Exchanging information and data protection


The European Union has adopted numerous rules to improve exchange of information, above all in the field of internal security. At the same time, there is an increasing awareness that personal data must be protected.

Data protection
Data protection© picture alliance / dpa

Various legal instruments already exist to facilitate and accelerate the exchange of information between member states. One example from the field of cooperation in criminal matters is the Framework Decision on simplifying the exchange of information and intelligence between law enforcement agencies (known as the “Swedish Initiative”). Other legal instruments include the Schengen Information System, under which alerts for persons wanted by the police can be issued for the entire Schengen area, as well as the Visa Information System, which facilitates the exchange of data for the purpose of processing visa applications. Some rules on the exchange of police information are currently at the implementation stage, others are being planned.

When personal data is exchanged, be it within the EU or between the EU and third countries, it is an essential requirement that the fundamental rights of the persons concerned are fully protected. The right to respect for ones private life and the right to the protection of personal data are expressly enshrined as “freedoms” in the Treaty of Lisbon and the EU Charter of Fundamental Rights. Numerous pieces of EU legislation already contain area-specific data protection rules.

New: the General Data Protection Regulation and the Police and Criminal Justice Data Protection Directive

The overarching legal framework for data protection in the EU is currently being thoroughly overhauled. Two new key pieces of legislation are in the pipeline – the General Data Protection Regulation and the EU Police and Criminal Justice Data Protection Directive.

The General Data Protection Regulation will establish a uniform European data protection framework with high standards of protection which can meet the demands of a digital world. The new Regulation will also revise the legal framework for the processing and use of personal data by companies and will replace the EU legislation currently in force, which dates back to 1995 (95/46/EC). Germany is working actively with its partners in the Council of the European Union on the elaboration of the new Regulation, with the aim of ensuring that EU citizens enjoy a high standard of protection for their personal data even in the Internet age. The Council’s work should be concluded by the end of 2015.

As regards police and judicial cooperation, the current legislation – the Council Framework Decision on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters (2008/977/JHA) – is to be replaced by a data protection directive concerning police and criminal justice matters.

Top of page