CCBE Position on Europol Reform
In a position paper issued on 6 May 2021, the Council of Bars and Law Societies of Europe (CCBE) criticised various aspects of the Commission proposal on a reform of current Europol Regulation 2016/794, which was tabled in December 2020 (→ eucrim 4/2020, 279). In the paper, the CCBE informs the EU legislator and policy makers about several standards that should be upheld in the Europol Regulation and makes several recommendations:
- Ensuring that the technology used to collect, process, and exchange personal data among private companies and/or law enforcement authorities/Europol does not interfere with the rules on professional secrecy or legal professional privilege;
- Laying down clearer and more precise provisions with regard to the concepts of “national security/extremism/terrorism/crisis” that would justify the exchange of personal data between Europol and private parties according to the proposal;
- Strengthening democratic oversight of Europol’s activities by the Joint Parliamentary Scrutiny Group (JPSG);
- Reinforcing the legal remedies that are conferred on data subjects within Europol itself;
- Acknowledging independent judicial supervision at all stages of the procedure if data relating to lawyer-client communication are accessed;
- Incorporating strong safeguards for the transfer of personal data by Europol to private parties, which should include the ban on transferring data protected by professional secrecy or legal professional privilege and the guarantee that data are adequate, relevant, and up-to-date before any transmission is made;
- Refraining from the idea that Europol should take the lead in the development of artificial intelligence (AI) solutions for law enforcement purposes, given the risk of bias and discrimination when using AI tools;
- Defining more clearly the scope of Europol’s new research and innovation activities and reconsidering the safeguards and controls on Europol in this field.
Before any further legislation is enacted, the CCBE calls on Europol and the competent European institutions to first tackle the potentially unlawful processing of a vast amount of personal data (as stated by the EDPS in his inquiry decision of autumn 2020 (→ eucrim 3/2020, 169)). Given that the current Europol Regulation 2016/794 earmarked a comprehensive evaluation of Europol by May 2022 and given the said admonishment of the EDPS, the CCBE considers the EU legislator’s current plan to strengthen Europol’s mandate premature and hasty.