Europol Act 2012
Access to personal data.
13.— (1) For the purposes of the application of the Council Decision to the State, references to the “authority” in Article 30.2 of the Council Decision shall be construed as references to the head of the national unit.
(2) A person may, by applying to the head of the national unit, request from Europol information as to whether personal data relating to him or her are processed by Europol and, if such data are so processed, may request to have such data communicated to him or her in a language that he or she understands.
(3) The national unit shall forward a request sent to it under subsection (2) to Europol within 30 days of receiving it.
(4) Where a request concerns data provided to Europol by the national unit and the designated competent authorities do not consider that access to the data should be permitted or otherwise object to the proposed response of Europol to the request, the national unit shall notify Europol of their objections and the reasons for them.
(5) The designated competent authorities may object to the provision of information in response to a request under subsection (2) where either of those authorities considers that providing the information concerned would be likely to—
( a) prejudice the sovereignty, security or other essential interests of the State or would be contrary to public policy or public order,
( b) prejudice investigations in relation to alleged criminal offences or criminal proceedings in the State, or
( c) prejudice the rights and freedoms of a person.
(6) When considering an objection to the grant of access to data, the designated competent authority concerned shall take into account the interests of the person making the request.
(7) The State shall be liable for any injury, loss or damage caused to a person by a legal or factual error in data processed by Europol, where the injury, loss or damage concerned was caused in the State.