The data protection framework decision of 27 November 2008 regarding police and judicial cooperation in criminal matters – A modest achievement however not the improvement some have hoped for

After more than three years in the making, that have witnessed much controversy, several working texts and at least two altogether different versions, the Data Protection Framework Decision “on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters” (hereafter, the DPFD) was finally adopted on 27 November 2008. The DPFD was supposed to be celebrated as the Data Protection Directive equivalent in European law enforcement (Third Pillar) processing. However, since its formal adoption, and even before that, data protection proponents (the European Data Protection Supervisor, the Article 29 Working Party, national Data Protection Commissioners, NGOs) lamented its adoption as the result of changes that ultimately compromised data protection. Is the DPFD a disappointment to the great expectations that accompanied its first draft, back in 2006? An attempt to address this question shall be undertaken in this paper.