Resources
- Identity Use Cases & Scenarios.
- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- Forensic Implications.
- D5.1: A survey on legislation on ID theft in the EU and….
- D5.2: ID Fraud Workshop.
- D5.2b: ID-related Crime: Towards a Common Ground for Interdisciplinary Research.
- D5.2c: Identity related crime in the world of films.
- D5.3: A Multidisciplinary Article on Identity-related Crime.
- D5.4: Anonymity in electronic government: a case-study analysis of governments? identity knowledge.
- D6.1: Forensic Implications of Identity Management Systems.
- D6.5/D6.6: Second thematic Workshop forensic implications.
- D6.7b: Workshop on Forensic Profiling.
- D6.7c: Forensic Profiling.
- HighTechID.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
The specific nature of law enforcement activities calls for the processing of different kinds of personal data whose accuracy and reliability is not always guaranteed.
First, depending on their trustworthiness, these personal data could be divided into “hard data” and “soft data”. “Hard data” are data flowing from a well established source. “Soft data” are very vague indications about somebody’s possible involvement with serious crime. They can stem from an anonymous source, resulting in complete uncertainty about its trustworthiness .
Second, depending on to whom they are referring, data can be classified into “about persons suspected of having committed a specific crime” or “about persons about whom there are indications that they are involved in committing or preparing a serious crime, either as part of an organisation or alone” .
Both “soft data” and the data about persons not being the subject of founded suspicions as defined by the Codes of criminal procedures are proper to criminal intelligence activities where lower level of safeguards are tolerated. As highlighted by the Council of Europe, “as police and judicial powers in most Codes of criminal procedures are limited to cases where there is a suspicion against a person with regard to a specific criminal offence, new information technology is increasingly used to store data about criminals as person as such, without relation to specific criminal offences. (…) The data are used to solve any crime, either already committed or expected to be committed in the future. Their use is not limited to the investigation of, or use as evidence in, a specific criminal offence.” General data protection principles apply to such processing.
Article 5 of the CoE Convention (1981) states that personal data undergoing automatic processing shall be obtained and processed fairly and lawfully. This mainly raises the question with regard to criminal intelligence as of who can be a data-subject as part of criminal intelligence. The Council of Europe however does not get into such evaluations and leaves to each Member State the task to define the criteria for identifying the targets that can be subject of criminal intelligence.
An interesting example resides in the UK DNA database. This database is the largest in the world covering details about 4.5 million people including information on every person arrested, convicted or not, and on 900,000 children. “The high rate of inaccuracies, e.g. incorrect dates, spelling mistakes and duplications established by the Data Quality and Integrity Team Unit, could lead to innocent people being accused of crimes and wrongly arrested” (House of Lords, "Surveillance and data collection", 14 November 2007).
These specificities have motivated the formulation of specific rules in Recommendation R (87) 15 (Council of Europe, 17 September 1987) which “advocates for police bodies, as far as possible, to distinguish data according to their degree of accuracy and in particular between data based on facts and data based on opinion. The same distinction is advocated before any data transfer to a third party where the degree of accuracy of the information should be indicated, as far as possible, to the recipient” . However, “the initial distinction between different categories of data according to their degree of accuracy and reliability and between categories of data subjects (criminal, suspect, victim, etc.), which was included in the Commission proposal to address this concern, has been omitted from the later versions of the draft decision” . In this respect, it is worth noting that the latest Proposal for a Framework Decision on data protection in the third pillar (Proposal for a Council Framework Decision on the protection of personal data processed in the third pillar, 11 December 2007) stipulates that the receiving body cannot use the inaccuracy of the data supplied as grounds to evade its liability vis-à-vis the injured party under national law. If damages are awarded against the receiving body because of its use of inaccurate transfer data, the body which supplied the data shall refund the amount paid in damages to the receiving body in full (Article 19).
21 / 27 |