On January 10, the European Data Protection Supervisor (EDPS) ordered EUROPOL, the European criminal police agency, to divest itself of data collected in the course of investigations lasting more than six months. On February 1, the Council Presidency and the European Parliament reached a provisional agreement on a draft regulation amending the Europol regulation, which will have to be approved by the Council and the European Parliament before being adopted.
Europol is a European criminal police agency based in The Hague, the Netherlands, which allows national police forces to share intelligence on drug trafficking, terrorism, international crime and child abuse within the European Union. The European Data Protection Supervisor (EDPS), on the other hand, is an independent institution of the European Union responsible for “ensuring that the fundamental rights and freedoms of natural persons, and in particular their right to data protection, are respected by the Union institutions and bodies, and for advising the Union institutions and bodies and data subjects on all matters concerning the processing of personal data.”
EUROPOL and EDPS
On December 9, 2020, the European Commission presented a proposal for a Regulation of the European Parliament and of the Council amending the Regulation on Europol’s cooperation with private parties, the processing of personal data by Europol in support of criminal investigations and its role in research and innovation. This proposal strengthened and, where appropriate, extended Europol’s mandate. In April 2021, the EDPS issued an opinion on this proposal stating that “the scope of research and innovation activities should be better defined in the Europol Regulation and specified in a binding document” . In addition, in 2019, the EDPS launched an inquiry into Europol’s data retention policy, finding it neither regulatory nor necessary. On January 3, he announced that he had ordered the police agency Europol to delete from its files a large amount of information that did not comply with, among other things, the storage period for sensitive data, transmitted by the member countries of the European Union concerning individuals suspected of criminal activities and to give it one year to do so. The deadline for the EDPS to process the future information was 6 months. Wojciech Wiewiorowski, Supervisor at the CPED, states:
“A six-month deadline for pre-analysis and filtering of large datasets should allow Europol to respond to operational requests from EU member states for technical and analytical support, while minimizing risks to the rights and freedoms of individuals.“
The provisional agreement: boosting EUROPOL’s resources, increased role for CPED
According to EURACTIV, the interim agreement is “a legal basis for storing and processing large amounts of personal data, ending a controversy.”
Under the new agreement, the European Parliament and the Council will strengthen Europol’s resources to better support Member States in their fight against crime and terrorism. Gérard Darmanin, Minister of the Interior, states:
“Europol plays an essential role in increasingly supporting Member States in their fight against organized crime and terrorism. In a complex and ever-changing criminal environment that is more transnational and digital, the new rules agreed today will allow the agency to continue this work with greater efficiency, reinforcing its role as an essential partner for national authorities.“
The proposal seeks to make improvements in the following areas:
-
-
Research and innovation
Given the challenges to EU security posed by the use of new technologies by criminals, law enforcement agencies need to enhance their technological capabilities. To this end, the draft regulation mandates Europol to assist member states in the use of emerging technologies. Europol will also have to work on exploring new approaches and developing common technological solutions, including those based on artificial intelligence, always subject to strong safeguards for security and protection of fundamental rights.
-
Processing of large data sets
Data collected in the context of criminal investigations has increased in size and complexity. Member States, through their own data analysis, cannot always detect cross-border links. Under the draft regulation, Europol will be able to process large and complex data sets to support Member States in their fight against serious crime and terrorism. The draft also includes strict requirements to ensure that any data processing by Europol is always in line with fundamental rights, including the right to privacy, as the regulation is aligned with the EU’s data protection regulation.
In the draft regulation, a new article has also been introduced to further clarify the situation of data currently held by Europol. A transitional measure will allow Member States, the European Public Prosecutor’s Office and Eurojust to inform Europol that they wish to apply the new Europol mandate with regard to these data. Europol would then be able to continue to support investigations based on these data. In general, the text aims at reconciling the efficiency of the agency with full compliance with data protection rules.
-
Cooperation with private actors
Due to the increased use of online services by criminals, private actors hold increasing amounts of personal data that may be relevant for criminal investigations. Under the draft regulation, Europol will be able to receive personal data directly from private actors, thus providing a contact point at EU level to legally share data sets from several authorities. Europol will then be able to analyze these datasets to identify the Member States concerned and forward the information to national authorities.
-
Cooperation with third countries
The draft regulation extends the possibilities for Europol to cooperate with third countries. It introduces the possibility to exchange personal data with countries where appropriate safeguards are provided for in a legally binding instrument or exist according to the self-assessment carried out in the framework of Europol.
-
Cooperation with the European Public Prosecutor’s Office
Europol will have to cooperate closely with the European Public Prosecutor’s Office and, at the request of the latter, support its investigations. Europol will also have to report without delay to the European Public Prosecutor’s Office any criminal conduct falling within the competence of the latter. In order to strengthen operational cooperation between the two bodies, the draft regulation also lays down rules governing access by the European Public Prosecutor’s Office to Europol data.
-
SIS alerts
Europol will support Member States in processing data transmitted by third countries or international organisations and may propose that Member States enter informative alerts in the Schengen Information System (SIS).
-
Investigation initiative
The new mandate will allow the Executive Director of Europol to propose the opening of a national investigation into non-border crimes affecting a common interest that is the subject of EU policy. It will be up to the national authorities to decide whether or not to act on this request.
-
On the other hand, the agreement provides for an increased role for EDPS in the supervision of Europol, and the establishment of a fundamental rights officer…
Translated from UE : Renforcement du mandat d’EUROPOL