Europol ordered to delete huge stash of personal data

(Image credit: Unsplash)

Europol has been told it needs to delete a huge database of information it has collected on EU citizens over the last few years as it cannot prove exactly why it is still keeping the data around.

The order has been given to the law enforcement agency of the European Union by the European Data Protection Supervisor (EDPS). EDPS is the data watchdog organization that ensures EU institutions remain compliant with the bloc’s privacy and data protection rules.

This move is a step up from the EDPS’ 2019 investigation, in which it concluded that Europol was storing private data on potential criminals and terrorism suspects without actually checking whether or not the data harvesting was justified. As a result, EU citizens were at risk of being wrongfully accused of crime and terrorism, and perhaps even at risk of identity theft and data leaks.

A win for privacy advocates

Given that Europol failed to properly respond to the earlier conclusions, EDPS has now given more concrete orders and a stricter deadline of a year to get the task done. 

“While some measures have been put in place by Europol since then, Europol has not complied with the EDPS’ requests to define an appropriate data retention period to filter and to extract the personal data permitted for analysis under the Europol Regulation,” the EDPS’ press release reads.

The stash allegedly contains four petabytes of data.

“Europol has dealt with several of the data protection risks identified in the EDPS’ initial inquiry. However, there has been no significant progress to address the core concern that Europol continually stores personal data about individuals when it has not established that the processing complies with the limits laid down in the Europol Regulation," noted the EDPS' Wojciech Wiewiórowski.

"Such collection and processing of data may amount to a huge volume of information, the precise content of which is often unknown to Europol until the moment it is analysed and extracted - a process often lasting years. A 6-month period for pre-analysis and filtering of large datasets should enable Europol to meet the operational demands of EU Member States relying on Europol for technical and analytical support, while minimising the risks to individuals’ rights and freedoms. Furthermore, understanding the operational needs of Europol and the amount of data collected so far, I have decided to grant Europol a period of 12 months to ensure compliance with the Decision for the datasets already in Europol’s possession.”

And while privacy advocates will praise EDPS’ moves, not everyone will agree. EU Home Affairs Commissioner Ylva Johansson told The Guardian that law enforcement agencies need “the tools, resources, and the time, to analyze data that is lawfully transmitted to them. In Europe, Europol is the platform that supports national police authorities with this herculean task.”

Via: The Guardian

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.