Legal dispute over personal data disclosure in Boris Karpichkov v The National Crime Agency highlights privacy rights in law enforcement cooperation

Citation: [2023] EWHC 2653 (KB)
Judgment on

Introduction

The case of Boris Karpichkov v The National Crime Agency is a significant legal proceeding that addresses the interplay between the exchange of personal data for law enforcement purposes within the European Union and the protection of individual privacy rights. This article thoroughly analyses the legal principles applied in this case, with particular attention to the implications for data protection and an individual’s right to privacy under both EU and UK law.

Key Facts

Mr. Boris Karpichkov, a former KGB double agent and now a British Citizen, alleged that the National Crime Agency (NCA) improperly disclosed his new identity and address to the Latvian authorities. This disclosure led to threats being made against him in the UK, posing a significant risk to his safety. The disclosure was made in connection with the European Arrest Warrant (EAW) and the Schengen Information System II (SIS II), designed to simplify judicial procedures between member states.

Data Protection and the EAW Framework

Central to this case are the principles of the EAW Framework Decision and SIS II, which prioritize the simplification and facilitation of judicial procedures for law enforcement purposes. This system operates on mutual trust between member states and demands a high level of cooperation, generally mandating the execution of an arrest warrant (Article 1, 2002/584/JHA). However, that mandate is nuanced by the requirement to respect fundamental rights under Article 6 of the Treaty on European Union.

The Law Enforcement Directive (LED) and Data Protection Act 2018

The application of the LED (Directive (EU) 2016/680) and the UK’s Data Protection Act (DPA) 2018, particularly Parts 35-40, embeds the necessity for lawful and fair data processing, ensuring data relevance and security. Notably, these instruments do not override fundamental rights, which include data protection, enshrined in the Charter of Fundamental Rights of the EU.

The “Carve-Outs”

The significant “carve-outs” in Articles like LED Art 1(2)(b) and Art 60 protect the special regime for data sharing under the EAW, suggesting a “complete code” not ordinarily affected by data protection considerations. However, the need to uphold fundamental rights potentially brings the necessity for disclosure under closer scrutiny.

Necessity and Proportionality

The concept of ‘necessity’ within the EAW and SIRENE system is complex, with the case analysis revealing arguments for both ‘strict’ and ‘reasonable’ interpretations of necessity. Ultimately, whether disclosing Karpichkov’s data was necessary for law enforcement purposes and whether it was a proportionate response given the risks to his personal safety were critical considerations.

Outcomes

The court dismissed the application for strike out and summary judgment by the NCA, stating the case presented by Karpichkov was not inherently implausible and warranted further review. This outcome highlights the judicial sensitivity to the balance between state obligations under the EAW framework and individual rights under data protection laws.

Conclusion

In Boris Karpichkov v The National Crime Agency, the court navigated the fine balance between cooperation in criminal matters under the EAW and SIS II systems and individual rights to privacy and data protection enshrined in EU and UK law. The decision to allow the case to proceed reflects an understanding that the execution of such warrants must consider the potential risks to individual rights, particularly where disclosures of personal data are involved. This case thus serves as a pertinent example of the ongoing dialogue between national security interests and the protection of personal freedoms.