New Europol rules massively expand police powers and reduce rights protections
The new rules governing Europol, which came into force at the end of June, massively expand the tasks and powers of the EU’s policing agency whilst reducing external scrutiny of its data processing operations and rights protections for individuals.
Given Europol’s role as a ‘hub’ for information processing and exchange between EU member states and other entities, the new rules thus increase the powers of all police forces and other agencies that cooperate with Europol, argues the report, Empowering the police, removing protections.
New tasks granted to Europol include supporting the EU’s network of police “special intervention units” and managing a cooperation platform for coordinating joint police operations, known as EMPACT. However, it is the rules governing the processing and exchange of data that have seen the most significant changes.
Europol is now allowed to process vast quantities of data transferred to it by member states
Europol is now allowed to process vast quantities of data transferred to it by member states on people who may be entirely innocent and have no link whatsoever to any criminal activity, a move that legalises a previously-illegal activity for which Europol was admonished by the European Data Protection Supervisor.
The agency can now process “investigative data” which, as long it relates to “a specific criminal investigation”, could cover anyone, anywhere, and has been granted the power to conduct “research and innovation” projects. These will be geared towards the use of big data, machine learning and ‘artificial intelligence’ techniques, for which it can process sensitive data such as genetic data or ethnic background.
Europol can now also use data received from non-EU states to enter “information alerts” in the Schengen Information System database and provide “third-country sourced biometric data” to national police forces, increasing the likelihood of data obtained in violation of human rights being ‘laundered’ in European policing and raising the possibility of third states using Europol as a conduit to harass political opponents and dissidents.
“Europol has landed itself in hot water with the European Data Protection Supervisor three times in the last year for breaking data protection rules – yet the EU’s legislators have decided to reduce the EDPS’ supervisory powers. Independent, critical scrutiny and oversight of the EU’s policing agency has never been more needed.” – Yasha Maccanico, a Researcher at Statewatch
The new rules substantially loosen restrictions on international data transfers, allowing the agency’s management board to authorise transfers of personal data to third states and international organisations without a legal agreement in place – whilst priority states for international cooperation include dictatorships and authoritarian states such as Algeria, Egypt, Turkey and Morocco.
Reduction of the independent external oversight
At the same time, independent external oversight of the agency’s data processing has been substantially reduced. The threshold for referring new data processing activities to the European Data Protection Supervisor (EDPS) for external scrutiny has been raised, and if Europol decides that new data processing operations “are particularly urgent and necessary to prevent and combat an immediate threat,” it can simply consult the EDPS and then start processing data without waiting for a response.
The agency is now required to employ a Fundamental Rights Officer (FRO), but the role clearly lacks independence: the FRO will be appointed by the Management Board “upon a proposal of the Executive Director,” and “shall report directly to the Executive Director”.
“The proposals to increase Europol’s powers were published six months after the Black Lives Matter movement erupted across the world, calling for new ways to ensure public safety that looked beyond the failed, traditional model of policing. With the new rules agreed in June, the EU has decided to reinforce that model, encouraging Europol and the member states to hoover up vast quantities of data, develop ‘artificial intelligence’ technologies to examine it, and increase cooperation with states with appalling human rights records.” – Chris Jones, Director of Statewatch
The report has been published alongside an interactive ‘map’ of EU agencies and ‘interoperable’ policing and migration databases, designed to aid understanding and further research on the data architecture in the EU’s area of freedom, security and justice.
The article was first published by Statewatch here.
Contribution by: EDRi member, Statewatch