For years, the EU police agency has been storing dumps of data on crime victims and witnesses. New legislation will legalise this practice. An exception should now apply to information Europol collected before it comes into force.
According to a proposal by the EU Commission for a new Europol regulation, the EU police authority is to be given even more far-reaching powers for its data collections. An Article 18a is envisaged, according to which Europol may keep personal data on victims and witnesses of crimes for a longer period of time. Under the current regulation, this is not allowed.
Three weeks ago, the European Data Protection Supervisor (EDPS) Wojciech Wiewiórowski therefore ordered Europol to delete data records on this category that are more than a year old. Accordingly, further storage is only possible for data on criminals. The governments of the EU member states now want to use a trick to circumvent this order. The new regulation is supposed to allow the questionable storage practice for victims and witnesses retroactively.
Data to lie dormant for three years
According to the Council’s proposal, the police authorities from which the information originates at Europol are to give their consent a second time for the continued storage. In this way, the once historical data will be given a new time stamp, which will also extend the retention period.
In a recital to the current negotiations, the Council even goes a step further. Europol should also be allowed to keep for at least 18 months personal data that has not yet been analysed by the investigators in The Hague. Europol would also be allowed to extend this period up to three years. The data protection commissioner would be informed, but not asked for permission.
The EDPS’s latest instruction marks the end of a procedure in which he has been investigating Europol’s storage practices since 2019. A year later, a warning letter followed in which Wiewiórowski demanded that Europol respond.
Data harvested from encrypted messenger services
Europol holds data on at least 250,000 suspects as well as a large number of their persons in contact. According to research by the British daily Guardian, this is said to amount to four quadrillion bytes. Much of the data is stored in the comprehensive “Europol Information System”, where it can also be searched. In addition, Europol keeps so-called “Focal Points”, which are analysis files on different areas of crime. Not all the information stored there is already accessible.
According to the will of the member states, the regulation should also make it possible to process data from the European Public Prosecutor’s Office and Eurojust, the EU agency for judicial cooperation in criminal matters. The new Article 74a is even to apply to third countries. This concerns, for example, hundreds of millions of data records obtained by Europol from investigations into the cracked encrypted messenger services Encrochat and SkyECC. Biometric “battlefield evidence” such as from Iraq or Afghanistan, which is transmitted to Europol by the US military via the FBI, also contains information on the contact persons of suspected criminals.
Europol to be able to initiate national investigations
The new Europol regulation is to be adopted this year. The provisions contained therein are currently being discussed between the Council and the Parliament. Today, the negotiators met in a “technical trialogue”. This is also the origin of the so-called “four-column document”, in which the French Presidency has inserted the “transitional measure” in a newly added Article 74a. The Parliament must now develop a position on this. The first “political trialogue” will take place on 1 February.
Before that, however, the negotiators from the Council and the Parliament have to clear up further difficult issues. One of these “packages” concerns the permission for Europol to request investigations in a member state even if it is not a cross-border case. Up to now, Europol could only coordinate cases involving at least two member states.
The French Presidency now proposes as a “compromise” that the request for national investigations be made by the Director and only have the status of a proposal. The requested member state can follow it up at its own discretion.
Will Europol investigate abusive Interpol arrest warrants?
The Parliament also wants to enforce the establishment of a post for a fundamental rights commissioner. The Council proposes that this person be appointed by the Europol Director. In addition, the Joint Supervisory Committee of members of national parliaments and MEPs is to be strengthened. However, this should continue to be only a political control. In this way, Europol’s operational activities will remain uncontrollable.
A red line for the Member States, however, is a demand by the Parliament that Europol should examine arrest warrants distributed via Interpol for possible misuse for political purposes. This is known, for example, from Turkey, Ukraine and Russia. The Council had therefore instructed the Commission to coordinate a joint approach by the Member States. However, the initiative has been dormant for four years.
Image: As part of the Encrochat and Sky-ECC investigations, Europol obtained hundreds of millions of data records, which are now to be retained (Gendarmerie Nationale).