On 5 October 2020, the EDPS published a decision on its inquiry concerning Europol’s processing of “large datasets,” i.e., contributions received from Member States and other operational partners or collected in the context of open source intelligence activities.

The EDPS found that Europol’s processing of large datasets does not comply with the principle of data minimisation as set out in the Europol Regulation. It therefore admonishes Europol to implement all necessary and appropriate measures to mitigate the risks to data subjects created by the processing of large datasets.

Europol has been given two months to inform the EDPS of an action plan to address this admonishment and six months to take action. The EDPS decision is based on an own-initiative inquiry that started in 2019 when the EDPS examined the use of big data analytics by Europol for purposes of strategic and operational analysis. The EDPS said that he will also forward his decision to the Europol Cooperation Board – the newly established forum in which the EDPS discusses common issues with the national data supervisory authorities – because a large part of the information the decision refers to is shared by national law enforcement authorities.