Skip to main content

Advertisement

SpringerLink
Log in

Europol’s data protection framework as an asset in the fight against cybercrime

  • Article
  • Published:
ERA Forum Aims and scope

Abstract

The European Union will launch its own European Cybercrime Centre (EC3) by 2013. A related feasibility study carried out for the European Commission reveals that next to operational considerations strong data protection safeguards constitute one of the main factors for having the centre hosted at the European Police Office (Europol) (http://www.rand.org/pubs/technical_reports/TR1218.html, in particular, p. 2, 86, 88, 90, 149 and 154, accessed on 26/04/12). This article highlights how far Europol’s robust data protection regime contributes to effectively fighting cybercrime while duly observing fundamental rights including the right for protection of personal data.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

Notes

  1. Europol [12], p. 14, Europol [9], p. 5. For a critical view on the threat posed by cybercrime see Monroy/Bush, [19], p. 3 ff. For a critical view on the estimation of cost resulting from cybercrime see Anderson et al. [25], p. 23 ff.

  2. Gercke [14], p. 35 ff.

  3. Europol [10], p. 6.

  4. European Commission [6], p. 9.

  5. European Commission [6], p. 9 f.

  6. Communication from the Commission to the Council and the European Parliament: Tackling Crime in our Digital Age: Establishing a European Cybercrime Centre, COM(2012) 140 final, 28/03/2012, p. 1 ff.; http://europa.eu/rapid/pressReleasesAction.do?reference=IP/12/317&format=HTML&aged=0&language=DE&guiLanguage=en, accessed on 26/04/12.

  7. See, in particular, p. 2, 86, 88, 90, 149 and 154 of the related feasibility study, http://www.rand.org/pubs/technical_reports/TR1218.html, accessed on 26/04/12.

  8. Council conclusions on the establishment of a European Cybercrime Centre 3172nd Justice and Home Affairs Council meeting Luxembourg, 7 and 8 June 2012 [5].

  9. Also see Opinion of the European Data Protection Supervisor on the Communication from the European Commission to the Council and the European Parliament on the establishment of the European Cybercrime Centre [8], p. 2.

  10. See Art. 27 ECD.

  11. The same is valid for the data protection regime of Eurojust, the EU’s judicial cooperation unit, see Alonso Blas, Ensuring effective data protection in the field of police and judicial activities, ERA Forum (2010) 11 p. 233 ff. [1].

  12. Council Decision of 6 April 2009 establishing the European Police Office (EUROPOL) (2009/371/JHA), OJ L 121/37, 15/05/2009 hereafter referred to as ‘ECD’.

  13. Council Decision of 30 November 2009 adopting the implementing rules for Europol analysis work files (2009/936/JHA), OJ L 325/14, 11/12/2009, hereafter referred to as ‘AWF Rules’.

  14. Council Decision of 30 November 2009 adopting the implementing rules governing Europol’s relations with partners, including the exchange of personal data and classified information (2009/934/JHA) OJ L 325/6, 11/12/2009.

  15. Council Decision of 30 November 2009 adopting the rules on the confidentiality of Europol information, (2009/968/JHA), OJ L 332/17, 17/12/2009.

  16. Decision of the Management Board of Europol of 4 June 2009 on the conditions related to the processing of data on the basis of Article 10(4) of the Europol Decision, OJ L 348/1, 29/12/2009.

  17. Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of data.

  18. Art. 39(6) ECD, also see Europol (ed.), Data Protection at Europol, p. 10 f.

  19. Also see Opinion of the European Data Protection Supervisor on the Communication from the European Commission to the Council and the European Parliament on the establishment of the European Cybercrime Centre, p. 3 f., 29/06/2012.

  20. Id., p. 2, 6.

  21. Art. 28 ECD.

  22. Europol [11], p. 27 ff.; for the importance of Privacy Enhancing Technologies (PETs) fostering privacy by design also see Opinion of the European Data Protection Supervisor on the Communication from the European Commission to the Council and the European Parliament on the establishment of the European Cybercrime Centre, p. 7, 29/06/2012.

  23. Art. 34 ECD.

  24. Europol [11], p. 32 f.; www.europoljsb.consilium.europa.eu, accessed on 08/02/2012.

  25. For details on how the entry into force of the Lisbon Treaty has further enhanced formal monitoring of Europol see Fletcher [13], p. 38 ff.

  26. Article 10(1) and (3) Protocol on Transitional Provisions Lisbon Treaty.

  27. Fijnaut, quoted as per Groenleer [15], p. 282.

  28. Also see Europol [11], p. 19 ff.

  29. Art. 23 ECD.

  30. Also see Opinion of the European Data Protection Supervisor on the Communication from the European Commission to the Council and the European Parliament on the establishment of the European Cybercrime Centre [8], p. 9 f.

  31. Communication from the Commission to the Council and The European Parliament: Tackling Crime in our Digital Age: Establishing a European Cybercrime Centre, COM (2012) 140 final, 28/03/2012, p. 7.

