Balancing Europol’s operational needs and the individual’s right to data protection

For more information on data protection and the Data Protection Office at Europol please visit our dedicated DPO e-magazine.

 Visit the DPO e-magazine

In the area of law enforcement, the highest standards of data protection and security are of the utmost importance.

It was clear from the moment Europol was founded that a set of tailored rules would have to be created to take into account both the operational needs of Europol and the individual’s right to effective data protection.

The collection and processing of data are at the heart of Europol’s work, and it stores large amounts of personal data. Various Europol units, EU Member States and even third parties pass it to one another for analysis. To some, this image might give cause for concern.

The unprecedented ways in which Europol and other organisation can collect and analyse data these days bring with them an obligation to respect each individual’s right to have their personal data duly protected. To live up to this obligation, Europol must minimise the danger of abuse and the risk of data leaks, whether intentional or unwitting.

Europol is proud to have one of the most robust data protection frameworks in the world of law enforcement. This is an asset, even as it also imposes significant responsibilities, including the duty to see to it that the framework is implemented in day-to-day operations.

There are two bodies that work within or with Europol to ensure that data-protection procedures are enforced and followed: the Data Protection Office (DPO) and the Joint Supervisory Body (JSB).

Data Protection Office

The Data Protection Office (DPO) is an integral part of Europol and the initial point of contact for all data protection issues. The unit is headed by the Data Protection Officer, who is appointed by Europol’s Management Board following a proposal by the Executive Director.

The DPO, which acts independently, works closely with Europol staff, offering advice and guidance in line with best practice on the processing of personal data.

The data protection rules apply to all forms of personal data exchange between Europol and the Member States.

The DPO has access to all the data processed by Europol and to all Europol premises. Its main activity is ensuring legal compliance with the Council Decision defining Europol’s mandate as regards the processing of personal data, including that of Europol staff.

Accessing personal data at Europol

An individual can obtain information on whether any of their personal data processed in Europol’s systems and to have such data communicated to him or her, or checked. To this end, the individual can submit a request to Europol via the competent data protection authority of a Member State. At Europol, the DPO undertakes the necessary checks.

Joint Supervisory Body

While the DPO, though independent in the performance of its tasks, is an integral part of the organisation, the Joint Supervisory Body (JSB) carries out external checks.

The JSB consists of two representatives from each of the EU’s national data-protection authorities. Representatives are appointed by their Member States for a period of five years. Each delegation is entitled to one vote on the JSB.

These experts have significant experience in data processing in a law-enforcement environment. They frequently review Europol’s activities from a data-protection perspective. To this end, the JSB has the power to inspect all Europol files at any time. It invokes that right at least once a year by making an inspection visit to Europol’s premises in close cooperation with the DPO. Its inspection covers all of Europol’s processing operations, on the basis of which it delivers an extensive and detailed report that includes findings and recommendations. It also carries out ad hoc inspections as needed.

In addition to the aforementioned checks by the DPO and the JSB, each Member State has its own national supervisory body. In accordance with its national law, each Member State checks the transmission of personal data to and from Europol. Members of each of these national supervisory bodies also have access to the documents and premises of their Liaison Officers at Europol.

Accessing Europol documents

For information on how to access Europol documents, please visit the Public Access to Europol documents page.