsa potrebna preverjanja.

2. The Member States may adopt legislative measures restricting access to information pursuant to paragraph 1(a), where such a restriction, with due regard for the legitimate interests of the person concerned, constitutes a necessary and proportional measure:

2. Države članice lahko na podlagi odstavka 1(a) sprejmejo zakonodajne ukrepe za omejitev dostopa do informacij, če je takšna omejitev, ki mora upoštevati legitimne interese zadevne osebe, nujna in sorazmerna za:

(a) to avoid obstructing official or legal inquiries, investigations or procedures;

(a) preprečitev oviranja uradnih in zakonitih preiskav, poizvedb ali postopkov;

(b) to avoid prejudicing the prevention, detection, investigation and prosecution of criminal offences or for the execution of criminal penalties;

(b) izogibanje temu, da se vpliva na preprečevanje, preiskovanje, odkrivanje ali pregon kaznivih dejanj ali izvrševanje kazni;

(d) to protect national security;

(d) zaščito nacionalne varnosti;

(e) to protect the data subject or the rights and freedoms of others.

(e) varstvo posameznika, na katerega se nanašajo osebni podatki, ali pravic in svoboščin drugih.

3. Any refusal or restriction of access shall be set out in writing to the data subject. At the same time, the factual or legal reasons on which the decision is based shall also be communicated to him. The latter communication may be omitted where a reason under paragraph 2(a) to (e) exists. In all of these cases the data subject shall be advised that he may appeal to the competent national supervisory authority, a judicial authority or to a court.

3. Posameznik, na katerega se nanašajo osebni podatki, je o zavrnitvi ali omejitvi dostopa pisno obveščen. Hkrati se zadevni osebi sporočijo dejanski ali pravni razlogi, na katerih temelji odločitev. To sporočilo se lahko opusti, če obstaja razlog na podlagi odstavka 2 (a) do (e). V vseh teh primerih se posameznika, na katerega se osebni podatki nanašajo, seznani z možnostjo pritožbe pri pristojnem nacionalnem nadzornem organu, sodnemu organu ali na sodišču.

Article 18

Člen 18

Right to rectification, erasure or blocking

Pravica do popravka, izbrisa ali blokiranja

1. The data subject shall have the right to expect the controller to fulfil its duties in accordance with Articles 4, 8 and 9 concerning the rectification, erasure or blocking of personal data which arise from this Framework Decision. Member States shall lay down whether the data subject may assert this right directly against the controller or through the intermediary of the competent national supervisory authority. If the controller refuses rectification, erasure or blocking, the refusal must be communicated in writing to the data subject who must be informed of the possibilities provided for in national law for lodging a complaint or seeking judicial remedy. Upon examination of the complaint or judicial remedy, the data subject shall be informed whether the controller acted properly or not. Member States may also provide that the data subject shall be informed by the competent national supervisory authority that a review has taken place.

1. Posameznik, na katerega se osebni podatki nanašajo, ima pravico pričakovati, da upravljavec v skladu s členi 4, 8 in 9 izpolnjuje svoje dolžnosti glede popravka, izbrisa ali blokiranja osebnih podatkov, ki izhajajo iz tega okvirnega sklepa. Države članice določijo, ali lahko posameznik, na katerega se osebni podatki nanašajo, uveljavlja to pravico neposredno pri upravljavcu ali s posredovanjem pristojnega nacionalnega nadzornega organa. Če upravljavec zavrne popravek, izbris ali blokiranje, mora posameznika, na katerega se nanašajo osebni podatki, o tem pisno obvestiti in mu posredovati informacije o možnostih za vložitev pritožbe ali pravnem sredstvu, ki jih zagotavlja nacionalna zakonodaja. Po obravnavi pritožbe ali pravnega sredstva se posameznika, na katerega se nanašajo osebni podatki, obvesti o tem, ali je upravljavec ravnal pravilno ali ne. Države članice lahko tudi določijo, da posameznika, na katerega se nanašajo podatki, pristojni nacionalni organ obvesti o tem, da je izvedel preverjanje.

