Legislative Observatory
European Parliament
Please fill in this field to find a procedure

European Union Agency for Law Enforcement Cooperation (Europol)

2013/0091(COD)

PURPOSE: to establish a European Union Agency for Law Enforcement Cooperation and Training based on the European Police Office (EUROPOL) and to merge EUROPOL with the European Police College (CEPOL).

PROPOSED ACT: Regulation of the European Parliament and of the Council.

ROLE OF THE EUROPEAN PARLIAMENT: the European Parliament decides in accordance with the ordinary legislative procedure and on an equal footing with the Council.

BACKGROUND: the European Police Office (EUROPOL) started as an intergovernmental body regulated by a Convention concluded between the Member States, which entered into force in 1999. By virtue of a Council Decision adopted in 2009, EUROPOL became an EU agency funded by the EU budget. Its role is to provide support to national law enforcement services’ action and their mutual cooperation in the prevention of and fight against serious crime and terrorism.

The European Police College (CEPOL) was established as an EU agency in 2005, in charge of activities related to the training of law enforcement officers. It aims to facilitate cooperation between national police forces by organising courses with a European policing dimension.

In order to achieve economies of scale and given the overlapping interests and tasks of these two Community agencies, it has been deemed appropriate that they should be merged. The Joint Statement on the Common Approach on EU decentralised agencies endorsed by the European Parliament, Council and Commission in July 2012 sets out principles for the governance arrangements of agencies such as Europol and CEPOL. Merging EUROPOL and CEPOL into a single agency, situated at the current headquarters of Europol in The Hague would create important synergies and efficiency gains.

In parallel and in order to deal with the strong increase in serious and organised crime in Europe over the last 10 years, for example, in regard to trafficking in human beings, in illicit drugs, and in firearms, financial crimes like corruption, fraud and money laundering, and cybercrime, it would appear vital that cooperation between Member States and contacts between the operational and the training staff need to be further enhanced. This is particularly important in an economic context where financial resources are scarce.

This proposal for a Regulation therefore provides for a legal framework for a new Europol which succeeds and replaces EUROPOL as established by the Council Decision 2009/371/JHA establishing the European Police Office (EUROPOL), and CEPOL as established by Council Decision 2005/681/JHA establishing the European Police College (CEPOL).

IMPACT ASSESSMENT: the Commission undertook two impact assessments of the various strategic options possible in relation to EUROPOL and CEPOL.

The impact assessment on EUROPOLwas based on two policy objectives:

  • increasing provision of information to EUROPOL by Member States and
  • setting a data processing environment that allows EUROPOL to fully assist Member States in preventing and combating serious crime and terrorism.

The impact assessment on CEPOL was based on two policy objectives:

  • ensuring better quality, more joined-up and more consistent training for a wider range of law enforcement officers in cross-border crime issues and
  • establishing a framework to achieve this in line with the Common Approach on EU decentralised agencies.

For each of these objectives, several options were analysed and are described in a document attached to the proposal. The analysis of the overall impact led to the development of the preferred policy option which is incorporated in the present proposal.

LEGAL BASIS: Article 88 and Article 87(2)(b) of the Treaty on the Functioning of the European Union (TFEU).

CONTENT: this proposal seeks to establish a European Union Agency for Law Enforcement Cooperation and Training and to repeal Decisions 2009/371/JHA and 2005/681/JHA.

Objectives: the proposal covers a number of objectives:

  • align EUROPOL with the requirements of the Treaty of Lisbon by setting up the legislative framework of EUROPOL in the regulation and by introducing a mechanism for control of Europol’s activities by the European Parliament, together with national Parliaments.
  • establish European training schemes and exchange programmes for all relevant law enforcement professionals at national and EU level.
  • grant EUROPOL new responsibilities so that it may provide a more comprehensive support for law enforcement authorities in the Member States. This includes EUROPOL taking over the current tasks of CEPOL in the area of training of law enforcement officers and developing a Law Enforcement Training Scheme. This also involves a possibility for EUROPOL to develop the EU centres of specialized expertise for combating certain types of crime falling under EUROPOL’s objectives, in particular the European Cybercrime Centre.
  • ensure a robust data protection regime for EUROPOL, in particular to guarantee that the data protection supervisor of EUROPOL has full independence, can act effectively and has sufficient powers of intervention.
  • improve the governance of EUROPOL by seeking increased efficiency.

