1. The competent authorities shall act as controllers of the personal data they obtain by operation of Articles 3 and 4, Article 5(3) and Article 6.
2. The processing of personal data on the basis of this Regulation shall take place only for the purposes of the prevention and fight against criminal activities.
3. The personal data obtained by operation of Articles 3 and 4, Article 5(3) and Article 6 shall be accessed only by duly authorised staff of the competent authorities and shall be adequately protected against unauthorised access or transmission. Unless otherwise provided for in Articles 9, 10 and 11, the data may not be disclosed or transmitted without the express authorisation of the competent authority which originally obtained them. However, that authorisation shall not be necessary where the competent authorities are required to disclose or transmit that data pursuant to the national law of the Member State in question, particularly in connection with legal proceedings.
4. T
…