*2.3.1 State of the art*

The normative compliance of the methodologies and tools proposed by the project will be assessed by reference to the European and national legal framework on data protection and privacy [42].

Data protection is a fundamental right in Europe, enshrined in Article 8 of the Charter of Fundamental Rights of the European Union as well as in Article 16(1) of the Treaty on the Functioning of the European Union (TFEU).

The central legislative instrument for the protection of personal data in Europe is the EU's 1995 Directive1 . In order to come to a complete revision of the entire framework concerning data protection, more consistent with changes in the single market and with stronger needs to ensure security of European citizens, since 2009, the European Commission launched public consultations on data protection2 and engaged in intensive dialog with stakeholders. On 4 November 2010, the Commission published a communication on a comprehensive approach on personal data protection in the European Union3 that sets out the main themes of the reform. "After assessing the impacts of different policy options4 , the European Commission is now proposing a strong and consistent legislative framework across Union policies, enhancing individuals' rights, the Single Market dimension of data protection and cutting red tape for businesses"<sup>5</sup> . The Commission proposes that the new framework should consist of:

<sup>1</sup> Directive 95/46/EC on the protection of individuals with regard to the protection of personal data and on the free movement on such data, OJ L 281, 23.11.1995, p. 31.

<sup>2</sup> Two public consultations have been launched on the data protection reform: one from July to December 2009 (http://ec.europa.eu/justice/news/consulting\_public/news\_consulting\_0003\_en.htm) and a second one from November 2010 till January 2011 (http://ec.europa.eu/justice/news/consulting\_ public/news\_consulting\_0006\_en.htm).

<sup>3</sup> COM(2010)609.

<sup>4</sup> The Impact Assessment SEC(2012)72.

<sup>5</sup> See p. 4, final COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS Safeguarding Privacy in a Connected World A European Data Protection Framework for the 21st Century Brussels, 25.1.2012 COM(2012) 9.


Union is neither restricted nor prohibited for reasons connected with the protection

• The introduction of the definitions of 'personal data breach,' 'genetic data' and 'biometric data,' 'competent authorities' (based on Article 87 TFEU and Article 2(h) of Framework Decision 2008/977/JHA) and, of a 'child,' based on the

• The distinction between different categories of data subjects (art.5): 'Member States shall provide that, as far as possible, the controller makes a clear

distinction between personal data of different categories of data subjects, such as:

c. victims of a criminal offense, or persons with regard to whom certain facts give reasons for believing that he or she could be the victim of a

d. third-parties to the criminal offense, such as persons who might be called on to testify in investigations in connection with criminal offenses or subsequent criminal proceedings, or a person who can provide

information on criminal offenses, or a contact or associate to one of the

e. persons who do not fall within any of the categories referred to above.'

Many of the tasks, such as video analysis, text mining or case-based reasoning, are very compute and data intensive. Processing large amounts of multimedia data for police investigation purposes must take into account scalability and performance requirements in order to be usable in a professional context. Cloud computing [46] has emerged as a good model for providing compute and storage resources

In this proposal, we will advance the state of the art by designing algorithms for video-analysis, text mining or case-based reasoning that are scalable and can benefit from parallel processing for the computing and data intensive tasks. This will allow the system to deal with varying workloads for large organizations and provide analysis response times [48] in line with police investigation requirements.

on demand. To benefit from these available resources, applications that are deployed in the cloud need to be designed to scale and to be able to benefit from

parallel processing of data with approaches such as map-reduce [47].

a. persons with regard to whom there are serious grounds for believing that they have committed or are about to commit a criminal offense;

of individuals with regard to the processing of personal data.

The main innovations concern the following:

*Novel Methods for Forensic Multimedia Data Analysis: Part II*

*DOI: http://dx.doi.org/10.5772/intechopen.92548*

UN Convention on the rights of the child

b. persons convicted of a criminal offense;

persons mentioned in (a) and (b); and

criminal offense;

**2.4 Cloud computing**

*2.4.2 Beyond the state of the art*

**137**

*2.4.1 State of the art*

*2.3.2 Beyond the state of the art*

By proposing a specific Directive regulating the use of personal data for criminal investigations, the EU legislator acknowledges the importance of innovating by means of a legislative instrument, the specific theme of personal data processing in criminal investigations, a theme that was left aside by the Directive 95/46 and only partially regulated by Framework Decision 2008 [43, 44]. It left to national legislations all the decisions about the legitimacy in processing personal data for purpose of crime detection, thus preventing a global European intervention against criminality.

The new Directive intends to make a distinction between the fundamental (but not "absolute") right to data protection and its social profile in the light of achieving a global security. An EU legislator states that "The right to the protection of personal data, enshrined in Article 8 of the Charter of Fundamental Rights and in Article 16(1) TFEU, requires the same level of data protection throughout the Union"<sup>9</sup> and that "According to the principle of subsidiarity (Article 5(3) TEU), action at Union level shall be taken only if and in so far as the objectives envisaged cannot be achieved sufficiently by Member States, but can rather, by reason of the scale or effects of the proposed action, be better achieved by the Union".

