On 14 November 2019, the European Data Protection Supervisor (EDPS) published his inspection report on Europol’s compliance with Article 4 of the TFTP Agreement (Agreement between the EU and the USA on the processing and transfer of Financial Messaging Data from the EU to the US for the purposes of the Terrorist Finance Tracking Program (O.J. L 195, 27.7.2010)). Europol’s role under the Agreement is to make sure that the data on financial transfers requested by the US and stored in EU territory is necessary for the fight against terrorism and the financing of terrorism and that each request is defined as narrowly as possible.

In general, the report concludes that Europol does a good job of verifying US requests. Nevertheless, the report outlines eight recommendations for Europol to consider when carrying out these activities. The most important recommendation set forth by the EDPS is for Europol to be able to ask US authorities for additional information when checking that their requests actually meet necessity requirements in terms of countries and message types. Other recommendations concern, for instance, the verification process and security measures.