Public order disturbances may occur during international events such as football tournaments which attract football supporters from across the borders or summits organized by international organizations targeted by protestors. In order to enhance co-operation between law enforcement authorities, the Council of the European Union in the third pillar (Justice and Home Affairs, JHA) calls on the Member States to exchange information, including that on (groups of) persons who (may) form a threat to the public order. Apart from a few exceptions, the JHA-Council uses for this purpose soft law instruments, such as legally non-binding resolutions, recommendations and conclusions, including some very detailed handbooks. This study describes those acts, analyses them and checks them against the legal protection provided by principles of data protection. The study shows that the Council does not always give a clear definition of the ‘information’ the Member States are required to exchange and particularly fails to be clear when the information is supposed to include personal data. As far as the review of the Council’s acts with regard to the principles of data processing is concerned, the Council very rarely formulates a well-defined and clearly specified purpose for the exchange of personal data, the most fundamental requirement of data protection law. Failing to specify a well-defined purpose, the Council does not give a clearly defined framework either which lays down which (kinds of) law enforcement authorities should be exchanging information. Sometimes the Council even creates the impression that all kinds of authorities and other parties should freely share information with each other. Nor do the Council’s acts provide any clarity on whose personal data should be mutually supplied. There are no definitions of football hooligans and violent demonstrators based on objective and legal criteria. Only rarely does the Council provide clues on the time of processing and the length of storage of the exchanged personal data. All this flaws lead to the risk of an excessive and disproportionate processing of personal data. With respect to the principles concerning the personal data themselves, the Council does not pay any attention to the principle that the data must be lawfully and fairly obtained, that data should be accurate and that they must be secured. At most, the Council states that Member States must ensure the confidentiality of the communication. Finally, the Council does not pay any attention to the subjective rights of the data subjects and legal protection. At most the Council refers to standards in domestic and international data protection law as to be respected or taken into account. The conclusion is that the Council of the European Union’s acts relating to transnational (police) co-operation regarding the maintenance of public order in the European Union, on the one hand repeatedly and emphatically encourage the Member States to exchange information and personal data, but, on the other, that they fail to meet the requirements given by the principles of data protection
To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.