If you follow sessions of the European Parliament (both enlightening and a chore) you will have seen many grand moralising one minute speeches (yes in many cases contributions are limited to one minute) on the inadequacies of US data laws, and even UK data laws, with a specific myopic focus on surveillance laws. 

There has always been a kernel of hypocrisy about this owing to the existence of analogous domestic surveillance laws across the EU – as one example only see the 2020 German constitutional court ruling relating to the German BND’s powers to collect and analyse all foreign communications. 

So it does not really come as a surprise that by a margin of 480 for to 143 against the European Parliament on May 4th backed giving more powers to Europol  (i.e. approving the Council and the Commission’s February 2022 proposals). As per the European Parliament press release “Under the new rules, Europol will be able to pursue research and innovation projects, process large datasets, and help national authorities screen foreign direct investment in security-related cases. When dealing with terrorist content or child sexual abuse material, Europol will be able to receive data from private companies, for example communication services”.

Don’t forget that this is the same European Parliament that through its LIBE Committee and EPRS agency suggested that it had significant doubts about UK data adequacy citing amongst other things “UK surveillance laws and practice” and with any suggestion of deviation (no matter how minor) in UK data & privacy laws similarly suggests that UK data adequacy is at risk. This is the same European Parliament that takes every opportunity to criticise US surveillance laws.

This has further, and no surprise, gone down badly with European privacy groups with some arguing that Europol will become a “data black hole” and that the supervisory checks and balances will not be “effective” and lack “democratic oversight”. These are similar comments that are made regularly re US surveillance rules and indeed underpin the Schrems decisions of the CJEU. Indeed the EDRi titles its joint press release with Fair Trials “European Parliament failed to stand up for fundamental rights”, with its policy adviser stating “Europol will be allowed to collect and share data left, right, and centre without much restriction or control”.

Watch this space for an internal challenge to this within the EU, but it would be a terrible irony if a UK privacy group decided to challenge the UK’s own finding of adequacy for the EU based on excessive surveillance laws in the EU!