The scale of Europol’s internal data practices was exposed in a May 2025 investigation, revealing a parallel infrastructure that bypassed legal frameworks and security norms. This 'shadow database' served as the primary hub for crime analysis, housing over 95 percent of the agency’s collected information. The existence of this system was known to senior leadership and remained concealed until a 2019 inquiry by the European Data Protection Supervisor (EDPS).
Rather than facing sanctions for these breaches, Europol has historically seen its controversial practices codified into law. In 2022, EU legislators amended mandates to retroactively legalize data processing methods previously flagged as unlawful by the EDPS. A similar trajectory is expected on 24 June, when the European Commission will likely propose an overhaul to expand the agency’s authority, more than double its staff, and increase its annual budget to €444 million by 2034.
Beyond data handling, the agency’s reach into civil society has drawn sharp criticism. Europol increasingly processes information on political activities and social movements, often categorizing protest tactics alongside terrorism and violent extremism. This integration of national policing objectives into a centralized European body facilitates the surveillance of activists and non-EU nationals, frequently without the subjects being notified that their personal data has been shared with foreign authorities.
Comments (0)
No comments yet. Be the first!