Protection of personal data in the filing systems operated by police
Operation of the filing systems which contained the data defined by Act no. 428/2002 Coll. On Protection of Personal Data as amended by latter provision (hereinafter the „Act no. 428/2002 Coll.“) as personal data is almost common matter in all fields) of a life of a society in today’s world of information and communication technology. As it is necessary for commercial company to operate the filing system with personal data of employees or clients, also the deputies of other fields need to keep records of different subjects. Ministry of Interior of the Slovak Republic and the Police Force of the Slovak Republic also operate their filing systems containing personal data even though on a different basis and pursuant to a distinct legal framework. The independent supervision of personal data protection is executed by the Office for Personal Data Protection of the Slovak Reublic as a state administration authority with competence over the entire territory of the Slovak Republic which also participate in protection of the fundamental rights and freedoms of natural persons in course of processing their personal data.Historical backround
In former times provisions of a special act did not apply to processing of personal data in police systems, neither did provision of that time effective Act no. 52/1998Coll. on Protection of Personal Data in the filing systems. With regard to provisions of Act no. 171/1993 Coll. regarding the Police Force (hereinafter the „Act no. 171/1993 Coll.“) it was not possible to realize the independent supervision of processing of personal data.
In connection with the ambition of the Slovak Republic to accede to the Europol Convention which would enable involvement of national police forces into cooperation with the European Police Office (Europol), the Committee of Europol monitored the situation in the section of police, especially emphasising compliance with the fundamental rights and freedoms of natural persons during processing of their personal data.
On the basis of conclusion of an evaluation report the Slovak Republic contracted to provide the protection of personal data in the police filing systems in accordance with european standards and to increase an independance and the powers of supervisory authority till January 1, 2003.
Act no. 171/1993 Coll. regarding the Police Force was amended by Act no. 490/2001 Coll. The Office for Personal Data Protection of the SlovakRepublic as an independent supervisory authority for personal data protection became the supervisory authority for personal data in the police filing systems by passing the amendment of act regarding the Police Force. As amended by the Act no. 490/2001 Coll. the Inspection Office of Minister of the Interior of the Slovak Republic stopped executing supervision regarding personal data protection.
Legal framework of processing of personal data
In general the legal framework of processing of personal data as well as in other sections of economic and social life of society is created by a national legislation and an internatonal treaty binding the Slovak Republic.
a) National legislation
It is necessary to go out in particular of the purpose of processing of personal data to reach more precise determination of relevant acts of law. From this point of view the personal data processed in the filing systems of Ministry of Interior of the Slovak Republic can be divided into two basic groups:
- the filing systems operated within the public administration (for example registry office, the administration of personal identification number, issuing indentity cards, travel documents etc.);
- the filing systems of the Police Force which are operated by performing tasks under the section 2 of the Act no. 171/1993 Coll., especially tasks associated with safeguarding security of state, public order, tasks associated with prevention, investigation, detecting criminal acts and criminal prosecution, combat against terrorism and organised crime etc.
As regards the first group of the filing systems the legal framework of processing of personal data is created by special acts which regulate issues of the relevant filing systems, for example Act no. 154/1994 Coll. on Registry Offices as amended by latter provision, Act No. 301/1995 Coll. on birth identification number as amended by the Act no. 515/2003 Coll., Act No. 162/1993 Coll. on identity cards as amended by latter provision etc., and Act no. 428/2002 Coll. (as lex generalis).
The special acts are under the auspices of Ministry of Interior of the Slovak Republic. Many important aspects of processing of personal data are regulated in more detail by ordinance of Ministry of Interior of the Slovak Republic, eventually by regulation of Ministry of Interior of the Slovak Republic.
The situation is different for the second group notably as regards of enforcement of Act no. 428/2002 Coll. It is a area of the third pillar of the European Union- Cooperation between Member States in the field of Justice and Home Affairs. For this field the community law enable to adopt specific exceptions and restrictions within the national legislation. The Act no. 428/2002 Coll. reflects the matter of fact in provision of section 2 and exempts the filing systems of the second group from effectiveness of some provisons of before mentioned act.