2. If the accuracy of an item of personal data is contested by the data subject and its accuracy or inaccuracy cannot be ascertained, referencing of that item of data may take place.

2. Če posameznik, na katerega se osebni podatki nanašajo, izpodbija točnost nekega podatka in če ni mogoče preveriti, ali je podatek točen ali ne, se lahko ta podatek označi z navedbo.

Article 19

Člen 19

Right to compensation

Pravica do odškodnine

1. Any person who has suffered damage as a result of an unlawful processing operation or of any act incompatible with the national provisions adopted pursuant to this Framework Decision shall be entitled to receive compensation for the damage suffered from the controller or other authority competent under national law.

1. Vsak posameznik, ki je utrpel škodo zaradi nezakonitega postopka obdelave ali katerega koli dejanja, ki je nezdružljivo z nacionalnimi določbami, sprejetimi v skladu s tem okvirnim sklepom, ima pravico od upravljavca ali drugega organa, pristojnega v skladu z nacionalno zakonodajo, dobiti odškodnino za nastalo škodo.

2. Where a competent authority of a Member State has transmitted personal data, the recipient cannot, in the context of its liability vis-à-vis the injured party in accordance with national law, cite in its defence that the data transmitted were inaccurate. If the recipient pays compensation for damage caused by the use of incorrectly transmitted data, the transmitting competent authority shall refund to the recipient the amount paid in damages, taking into account any fault that may lie with the recipient.

2. Če je pristojni organ države članice posredoval osebne podatke, se prejemnik v okviru svoje odgovornosti do oškodovanca v skladu z notranjo zakonodajo ne more sklicevati na to, da so bili posredovani podatki netočni. Če prejemnik plača odškodnino za škodo, nastalo zaradi uporabe nepravilno posredovanih podatkov, pristojni organ, ki podatke posreduje, prejemniku povrne znesek izplačane odškodnine, ob upoštevanju vseh morebitnih napak s strani prejemnika.

Article 20

Člen 20

Judicial remedies

Pravna sredstva

Without prejudice to any administrative remedy for which provision may be made prior to referral to the judicial authority, the data subject shall have the right to a judicial remedy for any breach of the rights guaranteed to him by the applicable national law.

Brez poseganja v upravna sredstva pred predložitvijo zadeve sodnemu organu ima posameznik, na katerega se osebni podatki nanašajo, v primeru kršitve pravic, zagotovljenih z nacionalno zakonodajo, pravico do sodnega varstva.

Article 21

Člen 21

Confidentiality of processing

Zaupnost obdelave

1. Any person who has access to personal data which fall within the scope of this Framework Decision may process such data only if that person is a member of, or acts on instructions of, the competent authority, unless he is required to do so by law.

1. Vsaka oseba, ki ima dostop do osebnih podatkov, ki sodijo v področje uporabe tega okvirnega sklepa, lahko te podatke obdeluje samo, če je član pristojnega organa ali deluje po njegovih navodilih, razen, če zakon določa drugače.

2. Persons working for a competent authority of a Member State shall be bound by all the data protection rules which apply to the competent authority in question.

2. Osebe, ki delajo za pristojni organ države članice, obvezujejo predpisi o varstvu podatkov, ki veljajo za zadevni pristojni organ.

Article 22

Člen 22

Security of processing

Varnost obdelave

1. Member States shall provide that the competent authorities must implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission over a network or the making available by granting direct automated access, and against all other unlawful forms of processing, taking into account in particular the risks represented by the processing and the nature of the data to be protected. Having regard to the state of the art and the cost of their implementation, such measures shall ensure a level of security appropriate to the risks represented by the processing and the nature of the data to be protected.

1. Države članice določijo, da morajo pristojni organi izvajati ustrezne tehnične in organizacijske ukrepe za zaščito osebnih podatkov pred slučajnim ali nezakonitim uničenjem ali slučajno izgubo, predelavo, nepooblaščenim razkritjem ali dostopom, predvsem kadar obdelava vključuje pošiljanje podatkov po omrežju ali omogočanje neposrednega avtomatskega dostopa, ter proti vsem drugim nezakonitim oblikam obdelave, zlasti ob upoštevanju tveganj, ki jih predstavljata obdelava in narava podatkov, ki jih je treba varovati. Takšni ukrepi ob upoštevanju doseženega stanja v razvoju tehnologije in stroškov za njihovo izvajanje zagotavljajo raven varnosti, ustrezno tveganju zaradi obdelave in narave podatkov, ki jih je treba varovati.

