The principle of purpose limitation in data-driven policing: A guiding light or an empty shell?

Current technological developments fuel the need and opportunities for data-driven policing that criminal enforcement authorities are eager to employ. Data-driven policing implies a combined use of data collected through various methods and for various purposes and begs the question on the limits to be set for the re-use of data for criminal investigation and intelligence purposes. The purpose limitation principle as enshrined in the Law Enforcement Directive (LED) provides those limits. Looking at data-driven policing through the lens of the principle of purpose limitation, particularly two problems are visible. First, there is an inherent tension between data-driven policing and the principle of purpose limitation. In essence, one of the goals of purpose limitation is limiting the aggregation and re-use of personal data, whereas this aggregation and re-use of personal data is one of the main reasons for criminal law enforcement authorities to use data-driven policing methods. Second, the meaning of the principle of purpose limitation and the conditions for its application in criminal investigations are not clearly defined and the precise implications for national implementation of this principle are ambiguous. The paper aims to contribute to the debate on how the principle of purpose limitation can be implemented in national jurisdictions in a way that balances its important safeguarding function and the needs of law enforcement authorities. This is done by examining the meaning and rationale of the principle of purpose limitation within the legal framework of the LED as well as what guidance can be drawn from human rights case law from the ECtHR and the CJEU, as it is widely acknowledged the rationale of purpose limitation is rooted in the need to protect the individuals’ rights to privacy and to prevent abuse of power by the authorities.


Introduction
The fast digitalisation of society and technological developments have led to a significant increase in the possibilities for police to collect, store, categorise and analyse data.Whereas collecting information about suspects have long been the core task of the police, modern technology provides for greater surveillance potential.The availability of large digital datasets in combination with technological tools allows to detract new information through automated analyses of combined and enriched data.This has empowered and fuelled the so-called data-driven policing. 1This implies a combined use of data collected through various methods and for various purposes and begs the question on the limits to be set for the re-use of data for criminal investigation and intelligence purposes.Setting those limits and providing for appropriate safeguards to individuals involvedsuspects or nottouches upon the core of the right to privacy and the right to data protection.National legislators are faced with partly new and underexplored questions on how to strike the right balance between the possibilities and needs that police have in the area of data analysis in order to perform their crime prevention and detection tasks optimally, and the protection of human rights of citizens.While the relevant data protection and human rights frameworks provides some guidance, the specifics of the necessary regulation of data analysis in criminal investigations are left to States.The Dutch legislator, for example, is struggling with how to regulate the process of data analysis in criminal investigation in its recent draft of a new Code of Criminal Procedure. 2n important EU instrument for the protection of personal data in criminal investigation is the EU Law Enforcement Directive (LED). 3The LED has a broad scope addressing the processing of data for criminal investigation, prosecution, trial, and the execution of sentences.It provides for general minimum norms for the protection of data in the field of criminal law.In this article we will focus on one of the cardinal principles of data protection, that is the principle of purpose limitation.Regulating data-driven policing puts this principle under pressure because their rationales seem difficult to align.There seems to be an inherent tension between data-driven policing and the principle of purpose limitation.After all, one of the goals of purpose limitation is limiting the aggregation of personal data in order to protect the rights of individuals and prevent misuse of power.This aggregation is, however, one of the main reasons for criminal law enforcement authorities to use data-driven investigation methods.The question arises what limits to data-driven policing the principle of purpose limitation sets and how national legislators can best regulate these 1.See e.g., Andrew Guthrie Ferguson, The Rise of Big Data Policing: Surveillance, Race, and the Future of Law Enforcement, New York: New York University Press, 2017.2. See Explanatory Report to the New Code of Criminal Procedure, Kamerstukken II 2023/24, 36 327, nr. 3, p. 66 data-driven investigations.This question is not easy to answer because the meaning of the principle of purpose limitation and the conditions for its application in criminal investigations are not clearly defined and the precise implications for national implementation of this principle are ambiguous. 4o date, the Court of Justice of the European Union (CJEU) has provided only very limited guidance on the role of the principle of purpose limitation in criminal investigations.The aim of this article is to contribute to the debate on how the principle of purpose limitation can be implemented in national jurisdictions in a way that balances its important safeguarding function and the needs of law enforcement authorities.The following central question is addressed in this article: What challenges does the principle of purpose limitation in the EU Law Enforcement Directive pose to national legislators when regulating data-driven policing and how can these challenges be addressed?
To answer this question, we will examine the meaning and rationale of the principle of purpose limitation within the legal framework of the LED, by studying its legislative history and analysing the case law of the CJEU, and relevant literature.Furthermore, we will examine what guidance can be drawn from the case law of the European Court of Human Rights (ECtHR) as well as the CJEU, as it is widely acknowledged that the rationales of purpose limitation is rooted in the need to protect the individuals' rights to privacy and to prevent abuse of power by the authorities. 5Central to this examination is the case law on Article 8 of the European Convention on Human Rights (ECHR) and Articles 7 and 8 of the Charter of Fundamental Rights of the EU (CFREU).We conclude this contribution by discussing how national legislators can implement the principle of purpose limitation in a way that balances its safeguarding function and the needs of law enforcement authorities in data-driven investigations.But first, we will shortly outline what we mean by data-driven policing and what challenges this practice poses with regard to the principle of purpose limitation.

