Back to EUR-Lex homepage

EUR-Lex Access to European Union law

Back to EUR-Lex homepage

This document is an excerpt from the EUR-Lex website

Use quotation marks to search for an "exact phrase". Append an asterisk (*) to a search term to find variations of it (transp*, 32019R*). Use a question mark (?) instead of a single character in your search term to find variations of it (ca?e finds case, cane, care).
Search tips
Need more search options? Use the Advanced search
You are here

Document 52012SC0075

COMMISSION STAFF WORKING DOCUMENT ANNEX

/* SEC/2012/0075 final */

Date of document:
25/01/2012
Date of dispatch:
27/01/2012; aan de Raad gezonden
Date of dispatch:
27/01/2012; aan het Parlement gezonden
Date of end of validity:
No end date
Author:
Europese Commissie
Form:
Werkdocument van de diensten
Procedure number:
Link
Link
Link
Select all documents mentioning this document
Related document(s):

52012SC0075

COMMISSION STAFF WORKING DOCUMENT ANNEX /* SEC/2012/0075 final */


ANNEX

The information in the following tables was submitted to the Commission by the Member States in response to the questionnaire of 9.12.2010 (including transposition tables).

By letter of 9 December 2010 the Commission reminded Member States of their obligation to implement and asked them for feedback on the following issues: scope of national provisions implementing the Framework Decision (and in particular if these provisions also apply to the processing of personal data at national level), a data subject's right to information and access (Art. 16, 17), the supervisory authority (Art. 25) and issues at national level which affect the proper implementation of the Framework Decision.

By 1 January 2011, only 3 Member States (Latvia, Denmark and Greece) as well as Norway and Switzerland had provided the Commission with information.

At the occasion of the stakeholder workshop meeting on the implementation of the Framework Decision which took place on 2 February 2011, the Commission set 15 February 2011 as the cut-off date for receipt of further notifications from the Member States. By the cut-off date the Commission had received information from 9 additional Member States (Slovenia, Bulgaria, United Kingdom, Portugal, Slovakia, Poland, Austria, Ireland, France and Lithuania). In total 50% of all the Member States had complied with their obligation under the Framework Decision.

In the end, the Commission decided to take into account also information supplied after 15 February 2011.

Table 1

Table 1 –Overview of Member States' replies according to their own assessment in terms of the status of implementation of the Framework Decision

|| Status of implementation as reported by Member States || Texts of implementing measures [1] || Information on Data Protection Supervisory Authorities

Belgium || Implemented Referring to Data Protection Law of 8.12.1992, Code d’instruction criminelle, L’Arrêté royal du 13 février 2001. || yes || yes

Bulgaria || Partially implemented Referring in particular to the Personal Data Protection Act (ZZLD) and the amending draft act ZIDZZLD || yes || yes

Czech Republic || Implemented Referring to Act 101/2000 Coll. on data protection as amended; Act on Police 273/2008 Coll., Act on Customs Administration 185/2004 Coll., Act on Military Police 124/1992 Coll. and Act on Criminal procedure 141/1961 Coll. || yes || no

Denmark || Implemented Referring in particular to Act No. 188 and Act on the Processing of Personal Data, Order No. 1287 on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters. || yes || yes

Germany || Implemented Referring to the Federal Data Protection Law, data protection laws of the Länder and other specific instruments in the area of police and judicial matters in conjunction with an administrative regulation || Yes || yes

Estonia || Implemented Referring to the Personal Data Protection Act and to the Code of Criminal Procedure. || no || yes

Ireland || Implemented Referring in particular to the Data Protection Acts 1988 and 2003 and to the code of Practice on Data Protection ("An Garda Síochána"). || yes || yes

Greece || Not implemented EL informed that the implementation process has "not yet been completed" . || no || no

Spain || Partially implemented Referring to Organic Law 15/1999 on the protection of personal data, the Code of Criminal Procedure and amendments. A additional draft bill is prepared to amend the legislation on the protection of personal data. || no || yes

France || Partially implemented Referring in particular to Loi 2003-239 du 18 mars 2003 pour la sécurité intérieure, to different Dècrets and to Loi n°78-17 "l'informatique, aux fichiers et aux libertés". || yes || yes

Italy || Not implemented[2] Referring to Personal Data Protection Code, Criminal Procedure Code and to the Legislative Decree of 30/06/2003 (Code on personal data). || no || no

Cyprus || Not implemented CY informed that a mixed committee has been set up to come up with a conclusion on the most efficient method for implementation. || no || no

Latvia || Implemented Referring in particular to the Law on the protection of natural persons' data; to Regulations no 40 and no 765. The latter relates to general security requirements for State information systems. || yes || Yes

Lithuania || Implemented Referring in particular to the Law on the Legal Protection of Personal Data processed in the Framework of Police and Judicial Cooperation in Criminal Matters of 2011. || yes || yes

Luxembourg || Implemented Referring in particular to the Data Protection Law of 2002, Criminal Code, Law of 2010 on the Council Act of 2000 establishing mutual legal assistance between Member States of the EU in criminal matters, Law of 2008 on access of magistrates and criminal police officers. || yes || yes[3]

Hungary || Implemented (by 1.1.2012) Act on the Right of Informational Self-determination and Freedom of Information (Act CXII of 2011) = the new Hungarian Data Protection legislation - enters into force on 1.1.2012; Act on the National Tax and Customs office (Acts CXXII of 2010) – in force since 19.11.2010; Amendments to Act on Police (Act XXXIV of 1994); Act on the Hungarian Prison Service Organisation (Act CVII of 1995); Act on the international cooperation of law enforcement bodies (Act LIV of 2002); Act on the Prosecution Service Relations and the Data Processing of the Prosecution (Act LXXX of 1994); Act on the activities of Forensic experts (Act XLVII of 2005). || no || no

Malta || Partially implemented Referring in particular to the Processing of Personal Data (Police and Judicial Cooperation in Criminal Matters) Regulations, 2011. || yes || yes

Netherlands || Partially implemented Referring in particular to DPFD Implementation Bill amending the Police Data Act and the Judicial and Criminal Procedure Data Act || yes || yes

Austria || Implemented Referring to the DatenschutzG 2000, the Sicherheitspolizeigesetz and the Strafprozessordnung. || no || yes

Poland || Partially implemented Referring in particular to the "Personal Data Protection Act" of 29 August 1997. || no || yes

Portugal || Partially implemented Referring to Law No 67/98 of 26 October 1998 ("Personal Data Protection Law"). || no || yes

Romania || No reaction to either the Commission request of 9.12.2011 or to the reminder

Slovenia || Partially implemented Referring to State Prosecutors' Act 2011, Act on Police Tasks and Authorisations and to amendments of the Personal Data Protection Act. || no || no

Slovakia || Implemented Referring in particular to Act 192/2011, Act No 124/1992 on the Military Police, Slovak National Council Act No 171/1993 on the Police Force, Act No 4/2001 on the Prison and Court Guard Service, Act No 153/2001 on the public prosecutor, Act No 652/2004 on State administrative authorities in the field of customs and Act No 428/2002 on the protection of personal data. || yes || yes

Finland || Partially implemented Referring in particular to the DRAFT Government Bill for an Act amending the Act on the Processing of Personal Data by the Police, Personal Data Act (523/1999), Act on the Processing of Personal Data by the Police (761/2003 and Government Bill HE 98/2010 and Criminal Investigations Act (449/1987). || yes || yes

Sweden || Implemented Referring in particular to the Personal Data Act (1998,204). || yes || yes

