Removal of personal data from the Europol database

What is Europol, and what data does it collect?

Europol (European Union Agency for Law Enforcement Cooperation) is the European Union’s law enforcement agency responsible for coordinating the fight against international crime, terrorism, and cross-border security threats. As part of its activities, Europol manages large databases containing personal, biometric, operational, and analytical information on millions of people around the world.

Europol’s aim is to enhance cooperation between EU member states’ law enforcement agencies and exchange information to combat organised crime, terrorism, drug and arms trafficking, cybercrime, money laundering, fraud, corruption, and other serious international crimes. To this end, Europol collects, analyses, and shares information, including personal data, with national and international law enforcement agencies.

Europol operates on the basis of Regulation (EU) 2016/794 of the European Parliament and of the Council of 11 May 2016, Regulation (EU) 2018/1725), agreements with third countries and international organisations. According to these documents, Europol has the right to collect, store, analyse and transmit information necessary for the performance of its tasks. However, the use of personal data is strictly limited in purpose and is subject to supervision by the European Data Protection Supervisory Authority (EDPS).

Europol processes a wide range of personal and operational information:

• Identification data: Full name, date and place of birth, citizenship, passport numbers, ID cards, driving licenses, residential or registered address, photographs, video materials, fingerprints, biometric data (e.g., DNA profiles);
• Operational and analytical information: involvement in specific types of crimes, connections with other individuals or organizations, travel routes and border crossings, data on financial transactions, bank accounts, deals, information from open sources and social networks;
• Justification for storing data : grounds for suspicion or surveillance, sources of information (national authorities, partner agencies, international organisations), legal qualification (e.g., articles of national or European criminal code).

The following may be entered into the Europol database:

1. Suspects and accused of committing crimes;
2. Persons wanted internationally;
3. Persons who are not criminals but may potentially be associated with the activity under investigation (witnesses, relatives of suspects, business partners);
4. Participants in cross-border transactions are involved in financial investigations;
5. Foreign nationals involved in international logistics, banking transactions, or movement across the EU’s external borders.

Even if no formal charges have been brought against a person, their name may be entered into the system, including through requests from national services or in cooperation with Interpol. In addition to the EU, Europol has the right to collect and process data on citizens of third countries.

When and why should you seek data deletion?

Even if you have never been convicted or are not under investigation, your name in the Europol database may result in refusal of entry into EU countries, detention at border crossings, refusal to obtain a visa, residence permit, citizenship, increased control at borders and airports, blocking of accounts and refusal of service by banks, falling into the sights of Interpol or other international structures. The longer your data is in the system, the higher the risk that it will be used against you without your knowledge.

Storing data in the Europol system entails real legal risks: automatic synchronization with national databases and Interpol, use of data in future investigations without your participation, revision of visa decisions and refusal ofmigrationprocedures, closing of bank accounts or freezing of assets, impossibility of conducting international commercial activities, inclusion in compliance service databases and company blacklists.

Legal grounds for deleting data from Europol

According to Regulation (EU) 2016/794, every person has the right to access their data in the Europol database, request their correction or deletion, and challenge unlawful processing. This is the main document regulating the activities of Europol. It defines the purposes of data processing (Article 18), the principles of processing (Articles 28–30), the rights of data subjects (Chapter VI), and the mechanisms of supervision and control (Articles 42–44).

According to Article 36 of the Regulation, individuals have the right to rectification, restriction or deletion of data if the information is inaccurate, the processing of data does not comply with the Regulation, the data is no longer needed for the purposes for which it was collected, or the permissible storage period has expired.

The GDPR (Regulation 2016/679) does not directly apply to Europol’s activities, but its key principles (lawfulness, minimisation, accuracy, limited storage and transparency) are used as a guide, especially when examining complaints by the European Supervisory Authority (EDPS) or the EU courts.

The EDPS (European Data Protection Supervisor) is an independent body that supervises the processing of personal data by EU institutions, bodies and agencies. It has the power to conduct investigations against Europol, issue orders, order the deletion or restriction of data processing, and notify the public of systemic violations.

The EDPS determined that unclassified or redundant data stored in Europol’s analytical databases are subject to deletion if they are not linked to a specific operational investigation, are not classified by subject category, or are used outside the original legal basis.

According to Regulation 2016/794 and the EDPS practice, the processing of personal data at Europol is considered to be in breach of the law if:

• The data does not correspond to reality (Article 28);
• There is no specific legal purpose for storage (Article 18);
• Expiry dates have been exceeded;
• The data subject is not notified of the fact of processing (unless notification does not violate the interests of the investigation);
• There is no data filtering, from national authorities;
• Data is reused for other purposes (e.g. for analysis unrelated to the investigation).

