in privacy and protection of personal data and the number of international and regional instruments in this field. A recent document, that has addressed these issues to the entire international community, is the 1990 United Nations General Assembly resolution 45/95 on Guidelines for the Regulation of Computerised Personal Data Files The Guidelines contain eight principles which apply to handling those files, and constitute the minimum standards to be provided in national legislations I Principle of lawfulness and fairness, I Principle of accuracy I Principle of purpose-specification, I Principle of interested-person access I Principle of non-discrimination, I Principle of security I Principle on sanctions and supervision of the observance of the above principles, I Principle on transborder data flows The following section seeks to explain as how the above principles may apply to the operations of the criminal ustice authorities 4.2 Data Protection Principles in the Administration of Justice 4.2.1 Principle of lawfulness and Fairness The principle of lawfulness and fairness in the collection and processing of personal data for criminal justice purposes implies that data must be obtained in a lawful way, i.e. in compliance with procedural rules which define the limits of permissible intrusion by agents of the state against private interest of the citizen It is not easy to comply with this requirement in the information age. Legal provisions on the inviolability of telephone communications may not provide sufficient basis for the protection of confidentiality of an e-mail and other forms of electronic communications. The rise of electronic surveillance and the use of computers to data matching and for instance, conversation intercepts have developed so fast, that the legal system may not be able to respond adequately to situations created by these new techniques y has been recognised by the United Nations Universal Declaration of Human Rights(art 12), the European Convention for the Protection of Human Rights and Fundamental Freedoms(art. 8), and the Intemational Covenant on Civil and Political Rights(art. 17). Privacy protection by of data protection is dealt with, at the international level, by: Recommendation with Guidelines on the protection of privacy and transborder flows of personal data adopted by the Council of the Organisation for Economic Co-operation and Development on 23 September 980: Council of Europe Convention No. 108 for the protection of individuals with regard to automatic processing of personal data, adopted 28 anuary 1981; Directive 95/4EC of the European Parliament and of the Council of Europe of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data(EU-Data Protection-Directive) General Agreement on Trade Services, stating in Article XIv that Member States are not prevented by this world wide agreement to adopt or enforce regulations relating to the protection of privacy of individuals in relation to the processing and dissemination of personal data and the protection of confidentiality of individual records and accounts
in privacy and protection of personal data and the number of international and regional instruments in this field9 . A recent document, that has addressed these issues to the entire international community, is the 1990 United Nations General Assembly resolution 45/95 on Guidelines for the Regulation of Computerised Personal Data Files. The Guidelines contain eight principles which apply to handling those files, and constitute the minimum standards to be provided in national legislations: I Principle of lawfulness and fairness, I Principle of accuracy, I Principle of purpose-specification, I Principle of interested-person access, I Principle of non-discrimination, I Principle of security, I Principle on sanctions and supervision of the observance of the above principles, I Principle on transborder data flows. _ The following section seeks to explain as how the above principles may apply to the operations of the criminal justice authorities. _ 4.2 Data Protection Principles in the Administration of Justice 4.2.1 Principle of Lawfulness and Fairness The principle of lawfulness and fairness in the collection and processing of personal data for criminal justice purposes implies that data must be obtained in a lawful way, i.e. in compliance with procedural rules which define the limits of permissible intrusion by agents of the state against private interest of the citizen. It is not easy to comply with this requirement in the information age. Legal provisions on the inviolability of telephone communications may not provide sufficient basis for the protection of confidentiality of an e-mail and other forms of electronic communications. The rise of electronic surveillance and the use of computers to data matching and sort, for instance, conversation intercepts have developed so fast, that the legal system may not be able to respond adequately to situations created by these new techniques. 9 The right to privacy has been recognised by the United Nations Universal Declaration of Human Rights (art. 12), the European Convention for the Protection of Human Rights and Fundamental Freedoms (art. 8), and the International Covenant on Civil and Political Rights (art. 17). Privacy protection by means of data protection is dealt with , at the international level, by: Recommendation with Guidelines on the protection of privacy and transborder flows of personal data adopted by the Council of the Organisation for Economic Co-operation and Development on 23 September 1980; Council of Europe Convention No. 108 for the protection of individuals with regard to automatic processing of personal data, adopted 28 January 1981; Directive 95/46/EC of the European Parliament and of the Council of Europe of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (EU-Data Protection-Directive); General Agreement on Trade in Services, stating in Article XIV that Member States are not prevented by this world wide agreement to adopt or enforce regulations relating to the protection of privacy of individuals in relation to the processing and dissemination of personal data and the protection of confidentiality of individual records and accounts. _
