According to a study by the law and policy consultant “milieu” on the practice of direct exchanges of personal data between Europol and private parties that was commissioned by the European Commission (and made public in November 2020), the revision of Europol’s current Regulation is strongly recommended. For the following types of scenarios, the report recommends either revising, changing, or amending the respective rules in Europol Regulation 2016/794:

• The sharing of personal data between Europol and private parties in the context of referrals;
• The sharing of personal data directly between Europol and private parties outside the context of referrals (proactive sharing);
• The sharing of personal data between national law enforcement authorities and private parties via Europol;
• Europol’s receipt of personal data from private parties via an intermediary.

Regarding the sharing of personal data between Europol and private parties in the context of referrals, the report finds the current system insufficient. For instance, emerging needs, such as the sharing of personal data with Europol beyond the data contained in the referrals, cannot be addressed. Looking at the practice of Europol receiving personal data from private parties via an intermediary, many issues seem to hinder the functioning this procedure, leading to missed opportunities for Europol to receive important datasets from private parties. Proactive sharing, i.e., private parties sharing personal data directly with Europol outside the context of referrals, is also rarely used.