The EU police agency gets a new legal basis after six years. The expansion of its powers is hardly matched by new possibilities for supervision. A parliamentary control group even proves to be a driver for the expansion of an already powerful agency.
The EU Parliament has voted by a large majority to extend Europol’s powers. The negotiators of the Home Affairs Committee and the Council had agreed on the new regulation in February. With 480 votes in favour, 143 against and 20 abstentions, it was now approved in plenary.
The new text considerably expands the powers of the police agency based in The Hague. As in the investigations into the encrypted messenger services Encrochat and SkyECC, Europol will in future be allowed to receive millions of pieces of data from private companies in order to analyse them. Also in the area of crimes against the sexual self-determination of children, Europol will in future receive large data sets from companies and process them forensically.
More research and development
The EU police authority is also to carry out its own research and innovation projects and has 33 employees and a budget of €45 million for this purpose. Europol is currently building up its own decryption capabilities, using a supercomputer from the EU Research Agency. Europol has also developed an “automated data extraction tool” for investigations into large data sets.
In the future, Europol also wants to be able to track crypto-wallets. In addition, the agency is working on the introduction of “artificial intelligence” procedures for law enforcement as well and is involved in various EU security research projects to this end. According to the new regulation, the algorithms may also be trained with “real” data from private companies.
Scrutiny of suspicious surveillance investments
MEPs had proposed that Europol should be responsible under the new regulation for checking Interpol arrest warrants for their misuse. However, Member States in the Council and the Commission had opposed this.
As “compensation”, the Council agreed to the Parliament’s demand that Europol be allowed to check “foreign direct investment” by companies producing surveillance technologies. If Europol suspects a threat to security or public order, the EU can decide on measures against the companies from third countries.
Deletion of data of unsuspected persons bypassed
The regulation must now be formally adopted by the Council. It will then be published in the Official Journal of the European Union and thus enter into force immediately. This should happen in June at the latest, because otherwise the deletion of large data sets would have been threatened.
The European Data Protection Supervisor had criticised that Europol also stores data on persons who are not even suspects without a legal basis. With the new regulation, this is now also allowed retroactively.
This is criticised by pirate Patrick Breyer, among others. Today’s vote would “legalise Europol’s illegal activities” instead of stopping them, said the MEP. Europol stores and processes mobile phone location data and passenger lists of people who are not connected to criminal activities on a large scale. “Innocent citizens” therefore run the risk of being wrongly suspected of a criminal offence.
Europol to enable private requests for information
The new powers come with only a little more supervision and control. Parliament had demanded that Europol create a new post for a fundamental rights officer. However, the commissioner is not authorised to issue instructions to Europol employees.
In addition, the European Data Protection Supervisor (EDPS) should be involved in the processing of personal data by Europol and cooperate with the agency’s Data Protection Officer.
In future, it should be possible for citizens of EU member states to obtain information from Europol on their own data stored there.
German misunderstanding of parliamentarian control
The Europol Regulation was last renewed in 2016. It also provides for a “Joint Parliamentary Control Group” (JPSG), which was established by the parliaments of the member states in 2018. It consists of members of the European Parliament and the national parliaments, each of which sends four representatives.
The JPSG meets twice a year. Europol and the Commission praise the body as promoting transparency. However, due to its sheer size, the group is practically incapable of acting. It is true that MEPs can put questions directly to Europol through the mechanism. However, real control is hardly possible, because parliaments do not receive classified reports and cannot supervise day-to-day operations.
Actually, the JPSG should be fundamentally sceptical about the expansion of Europol, but the opposite is the case. During the German Council Presidency, for example, the Interior Minister of Lower Saxony, Boris Pistorius, took over the co-chairmanship in the second half of 2020. The SPD politician used his function to spread the demand to “further strengthen and adequately equip Europol”. Although this even contradicts the EU treaties, Pistorius called for Europol to develop into a “European FBI”.