The Member States of the European Union are allowed to decide on an appropriate legal rules of processing of personal data within the activities related with performing tasks of law enforcement agencies which are established in Title VI. Of the Treaty on European Union. In this context the dominating task in the course of processing of personal data in the filing systems of police is performed by the Act no. 171/1993 Coll. as amended by latter provison. Processing of information by the Police Force is regulated in chapter IV (section 69 to 69f). The Act no. 171/1993 Coll. is considered to be a special act in relation to personal data by course of section 7 paragraph 3 of the Act no. 428/2002 Coll. Thanks to different position of controller personal data processed in the filing systems of police are subject to distinct rule as personal data processed by for example business company.
The Police Force of the Slovak Republic owns the powers which are not disposed by other controllers of the filing systems to be able to perform the tasks in extenso. By course of the Act no.171/1993 Coll. The Police Force is authorised to combine personal data obtained for various purposes and to process false personal data which must be marked such a way. On the contrary combining of personal data obtained for various purposes is inadmissible by the course of the Act no. 428/2002 Coll. on Protection of Personal Data.
It is necessary to emphasise that all filing systems operated in a department of Ministry of Interior of the Slovak Republic have the only controller - Ministry of Interior of the Slovak Republic. Therefore the police force is authorised to combine personal data obtained for various purposes from different filing systems without the need of a special act. Likewise the pesonal data from police database are allowed to be provided by a police officer who needs them by performing tasks specified by law.
b) International acts of law
The protection of personal data by performing tasks of the Police Force which are resulting from international obligation and related operation of particular filing systems is regulated by special instruments, notably instruments, which establish joint filing systems abreast of community, for example:
The convention implementing the Schengen agreement from 1990 including special provision about protection of personal data relating to Schengen filing systems
The Europol Convention from 1995 and, inter alia, the rules for transfer of personal data by Europol to the third states and the third countrie
The Convention about using information technology for customs purposes from 1995 including the provisions about protection of personal data applied in customs filing systems
In addition it is necessary to pay attention to an article 8 of the Convention for the Protection of Human Rights and Fundamental Freedoms and Convention no. 108 for the Protection of Individuals with regard to Automatic Processing of Personal Data from 1981. It is important to mention also the Additional Protocol to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, regarding supervisory authorities and transborder data flows from 2001. Recommendation no. R(87) 15 from 1987 which regulates using the personal data in a police field has a specific position for processing of personal data by police. All Member States of the European Union are signatory of Convention no. 108 but not all of them are signatory of the Additional Protocol.
Supervision of personal data protection in national parts of the filing systems of Europol, Interpol and Schengen is executed by independent national supervisory body for protection of personal data. The Office for Personal Data Protection supervise to provide for legality, legitimacy and security of processing of personal data in mentioned filing systems.
The national central of Interpol, the national central of Europol, the national Schengen information system and SIRENE office as well as an international police cooperation are the auspices of the Office for international police co-operation of presidium of the Police Force.
The supervision of activity of particular international police bodies (Europol, Interpol, the central part of SIS) in connection with processing of personal data is secured by joint supervisory bodies established within the frame of the European Commission. They are:
Supervisory Body of Europol
- Commission for the Control of Interpol’s
- Joint Supervisory Authority of
The activities of joint international bodies are related to:
- performation of inspection of processing of personal data, i. e. regular inspection of controller of particular central parts of all-European filing systems (Europol, SIS, CIS),
- preparation and issuing decision and recommendation to prepared legal instrument of the European Commission (frame decision of the European Commission, directives or regulations of European Commission) which regulate processing of personal data in third pillar as well as a proposal for amendments of concurrently lawful rules of law (conventions),
- issuing decision to instruments prepared by controllers of the filing systems ( contracts about co-operation and exchange of personal data with third countries, appraisal of an adequate level of security of processing of personal data in third countries etc.),
- methodical direction for unification of procedure of national supervisory body at appraisal of activities of controllers of national parts of relevant filing systems, performation of inspection etc.,
- investigation of complaints of citizens of the European Union against controllers by claiming the rights to information of data subject, correction and destruction of personal data from relevant database,
- raising awareness of citizens in field of protection of personal data,
- working –out regular reports on activities of joint supervisory body and presentation to competent bodies (the European Commission and the European Parliament) as well as accessing to citizens of European Union.
 Processing of personal data in police filing systems till August 31, 2002
 article 13 of the Directive of theEuropean Parliament and of the Council of 24 October 1995 on the Protection of Individuals with regard to the processing of personal data and on the free movement of such data, as well as article 9 of the Convention no. 108 of 28 January 1981 for the Protection of Individuals with regard to Automatic Processing of Personal Data