Under Article 25 of the Europol Regulation, personal data may only be transferred to a third country if:

• An adequacy decision exists (the Commission has determined the third country provides adequate data protection), OR
• Appropriate safeguards are in place under a cooperation agreement, OR
• In exceptional cases, transfer is necessary to protect vital interests or prevent immediate threat to public security

If a transfer to a third country does not meet these conditions, you have the right to object under Article 28 (right to data correction and deletion) and to seek judicial review of the transfer.

Our lawyers challenge third-country transfers on the following grounds:

• Lack of adequate safeguards: Where the cooperation agreement does not provide equivalent data protection to EU standards
• Purpose limitation violation: Where data transferred for one purpose is being used for an unrelated criminal prosecution
• Data accuracy: Where the underlying data is inaccurate, out of date, or the criminal charges have been dropped or acquitted
• Disproportionality: Where the transfer is disproportionate to the alleged offence

A successful challenge can result in deletion of the transferred data from the third country’s systems, cessation of further transfers, and removal from associated databases including Interpol.

Our clients affected by Europol third-country data transfers typically include:

• Nationals of non-EU countries under active investigation in their home state, where Europol has shared intelligence with local authorities under a bilateral cooperation agreement.
• Businesspeople and investors whose financial data was shared with US law enforcement (FBI, DEA, FinCEN) without their knowledge, leading to OFAC designation or federal investigation.
• Individuals with pending Interpol notices where Europol’s intelligence sharing with the issuing country contributed to the notice’s circulation or strengthened the requesting state’s legal position.
• Political dissidents and activists in third countries where Europol data was transferred to governments known to prosecute based on political opinion, in violation of Article 25(5) of the Europol Regulation.

If you believe Europol has shared your personal data with a third-country authority — whether Russia, Ukraine, the UAE, Israel, Georgia, or the United States — our lawyers can assess the legal basis for that transfer and challenge it on your behalf.

Contact us at +357 96 447475 for a confidential assessment. See also our related service on Europol Data Access Requests and Europol Data Deletion.