V Mitsilegas and N Vavoula, ‘Databases’, in V Mitsilegas, EU Criminal Law (Hart 2022, 2nd edn) ch 5.
The law enforcement branch of SIS is governed by Regulation (EU) 2018/1862 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters, amending and repealing Council Decision 2007/533/JHA, and repealing Regulation (EC) No 1986/2006 of the European Parliament and of the Council and Commission Decision 2010/261/EU. For the other branches see Regulation (EU) 2018/1861 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of border checks, and amending the Convention implementing the Schengen Agreement, and amending and repealing Regulation (EC) No 1987/2006; Regulation (EU) 2018/1860 of the European Parliament and of the Council of 28 November 2018 on the use of the Schengen Information System for the return of illegally staying third-country nationals.
J Dumortier, ‘The Protection of Personal Data in the Schengen Convention’ (1997) 11 International Review of Law, Computers & Technology 93, 93.
Regulation (EU) 2019/816 of the European Parliament and of the Council of 17 April 2019 establishing a centralised system for the identification of Member States holding conviction information on third-country nationals and stateless persons (ECRIS-TCN) to supplement the European Criminal Records Information System and amending Regulation (EU) 2018/1726.
Council Decision 2009/316/JHA on the establishment of the European Criminal Records Information System (ECRIS) in application of Article 11 of Framework Decision 2009/315/JHA; Council Framework Decision 2009/315/JHA on the organisation and content of the exchange of information extracted from the criminal record between Member States.
See N Vavoula, Immigration and Privacy in the Law of the European Union–The Case of Information Systems (Brill Nijhoff 2022).
Regulation (EU) 2016/794, as regards Europol’s cooperation with private parties, the processing of personal data by Europol in support of criminal investigations, and Europol’s role in research and innovation, as amended.
Article 17.
F Coudert, ‘The Europol Regulation and Purpose Limitation: From the ‘Silo-Based Approach’ to … What Exactly?’ (2017) 3 European Data Protection Law Review 313.
Regulation (EU) 2022/991 of the European Parliament and of the Council of 8 June 2022 amending Regulation (EU) 2016/794, as regards Europol’s cooperation with private parties, the processing of personal data by Europol in support of criminal investigations, and Europol’s role in research and innovation. For a critical appraisal of the proposal
see N Vavoula and V Mitsilegas, ‘Strengthening Europol’s mandate: A legal assessment of the Commission’s proposal to amend the Europol Regulation’ (European Parliament Policy Department for Citizens’ Rights and Constitutional Affairs, Study commissioned by the LIBE Committee, May 2021) at www.europarl.europa.eu.
Council of the European Union, Doc. 13302/25 (9 October 2025).
European Data Protection Supervisor, ‘EDPS Decision on the own initiative inquiry on Europol’s big data challenge’ (5 October 2020), at https://www.edps.europa.eu/data-protection/our-work/publications/investigations/edps-decision-own-initiative-inquiry-europols_en.; European Data Protection Supervisor, ‘EDPS Decision on the retention by Europol of datasets lacking Data Subject Categorisation’ (Brussels, 21 December 2021), at www.edps.europa.eu.
Directive (EU) 2023/977 of the European Parliament and of the Council of 10 May 2023 on the exchange of information between the law enforcement authorities of Member States and repealing Council Framework Decision 2006/960/JHA.
Council Framework Decision 2009/315/JHA of 26 February 2009 on the organisation and content of the exchange of information extracted from the criminal record between Member States.
Council Framework Decision 2006/960/JHA of 18 December 2006 on simplifying the exchange of information and intelligence between law enforcement authorities of the Member States of the European Union.
Directive 2014/41/EU of the European Parliament and of the Council of 3 April 2014 regarding the European Investigation Order in criminal matters.
T Walh, ‘Exchange of Information between Law Enforcement Authorities on New Footing’ (2023) eucrim 36, at eucrim.eu.
Council Decision 2008/615/JHA of 23 June 2008 on the stepping up of cross-border cooperation, particularly in combating terrorism and cross-border crime; Council Decision 2008/616/JHA of 23 June 2008 on the implementation of Decision 2008/615/JHA on the stepping up of cross-border cooperation, particularly in combating terrorism and cross-border crime.
Regulation (EU) 2024/982 of the European Parliament and of the Council of 13 March 2024 on the automated search and exchange of data for police cooperation, and amending Council Decisions 2008/615/JHA and 2008/616/JHA and Regulations (EU) 2018/1726, (EU) No 2019/817 and (EU) 2019/818 of the European Parliament and of the Council (the Prüm II Regulation).
European Digital Rights (EDRi), ‘Respecting fundamental rights in the cross-border investigation of serious crimes’ (EDRi position paper, 7 September 2022), at edri.org p. 27.
