MEPs urge European Fee to take motion over Europol’s shadow IT
Members of the European Parliament (MEPs) have written to the European Fee elevating issues over “systematic governance” failures within the European police company, Europol, and the European Union’s (EU) border and coast guard company, Frontex.
The letter, signed by 19 MEPs, follows an investigation by Laptop Weekly, Solomon and Correctiv that exposed Europol had saved enormous volumes of delicate information on shadow IT methods with out sufficient governance, auditing or safety controls.
The MEPs warn that it has change into more and more clear that Europol and the border company are processing, storing and transferring information in ways in which elevate severe issues beneath EU information safety regulation and the basic rules of the rule of regulation.
Supported by left group members, Germany’s Özlem Demirel, Spain’s Estrella Galán, Belgian Inexperienced MEP Saskia Bricmont, and different political teams, the letter warns that imminent plans to develop the remit of Europol and Frontex ought to solely go forward if the businesses are absolutely compliant with EU regulation and information safety rules.
MEPs name for sturdy impartial oversight
“These reforms can’t be restricted to operational or effectivity issues … they should be firmly conditioned on full compliance with the EU Constitution of Basic Rights, strict adherence to information safety rules, and the institution of strong, impartial, and enforceable oversight mechanisms,” the MEPs wrote.
The letter cites investigative reporting from Laptop Weekly, Solomon and Correctiv, revealing that Europol ran an inside shadow IT infrastructure the place giant volumes of delicate private information have been processed for years “exterior of correctly ruled and auditable methods”.
“These parallel environments seem to have enabled analytical work with out adequate entry controls, incomplete logging and, in some situations, circumvention of established inside and exterior oversight mechanisms,” the MEPs wrote.
The unregulated methods recognized embody a clandestine intelligence software – identified internally because the “stress cooker” and constructed to extract info from the web – that had been hid from Europe’s privateness regulator till 2019.
The EU’s high privateness watchdog, the European Information Safety Supervisor that oversees Europol, has confirmed that the accessible proof “might level to a broader sample of uncontrolled information processing than beforehand acknowledged”.
Frontex transferred tens of 1000’s of individuals’s information to Europol
The MEPs have additionally raised issues over the switch of private information associated to tens of 1000’s of individuals interviewed by Frontex to Europol with out sufficient authorized safeguards or particular person assessments of the need and proportionality of sharing the information.
An investigation by Le Monde, El País and Solomon in 2025 revealed that Frontex had collected information from 13,000 individuals throughout “debriefing interviews” and had systematically transferred it to Europol between 2019 and 2023.
The info included contact particulars, social media identifiers and sometimes unverified suspicion-based info. In a number of circumstances, the information was utilized in legal investigations into migrants and civil society actors.
The automated and bulk information transfers between Frontex and Europol are incompatible with core rules of EU information safety regulation, together with function limitation, information minimisation and lawfulness, based on the MEPs.
Taken collectively, the disclosures about Europol and Frontex recommend a systemic governance failure.
“Information obtained in legally and ethically delicate contexts is being transferred into institutional environments the place compliance with EU necessities on legality, accountability and transparency shouldn’t be sufficiently assured,” the MEPs wrote. “This undermines not solely information safety requirements, but additionally the broader integrity of EU regulation enforcement cooperation.”
European commissioners urged to behave
The letter is addressed to Michael McGrath, commissioner for democracy and justice, Magnus Brunner, commissioner for migration and residential affairs, and Henna Virkkune, government vice-president for tech sovereignty, safety and democracy.
It asks whether or not the European Fee will develop the investigatory and oversight powers of EDPS over Europol and Frontex, and what steps have been taken to carry senior officers to account on the police and border company for the breaches recognized.
“Can Europol and Frontex, of their present institutional and technical configurations, guarantee lawful and rights-compliant processing of private information in any respect, and the way can it’s ensured that such information breaches don’t occur once more?” the MEPs wrote.
They’re urging the fee to contemplate holding again a proportion of Europol’s price range that can solely be launched when Europol is compliant with information safety and different elementary rights.
“The upcoming selections on the way forward for each businesses due to this fact represent a decisive take a look at of the European Union’s credibility as a group ruled by the rule of regulation,” they wrote.
An earlier letter signed by 41 MEPs from 4 political teams in July 2025, calling for an impartial investigation into co-operation between Europol and Frontex, stays unanswered.
