Evidently, the collection and processing of data, foremost personal data, are at the centre of Europol’s activities. That on its part calls for the application of the highest standards of data protection and data security. Therefore, the agency has emplaced one the most robust data protection frameworks in the world of law enforcement. This is an asset, but at the same time, a responsibility as the tailor-made set of rules has to be duly applied to both the operational needs of Europol and the individual’s fundamental right to effective data protection.
In this context, the main challenge is the application of the data protection framework to the day-to-day operations of the agency. The Data Protection Function (DPF) within Europol is in the ideal position to ensure the lawfulness and compliance of data processing operations with the applicable legal framework. In addition to the assurance activities of the Data Protection Officer (DPO), there is also the supervision exercised by the European Data Protection Supervisor (EDPS).
Data Protection Function
The Data Protection Function is an integral part of Europol and the initial point of contact for all data protection issues. The unit is headed by the Data Protection Officer (DPO), who is appointed by Europol’s Management Board. The DPF, which acts with functional independence, works closely with Europol staff, offering advice and guidance in line with best practices on the processing of personal data. With respect to the processing and exchange of data among Europol and EU Member States, the Data Protection Officer ensures that the applicable data protection rules are applied to all forms of personal data exchange.
The DPF has access to all data processed by Europol as well as all Europol premises. Its main activity is to ensure compliance with the mandate-setting legal instrument of Europol, namely the Europol Regulation. Under the Europol Regulation, the agency not only steps up its efforts to fight terrorism, cybercrime and other forms of serious and organised crime, but also increases data protection safeguards, democratic control, parliamentary scrutiny, as well as its role as the central hub for criminal intelligence and information exchange.
Additionally, in the context of its activities, Europol’s DPF has also established an online collaboration platform – the Europol Data Protection Experts Network (EDEN). EDEN’s main aim is the exchange of expertise and best practices among a community of various stakeholders, ranging from law enforcement experts to representatives of relevant private parties, academia, NGOs, etc.
If you are interested in contributing to the discussions on effective data protection safeguards applicable in law enforcement context, please apply to become a member of our expert community via eden@europol.europa.eu
Accessing personal data at Europol
Any individual can obtain information on whether personal data related to them are processed by Europol. The agency has a legal obligation to provide the data subject with information on whether personal data relating to him/her are processed at Europol. In order to exercise the right of access, the individual can submit a request to Europol via the competent authority of a Member State or directly to Europol. At Europol, the DPF undertakes the necessary checks.
European Data Protection Supervisor (EDPS)
While the Data Protection Officer, though independent in the performance of his tasks, is an integral part of the organisation, the European Data Protection Supervisor (EDPS) is responsible for external supervision. The EDPS respectively provides advice on data protection matters to Europol, carries out inspections and investigates complaints from individuals.
The EDPS is the European Union’s independent data protection authority that serves as an impartial centre of excellence for enforcing and reinforcing EU data protection and privacy standards, both in practice and in law. The EDPS is headed by a Supervisor and supported by lawyers, IT specialists and administrators. These experts are highly experienced in data processing and they supervise Europol’s activities from a data protection perspective.
To this end, the EDPS has the power to inspect all Europol files at any time. The inspection visits of Europol’s premises are carried out in close cooperation with the DPF at Europol. The EDPS inspections cover all of Europol’s data processing operations. On the basis of these inspections, the EDPS delivers extensive and detailed reports on the supervisory activities of Europol, which include findings and recommendations.
In addition to the aforementioned checks by the DPF and the EDPS, each Member State has its own national supervisory body. In accordance with its national law, each Member State checks the transmission of personal data to and from Europol. Members of each of these national supervisory bodies also have access to the documents and premises of their Liaison Officers at Europol.
Fundamental rights at Europol
The European Parliament and the Council amended the Europol Regulation in co-legislation in 2022. These changes expanded the ways Europol can support EU Member States in combating serious and organised crime, complemented by enhanced oversight of the Agency’s work.
To ensure strengthened safeguards and increased accountability, the amendments to the Europol Regulation introduced an independent Fundamental Rights Officer (FRO). The FRO is responsible for supporting Europol in safeguarding the respect for fundamental rights in all its activities as the Agency executes its mandate. The FRO’s tasks have a particular emphasis on the Agency’s operational work and activities. The FRO promotes Europol’s respect for fundamental rights by advising the Executive Director on these matters. The FRO provides non-binding opinions on Working Arrangements with third parties and countries.
The FRO also produces fundamental rights assessments on the development and use of new technologies, such as the ethical exploration of artificial intelligence. The FRO also instils knowledge of fundamental rights to all Europol operational staff through comprehensive training.
Tags
- Data Protection
- Law Enforcement
- Management & Control
- Management Board (MB)
- Data Protection Function (DPF)
- European Data Protection Supervisor (EDPS)
Related content