Members of the European Parliament (MEPs) have called for a suspension of Europol’s expansion after it was revealed that the police authority operated a shadow IT system containing vast amounts of data without appropriate security or data protection measures.
An investigation by our British colleagues at Computer Weekly, Correctiv and Solomon revealed that Europol stored petabytes of crime-related data in a network that operated for years without supervisory authority oversight despite significant data protection and security gaps.
Europol’s “shadow” databases were used to analyse vast amounts of sensitive data such as telephone connection data, identity documents, bank data or location data and also included data on persons not suspected of any criminal offense. This also included a shadow system known as Pressure Cooker, which was used to analyse open-source information on the internet and lacked appropriate control mechanisms.
Despite years of monitoring by the European Data Protection Supervisor (EDPS), some serious deficiencies remained unresolved in 2026.
Call for Parliamentary Oversight
Özlem Alev Demirel, German Member of the European Parliament from the Left Party, published a statement in which she called for plans to expand Europol’s mandate to be shelved for now.
“This further data protection scandal contradicts every principle of law, disregards the fundamental rights of those affected and makes control mechanisms absurd,” she writes.
German MEP Birgit Sippel stated in connection with this investigation that the fact that data of innocent persons was stored and evaluated without it being traceable who accessed it or changed the entries would undermine trust in the reliability of evidence and in the rule of law.
“Before we discuss a possible expansion of Europol’s mandate, there must be genuine parliamentary oversight, independent supervision with real enforcement powers, and full disclosure and transparency regarding matters that have so far remained hidden,” she added.
UK Home Office Must Answer Questions
In the United Kingdom, Conservative MP David Davis called on the Home Office in a post on X (formerly Twitter) to answer questions about the storage of data on British citizens by Europol.
“The Home Office must now state whether personal data of completely innocent British citizens is stored in Europol’s systems, and if so, why this is happening and why the British government is allowing it,” he adds.
Trust in Credibility Can Be Impaired
At a meeting of the Committee on Civil Liberties, Justice and Home Affairs (LIBE) of the European Parliament on Thursday, MEP Birgit Sippel stated that these revelations could undermine trust in Europol.
“I think the mere fact that a European authority operated a parallel data system without any oversight gives cause for concern – not only regarding data protection, but also regarding the way authorities operate – and could even impair trust in the authorities and the reliability of evidence,” she added.
European Data Protection Supervisor Wojciech Wiewiórowski stated at the LIBE Committee meeting that this investigation had raised new aspects and allegations that the European Data Protection Supervisor would certainly follow up on. He confirmed that some of the enforcement decisions of the European Data Protection Supervisor – such as for instance the reprimand against Europol in 2020 and a decision from 2022 in which Europol was ordered to delete data – were related to the use of platforms that had been identified in the course of this investigation.
Wiewiórowski stated that the European Data Protection Supervisor needed a broader range of enforcement options to monitor European institutions. He added that he had the option to issue a mild response in the form of a warning or a harsh response in the form of an order to cease data processing, which could be truly dangerous for security in Europe, but there was no middle ground.
Given the ongoing discussions about expanding Europol’s mandate, he pointed out that it would be a mistake to expand Europol’s mandate without simultaneously strengthening supervision.
Saskia Bricmont, Belgian MEP from the Greens, added in a statement that she would prioritize a discussion with the European Commission and the LIBE Committee on the results of this investigation.
“It is urgently necessary that the authority and the European Commission provide detailed explanations,” she said. “But once again, it is thanks to the work of investigative journalists that we uncover a problem within Europol, which only fuels mistrust further.”
This article was originally published in English on Computer Weekly.
ComputerWeekly.de