2. In respect of automated data processing each Member State shall implement measures designed to:

2. V zvezi z avtomatsko obdelavo podatkov vsaka država članica uveljavi ukrepe, katerih namen je:

(a) deny unauthorised persons access to data-processing equipment used for processing personal data (equipment access control);

(a) nepooblaščenim osebam onemogočiti dostop do opreme za obdelavo podatkov, ki se uporablja za obdelavo osebnih podatkov (nadzor dostopa do opreme);

(b) prevent the unauthorised reading, copying, modification or removal of data media (data media control);

(b) preprečiti nepooblaščeno branje, prepisovanje, spreminjanje ali odnašanje nosilcev podatkov (nadzor nosilcev podatkov);

(c) prevent the unauthorised input of data and the unauthorised inspection, modification or deletion of stored personal data (storage control);

(c) preprečiti nepooblaščeno vnašanje podatkov v podatkovne zbirke in nepooblaščeno pregledovanje, spreminjanje ali brisanje shranjenih osebnih podatkov (nadzor shranjevanja);

(d) prevent the use of automated data-processing systems by unauthorised persons using data communication equipment (user control);

(d) preprečiti uporabo sistemov za avtomatsko obdelavo podatkov nepooblaščenih oseb, ki uporabljajo opremo za sporočanje podatkov (nadzor uporabnikov);

(e) ensure that persons authorised to use an automated data-processing system only have access to the data covered by their access authorisation (data access control);

(e) zagotoviti, da imajo osebe, pooblaščene za uporabo avtomatskega sistema obdelave podatkov, le dostop do podatkov, ki jih zajema njihovo pooblastilo za dostop (nadzor dostopa do podatkov);

(f) ensure that it is possible to verify and establish to which bodies personal data have been or may be transmitted or made available using data communication equipment (communication control);

(f) zagotoviti možnost preverjanja in ugotavljanja, katerim organom so osebni podatki bili ali bi lahko bili poslani oziroma jim je bil ali bi jim lahko bil omogočen dostop do njih prek opreme za prenos podatkov (nadzor prenosa);

(g) ensure that it is subsequently possible to verify and establish which personal data have been input into automated data-processing systems and when and by whom the data were input (input control);

(g) zagotoviti, da se lahko naknadno preveri in ugotovi, kateri osebni podatki so bili vneseni v sisteme za avtomatsko obdelavo podatkov ter kdaj in kdo jih je vnesel (nadzor vnosa);

(h) prevent the unauthorised reading, copying, modification or deletion of personal data during transfers of personal data or during transportation of data media (transport control);

(h) preprečiti nepooblaščeno branje, prepisovanje, spreminjanje ali izbris osebnih podatkov med pošiljanjem osebnih podatkov ali med premeščanjem nosilcev podatkov (nadzor premeščanja);

(i) ensure that installed systems may, in case of interruption, be restored (recovery);

(i) zagotoviti, da se lahko nameščeni sistemi v primeru prekinitve ponovno vzpostavijo (obnova);

(j) ensure that the functions of the system perform, that the appearance of faults in the functions is reported (reliability) and that stored data cannot be corrupted by means of a malfunctioning of the system (integrity).

(j) zagotoviti, da funkcije sistema delujejo, da se pojavljanje napak v funkcijah sporoči (zanesljivost) in da shranjeni podatki ne morejo postati neuporabni zaradi okvare sistema (neoporečnost).

3. Member States shall provide that processors may be designated only if they guarantee that they observe the requisite technical and organisational measures under paragraph 1 and comply with the instructions under Article 21. The competent authority shall monitor the processor in those respects.

3. Države članice določijo, da je lahko za obdelovalca imenovana le oseba, ki zagotovi, da bo izvajala potrebne tehnične in organizacijske ukrepe iz odstavka 1 in upoštevala navodila iz člena 21. Pristojni organ nadzoruje obdelovalca v tem pogledu.