Thus, each person has the right to submit a request to Europol for access, correction or deletion of their data. In the absence of a response or refusal, a complaint can be filed with the EDPS. In the event of refusal by both bodies, an appeal can be made to the EU Court or a national court. Data can be deleted if it is proven that the data are inaccurate or outdated, there is no justification for their further storage, they affect the right to privacy and do not comply with the principle of necessity.

How do I submit a data deletion request?

The data subject, an authorized representative (a lawyer or attorney acting under a power of attorney), and a legal representative of a minor or incapacitated person have the right to submit a request. The request can be sent either directly to Europol or through supervisory authorities.

Before submitting a request, you must collect:

1. Identity document (passport, ID card, translation if necessary);
2. A detailed description of the basis for the request;
3. Any documents confirming your arguments (court decisions, orders to terminate a criminal case, evidence of a change in status, correspondence with authorities, etc.);
4. Power of attorney, if the application is submitted through a lawyer;
5. Formulation of the request (to delete, restrict or correct data).

You can send a letter directly to Europol at the following address: Europol – Data Protection Function Post Box 90850, 2509LW The Hague, The Netherlands. It is also possible to submit by e-mail (with a digital signature) if Europol requests additional data. In addition, each EU country has its own authority that can forward the request to Europol and monitor its execution. If you have already submitted a request to Europol and have not received a satisfactory answer, you can contact Europol directly.EDPS.

The request must be made in English or French. Clearly indicate what data is to be deleted and the reason. Be sure to include copies of identification documents and applications.

Europol is obliged to consider the request within 1-3 months from the date of receipt. In case of refusal, it must provide a reasoned response indicating the right to appeal. If there is no response, you have the right to contact the EDPS with a complaint about inaction or refusal.

If Europol has refused to delete the data or has ignored your request, lodge a complaint with the EDPS. The supervisory authority will examine the case and may oblige Europol to delete the data. Another possible option is to appeal to a national court or the EU Court. Use professional legal support to strengthen your position, prepare an appeal and obtain a decision in your favor.

Our team provides comprehensive services: analysis of legal grounds for data deletion, preparation of a request to Europol, EDPS or national authorities, full support of correspondence and complaints, appealing refusals and protecting the client’s rights in EU courts, confidentiality and experience of working with cross-border legal structures.

How can a lawyer help with deleting data from Europol?

The specialist will formulate the request correctly from a legal point of view, will indicate the exact grounds and norms that were violated. An incorrectly composed request may be rejected or ignored.

A lawyer will help you collect and present documents confirming your position: decisions of courts or law enforcement agencies to terminate cases, documents confirming your innocence, justification for excessiveness, inaccuracy or obsolescence of data.

If Europol refuses to delete the data, the lawyer will file a complaint with the EDPS, an appeal to a national court or the Court of Justice of the European Union in the event of a violation of the client’s fundamental rights.

Without experience of interaction with EU law enforcement agencies and knowledge of the specifics of Europol’s work, mistakes can be made that slow down the process, lead to a refusal without the possibility of re-applying, and worsen the legal situation of the applicant. A lawyer will ensure a competent legal strategy, confidentiality, compliance with all procedures and strict legal argumentation – this is what is critical when working with supranational structures such as Europol.

Our legal team provides assessment of the legal grounds for deletion of data from Europol, drafting and submitting a formal request for deletion, preparation of evidence, correspondence with Europol, EDPS and other authorities, as well as appeals against refusals and support in EU courts.

Why choose our law firm?

We work at the intersection of jurisdictions and have deep expertise in cases related to international searches, restrictions, blocking and illegal processing of personal data. Our lawyers successfully achieve the removal of records from Europol and Interpol databases, exclusion from OFAC lists, obtaining individual licenses and appealing sanctions. Each of our cases is not a template, but an individually built defense strategy.

We have dozens of won cases, satisfied requests, official responses from international bodies and successful legal decisions in the EU, USA, UK and other jurisdictions under our belt. We know how to interact with European structures in their language – legal and procedural. We work quickly, accurately and always in the interests of the client.

Confidentiality, professionalism and reliability are our basic principles. We never share your data with third parties, make decisions without your consent and do not act on luck. Every action we take is based on law, facts and your trust. Your safety is our top priority.

If you are under pressure from sanctions, international lists, illegal data processing or risk your freedom of movement, contact us right now. We will offer an effective solution, protect your rights and achieve results.