Data-driven policing: An outline
Data-driven policing is a loosely defined term that encompasses a broad spectrum of technologies and that is part of a larger so-called big data revolution across different sectors. 6Characteristic of these technologies is that they analyse vast amounts of data from various sources using rapid computer processing and algorithms and identify correlations or patterns in the data in order to generate newrelevant in our case for criminal law enforcementinformation. 7The term datadriven policing is commonly used as an umbrella term to discuss several policing methods such as automatic facial recognition systems, automated license plate readers (ANPR) and predictive policing. 8Essentially, data-driven policing can be described as "police agencies making decisions by harnessing vast quantities of data and identifying patterns in that data with assistance from computer systems". 9n this article we do not focus on one particular technology, but we approach data-driven policing as the automated analysis of large amounts of data that are accessible to the police, with the aim of extracting new insights and information from this data.The data used for this analysis has been collected beforehand by means of various investigation techniques, for example with the use of special investigative powers such as remote searches of information technology systems or telecommunications surveillance.The collected data can originate from a variety of sources and can be collected by different private and public authorities.In fact, the ability for police to secure access to various data from the so-called nonpolice databases, such as the social media, Google Streetview, security cameras, donor lists, mortgage and credit card credentials and much more, has been identified as "one of the most transformative features of the digitalisation of policing." 10The information or the insights that can be derived from these data can help explain the past and the present.Data-driven investigations can thus be characterized as a novel approach of gathering intelligence that facilitates investigations. 11aw enforcement authorities across Europe are increasingly using this type of data-driven policing methods.In Germany, for example, two States introduced laws authorising the police to process stored personal data by automated data analysis or interpretation. 12Another example is the recent amendment of the Europol Regulation that was to a significant extent prompted by the rise of the so-called big data investigations. 13In the Netherlands, the police make use of the facility called 'Rafinery'.This is a platform that allows the fast comparison and combination of vast amounts of police data to acquire new insights to be used in strategic and tactical decision-making.For instance, information from seized mobile telephones or computers can be analysed in combination with phone tap reports, data from small GPS trackers and data available from public sources with the aim to identify suspect of certain criminal acts (tactical) or to increase police surveillance in certain neighbourhoods (strategic). 14In addition, the recent cryptophone hacking cases, such as EncroChat and Sky ECC, provide for another example where data-driven investigating techniques were employed.In the case of EncroChat, the French law enforcement authorities collected over 120 million messages from 60.000 EncroChat users, which lead to numerous arrests and prosecutions worldwide.In the Netherlands -to date -the police arrested over 100 people and found 19 methamphetamine laboratories. 15While the analysis of data in the case of EncroChat data is not solely directed at gathering information for intelligence purposes, we do consider this type of data analysis as a form of data-driven policing.As mentioned, essential to data-driven policing is that a large amount of a wide variety of personal data is processed in a vast manner.However, the rationale of purpose limitationlimiting data aggregation to specific purposesseems to mismatch with the essentiality of data-driven policing.In the next section we will therefore analyse what the principle of purpose limitation in the LED entails and how this is challenged by data-driven policing methods or techniques.

The principle of purpose limitation in the LED
The principle of purpose limitation enshrined in Article 4 LED is generally considered the cornerstone of data protection law. 16It connects data protection law to the right to privacy and protects against the concentration of power. 17It is seen as a crucial factor in building and maintaining trust in the information society. 18The principle of purpose limitation is generally considered to consist of two building blocks: (1) purpose specification and (2) compatible use (or the non-incompatibility requirement). 19Article 4(1)(b) LED states that personal data shall be collected for specified, explicit and legitimate purposes and not processed in a manner that is incompatible with those purposes.Article 4(2) LED in turn provides that processing for any other purposes set out in Article 1(1) LED other than that for which the personal data are collected shall be permitted in so far this processing is (a) lawful and (b) necessary and proportionate.In this section we examine the rationale and meaning of the two components of the principle of purpose limitation as laid down in the LED.

Purpose specification
According to the purpose specification requirement in Article 4(1)(b) LED, personal data must be collected only for specified, explicit and legitimate purposes.The function of this requirement is at least twofold.In the first place, the purpose specification requirement offers foreseeability of legislation, and thus legal certainty to the data subject. 20In the second place, purpose specification is also of importance to other data protection principles such as data minimization, or storage limitation.It is the purpose that determines when data processing is no longer characterised as minimal or that data must be deleted because it does not serve that purpose.
A closer look at the criteria of the purpose specification requirement reveals that the meaning of these criteria is barely further clarified in the LED.The recital of the LED only mentions that the processing purpose must be established by the competent authority the moment that the personal data are going to be collected, 21 and that the "personal data to be processed" must also be mentioned in the national law of the Member State. 22However, the question is when exactly the standards of specified, explicit and legitimate are met and whether and how these standards interrelate.
In its judgment on 22 December 2022, the CJEU discussed the principle of purpose limitation in the LED, but unfortunately did not delve deeper into what is required by purpose specification.The court merely indicated that the purposes for which law enforcement authorities can process personal data are exhaustively listed in Article 1(1) LED. 23These 'specific and distinct' purposes are the prevention, investigation, detection or prosecution of criminal offences and execution of criminal penalties, including the safeguarding against and the prevention of threats to public security. 24owever, some guidance on the interpretation of specified, explicit and legitimate standards can be derived from CJEU's judgement delivered on 26 January 2023 on the interpretation of the specific requirement 'strictly necessary' in Article 10 LED, which covers the processing of particularly sensitive data. 25The CJEU emphasized that Article 10 LED constitutes a special form of implementation of the principles set out in Articles 4 and 8 LED, and that the requirement 'strict necessity' implies that strengthened conditions for lawful processing of sensitive data must be in place.The strict necessity requirement must be determined in the light of the specified, explicit and legitimate purposes of data collection. 26For the processing of biometric and genetic data, these purposes "cannot be indicated in terms that are too general, but have to be defined sufficiently precisely and specifically to enable assessment of whether the processing is 'strictly necessary'." 27Thus, this judgement makes clear that the standard for purpose specificity varies depending on the nature of the data collected and can only be assessed contextually.Considering the fundamental importance of purpose specificationas a necessary preconditionfor the assessment of compliance with other data protection principles, 28 this is not surprising.Indeed, these other data protection principles can only be meaningfully assessed in relation to a specified purpose.
