On European level, privacy aspects in context of maintaining security are addressed by the following legal acts:
In Part III, Title V of the Treaty on the Functioning of the European Union (TFEU), rules for the constitution of “an area of freedom, security and justice with respect for fundamental rights and the different legal systems and traditions of the Member States” are laid down. In its chapter 5 “Police Cooperation”, art. 87 (3) refers to the “Schengen acquis”.
This term refers to the agreements on the gradual abolition of checks at common borders that had been signed by some Member States of the EU in Schengen on 14 June 1985 and on 19 June 1990 (so-called “Schengen I” and “Schengen II”), as well as to related agreements and the rules adopted on the basis of these agreements. Altogether, they have been integrated into the framework of the European Union by the Treaty of Amsterdam of 2 October 1997 (see Protocol (No 19) on the Schengen Acquis, annexed to the TFEU).
In addition, Council Decision 2008/615/JHA of 23 June 2008 addresses the stepping up of cross-border cooperation, particularly in combating terrorism and cross-border crime (so-called “Prüm”).
Specific provisions on the protection of individuals with regard to automatic processing of personal data are to be found in the Council of Europe Convention 108 of 28 January 1981.
The use of personal data in the police sector is regulated by Recommendation 87 of the Council of Europe Committee of Ministers to Member States of 17 September 1987. Subsequently, the Council Framework Decision 2008/977/JHA addresses the protection of personal data processed in the framework of police and judicial cooperation in criminal matters. It will be repealed by Directive 2016/680/EU of 27 April 2016 on the protection of personal data processed for the purposes of law enforcement (prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data), that will apply from 6 May 2018.
Europol, as the law enforcement agency of the EU, supports and assists Member States’ national law enforcement authorities on preventing and combating organised crime, terrorism and other forms of serious crime that affect two or more Member States. In so far as it is necessary to fulfil their tasks, Europol is allowed to process information, including personal data. When doing so, Europol is to follow the specific provisions laid down in the Council Decision of 6 April 2009 establishing the European Police Office (Europol) (2009/371/JHA). Apart from that, according to article 27 of that Council Decision, Europol is supposed to take account of the principles of the aforementioned Council of Europe Convention 108, and of the Council of Europe Recommendation R (87) 15, when processing data.