1. Aligning EUROPOL with the requirements of the Treaty of Lisbon, increasing its accountability: the future Regulation ensures that EUROPOL’s activities are subject to scrutiny by the democratically elected representatives of the EU citizens. From a practical point of view, the European Parliament and the national parliaments would receive information through annual activity reports and final accounts each year, and receive for information threat assessments, strategic analyses and general situation reports, etc.

In addition, the European Parliament:

  • fulfils its functions of the budgetary authority (receives the statement of estimates, the report on the budgetary and financial management for that financial year, and any information required for the discharge procedure);
  • is consulted on the multi-annual work programme of EUROPOL and receives for information the annual work programme of EUROPOL;
  • may invite the candidate for the Executive Director of EUROPOL for a hearing before the competent parliamentary committee or to reply to its questions on his/her performance.

In order to allow the European Parliament to exercise the scrutiny but at the same time to guarantee confidentiality of operational information, EUROPOL and the European Parliament need to conclude working arrangement on the access to European Union Classified Information and sensitive non-classified information processed by or through EUROPOL.

2. EUROPOL as a hub for information exchange between law enforcement authorities in the Member States: to improve EUROPOL’s intelligence picture, so that it can better support Member States and better inform EU policy setting, the proposal seeks to enhance the supply of information by Member States to EUROPOL. This is done by strengthening the obligation for Member States to provide EUROPOL with relevant data. An incentive is offered by extending the possibility for law enforcement services to receive financial support to cross border investigations in areas other than euro counterfeiting. A reporting mechanism to monitor Member States’ contribution of data to EUROPOL is introduced.

To enable EUROPOL to better establish links between data already in its possession and subsequently analysing them, the agency’s processing architecture is re-designed. It no longer pre-defines data bases or systems but instead adopts a ‘privacy by design’ approach and full transparency towards the Data Protection Officer at Europol and the European Data Protection Supervisor, the EDPS.

Data protection: high data protection and data security standards are achieved by means of procedural safeguards that apply to any specific type of information. The Regulation sets out in detail the purposes of data processing activities (cross-checking, strategic analyses or other general nature, operational analyses in specific cases), the sources of information and who may access data. It also lists categories of personal data and data subjects whose data may be collected for each specific information processing activity.

This would enable EUROPOL to adapt its IT architecture to future challenges and the needs of the law enforcement authorities in the EU. Once in place, it would allow EUROPOL to link and make analyses of relevant data, reduce delays in identifying trends and patterns and reduce the multiple storage of data. At the same time, high data protection standards would be guaranteed. Observance of those standards will be supervised by the European Data Protection Supervisor.

3. New responsibilities in the area of training: to ensure synergies in EU support for policing, and to allow full implementation of the EU Law Enforcement Training Scheme proposed in parallel with this regulation, EUROPOL will take over and build on the tasks formerly carried out by CEPOL.

EUROPOL, through a new department known as the EUROPOL Academy will assume responsibility for supporting, developing, delivering and coordinating training for law enforcement officers at the strategic level, and not only (as is the case under the current CEPOL Decision) senior police officers.

The proposal outlines the types of training that will be provided to the law enforcement services staff (in particular in regard to crime), the strengthening of police cooperation or the preparation for participation in EU civilian police missions in third countries.

European Cybercrime Centre: to enhance the EU’s capacity to confront specific crime phenomena, which particularly call for a common effort, EUROPOL is given a possibility to develop centres to fight specific forms of crime, for example, the European Cybercrime Centre. This Centre would add value to the Member States actions. It (and others in the future) could, for instance, be information focal points, pool expertise to support Member States in capacity building, support Member States’ investigations or become the collective voice of the European investigators across law enforcement in the specific area.

