Europol
EU proposes tech-backed expansion of Europol policing agency
Enhanced powers to collect and share data are at the heart of EU plans to expand Europol, putting it at loggerheads with human rights groups
The European Commission has unveiled plans to double the budget of Europe’s policing agency, Europol, giving it new powers to collect and share personal data and fund a huge increase in the agency’s deployment of technology.
Under the proposals, which will see Europol’s funding double to $3bn, the policing agency is set to develop advanced technological capabilities that will allow it to share data with European police forces and collaborate in real time.
It will also include a rewriting of Europol’s mandate to give it greater freedom to collect and share personal data, including data on people who have not been suspected of a crime, setting it on a collision course with human rights and privacy groups.
The European Union (EU) proposal establishes a police shared data space to be built on Europol cloud infrastructure that will provide law enforcement agencies across the EU with a shared operating environment to collaborate on cross-border investigations.
Investigators from different EU member states will be able to share information, conduct joint analysis, communicate securely in real time and develop a “shared operational picture” of criminal networks operating across borders.
Police shared data space
The police shared data space, supported by analytical tools developed by Europol, will make it easier to identify links between investigations, uncover criminal networks and coordinate action across multiple countries, according to a fact sheet published by the European Commission.
“The police shared data space represents a major step towards a more connected, secure and resilient European security architecture,” it states.
The proposals also call for the creation of a technology and innovation hub that will support EU member states in joint research and development projects into policing capabilities.
The commission is also proposing to update the data protection regulation for EU institutions and bodies to allow “more effective cooperation” across EU criminal justice institutions.
It will also strengthen the mandate of the EU agency for criminal justice cooperation, Eurojust, and will make it easier for member states to apply for European Investigation Orders to gather criminal evidence from other member states.
Henna Virkkunen, executive vice-president for tech sovereignty, security and democracy, said the measures would allow Europol to respond faster to criminals operating online.
“With today’s proposals, we are strengthening both Europol and Eurojust so that Europe can respond faster, including in the fight against online criminal activities, share information more effectively, and bring criminals to justice more efficiently,” she added.
Europol criticised for privacy breaches
The European Data Protection Supervisor has repeatedly criticised Europol for going beyond its legal remit, by collecting and processing data in breach of data protection laws, including collecting data on people with no connection to criminality.
An investigation by Computer Weekly, Correctiv and Solomon revealed that Europol stored petabytes of crime-related data on a network that operated for years without scrutiny from regulators, despite significant privacy and security flaws.
Members of the European Parliament subsequently wrote to the European Commission raising concerns over “systematic governance” failures in Europol, and the EU’s border and coast guard agency, Frontex.
The latest proposals have set the EU on a collision course with campaign groups who point out that under the proposed changes, weaker data protection measures would mean that anyone could have their personal data stored and processed by Europol.
Collision course with human rights groups
The campaign group, Protect Not Surveil, a coalition of human rights and privacy groups, said the mandate introduces the automatic and systematic upload of information exchanged and managed by national police forces, which would increase the number of people whose personal data is accessed by Europe.
The proposal also legalises previously unregulated IT systems by establishing a Europol Analytical Environment, alongside a Europol Cloud Infrastructure and the Police Shared Data Space, the groups claim.
“The new mandate fundamentally undermines data categorisation obligations, allowing Europol to process personal data indiscriminately – regardless of whose data it is – including data from people with no link to crime,” the coalition said.
The proposals mainstream the use of biometric data to identify and surveil people on Europol’s analytical platform by lowering the threshold for processing sensitive data, in contradiction to the Court of Justice of the EU’s case law.
Europol will also be able to proceed with sensitive data processing operations without prior approval of the European Data Protection watchdog, the European Data Protection Supervisor (EDPS), if the EDPS fails to provide an opinion within two months, and Europol deems the work “urgent and necessary”.
The EDPS will no longer have jurisdiction over Europol when it deviates from its own legal framework, as oversight powers will be passed to an internal Europol data protection officer, the groups claim.
Chloé Berthélémy, senior policy advisor at European Digital Rights, one of the coalition members, said the European Commission had rewarded Europol’s misconduct by doubling its budget and normalising its unlawful data practices.
“The new mandate grants the rogue agency all its wildest wishes and continues its transformation into a data black hole – swallowing our fundamental rights, and undermining justice, safety and accountability,” she added.
Read more about Europol
- ‘They protect the law while breaking it’ – inside Europol’s shadow IT system: Under pressure to deliver in the fight against serious cross-border crime, Europol built and operated a shadow data analysis platform containing large volumes of sensitive information, which operated without key legal and technical safeguards.
- MEPs call for greater scrutiny of Europol following concerns over shadow IT: Expansion of Europol’s mandate should be paused while allegations investigated, say MEPs.
- MEPs urge European Commission to take action over Europol’s shadow IT: MEPs have written to the European Commission calling for action following revelations that Europol and Frontex processed, stored and transferred personal data in ways that raise serious concerns about compliance with EU law.
- The EU’s law enforcement agency has been quietly amassing data to feed an ambitious but secretive AI development programme that could have far-reaching privacy implications.
- Europol wants examples of police investigations hampered by end-to-end encryption as it pressures tech companies to provide law enforcement access to encrypted messages.
Read more on Information technology in France
-
![]()
MEPs urge European Commission to take action over Europol’s shadow IT
By: Bill Goodwin
-
![]()
MEPs call for greater scrutiny of Europol following concerns over shadow IT
By: Bill Goodwin
-
![]()
‘They protect the law while breaking it’: Inside Europol’s shadow IT system
-
![]()
Top 10 surveillance, journalism and encryption stories of 2025
By: Bill Goodwin
