The Opinion of the European Data Protection Supervisor on the Proposal for a Council Decision on the establishment of the European Criminal Records Information System (ECRIS) in application of Article 11 of Framework Decision 2008/…/JHA has just been posted on the Official Journal of the European Union website. There’s nothing particularly revolutionary in the Opinion, which concludes that
“The EDPS supports the present proposal to establish ECRIS, provided that the observations made in this opinion are taken into account, which includes:
— the responsibility of the Commission for the common communication infrastructure should be clarified in the text for reasons of legal certainty,
— a provision should be added to the decision stating that Regulation 45/2001 shall apply to the processing of personal data under the responsibility of the Commission,
— in Article 6 reference must be made to a high level of data protection as a precondition for all the implementing measures to be adopted,
— a recital should emphasise the role of the data protection authorities in relation to the implementing measures and should also encourage the data protection authorities to cooperate,
— implementing measures must be adopted ensuring the interoperability of the software,
— the Commission and the Member States should be obliged — probably by a Comitology procedure — to develop or identify a software system that meets all the
— it should be laid down in the text that the Commission will be responsible for the interconnection software”.
What is slightly irritating is that, in the age of the Information Society, a document done by European Data Protection Supervisor Peter Hustinx as long ago as 16 September 2008 should take more than five months to become available online.
More on ECRIS here