In his Opinion in the case of 26 January 2023, AG Pitruzzella elaborates on what the standards of specified, explicit and legitimate mean as well as how these standards relate to each other: he argues that the mere mention of one of the purposes in Article 1(1) LED, for example the prevention of criminal offences, cannot meet the standards provided for in Article 4(1)(b) LED. 29National law must be clear and precise to inform persons of the risks, rules, safeguards and rights with regard to the contemplated processing. 30In his Opinion, the review of the legitimate nature of the purpose pursued cannot be limited to the examination of the sole mention in national law of a purpose that is connected to the broad Article 1(1) LED purposes, but it also depends on the way the purpose is achieved.A legitimate purpose would not adhere to the conditions of explicitly and specificity when conditions for the achievement of that purpose are not sufficiently well-defined. 31This implies that the requirements of 'specified, explicit and legitimate' are interdependent.He concludes the national law needs to adhere to the general purposes of Article 1(1) LED and in addition needs to indicate which concrete objectives can contribute to the achievement of the general purposes. 32he view of AG Pitruzzella on the conditions for purpose specification is in line with the position taken by the Commission when stating that the 'objectives' mentioned in Article 1(1) LED are defined in a general manner, while purposes have to be specifically defined "in order to clearly demonstrate what is behind each processing operation and why a certain processing operation is being carried out, such as: identification of a person by using his or her biometric data as a suspect for a crime for the purposes of investigation". 33The Commission thus differentiates between processing purposes that refer to explicit, specific and legitimate processing purposes (for example the investigation of murder case X) and processing objectives that are mentioned in article 1(1) LED and are important to delineate the scope of the LED (for example the more general objective of investigation). 34The Commission therefore uses the term objectives instead of purposes in relation to Article 1(1) LED and thus deviates from the wording of the LED itself.This may lead to terminological confusion.However, it does make clear that the purposes mentioned in Article 1(1) LED cannot simply be equated with the purposes mentioned in Article 4 (1)(b) LED.The so-called Working Party 29 (WP29) also emphasised that the processing purpose has to be set precisely in order to allow for the assessment of the legality of the processing. 35WP29 made clear that 'law enforcement' per se cannot be considered as one specified, explicit and legitimate purpose. 36While the WP29 did not exclude the possibility that a purpose could be formulated as more general, overarching or collective purpose, it did not however clarify what such an overarching or collective purpose could be. 37n sum, the CJEU did not provide guidance on the question when the standards of purpose specification in Article 4(1)(b) LED are fulfilled.AG Pitruzella, the European Commission and the WP29 discussed the standards more elaborately, but this discussion still sheds only limited light on the question.This unclarity has at least two consequences.The first is that States get little guidance on how to examine whether the conditions mentioned in Article 4(1)(b) LED are met and thus enjoy a wide discretionary margin.This can be problematic since a broad approach, as mentioned before, hardly sets any boundaries to the way in which the police would be permitted to process data, thus potentially eroding the meaning of the principle of purpose limitation.This unclarity does especially raise a challenge with regard to data-driven policing.The complexity here is that it is not always feasible for law enforcement authorities to specify beforehand which forms of data processing they want to engage in.The so-called 'Rafinery' facility in the Netherlands mentioned before presents a relevant example.With this facility, the police aim to acquire new insights out of massive amounts of police data collected earlier in specific criminal investigations. 38The purpose of this data processing can only be described in general terms like 'the analysis of data in order to glean information from them'.This purpose specification is obviously very general, imprecise, and little defined, and it hardly sets any limits to the processing of data.Later, we will examine more closely the question of how the purpose specification requirement can be interpreted in the context of datadriven policing.
A second consequence of the ambiguity with regard to the conditions set out in Article 4 (1)(b) LED is that it overshadows the interpretation of the second building block of purpose limitation, that is the compatible use (or the non-incompatibility requirement).The uncertainty with regard to the scope of the requirement of purpose specificity makes it more difficult to ascertain what specific test needs to be applied for the re-use of data for other purposes than for which data was collected in the first place.We will address this issue in the next section.

Further use for another purpose: Complex interplay between non-incompatibility and change of purpose
The LED provides several rules on further use of data for another purpose than the purpose for which the data is initially collected.We will specifically focus on the non-incompatibility requirement in Article 4(1)(b) LED, and the change of purpose requirements enshrined in Article 4(2) LED.The second building block of the principle of purpose limitation is the requirement of compatibility (or non-incompatibility requirement) laid down in Article 4(1)(b) LED: "personal data shall not be processed in a manner that is incompatible with those purposes."Notably, the LEDunlike the GDPRdoes not mention relevant factors to answer the question whether two purposes are incompatible. 39Moreover, the LED does not clarify what the role is of the non-incompatibility requirement.Article 4(2) LED articulates that under certain conditions personal data may also be processed for other purposes than the purposes for which the data were collected.A literal reading implies that Article 4(2) LED is applicable regardless of any assessment of compatibility. 40This reading seems to have been endorsed by the CJEU. 41The CJEU determined that the processing of data for another purpose mentioned in Article 1(1) LED than the one for which data was collected in the first place, must meet the conditions of Article 4(2) LED.Arguably, when a change of purpose in the sense of Article 4(2) LED took place, it is not necessary to assess whether the initial and secondary purpose are compatible, as was suggested in the literature as well as by Article 7a of an older version of the LED. 42Therefore, one could argue, the compatibility test (non-incompatibility requirement) is superfluous under the LED. 43owever, the CJEU ruling merely addresses the applicability of Article 4(2) LED with regard to the change of purposes as mentioned in Article 1(1) LED.As argued in the previous section, those purposes are very broadly formulated.Thus, this leaves open the question whether Article 4(2) LED should be applied in a case a change of more specifically defined purposes within the broadly defined Article 1(1) LED purposes occurs and what the role of the compatibility requirement that is explicit in Article 4(1)(b) LED should be.It can be argued that the compatibility test (the nonincompatibility requirement) is included in Article 4(2) LED as part of the assessment whether the processing for a new purpose is proportionate. 44Importantly, this second approach arguably does more justice to the rationale of the principle of purpose limitation.After all, this prevents data from being processed for another purpose, without that processing being sufficiently foreseeable for the data subject.Support for this approach can be found in Article 3(2) of the predecessor of the LEDthe Framework Decision 2008/977/JHA, which stated that further processing for another purpose is permitted in so far as "it is not incompatible with the purposes for which the data were collected " , lawful, necessary and proportional. 45 This leads us to taking a closer look at the rules on change of purpose.Article 4(2) LED stipulates that personal data processedby the same or another controllerfor any of the purposes set out in Article 1(1) LED other than that for which the personal data are collected, shall be permitted in so far as it complies to four prerequisites: 1.The other purpose is within the scope of the LED as set out in Article 1(1); 2. Processing for that other purpose has been provided for by law; 47 3.The processing operation is necessary; 4. The processing operation is proportionate to that other purpose in accordance with Union law or Member State law.
In its judgment of 22 December 2022 on a Bulgarian preliminary request, the CJEU explicitly discussed Article 4(2) LED for the first time. 48In this case, the public prosecutor collected and used personal data of an individual initially found to be a victim of crime, but ultimately used the data to prosecute the same individual as a suspect.The referring court wanted to know whether a change of purpose in the sense of Article 4(2) LED took place.According to the CJEU, Article 4(2) LED is applicable when data where initially collected for the purpose of the 'detection' or 'investigation' of a criminal offence and have subsequently been used for the purpose of 'prosecution'. 49Consequently, the conditions as provided for by Article 4(2) LED should be fulfilled.Whether these conditions are met, is ultimately up to national courts. 50The CJEU only indicated that personal data necessary for the purposes of the 'detection' and 'investigation' of a criminal offence will not be automatically necessary for the purposes of 'prosecution'.The consequences of the different personal data processing might differ depending on, among other things, the degree of interference with fundamental rights and the effects of that processing on the legal situation in the criminal proceedings in question. 51espite this ruling, the framework concerning change of purpose as provided for by Article 4(2) LED is still unclear.The first outstanding question is when Article 4(2) LED is applicable because the LED does not provide any guidance on how to distinguish between different law enforcement purposes. 52The Bulgarian case made clear that processing of personal data of an individual initially regarded as a victim and processing data of the same individual ultimately as a suspect, pursue separate purposes: detection/investigation and prosecution.This suggests that Article 4(2) LED is applicable only when the processing of data shifts to another purpose in the sense of Article 1(1) LED.For example, from detection/investigation of criminal offences to the prosecution of criminal offences.This reading is supported by the wording of Article 4(2) LED which refers to purposes set out in Article 1(1) LED.