V Mitsilegas, ‘The Privatisation of Surveillance in the Digital Age’ in V Mitsilegas and N Vavoula (eds), Surveillance and Privacy in the Digital Age: European, Transatlantic and Global Perspectives (Hart Publishing 2021);
R Bellanova and M de Goede, ‘Co-Producing Security: Platform Content Moderation and European Security Integration’ (2021) Journal of Common Market Studies 1.
V Mitsilegas, Money Laundering Counter-measures in the European Union: A New Paradigm of Security Governance versus Fundamental Legal Principles (Kluwer Law International 2003).
For the applicable legal framework see Regulation (EU) 2024/1624 of the European Parliament and of the Council of 31 May 2024 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing [2024] OJ L2024/1624, 19.6.2024; Directive (EU) 2024/1640 of the European Parliament and of the Council of 31 May 2024 on the mechanisms to be put in place by Member States to prevent the use of the financial system for the purposes of money laundering or terrorist financing, amending Directive (EU) 2019/1937, and amending and repealing Directive (EU) 2015/849 [2024] OJ L2024/1640, 19.6.2024.
T Quintel, ‘Follow the Money, If You Can-Possible Solutions for Enhanced FIU Cooperation Under Improved Data Protection Rules’ (University of Luxembourg Law Working Paper No.001-2019), at ssrn.com.
On the data retention saga see among others V Mitsilegas, E Guild, E Kuskonmaz and N Vavoula, ‘Data Retention and the Future of Large-scale Surveillance: The Evolution and Contestation of Judicial Benchmarks’ (2022) European Law Journal 176;
N Ni Loideain, EU Data Privacy Law and Serious Crime: Data Retention and Policymaking (Oxford University Press 2025).
Directive (EU) 2016/681 of the European Parliament and of the Council of 27 April 2016 on the use of passenger name record (PNR) data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime.
Regulation (EU) 2023/1543 of the European Parliament and of the Council of 12 July 2023 on European Production Orders and European Preservation Orders for electronic evidence in criminal proceedings and for the execution of custodial sentences following criminal proceedings PE/4/2023/REV/1.
Joined Cases C-511/18, C-512/18 and C-520/18 La Quadrature du Net and Others v Premier ministre and Others, ECLI:EU:C:2020:791.
Case C-817/19 Ligue des droits humains v Conseil des Ministres, ECLI:EU:C:2022:491.
C Thönnes, ‘A Directive altered beyond recognition : On the Court of Justice of the European Union’s PNR decision (C-817/19)’ (Verfassungsblog, 23 June 2022) at verfassungsblog.de.
European Commission, Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions-Roadmap for lawful and effective access to data for law enforcement COM/2025/349 final.
Regulation (EU) 2021/784 of the European Parliament and of the Council of 29 April 2021 on addressing the dissemination of terrorist content online.
Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market For Digital Services and amending Directive 2000/31/EC (Digital Services Act).
European Commission, ‘Proposal for a Regulation of the European Parliament and of the Council laying down rules to prevent and combat child sexual abuse’ COM(2022) 209 final.
L de Swart and others, ‘Complementary Impact Assessment of the proposal for a regulation laying down the rules to prevent and combat child sexual abuse’ (commissioned by the European Parliament Research Service, April 2023) at www.europarl.europa.eu.
Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence and amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 (Artificial Intelligence Act).
La Quadrature du Net and Others v Premier ministre and Others (n 28) paras 172-182.
Ligue des droits humains v Conseil des Ministres (n 29) paras 176-213;
La Quadrature du Net and Others v Premier ministre and Others (n 28) paras 172-182.
Z Chen and others, ‘Machine Learning Techniques for Anti-money Laundering (AML) Solutions in Suspicious Transaction Detection: A Review’ (2018) 57 Knowledge and Information Systems 245.
N Vavoula, ‘Data Retention and Automated Processing of Personal Data: Unpacking the CJEU’s Approach’ in E Kosta and I Kamara (eds), Data Retention in Europe and Beyond: Law and Policy in the Aftermath of an Invalidated Directive (Oxford University Press 2025).
A Sachoulidou and N Vavoula, ‘Artificial Intelligence and Surveillance’ in J Sperling and S Lucarelli (eds), Handbook of European Union Governance (Edward Elgar Publishing 2025).
N Vavoula, ‘Police Information Exchange–The future development regarding Prüm and the API Directive’ (European Parliament Policy Department for Citizens’ Rights and Constitutional Affairs, Study commissioned by the LIBE Committee of the European Parliament, September 2020) at www.europarl.europa.eu.
European Commission, Staff Working Document, ‘Better Regulation Guidelines’, SWD (2021) 305 final.
