Answer given by Mrs Reding on behalf of the Commission
In line with Directive 95/46/EC of the Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (‘Data Protection Directive’) the processing of personal data is lawful only if the criteria for making processing legitimate are met.
The Commission is currently in the process of preparing proposals to revise the Data Protection Directive in order to create a comprehensive framework for the protection of personal data that responds to the challenges posed by technological development and globalisation as explained in its communication on a comprehensive strategy on data protection in the European Union of 4 November 2010.
INDECT is a research project, not an implementation project. Consequently, issues related to daily use of INDECT systems, including their potential purposes, are not within the scope of the project framework. It is the responsibility of the authorities of the Member States, when deploying these new technologies, to comply with EU rules on the protection of personal data. In particular, personal data may only be processed if there is a proper legal basis according to EC law.
The monitoring and enforcement of the national legislation transposing Data Protection Directive within the Member States is the responsibility of national authorities, in particular the national data protection supervisory authorities.
-  OJ L 281, 23.11.1995.
-  COM(2010)609 — http://ec.europa.eu/justice/news/consulting_public/0006/com_2010_609_en.pdf
OJ C 285 E, 21/09/2012