- Latest available (Revised)
- Point in Time (11/05/2016)
- Original (As adopted by EU)
Regulation (EU) 2016/794 of the European Parliament and of the Council of 11 May 2016 on the European Union Agency for Law Enforcement Cooperation (Europol) and replacing and repealing Council Decisions 2009/371/JHA, 2009/934/JHA, 2009/935/JHA, 2009/936/JHA and 2009/968/JHA
After exit day there will be three versions of this legislation to consult for different purposes. The legislation.gov.uk version is the version that applies in the UK. The EU Version currently on EUR-lex is the version that currently applies in the EU i.e you may need this if you operate a business in the EU.
The web archive version is the official version of this legislation item as it stood on exit day before being published to legislation.gov.uk and any subsequent UK changes and effects applied. The web archive also captured associated case law and other language formats from EUR-Lex.
Point in time view as at 11/05/2016.
There are outstanding changes not yet made to Regulation (EU) 2016/794 of the European Parliament and of the Council. Any changes that have already been made to the legislation appear in the content and are referenced with annotations.
Changes and effects yet to be applied by the editorial team are only applicable when viewing the latest version or prospective version of legislation. They are therefore not accessible when viewing legislation as at a specific point in time. To view the ‘Changes to Legislation’ information for this provision return to the latest version view using the options provided in the ‘What Version’ box above.
1.Europol shall only process information that has been provided to it:
(a)by Member States in accordance with their national law and Article 7;
(b)by Union bodies, third countries and international organisations in accordance with Chapter V;
(c)by private parties and private persons in accordance with Chapter V.
2.Europol may directly retrieve and process information, including personal data, from publicly available sources, including the internet and public data.
3.In so far as Europol is entitled under Union, international or national legal instruments to gain computerised access to data from Union, international or national information systems, it may retrieve and process information, including personal data, by such means if that is necessary for the performance of its tasks. The applicable provisions of such Union, international or national legal instruments shall govern access to, and the use of, that information by Europol, in so far as they provide for stricter rules on access and use than those laid down by this Regulation. Access to such information systems shall be granted only to duly authorised staff of Europol and only in so far as this is necessary and proportionate for the performance of their tasks.
1.In so far as is necessary for the achievement of its objectives as laid down in Article 3, Europol may process information, including personal data.
2.Personal data may be processed only for the purposes of:
(a)cross-checking aimed at identifying connections or other relevant links between information related to:
persons who are suspected of having committed or taken part in a criminal offence in respect of which Europol is competent, or who have been convicted of such an offence;
persons regarding whom there are factual indications or reasonable grounds to believe that they will commit criminal offences in respect of which Europol is competent;
(b)analyses of a strategic or thematic nature;
(c)operational analyses;
(d)facilitating the exchange of information between Member States, Europol, other Union bodies, third countries and international organisations.
3.Processing for the purpose of operational analyses as referred to in point (c) of paragraph 2 shall be performed by means of operational analysis projects, in respect of which the following specific safeguards shall apply:
(a)for every operational analysis project, the Executive Director shall define the specific purpose, categories of personal data and categories of data subjects, participants, duration of storage and conditions for access, transfer and use of the data concerned, and shall inform the Management Board and the EDPS thereof;
(b)personal data may only be collected and processed for the purpose of the specified operational analysis project. Where it becomes apparent that personal data may be relevant for another operational analysis project, further processing of that personal data shall only be permitted insofar as such further processing is necessary and proportionate and the personal data are compatible with the provisions set out in point (a) that apply to the other analysis project;
(c)only authorised staff may access and process the data of the relevant project.
4.The processing referred to in paragraphs 2 and 3 shall be carried out in compliance with the data protection safeguards provided for in this Regulation. Europol shall duly document those processing operations. The documentation shall be made available, upon request, to the Data Protection Officer and to the EDPS for the purpose of verifying the lawfulness of the processing operations.
5.Categories of personal data and categories of data subjects whose data may be collected and processed for each purpose referred to in paragraph 2 are listed in Annex II.
6.Europol may temporarily process data for the purpose of determining whether such data are relevant to its tasks and, if so, for which of the purposes referred to in paragraph 2. The Management Board, acting on a proposal from the Executive Director and after consulting the EDPS, shall further specify the conditions relating to the processing of such data, in particular with respect to access to and use of the data, as well as time limits for the storage and deletion of the data, which may not exceed six months, having due regard to the principles referred to in Article 28.
7.The Management Board, after consulting the EDPS, shall, as appropriate, adopt guidelines further specifying procedures for the processing of information for the purposes listed in paragraph 2 in accordance with point (q) of Article 11(1).
1.A Member State, a Union body, a third country or an international organisation providing information to Europol shall determine the purpose or purposes for which it is to be processed, as referred to in Article 18. If it has not done so, Europol, in agreement with the provider of the information concerned, shall process the information in order to determine the relevance of such information as well as the purpose or purposes for which it is to be further processed. Europol may process information for a purpose different from that for which information has been provided only if authorised so to do by the provider of the information.
2.Member States, Union bodies, third countries and international organisations may indicate, at the moment of providing information to Europol, any restriction on access thereto or the use to be made thereof, in general or specific terms, including as regards its transfer, erasure or destruction. Where the need for such restrictions becomes apparent after the information has been provided, they shall inform Europol accordingly. Europol shall comply with such restrictions.
3.In duly justified cases Europol may assign restrictions to access or use by Member States, Union bodies, third countries and international organisations of information retrieved from publicly available sources.
