The reform of the EU data protection framework in the context of the police and criminal justice sector: harmonisation, scope, oversight and enforcement

ABSTRACT This paper considers select emergent issues arising from the reform of the EU data protection framework, and how these might impact upon data processing in the law enforcement and criminal justice sectors. It analyses those aspects of the recently enacted Directive 2016/680 on data protection in the police and criminal justice sectors that will be determinative of its effective and consistent application in practice. It considers the extent to which the Principles laid down in Council of Europe Recommendation R(87)15 regulating the use of personal data in the police sector have been retained, adapted, strengthened, weakened or abandoned in Directive 2016/680. Certain problems arising from the Directive, not to mention the very medium of a Directive, separate from the General Regulation, as the instrument of choice, could be said to have been ‘writing on the wall’, as evidenced by the on-going discussions in the Commission expert group on the Regulation 2016/679 and Directive 2016/680 (E03461) on, for example, the complicated matter of delimitation between Directive 2016/680 and the General Data Protection Regulation (2016/679), oversight and enforcement; in particular, ensuring control by independent Supervisory Authorities, and international transfers and transfers to private parties.