The Achilles Heel of EU Data Protection in a Law Enforcement Context: International Transfers Under Appropriate Safeguards in the Law Enforcement Directive

Cybercrime: New Threats, New Responses (Proceedings of the XVth International Conference on Internet, Law & Politics. Universitat Oberta de Catalunya, Barcelona, 1-2 July, 2020), e-book, Huygens Editorial 2020, available at http://symposium.uoc.edu/30247/files/xv-congreso-idp_-cybercrime_-new-threat

19 Pages Posted: 11 Sep 2020

See all articles by Laura Drechsler

Laura Drechsler

Research Foundation - Flanders (FWO); Vrije Universiteit Brussel (VUB) - Law, Science, Technology & Society Research Group

Date Written: January 31, 2020

Abstract

In May 2018, EU data protection rules were not only reformed by the General Data Protection Regulation (GDPR) but also by the Law Enforcement Directive (LED). While the LED is often overshadowed by the GDPR, it nevertheless did introduce a number of crucial reforms to data protection in a law enforcement context in the EU including harmonized rules on how personal data in a law enforcement context can be transferred to other law enforcement authorities in third countries. Formally the LED rules on international transfers of personal data to third countries aim at guaranteeing that the level of protection for personal data in a law enforcement context within the EU is not undermined as soon as personal data leaves EU territory. Taking a closer look however reveals major issues with the rules foreseen for transfers in the LED as they often come down to law enforcement authorities self-assessing whether a third country would offer adequate protection within the meaning of the standard of essential equivalence as established by the Court of Justice of the European Union (CJEU) in Schrems.

In this paper, I show, by relying on EU fundamental rights law and the case law of the CJEU, how due to the absence of LED adequacy decisions, personal data transfers to law enforcement authorities in third countries often occur without the appropriate scrutiny and safeguards due to system the LED establishes. Using the recent reference to the CJEU by a German Court regarding information exchanges with Interpol, I demonstrate how the created legal uncertainty can affect both the work of law enforcement authorities and the fundamental rights of individuals. I conclude that the current system for international personal data transfers within the LED is deeply flawed and potentially undermining EU personal data protection in a law enforcement context.

Keywords: Law Enforcement Directive, Personal Data Transfers, Standard of Essential Equivalence, Appropriate Safeguards, Interpol

Suggested Citation

Drechsler, Laura, The Achilles Heel of EU Data Protection in a Law Enforcement Context: International Transfers Under Appropriate Safeguards in the Law Enforcement Directive (January 31, 2020). Cybercrime: New Threats, New Responses (Proceedings of the XVth International Conference on Internet, Law & Politics. Universitat Oberta de Catalunya, Barcelona, 1-2 July, 2020), e-book, Huygens Editorial 2020, available at http://symposium.uoc.edu/30247/files/xv-congreso-idp_-cybercrime_-new-threat, Available at SSRN: https://ssrn.com/abstract=3664125

Laura Drechsler (Contact Author)

Research Foundation - Flanders (FWO) ( email )

Egmontstraat 5
Brussels, 1000
Belgium

Vrije Universiteit Brussel (VUB) - Law, Science, Technology & Society Research Group ( email )

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
237
Abstract Views
694
rank
183,213
PlumX Metrics