4. Personal data may be processed by a processor only on the basis of a legal act or a written contract.

4. Obdelovalec lahko osebne podatke obdeluje le na podlagi pravnega predpisa ali pisne pogodbe.

Article 23

Člen 23

Prior consultation

Predhodno posvetovanje

Member States shall ensure that the competent national supervisory authorities are consulted prior to the processing of personal data which will form part of a new filing system to be created where:

Države članice pred obdelavo osebnih podatkov, ki bodo del nove zbirke podatkov ali novega postopka, zagotovijo posvetovanje s pristojnim nacionalnim nadzornim organom, če:

(a) special categories of data referred to in Article 6 are to be processed; or

(a) bodo obdelane posebne vrste podatkov iz člena 6 ali

(b) the type of processing, in particular using new technologies, mechanism or procedures, holds otherwise specific risks for the fundamental rights and freedoms, and in particular the privacy, of the data subject.

(b) vrsta obdelave, predvsem zaradi novih tehnologij, mehanizmov ali postopkov, drugače vključuje posebna tveganja za temeljne pravice in svoboščine ter zlasti za zasebnost posameznika, na katerega se osebni podatki nanašajo.

Article 24

Člen 24

Penalties

Kazni

Member States shall adopt suitable measures to ensure the full implementation of the provisions of this Framework Decision and shall in particular lay down effective, proportionate and dissuasive penalties to be imposed in case of infringements of the provisions adopted pursuant to this Framework Decision.

Države članice sprejmejo ustrezne ukrepe za zagotovitev popolne izvedbe določb tega okvirnega sklepa in predvsem določijo učinkovite, sorazmerne in odvračilne kazni, ki se naložijo ob kršitvi določb, sprejetih v skladu s tem okvirnim sklepom.

Article 25

Člen 25

National supervisory authorities

Nacionalni nadzorni organi

1. Each Member State shall provide that one or more public authorities are responsible for advising and monitoring the application within its territory of the provisions adopted by the Member States pursuant to this Framework Decision. These authorities shall act with complete independence in exercising the functions entrusted to them.

1. Vsaka država članica na svojem ozemlju določi javni organ ali več javnih organov, odgovornih za svetovanje in spremljanje uporabe predpisov, ki so jih sprejele države članice na podlagi tega okvirnega sklepa. Ti organi pri izvajanju nalog, ki so jim zaupane, delujejo popolnoma neodvisno.

2. Each authority shall in particular be endowed with:

2. Vsakemu organu se podelijo predvsem:

(a) investigative powers, such as powers of access to data forming the subject matter of processing operations and powers to collect all the information necessary for the performance of its supervisory duties;

(a) preiskovalna pooblastila, kot so pooblastila za dostop do podatkov, ki sestavljajo vsebino postopkov obdelave, in pooblastila za zbiranje vseh informacij, ki so potrebne za izvajanje njegovih nadzornih nalog;

(b) effective powers of intervention, such as, for example, that of delivering opinions before processing operations are carried out, and ensuring appropriate publication of such opinions, of ordering the blocking, erasure or destruction of data, of imposing a temporary or definitive ban on processing, of warning or admonishing the controller, or that of referring the matter to national parliaments or other political institutions;

(b) učinkovita pooblastila za posredovanje, kot je na primer dajanje mnenj pred izvajanjem postopkov obdelave, in zagotavljanje ustrezne objave takšnih mnenj, odrejanje blokiranja, izbrisa ali uničenja podatkov, izrek začasne ali dokončne prepovedi obdelave, opozarjanje ali opominjanje upravljavca, ali predložitev zadeve nacionalnim parlamentom ali drugim političnim institucijam;

(c) the power to engage in legal proceedings where the national provisions adopted pursuant to this Framework Decision have been infringed or to bring this infringement to the attention of the judicial authorities. Decisions by the supervisory authority which give rise to complaints may be appealed against through the courts.

