The European Union Agency for Law Enforcement Cooperation (Europol) plays a central role in providing the support necessary to and coordination between Member State authorities, thereby contributing to the fight against serious, cross-border criminal activities. Europol as a general rule is not allowed to exchange personal data directly with private parties (direct exchange). Such exchange of personal data should be channeled through an intermediary (indirect exchange), e.g. Europol National Units, or competent authorities (e.g. Passenger Information Units). Direct exchange of personal data is only allowed under strict conditions, as specified in the Europol Regulation. Some stakeholders have recently called upon Europol to take on additional tasks, which may require the enhanced exchange of personal data with third parties, including via the direct channels. This might be necessary to more efficiently support Member States in their investigations.

Against this background the main purpose of the study is to analyse the current practice of direct exchange of personal data between Europol and private parties and to draw some conclusions regarding the functioning of the system.