On June 11th, LAPIN organized a community lab on the RightsCon 2021 called “Data protection legislations for law enforcement: multiregional perspectives for regulating data protection in criminal procedures”. The session was an incredible opportunity to understand the use of personal data during criminal investigations in different countries all over the world, specially in Brazil, India, South Africa, and the United Kingdom, where the facilitators came from.
At the lab, Carolina Reis and Laura Schertel presented the Brazilian’s situation: the General Data Protection Law entered into force last year; however, law enforcement is out of its reach. Only the data protection principles would apply to it. In 2020, a draft bill on data protection in law enforcement was presented to the Congress, it covers issues like automated decision making, Data Protection Impact Assessment, surveillance technologies, high impact technologies, and international data transfers, among others. On the other hand, in Brazil, a violent scenario predominates, and this supports the idea that “everything that can be done to reduce criminality should be done”.
In Murray Hunter’s perspective regarding South Africa, inequality and low trust in law enforcement agents represents the biggest concern. According to him, police corruption and targeting of political dissidents has lead the Supreme Court to considered that the Regulation of Interception of Communications and Provision of Communication-Related Information Act 70 of 2002 (RICA) is unconstitutional, to the extent that it fails to provide adequate safeguards to protect the right to privacy and data protection. For him, although the debate remains restricted to Policy groups, the recents scandals involving governmental mass surveillance has promoted the debate in the public sphere.
In the United Kingdom, Silkie Carlo, from Big Brother Watch, explained two different mechanisms to face the challenges in the use of surveillance technology: litigation and public campaigns. In resume, she affirmed that, in London, police are using Facial Recognition Technology without implementing any transparency tools, and the lack of a clear definition on solely automated decisions is a risk to civil rights, especially in criminal investigations.
Krishnesh, from the Indian association called Internet Freedom Foundation, noted that it is common for the police to stop citizens, take pictures of them and their documents just to check if they are in a watch list. Moreover, there is no legislation about data protection in law enforcement in the country, despite the recognition of data protection as a fundamental right by the Supreme Court. Due to Indian’s law, a warrant or a judicial order is not necessary to access digital devices, deferring from collecting home addresses, and the government is not transparent about any information related to intercepts made on digital devices of ordinary citizens.
The audience pointed out the lack of legislation on the use and restrictions of technology during a crime investigation, even though the advancement of digital devices. In addition, it is important to promote a public debate about how police may use and produce data in a public or private context and how far could a legislation protect individuals rights.
To conclude, the community lab promoted a multiregional debate and provided a broad perspective regarding the data protection regulation in criminal procedures around the world.
