The article examines the “data protection gap” in EU law concerning the transfer of personal data from private companies to law enforcement authorities for criminal investigations. While commercial data processing falls under the proposed regulation and police/judicial processing under the proposed directive, transfers between the two remain unregulated. The author analyses how such transfers affect core data protection principles, including accuracy, reliability, purpose limitation, necessity, and security, drawing on Europol’s practices and existing EU–US agreements. She argues that the proposed directive should explicitly cover these transfers, with complementary obligations for private companies under the proposed regulation, to ensure effective protection while enabling criminal investigations.

The European Union has adopted and developed a comprehensive framework to combat offences affecting its financial interests over the years. It established a specific investigative service, the European Anti-Fraud Office (OLAF) in 1999, which is competent to conduct administrative investigations when there is suspicion of fraud or any illegal activity affecting the budget of the Union.1 OLAF can fully independently conduct internal investigations (i.e., inside any European institution or body funded by the EU budget) and external investigations (i.e., at the national level if the EU’s financial interests are affected); to this end, it cooperates closely with competent national authorities… Read more

Increasing dependency of the society on the information technologies raises concerns over vulnerabilities in cyberspace and the “dark side” of the information networks. The growth of digital operations in legitimate markets is one of the vital factors for the economic development. However, as markets and trading themselves have always attracted criminals seeking benefits from illegal activities, digital networks become a key enabler for the growth of cybercrime, both with regard to committing traditional crimes in the Internet and to developing new types of computer misuse. Cybercrime has been evolving in line with how society uses digital networks, reacting to every… Read more

The initial source of the money laundering legislation that is still in full development is Directive 1991/308/EU (also known as the “first directive”) on prevention of the financial system from laundering the proceeds of criminal activities. Directive 2001/97/EU (the “second directive”) on the subject of prevention of employment of the financial system for laundering the proceeds of illicit activities demands a higher standard of obligations on the part of the Member States and extends the scope of the subjects upon whom such obligations are imposed. Italian Legislative Order 231/2007 brings into effect the Directive 2005/60/EU (the “third directive”). It introduces… Read more

The article analyses the ECJ’s judgment in Bonda (C-489/10), which addressed whether exclusions and reductions of agricultural aid under EU law constitute criminal penalties. The Court confirmed that such measures are specific administrative instruments linked to participation in aid schemes and aimed at protecting the EU budget, not criminal sanctions. Consequently, the ne bis in idem principle does not preclude subsequent criminal proceedings for the same conduct. The authors discuss the reasoning of the ECJ, its reference to ECtHR case law on the notion of “criminal proceedings,” and the implications for applying ne bis in idem under both the Charter and the ECHR in national proceedings.