Free pass for Europol

 "The EU is expanding the authority's mandate and legalizing questionable practices in the handling of personal data.

It is not the core business of the European law enforcement agency Europol to send off officials and hunt down criminals. The thousand employees in The Hague are mainly occupied with obtaining, viewing and sorting data. By preparing situation analyses, they help the EU member states to combat serious forms of international crime. The more crime shifts to the Internet, the more extensive their work becomes - and that also arouses suspicion: the authority was recently referred to as a "data octopus" and "data monster" because its work is now on the verge of legality. Now Europol seems to have received a kind of free pass from the European Union.

Representatives of the European Parliament and the 27 EU states agreed on Tuesday to significantly expand the mandate of Europol - founded in 1998 and officially an agency of the European Union since 2010 - also in the handling of personal data. The EU Commission had already made the original proposal for this in 2020, also under the impression of several terrorist attacks. The final approval of the Council of Ministers and the European Parliament is considered a formality, despite protests from data protection officials.

 

The authority should therefore become an innovation driver in the field of data analysis and develop artificial intelligence applications for investigative work. It should get more skills in the analysis of large data sets. 

 

When it comes to terrorism and child abuse, Europol should also be allowed to intercept data from third countries, regardless of the data protection regulations that apply there, as well as data from private companies. This could be, for example, social networks that provide chat logs from suspicious users. Personal data should also be accepted by Europol.

Retroactive Legitimation of Illegal Practices?

Data protectionists see the new regulations as giving a retrospective legitimacy to illegal practices. A few weeks ago, the European data protection officer, Wojciech Wiewiórowski, asked Europol to delete masses of personal data - apparently four petabytes from ongoing and completed investigations - that had been sent to the authority by the member states.

 

Actually, data from people should be deleted after six months if no connection to criminal activity can be proven. It looks as if the authority itself had lost track of the jumble of information. Wiewiórowski's office launched an investigation into how Europol handles personal data in 2019 and has since asked the agency to make changes several times. The data has not been deleted to this day and may apparently continue to be used under the new rules. The new deletion period should be 18 months.

 

The EU Commission and member states are now claiming that they would ensure legal certainty. "Europol needs modern means to support the police in their investigations," - commented EU Interior Commissioner Ylva Johansson on Tuesday evening. The agreed mandate reaffirms the agency's role as a global pioneer in the development of new technologies for law enforcement, prevention and investigation of crime - but also in the protection of fundamental rights such as the protection of personal data. This is now being hotly debated.

In order to monitor Europol's new power, the European Data Protection Supervisor is to be given insight into the way the authority handles personal data, but only retrospectively. "The expansion of Europol's powers does not go hand in hand with increased control of the agency's actions," - current incumbent Wiewiórowski said, according to the news portal Euractiv. The provisions contained in the proposal are a "direct threat" to the role of the supervisory authority."