United Kingdom || Implemented Referring to the Data Protection Act 1998. || yes || yes

EEA countries and Switzerland

Switzerland || Implemented Referring to Loi fédérale sur la protection des données personnelles du 19.6.1992 (LPD); Ordonnance relative à la loi fédérale sur la protection des données du 14.6.1993; Code pénal suisse du 21.12.1937; Loi du 20.3.1981 sur l'entraide pénale internationale; Ordonnance du 24.2.1982 sur l'entraide pénale internationale (EIMP); Code de procédure pénale 5.10.2007; Loi du 12.6.2009 sur l'échange s'informations entre les autorités de poursuite pénale de la Confédération et celles des autres Etats Schengen (LEIS). || yes || yes

Norway || Implemented Referring to Act relating to the processing of personal data by the police and the prosecuting authority (the Police Register Act). || yes || yes

Iceland || No reaction to Commission request

Lichtenstein || Implemented Referring to Draft amendments to Strafprozessordnung, DatenschutzG, AmtshaftungsG, PolizeiG idF LGBl 2010 Nr 394; DatenschutzG, DatenschutzVO; Staatspersonalgesetz; Richterdienstgesetz; Rechtshilfegesetz. || no || yes

Table 2

Table 2 –Scope of measures implementing Framework Decision 2008/977/JHA

|| Implementing measures || Scope of application

Belgium || a) Loi du 8 décembre 1992 relative à la protection de la vie privée à l’égard des traitements de données à caractère personnel; b) Code d’instruction criminelle (code de procédure pénale belge; c) Arrêté Royal du 13 février 2001 || a)pplies to processing at national level and to cross-border transmission; b) not specified; c) not specified.

Bulgaria || a) Personal Data Protection Act b) Draft law amending the Personal Data Protection Act || a) applies to processing at national level and to cross-border transmission; b) applies only to cross-border transmission.

Czech Republic || a) Act 101/2000 Coll. on data protection as amended; b) Act on Police 273/2008 Coll., c) Act on Customs Administration 185/2004 Coll., d) the Act on Military Police 124/1992 Coll., e) Act on Criminal procedure 141/1961 Coll. || different data protection rules for processing at national level and for crossborder transmission (not specified).

Denmark || a) Act No. 188 of 18.3.2009 amending the Act on the Processing of Personal Data; b) Order No. 1287 of 25.11.2010 on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters within the European Union and the Schengen area; c) Lov 2000-05-31, n° 429 om behandling af personoplysininger (general data protection act), including amendment of 19.3.2009; d) Bekendtgorelse om sikkerhedsforanstaltninger til beskyttelse af personoplysninger, som behandles for den offentlige forvaltning, 15.6.2000 (BEK nr 528); e) Bekendtgorelse om sikkerhedsforanstaltninger til beskyttelse af personoplysninger, som behandles for domstolene (BEK nr 535 af 15.6.2000); f) Administrative guidelines on application of the transposition of the Framework Decision by competent authorities envisaged. || a) and b) apply only to cross-border transmission; c) – e) apply to data processing at national level and to cross-border transmission; f) applies to cross-border transmission.

Germany || a) Police Acts of the Federal State and the Länder; b) Federal Data Protection Act and Data Protection Acts of the Länder; c) Code of Criminal Procedure d) Administrative circular for Bundeskriminalamt. || a) – c) apply to data processing at national level and to cross-border transmission; d) applies only to cross-border transmission.

Estonia || a) Personal Data Protection Act b) Code of Criminal Procedure || a) – b) apply to data processing at national level and to cross-border transmission.

Ireland || a) Data Protection Act 1988 as amended by Data Protection Act 2003 b) Code of Practice of An Garda Siochána c) future code of practice between the Data Protection Commissioner and Revenue (taxation and customs authority) || a) – b) applies to data processing at national level and to cross-border transmission; c) not clear if it applies to processing at national level and cross-border transmission or not.

Greece || not implemented

Spain || a) Organic Law 15/1999 on the protection of personal data b) further specific provisions still need to be adopted || a) applies to data processing at national level and to cross-border transmission; b) no information provided

France || a) Loi 2003-239 du 18 mars 2003 pour la sécurité intérieure; b) Décret n°2001-583 du 5 juillet 2001 modifié en 2006 portant création du STIC (système de traitement des infractions constatées; c) Décret n° 2006-1411 du 20 novembre 2006 portant création du système judiciaire de documentation et d'exploitation dénommé « JUDEX; d) Décret n°87-249 du 8 avril 1987 relatif au fichier automatisé des empreintes digitales (FAED); e) Décret 2000-413 du 18 mai 2000 relatif au fichier national automatisé des empreintes génétiques (FNAEG); f) Loi n°78-17 du 6 janvier 1978 relative à l'informatique, aux fichiers et aux libertés. || a) – f) apply to data processing at national level and to cross-border transmissions

Italy || not implemented; in the absence of implementing measures, in line with the privacy code, the criminal procedure code applies || seemingly applies to data processing at national level and to cross-border transmissions

Cyprus || not implemented

Latvia || Law on the protection of Natural Persons' Data (including Regulation n° 40-Cabinet Regulation of 30.1.2001 laying down mandatory technical and organisational requirements for the protection of personal data; Regulation n° 765-Cabinet Regulation of 11.10.2005 on general security requirements for State information systems). || applies to data processing at national level and to cross-border transmission

Lithuania || a) Constitution of the Republic of Lithuania adopted by citizens in the referendum of 25 October 1992 (Žin., 1992, No 33-1014); b) Code of Civil Procedure of the Republic of Lithuania No IX-743 (Žin., 2002, No 36-1340); c) Law of the Republic of Lithuania on Administrative Proceedings No VIII-1927 (Žin., 2000, No 85-2566); d) Law of the Republic of Lithuania on Legal Protection of Personal Data No X-1444 (Žin., 2008, No 137-5383); e) Law No X-1685 Amending and Supplementing Articles 33, 34, 36, 38, 39, 42, 43, 47, 51, 551, 57, 61, 63, 64, 691 and 81, the Title of Chapter IX, Articles 83, 84, 85, 86, 90, 98, 101 and 103, the Title of Section Two of Chapter XII, Articles 106, 107, 108, 119, 120, 122, 124, 127, 128 and 129 of the Law on Courts of the Republic of Lithuania, Repealing Articles 89, 109, 110, 111, 112 and 125 of the Law and Supplementing the Law with Articles 531 and 532 and Section Three of Chapter IX (Žin., 2008, No 81-3186); f) Law of 21.4.2011 implementing the FD. || a) – e) apply to processing at national level and to cross-border transmission; f) applies only to cross-border transmission.