4. Robust data protection regime: the proposal reinforces the data protection regime applicable to EUROPOL’s activities.

The main measures envisaged are:

  • further strengthening of the existing autonomous EUROPOL data protection regime: the principles underpinning Regulation (EC) No 45/2001 on the protection of individual with regard to processing of personal data by the Community institutions and bodies and on the free movement of such data will be drawn upon to a greater extent. EUROPOL’s data protection rules have been aligned with other data protection instruments applicable in the area of police and judicial cooperation, while taking into due account the specificity of law enforcement;
  • access by Member States to personal data held by Europol and relating to operational analyses, is made indirect based on a hit/no hit system: an automated comparison produces an anonymous ‘hit’ if the data held by the requesting Member State match data held by EUROPOL. The related personal or case data are only provided in response to a separate follow-up request;
  • restrictions on the processing of certain data: the processing of personal data on victims, witnesses, persons different from suspects, and minors is prohibited unless strictly necessary. This limitation also applies to data revealing racial or ethnic origin, political opinions, religions or beliefs, trade-union membership and of data concerning health or sex life (sensitive personal data). Furthermore, sensitive personal data can only be processed where they supplement other personal data already processed by Europol. Europol is obliged to provide every six months an overview of all sensitive personal data to the EDPS. Lastly, no decision which produces legal effects concerning a data subject can be taken solely on the basis of automated processing of sensitive personal data, unless it is authorised by EU or national law or by the EDPS;
  • reinforced right of access: to increase transparency, individuals’ right of access to personal data held by Europol is reinforced;
  • clear rules on the division of responsibility in regard to data protection: Europol would be responsible for reviewing the continuing need to store personal data at regular intervals;
  • obligation of logging and documentation: to ensure better control over the use of data and clarity on who has been processing it, the proposed Regulation would prohibit modification of the logs;
  • right to recourse: any individual could turn to Europol for compensation for unlawful data processing or an action incompatible with the provisions of this proposed Regulation;
  • strengthened role of EUROPOL’s external data protection supervisory authority: the European Data Protection Supervisor will be competent for the supervision of processing of personal data by Europol. The national data protection authorities, however, remain competent for supervision of input, the retrieval and any communication to Europol of personal data by the Member State concerned;
  • joint supervision: the proposal introduces elements of “joint supervision” on data transferred to and processed at Europol. It is stipulated that the European Data Protection Supervisor and national supervisory authorities, each acting within its competences, should co-operate with each other.

5. Improved governance: the proposal improves the governance of Europol by seeking efficiency gains, streamlining procedures, notably with respect to the Management Board and the Executive Director, and by aligning Europol with the principles laid down in the Common Approach on EU decentralised agencies.

New provisions are envisaged concerning:

  • the representation of the Commission and the Member States on the Management Board of Europol to reflect the dual mandate of the new Agency;
  • the creation of a scientific committee on technical training issues (Scientific Committee for Training) to advise the Management Board;
  • the laying down of tasks and missions of the Management Board;
  • the establishment of a small-sized Executive Board to be more closely involved in the monitoring of Europol’s activities with a view to reinforcing supervision of administrative and budgetary management, in particular on audit matters ;
  • the tasks and responsibilities of the Executive Director who is to act in a completely independent fashion.

FINANCIAL IMPLICATIONS: The full merger of CEPOL and EUROPOL will lead to synergies and efficiency gains. The savings achieved are assessed at the level of EUR 17.2 million over the period 2015-2020 and 14 full time staff equivalent (FTE).

Technical details on the additional resources necessary for EUROPOL’s new activities and tasks are provided in the proposal (12 FTE will be needed to implement the new tasks related to training of law enforcement officials, representing EUR 10.1m over the period 2015-2020.

In total, the overall budgetary implication of the proposal for the period 2015-2020 would amount to EUR 623 million for the merged agency and EUR 1.5 million for the European Data Protection Supervisor.