Digitization and data-driven technologies have radically changed law enforcement. Police and other law enforcement authorities are increasingly using large-scale data processing, algorithms, camera surveillance, and data sharing. This raises fundamental questions about privacy, proportionality, transparency, and democratic control.

The Privacy in Investigations dossier brings together the legal, policy, and social framework surrounding the processing of personal data in criminal law enforcement. It focuses on European Directive (EU) 2016/680 (the so-called Law Enforcement Directive) and its national implementation, particularly in the Police Data Act (Wpg) and the Judicial and Criminal Data Act (Wjsg), including the associated implementing regulations.

Scope of application

This file concerns data processing by, among others:

• the police,

• special investigation services (BODs),

• special investigating officers (BOAs),

• and other competent authorities that process personal data for the prevention, detection, investigation, and prosecution of criminal offenses or the execution of penalties.

The rules for these processing operations deliberately deviate from the GDPR. They give investigative authorities scope to perform their tasks, but at the same time impose strict requirements in terms of necessity, purpose limitation, proportionality, and data minimization. The processing of special categories of personal data is only permitted in exceptional cases and must be justified with particular care.

Supervision, accountability, and the rule of law

The Autoriteit Persoonsgegevens oversees compliance with privacy law in criminal investigations. Organizations are required to appoint a data protection officer and to report internally on their data processing activities. At the same time, the effectiveness of oversight, legal protection for citizens, and the transparency of investigative practices are regularly called into question.

Relationship with broader digitization

Privacy in criminal investigations increasingly touches on other areas that are central to PONT | Data & Privacy, such as:

• the use of AI and algorithmic systems in investigation and enforcement,

• large-scale data linking and sharing,

• digital surveillance and camera monitoring,

• cybersecurity and data breaches,

• and the tension between security, innovation, and fundamental rights.

This dossier provides an overview and in-depth analysis for professionals who want to understand how privacy law works in criminal investigations, where the boundaries lie, and what social and ethical issues are involved. It is intended as a knowledge base and as a platform for critical reflection on the role of data and technology in criminal law enforcement.