Considering the broadly formulated purposes in Article 1(1) LED, this approach gives the competent authorities quite some leeway for the re-use of personal data because Article 4(2) LED would not apply to the processing of personal data in another investigation than the investigation for which the data initially is collected.The purpose of this secondary use of the data can still be regarded as falling within the purpose of investigation of crime.The case of the EncroChat can illustrate this point.From the outset, it was clear that the collected data would not only be used in the case against the organisation EncroChat, but also in investigations that involve individual En-croChat users. 53Both the initial purpose of data collection (detection of criminal activity by EncroChat as a criminal organisation) and the secondary use of that data (investigation of criminal activity of individual EncroChat users) can be considered as 'investigation' or 'detection' of crime.This implies that no change of purpose in the sense of Article 4(2) LED took place and thus this Article would probably not be applicable in this case.
This approach, however, is difficult to align with the criminal procedural law perspective, where the use of data beyond the specific investigation for which the data was collected, would be considered a change of purpose.Moreover, this approach is at odds with the requirement of purpose specification.As argued above, processing purposes like the prevention of criminal offences or the investigation/detection of criminal offences could hardly be considered to fulfil the requirements of Article 4(1)(b) LED.
Therefore, a more fitting reading would be that Article 4(2) LED applies where a change of the more specifically defined purposes takes place including within the separate broad purposes of Article 1(1). 54This broadened applicability of Article 4(2) LED arguably offers less room to the competent authorities for manoeuvre in the re-use of personal data.Support for this second reading can to a certain extent be found in the Bulgarian case.The Court states that "the scope of Article 4(2) is not limited to the processing of personal data in connection with the same criminal offence as that warranting the collection of those data." 55This suggests that using personal data beyond the specific investigation that prompted the collection of data can also be considered as a change of purpose.In the next section, we will explore whether the right to privacy can provide an answer to the question when a change of purpose takes place.
A second outstanding question in relation to Article 4(2) LED is how to assess when the re-use of data that was initially collected for another purpose is necessary and proportionate in the sense of Article 4(2) LED. 56In the Bulgarian case, the CJEU only stated that the 'detection' or 'investigation' of a criminal offence is not the same as the 'prosecution' of a criminal offence.Therefore, data required for criminal investigations is not automatically necessary for the prosecution of criminal offences.The CJEU concludes, however, by stating that the assessment of the necessity and proportionality is ultimately up to national courts to decide. 57The LED itself does not 53.According to Oerlemans and Van Toor (n 15) p. 320, the purpose of the EncroChat operation was threefold: (1) to identify EncroChat users, (2) to investigate the criminal organisations they were part of, and (3) to collect evidence about crimes committed or yet to be committed by these criminal organisations.54.This approach is also defended by Koning (n 5), p. 181-182.Advocate General Pitruzella proposes to concretize the specific purposes alongside the different tasks the competent authorities the need to be performed to achieve the broader goals of Article provide the answer either.Recital 27 of the LED only indicates in general terms that it is necessary for competent authorities to process personal data collected in the context of the prevention, investigating, detection or prosecution of specific criminal offences beyond that context in order to develop an understanding of criminal activities and make links between different criminal offences detected. 58This seems to imply the LED is not prohibiting data-driven policing but leaves open the question how to examine the necessity and the proportionality of the re-use of data initially collected for a different purpose.Lacking more concrete guidance, we will direct our focus towards the fundamental rights framework in the next section.

Tracing the principle of purpose limitation within the fundamental rights framework
Functioning as "the hinge that connects data protection law to the right to privacy", 59 the principle of purpose limitation is implicitly acknowledged in the case law of the CJEU and the ECtHR concerning the right to privacy -Article 7 Charter of Fundamental Rights EU and Article 8 of the European Convention of Human Rights. 60This section will analyse how purpose specification, (in) compatibility test and change of purpose play out in the human rights framework and examine what conditions and safeguards can be derived from the human rights case law that are relevant to the regulation of data processing in the context of data-driven policing.The structure of this section builds on the divide between purpose specification and (in)compatible use.However, at this point it must be emphasised that to date the CJEU did not assess the compatibility of the principle of purpose limitation in the LED with the relevant fundamental rights as laid down in the CFREU (Articles 7, 8 and 52 of the Charter).Neither has the CJEU yet provided for criteria on how to assess the specificity of a purpose as explicitly laid down in Article 8(2) CFREU. 61Therefore, the case law of the ECtHR on Article 8 ECHR will figure at the forefront in this section.With regard to the ECtHR case law a further caveat should be made: several for data processing relevant cases concern the context of mass surveillance by security and intelligence agencies, which means that the reasoning of the ECtHR cannot be directly transposed to the 'general' criminal law enforcement context.Still, the reasoning of the ECtHR is relevant as the activities of data driven policing and data collection by security and intelligence agencies resemble to the extent that both activities aim at automated analysis of large digital datasets of combined and enriched data in order to detract new information on possible 'targets'.

