HomeEuropol Litigation — CJEU Data Rights Enforcement
When Europol fails to respect your data rights and EDPS remedies are insufficient, litigation before the Court of Justice of the European Union is available. Our lawyers prepare and conduct CJEU proceedings to enforce your rights under EU Regulation 2016/794.
When CJEU Litigation Becomes Necessary
The ordinary route for challenging Europol’s data processing is through the European Data Protection Supervisor (EDPS). The EDPS investigates complaints and can order Europol to correct, delete, or restrict processing of personal data. However, the EDPS process has limitations: proceedings can be slow, enforcement is indirect, and the EDPS does not award compensation. When EDPS remedies have been exhausted without satisfactory resolution, or where Europol has failed to comply with an EDPS ruling, direct litigation before the Court of Justice of the European Union (CJEU) becomes the appropriate and most powerful remedy.
CJEU actions against Europol are brought under Article 268 TFEU and Article 340 TFEU, seeking non-contractual liability for unlawful data processing. The court can award financial compensation for material and non-material damage caused by Europol’s breach of EU data protection law. This is a significant tool for clients who have suffered professional or reputational harm due to Europol’s incorrect or unlawfully retained data.
| Remedy | Venue | Outcome | Timeline |
|---|---|---|---|
| Data access request | Europol directly | Access to your file | 3–4 months |
| Deletion/correction request | Europol directly | Data removed or corrected | 3–6 months |
| EDPS complaint | European Data Protection Supervisor | Investigation + enforcement order | 6–18 months |
| CJEU litigation | Court of Justice of the EU | Compensation + declaratory relief | 18–36 months |
Our CJEU Litigation Process
Litigation before the CJEU is highly specialised and requires thorough preparation. Our team follows a structured approach to maximise the prospects of success:
- Step 1 — Case assessment: We review all documentation from Europol, EDPS correspondence, and any prior proceedings to identify the strongest legal arguments and quantify potential damages.
- Step 2 — Pre-litigation steps: Where applicable, we exhaust or formally engage EDPS processes to establish a clear record of the breach and Europol’s failure to remedy it.
- Step 3 — Application to the CJEU: We draft and file the application, including the full factual narrative, legal submissions, and evidence bundle. The application is filed in English or French (the CJEU’s working languages).
- Step 4 — Written procedure: Both parties exchange written pleadings. Our lawyers respond to Europol’s defence and file any necessary replies.
- Step 5 — Hearing (if ordered): The CJEU may convene an oral hearing. Our advocates appear before the court and present oral argument.
- Step 6 — Judgment and enforcement: Following judgment, we advise on enforcement and ensure any compensation award is paid and any corrective obligations are fulfilled.
Our Practice Areas
Related Services
Data Access Request
Find out what data Europol holds about you
Data Deletion Request
Challenge and remove unlawful Europol data
EDPS Complaint
Escalate to the EU Data Protection Supervisor
Third-Country Transfer
Stop unlawful Europol data sharing abroad
Preventive Data Check
Verify your Europol status before problems arise
World-Check Removal
Remove your listing from risk screening databases
