The principle of purpose limitation in data-driven policing: A guiding light or an empty shell?
Published date | 01 December 2023 |
DOI | http://doi.org/10.1177/20322844231212749 |
Author | Ruben Te Molder,Masha Fedorova,Marieke Dubelaar,Sjarai Lestrade |
Date | 01 December 2023 |
Special Issue Article
New Journal of European Criminal Law
2023, Vol. 14(4) 512–533
© The Author(s) 2023
Article reuse guidelines:
sagepub.com/journals-permissions
DOI: 10.1177/20322844231212749
journals.sagepub.com/home/nje
The principle of purpose
limitation in data-driven
policing: A guiding light or an
empty shell?
Ruben Te Molder, LLM, Masha Fedorova,
LLM, PhD, Marieke Dubelaar, LLM, PhD,
and Sjarai Lestrade, LLM, PhD
Radboud University, Netherlands
Abstract
Current technological developments fuel the need and opportunities for data-driven policing that
criminal enforcement authorities are eager to employ. Data-driven policing implies a combined use
of data collected through various methods and for various purposes and begs the question on the
limits to be set for the re-use of data for criminal investigation and intelligence purposes. The
purpose limitation principle as enshrined in the Law Enforcement Directive (LED) provides those
limits. Looking at data-driven policing through the lens of the principle of purpose limitation,
particularly two problems are visible. First, there is an inherent tension between data-driven
policing and the principle of purpose limitation. In essence, one of the goals of purpose limitation is
limiting the aggregation and re-use of personal data, whereas this aggregation and re-use of personal
data is one of the main reasons for criminal law enforcement authorities to use data-driven policing
methods. Second, the meaning of the principle of purpose limitation and the conditions for its
application in criminal investigations are not clearly defined and the precise implications for national
implementation of this principle are ambiguous. The paper aims to contribute to the debate on how
the principle of purpose limitation can be implemented in national jurisdictions in a way that
balances its important safeguarding function and the needs of law enforcement authorities. This is
done by examining the meaning and rationale of the principle of purpose limitation within the legal
framework of the LED as well as what guidance can be drawn from human rights case law from the
ECtHR and the CJEU, as it is widely acknowledged the rationale of purpose limitation is rooted in
the need to protect the individuals’rights to privacy and to prevent abuse of power by the
authorities.
Corresponding author:
Ruben Te Molder, Department of Criminal Law and Criminology, Interdisciplinary Hub for Digitalization and Society
(iHub), Radboud University, Montessorilaan 10, Nijmegen 6525HR, Netherlands.
Email: ruben.temolder@ru.nl
Keywords
purpose limitation principle, law enforcement directive 2016/680, data-driven policing, criminal
procedural law, the right to privacy, the right to data protection
Introduction
The fast digitalisation of society and technological developments have led to a significant increase in
the possibilities for police to collect, store, categorise and analyse data. Whereas collecting in-
formation about suspects have long been the core task of the police, modern technology provides for
greater surveillance potential. The availability of large digital datasets in combination with
technological tools allows to detract new information through automated analyses of combined and
enriched data. This has empowered and fuelled the so-called data-driven policing.
1
This implies
a combined use of data collected through various methods and for various purposes and begs the
question on the limits to be set for the re-use of data for criminal investigation and intelligence
purposes. Setting those limits and providing for appropriate safeguards to individuals involved –
suspects or not –touches upon the core of the right to privacy and the right to data protection.
National legislators are faced with partly new and underexplored questions on how to strike the right
balance between the possibilities and needs that police have in the area of data analysis in order to
perform their crime prevention and detection tasks optimally, and the protection of human rights of
citizens. While the relevant data protection and human rights frameworks provides some guidance,
the specifics of the necessary regulation of data analysis in criminal investigations are left to States.
The Dutch legislator, for example, is struggling with how to regulate the process of data analysis in
criminal investigation in its recent draft of a new Code of Criminal Procedure.
2
An important EU instrument for the protection of personal data in criminal investigation is the
EU Law Enforcement Directive (LED).
3
The LED has a broad scope addressing the processing of
data for criminal investigation, prosecution, trial, and the execution of sentences. It provides for
general minimum norms for the protection of data in the field of criminal law. In this article we will
focus on one of the cardinal principles of data protection, that is the principle of purpose limitation.
Regulating data-driven policing puts this principle under pressure because their rationales seem
difficult to align. There seems to be an inherent tension between data-driven policing and the
principle of purpose limitation. After all, one of the goals of purpose limitation is limiting the
aggregation of personal data in order to protect the rights of individuals and prevent misuse of
power. This aggregation is, however, one of the main reasons for criminal law enforcement au-
thorities to use data-driven investigation methods. The question arises what limits to data-driven
policing the principle of purpose limitation sets and how national legislators can best regulate these
1. See e.g., Andrew Guthrie Ferguson, The Rise of Big Data Policing: Surveillance, Race, and the Future of Law
Enforcement, New York: New York University Press, 2017.
2. See Explanatory Report to the New Code of Criminal Procedure, Kamerstukken II 2023/24, 36 327, nr. 3, p. 66-73; see
extensively on this topic: M.I. Fedorova, R.M. te Molder, M.J. Dubelaar,S.M.A. Lestrade & T. Walree, Strafvorderlijke
gegevensverwerking. Een verkennende studie naar de relevante gezichtspunten bij de normering van het verwerken van
persoonsgegevens voor strafvorderlijke doeleinden, Nijmegen: Radboud University Press 2022.
3. Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural
persons with regard to the processing of personal data by competent authorities for the purposes of the prevention,
investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free
movement of such data, and repealing Council Framework Decision 2008/977/JHA, OJ 4.5.2015, L 119/89.
Te Molder et al. 513
To continue reading
Request your trial