(c) pooblastila za sodelovanje v sodnih postopkih, kadar so kršene nacionalne določbe, sprejete na podlagi tega okvirnega sklepa, ali za seznanitev pravosodnih organov s temi kršitvami. Zoper odločitve nadzornega organa se je mogoče pritožiti na sodiščih.

3. Each supervisory authority shall hear claims lodged by any person concerning the protection of his rights and freedoms in regard to the processing of personal data. The person concerned shall be informed of the outcome of the claim.

3. Vsak nadzorni organ obravnava zahtevke, ki jih vloži katera koli oseba v zvezi z varstvom njenih pravic in svoboščin, povezanim z obdelavo osebnih podatkov. Zadevna oseba je obveščena o odločitvah glede zahtevka.

4. Member States shall provide that the members and staff of the supervisory authority are bound by the data protection provisions applicable to the competent authority in question and, even after their employment has ended, are to be subject to a duty of professional secrecy with regard to confidential information to which they have access.

4. Države članice določijo, da so člani in uslužbenci nadzornega organa prav tako zavezani k izpolnjevanju predpisov o varstvu podatkov, ki veljajo za zadevni pristojni organ, in da so tudi po končani zaposlitvi zavezani k dolžnosti poklicne molčečnosti glede zaupnih informacij, do katerih imajo dostop.

Article 26

Člen 26

Relationship to agreements with third States

Razmerje do sporazumov s tretjimi državami

This Framework Decision is without prejudice to any obligations and commitments incumbent upon Member States or upon the Union by virtue of bilateral and/or multilateral agreements with third States existing at the time of adoption of this Framework Decision.

Ta okvirni sklep ne posega v nobeno obveznost in zavezo držav članic ali Unije iz dvostranskih in/ali večstranskih sporazumov s tretjimi državami, obstoječimi ob sprejetju tega okvirnega sklepa.

In the application of these agreements, the transfer to a third State of personal data obtained from another Member State, shall be carried out while respecting Article 13(1)(c) or (2), as appropriate.

Pri uporabi teh sporazumov se osebni podatki, ki jih je posredovala druga država članica, posredujejo tretji državi ob upoštevanju, po potrebi, člena 14(1)(c) ali (2).

Article 27

Člen 27

Evaluation

Vrednotenje

1. Member States shall report to the Commission by 27 November 2013 on the national measures they have taken to ensure full compliance with this Framework Decision, and particularly with regard to those provisions that already have to be complied with when data is collected. The Commission shall examine in particular the implications of those provisions for the scope of this Framework Decision as laid down in Article 1(2).

1. Države članice poročajo Komisiji o nacionalnih ukrepih, ki so jih sprejele za zagotovitev skladnosti s tem okvirnim sklepom, zlasti v zvezi s tistimi določbami, ki morajo biti usklajene že pri zbiranju podatkov do 27. novembra 2013. Komisija pregleda zlasti vplive določb o področju uporabe tega okvirnega sklepa, kakor določa člen 1(2).

2. The Commission shall report to the European Parliament and the Council within one year on the outcome of the evaluation referred to in paragraph 1, and shall accompany its report with any appropriate proposals for amendments to this Framework Decision.

2. V roku enega leta Komisija poroča Evropskemu parlamentu in Svetu o izidu vrednotenja iz odstavka 1 in svojemu poročilu priloži morebitne ustrezne predloge za spremembo tega okvirnega sklepa.

Article 28

Člen 28

Relationship to previously adopted acts of the Union

Razmerje do predhodno sprejetih aktov Unije

Where in acts, adopted under Title VI of the Treaty on European Union prior to the date of entry into force of this Framework Decision and regulating the exchange of personal data between Member States or the access of designated authorities of Member States to information systems established pursuant to the Treaty establishing the European Community, specific conditions have been introduced as to the use of such data by the receiving Member State, these conditions shall take precedence over the provisions of this Framework Decision on the use of data received from or made available by another Member State.