  32. Communication from the Commission to the Council and the European Parliament: Tackling Crime in our Digital Age: Establishing a European Cybercrime Centre, COM(2012) 140 final, 28/03/2012, p. 7.

  33. http://europa.eu/rapid/pressReleasesAction.do?reference=IP/12/317&format=HTML&aged=0&language=DE&guiLanguage=en, accessed on 26/04/12.

  34. Art. 25(3)(a) and (b) ECD.

  35. Art. 25(3)(c) ECD, Europol (ed.), Data Protection at Europol, p. 24 f.

  36. Also see Opinion of the European Data Protection Supervisor on the Communication from the European Commission to the Council and the European Parliament on the establishment of the European Cybercrime Centre [8], p. 7 ff., 29/06/2012.

  37. Europol [11], p. 14 f.

  38. Art. 12(1) ECD.

  39. Art. 20 ECD.

  40. Art. 12(5) ECD.

  41. See Art. 14 ff. ECD.

  42. Social Network Analysis (SNA) is a scientific approach that was adopted as an innovative way to conduct crime analysis. Now computer-assisted SNA techniques (i.e., algorithms) can be employed by analysts to measure and visualise any type of network data (data which are relational and related to certain attributes). Operational analysts are able to deal with complex and large volumes of data to quickly identify structural patterns that otherwise would remain unnoticed. SNA should not be confused with social networking and the types of network data available on websites such as Facebook and Google+. SNA may also be performed on such data sets but analysis of these publicly available sources is not a constituent element of this analytical technique. For a critical view on SNA in the context of social networking sites see Schulzki-Haddouti [22], p. 32 ff.; Kant/Busch [17], p. 40 ff.

  43. Exchangeable image file format (EXIF) is a standard that specifies the formats for images, sound and tags used by digital cameras, etc. EXIF data of a camera will reveal, for example, manufacturer, resolution, data and time, pixels and sometimes geo location.

  44. See International Association of Law Enforcement Intelligence Analysts, Inc. (ed.), Law Enforcement Analytic Standards, Richmond 2004 [16].

  45. Art. 6 AWF Rules.

  46. Art. 16 ECD, Art. 5 ff. AWF Rules.

  47. Europol [11], p. 16 f.

  48. Art. 14(1) ECD.

  49. Art. 20(1) ECD.

  50. Europol (ed.), Data Protection at Europol, p. 17.

  51. Art. 14(6) ECD.

  52. For a collation of ‘organisational pathologies’ including the establishment of information silos see Sheptycki [23], p. 307 ff. and ‘Review of influence of strategic intelligence on organised crime policy and practice’, London: Home Office Research and Statistics Directorate, quoted as per Ratcliffe [20], p. 253; also see Ratcliffe [21], p. 1.

  53. de Bono [2], p. 7 ff.

  54. For a comprehensive overview on the diversity of criminal offences qualifying as cybercrime refer to Gercke, [14], pp. 41–120.

  55. A Focal Point is an area within an AWF which focuses on a certain phenomenon from a commodity based, thematic or regional angle. It allows Europol to provide analysis, prioritise resources, ensure purpose limitation and maintain focus on expertise.

  56. A Target Group is an operational project with a dedicated Europol team to support an international criminal investigation or criminal intelligence operation against a specific target.

  57. See Article 14(1) subpar. 2 ECD.

  58. See Art. 6(1)(b) Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ L 281/40, 23/11/95; also see Brouwer [4], p. 276.

  59. Processing of personal data includes the collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction of personal data, see Art. 2(b) Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ L 281/40, 23/11/95.

  60. Europol [11], p. 17.

  61. Council of Europe Convention on Cybercrime, ETS 185, Budapest, 27/11/2001.

  62. For an overview of cybercrime definitions refer to Gercke [14], p. 25 ff.

  63. See Art. 15 ECD.

  64. However, the freedoms of speech, association and assembly—including both political speech and organising conducted via the Internet—are not available to citizens in every country. In some countries activists are in danger any time they access or even attempt to access a prohibited website or service or promote political dissent, see Moloney Figliola [18], pp. 1 and 8 with suggestions for further reading. For the discussion on access to the Internet as a human right see Gercke [14], p. 128.

  65. Brenner/Clarke [3], pp. 259–274.

  66. Wainwright, Press statement on the occasion of the World Economic Forum Davos summit, www.europol.europa.eu/content/press/fighting-cybercrime-%E2%80%93-major-challenge-global-society-1247, accessed on 26/01/2012.

