Members of the European Parliament (MEPs) have called for a suspension of Europol’s expansion after it became known that the police authority operated a shadow IT system containing vast amounts of data without adequate security or data protection measures being in place.
An investigation by our British colleagues at Computer Weekly, Correctiv and Solomon revealed that Europol stored petabytes of crime-related data in a network that, despite significant data protection and security deficiencies, operated for years without oversight by supervisory authorities.
Europol’s “shadow” databases were used to analyze vast quantities of sensitive data such as telephone connection records, identity documents, banking data, or location data, and also included data on persons who were not suspected of any criminal offense. This also included a shadow system known as Pressure Cooker, which was used to analyze open-source information on the internet and had no adequate control mechanisms in place.
Despite years of monitoring by the European Data Protection Supervisor (EDPS), some serious deficiencies remained unresolved as of 2026.
Call for Parliamentary Oversight
Özlem Alev Demirel, German Member of the European Parliament from The Left party, published a statement in which she called for shelving plans to expand Europol’s mandate for the time being.
“This further data protection scandal contradicts every right, disregards the fundamental rights of those affected, and makes oversight mechanisms absurd,” she writes.
German MEP Birgit Sippel stated in connection with this investigation that the fact that data of innocent persons was stored and analyzed without it being traceable who accessed it or modified the entries would undermine confidence in the reliability of evidence and in the rule of law.
“Before we discuss any possible expansion of Europol’s mandate, there must be genuine parliamentary oversight, independent supervision with real enforcement powers, and full disclosure and transparency regarding matters that have so far remained hidden,” she added.
United Kingdom Home Office Called to Account
In the United Kingdom, Conservative MP David Davis called on the Home Office in a post on X (formerly Twitter) to answer questions about Europol’s storage of data on British citizens.
“The Home Office must now disclose whether the personal data of completely innocent British citizens is stored in Europol’s systems, and if so, why this is happening and why the British government allows it,” he adds.
Confidence in Credibility May Be Impaired
At a meeting of the Committee on Civil Liberties, Justice and Home Affairs (LIBE) of the European Parliament on Thursday, MEP Birgit Sippel stated that these revelations could undermine confidence in Europol.
“I think the mere fact that a European authority operated a parallel data system without any oversight gives cause for concern – not only regarding data protection, but also with regard to how authorities operate – and could even impair confidence in the authorities and the reliability of evidence,” she added.
European Data Protection Supervisor Wojciech Wiewiórowski stated at the LIBE Committee meeting that this investigation had raised new aspects and allegations that the European Data Protection Supervisor would certainly pursue. He confirmed that some of the European Data Protection Supervisor’s enforcement decisions – such as, for example, the reprimand against Europol in 2020 and a decision from 2022 in which Europol was required to delete data – were related to the use of platforms identified in the course of this investigation.
Wiewiórowski stated that the European Data Protection Supervisor needs a broader range of enforcement options to oversee European institutions. He added that he has the option to issue a mild response in the form of a warning or a harsh response in the form of an order to cease data processing, which could be really dangerous for security in Europe, but there is no middle ground.
In light of ongoing discussions about expanding Europol’s mandate, he pointed out that it would be a mistake to expand Europol’s mandate without simultaneously strengthening oversight.
Belgian Green MEP Saskia Bricmont added in a statement that she would prioritize discussions with the European Commission and the LIBE Committee on the findings of this investigation.
“It is urgently necessary for the authority and the European Commission to provide detailed explanations,” she said. “But once again, it is thanks to the work of investigative journalists that we uncover a problem within Europol, which only further fuels mistrust.”
This article originally appeared in English on Computer Weekly.
ComputerWeekly.de