Workshop N° 5 : Use of personal data for law enforcement purposes


As part of the series of online workshops around personal data protection launched by the Council of Europe in support of the Network of African Data Protection Authorities, the fifth workshop about "Personal data and privacy in Fintech" will take place on 03 March 2021.


Data about people, including their communications metadata and information about their devices and their connections online are of increasing importance in the prevention, investigation and prosecution of crimes.  ‘Crimes’ may range from ‘cybercrimes’ such hacking and the theft of data (that may impact on and hold the potential of harm for many millions of people and that may in turn facilitate other crimes); to murder;  financial crime such as money laundering; terrorism; harassment; the non-consensual sharing of intimate images; or ‘traffic offences’.


Also, the collection and use of personal data for law enforcement purposes involves an interference with the right to privacy (and associated fundamental rights and freedoms) afforded by international human rights instruments and the constitutions of many countries.  Law enforcement may also require cross border co-operation and sharing of data. Moreover, the data sought by law enforcement agencies (LEAs) may held by public authorities but is often held by data controllers in the private sector such as telecommunications companies or social media companies. Where data protection laws exist, they may provide exemptions that facilitate the disclosure of data to LEAs for the purposes of preventing and detecting crime, and the apprehension and prosecution of offenders where it is necessary and proportionate. However, beyond broad exemptions, data protection laws may not set out any conditions for what is proportionate and necessary. This raises certain questions, such as:

  • What guidance exists for controllers?
  • How do data controllers assess whether a requested disclosure is necessary and proportionate and that a failure to disclose is likely to prejudice the crime related purposes for which the data were requested?

Such exemptions must apply on a case-by-case basis. No blanket exemption may apply. Requested data may be exempt from subject access rights up to a point and so raises questions about impact of such exemptions on other rights and freedoms.


Lastly, the use of personal data for law enforcement purposes raises multiple questions of the application of human rights principles across multiple regulatory frameworks and laws. It raises the question of regulation of the investigatory powers of the state in a manner that respects the essence of fundamental rights and freedoms particularly as new technologies are deployed such as facial recognition for example or in the use of communications metadata. At a practical level, it also raises the need to consider data protection by design and the role of data protection impact assessments in identifying and mitigating risks posed by technology and practices adopted by LEA and private sector.


Below is the workshop program:


GMT +1

3 March 2021


Opening session – Welcoming remarks and workshop goals

Marguerite Ouedraogo Bonane, Chair of the African Network of Data Protection Authorities and President of the CIL, Burkina Faso

Anne Boyer-Donnard, project manager, Data Protection Unit, Council of Europe


Setting the scene

Patrick Walshe (Privacy Matters) and Sylvia Appiah (Information Governance Solutions), Council of Europe lead experts


Metadata matters: a discussion on law enforcement use of communications metadata and fundamental rights

Murray Hunter is a South African researcher and digital rights advocate. He has worked on research and advocacy about communication surveillance through the Right2Know Campaign, and the Media Policy and Democracy Project at the University of Johannesburg.


A framework that promotes the accountable use of data by law enforcement and intelligence/security state agents

Koliwe Majama is a Zimbabwean digital rights and policy specialist who is currently working with the Association of Progressive Communications as coordinator of the African Declaration on Internet Rights and Freedom Coalition (AfDec) strengthening a human rights based approach to data protection in Africa.


Necessity, proportionality and accountability in law enforcement use of personal data

Dr Justice Alfred Mavedzenge is a Zimbabwean born constitutional lawyer and academic. He is currently managing a research project on how governments in Africa are regulating access to the digital space and the impact of such regulation on democratic and other human rights.


Presentations by the DPA, members of the Network - Open discussions between Participants

Facilitated by the Council of Europe lead experts, Patrick Walshe and Sylvia Appiah


End of workshop


For more information about the workshop: