Privatization of Information and the Data Protection Reform

Law enforcement authorities frequently process personal data that they received from private entities, such as banks, private companies, etc. for the purpose of prevention, investigation, detection, or prosecution of criminal offences or the execution of criminal penalties. The processing of personal data by EU law enforcement authorities and the processing of personal data by private entities is, however, governed by different legal instruments. An additional issue arises when these transfers are done to a law enforcement authority of a third state. Thus, personal data transfers from private entities to law enforcement authorities risks falling into a gap between two legal instruments. With the currently applicable legal instruments on data protection being revised, provisions could be included to avoid this risk. This contribution therefore deals with the question where these provisions should be included for transfers within the EU and to a third state.