Data protection, migration and border control : the GDPR, the Law Enforcement Directive and beyond

This book assesses data protection rules that are applicable to the processing of personal data in a law enforcement context. It offers the first extensive analysis of the LED and Regulation (EU) 2018/1725. It illustrates the challenges arising from the unclear delineation between the different data protection instruments at both national and EU level. Taking a practical approach, it exemplifies situations where the application of data protection instruments could give rise to a lowering of data protection standards where the data protection rules applicable in the law enforcement context are interpreted broadly. The scope of data protection instruments applied by law enforcement authorities impacts processing for purposes of border control, migration management and asylum because there is an unclear delineation between the different data protection instruments.

Introduction: The Emergence of Multiple Function Creeps 1. The Developments Towards the Area of Freedom, Security and Justice and the Right to the Protection of Personal Data I. Processing of Personal Data in the Law Enforcement Context II. The Growth of Powers of the EU Agencies III. The Case of EU Databases IV. Conclusion 2. The End of Purpose Limitation I. Interoperability in a Nutshell II. Interoperability as a Logical Step III. Law Enforcement Access to the Interoperability Components IV. Law Enforcement Access in Light of Article 52(1) of the EU Charter V. Access to the Interoperability Components by the Relevant EU Agencies VI. Supervision of Processing within the Interoperable System VII. Conclusion 3. The Overly Broad Application of Directive (EU) 2016/680 I. Directive (EU) 2016/680: Structure and Overview II. Specific Rules under Directive (EU) 2016/680 for Data Protection in the Law Enforcement Context III. Scoping Exercise: The Scope of Application of Directive (EU) 2016/680 IV. Provisions Specifically Designed for the Processing of Personal Data in the Law Enforcement Context V. Data Subject Rights VI. Obligations for Controllers and Security of Personal Data VII. International Transfers of Personal Data VIII. The Role of Data Protection Supervisory Authorities IX. Existing EU Legal Acts and Commission Reports X. Conclusion 4. The Blurred Line between EU Law Enforcement Agencies and EU Migration Agencies I. Overview of the Respective Agencies II. Access to EU Databases and the Interoperability Components by EU Agencies III. The Fragmentation of Applicable Data Protection Rules IV. Chapter IX of Regulation (EU) 2018/1725 on Operational Personal Data V. The European Border and Coast Guard Agency Processing Personal Data: The Extended Mandate under the 2019 Regulation VI. Europol and Eurojust: Solutions after the Adoption of Regulation (EU) 2018/1725 VII. Conclusion Concluding Remarks I. Outlook