Purpose specification
The principle of purpose specification is connected to all three justification requirements for a legal, legitimate and necessary interference with the right to privacy enshrined in Article 8(2) ECHR as well as in Article 52(1) CFREU. 62The principle is particularly tightly connected to the requirement 'in accordance with the law', which not only ensures the accessibility of the law, but also provides for a certain quality of that law in the sense that it demands foreseeability of the law. 63Foreseeability imposes a duty on the legislator to formulate laws with 'sufficient precision to enable the citizen to regulate his conduct' and herewith provide for adequate protection against arbitrary application of the law. 64With regard to the legitimacy and necessity of an interference with the right to privacy, purpose specification more indirectly provides for a starting point in the assessment of the criterion of a legitimate aim and the general requirement of proportionality of data processing. 65n its case law on investigative powers by intelligence and security services and criminal investigation authorities, the ECtHR has made clear that (national) law should incorporate safeguards in order to prevent abuse of power. 66When it comes to targeted interception of communications, the ECtHR takes different 'minimum safeguards' into account.The legal provisions governing communications surveillance should address: (1) the nature of offences which may give rise to an interception order; (2) a definition of the categories of people liable to have their telephones tapped; (3) a limit on the duration of telephone tapping; (4) the procedure to be followed for examining, using and storing the data obtained; (5) the precautions to be taken when communicating the data to other parties; and (6) the circumstances in which recordings may or must be erased or destroyed. 67hen it comes to bulk interception for intelligence purposes, the ECtHR takes in Big Brother Watch a wider range of criteria into account. 68While the case concerns powers of intelligence service, the judgment is arguably also relevant for bulk interception regimes in the context of criminal law. 69In addressing jointly the questions whether the bulk interception is 'in accordance with the law' and 'necessary', the domestic legal framework should clearly define: (1) the grounds on which bulk interception may be authorised; (2) the circumstances in which an individual's communications may be intercepted; (3) the procedure to be followed for granting authorisation; (4) the procedures to be followed for selecting, examining and using intercept material; (5) the precautions to be taken when communicating the material to other parties; (6) the limits on the duration of interception, the storage of intercept material and the circumstances in which such material must be erased and destroyed; (7)  the procedures and modalities for supervision by an independent authority of compliance with the above safeguards and its powers to address non-compliance; (8) the procedures for independent ex post facto review of such compliance and the powers vested in the competent body in addressing instances of non-compliance. 70rguably, the purpose specification principle is encapsulated in these safeguards, more specifically in the first two requirements/criteria of both interception frameworks.However, the criteria differ: for the targeted interception a "description of the nature of offenses" is required, where for the bulk regime it is only necessary that the "grounds for interception" be described. 71The question of specificity also rose in relation to the use of other forms of material gathered by the authorities.In the key case S & Marper, the Grand Chamber, for example, found a violation of Article 8 ECHR based on lack of specificity of purpose for which large amounts of data like fingerprints, cellular samples and DNA of persons suspected but not convicted of criminal activity, were retained. 72In the same way, the CJEU haswith reference to case law of the ECtHRclarified that legislation that foresees in interferences must lay down clear and precise rules governing the scope and application of the measure in question. 73t the same time, the ECtHR nor the CJEU has dealt explicitly with the question of how precise the purpose needs to be formulated. 74The reason for this is that both courts often do not engage in the discussion under what conditions a purpose is sufficiently precise, but rather evaluate the legitimacy of the purpose as provided by the state authorities.For instance, the ECtHR found a violation of Article 8 ECHR in the case of Rotaru v Romania, because national law did not set any limits on the possibility to store information about an individual. 75Romanian national law did not make it clear which information was allowed to be stored, whose data were allowed to be stored, how long the information was allowed to be stored or how the integrity and confidentiality of those data was safeguarded.The ECtHR did arrive at this conclusion without further clarifying when a purpose, generally, is sufficiently precise.Neither has the CJEU yet provided for criteria on how to assess the specificity of a purpose.As mentioned in the previous section, the CJEU merely stresses that purposes must be legitimate and formulated with sufficient precision without further clarifying when these standards are met. 76n sum, in human rights case law the principle of purpose specification is materially embedded in the requirement of foreseeability as a quality of law justified to interfere with the right to privacy.The rationale thus relates in particular to the prevention of arbitrary action from the authorities.National legislation must delineate with sufficient clarity the scope of an investigatory power andwhen it comes to targeted collection of dataat least include a category of offences and a category of people that can be subjected to those powers, to prevent abuse of power.Notwithstanding some overlap, the foreseeability requirement as formulated in the human rights framework does not exactly cover the principle of purpose specification for which data can be processed.Thus, the precise criteria for the assessment of the specificity of the purpose are difficult to detract from this framework.

(In)compatible use and change of purpose
The principle of compatible use (non-incompatibility requirement) can also be traced in the human rights case law, especially in the case law of the ECtHR. 77The parallel can be drawn between the principle of compatible use and the concept of the individual's 'reasonable expectations'also referred to as 'legitimate privacy expectation' 78 or 'foreseeability' 79 that the ECtHR sometimes uses when assessing whether an interference with the right to privacy has occurred.In doing so, the ECtHR indirectly compares the initial purpose of processing to the new processing purposes. 80arious cases can illustrate how the reasonable expectation standard is tightened to compatible use.There is, for example, a list of cases where the disclosure of medical data for new purposes constitutes an infringement of the right to respect for private life. 81In the framework of criminal investigations the case of Perry v United Kingdom is exemplary. 82In this case, the ECtHR examined whether the use of security cameras in a police station to take clear footage of the applicant in order to use this footage in an identity parade constituted an infringement of Article 8(1) ECHR.The ECtHR recalled that in principle the monitoring of the actions of an individual in public area by a camera that does not record the visual data, does not raise issues under Article 8 ECHR.This can be different when data is recorded, systematically or permanently. 83In this case, the applicant had refused to participate in an identity parade for which reason the police regulated the security camera to take clear pictures of the applicant that were shown to witnesses and at the public trial later on.The applicant was, however, not aware of the adopted ploy by the police that went beyond the normal or expected use of this type of camera, as is supported by the fact that an engineer was called upon to adjust the security camera.Therefore, the recording and use of the video constituted an interference with the right to respect for private life.This interference was not justified, because the police did not inform the applicant about the actual purpose of filming beforehand.This case shows that the purpose of the data processing plays an essential role in the assessment whether an interference with Article 8 ECHR took place. 84The purpose of data collection provides a link for examining whether an individual could expect an intrusion into his private sphere. 85A change of purpose in data processing can thus lead to an interference with the right to privacy.This means that the re-use of data for another law enforcement purpose than the purpose for which the data initially is collected will interfere with Article 8(1) ECHR if (and only if) the re-use could not be reasonably expected or foreseen.The question is then whether it can be reasonably expected or foreseen that data collected with various criminal investigation powers will later be used for intelligence purposes, i.e., to combine various data sets, to analyse these data and to detract new information from these data as is aimed for by data-driven policing.Arguably, such expectation will not be reasonable in many cases.Therefore, data analysis for intelligence purposes will in most cases amount to a (new) privacy infringement and can thus only be justified when the conditions of Article 8(2) ECHR are met.
