REPORTS
Non-compliance of Greek legislation with the Data Protection Directive in the context of law enforcement; infringement: INFR(2022)2021
Each Member State of the European Union must fully apply EU law. The body responsible for identifying possible violations of EU law is the European Commission. Where a Member State does not apply EU law and breaches its obligations under the EU Treaties, the European Commission may open a formal infringement procedure under Articles 258 and 260 TFEU (see details on the infringement procedure here).
The Directive on data protection in the context of law enforcement [Directive (EU) 2016/680], aims to protect the personal data of individuals involved in criminal proceedings, be it as witnesses, victims or suspects. It establishes a comprehensive framework to ensure a high level of data protection, while taking into account the specific nature of the police and criminal justice field. In an era of rapid technological development and globalisation, it facilitates the processing of personal data on an unprecedented scale to carry out activities such as the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties. The Directive aims to create an area of freedom, security and justice with regard to the protection of personal data, ensuring a high level of protection of personal data when it is necessary to move them.
At the same time, the General Data Protection Regulation (GDPR) [Regulation (EU) 2016/679] lays down rules concerning the protection of natural persons with regard to the processing of personal data in the context of the free movement of such data in the EU. It adds that due to the increase in cross-border flows of personal data in view of economic and social integration in the Union, national authorities of Member States are required by Union law to cooperate and exchange personal data. This should be done in the light of respect for the principle of proportionality in order to ensure the protection of such data.
However, as stated in the “April infringements package: main decisions/6-4-2022”, Greece has failed to correctly transpose provisions relating, among others, to the scope of application of the Law Enforcement Directive and the time limits for the storage of data. For this reason, the European Commission sent Greece a letter of formal notice (Infringement number: INFR(2022)2021). Greece now has two months to reply to the letter and take the necessary measures to remedy the breach of EU law identified by the Commission. Failing this, the Commission may decide to issue a reasoned opinion.
The application of EU law is an obligation of the Member States of the European Union. If infringements of EU law are identified, the European Commission may take a series of actions against the Member State concerned to ensure the correct and full application of EU law by opening infringement proceedings under Articles 258 and 260 TFEU.
In this particular case, the European Commission has sent a letter of formal notice, inviting Greece to comply with the General Data Protection Regulation (GDPR) [Regulation (EU) 2016/679] and the Directive on data protection in the framework of law enforcement [Directive (EU) 2016/680].
Bank Account number: 1100 0232 0016 560
IBAN: GR56 0140 1100 1100 0232 0016 560
BIC: CRBAGRAA
In a time where the very foundations of democracy are gradually being eroded by the rise of extreme nationalism, alt-right movements, the spread of disinformation and corporate capture, the efforts of organisations such as Vouliwatch are more relevant than ever.
We rely on the generosity of each and every one of you to continue with our efforts for more transparency and accounta
By financially supporting Vouliwatch you support our litigation strategy, our campaigns for transparency and accountability in the political system, the development of new civic tech tools, our research projects and last but not least our impartial and accurate