University of Valencia logo Logo Privacy and Digital Transformation Chair Microsoft-UV Logo del portal

Guarantees in the processing of personal data by the Security Forces in LO 7/2021

  • June 21st, 2022
Image resource

Lecture by Professor Ricard Martínez M. at the International Seminar on Security Challenges.

The director of the Microsoft-Universitat de València Chair for Privacy and Digital Transformation, Ricard Martínez M., participated in the International Seminar on Security Challenges held on 21 June 2022. He presented the paper: “Guarantees in the processing of personal data by the Security Forces and Bodies in Organic Law 7/2021, of 26 May, on the protection of personal data treated for prevention, detection, investigation and prosecution of criminal offences and on the execution of criminal sanctions.”

Martínez stated that one of the most relevant issues in the processing of personal data lies precisely in defining under which conditions the legal controls that guarantee fundamental rights function adequately. In this regard, this is particularly important in the processing of judicial and police information.

Indeed, the General Data Protection Regulation (GDPR)  marks a radical change by establishing a series of guarantees in the criminal judicial field. These are: quality of information, indirect or supervised control and traceability. The latter, traceability, is of significant legal importance

These three elements emerge after proving that the conception of the fundamental right to data protection as a right of control over personal data, whose essential pillar is informed consent, is a particularly fragile idea. In fact, some authors suggest that this model facilitates the massive use of data by those entities which, in theory, seemed to be targeted.

Therefore, traceability and controls on the conditions of data processing are what, in practice, will work as guarantees of fundamental rights. 

The criteria defining these conditions are, firstly, a processing of data that allows their cataloguing according to the subject to which they refer. Secondly, with regard to the verification of the quality of data, a distinction must be made between facts and assessments. Finally, a third criterion is the reliability given by the principle of adequacy to the facts and, consequently, to the data.

In relation to the controls on the actions of the law enforcement, specific grounds are established to guarantee the right of access to the data. These include the protection of the investigation, public safety and the rights and freedoms of other people, e.g. victims and witnesses.

Finally, the academic proposed to pay attention to an interpretation according to which the law suggests that, as far as possible, the name of the person requesting access to the data and their recipients should be included. This interpretation puts at risk the protection against abusive exercise of authority. In other words, the real possibility of auditing who administers the data is a deterrent to ensure the guarantee of data protection. 

In the future, the academic explain, traceability and auditability will call into question whether, among the elements that make up the right to data protection, one should include those measures that guarantee absolute traceability and auditability, that is, the control of what happens within information systems.




Ponencia en Seminario Retos para la Seguridad (21/06/2022) from Catedra de Privacidad on Vimeo.