The EU wants to pull together more. In the future, this should not only be the case economically and politically. The Europol Act, which will come into force in June of this year, also aims to expand the competence of the EU’s police body of the same name. This will also entail new powers, particularly with regard to digital data traffic. The EU interior ministers hope that this will lead to more effective cooperation between the EU member states. Is this the creation of a counterpart to the U.S. FBI?
Law enters into force surprisingly quickly
From a legislative point of view, the Europol law is a real sprinter. After all, it is not uncommon for a new law to take several years to enter into force at the EU level. Given the complicated and lengthy legislative process at the EU level, this is not really surprising. The idea for the new Europol law was first voiced by the EU Commission in 2020. At the end of 2020, the first version was circulated. And now, barely one and a half years after the first version, the law is to come into force – that is anything but typical. The EU interior ministers gave the final green light. So nothing stands in the way of the new law.
An eventful history
On the occasion of the new law, it is quite appropriate to review the history of Europol. It all began in 1999, when the European Council decided that a joint so-called “European Police Office” should begin its work. However, this was by no means the first joint police operation within the EU. Rather, it was a kind of bundling of several smaller EU police forces, which had previously dealt with problems such as cross-border drug-related crime. In this context, Europol generally only ever took up its work when serious crimes were involved that affected not just one but several EU states.
Powers were expanded piece by piece
What sounded like a good thing in theory turned out to have some teething problems in practice. For example, effective policing by Europol generally faced many questions around jurisdiction and, more importantly, powers. Since Europol was not really allowed to take action itself, but only to act as a support for the police forces of the member states, its effectiveness was quickly questioned. However, it did not take long for the powers to be extended. In 2009, the European Council decided that Europol would henceforth also be allowed to take preventive action. This was intended to combat serious crimes in advance. In addition to the permission to work preventively, other new powers were added in 2009. For example, Europol was henceforth responsible for “major international events”.
But the 2009 changes also brought Europol into the digital age of crime fighting. It was promised that it would be allowed to build up extensive databases on possible criminals. In the meantime, these databases are full to the brim. The data stores contain information on almost 1.5 million people and other important events. Since the gigantic masses of data also have to be clean in terms of data protection law, EU policymakers came up with a new regulation in 2016. This not only facilitated the storage of personal data. On top of that, the right to query data was linked to the purpose of the query. Only if the process really had something to do with the relevant data was the query granted.
The role of the data protection officer is weakened
This all sounds like a gigantic data quagmire, not without reason, which could cause all kinds of trouble in the wrong hands. So it is all the more understandable that Europol has always been under the watchful eye of the European Data Protection Supervisor. The latter was supposed to ensure that police work did not collide with the data protection rights of the European population. Now it turns out that the important role of the Data Protection Supervisor will be weakened with the entry into force of the new Europol law. The highest European guardian of data protection law is Wojciech Wiewiórowski, and he is clearly not pleased with Europol’s storage practices. After all, according to a report by The Guardian, Europol is supposed to store a lot of data on people who are not suspects at all.
When Wiewiórowski was informed about the questionable practice, he ordered Europol to delete the total of four quadrillion bytes of data. However, the order is now likely to come to nothing. Why? According to the new Europol law, the European police authority is authorized to keep personal data for up to three years. This does not require the involvement of the European Data Protection Supervisor. Consequently, the new Europol law is a real blow for all data protectionists. But that is not all. On top of that, experts have been complaining for years that the so-called “Parliamentary Control Group” is not an effective supervisory body of Europol. Since every single member state is involved here, this body simply proves too inflexible, which is why meaningful controls are not possible at all.
Is Europol becoming a data octopus?
Many a politician within the EU not infrequently looked enviously at our partner in the United States of America with regard to Europol. There, the FBI, as the federal police, takes care of the concerns of all federal states. The FBI always takes action when the seriousness of the crime allows it or when several states are affected. Europol does not have nearly as many powers, but is clearly headed in a similar direction. Once again, the new Europol law does not stipulate that the European police agency may independently carry out operational measures such as arrests. But the “ATLAS group”, which belongs to Europol, represents a huge special commando that can take action in an emergency. In the digital age, however, the power of an authority does not necessarily have to be related to its operational powers. Rather, power belongs to those who can collect a lot of data. And with the new version of the Europol law, this is definitely the case.
Here, EU policy is focusing on even more far-reaching data collections to help fight serious crime. In particular, this also involves chat histories from so-called “encrochats.” The encrypted messenger is used in particular by criminals in the field of drug-related crime. Just last year, Europol passed on the collected data to relevant member states to help with arrests. But there is a catch to the whole thing. The Encrochat data was not captured by Europol, but by the French secret service. So will we have to prepare for close cooperation between Europol and the intelligence services of individual EU member states in the future? If the new Europol law is anything to go by, the police authority is expressly permitted to do so. But it goes even further. In the future, Europol will even be allowed to cooperate with the intelligence services of third countries. By the way, the European Council rejected a classification as “trustworthy third countries”.
Europol as a pioneer of modern crime fighting
Furthermore, Europol is henceforth to play a role as a research institution. In particular, modern ways of fighting crime are in the foreground. In addition to modern drones, artificial intelligence naturally plays a major role for prevention. A powerful quantum computer is to be used for the AI. This should probably also help with the processing of the gigantic amounts of data. But how will all this be paid for? Of course, the budget of the European Police Authority is growing along with its powers. Compared to last year, it has already increased by almost 20 million euros this year to a total of 193 million euros. Anyone who now fears that personal data is stored at Europol can ask the authority for information. However, they may also simply refuse to do so.