The EDPS published on 23 January 2024 an Opinion on a Regulation to enhance police cooperation to prevent, detect, and investigate the smuggling of migrants and the trafficking of human beings, and to reinforce the role of the EU Agency for Law Enforcement Cooperation (Europol) in preventing and combating these crimes.
The EDPS makes a series of recommendations on four key issues in the proposed Regulation that could have an important impact on individuals’ personal data and privacy. This includes the increased processing of biometric data; the role of the European Border and Coast Guard Agency (Frontex) in its cooperation with Europol; transfers of personal data by Europol to countries outside the EU/European Economic Area (EEA); and Europol’s support to the competent authorities of the EU Member States. The EDPS’ Opinion also takes into account the findings and ongoing work of its supervisory activities regarding Europol and Frontex.
With this Opinion, the EDPS aims to strike a balance between helping the EU address illegal migration and keeping individuals and their personal data safe.
Wojciech Wiewiórowski, EDPS, said: “The fight against the smuggling of migrants and trafficking of human beings is an important objective of general interest. Nevertheless, I stress that there is no evidence that the measures envisaged in the Regulation are actually justified. I take the lack of an impact assessment as worrying, given the nature of the personal data at stake - sensitive biometric data - and that vulnerable people may be involved - migrants -. The EDPS considers that this should not constitute a precedent for any future legislation having comparable impact on the fundamental rights to privacy and data protection”.
Detailing its recommendations, the EDPS highlights the risks posed by the envisaged increase of the processing of biometric data, including facial recognition, by Europol. In its Opinion, the EDPS’ advice is clear: it is necessary to establish mechanisms and clear binding rules that provide appropriate safeguards to mitigate the risks posed to individuals.
The EDPS notes that the Regulation plans for a stronger cooperation between Europol and Frontex. In its Opinion, the EDPS submits that the role, limits and procedures to be followed by Frontex when performing its tasks to support Europol and the EU Agency for Criminal Justice Cooperation (Eurojust) and law enforcement authorities of the EU Member States should be clarified. Frontex should not turn into a law enforcement agency, adds the EDPS in its recommendations.
The Regulation provides for transfers of personal data outside the EU/EEA by Europol to be made based on derogations (exemptions) from the general rules on transfers of personal data. In its Opinion, the EDPS warns that the use of such exemptions should not lead to systematic, massive or structural transfers of personal data. In light of this, the EDPS advocates for the use of structural tools for transfers of personal data instead.
In relation to Europol’s investigative activities to support EU Member States, the EDPS recommends clarifying the responsibilities allocated to the competent authorities in the EU, including defining the type of access to personal data these authorities may have and for what purposes.
The rules for data protection in the EU institutions, as well as the duties of the European Data Protection Supervisor (EDPS), are set out in Regulation (EU) 2018/1725.
About the EDPS: The EDPS is the independent supervisory authority with responsibility for monitoring the processing of personal data by the EU institutions and bodies, advising on policies and legislation that affect privacy and cooperating with similar authorities to ensure consistent data protection. Our mission is also to raise awareness on risks and protect people’s rights and freedoms when their personal data is processed.
Wojciech Wiewiórowski (EDPS) was appointed by a joint decision of the European Parliament and the Council to serve a five-year term, beginning on 6 December 2019.