Nevertheless, the encroachment on privacy which these investigative methods and procedures involve and the possibilities for abuse inherent in their use require that they be closely defined As to telephone tapping, or other forms of electronic monitoring, the balance between the interest of crimin ustice and the privacy protection of individuals requires that the use of technical surveillance should be explicitly vided by lav I As an exceptional measure, employed in certain restricted, most serious crimes I Targeted only on the person who is suspected, on reasonable grounds, of having taken part in a crime I. Provided that the monitoring has been duly authorised by the court or an organ of judicial investigation Specific provisions should also govern the duration of monitoring, the manner it is carried out, and essing of the information obtained a detailed regulation of conditions on the use of surveillance provides necessary grounds for the subsequent supervision over the police undercover activities. In several democratic states such a supervision is carried out by an independent public body(e.g. special parliamentary commission), appropriately empowered to check, in any case involving monitoring, whether the police is acting in a lawful way. This, however, requires that the police be obliged to report regularly on such cases to the supervisory authority, which should also be entitled to look into the cases at its own initiative or at the request of individuals who believe they are under surveillance Once monitoring is over, and unless this would not prejudice the outcome of the investigation, the person examine the recordings made without his or her knowledge as well as to take legal action thereupon opportunity to concerned should be informed that monitoring has taken place. Then, he or she should be given an The report on the monitoring and recording should be destroyed if irrelevant, or no longer relevant, to the Investigation 4.2.2 Principle of the Purpose-Specification 4.2.2.1 General obseryation The principle of purpose specification impose two kinds of limits on processing of personal data I. It prohibits the collection and processing of data for undefined purposes; I. It permits to keep only personal data files that concern the legitimate objective of activity of the data controller It also implies that the purpose justifying the creation of a file should not only be specified before it is set up, but also made known to the supervisory authority(Personal Data Inspector/Commissioner) in order to enable him registration of the file A notification of supervisory authority should concern so-called permanent files(databases), which are used by the police for their routine purposes. This notification may not apply to ad-hoc files set up for the purpose of particular investigations. The supervisory authority should be informed by the police agency about the nature of each file declared, the body responsible for its processing, its purposes, the type of data contained in the file and the persons to whom the data are communicated The notification procedure makes it possible, at any time, to check, whether: 1. The collected and recorded data are in keeping with the purpose sought I. The data are not used for a purpose other that for which the file was set up I. The data are held on file no longer than is normally required for the purpose for which they were collecte
Nevertheless, the encroachment on privacy which these investigative methods and procedures involve and the possibilities for abuse inherent in their use require that they be closely defined. As to telephone tapping, or other forms of electronic monitoring, the balance between the interest of criminal justice and the privacy protection of individuals requires that the use of technical surveillance should be explicitly provided by law: I As an exceptional measure, employed in certain restricted, most serious crimes; I Targeted only on the person who is suspected, on reasonable grounds, of having taken part in a crime; I. Provided that the monitoring has been duly authorised by the court or an organ of judicial investigation. Specific provisions should also govern the duration of monitoring, the manner it is carried out, and the processing of the information obtained. A detailed regulation of conditions on the use of surveillance provides necessary grounds for the subsequent supervision over the police undercover activities. In several democratic states such a supervision is carried out by an independent public body (e.g. special parliamentary commission), appropriately empowered to check, in any case involving monitoring, whether the police is acting in a lawful way. This, however, requires that the police be obliged to report regularly on such cases to the supervisory authority, which should also be entitled to look into the cases at its own initiative or at the request of individuals who believe they are under surveillance. Once monitoring is over, and unless this would not prejudice the outcome of the investigation, the person concerned should be informed that monitoring has taken place. Then, he or she should be given an opportunity to examine the recordings made without his or her knowledge as well as to take legal action thereupon. The report on the monitoring and recording should be destroyed if irrelevant, or no longer relevant, to the investigation. 4.2.2 Principle of the Purpose-Specification 4.2.2.1 General observations The principle of purpose specification impose two kinds of limits on processing of personal data: I. It prohibits the collection and processing of data for undefined purposes; I. It permits to keep only personal data files that concern the legitimate objective of activity of the data controller. It also implies that the purpose justifying the creation of a file should not only be specified before it is set up, but also made known to the supervisory authority (Personal Data Inspector/Commissioner) in order to enable him registration of the file. A notification of supervisory authority should concern so-called permanent files (databases), which are used by the police for their routine purposes. This notification may not apply to ad-hoc files set up for the purpose of particular investigations. The supervisory authority should be informed by the police agency about the nature of each file declared, the body responsible for its processing, its purposes, the type of data contained in the file and the persons to whom the data are communicated. The notification procedure makes it possible, at any time, to check, whether: I. The collected and recorded data are in keeping with the purpose sought; I. The data are not used for a purpose other that for which the file was set up; I. The data are held on file no longer than is normally required for the purpose for which they were collected