Europol has been told it needs to delete a huge database of information it has collected on EU citizens over the last few years as it cannot prove exactly why it is still keeping the data around.
The order (opens in new tab) has been given to the law enforcement agency of the European Union by the European Data Protection Supervisor (EDPS). EDPS is the data watchdog organization that ensures EU institutions remain compliant with the bloc’s privacy (opens in new tab) and data protection rules.
This move is a step up from the EDPS’ 2019 investigation, in which it concluded that Europol was storing private data on potential criminals and terrorism suspects without actually checking whether or not the data harvesting was justified. As a result, EU citizens were at risk of being wrongfully accused of crime and terrorism, and perhaps even at risk of identity theft (opens in new tab) and data leaks.
A win for privacy advocates
Given that Europol failed to properly respond to the earlier conclusions, EDPS has now given more concrete orders and a stricter deadline of a year to get the task done.
“While some measures have been put in place by Europol since then, Europol has not complied with the EDPS’ requests to define an appropriate data retention period to filter and to extract the personal data permitted for analysis under the Europol Regulation,” the EDPS’ press release reads.
The stash allegedly contains four petabytes of data.
“Europol has dealt with several of the data protection risks identified in the EDPS’ initial inquiry. However, there has been no significant progress to address the core concern that Europol continually stores personal data about individuals when it has not established that the processing complies with the limits laid down in the Europol Regulation," noted the EDPS' Wojciech Wiewiórowski.
"Such collection and processing of data may amount to a huge volume of information, the precise content of which is often unknown to Europol until the moment it is analysed and extracted - a process often lasting years. A 6-month period for pre-analysis and filtering of large datasets should enable Europol to meet the operational demands of EU Member States relying on Europol for technical and analytical support, while minimising the risks to individuals’ rights and freedoms. Furthermore, understanding the operational needs of Europol and the amount of data collected so far, I have decided to grant Europol a period of 12 months to ensure compliance with the Decision for the datasets already in Europol’s possession.”
And while privacy advocates will praise EDPS’ moves, not everyone will agree. EU Home Affairs Commissioner Ylva Johansson told The Guardian that law enforcement agencies need “the tools, resources, and the time, to analyze data that is lawfully transmitted to them. In Europe, Europol is the platform that supports national police authorities with this herculean task.”
- You might also want to check out our list of the best VPN providers today
Via: The Guardian (opens in new tab)