Data Protection and the EPPO

The European Public Prosecutor’s Office (the ‘EPPO’) necessarily processes personal data in order to fulfil its mission; As such, it falls squarely within the European Union (EU) data protection regulatory landscape. However, because the EU data protection regulatory landscape itself is currently found at a crossroads, an analysis of the EPPO data protection model may be twofold: First, placing it within the proper cross-organization dialogue currently taking place on the future regulatory model of personal data processing for law enforcement purposes carried out at EU level. Second, at an EPPO-specific level, whereby the actual data protection regime afforded to it may be assessed. This article purports to elaborate upon the above two data protection dimensions of EPPO personal data processing activities: It presents considerations and policy options during the lawmaking period that resulted in the establishment of the EPPO, it analyses the data protection regime ultimately awarded to it and attempts to, critically, place the EPPO data protection model within its proper operational and legislative environment.