The European Commission has issued assurances to MEPs that Europol’s new decryption platform will not be used to abuse data protection standards and will maintain closely guarded access rights over the data retrieved.
However, some MEPs remain unconvinced that the operation of Europol’s technology will be completely free from abuse, particularly in countries where the rule of law and the independence of the judiciary has been called into question.
Since Europol launched its decryption platform in December last year, MEPs in Brussels have been seeking clarification on whether the technology had gone through the correct data protection protocols, whether it could pose a threat to fundamental rights, and if any third-party private organisations had been contracted to develop the technology.
The platform is currently being used by EU law enforcement authorities to decrypt information obtained during criminal investigations. The technology is able to decrypt access codes to smartphones, computers, laptops, and tablets. It is not, however, able to decrypt live communications.
‘No room for abuse’
The Commission attempted to assuage such concerns on Tuesday (23 March), noting that the development of the technology has been conducted completely in-house and has also gone through necessary data protection assessment procedures.
“There is absolutely no trace of any involvement of private operators in this project,” Olivier Onidi, Deputy Director-General of the Commission’s DG HOME told MEPs in the Civil Liberties Committee.
“The development has been purely done in-house,” he added, noting that this was a condition for the Commission’s funding of the platform, under the institution’s Joint Research Centre.
Onidi also said that ahead of the launch of the project, Europol had conducted its own voluntary data protection assessment and that the European Data Protection Supervisor had competence in ensuring compliance with the relevant EU data protection standards.
Moreover, the Commission official said that the access rights to the data retrieved from the operation of the platform are “fully in the hands of Europol,” and the EU’s police agency is the sole body that has the authority for its functioning.
Onidi also assured lawmakers that the technology is only being employed on data “lawfully seized by the authorities and fully under the control of a judiciary.”
“There’s absolutely no room for abuse through this platform and penetrations into equipment belonging to individuals who are not under the context of a judicial charge,” he added.
However, MEPs said they had several questions that remained unanswered. Renew Europe’s Sophie in ‘t Veld wanted to know how the Commission would respond in cases where the independence of the judiciary has been previously called into question, such as in Hungary and Poland, both countries being subject to Article 7 procedures for abuses in the rule of law.
In addition, S&D’s Paul Tang asked how the EU executive could ensure that the technology “is not abused to get insights into communications by critical voices of governments.”
The Commission was unable to respond to both questions raised by members, but did confirm that Europol itself “provides only the capacity to decrypt the access code” and the secure network to transmit the information. The information itself would only be accessible to the member state authorities that have requested it.
[Edited by Josie Le Blond]