- Legitimacy of public-private partnerships for combatting cybercrime partially depends on whether or not law enforcement data processing activities are subject to the same data protection-related restrictions, whether they involve cooperation of private parties or not. - Information sharing within PPPs is a complex phenomenon with various configurations and power structures. This complexity needs to be accounted for in the analysis of the applicability of the two data protection regimes. - GDPR as a general data protection instrument and the Police Directive as a lex specialis are meant to leave no space for the private-public data transfers to fall through the cracks. However, which legal regime applies when private entities and law enforcement act as joint controllers is a grey area of the dual EU data protection regime and may seriously undermine legitimacy of PPPs, unless private parties are given status of competent authorities or controllership within PPPs is assigned in a special legal act. - Private parties may be subject to less data protection restrictions, e.g. exempted from the purpose limitation principle, when collaborating with the law enforcement. This may create motivation for the public law enforcement to actively seek such collaboration to avoid constraints imposed on them by law. - It is recommended that the legislative measures creating such exemptions subject private-public data transfers to the same conditions of legality of processing as the processing by competent authorities.

中文翻译：

---

在 GDPR 和警察指令之间：在公私伙伴关系中的信息共享迷宫中导航

- 打击网络犯罪的公私合作的合法性部分取决于执法数据处理活动是否受到与数据保护相关的相同限制，无论它们是否涉及私人合作。- PPP 内的信息共享是一个复杂的现象，具有各种配置和权力结构。在分析两种数据保护制度的适用性时，需要考虑这种复杂性。- 作为通用数据保护工具的 GDPR 和作为特别法的警察指令旨在为私人 - 公共数据传输留下任何漏洞。然而，当私营实体和执法部门作为联合控制者时，适用哪种法律制度是欧盟双重数据保护制度的灰色地带，可能会严重破坏 PPP 的合法性，除非私营方被赋予主管当局的地位或 PPP 中的控制权在特别的法律行为。- 在与执法部门合作时，私人方可能受到较少的数据保护限制，例如不受目的限制原则的约束。这可能会促使公共执法部门积极寻求此类合作，以避免法律对其施加限制。- 建议制定此类豁免的立法措施将私人-公共数据传输置于与主管当局处理相同的合法处理条件下。