International cooperation to fight crime should respect EU fundamental rights guarantees

Sep

2025

International cooperation to fight crime should respect EU fundamental rights guarantees

On 4 September 2025, the European Data Protection Supervisor (EDPS) issued an Opinion on two Proposals: one to authorise the signing, on behalf of the European Union, of the United Nations Convention against Cybercrime, and the other to authorise the conclusion, on behalf of the European Union, of the same Convention.

The Convention seeks to establish common rules at the global level to strengthen international cooperation in preventing and combating cybercrime, as well as in the collection of electronic evidence for criminal investigations and proceedings.

Wojciech Wiewiórowski, EDPS, said: “Investigating and prosecuting cybercrime is a legitimate aim, for which international cooperation, including the exchange of information, is indispensable. The EU needs sustainable agreements for sharing personal data with non-EU countries for law enforcement purposes. However, given the vast number of countries within the United Nations and their highly heterogeneous legal systems as regards the respect of fundamental rights and freedoms, it is of paramount importance to ensure that cooperation with third countries under the Convention does not lead to weakening of the rights to data protection and privacy guaranteed under EU law”.

The EDPS welcomes that, under the Convention, States Parties would not be obliged to transfer personal data if such transfers would breach their applicable data protection laws. In this regard, the EDPS underlined that EU Member States, when implementing and applying the Convention, must carefully verify in each case whether the conditions set out in Chapter V of the Law Enforcement Directive are met before transferring personal data to a third country.

Furthermore, competent authorities of Member States should ensure that transfers of personal data to third countries that are Parties to the Convention remain fully consistent with international human rights obligations and the fundamental rights of the individuals concerned. Where necessary, Member States should make use of the grounds available to refuse cooperation.

Finally, the EDPS recommended that the effects of the Convention in practice should be carefully assessed and that data protection experts should be involved in its future reviews. Any possible future attempts to introduce offences incompatible with EU law or values should be firmly opposed.

The rules for data protection in the EU institutions, as well as the duties of the European Data Protection Supervisor (EDPS), are set out in Regulation (EU) 2018/1725.

About the EDPS: The EDPS is the independent supervisory authority with responsibility for monitoring the processing of personal data by the EU institutions and bodies, advising on policies and legislation that affect privacy and cooperating with similar authorities to ensure consistent data protection. Our mission is also to raise awareness on risks and protect people’s rights and freedoms when their personal data is processed.

Wojciech Wiewiórowski (EDPS) was appointed by a joint decision of the European Parliament and the Council to serve a five-year term, beginning on 6 December 2019.

The selection procedure for a new EDPS mandate for a term of five years is still ongoing.

Available languages: English

Topics

Cybercrime Convention

Cybersecurity

+ View more news

News

TechDispatch Talks episode out!

3 October 2025

A new episode of the Podcast series TechDispatch Talks to help you understand emerging technologies, their opportunities but also privacy challenges.

Watch the video podcast or listen to it.

EDPS Recognised for Accountability at GPA Awards

1 October 2025

the EDPS has been awarded at the GPA Awards in the Accountability category for two strategic initiatives to enhance personal data breach management across EU institutions: The Data Breach Awareness Campaign and PATRICIA Exercise - Personal dATa bReach awareness In Cybersecurity Incident hAndling!

European Cybersecurity Month 2025

1 October 2025

2025 marks the 13th Anniversary of the European Cybersecurity Month. Join forces with the EU institutions, bodies and agencies in an annual awareness campaign to strengthen cybersecurity among Europeans.

Read our infographics on phishing, ransomware and pretexting.

Read more about what can the EU institutions, bodies and agencies do to tackle personal data breaches.

Watch the high-level panel discussion featuring EDPS Wojciech Wiewiórowski at the Inter-Institutional Kick-Off event.

Read, watch or listen to the Podcast episode of TechDispatch Talks - Human Oversight of Automated Decision-Making.

+ View full agenda

Agenda

15 October 2025 - 16 October 2025

State of Europe 2025, Participation by Wojciech Wiewiórowski, Brussels, Belgium

14 October 2025

Brussels Privacy Symposium, Speech by Wojciech Wiewiórowski in the "In Dialogue" series hosted by prof. Gianclaudio Malgeri (Leiden University), Brussels, Belgium

13 October 2025

'Data Protection under the Simplification Agenda: Defining the Right Intervention', Participation by Wojciech Wiewiórowski in Roundtable organised by Future of Privacy Forum and VUB, Brussels, Belgium

9 October 2025

Mastercard Innovation Forum 2025, Speech by Wojciech Wiewiórowski, Paris, France

8 October 2025

World AI Summit, Participation by Wojciech Wiewiórowski, Amsterdam, The Netherlands