Če so bili v aktih, sprejetih v skladu z naslovom VI Pogodbe o Evropski uniji pred dnem začetka veljavnosti tega okvirnega sklepa, ki urejajo izmenjavo osebnih podatkov med državami članicami oziroma dostop določenih organov držav članic do informacijskih sistemov, vzpostavljenih na podlagi Pogodbe o ustanoviti Evropske skupnosti, uvedeni posebni pogoji, pod katerimi lahko država članica prejemnica uporabljate podatke, imajo ti pogoji prednost pred določbami tega okvirnega sklepa o uporabi podatkov, ki jih je sprejela ali do njih omogočila dostop druga država članica.

Article 29

Člen 29

Implementation

Izvajanje

1. Member States shall take the necessary measures to comply with the provisions of this Framework Decision before 27 November 2010.

1. Države članice sprejmejo ukrepe, potrebne za uskladitev z določbami tega okvirnega sklepa pred 27. novembrom 2010.

2. By the same date Member States shall transmit to the General Secretariat of the Council and to the Commission the text of the provisions transposing into their national law the obligations imposed on them under this Framework Decision, as well as information on the supervisory authorities referred to in Article 25. On the basis of a report established using this information by the Commission, the Council shall, before 27 November 2011, assess the extent to which Member States have complied with the provisions of this Framework Decision.

2. Do tega datuma države članice pošljejo Generalnemu sekretariatu Sveta in Komisiji besedilo določb, ki prenašajo v nacionalno zakonodajo obveznosti, ki jim jih nalaga ta okvirni sklep, ter obveznosti o določitvi nadzornih organov, navedenih v členu 25. Na podlagi poročila Komisije, ki je oblikovan z uporabo teh informacij, Svet pred 27. novembrom 2011 preveri, v kakšnem obsegu so države članice usklajene z določbami tega okvirnega sklepa.

Article 30

Člen 30

Entry into force

Začetek veljavnosti

This Framework Decision shall enter into force on the 20th day following its publication in the Official Journal of the European Union.

Ta okvirni sklep začne veljati dvajseti dan po objavi v Uradnem listu Evropske unije.

Done at Brussels, 27 November 2008.

V Bruslju, 27. novembra 2008

For the Council

Za Svet

The President

Predsednica

M. Alliot-Marie

[1] OJ C 125 E, 22.5.2008, p. 154.

[1] UL C 125 E, 22.5.2008, str. 154.

[2] OJ C 198, 12.8.2005, p. 1.

[2] UL C 198, 12.8.2005, str. 1.

[3] OJ L 281, 23.11.1995, p. 31.

[3] UL L 281, 23.11.1995, str. 31.

[4] OJ L 8, 12.1.2001, p. 1.

[4] UL L 8, 12.1.2001, str. 1.

[5] OJ L 201, 31.7.2002, p. 37.

[5] UL L 201, 31.7.2002, str. 37.

[6] OJ L 69, 16.3.2005, p. 67.

[6] UL L 69, 16.3.2005, str. 67.

[7] OJ L 210, 6.8.2008, p. 1.

[7] UL L 210, 6.8.2008, str. 1.

[8] OJ L 131, 1.6.2000, p. 43.

[8] UL L 131, 1.6.2000, str. 43.

[9] OJ L 64, 7.3.2002, p. 20.

[9] UL L 64, 7.3.2002, str. 20.

[10] OJ L 176, 10.7.1999, p. 36.

[10] UL L 176, 10.7.1999, str. 36.

[11] OJ L 176, 10.7.1999, p. 31.

[11] UL L 176, 10.7.1999, str. 31.

[12] OJ L 53, 27.2.2008, p. 52.

[12] UL L 53, 27.2.2008, str. 52.

[13] OJ L 53, 27.2.2008, p. 50.

[13] UL L 53, 27.2.2008, str. 50.

[14] OJ L 83, 26.3.2008, p. 5.

[14] UL L 83, 26.3.2008, str. 5.

[15] OJ C 303, 14.12.2007, p. 1.

[15] UL C 303, 14.12.2007, str. 1.

--------------------------------------------------

Top

BG CS DA DE EL EN ES ET FI FR HU IT LT LV MT NL PL PT RO SK SL SV	BG CS DA DE EL EN ES ET FI FR HU IT LT LV MT NL PL PT RO SK SL SV
en	sl

Bilingual display

en

sl