In addition to the General Data Protection Regulation (AVG) , European regulations have a separate directive for data protection in investigation and criminal law enforcement: the Directive (EU) 2016/680. This directive sets rules for the processing of personal data by competent authorities for the purposes of prevention, detection, investigation and prosecution of criminal offenses and the enforcement of sentences.
In the Netherlands, the Directive is implemented in the Wet politiegegevens (Wpg) and the Wet justitiële en strafvorderlijke gegevens (Wjsg), including its implementing decrees.
The Wpg regulates the processing of personal data necessary for the performance of police duties. This law applies to:
The police
The police process police data only for specific purposes related to the performance of its legal duties. The processing must be proportionate and necessary. Only in exceptional circumstances may special personal data - such as race, health, or political beliefs - be processed, and only if strictly necessary for the police purpose.
Special investigation services (BOD) and special investigating officers (boas).
Data processing by these services is also covered by the Wpg. The rules for boas are detailed in the Police Data for Extraordinary Investigating Officers Decree (BpgBoa). This decree stipulates, among other things, that processing may only take place for specific investigative purposes and within the framework of necessity and purpose limitation.
The Autoriteit Persoonsgegevens (AP) oversees compliance with the Wpg. Organizations that process police data are required to appoint a data protection officer (FG) and register it with the AP. The FG internally monitors compliance with privacy rules within the organization.
The Wpg and the AVG coexist.
The Wpg applies only to processing directly related to the performance of police duties.
When the police or boas process personal data for other purposes - such as administrative or supervisory tasks - the AVG applies.
This creates a dual structure in data protection law: where the AVG contains general rules for civil and administrative law processing, the Wpg provides a specific framework for personal data processing within the criminal law enforcement sector.
Wpg audit roadmap
PublishedRequest for inspection, correction or deletion
Case law summaryHow can a municipality distinguish between Wpg and AVG processing in the case of boas that both supervise and perform investigative duties (the so-called two hats problem)?
Question & AnswerWhen is a data protection impact assessment (DPIA) mandatory when processing police data (Wpg) within municipalities?
Question & AnswerLetter Report monitoring legal hacking power police 2024
Parliamentary document: room letterBill: more powers for mayor in case of online disorder
BlogTemporary emergency procedure for continuous screening in child care facilities
News press releasePolice continue work on more own control of hacking powers
News press releaseAs an organization, when should I provide personal data to the police?
Question & AnswerPolice and prosecution insufficiently consider consequences of including witness's personal data in criminal file
ReportsAnswers Chamber questions on call by cops to criminalize threatening asking for private information
House item: chamber questionData processing by boas: new rules as of May 2018
News