Luxembourg || a) Loi modifiée du 2 août 2002 relative à la protection des personnes à l’égard du traitement des données à caractère personnel et modifications apportées par la loi du 28 juillet 2011. b.) Loi modifiée du 30 mai 2005 - relative aux dispositions spécifiques de protection de la personne à l’égard du traitement des données à caractère personnel dans le secteur des communications électroniques et - portant modification des articles 88-2 et 88-4 du Code d’instruction criminelle. c.) Code d’instruction criminelle (art. 67-1, 88-1 à 88-4) http://www.legilux.public.lu/leg/textescoordonnes/codes/code instruction crimi nelle/CodeInstrCrim PageAccueil.pdf. d.) Code pénal (v. en particulier les art. 148, 149, 150, 509-1 à 509-7. e.) Loi du 8 août 2000 sur l’entraide judiciaire internationale en matière pénale, avec ses modifications. f.) Loi du 27 octobre 2010 portant - approbation de la Convention du 29 mai 2000 relative à l’entraide judiciaire en matière pénale entre les États membres de l’Union européenne; - approbation du Protocole du 16 octobre 2001 à la Convention relative à l’entraide judiciaire en matière pénale entre les États membres de l’Union européenne; - modification de certaines dispositions du Code d’instruction criminelle et de la loi du 8 août 2000 sur l’entraide judiciaire internationale en matière pénale; g.) Loi du 21 mars 2006 sur les équipes communes d’enquête h.) Loi du 25 août 2006 relative aux procédures d’identifications par empreintes génétiques en matière pénale i.) Loi du 22 juillet 2008 relative à l’accès des magistrats et officiers de police judiciaire à certains traitements de données à caractère personnel mis en œuvre par des personnes morales de droit public et portant modification: - du Code d’instruction criminelle, - de la loi modifiée du 31 mai 1999 sur la Police et l’Inspection générale de la Police, et - de la loi modifiée du 27 juillet 1997 portant réorganisation de l’administration pénitentiaire. j.) Règlement grand-ducal du 22 juillet 2008 portant exécution de l’article 48-24 du Code d’instruction criminelle et de l’article 34-1 de la loi modifiée du 31 mai 1999 sur la Police et l’Inspection générale de la Police k.) Loi du 21 décembre 2004 portant approbation du Traité entre le Royaume de Belgique, le Royaume des Pays-Bas et le Grand-Duché de Luxembourg en matière d’intervention policière frontalière, signé à Luxembourg, le 8 juin 2004 l.) Loi du 22 décembre 2006 portant Traité entre le Royaume de Belgique, la République fédérale d’Allemagne, le Royaume d’Espagne, la République française, le Grand-Duché de Luxembourg, le Royaume des Pays-Bas et la République d’Autriche relatif à l’approfondissement de la coopération transfrontalière, notamment en vue de lutter contre le terrorisme, la criminalité transfrontalière et la migration illégale, ainsi que de la Déclaration commune, signés à Prüm le 27 mai 2005 m.) Règlement 08/134/ILR du 1er décembre 2008 relatif aux spécifications techniques pour l’interception des communications électroniques au Luxembourg n.) Règlement grand-ducal du 21 décembre 2004 déterminant les services de communications électroniques et les services postaux ainsi que la nature, le format et les modalités de mise à disposition des données dans le cadre de l’article 41 de la loi du 2 août 2002 relative à la protection des personnes à l’égard du traitement des données à caractère personnel o.) Règlement grand-ducal du 7 avril 2011 portant organisation des contrôles du transport physique de l’argent liquide entrant au, transitant par le ou sortant du Grand-Duché de Luxembourg p.) Règlement grand-ducal du 1er août 2007 autorisant la création et l’exploitation par la Police d’un système de vidéosurveillance des zones de sécurité q.) Règlement grand-ducal du 21 décembre 2006 relatif à l’obligation pour les transporteurs de communiquer les données relatives aux passagers en provenance d’un pays non membre de l’Union européenne et au traitement de ces données r.) Règlement grand-ducal du 21 décembre 2004 (avertissements taxés) s.) Règlement grand-ducal du 2 octobre 1992 relatif à la création et à l’exploitation d’une banque de données nominatives de police générale, avec ses modifications t.) Règlement grand-ducal du 9 août 1993 autorisant la création et l’exploitation d’une banque de données nominatives constituant la partie nationale du système d’information Schengen (N.SIS). || a) apply to processing at national level and to cross-border transmission; for b) – t) LUX did not provide specific information; it did submit the general remark that all the legal instruments apply to processing of data at national level and to cross-border transmission, except for the legal instruments which apply explicitly only to cross-border transmission (i.e. mutual legal assistance, the Law on the implementation of the international conventions).

Hungary || a) Act on the Right of Informational Self-determination and Freedom of Information (Act CXII of 2011) = the new Hungarian Data Protection legislation - enters into force on 1.1.2012; b) Act on the National Tax and Customs office (Acts CXXII of 2010) – in force since 19.11.2010; Amendments to: c) Act on Police (Act XXXIV of 1994); d) Act on the Hungarian Prison Service Organisation (Act CVII of 1995); Act on the international cooperation of law enforcement bodies (Act LIV of 2002). d) Act on the Prosecution Service Relations and the Data Processing of the Prosecution (Act LXXX of 1994); f) Act on the activities of Forensic experts (Act XLVII of 2005). || Not specified

Malta || a) Data Protection Act 2003 (Chapter 440) b) Regulation AL 198/11 – Processing of personal Data – Police and Judicial Cooperation in Criminal Matters c) Regulation AL 142/04 on processing and storage of data; still needs to be amended to ensure compatibility || a) applies to processing at national level and to cross-border transmission; b) applies solely to cross-border transmission; c) applies solely to processing at national level at the moment.

Netherlands || a) Police Data Act b) Judicial and Criminal Procedure Data Act c) Bill amending the Police Data Act and the Judicial and Criminal Procedure Data Act || a) – b) applies to processing at national level and to cross-border transmission; c) applies solely to cross-border transmission.

Austria || Data Protection Act 2000 || applies to processing at national level and to cross-border transmission

Poland || a) Personal Data Protection Act b) Draft Bill on the Exchange of Information with the Prosecution Authorities of the EU Member States || a) applies to processing at national level and to cross-border transmission; b) applies solely to cross-border transmission.

Portugal || a) Law 67/98 on Personal Data Protection b) Draft law implementing remaining aspects of the FD || a) seems to apply to data processing at national level and to cross-border transmission; b) applies solely to cross-border transmission.

Romania || No reaction to either the Commission request of 9.12.2011 or to the reminder

Slovenia || a) Personal Data Protection Act of 2004 (amendments in preparation) b) State Prosecuters' Office Act 2011 c) Draft Act on police Tasks and Authorisations (30 June 2011 adopted by the Government and sent to the National Assembly) d) sectoral legislation e) draft sectoral legislation and legislation implementing the remaining aspects of FD || a) unclear b) applies to data processing at national level and to cross-border transmission; c) will apply to data processing at national level and to cross-border transmission; d) unclear e) unclear

Slovakia || a) Act 192/2001 of 1.6.2011, in force since 1.8.2011. b) Act No 757/2004 on courts and amending certain acts c) Act No 124/1992 on the Military Police d) Slovak National Council Act No 171/1993 on the Police Force e) Act No 4/2001 on the Prison and Court Guard Service f) Act No 153/2001 on the public prosecutor g) Act No 652/2004 on State administrative authorities in the field of customs and amending certain acts h) Act No 428/2002 on the protection of personal data || a) – h) applies to processing at national level and to cross-border transmission

Finland || a) Personal Data Act (523/1999) b) Act on the Processing of Personal Data by the Police (761/2003) c) Act on the Openness of Government Activities (621/1999) and Criminal Investigations Act (449/1987) d) Criminal Investigations Act (449/1987) e) further specific provisions amending the Act on the Processing of Personal Data by the Police still need to be adopted[4]. || a) – d) applies to processing at national level and to cross-border transmission; e) no information available

