The Spanish police force has just launched the ‘Security Blue Network’, an initiative to foster a ‘true alliance’ between public police forces and ‘1 500 companies working on private security, employing more than 100 000 professionals and 600 security departments’. A programme such as this requires a comprehensive reform of the legal framework, which should respect Community law and clearly define the kind of collaboration and information to be shared. However, no legislative reform has been announced. Information provided by private agencies will be processed and added to police intelligence and, depending on their degree of collaboration, these agencies will be ‘paid’ with public information in which they might be interested. Private companies will, of course, ‘commit to making good use of the information they receive’. According to our information, the plan also ignores the crucial role of the Spanish Agency for Data Protection, which is supposed to ensure the correct use of data managed by private agencies(1).
1. Can the ‘Security Blue Network’, particularly where it allows for the indiscriminate processing of private data without a clear legal basis and the sharing of public information with private companies, be considered compatible with the right to data protection as laid down in Article 8 of the EU Charter of Fundamental Rights, Article 16 of the TFEU, Directive 95/46/EC and Framework Decision 2008/977/JHA?
2. Can the Commission confirm, in particular, whether this initiative infringes Article 14 of Framework Decision 2008/977/JHA on transmission to private parties in Member States?
3. Would the legal situation created by the data protection framework proposed by the Commission in COM(2012) 0009-12 provide a different answer to the questions asked above?
4. Would a massive transfer of sensitive data, unmonitored by the Spanish Agency for Data Protection, be acceptable under EC law?