By Julia Tar | Euractiv Est. 4min 30-01-2024 (updated: 02-02-2024 ) Content-Type: News News Based on facts, either observed and verified directly by the reporter, or reported and verified from knowledgeable sources. Participatory budgeting is a form of citizen participation where citizens are involved in the process of deciding how public money is spent. [Shutterstock/PeopleImages.com - Yuri A] Euractiv is part of the Trust Project >>> Languages: Français | DeutschPrint Email Facebook X LinkedIn WhatsApp Telegram The European Court of Justice (ECJ) has ruled that law enforcement agencies cannot indiscriminately store biometric and genetic data on those who committed criminal offences until their death, it said in a judgement published on Tuesday (30 January). Biometric data means personal information used to identify an individual and can be part of a digital identity verification process. Such data can include fingerprints, facial recognition systems, or iris scans. Genetic data is personal data about a person’s genetic characteristics, such as gender, race, height, or weight. It can be more specific and provide information about psychological or physical health. These types of data are part of the information collected on those committing criminal offences in EU member states and could be stored about them until their death. The EU’s top court has now found this practice to be contrary to EU law. “The outcome of the judgment is both welcome and unsurprising,” Lorenzo Dalla Corte, assistant professor in data protection and cybersecurity law at Tilburg University, told Euractiv. “The Court’s data retention jurisprudence has been quite clear about the fact that general and indiscriminate data retention measures carried out for (serious) crime prevention, investigation, and prosecution are contrary to EU law”, he explained. Dalla Corte added that “while that jurisprudence revolved around different subject matters, such as telecommunications data and Passenger Name Records, it is logical to apply its principles to Directive 2016/680 and the case at hand, as the Court did”. French police accused of using facial recognition software illegally French national police have been illegally using the Israeli facial recognition software Briefcam since 2015, the French investigative media Disclose reported. The judgement follows a case in Bulgaria about an entry in police records of a person who offered a false or incomplete testimony as a court witness. This resulted in a one-year suspended sentence, after which the person was legally rehabilitated. Under Bulgarian law, data concerning that person are retained in records, which may be processed by the authorities, who can access them without a time limit other than his death. The person applied for his records to be removed but was rejected because a final criminal conviction cannot be removed from police records, even after legal rehabilitation. On appeal, the Bulgarian Supreme Administrative Court referred questions to the EU Court of Justice. The European court pointed out that Bulgarian police records include fingerprints, a photograph, a DNA sample, and data about the criminal offences. These can be essential to verify if a person has committed a crime or was convicted by final judgment. However, according to the EU Court, such people do not present the same level of risk of being involved in a criminal offence and therefore it is not justified to have a uniform storage period for their data which would last until their death, specifying that that time frame should apply only in specific cases. EU top court's ruling spells trouble for scoring algorithms The Court of Justice of the EU (CJEU) ruled on Thursday (7 December) that decision-making by scoring systems that use personal data is unlawful, a judgement that could have significant spillover effects for social security and credit agencies. “The critical point here is not about the lawfulness of the measure assessed by the Court, nor about its appropriateness as a tool for crime prevention, investigation, and prosecution”, said Dalla Corte. “Rather, the problem with this sort of measure is that the general and indiscriminate storage of (sensitive) personal data cannot be regarded as ‘necessary’, as it is possible to envision suitable alternatives that would lead to a lesser interference with the fundamental rights of the people involved”. Under EU law, national legislations have to oblige data controllers to periodically review if storing data is still necessary or not. In the latter’s case, they also have to offer the subject of the data the possibility to erase the information. Dalla Corte concluded that “EU member states’ legislatures will eventually have to reckon that retaining data until a person’s death can only be considered ‘appropriate’ in particular circumstances, and introduce appropriate nuance in their legislation”. [Edited by Luca Bertuzzi/Zoran Radosavljevic] Read more with Euractiv Europe's quantum tech sees rosy outlook for 2024, report saysA new report published on Tuesday (30 January) by three leading European firms sheds light on several quantum trends for 2024, pointing to steady growth of investments in Europe's quantum start-ups.