Sweden || a) The Swedish Instrument of Government (Regeringsformen - RF); b) The Code of Judicial Procedure (Rättegångsbalk - RB); c) The Penal Code (Brottsbalk - BrB); d) The Administrative Procedure Act (1986:223) (Förvaltningslag - FL); e) The Official Secrets Act (2009:400) (Offentlighets- och sekretesslag - OSL); f) Act (2010:367) amending the Supervision of Certain Law Enforcement Activities Act (2007:980) (Lagen (2010:367) om ändring i lagen (2007:980) om tillsyn över viss brottsbekämpande verksamhet - Ltbr); g) The Personal Data Act (1998:204) (Personuppgiftslagen – Pul) ; h) The Personal Data Ordinance (1998:1191) (Personuppgiftsförordning – Puf); i) The Police Data Act (2010:361) (Polisdatalagen – Pdl); j) The Police Data Ordinance (2010:1155) (Polisdataforordning – Pdf); k) Act (2005:787) on the processing of data in connection with the law enforcement activities of the Customs Service (Lag (2005:787) om behandling av uppgifter i Tullverkets brottsbekämpande verksamhet - Tbdl); l) Ordinance (2003:188) on the processing of personal data within the Swedish Coast Guard (Förordning (2003:188) om behandling av personuppgifter inom Kustbevakningen - Kbvdl); m) Act (1999:90) on the processing of personal data in the context of the Tax Agency's participation in criminal investigations (Lag (1999:90) om behandling av personuppgifter vid Skatteverkets medverkan i brottsutredningar - Skvdl); n) Ordinance (2006:937) on the processing of personal data within the Prosecution Service (Förordning (2006:937) om behandling av personuppgifter inom åklagarväsendet - Åmdf); o) Ordinance (2001:639) on record keeping, etc., in the civil courts by automated means (Förordning (2001:639) om registerföring m.m. vid allmänna domstolar med hjälp av automatiserad behandling – Dvdf1); p) Ordinance (2001:640) on record keeping, etc., under administrative law by automated means (Förordning (2001:640) om registerforing m.m. vid förvaltningsrätt med hjälp av automatiserad behandling - Dvdf2); q) Ordinance (2001:641) on record keeping, etc., in the Supreme Administrative Court and the administrative courts of appeal by automated means (Förordning (2001:641) om registerforing m.m. vid Högsta förvaltningsdomstolen och kammarrätterna med hjälp av automatiserad behandling - Dvdf3); r) Act (2001:617) on the processing of personal data within the penitentiary system (Lag (2001:617) om behandling av personuppgifter inom kriminalvården - Kvdl); s) Act (2001:184) on the processing of data in the context of the activities of the Enforcement Administration (Lag (2001:184) om behandling av uppgifter i Kronofogdemyndighetens verksamhet - Kfmdl); t) The Criminal Records Act (1998:620) (Lag (1998:620) om belastningsregister - Brl); u) The Suspicion Registers Act (1998:621) (Lag ( 1998:621 ) om misstankeregister - Mrl); v) The Schengen Information System Act (2000:344) (Lag (2000:344) om Schengens informationssystem - Sisl); w) Act (2010:362) on the Police's general enforcement database (Lag (2010:362) om polisens allmänna spaningsregister - Aspl); x) Ordinance (1997:902) on court order registers (Förordning (1997:902) om register över strafförelägganden - Sff); y) Ordinance (1997:903) on registers for orders of summary punishment (Förordning (1997:903) om register över förelägganden av ordningsbot - Off); z) Act (2000:562) on international legal assistance in criminal matters (Lag (2000:562) om internationellt rättslig hjälp i brottmål - Lirb); a1) Act (2000:343) on international police cooperation (Lag (2000:343) om internationellt polisiärt samarbete - Lips); b1) Act (2000:1219) on international customs cooperation (Lag (2000:343) om internationellt tullsamarbete - Lits); c1) Act (2003:1174) on certain forms of international cooperation in criminal investigations (Lag (2003:1174) om vissa former av internationellt samarbete i brottsutredningar - Jit); d1) Ordinance (2008:1396) on the simplified exchange of information between law enforcement authorities in the European Union (Förordning (2008:1396) om förenklat uppgiftsutbyte mellan brottsbekämpande myndigheter i Europeiska union - Sinit). || a) – d1) apply to data processing at national level and to cross-border transmission.

United Kingdom || a) Data Protection Act 1998 b) Min. of Justice Circular 2011/01 || a) applies to data processing at national level and to cross-border transmission; b) applies solely to cross-border transmission.

Table 3

Table 3 – Information of data subjects

|| Information of data subject || Exemptions in national legislation from providing information

Belgium || Yes[5] || if personal data are processed - by public authority for the exercise of their competence as police judiciary; - by the police for the exercise of its competence as administrative police; - by public authorities other than the police in exercise of their competence as administrative police; - for the purpose of prevention of money laundering; - by the permanent committee for the control of police forces and by the investigating department for the exercise of their legal competence.

Bulgaria || Yes[6] || no information provided on restrictions at national level;

Czech Republic || not specified.

Denmark || No[7] || for data processing performed on behalf of courts, the police and prosecution in the area of criminal law. if data subject's interest in obtaining this information is overridden by essential considerations of public interests, including in particular national security; defence; public security; the prevention, investigation, detection and prosecution of criminal offences; important economic or financial interests of a Member state or of the EU (including monetary, budgetary and taxation matters); and monitoring, inspection or regulatory functions, including temporary tasks, connected with the exercise of official authority in cases of public security and criminal offences; however, controller must keep a record of certain information (categories of data subjects and data relating to them; recipients, controller, categories of processing) and the record must be made available to the public.

Germany || Yes[8] || sector specific laws and regulations set out when police and judicial authorities can process data and under which conditions;

Estonia || Yes[9] || if data subject is aware of processing, the categories, sources, recipients and its rights to termination of processing, rectification, blocking, erasure and if data subject has right to access; if personal data are processed for performance of an obligation prescribed by law or international agreements; if prejudice to rights and freedoms of other persons; protection of the confidentiality of parenthood of a child; prevention of a criminal offence or apprehension of a criminal offender; ascertainment of the truth in a criminal proceeding.

Ireland || Yes[10] || if application of data protection rights would prejudice prevention, detection or investigation of offences, apprehension or prosecution of offenders or assessment or collection of any tax, duty or other moneys owed or payable to the State.

Greece || not implemented

Spain || Yes[11] || for data processing for the purpose of national security, public safety or the prosecution of criminal offences.

France || No[12] || for data processing for the purpose of prevention, investigation, detection or prosecution of criminal offences.

Italy || Yes[13] || in line with the personal data protection code, for criminal matters under the criminal procedure code the confidentiality of investigations is safeguarded until actions are taken.

Cyprus || not implemented

Latvia || Yes[14] || no derogations reported; however if interpreted broadly it can be concluded that the exemptions listed for access to data apply mutatis mutandis.

Lithuania || Yes[15] || for purpose of state security or defence; public order and prevention, investigation and detection or prosecution of criminal offences; important economic or financial interests of the state; prevention, investigation and detection of breaches of official or professional ethics; protection of the rights and freedoms of the data subject or any other persons.

Luxembourg || Yes[16] || for reasons of a) state security, b) defence, c) public security, d) prevention, investigation and detection or prosecution of criminal offences including the fight against money laundering, or other judicial procedures, e) important economic or financial interests of the state or the EU, including monetary, budgetary and fiscal matters, f) protection of the rights and freedoms of the data subject or any other persons and g) a mission of control, inspection and regulation, even occasionally, of the exercise of public authority, in the cases referred to under c), d), and e).