In its case law on investigative powers by intelligence and security services and criminal investigation authorities, the ECtHR does not address explicitly the issue of compatible use and change of purpose.At the same time, however, in particular compatible use can be recognised in both frameworks regarding targeted interception as well as bulk interception.The compatible use standard can be recognized in the last three safeguards of the framework regarding targeted interception. 86In short, these safeguards should set limits to the actual use of the data.When it comes to bulk interception, the ECtHR pays even more attention to compatible use standards, since the interception is less targeted.Therefore, this seems at least to be the logic of the ECtHR, it is all the more important to limit the way in which the data can be used through material and procedural safeguards.According to the ECtHR, national law should provide in the procedures to be followed for selecting, examining, and using intercept material and it does emphasise the need for supervision by an independent authority (see criteria 7 and 8 in the previous section). 87Furthermore, the supervising authority must have sufficient corrective, supervisory and advisory powers.The ECtHR expressly distinguishes different types of supervision, ex ante supervision (authorisation by an independent authority), supervision during the processing and ex post supervision (access to a judge or other legal remedies). 88plementation of purpose limitation in national law: Is there a way forward?
The above discussion has shown that while the principle of purpose limitation is considered a fundamental feature of the data protection law, in the realm of criminal law enforcement this principle is surrounded by ambiguity.The discussed uncertainties and outstanding questions underline the broad leeway States have when interpreting the purpose limitation principle as they see fit.Having said that, when implementing the purpose limitation principle, States need to strike a proper balance between the principle's underlying safeguarding rationale and the contemporary needs of criminal law enforcement authorities in the area of crime detection, prevention and investigation.In this last section we will consider different regulatory options for the implementation of the purpose limitation principle in the realm of criminal investigations, with a specific focus on data-driven policing.In doing so, we distinguish between purpose specification and further use as regulated by the non-incompatibility requirement and the change of purpose provision.86.ECtHR (GC) 4 December 2015, app.No. 47143/06 (Roman Zakharov v Russia), para 231.National law should provide the procedure to be followed for examining, using and storing the data obtained; (5) the precautions to be taken when communicating the data to other parties; and (6) the circumstances in which recordings may or must be erased or destroyed.87.ECtHR (GC) 25 May 2021, app.no.58170/13 (62322/14 and 24960/15), para.361 (Big Brother Watch a.o.v the United Kingdom).88.Ibid.

Implementation of purpose specification: Rule-based approach vs principle-based approach
Considering the functions as well as the normative foundations of purpose specification, this requirement should in our view be interpreted strictly.This means the purposes provided for in Article 1(1) LED cannot always meet the requirement of specificity. 89Purposes like investigation or detection of crime cannot provide legal certainty.More importantly, with a more lenient interpretation, the purpose limitation principle could easily become an empty shell and that will impact the connected requirements of data minimization and storage limitation.The Member States therefore must specify explicitly for which purposes the police are allowed to process data.Under Article 8(2) LED, these purposes must also be laid down in national law.
The obligations concerning purpose specification with regard to data-driven policing can be complied with in two different ways, in short characterised as the rule-based and the principle-based approach. 90The rule-based approach means specifying in legislation the purposes for which law enforcement authorities can process data.This approach is generally followed in various Police Data Acts. 91For instance, the Dutch Police Data Act specifies several purposes for which the police can process personal data.Sometimes this is done by referring to a purpose within the broad tasks of the police or by stating which data subjects' data (suspects, affiliations) is allowed to be processed.Other times, the Act obliges the police to further specify for which purpose data will be processed.The Dutch legislator stipulated in Article 9 of the Police Data Act that the police must further specify within the broad objective 'maintaining law and order in a specific case' what the processing purpose is and that this must be done within a week after the start of data processing.
Specifying the purpose beyond a general category such as 'investigation of crime' in legislation beforehand might however be hard to achieve for data-driven policing methods, primarily because it is not always feasible to formulate sufficiently precise for which specific purposes law enforcement authorities can employ data-driven policing methods.Here too the abovementioned EncroChat and Sky ECC cases provide for a telling example.In these cases, it was quite impossible to anticipate beforehand what kind of criminality would resurface to justify and limit the data analysis.Therefore, a second more principle-based approach should be considered.This option is inspired by the way special investigative powers are usually drafted and exercised in practice. 92Purpose specification can also be achieved by laying down grounds which may authorize the data processing, such as the nature of the offences for which the data can be processed, the circumstances under which the data can be processed and the specification of prior authorisation procedures.This second more principle-based approach allows to assess on a case-by-case basis through prior authorisation procedures whether the processing of data is allowed.In doing so, it is possible to consider the specifics of the case at hand.This second approach is in fact followed by Dutch authorities in the cases of Encrochat and SkyECC.While using his authorization power, the investigative judge formulated specific conditions under which the investigative authorities could search and use the data. 93The goal of formulating these conditions for specifically the analysis and use of the available dataset, was to protect the rights to privacy and to avoid fishing expeditions.
This second approach is particularly relevant for data-driven policing methods, such as the interception of bulk data and the Dutch 'Rafinary' facility.As elaborated above, for these methods it is hard to formulate beforehand with sufficient precision for which purpose the data will be processed.The principle-based approach would imply that national legislators must clarify under what conditions the processing of data is allowed.For instance, national legislators could specify how investigative authorities can analyse bulk information, by stating for which offences the data can be searched, whether the use of keywords are necessary, and importantly which authority must authorize the data analysis beforehand, supervise an ongoing analysis and review the process of data analysis when completed.It is ultimately up to national legislators to decide where to lay down those rules, in criminal procedural law, in data protection law or in both laws. 94entifying and mitigating risks of further use through the change of purpose doctrine As shown above, the framework concerning the further use of data and change of purpose as enshrined in the LED is unclear in two ways.First, Article 4(2) LED does not seem to cover all ways in which data collected in a criminal investigation can be used for another purpose.Second, the LED does not provide guidance on how to assess whether the further use of data for another purpose is necessary and proportionate.In this section, we will focus on these issues.Let us start with the first issue.
The foregoing analysis showed that Article 4(2) LED is applicable in any case when law enforcement authorities switch between purposes provided for in Article 1(1), which are formulated rather broadly.It remains unclear what the CJEU would say about the applicability of Article 4(2) LED in case where a change of purpose took place within one of the general purposes mentioned in Article 1(1) LED.Considering the ECtHR case law, it could be argued that Article 4(2) LED should also apply to this kind of change of purpose.The ECtHR assesses whether a change of purpose took place on a case-by-case basis through the 'reasonable expectation' test. 95Accordingly, the right to privacy will be infringed if data is processed in another context for a new and reasonably unexpected purpose.The question whether a change of purpose took place, can thus not be answered solely on the basis of the purposes mentioned in Article 1(1) LED.The answer depends in particular on the specificity of the initial purpose as well as on the context in which the processing took place.
