In early January 2025, the European Datat Protection Supervisor (EDPS) reprimanded Frontex for failing to comply with its Regulation (Regulation (EU) 2019/1896) when transmitting the personal data of suspects of cross-border crimes to Europol. During an audit (carried out in autumn 2022), the EDPS discovered that Frontex had systematically and proactively exchanged information with Europol - without any assessment of the necessity for such an exchange. The EDPS mainly focused on debriefing interviews by Frontex of individuals intercepted while crossing external borders. Specifically, according to the EDPS, Frontex did not assess whether the exchange of information with Europol on persons reported as suspects of cross-border crime was strictly necessary for Europol to fulfil its mandate, as required by the Frontex Regulation.

As Frontex stopped sharing information with Europol five days after the adoption of the EDPS's audit report and as the wrongdoing has not continued since then, the EDPS decided to let the matter rest at a reprimand. In the meantime, Frontex and Europol have begun to define criteria in order to assess whether the collection of certain information is strictly necessary for Europol to fulfil its mandate and to establish detailed rules for its exchange.