Hungary || not specified

Malta || Yes[17] || for purpose of national security; defence; public security; the prevention, investigation, detection and prosecution of criminal offences, or of breaches of ethics for regulated professions; an important economic or financial interest including monetary, budgetary and taxation matters; a monitoring, inspection or regulatory function connected, even occasionally, with the exercise of official authority; or such information being prejudicial to the protection of the data subject or of the rights and freedoms of others.

Netherlands || Yes[18] || no general obligation to inform; sector specific laws and regulations set out when police and judicial authorities can process data and under which conditions;

Austria || Yes[19] || generally, in cases where data subject can not be reached or disproportionate effort would be required; in cases of prevention, prohibition and prosecution of criminal offences, as far as necessary for the purpose of the processing of the data.

Poland || Yes[20] || not too many details provided if data obtained from data subject and if another act allows data processing without revealing the purpose for which data were collected, or if data subject has already been provided with relevant information; if data obtained from sources other than data subject;

Portugal || Yes[21] || on the grounds of state security and the prevention or investigation of crime; if it is impossible to inform the data subject or it would take disproportionate effort to inform him or where the law explicitly regulates the registration or dissemination of the data.

Romania || No reaction to either the Commission request of 9.12.2011 or to the reminder

Slovenia || Yes[22] || unclear; no details provided, only general reference to sectoral legislation

Slovakia || Yes[23] || no specific purpose for refusing info mentioned; for data processed by military police, police forces, general prosecutor, customs administration (in cases set out in Section 55(4) of Act 652/2004) Ministry and courts.

Finland || Yes[24] || if the data subject already has the relevant information; if this is necessary for the protection of national security, defence or public order or security, for the prevention or investigation of crime or for carrying out the monitoring function pertaining to taxation or the public finances; or where the data are collected other than from the data subject, if the provision of the information to the data subject is impossible or unreasonably difficult, or if it significantly damages or inconveniences the data subject or the purpose of the processing of the data and the data are not used when making decisions relating to the data subject, or if there are specific provisions in an Act on the collection, recording or disclosure of the data. if the police are collecting, recording or supplying personal data necessary for the performance of duties as referred to in section 1(1) of the Police Act. if access would not impede the clearing up of the case in criminal investigations.

Sweden || Yes[25] || to the extent that special rules on data entry in sectoral statutes or in other legislation relating to police or judicial cooperation are in force; if granting information would be impossible or would necessitate a disproportionately large effort, or where information processed is confidential for the purpose of protecting law enforcement, public security and national security and confidentiality in the context of law enforcement activities to protect other individuals.

United Kingdom || Yes[26] || For the purposes of Crime and Taxation but only to the extent to which informing the data subject of the collection or processing of their personal data would be likely to prejudice any of the crime and taxation purposes: a. the prevention or detection of crime, b. the apprehension or prosecution of offenders, or c. the assessment or collection of any tax or duty or of any imposition of a similar nature.

Table 4

Table 4 – Right of access

|| Access given to data subject || Exemptions in national legislation from giving access

Belgium || Yes[27] || not specified

Bulgaria || Yes[28] || if, 1) this would hinder the prevention or detection of criminal offences, the conduct of criminal proceedings or the execution of criminal penalties; 2) it is necessary to protect: (a) national security and public order; (b) the data subject; (c) the rights and freedoms of others.

Czech Republic || not specified.

Denmark || Yes[29] || if data processed on behalf of the courts where they form part of a text which is not available to the public; if data subject's interest in obtaining this information is overridden by essential considerations of public interests, including in particular national security; defence; public security; the prevention, investigation, detection and prosecution of criminal offences; important economic or financial interests of a Member state or of the EU (including monetary, budgetary and taxation matters); and monitoring, inspection or regulatory functions, including temporary tasks, connected with the exercise of official authority in cases of public security and criminal offences; if sector specific exemptions have been adopted by Ministry of Justice in the area of criminal law.

Germany || Yes[30] || generally, if threat to due exercise of tasks within the competence (i.e. ongoing investigations), public security/order, or to the disadvantage of the federal state or the Länder, or if law provides for confidentiality of these data, particularly because of overriding interest of third parties; sector specific exemptions (i.e. state attorney does not provide information on data registered in the course of a proceeding, if they were started not more than 6 months ago; this period may be prolonged up to 24 months).

Estonia || Yes[31] || if giving access would 1) damage rights and freedoms of other persons; 2) endanger the protection of the confidentiality of filiation of a child; 3) hinder the prevention of a criminal offence or apprehension of a criminal offender; 4) complicate the ascertainment of the truth in a criminal proceeding.

Ireland || Yes[32] || if prejudicial to the investigation, detection or prevention of crime

Greece || Not implemented

Spain || Yes[33] || If risk to national security or public safety, the protection of the rights and freedoms of third parties, or the needs of ongoing investigations; or if it would hinder action taken by the authorities to ensure compliance with tax obligations and, in all cases, where the data subject is under investigation.

France || Yes[34] || if state security, defence of public safety are at risk

Italy || Yes[35] || In line with the personal data protection code, for criminal matters under the criminal procedure code the confidentiality of investigations is safeguarded until actions are taken.

Cyprus || Not implemented

Latvia || Yes[36] || if prohibited by law in the field of national security, defence and criminal law, or for the purposes of safeguarding the country's financial interests in taxation matters.

Lithuania || Yes[37] || for reasons of (1) state security or defence; (2) public order and prevention, investigation and detection or prosecution of criminal offences; (3) important economic or financial interests of the state; (4) prevention, investigation and detection of breaches of official or professional ethics; (5) protection of the rights and freedoms of the data subject or any other persons.

Luxembourg || Yes[38] || for reasons of a) state security, b) defence, c) public security, d) prevention, investigation and detection or prosecution of criminal offences including the fight against money laundering, or other judicial procedures, e) important economic or financial interests of the state or the EU, including monetary, budgetary and fiscal matters, f) protection of the rights and freedoms of the data subject or any other persons and g) a mission of control, inspection and regulation, even occasionally, of the exercise of public authority, in the cases referred to under c), d), and e).

Hungary || not specified

Malta || Yes[39] || For purpose of national security; defence; public security; the prevention, investigation, detection and prosecution of criminal offences, or of breaches of ethics for regulated professions; an important economic or financial interest including monetary, budgetary and taxation matters; a monitoring, inspection or regulatory function connected, even occasionally, with the exercise of official authority; or such information being prejudicial to the protection of the data subject or of the rights and freedoms of others.

Netherlands || Yes[40] || for processing under the Police Data Act in the interests of due performance of police duties; protection of the rights of the data subject or the rights and freedoms of others; national security. for processing under the Judicial and Criminal Procedure Data Act in the interests of national security; avoiding obstruction of judicial procedures; prevention, detection and prosecution of criminal offences; protection of the data subject or the rights and freedoms of others; national security.

Austria || Yes[41] || if overriding justified interests of the data controller or of a third party, particularly also for reasons of overriding public interests (protection of institutions rooted in the Constitution of the Republic of Austria; the operations of the Army; of the interests of the national defence; of important foreign policy, economic policy and financial policy interests of the Republic of Austria or the EU; prevention, prohibition and prosecution of criminal offences).

Poland || Yes[42] || if access would lead to a disclosure of confidential information; a threat to national defence or national security, to life and health of individuals or to public security and public order; a threat to a vital economic or financial interest of the State; a significant breach of personal rights of the data subject or of other person; for purposes of crime prevention, prosecution or detection, or imposing punishment.