1.Member States shall, in accordance with their national law and Article 7(5), have access to, and be able to search, all information which has been provided for the purposes of points (a) and (b) of Article 18(2). This shall be without prejudice to the right of Member States, Union bodies, third countries and international organisations to indicate any restrictions in accordance with Article 19(2).
2.Member States shall, in accordance with their national law and Article 7(5), have indirect access on the basis of a hit/no hit system to information provided for the purposes of point (c) of Article 18(2). This shall be without prejudice to any restrictions indicated by the Member States, Union bodies and third countries or international organisations providing the information, in accordance with Article 19(2).
In the case of a hit, Europol shall initiate the procedure by which the information that generated the hit may be shared, in accordance with the decision of the provider of the information to Europol.
3.In accordance with national law, the information referred to in paragraphs 1 and 2 shall be accessed and further processed by Member States only for the purpose of preventing and combating:
(a)forms of crime in respect of which Europol is competent; and
(b)other forms of serious crime, as set out in Council Framework Decision 2002/584/JHA(1).
4.Europol staff duly empowered by the Executive Director shall have access to information processed by Europol to the extent required for the performance of their duties and without prejudice to Article 67.
1.Europol shall take all appropriate measures to enable Eurojust and OLAF, within their respective mandates, to have indirect access on the basis of a hit/no hit system to information provided for the purposes of points (a), (b) and (c) of Article 18(2), without prejudice to any restrictions indicated by the Member State, Union body, third country or international organisation providing the information in question, in accordance with Article 19(2).
In the case of a hit, Europol shall initiate the procedure by which the information that generated the hit may be shared, in accordance with the decision of the provider of the information to Europol, and only to the extent that the data generating the hit are necessary for the performance of Eurojust's or OLAF's tasks.
2.Europol and Eurojust may conclude a working arrangement ensuring, in a reciprocal manner and within their respective mandates, access to, and the possibility of searching, all information that has been provided for the purpose specified in point (a) of Article 18(2). This shall be without prejudice to the right of Member States, Union bodies, third countries and international organisations to indicate restrictions on access to, and the use of, such data, and shall be in accordance with the data protection guarantees provided for in this Regulation.
3.Searches of information in accordance with paragraphs 1 and 2 shall be carried out only for the purpose of identifying whether information available at Eurojust or OLAF matches with information processed at Europol.
4.Europol shall allow searches in accordance with paragraphs 1 and 2 only after obtaining from Eurojust information on which National Members, Deputies and Assistants, as well as Eurojust staff members, and from OLAF information on which OLAF staff members, have been designated as authorised to perform such searches.
5.If, during Europol's information-processing activities in respect of an individual investigation, Europol or a Member State identifies the need for coordination, cooperation or support in accordance with the mandate of Eurojust or OLAF, Europol shall notify them to that effect and shall initiate the procedure for sharing the information, in accordance with the decision of the Member State providing the information. In such a case, Eurojust or OLAF shall consult with Europol.
6.Eurojust, including the College, the National Members, Deputies and Assistants, as well as Eurojust staff members, and OLAF, shall respect any restriction on access or use, in general or specific terms, indicated by Member States, Union bodies, third countries and international organisations in accordance with Article 19(2).
7.Europol, Eurojust and OLAF shall inform each other if, after consulting each other's data in accordance with paragraph 2 or as a result of a hit in accordance with paragraph 1, there are indications that data may be incorrect or may conflict with other data.
1.Europol shall, in accordance with point (b) of Article 4(1), notify a Member State without delay of any information concerning it. If such information is subject to access restrictions pursuant to Article 19(2) that would prohibit its being shared, Europol shall consult with the provider of the information stipulating the access restriction and seek its authorisation for sharing.
In such a case, the information shall not be shared without an explicit authorisation by the provider.
2.Irrespective of any access restrictions, Europol shall notify a Member State of any information concerning it if this is absolutely necessary in the interest of preventing an imminent threat to life.
In such a case, Europol shall at the same time notify the provider of the information about the sharing of the information and justify its analysis of the situation.
Council Framework Decision 2002/584/JHA of 13 June 2002 on the European arrest warrant and the surrender procedures between Member States (OJ L 190, 18.7.2002, p. 1).
Latest Available (revised):The latest available updated version of the legislation incorporating changes made by subsequent legislation and applied by our editorial team. Changes we have not yet applied to the text, can be found in the ‘Changes to Legislation’ area.
Original (As adopted by EU): The original version of the legislation as it stood when it was first adopted in the EU. No changes have been applied to the text.
Point in Time: This becomes available after navigating to view revised legislation as it stood at a certain point in time via Advanced Features > Show Timeline of Changes or via a point in time advanced search.
Geographical Extent: Indicates the geographical area that this provision applies to. For further information see ‘Frequently Asked Questions’.
Show Timeline of Changes: See how this legislation has or could change over time. Turning this feature on will show extra navigation options to go to these specific points in time. Return to the latest available version by using the controls above in the What Version box.
Access essential accompanying documents and information for this legislation item from this tab. Dependent on the legislation item being viewed this may include:
This timeline shows the different versions taken from EUR-Lex before exit day and during the implementation period as well as any subsequent versions created after the implementation period as a result of changes made by UK legislation.
The dates for the EU versions are taken from the document dates on EUR-Lex and may not always coincide with when the changes came into force for the document.
For any versions created after the implementation period as a result of changes made by UK legislation the date will coincide with the earliest date on which the change (e.g an insertion, a repeal or a substitution) that was applied came into force. For further information see our guide to revised legislation on Understanding Legislation.
Use this menu to access essential accompanying documents and information for this legislation item. Dependent on the legislation item being viewed this may include:
Click 'View More' or select 'More Resources' tab for additional information including: