Referral C-57/23 (Policejní prezidium, 2 Feb 2023)

1. What degree of distinction between individual data subjects is required by Article 4(1)(c) or Article 6 in conjunction with Article 10 of Directive 2016/680? Is it compliant with the obligation to minimise personal data processing, and with the obligation to distinguish between various categories of data subjects, for national law to permit the collection of genetic data in respect of all persons suspected or accused of having committed an intentional criminal offence?

2. Is it in accordance with Article 4(1)(e) of Directive 2016/680 if the necessity of continued retention of a DNA profile is assessed, with a reference to the general prevention, investigation, and detection of criminal activity, by Police authorities on the basis of their internal regulations, which frequently means in practice that sensitive personal data is retained for an unspecified period without a maximum limit for the duration of the retention of that personal data being set? If not, by what criteria should the proportionality of the period of the retention of the personal data collected and retained for that purpose be assessed?

3. In the case of particularly sensitive personal data falling under Article 10 of Directive 2016/680, what is the minimal scope of the substantive or procedural conditions for obtaining, retaining, and deleting such data that must be regulated by a ‘provision of general application’ in the law of a Member State? Can judicial case-law qualify as ‘Member State law’ within the meaning of Article 8(2) in conjunction with Article 10 of Directive 2016/680?