Portugal || Yes[43] || where the processing of personal data with a bearing on state security and the prevention or investigation of crime is concerned, the right of access is exercised through the data protection authority; the latter must confine itself to informing the data subject of the measures carried out; where the processing does not risk the rights, freedoms and guarantees of data subjects, where data are used purely for scientific research or statistics.

Romania || No reaction to either the Commission request of 9.12.2011 or to the reminder

Slovenia || Yes[44] || Unclear Yes - no details provided, only general reference to sectoral legislation.

Slovakia || Yes[45] || For processing by Military Police where a) this could threaten an ongoing investigation into the circumstances of a criminal act, offence or other administrative misdemeanour; b) this is important to prevent or detect criminal activity, to identify the perpetrators of criminal acts, to investigate criminal acts or to carry out decisions; c) this is essential to maintain public order and national security; or d) this is necessary to protect a data subject or to protect the rights and freedoms of others. For processing by the Police where a) this could affect or thwart official proceedings or an investigation; b) this could affect or thwart actions to prevent and detect criminal acts, to identify the perpetrators of criminal acts, to investigate criminal acts, to prosecute criminal acts and to carry out decisions in criminal proceedings; c) this is essential to maintain public order and national security; d) this is necessary to protect a data subject or the rights and freedoms of others. For processing by the Customs Administration where a) this could affect or thwart official proceedings or an investigation; b) this could affect or thwart actions to prevent and detect criminal acts, to identify the perpetrators of criminal acts, to investigate criminal acts or the execution of criminal punishments; c) this is essential to maintain public order and national security; or d) this is necessary to protect a data subject or the rights and freedoms of others.

Finland || Yes[46] || if 1) providing access to the data could compromise national security, defence or public order or security, or hinder the prevention or investigation of crime; 2) providing access to the data would cause serious danger to the health or treatment of the data subject or to the rights of someone else; 3) the data in the file are used solely for historical or scientific research or statistical purposes; or 4) the personal data in the file are used in the carrying out of monitoring or inspection functions and not providing access to the information is indispensable in order to safeguard an important economic interest or financing position of Finland or the European Union. and if 1) data in the information system on suspects; 2) data in the functional information system of the security police; 3) data on covert monitoring and special checks in the Schengen information system; 4) other data on classification, monitoring or the source of data regarding another person or an action recorded in the police’s personal data files or data used to link together crimes and for the technical investigation of crimes; 5) access by a person suspected of a crime regarding information on the methods of obtaining data referred to in sections 30, 31—31 f and sections 36 and 36 a of the Police Act, Chapter 5 a of the Coercive Measures Act and section 36 of the Act on the Protection of Privacy in Electronic Communications; 6) observation data referred to in section 2(3)(15) and data on technical monitoring referred to in section 2(3)(16).

Sweden || Yes[47] || If laws or statutes provide that data may not be transmitted to the data subject; for protection of law enforcement, public security and national security and confidentiality in the context of law enforcement activities to protect other individuals.

United Kingdom || Yes[48] || for purposes of national security, crime and taxation and regulatory activities.

Table 5

Table 5 – Competent supervisory authority

Belgium || Commission pour le Protection de la Vie Privée[49]

Bulgaria || Commission for Personal Data Protection[50]

Czech Republic || The Office for the Protection of Personal Data [51]

Denmark || - Data processing performed by the public administration is supervised by The Danish Data Protection Agency, - Data processing performed by the courts by The Court Administration.[52]

Germany || Bundesbeauftragter für den Datenschutz und die Information; Data Protection Supervisory Authorities in the Länder.

Estonia || Data Protection Inspectorate[53]

Ireland || Data Protection Commissioner[54]

Greece || not implemented

Spain || Agencia de Protección de Datos [Data Protection Agency][55]

France || Commission Nationale de l'informatique et des libertés (CNIL)[56]

Italy || Data Protection Authority (Autorità Garante per la protezione dei dati personali)[57]

Cyprus || not implemented

Latvia || State Data Inspectorate[58]

Lithuania || State Data Protection Inspectorate[59]

Luxembourg || - general data processing is supervised by the Data Protection Commission - data processing in the framework of a provision of national law in application of an international convention is supervised by a Supervisory Authority composed of Procureur Général d'Etat, or his delegate, and two members of the Data Protection Commission who are nominated by the Minister upon proposal of the Data Protection Commission[60].

Hungary || no information provided

Malta || The Office of the Information and Data Protection Commissioner[61]

Netherlands || Data Protection Authority[62]

Austria || Datenschutzkommission[63]

Poland || Inspector General for the Protection of Personal Data (GIODO)

Portugal || Comissáo Nacional de Protecçao de Dados (CNPD)[64]

Romania || no reaction to Commission request of 9.12.2011 and reminder

Slovenia || Information Commissioner

Slovakia || Office for the Protection of Personal Data[65]

Finland || Data Protection Ombudsman and Data Protection Board[66]

Sweden || Swedish Data Inspection Board[67]

United Kingdom || Information Commissioner's Office[68]

Table 6

Table 6 – Issues at national level affecting implementation

Belgium || issue is still being studied

Bulgaria || no problems at national level affecting the application of the Framework Decision

Czech Republic || no specific problems in legislative implementation; however, concern that Framework Decision will hamper international cooperation, contains unrealistic rules for data transfers to third countries; multiplicity of EU rules and national rules and the different treatment of different areas is not justified; insufficient formal quality; confusing wording on relationship with international treaties (Art. 26 (2) of Framework Decision).

Denmark || no information provided

Germany || this question can only be answered once the assessment on the necessity to adopt further implementing legislation has been finalised

Estonia || no information provided

Ireland || not currently; code of practice on data protection for an garda siochana is in place since November 2007

Greece || no information provided

Spain || no issues affecting the implementation of the provisions of the Framework Decision

France || the only question which affects the implementation of the Framework Decision is the one in relation to the duration of the storage of data coming from a foreign country in case the latter applies restrictions on the duration of the storage in comparison to the storage period in France (and vice versa).

Italy || No major difficulties currently hamper implementation However, - it is difficult to distinguish in practice between cross-border processing of data under the FD 2008/977 and processing at national level; - impact on judicial and police activities when harmonising and coordinating national legislation with EU legislation; - impact of FD 2008/977 on VIS for investigative or crime prevention purposes. - necessity to provide for an adequate and uniform level of data protection for data transfer to third countries.

Cyprus || no information provided

Latvia || no obstacles hamper implementation.

Lithuania || no issues affect the proper implementation of the FD

Luxembourg || no information provided

Hungary || no information provided

Malta || No issues affect the proper implementation of the FD

Netherlands || no serious shortcomings at national level which hamper correct implementation; however, the Framework Decision contains ambiguities in some areas which may hamper due implementation by the law enforcement authorities; 1. Law enforcement authorities then have to cope with two different processing regimes for the same personal data. This gives rise to confusion as to the rules applicable to data processing and transmission, i.e. the rules for the transmission of police data to other Member States – and to Europol and Eurojust – and the rules for the transmission of personal data to third States. In relation to the transmission of personal data to other Member States, the provisions of the Data Protection Framework Decision are of a supplementary nature. Other provisions remain in full force, such as those of the Convention implementing the Schengen Agreement, Council Framework Decision 2006/960/JHA of 18 December 2006 on simplifying the exchange of information and intelligence between law enforcement authorities of the Member States of the European Union and Council Framework Decision 2009/315/JHA of 26 February 2009 on the organisation and content of the exchange of information extracted from the criminal record between Member States.. 2. The Framework Decision links the transfer of personal data to third States to the criterion of an appropriate level of protection. However, no further details are given regarding this criterion. In this respect, there is a need for more alignment between the Member States, on the one hand, and between the Member States and the Commission, on the other, to offer sufficient to go by for practical implementation to ensure correct application of the rules. Finally, the Dutch language version of FD 2008/977/JHA contains a few ambiguities which hamper correct implementation. They need to be adjusted (Firstly, this concerns the marking and referencing of data. The definitions in Article 2, points c and j, are not very consistent with the text of Article 18(2) of the Framework Decision; it is not clear to what extent Article 18(2) contains an obligation to reference data; Secondly, this concerns the text of Article 17(1)(a), the Dutch version of which is materially different from the English.).

