Europol

Europol improves the cooperation between the police forces of the Member States of the European Union (EU). Europol collects and analyses criminal information to prevent and combat serious forms of international organised crime.

On this page

Legislation for Europol

Europol has been an official EU agency since 1 January 2010. As from 1 May 2017, the Decision establishing Europol has been replaced by Regulation (EU) 2016/794. One of the changes was that the supervision of the processing of personal data by Europol was arranged differently. 

Meanwhile, the new Regulation (EU) 2022/991, amending Regulation (EU) 2016/794, has applied to Europol since 8 June 2022.

Personal data processing by Europol

Europol does not have executive tasks, but supports the work of law enforcement authorities in the EU Member States. In doing so, Europol collects and analyses information, often of a personal nature, about suspects, convicted persons, witnesses and victims of crime.

Supervision of Europol

This processing of personal data is subject to independent supervision.  Supervision is exercised at European level by the European Data Protection Supervisor (EDPS). The EDPS is the independent data protection agency of the EU.

Tasks of the EDPS

The tasks of the EDPS with regard to the supervision of Europol are, among others:

  • carrying out inspections together with the national data protection agencies;
  • advising Europol on the processing of personal data;
  • handling complaints about the processing of personal data by Europol.

Cooperation between EDPS and national data protection authorities

The Europol Regulation explicitly provides for close cooperation between the EDPS and the national data protection authorities. This is done in the Coordinated Supervision Committee (CSC), under the umbrella of the European Data Protection Board (EDPB). 

The CSC advises the EDPS and consists of representatives of all national data protection agencies and representatives from the EDPS. The Dutch Data Protection Authority represents the Netherlands in the CSC. 

More information about supervision of Europol

For more information about the supervision of Europol, see: Supervision of Europol on the website of the EDPS.

Your rights at Europol

Are you registered at Europol? Then you have a number of rights:

  1. You can ask for access.
  2. If it turns out that your data are incorrect or irrelevant, you can ask for rectification or erasure of your data.
  3. Do you disagree with Europol's decision on your request? Then you can lodge a complaint with the European Data Protection Supervisor (EDPS).
  4. You can ask to check whether the processing of your data in Europol is done lawfully (in accordance with the rules).

1. Access

You have a right of access to all information that Europol has of you. You can ask for access to your personal data by writing a letter. You can write this letter in any official language of the European Union. You can also use our Europol access example letter for this purpose. 

Note: You have to send a copy of your identity document along with your letter. You are allowed to black out your passport photo and your personal identification number (in the Netherlands, the BSN) in this copy. 

There are 2 ways to send your letter: 

  1. To the authority appointed for that purpose in the Member State of your choice, that will forward your letter to Europol. In the Netherlands, this is the police.
  2. Directly to Europol.

1. To the police

Send your letter to:

Landelijke Eenheid Nationale Politie
Staf Privacydesk
Postbus 100
3970 AC Driebergen.

The police should forward your letter to Europol without delay and in any case within 1 month of receipt.

2. To Europol

Send your letter to:

Europol  
Data Protection Function  
P.O. Box 90850  
2509 LW The Hague  
The Netherlands.

You can also e-mail your letter to dpf@europol.europa.eu with subject matter: 'Data Subject Access Request'.  

For more information, please see:

Reply by Europol

Europol has to send a full reply to your request within 3 months of receipt. Europol may refuse access to your data for the following reasons:

  • for the proper performance of the tasks of Europol;
  • for the protection of public safety and public order or for the prevention of crime;
  • for the protection of the rights and freedoms of others.

Does Europol refuse your request for access? Then Europol will have to let you know why. And inform you of the option of lodging a complaint.

2. Rectification or erasure

Did you ask for access to your data at Europol? And do you see that those data are incorrect or irrelevant? Then you can ask Europol to rectifiy or remove your personal data.

You can ask for rectification or removal of your personal data by writing a letter to the same address as where you asked for access. You can write this letter in any official language of the European Union. You can also use our Europol rectification or erasure example letter

Note: You have to send a copy of your identity document along with your letter. You are allowed to black out your passport photo and your personal identification number (in the Netherlands, the BSN) in this copy. 

Reply by Europol

Europol has to send a full reply to your request within 3 months of receipt. Does Europol refuse your request for rectification or erasure? Or does Europol decide not to erase your data, but only restrict their use? Then Europol will have to let you know why. And inform you of the option of lodging a complaint about this.

3. Lodging a complaint

Are you not satisfied with the decision (answer) of Europol regarding your request for access or rectification/erasure of your data? Or have you not received a reply from Europol after 3 months? Then you can lodge a complaint with the European Data Protection Supervisor (EDPS).

You do this by filling in the complaint form on the website of the EDPS. For more information on how to lodge a complaint, see Complaints on the website of the EDPS.

The EDPS handles your complaint and takes a decision about it. Does the EDPS agree with you? Then the EDPS may, for example, give a warning or impose a temporary or definitive ban on the processing by Europol.

Do you disagree with the decision of the EDPS? Then you can lodge an appeal with the Court of Justice of the European Union.

4. Checking lawfulness

Do you know that Europol processes personal data of you? And do you also know which investigative service in which country provided these data to Europol? Or entered them with or requested them from Europol? Then you can ask to check whether this happened in a lawful manner (in accordance with the rules). 

You make your request by writing a letter to the data protection authority in the country of the investigative service that processed (provided, entered or requested) your data. In the Netherlands, this is the Dutch Data Protection Authority.

You can use our Europol verification request example letter for this purpose. You will find the addresses of the European data protection authorities on the website of the EDPB. 

If you make a request for verification, the national data protection authority will check whether the transfer or the provision of the personal data to Europol is lawful. The data protection authority will also verify whether the access to your data by the Member State involved is lawful.

Note: You have to send a copy of your identity document along with your letter. You are allowed to black out your passport photo and your personal identification number (in the Netherlands, the BSN) in this copy.