The principle of purpose limitation in data-driven policing: A guiding light or an empty shell?

Abstract

Current technological developments fuel the need and opportunities for data-driven policing that criminal enforcement authorities are eager to employ. Data-driven policing implies a combined use of data collected through various methods and for various purposes and begs the question on the limits to be set for the re-use of data for criminal investigation and intelligence purposes. The purpose limitation principle as enshrined in the Law Enforcement Directive (LED) provides those limits. Looking at data-driven policing through the lens of the principle of purpose limitation, particularly two problems are visible. First, there is an inherent tension between data-driven policing and the principle of purpose limitation. In essence, one of the goals of purpose limitation is limiting the aggregation and re-use of personal data, whereas this aggregation and re-use of personal data is one of the main reasons for criminal law enforcement authorities to use data-driven policing methods. Second, the meaning of the principle of purpose limitation and the conditions for its application in criminal investigations are not clearly defined and the precise implications for national implementation of this principle are ambiguous. The paper aims to contribute to the debate on how the principle of purpose limitation can be implemented in national jurisdictions in a way that balances its important safeguarding function and the needs of law enforcement authorities. This is done by examining the meaning and rationale of the principle of purpose limitation within the legal framework of the LED as well as what guidance can be drawn from human rights case law from the ECtHR and the CJEU, as it is widely acknowledged the rationale of purpose limitation is rooted in the need to protect the individuals’ rights to privacy and to prevent abuse of power by the authorities.