Europol’s new rules enable sourcing of ‘third country’ biometric data
New regulations give Europol too much biometric surveillance power while cutting external oversight of the agency’s data processing and protection of civil rights, according to a privacy advocate.
The United Kingdom-based non-profit Statewatch made the claims in a new analysis of rules governing Europol since June.
“The proposals to increase Europol‘s powers were published six months after the Black Lives Matter movement erupted across the world,” writes Statewatch director Chris Jones. The protests called for “new ways to ensure public safety that looked beyond the failed, traditional model of policing.”
Instead, Jones writes, “the EU has decided to reinforce that model, encouraging Europol and the member states to hoover up vast quantities of data, develop artificial intelligence technologies to examine it, and increase cooperation with states with appalling human rights records.”
Called “empowering the police, removing protections,” the research document describes how Europol can process large quantities of data transferred by member states on people who are not implicated in criminal activities.
More specifically, the report says the EU police agency can now process “investigative data” which, as long as it concerns “a specific criminal investigation,” could draw in innocent people. Under the law, investigators can apply tools including biometrics, big data, machine learning and AI, and involve the processing of ethnic background data.
Further, Europol is allowed to use data received from non-EU states to add “information alerts” to the Schengen Information System database and provide “third-country sourced biometric data” to national police forces. That database holds information about individuals that is used by national security, border control and law enforcement agencies.
Statewatch says this may increase the likelihood of data obtained in ways that would violate EU policing norms and raise the possibility that those nations could use Europol to monitor political opponents and dissidents.
Additionally, the non-profit says the new rules loosen restrictions on international data transfers while prioritizing collaboration with “dictatorships and authoritarian states” like Algeria, Egypt, Turkey and Morocco.
Finally, the report claims independent external oversight of the agency’s data processing capabilities has been substantially reduced, and the threshold for referring new data processing activities to the European Data Protection Supervisor for external scrutiny has been raised.
“Europol has landed itself in hot water with the European Data Protection Supervisor three times in the last year for breaking data protection rules,” says Yasha Maccanico, a researcher at Statewatch.
“Yet the EU’s legislators have decided to reduce the EDPS’ supervisory powers. Independent, critical scrutiny and oversight of the EU’s policing agency has never been more needed,” Maccanico said.
The report was compiled as part of an initiative, supported by Privacy International, examining the so-called “biometric state” made possible by EU member agencies sharing databases.
Its publication comes roughly two months after Statewatch released a separate research document claiming the European Commission’s Prüm II legislation may amplify the risks of state overreach and biometric mass surveillance and should therefore be amended.
Russian internet, IT bodies share data to support surveillance state
The Center for European Policy Analysis has published an analysis of Russia’s domestic surveillance network. The analysis shows a complex data-sharing arrangement in which data from technology management bodies is used by law enforcement and intelligence agencies.
According to an article published by the non-profit at the end of October, Russian President Vladimir Putin has hidden a mobilization of federal agencies before he invaded Ukraine.
These institutions are not part of the official law enforcement system, according to the policy group, but help to surveil anti-war activists. The enlisted agencies include Roskomnadzor, the internet censorship agency, and Moscow’s Department of IT.
The former is sharing internet users’ data with the Federal Security Services (FSB) and the Interior Ministry. The latter then uses facial recognition to identify dissidents and those opposed to the war in Ukraine. Private telecoms have also been drafted into the information-sharing network.
According to analyst group, the trend is new for Russia, which has traditionally not shared information directly related to surveillance projects with companies.
biometrics | criminal ID | data privacy | data sharing | EU | law enforcement | police | Prüm | Russia | Schengen Information System | surveillance