The information Europol is allowed to store on persons suspected of racism and xenophobia must comply with the requirements of the Council Decision of 6 April 2009 establishing Europol(1) and notably with the provisions on information processing systems (Articles 10 to 22). According to the rules set out in the Council Decision, the sources of Europol's information are, among others, Member States' competent authorities and third states or bodies.

Europol’s competences cover organised crime, terrorism and other forms of serious crime as listed in the annex of the Europol Council Decision affecting two or more Member States in such a way as to require a common approach by the Member States (Article 4(1)). ‘Racism and xenophobia’ is listed in the annex to the Council Decision as one of the forms of serious crimes which Europol is competent to deal with. Council Framework Decision 2008/913/JHA of 28 November 2008(2) approximates EU criminal legislations on offences concerning racism and xenophobia.

Europol has no mandate with which to facilitate or execute extradition requests.

Article 20 of the Europol Council Decision lays down the time limits for the storage and deletion of data. The main rule is that Europol shall hold data in its files only for as long as is necessary for the performance of its tasks.  The need for continued storage shall be reviewed no later than three years after the input of data. This means that Europol is obliged to review the information after three years and justify the need of any continuation of storage after this period of time. Europol informs automatically Member States three months in advance of the expiry of the time limits for reviewing the storage of their data.

Europol has no autonomous investigative powers.

The Europol Council Decision stipulates that Europol may only process so-called ‘sensitive data’, if it is strictly necessary for the purposes of the file concerned and unless such data supplement other personal data already input in that file. Europol always has to specify why the processing of this kind of information is really necessary.

The reasons for the processing of sensitive data are specified before Europol starts processing sensitive-data in its files: the Opening Order of each analysis work file (AWF) describes all categories of data (including sensitive data) and the underlying reasons of the necessity to process those data. The Opening Order is scrutinised by Europol's Data Protection Officer and provided to Europol’s Joint Supervisory Body and Management Board.

An additional safeguard is foreseen in Article 14(1) of the Council Decision: ‘The selection of a particular group of persons solely on the basis of the abovementioned sensitive data, in breach of the aforementioned rules with regard to purpose, shall be prohibited.’

(1) OJ L 121, 15.5.2009. (2) OJ L 328, 6.12.2008.