Austria || no information provided

Poland || Framework Decision 2008/977/JHA contained numerous deficiencies, which should be clarified and adjusted; for this reason it is worth considering whether the scope of application of general rules on personal data protection should not be extended to the area of police and judicial cooperation in criminal matters, taking into account the specificity of the sector and the resulting restrictions and exemptions.

Portugal || no major difficulties; but area is complex and highly sensitive and becomes even more so against the background of the new legal framework for the protection of personal data

Romania || no reaction to Commission request of 9.12.2011 and reminder

Slovenia || no issues reported which hamper implementation of Framework Decision.

Slovakia || However, the preparation of implementing legislation indicates one problematic area: the clear and precise definition of the conditions for processing the personal data at national level and as part of judicial (police) cooperation; there is a tendency here for legislation to overlap. In addition, the nature of police activities (the investigation of criminal acts) and the nature of court proceedings are two different categories of public authority activity, and the extent and nature of the public is also a factor that determines the scope and manner of personal data protection; in this sense we believe that the Framework Decision does not distinguish sufficiently between these two sets of specificities."

Finland || No issues reported which hamper implementation; Express reference to a draft Bill for an Act amending the Act on the Processing of Personal Data by the Police which is currently being debated by the Finnish parliament.

Sweden || No issues reported which hamper implementation; It is considered important for the modernisation of the EU's regulatory framework on data protection to continue to provide scope for special regulations at national level for various authorities and sectors; express reference made that for police and judicial cooperation it is important that future regulation takes the specific requirements in this area into account.

United Kingdom || No specific issues with the provisions of the FD 2008/977.

[1]               Some Member States submitted all implementing measures, some submitted a draft implementing measure, others submitted neither.

[2]               See, however, the additional explanations provided on p. 8 of this Report on Italy.

[3]               Luxembourg did not provide specific information – further details in the Annex.

[4]               Finland informed the Commission on 3.6.2011 that a Bill amending the Act on the Processing of Personal Data by the Police had not been passed before the elections and had therefore lapsed. The legislative process has to be renewed.

[5]               Art. 3, 9 of the Loi du 8 décembre 1992 relative à la protection de la vie privée à l’égard des traitements de données à caractère personnel.

[6]               Art. 26 and 28 of Data Protection Act.

[7]               Chapter 8, 1 and 2(4) of Data Protection Act n° 429/2000-generally see also Sections 28-30; Section 2 (5), 6 of the Order on Data Protection (1287/2010).

[8]               In the Federal Police Act (Polizeigesetz) and the Police Acts of the Länder, Federal Data Protection Act and Data Protection Act of the Länder, Act on Criminal Procedure; Administrative circular on the application of Bundeskriminalamtgesetz.

[9]               Sections 15 and 30 of Personal Data Protection Act.

[10]             Section 2, 2a and 13 of Data Protection Act 1988; section 3 and 4 of Data Protection Act 2003; part 4.1f Code of Practice of An Garda Siochána (police force).

[11]             Article 5(1) and 24(1) of Organic Law 15/1999 on data protection.

[12]             Art. 32 de la Loi du 6 Janvier 1978 relatif à l'informatique, aux fichiers et aux libertés.

[13]             Personal Data Protection Code, Legislative Decree N° 196 of 30.6.2003.

[14]             Art. 8, 28 of Law on the Protection of Natural Persons' Data.

[15]             Art. 12 and 13 new Law of 21.4.2011; Art. 23 and 24 of Law on Legal Protection of Personal Data.

[16]             Art. 26 ff Loi du 2.8.2002 relative à la protection des personnes à l'égard du traitement des données à caractère personnel modifiée and others.

[17]             Art. 16 of Regulations LN 198/11 on processing of personal data (police and judicial cooperation in criminal matters); Art. 23 of Data Protection Act 2003.

[18]             Art. 126bb Code of Criminal Procedure; Police Act (Wet politiegegevens); Judicial and Criminal Procedure Data Act (Wet justitiële en strafvorderlijke gegevens).

[19]             §§ 24, § 17 (2) and (3) Datenschutzgesetz 2000.

[20]             Art. 24 and 25 of Personal Data Protection Act.

[21]             Section 10 of Personal Data Protection Law 67/98.

[22]             Data Protection Act.

[23]             Act n° 124/1992; Slovak National Council Act n° 171/1993; Act n° 652/2004; Act n° 428/2002; Act n° 153/2001; Act n° 4/2001; Act n° 757/2004.

[24]             Section 24 Personal Data Act; Section 43 Act on the Processing of Personal Data by the Police; Section 11 of Criminal Investigation Act; Section 11 of Act on the Openness of Government Activities.

[25]             23-25, och 27 §§ Personal Data Act (Personuppgiftslagen 1998:204); 2 kap.2 § 1 st. 5 och 3 st. (Polisdatalagen, 2010:361); 6 § 1 st. 4 (Lag (2005:787) om behandling av uppgifter i Tullverkets brottsbekämpande verksamhet); 3 kap. 1 och 2 §§ (Lag (2001:184) om behandling av uppgifter i Kronofogdemyndighetens verksamhet); 9§ ( Lag (1998:620) om belastningsregister); 8 a § (Lag ( 1998:621 ) om misstankeregister); 5 kap. 1,2 och 4 §§ (Lag (2000:562) om internationellt rättslig hjälp i brottmål); 3 och 3 a §§ (Lag (2000:343) om internationellt polisiärt samarbete); 2 kap. 7 §, 4 kap. 2 § (Lag (2000:343) om internationellt tullsamarbete); 5,6,13 och 16 §§ (Lag (2003:1174) om vissa former av internationellt samarbete i brottsutredningar); 10§ (Lag (2000:344) om Schengens informationssystem).

[26]             Paragraph 2 of Part II of Schedule 1 and Paragraph 1 of Part I of Schedule 1 to the Data Protection Act 1998; Paragraph 1 of Part I of Schedule 1 and Section 29 of the DPA 1998.

[27]             Art. 13 of the Loi du 8 décembre 1992 relative à la protection de la vie privée à l’égard des traitements de données à caractère personnel; Art. 36 L’Arrêté royal du 13 février 2001.

[28]             Art. 26-28 Personal Data Protection Act; Draft Act amending the Personal Data Protection Act.

[29]             Chapter 9, Sections 31-34, Section 30 of Data Protection Act n° 429/2000; Section 2 (3) of the Order on Data Protection (1287/2010).

[30]             Regulated from a general point of view in the data protection legislation, but also in sector specific instruments.

[31]             Sections 19-20 of Personal Data Protection Act.

[32]             Section 4 of Data Protection Act 1988 as amended by Section 5 of Data Protection Act 2003; Part 4 section 8 of the Code of Practice of Data Protection for An Garda Síochána.

