Right of access

Under Article 36 of the Europol Regulation[1] , any individual is entitled to obtain information on whether personal data relating to him or her are processed by Europol. There is no charge for exercising this right.

Type of information

Europol shall provide the requester with the following information:

  • confirmation as to whether or not data related to him or her are being processed;
  • information on at least the purposes of the processing operation, the categories of data concerned, and the recipients or categories of recipients to whom the data are disclosed;
  • an indication of the legal basis for processing the data;
  • the envisaged period for which the personal data will be stored;
  • the existence of the right to request from Europol rectification, erasure or restriction of processing of personal data concerning the data subject.

The requester has the right to receive in an intelligible form the data undergoing processing and any available information as to Europol’s sources.

According to Article 36 (6) of the Europol Regulation, the provision of information in response to any request may be refused or restricted if such refusal or restriction constitutes a measure that is necessary in order to:

  1. enable Europol to fulfil its tasks properly;
  2. protect security and public order or prevent crime;
  3. guarantee that any national investigation will not be jeopardised; or
  4. protect the rights and freedoms of third parties.

How to exercise your right of access

According to Article 36 (3) of the Europol Regulation, you can exercise your right of access by making a request to the authority appointed for that purpose in the Member State of your choice. Your request will then be sent to Europol without delay and in any case within one month of receipt.

After receiving the request, Europol should provide you with an answer without undue delay and in any case within three months of receiving it from the national authority.

Where to direct a request for access

To exercise your right of access you should send a written request for access to one of the following competent authorities listed below. You may choose to which of these authorities to make your request to. The right of access will be exercised in accordance with the law of the Member State in which that authority is located

National Competent Authorities

België/Belgique

Commission de la protection de la vie privée
Drukpersstraat/Rue de la Presse 35
1000 Brussel/Bruxelles
België/Belgique
Fax: +32 2 274 48 35
E-mail / Website

Bulgaria

Ministry of Intrerior
29, Shesti Septemvri Str.
1000 - SOFIA
E-mail / Website

Cyprus

Office of the Commissioner for Personal Data Protection
1 Iasonos Street - 2nd floor
CY - 1082 - NICOSIA or
P.O.Box 23378, 1682 - NICOSIA
Fax: +357 22 304 565
E-mail

Czech Republic

Policie Ceské republiky
Policejní prezidium ÈR
Strojnická 27 or Pošt. schr. 62/OKFK,
170 89 - PRAGUE - 7
Fax: 974 863 814
E-mail

Danmark

Rigspolitichefen
Afdeling A - Polititorvet 14
1780 København V
Danmark
Fax: +45.3319 3218
E-mail

Deutschland

Bundeskriminalamt
Thaerstraße 11
D-65193 Wiesbaden
Deutschland
Fax: 00-49-228 997799 550
E-mail / Website

Ellas

Hellenic Data Protection Authority
1-3 Kifissias Ave
115 23 Athens
Ellas
Fax: +30.2.10.64.75.628
E-mail

 

 

España

Unidad Nacional Europol-España
Comisaría General de Policía Judicial de la Dirección General de la Policía
C/Julián González Segador s/n
28043 Madrid
España
Fax: +34.91.447.10.92
E-mail / Website

 

Estonia

Data Protection Inspectorate (Control Department)
Väike-Ameerika 19
115 23 Athens
EE 10129 - TALLINN
Fax: +372 6274 137
E-mail

France

Commission Nationale de l'Informatique et des Libertés (CNIL)
8 rue Vivienne
CS 30223 F-75083 PARIS CEDEX 02
France
Fax: +33.1.53.73.22.00
Website:

Hungary

National Police Headquarters SIRENE Office
Teve u. 4-6
H-1139 - BUDAPEST
E-mail
Office for Data Protection and Freedom of Information
Szilágyi Erzsébet fasor 22/C
H-1125 - Budapest
Fax: +36 1 269 3541
E-mail / Website

Ireland

Data Protection Commissioner
Block 6, Irish Life Centre
Lower Abbey Street
Dublin 1
Ireland
Fax: +353.57.868.4757
E-mail

Italia

Garante per la Protezione dei Dati Personali
Piazza di Monte Citorio 121
I-00186 Roma
Italia
Fax: +39.06.681.86.69
E-mail / Website

Latvia

Data State Inspectorate of Latvia
Blaumana iela 11/13-15,
LV 1011 - RIGA
Fax: +371 6722 3556
E-mail

Lithuania

State Data Protection Inspectorate
A. Juozapaviciaus str. 6 / Slucko str. 2
09310 - VILNIUS
Fax: +370 5 261 94.94
E-mail

Luxembourg

Commission Nationale pour la Protection des Données
1, avenue du Rock'n'Roll L-4361 Esch-sur-Alzette
Fax: +352.47.05.50
Website

Malta

Office of the Data Protection Commissioner
2, Airways House, High Street
SLM 1549 - SLIEMA
Fax: +356 2328 7198
E-mail / Website

Nederland

Korps Landelijke Politiediensten (KLPD)
Division IPOL
Attn. of the Privacy Officer
P.O.box 3017
2700 KX ZOETERMEER
Nederland
E-mail

Österreich

Bundesministerium für Inneres
Postfach 100
A-1014 Wien
Österreich
Fax: +43.1.531.15.26.90
E-mail

Poland

Inspector General for the Protection of Personal Data (Biuro Generalnego Inspektora - Ochrony Danych Osobowych)
ul Stawki 2, 00 193 Warsaw
Fax: +48 22 860 70 90
E-mail / Website

