Data Protection for Law Enforcement
Updated: May 8, 2021
On the 3rd of March 2021, Steinlein Group conducted an online training session: Data Protection for Law Enforcement. The event was organized in collaboration with the National Police of Ukraine and covered data protection principles and recommendations in the EU legislation, including the General Data Protection Regulation (GDPR) and Directive (EU) 2016/680 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data (Police Directive).
The online training session started with an overview of the right to data protection in primary and secondary EU legislation and moved towards a more focused analysis of the Police Directive, which establishes Adequacy Test for third countries in relation to data protection standards. Throughout the training, the instructor, Mariam Chaduneli, discussed key requirements and principles countries need to uphold to meet the adequacy test, including the existence of binding data protection rules, concepts (data processor, data controller, data subject, supervisory authority, etc...) and effective enforcement mechanisms.
Participants also had an opportunity to hear about specific principles of data protection and their importance in the context of law enforcement. Special emphasis was made on the requirements for necessity, data minimization, transparency, storage limitation and security requirements. Alongside legal requirements, advice was given about practical implementation of these principles and what mechanisms can be implemented to ensure compliance.
Another part was dedicated to specific requirements in the Ukrainian legislation in relation to the supervisory authority and cases concerning the interpretation of the consent requirement. Finally, the training session highlighted key differences between the EU and US data protection laws, after which participants discussed recent developments in the context of law enforcement cooperation and cross-border exchange of telecommunications data.