References

  1. Alonso Blas, D.: Ensuring effective data protection in the field of police and judicial activities. ERA Forum 11, 233 (2010)

    Article  Google Scholar 

  2. de Bono, E.: Lateral thinking. London (1970)

  3. Brenner, S., Clarke, L.M.: Combating cybercrime through distributed security. International Journal of Intercultural Information Management 1(3), 259–274 (2009)

    Google Scholar 

  4. Brouwer, E.L.: Legality and data protection law: the forgotten purpose of purpose limitation. In: Besslink, L., Pennings, F., Prechal, S. (eds.): The Eclipse of Legality in Europe, p. 273 ff. Alphen aan den Rijn (2011)

  5. Council of the European Union (ed.), Council conclusions on the establishment of a European Cybercrime Centre 3172nd Justice and Home Affairs Council meeting Luxembourg, 7 and 8 June (2012)

  6. European Commission (ed.): The EU Internal Security Strategy in Action: Five steps towards a more secure Europe, COM(2010) 673 final, Brussels (2010)

  7. Id., Communication from the Commission to the Council and the European Parliament: Tackling Crime in our Digital Age: Establishing a European Cybercrime Centre, COM(2012) 140 final, 28/03/2012

  8. European Data Protection Supervisor: Opinion of the European Data Protection Supervisor on the Communication from the European Commission to the Council and the European Parliament on the establishment of the European Cybercrime Centre, p. 2, 29/06/2012

  9. Europol (ed.): Threat Assessment (abridged) Internet Facilitated Organised Crime iOCTA. The Hague (2011)

  10. Id.: Organised Threat Assessment 2011 (OCTA). Luxembourg (2011)

  11. Id.: Data Protection at Europol. Luxembourg (2011)

  12. Europol et al. (eds.): The Joint Report by EUROPOL, EUROJUST and FRONTEX on the State of Internal Security in the EU, Council document 9359/10, 07/05/2010

  13. Fletcher, M.: EU Criminal justice beyond Lisbon. In: Eckes, C., Konstadinides, T. (eds.): Crime within the Area of Freedom, Security and Justice. Cambridge (2011)

  14. Gercke, M.: Understanding Cybercrime: A Guide for Developing Countries. Geneva (2011)

  15. Groenleer, M.: The Autonomy of European Union Agencies. Delft (2009)

  16. International Association of Law Enforcement Intelligence Analysts, Inc. (ed.): Law Enforcement Analytic Standards. Richmond (2004)

  17. Kant, M., Busch, H.: Der Staat surft mit. In: Bürgerrechte & Polizei/CILIP (1/2011), pp. 40 ff. Berlin (2011)

  18. Moloney, F.: Patricia, Promoting Global Internet Freedom: Policy and Technology, Congressional Research Service Report for Congress. Washington, D.C. (2011)

  19. Monroy, M., Busch, H.: Digitaler Untergrund. In: Bürgerrechte & Polizei/CILIP (1/2011), pp. 3 ff. Berlin (2011)

  20. Ratcliffe, J.: Intelligence-Led Policing. Devon (2008)

  21. Id.: Integrated Intelligence and Crime Analysis: Enhanced Information Management for Law Enforcement Leaders. Washington, D.C. (2007)

  22. Schulzki-Haddouti: Christiane, Gläserne soziale Netzwerke. In: Bürgerrechte & Polizei/CILIP (1/2011), pp. 32 ff. Berlin (2011)

  23. Sheptycki, J.: Organisational pathologies in police intelligence systems: some contributions to the lexicon of intelligence-led policing. Eur. J. Criminol. 1(3) (2004)

  24. Id.: Review of influence of strategic intelligence on organised crime policy and practice. Home Office Research and Statistics Directorate, London (2004)

  25. Anderson, et al.: Measuring the Costs of Cybercrime, http://weis2012.econinfosec.org/papers/Anderson_WEIS2012.pdf, accessed on 11/07/12

  26. http://www.rand.org/pubs/technical_reports/TR1218.html, accessed on 26/04/12

  27. http://europa.eu/rapid/pressReleasesAction.do?reference=IP/12/317&format=HTML&aged=0&language=DE&guiLanguage=en, accessed on 26/04/12

  28. www.europol.europa.eu/content/press/fighting-cybercrime-%E2%80%93-major-challenge-global-society-1247, accessed on 26/01/2012

  29. www.europoljsb.consilium.europa.eu, accessed on 08/02/2012

Download references

Author information

Authors and Affiliations

  1. Head of the Data Protection Office, Europol, Eisenhowerlaan 73, 2517 KK, The Hague, The Netherlands

    Daniel Drewer

  2. Senior Expert in the Data Protection Office, Europol, Eisenhowerlaan 73, 2517 KK, The Hague, The Netherlands

    Jan Ellermann

Authors
  1. Daniel Drewer
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jan Ellermann
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Daniel Drewer.

Additional information

This article is based on a contribution given at the conference “Making Europe Safer: Europol at the Heart of European Security”, organised by ERA in cooperation with Europol on 18–19 June 2012 in The Hague. The opinions expressed by the authors in this article are personal ones and do not necessarily represent those of the organisation they work for.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Drewer, D., Ellermann, J. Europol’s data protection framework as an asset in the fight against cybercrime. ERA Forum 13, 381–395 (2012). https://doi.org/10.1007/s12027-012-0268-6

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12027-012-0268-6

Keywords

Search

Navigation