In its latest newsletter EDPS informed the public it has inspected Europol. EDPS has this year focussed on the processing of data in the areas of terrorist financing, the fight against money laundering and illegal activities on the dark web. EDPS also checked Europol’s use of derogations to transfer personal data to third countries and the new practices involving Member States sending a larger volume of data to Europol.
EDPS will outline a number of recommendations for improvement in its inspection report and it will monitor Europol to ensure that Europol puts EDPS’ recommendations into practice.
The EDPS took over responsibility for supervising the processing of personal data for Europol’s operational activities on 1 May 2017. Since then, we have been cooperating continuously with Europol and closely monitoring their operational activities in order to develop a sound and effective supervision scheme. One of the supervisory tools granted to the EDPS under the Europol Regulation is regular on-site inspections.
In June 2019, we carried out our third annual inspection at Europol. This year, we decided to focus on the processing of data in the areas of terrorist financing, the fight against money laundering and illegal activities on the dark web. We also checked Europol’s use of derogations to transfer personal data to third countries. Subject to strict requirements, these transfers are only permitted in exceptional circumstances, such as to support investigations in the aftermath of a terrorist attack or to prevent an immediate and serious threat to public security.
Another point for inspection was a new practice by Member States that involves sending a larger volume of data to Europol. This new trend results from the larger amount of personal data available to law enforcement authorities at national level relating to criminal investigations and criminal intelligence operations. We also verified Europol’s encryption methodologies, and followed up on the implementation of selected recommendations from our previous inspection reports.
As for previous inspections, we benefited from the expertise of national data protection authorities (DPAs). This time, three experts from the DPAs of Germany, Greece and Italy joined the inspection as part of the EDPS team. The Member States are Europol’s main information providers so the participation of national experts in the inspection process helps to raise awareness of any problems arising at Europol level that might have originated at national level. This could include problems with data quality or insufficient justification for the processing of sensitive data or data on special categories of persons, such as minors. Back home, national experts can consider how to tackle these problems in their supervisory activities, helping to increase coordination between EU and national supervisory activities.
Having assessed the results of the inspection, we will outline a number of recommendations for improvement in our inspection report. Our close cooperation with Europol will continue, in order to ensure they put EDPS recommendations into practice.