A strict interpretation of Article 4(2) LED implies that this provision is applicable to the use of data in another investigation than the investigation for which the data initially were collected.Data which is for example obtained by special investigative powers could thus not automatically be used in another investigation.This reading means that Article 4(2) LED is applicable to the use of data in another investigation than the investigation that prompted the collection of data, such as in the EncroChat and Sky ECC cases.The strict interpretation also implies that Article 4(2) LED applies in cases where already collected data is re-evaluated to derive new insights, such as in the Dutch facility 'Rafinery'.Second, the LED is silent on how to assess whether the use of data for another purpose is necessary and proportionate in the sense of Article 4(2) LED.It is difficult to determine on an abstract level when the use of data for a new and different purpose is necessary and proportionate.The right to privacy could also play a role here by providing a scale to assess the necessity and proportionality of the further processing of data. 96Stated differently, the risks the further use of data poses to the right to privacy are imperative to consider when assessing whether that further processing is necessary and proportionate.To make this somewhat more concrete it can be useful to make a distinction between two ways in which data can be used for other purposes: repurposing and recontextualization. 97 This distinction is particularly useful when thinking about the necessary safeguards to be included in national law.
The concept of repurposing implies the use of data for another purpose than the investigation that prompted the collection of data.For example, when law enforcement authorities collect data on a specific suspect in a specific investigation, but meanwhile they accidentally discover data which is relevant for another case and can be used in that other case (the so-called 'bycatch').Another example can be found in the CJEU Bulgarian case in which a law enforcement authority initially collected data to investigate a specific crime and used this data later in the prosecution of an accused person.The privacy risk of repurposing lies primarily with the broader disclosure of personal data of (several) subjects.
The concept of recontextualization is more complicated than repurposing.Recontextualization can also be characterized by the use of data for a purpose other than for which they were collected.However, the difference with repurposing lies in the re-evaluation of data with the aim of deriving new information that is not already known.One might think of combining datasets from different investigations in order to detract information on yet unsuspected individuals, which is the aim of the mentioned Dutch example of 'Rafinary'.Generally, recontextualization is more privacy intrusive than repurposing.Since the aim of recontextualization is to generate new knowledge, this could have consequences for individuals whom the police did not have on their radar yet.Furthermore, the re-evaluation of data is less foreseeable and could lead to interpretative mistakes.
In the Netherlands, the conceptual difference between repurposing and recontextualization is not reflected in the law and that creates a real risk for safeguarding the right to privacy.Recontextualization can beand is in practicebased on Article 11 of the Dutch Police Data Act, which provision empowers the police to conduct automated comparison and combined search of data that was collected in different criminal investigations or during the daily police task.However, this Article does not take into account the severity of the interference with the right to privacy that recontextualization implies, since the provision neither sets any limits on the type of data that can be used nor on the permissible methods of analysis. 98In contrast, Germany provides an example of legal regulation that is at least more attuned to the conceptual difference between repurposing and recontextualization.When it comes to the re-use of data, the Bundesverfassungsgericht considers automated analysis for intelligence purposes of combined data that was previously collected in specific criminal investigations as constituting a new infringement of the personality rights (the 96.Von Grafenstein (n 5) with regard to the purpose limitation principle in contexts to which the GDPR applies.German concept of the right to privacy). 99Consequently, the principle of proportionality in strict sense applies to this type of data processing and strong safeguards must be put in place.When it comes to repurposing, a more lenient approach is followed which results in a less strict application of the principle of proportionality. 100It is not our intention to make a precise comparison of the different national rules on the reuse of data at this juncture.The point is that when national legislators want to create new rules on the further use of data, they should take into account the different privacy risks associated with the further use of data, especially when it concerns the recontextualization of data.Article 4(2) LED should thus be considered to function as a tool for legislators to identify risks associated with the re-use of data for secondary processing purposes as well as a tool to mitigate those risks optimally.

Concluding remarks
In this paper we have investigated what guidance the principle of purpose limitation as it is incorporated in the EU Law Enforcement Directive can provide to national legislators when regulating data-driven policing methods in the area of criminal enforcement.This investigation was prompted by the current technological developments that fuel the need and opportunities for data-driven policing that criminal enforcement authorities are eager to employ.Not surprisingly, the application of these methods in practice already precedes its legal regulation, while national legislators are struggling with fitting the circle of data-driven policing methods into the square of available legal frameworks.The principle of purpose limitation, generally regarded as the cornerstone of data protection law, seems to present a notable obstacle in legislator's efforts to strike a right balance between the need of effective criminal investigations and the need to protect the rights of citizens optimally.
The above discussion leads us to conclude that the normative guidance of the principle of purpose limitation as incorporated in the LED is rather limited when applied to data-driven policing.The nature of the LED as an instrument of minimum harmonisation obviously is of importance here; the LED is packed with ambiguities even with regard to the interpretation of core elements such as purpose specification, (in)compatible use requirement and the conditions for the re-use of data.On a more fundamental level, we see two problems.First, the LED seems to suggest that the principle of purpose specification can only be achieved by specifying in legislation the purposes for which national authorities can process data.To do justice to purpose specification, States should take a more considered approach by not merely codifying the general objectives that delineate the scope of the LED, but ensure that data processing in criminal law context is more specifically defined.Regarding data-driven policing methods, this could be done by specifying how investigative authorities can analyse information, for example by stating for which offences the data can be searched, whether the use of keywords is necessary, and importantly which authority must authorize the data analysis beforehand, supervise an ongoing analysis and review the process of data analysis when completed.