Portugal

Comissão Nacional de Protecção de Dados
Rua de S.Bento 148-3°
P-1200-821 LISBOA
Portugal
Fax: +351.21.397.68.32
E-mail / Website

Romania

National Supervisory Authority for personal data processing
Bd. Gral. Gh. Magheru no. 28-30, 5th floor, 1st District
010336 - BUCHAREST
Fax: +40 21 2525757
E-mail / Website

Slovenia

Policija, Ministrstvo za notranje zadeve
Štefanova 2
1501 - LJUBLJANA
Fax: +386 1 428 4733
E-mail

Slovak Republic

Ministerstvo Vnútra Slovenskej Republiky
Pribinova 2
81272 - BRATISLAVA
Fax: + 421 2 5094 4397
Website

Suomi/Finland

Central Criminal Police
Jokiniemenkuja 4
PL 285
FIN-01301 Vantaa
Suomi/Finland
Fax: +358.10.36.66735
E-mail / Website

Sverige

National Police Board
PO Box 12256
S-102 26 Stockholm
Sverige
Fax: +46.8.650.86.13
E-mail

United Kingdom

National Criminal Intelligence Service
PO Box 8000
London
SE11 5EN
United Kingdom

How to exercise your right to rectification, erasure and restriction

Under Article 37 of the Europol Regulation any data subject having already accessed personal data concerning him or her, processed by Europol, have the right to request Europol, through the authority appointed for that purpose in the Member State of his or her choice, to rectify personal data concerning him or her held by Europol if they are incorrect or to complete or update them and have the right to request Europol to erase personal data relating to him or her if they are no longer required for the purposes for which they are collected or are further processed. That authority shall refer the request to Europol without delay and in any case within one month of receipt.

Europol shall inform you in writing without undue delay, and in any case within three months of receipt of a request, that data concerning you have been rectified, erased or restricted.

Within three months of receipt of your request, Europol shall inform you in writing of any refusal of rectification, erasure or restricting, of the reasons for such a refusal and of the possibility of lodging a complaint with the EDPS and of seeking a judicial remedy.

Europol’s tasks

According to Article 36 (5) Europol shall consult the competent authorities of the Member States and the provider of the data concerned prior taking a decision regarding your request for access.

A decision on access to personal data shall be conditional on close cooperation between Europol and the Member States and the provider of the data directly concerned by the access of the data subject to such data.

If a Member State or the provider of the data objects to Europol's proposed response, it shall notify Europol of the reasons for its objection. Europol shall take the utmost account of any such objection.

Europol shall subsequently notify its decision to the competent authorities concerned and to the provider of the data.

Europol shall restrict rather than erase personal data if there are reasonable grounds to believe that erasure could affect the legitimate interests of the data subject. Restricted data shall be processed only for the purpose that prevented their erasure.

If personal data held by Europol have been provided to it by third countries, international organisations or Union bodies, have been directly provided by private parties or have been retrieved by Europol from publicly available sources or result from Europol's own analyses, Europol shall rectify, erase or restrict such data and, where appropriate, inform the providers of the data.

If personal data held by Europol have been provided to Europol by Member States, the Member States concerned shall rectify, erase or restrict such data in collaboration with Europol, within their respective competences. If incorrect personal data have been transferred by another appropriate means or if the errors in the data provided by Member States are due to faulty transfer or transfer in breach of this Regulation or if they result from data being input, taken over or stored in an incorrect manner or in breach of this Regulation by Europol, Europol shall rectify or erase such data in collaboration with the provider of the data concerned. In the above-mentioned cases, all addressees of the data concerned shall be notified forthwith. In accordance with the rules applicable to them, the addressees shall then rectify, erase or restrict those data in their systems.

Right to lodge a complaint with the EDPS

Under Article 47 of the Europol Regulation, you have the right to lodge a complaint with the European Data Protection Supervisor (EDPS)[2] if you consider that the processing by Europol of personal data relating to you does not comply with the Europol Regulation.

Where a complaint relates to a decision taken on the right of access or right to rectification, erasure or restriction, the EDPS shall consult the national supervisory authorities of the Member State that provided the data or the Member State directly concerned. In adopting his or her decision, which may extend to a refusal to communicate any information, the EDPS shall take into account the opinion of the national supervisory authority.

Where a complaint relates to the processing of data provided by a Member State to Europol, the EDPS and the national supervisory authority of the Member State that provided the data.

shall, each acting within the scope of their respective competences, ensure that the necessary checks on the lawfulness of the processing of the data have been carried out correctly.
Where a complaint relates to the processing of data provided to Europol by Union bodies, third countries or international organisations, or of data retrieved by Europol from publicly available sources or resulting from Europol's own analyses, the EDPS shall ensure that Europol has correctly carried out the necessary checks on the lawfulness of the processing of the data.

Right to a judicial remedy against the EDPS

According to Article 47 of the Europol Regulation any action against a decision of the EDPS shall be brought before the Court of Justice of the European Union.

Other rights

Under Article 42(4) of the Europol Regulation, you have the right to request the national supervisory authority to verify the legality of any transfer or communication to Europol of data concerning you in any form and of access to those data by the Member State concerned. That right shall be exercised in accordance with the national law of the Member State in which the request is made.


[1]Regulation (EU) 2016/794 of the European Parliament and of the Council of 11 May 2016 on the European Union Agency for Law Enforcement Cooperation (Europol) and replacing and repealing Council Decisions 2009/371/JHA, 2009/934/JHA, 2009/935/JHA, 2009/936/JHA and 2009/968/JHA, OJ L 135, 24.5.2016, p. 53–114.

[2] EDPS postal address: Rue Wiertz 60, B-1047 Brussels, Belgium E-mail | Website