[33]             Article 15, 23 of Organic Law 15/1999; Art. 5 RD 95/2009 Registros administrativos de apoyo a la administracion.

[34]             Art. 41-42 of Loi 78-17 du 6 janvier 1978 relative à l'informatique, aux fichiers et aux libertés;

[35]             Personal Data Protection Code, Legislative Decree N° 196 of 30.6.2003.

[36]             Art. 9, 15, 29 of Law on the Protection of Natural Persons' Data.

[37]             Art. 13 of new Law of 21.4.2011; Art. 23, 25 of Law on Legal Protection of Personal Data

[38]             Art. 28 ff Loi du 2.8.2002 relative à la protection des personnes à l'égard du traitement des données à caractère personnel modifiée and others.

[39]             Art. 17 of Regulations LN 198/11 on processing of personal data (police and judicial cooperation in criminal matters); Art. 23 of Data Protection Act 2003.

[40]             Art. 25, 27 Police Act (Wet politiegegevens) after amendments; Art. 18, 19, 39 and 21 Judicial and Criminal Procedure Data Act (Wet justitiële en strafvorderlijke gegevens) after amendments.

[41]             § 26 Datenschutzgesetz 2000.

[42]             Art. 32-34 of the Data Protection Act (amended by Act of 29.10.2010); Art. 20(2a) of Police Act of 6.4.1990.

[43]             Section 11 of Personal Data Protection Law 67/98.

[44]             Data Protection Act.

[45]             Act n° 124/1992; Slovak National Council Act n° 171/1993; Act n° 652/2004; Act n° 428/2002.

[46]             Section 26-28 of Personal Data Act; not adopted yet: Bill regarding the restriction of access is currently being debated by the Finnish Parliament, Art. 45.

[47]             26 och 27 §§ and 52 The Personal Data Act (1998:204) (Personuppgiftslagen; 2 kap. 2 § 1 st. 5 and st. 13 The Police Data Act (2010:361) (Polisdatalagen); 6 §1 st.4 and § 30 Act (2005:787) on the processing of data in connection with the law enforcement activities of the Customs Service (Lag (2005:787) om behandling av uppgifter i Tullverkets brottsbekämpande verksamhet; 3 kap. 1 och 2§§ Act (2001:184) on the processing of data in the context of the activities of the Enforcement Administration (Lag (2001:184) om behandling av uppgifter i Kronofogdemyndighetens verksamhet); 9 § The Criminal Records Act (1998:620) (Lag (1998:620) om belastningsregister; 8 a § The Suspicion Registers Act (1998:621) (Lag ( 1998:621 ) om misstankeregister; 2 kap. 8 § Act (2000:1219) on international customs cooperation (Lag (2000:343) om internationellt tullsamarbete; 20 § The Administrative Procedure Act (1986:223) (Förvaltningslag); 25 § Ordinance (2003:188) on the processing of personal data within the Swedish Coast Guard (Förordning (2003:188) om behandling av personuppgifter inom Kustbevakningen; 10 § Ordinance (2001:639) on record keeping, etc., in the civil courts by automated means (Förordning (2001:639) om registerföring m.m. vid allmänna domstolar med hjälp av automatiserad behandling; § 10 Ordinance (2001:640) on record keeping, etc., under administrative law by automated means (Förordning (2001:640) om registerforing m.m. vid förvaltningsrätt med hjälp av automatiserad behandling; 11 § Ordinance (2001:641) on record keeping, etc., in the Supreme Administrative Court and the administrative courts of appeal by automated means (Förordning (2001:641) om registerforing m.m. vid Högsta förvaltningsdomstolen och kammarrätterna med hjälp av automatiserad behandling; 12 § Act (2001:617) on the processing of personal data within the penitentiary system (Lag (2001:617) om behandling av personuppgifter inom kriminalvården; 3 kap. 4 § Act (2001:184) on the processing of data in the context of the activities of the Enforcement Administration (Lag (2001:184) om behandling av uppgifter i Kronofogdemyndighetens verksamhet.

[48]             Section 7, 28-31, 35, 42 of the Data Protection Act 1998.

[49]             Art. 23 ff of Loi du 8 décembre 1992 relative à la protection de la vie privée à l’égard des traitements de données à caractère personnel.

[50]             Art. 6, 10 (1), 22, 38(6), 13 of Personal Data Protection Act.

[51]             not specified

[52]             Chapters 16 and 17 of Data Protection Act n° 429/2000.

[53]             Section 33 of the Personal Data Protection Act

[54]             Sections 9-15 and Second Schedule of the Data Protection Act 1988 as amended by Sections 10-15 of the Data Protection Act 2003. Code of practice on data protection An Garda Síochána.

[55]             Organic Law 15/1999 of 13 December 1999 on the protection of personal data.

[56]             Chapter III of Loi n° 78-17 du 6 janvier 1978 relative à l'informatique, aux fichiers et aux libertés.

[57]             not specified

[58]             Article 29(3) of the Law on the Protection of Natural Persons' Data.

[59]             Art. 14 of new Law of 21.4.2011; Section 9, Art. 36-52 of Law on Legal Protection of Personal Data.

[60]             Luxembourg did not provide specific information; on the basis of the Data Protection Legislation it can be concluded that a national supervisory authority (Art. 32) has been set up and that a specific supervisory authority is competent for supervision of data processing in the framework of the application of international conventions (Art. 17(2)).

[61]             Art. 25 of Regulations LN 198/11 on processing of personal data (police and judicial cooperation in criminal matters).

[62]             Art. 35, 27 Police Act (Wet politiegegevens); Art. 27 Judicial and Criminal Procedure Data Act (Wet justitiële en strafvorderlijke gegevens) after amendments.

[63]             § 30, 31 (2), 19-21 Datenschutzgesetz 2000; § 90, 91d (3) Sicherheitspolizeigesetz; § 142 (3) Strafprozessordnung. Austria noted that the data protection supervisory authority is not competent to decide on complaints for violation of data protection rules by judiciary (Austria).

[64]             Sections 22 and 23 of Personal Data Protection Act.

[65]             Art. 33 ff of Data Protection Act 428/2002/

[66]             Personal Data Act (523/1999); Act on the Personal Data Board and the Personal Data Ombudsman (389/1994)

[67]             Intention is to designate the Swedish Data Protection Board. 43-47 §§ The Personal Data Act (1998:204) (Personuppgiftslagen); 2 § The Personal Data Ordinance (1998:1191) (Personuppgiftsförordning); 2 kap.2 § 1 st.11 and 2 kap. 6 § The Police Data Act (2010:361) (Polisdatalagen); 6 § 1 st. 9 Act (2005:787) on the processing of data in connection with the law enforcement activities of the Customs Service (Lag (2005:787) om behandling av uppgifter i Tullverkets brottsbekämpande verksamhet; 1 kap. 3 § 1 st. 8 Act (2001:184) on the processing of data in the context of the activities of the Enforcement Administration (Lag (2001:184) om behandling av uppgifter i Kronofogdemyndighetens verksamhet; 1 § Act (2010:367) amending the Supervision of Certain Law Enforcement Activities Act (2007:980) (Lagen (2010:367) om ändring i lagen (2007:980) om tillsyn över viss brottsbekämpande verksamhet; 7 kap. 1 §, 8 kap. 1 § och 11 kap. 1 § The Official Secrets Act (2009:400) (Offentlighets- och sekretesslag.

[68]             Section 51, 54 and 59 of the Data Protection Act 1998.

Top