The new DPC website is currently under construction. Our latest guidance in relation to GDPR, which comes into effect on 25th May, 2018, can be found at gdprandyou.ie and via pages on this website starting with "NEW" as per the navigation pane on the left. All other material on this site relates to the previous legislative regime under the Data Protection Acts 1988-2003 ("the Acts"). While the Acts may continue to apply in some circumstances, as of 25th May, 2018 the GDPR is the primary piece of legislation governing data protection.

Data Protection Commission
Europol was established in 1995 under an EU Convention. Europol is now set up under the Europol Council Decision (ECD) of 6 April 2009. This new legal base replaced the original legal basis - the Europol Convention of 26 July 1995 - as of 1 January 2010. Under the Convention, organised crime was the sole focus of Europol’s activities. The Council Decision removed the requirement that an organised criminal structure must be involved before Europol can act. It is now sufficient for the crime concerned to be a serious offence involving two or more Member States. These offences include transnational crimes such as drug trafficking, terrorism, money laundering and also include murder and kidnapping.
[On 11 May 2016 a new regulation for Europol was adopted (EU 2016/794). The regulation which comes into force in May 2018 extends Europol's role and responsibilities to allow for a coordinating role in investigations].
National Supervision
The Europol Act 2012 gave effect to the 2009 EU Council Decision establishing Europol. Europol was originally set up in 1995 under an EU Convention which was given the force of law in this State through the Europol Act 1997 (as amended). The Europol Act 1997 has since been repealed and replaced by the Europol Act 2012. As was the case with the Convention, the ECD provides for a robust data protection regime.
Under Article 14 of the Europol Act 2012 the Data Protection Commissioner is designated as the national supervisory body for the purposes of this Act and the Council Decision.
European Supervision
The operations of Europol are also subject to supervision to ensure that data protection rules are complied with. This supervision is currently carried out by the Europol Joint Supervisory Body (JSB), which draws its membership from all of the national data protection authorities, including the Irish Data Protection Commissioner. Two of the JSB's main functions involve examining proposals from Europol to open new Analysis Work Files, and examining proposals from Europol to exchange personal data with overseas law enforcement authorities and private third parties.
The JSB is also responsible for conducting inspections of Europol in order to determine compliance with the provisions of the Europol Convention. Please see "The fifth activity report of Joint Supervisory Body of Europol" and the latest report issued by the JSB ‘Report on victims of trafficking in human beings - data protection perspective’.
In May 2018 when the new Europol Regulation (EU) 2016/794 comes into effect, European data protection supervision of Europol will transfer to the European Data Protection Supervisor.
Access Rights of data subjects in relation to Europol
Under Article 13 of the Europol Act 2012, an individual wishing to exercise his/her right of access to data relating to him/her which are stored within Europol, or to have such data checked, may make a request free of charge to the Europol National Unit (see address below), who shall then transmit the request to Europol and notify the individual concerned that Europol shall reply directly. Europol must deal with the request within three months of its receipt.
Europol National Unit
Liaison & Protection
Garda Headquarters
Phoenix Park
Dublin 8