1.Processing of personal data in respect of victims of a criminal offence, witnesses or other persons who can provide information concerning criminal offences, or in respect of persons under the age of 18, shall be allowed if it is strictly necessary and proportionate for preventing or combating crime that falls within Europol's objectives.
2.Processing of personal data, by automated or other means, revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership and processing of genetic data or data concerning a person's health or sex life shall be prohibited, unless it is strictly necessary and proportionate for preventing or combating crime that falls within Europol's objectives and if those data supplement other personal data processed by Europol. The selection of a particular group of persons solely on the basis of such personal data shall be prohibited.
3.Only Europol shall have direct access to personal data as referred to in paragraphs 1 and 2. The Executive Director shall duly authorise a limited number of Europol officials to have such access if it is necessary for the performance of their tasks.
4.No decision by a competent authority which produces adverse legal effects concerning a data subject shall be based solely on automated processing of data as referred to in paragraph 2, unless the decision is expressly authorised pursuant to national or Union legislation.
5.Personal data as referred to in paragraphs 1 and 2 shall not be transmitted to Member States, Union bodies, third countries or international organisations unless such transmission is strictly necessary and proportionate in individual cases concerning crime that falls within Europol's objectives and in accordance with Chapter V.
6.Every year Europol shall provide to the EDPS a statistical overview of all personal data as referred to in paragraph 2 which it has processed.