Second, it is not clear how national legislators must interpret the change of purpose provision as enshrined in Article 4(2) LED.This provision states that the further use of data for another purpose is allowed when the conditions of legality, necessity and proportionality are met.However, the LED does not provide guidance on how to assess whether the further use of data for another purpose is necessary and proportionate.From the perspective of the right to privacy, not all ways in which national authorities can use data for another purpose than for which the data were collected are equally problematic.For instance, the re-use of data collected in specific criminal investigations to derive new insights is more privacy intrusive than the use of data collected in another investigation than for which it was collected without deriving new insights.The LED does not address such subtleties sufficiently, but generally takes an omnibus approach.This unclarity raises challenges to data-driven policing methods which are based on the further use and re-use of data.Considering the specifics of data-driven policing, Article 4(2) LED should be seen to function as a tool to identify risks associated with the re-use of data for secondary processing purposes as well as a tool to mitigate those risks optimally.For more concrete inspiration the concepts of repurposing and recontextualization can prove useful when it comes to identifying the risks to privacy that are at stake.Next to providing guidance for the regulation of the different kinds of re-use of data, these concepts in turn underscore the importance of the new infringement on the right to privacy that accompanies many incidences of re-use of data.It is important that national authorities pay sufficient attention to this.
This interpretative approach to the LED is particularly prompted by the right to privacy and data protection as enshrined in the ECHR and the CFREU.The ECtHR and the CJEU have developed regulatory frameworks in which they try to balance contemporary law enforcement needs and fundamental rights.For data-driven policing especially the case law of the ECtHR is relevant.This case law emphasises the need to regulate explicitly the ways in which data can be analysed and reused when the purposes for which data is collected initially are formulated in a rather broad way, as would be the case with several data-driven policing methods.Moreover, this case law makes clear that data collection and data processing and its re-use are considered a continuous process from the perspective of the right to privacy.Procedures implementing the various stages of this continuum should be in place and should be accompanied by rigorous and effective framework for supervision of the legality and legitimacy of data processing.
Concerning the interpretation of purpose limitation in the LED, one would expect more guidance from the CJEU.Whether this guidance will be available in the near future is difficult to say.In any case, it would be unrealistic to expect the CJEU to provide a specific step-by-step guidance for legal regulation of data-driven policing in a national context.Here States have their own responsibility.The rationale of purpose limitation as the cornerstone of data protection law and as the axis that connects this law to the right to privacy can still be used in good faith as a guiding light.This is also underscored by the system underlying the LEDmore intrusive data processing should be accompanied by stricter requirementsas provided for in Article 10 LED with regard to sensitive data, for example.
In the end, States have a margin of appreciation and the resulting responsibility to ensure the principle of purpose limitation, as the cornerstone of data protection law, does not become an empty shell when applied in the context of criminal law enforcement generally, and data-driven policing more specifically.To meet the data analysis needs of the police to carry out its tasks properly on the one hand, and to ensure the protection of citizens' human rights on the other hand, we argue that national legislators can pursue a more principle-based approach when regulating data analysis and data re-use in the criminal law enforcement sphere, but that they should also incorporate appropriate (end-to-end) safeguards, including an independent, rigorous and effective supervisory system.
-73; see extensively on this topic: M.I.Fedorova, R.M. te Molder, M.J. Dubelaar, S.M.A. Lestrade & T. Walree, Strafvorderlijke gegevensverwerking.Een verkennende studie naar de relevante gezichtspunten bij de normering van het verwerken van persoonsgegevens voor strafvorderlijke doeleinden, Nijmegen: Radboud University Press 2022.3. Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA, OJ 4.5.2015,L 119/89.
35.WP29, 2013, p. 15. 36.Working Party 29, Opinion 03/2015 on the draft directive on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data, 1 December 2015, 3211/15/ EN, p. 6. 37. WP29, 2013, p. 16.Cf. also von Grafenstein (n 5), p. 104.38.See (n 14).
93. See on EncroChat extensively, Oerlemans and Van Toor (n 15).94.In the Dutch context, we argued to strengthen criminal procedural law as well as data protection law.See Fedorova et al (n 2), p. 157-167.95.See the analysis of Strasbourg case law above.
Also, De Hert and Sajfert argue that any subsequent use of data by the police or other controllers within the scope of the LED, is covered by Article 4(2) of LED 39.Jasserand (n 19), 'Subsequent Use of GDPR Data for a Law Enforcement Purpose: The Forgotten Principle Purpose Limitation', p. 157; M Koning (n 5), p. 135; Vogiatzoglou and Marquenie (n 4), p. 34-35.40.Jasserand (n 19), 'Subsequent Use of GDPR Data for a Law Enforcement Purpose: the Forgotten Principle of Purpose Limitation', p. 152-167.41.Inspektor v Inspektorata kam Visshia sadeben (n 23), para 61.42.See Article 7a of the first version of the Directive 2016/680 (COM(2012)0010), available via: https://www.europarl.europa.eu/doceo/document/A-7-2013-0403_EN.pdf.See also Jasserand (n 19), 'Subsequent Use of GDPR Data for a Law Enforcement Purpose: The Forgotten Principle Purpose Limitation', p. 159, where she points to disagreement between states on this issue.43.Koning (n 5), p. 187.44.De Hert and Sajfert (n 19), p. 12.Although not explicitly, these authors also seem to favour this interpretation.45.Council Framework Decision 2008/977/JHA of 27 November 2008 on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters ("2.Further processing for another purpose shall be "coupled with the 'compatible use' building block of the purpose limitation principle in Article 4(1)(b)". 46They, however, do not elaborate on how the subsequent use under Article 4(2) LED is related to the compatibility test in Article 4(1) LED or how the latter test should be applied in the realm of the LED.
permitted in so far as: (a) it is not incompatible with the purposes for which the data were collected; (b) the competent authorities are authorised to process such data for such other purpose in accordance with the applicable legal provisions; and (c) processing is necessary and proportionate to that other purpose.") 1(1), see Opinion of Advocate General Pitruzella (n 29), para 58.55.Inspektor v Inspektorata kam Visshia sadeben (n 23), para 56.56.Vogiatzoglou and Marquenie (n 4), p. 35.57.Inspektor v Inspektorata kam Visshia sadeben (n 23), para 61.
71. See also Fedorova et al (n 2), p. 71.72.ECtHR (GC) 4 December 2008, app.No. 30562/04 and 30566/04 (S & Marper v. United Kingdom), para 125.("In conclusion, the Court finds that the blanket and indiscriminate nature of the powers of retention of the fingerprints, cellular samples and DNA profiles of persons suspected but not convicted of offences, as applied in the case of the present applicants, fails to strike a fair balance between the competing public and private interests and that the respondent State has overstepped any acceptable margin of appreciation in this regard.Accordingly, the retention at issue constitutes a disproportionate interference with the applicants' right to respect for private life and cannot be regarded as necessary in a democratic society.This conclusion obviates the need for the Court to consider the applicants' criticism regarding the adequacy of certain particular safeguards, such as too broad an access to the personal data concerned and insufficient protection against the misuse or abuse of such data.