Strafvorderlijke gegevensverwerking : Een verkennende studie naar de relevante gezichtspunten bij de normering van het verwerken van persoonsgegevens voor strafvorderlijke doeleinden

Abstract

As a result of society’s increasing digitisation, the police have ever more opportunities to collect, investigate and combine huge amounts of personal data using advanced technology. Examples are provided from recent cases where police have gained access to millions of encrypted messages from various servers, including Ennetcom, EncroChat and Sky Global. However, the current legal framework is, as yet, ill-equipped to deal with this new reality. Partly for this reason, legislators are facing new questions about how the (further) processing of data in detection should be regulated by law. Commissioned by the WODC, this study examines the legal safeguards in criminal justice data collection in relation to the legal safeguards governing the processing of these data. The Code of Criminal Procedure mainly focuses on the collection of data and to a much lesser extent on its further use, but this may involve a (fresh) invasion of citizens’ privacy. The Police Data Act contains some provisions to data processing, but the relationship with the Dutch Code of Criminal Procedure is not entirely clear. This study identifies the requirements and safeguards under European law for the processing of data for criminal justice purposes. Further inspiration is drawn from experience with the Intelligence and Security Services Act 2017 in which powers of collection and (further) processing are regulated in a single law. Finally, it explores how, in several countries (Germany, Belgium and Norway), the requirements arising from European law have been translated into legal regulations and how these regulations are designed. This study provides tools that legislators can use to reconsider the methods of standardisation and legal regulation design to better protect citizens' privacy. The recommendations thus focus on strengthening the legal framework on data processing and its supervision by creating an explicit legal framework in the Code of Criminal Procedure and establishing an independent supervisor focused on the processing of personal data by investigative authorities.