The need to respect the sovereignty principle explains why the EU chose the instrument of Directive that leaves a space of more flexibility to Member States, instead of the adoption of a Regulation, that would have a stronger impact on national legislation on privacy protection [45].

The purpose of the new rules is highlighted in Article 1: 'Subject matter and objectives. 1. This Directive lays down the rules relating to the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offenses or the execution of criminal penalties. 2. In accordance with this Directive, Member States shall: (a) protect the fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data; and (b) ensure that the exchange of personal data by competent authorities within the

<sup>6</sup> Brussels, 25.1.2012 COM(2012) 11 final 2012/0011 (COD) Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) {SEC(2012) 72 final} {SEC(2012) 73 final} SEC 2012 ...The Regulation also makes a limited number of technical adjustments to the e-Privacy Directive (Directive 2002/58/EC as last amended by Directive 2009/136/EC—OJ L 337, 18.12.2009, p. 11) to take account of the transformation of Directive 95/46/EC into a Regulation.

<sup>7</sup> COM(2012) 10: DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offenses or the execution of criminal penalties, and the free movement of such data.

<sup>8</sup> Framework Decision 2008/977/JHA of 27 November 2008 on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters, OJ L 350, 30.12.2008, p. 60.

<sup>9</sup> COM 2012,10, Sections 3 and 3.2.

Union is neither restricted nor prohibited for reasons connected with the protection of individuals with regard to the processing of personal data.

*2.3.2 Beyond the state of the art*

• A Regulation<sup>6</sup> (replacing Directive 95/46/EC) setting out a general EU

on the protection of personal data processed for the purposes of prevention, detection, investigation or prosecution of criminal offenses and related judicial

By proposing a specific Directive regulating the use of personal data for criminal investigations, the EU legislator acknowledges the importance of innovating by means of a legislative instrument, the specific theme of personal data processing in criminal investigations, a theme that was left aside by the Directive 95/46 and only partially regulated by Framework Decision 2008 [43, 44]. It left to national legislations all the decisions about the legitimacy in processing personal data for purpose

The new Directive intends to make a distinction between the fundamental (but not "absolute") right to data protection and its social profile in the light of achieving

of crime detection, thus preventing a global European intervention against

a global security. An EU legislator states that "The right to the protection of personal data, enshrined in Article 8 of the Charter of Fundamental Rights and in Article 16(1) TFEU, requires the same level of data protection throughout the Union"<sup>9</sup> and that "According to the principle of subsidiarity (Article 5(3) TEU), action at Union level shall be taken only if and in so far as the objectives envisaged cannot be achieved sufficiently by Member States, but can rather, by reason of the

scale or effects of the proposed action, be better achieved by the Union".

national legislation on privacy protection [45].

criminal penalties, and the free movement of such data.

<sup>9</sup> COM 2012,10, Sections 3 and 3.2.

The need to respect the sovereignty principle explains why the EU chose the instrument of Directive that leaves a space of more flexibility to Member States, instead of the adoption of a Regulation, that would have a stronger impact on

The purpose of the new rules is highlighted in Article 1: 'Subject matter and objectives. 1. This Directive lays down the rules relating to the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offenses or the execution of criminal penalties. 2. In accordance with this Directive, Member States shall: (a) protect the fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data; and (b) ensure that the exchange of personal data by competent authorities within the

<sup>6</sup> Brussels, 25.1.2012 COM(2012) 11 final 2012/0011 (COD) Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) {SEC(2012) 72 final} {SEC(2012) 73 final} SEC 2012 ...The Regulation also makes a limited number of technical adjustments to the e-Privacy Directive (Directive 2002/58/EC as last amended by Directive 2009/136/EC—OJ L 337, 18.12.2009, p. 11) to take account of the transformation of Directive 95/46/EC

<sup>7</sup> COM(2012) 10: DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offenses or the execution of

<sup>8</sup> Framework Decision 2008/977/JHA of 27 November 2008 on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters, OJ L 350, 30.12.2008, p. 60.

) setting out rules

• A Directive<sup>7</sup> (replacing Framework Decision 2008/977/JHA<sup>8</sup>

framework for data protection

activities

*Digital Forensic Science*

criminality.

into a Regulation.

**136**

The main innovations concern the following:

	- a. persons with regard to whom there are serious grounds for believing that they have committed or are about to commit a criminal offense;
	- b. persons convicted of a criminal offense;
	- c. victims of a criminal offense, or persons with regard to whom certain facts give reasons for believing that he or she could be the victim of a criminal offense;
	- d. third-parties to the criminal offense, such as persons who might be called on to testify in investigations in connection with criminal offenses or subsequent criminal proceedings, or a person who can provide information on criminal offenses, or a contact or associate to one of the persons mentioned in (a) and (b); and
	- e. persons who do not fall within any of the categories referred to above.'
