The EU asks Europol to erase data of those that hadn’t committed crime

The European Union (EU) has ordered Europol to delete a huge database of data associated with EU citizens who weren’t associated with any crimes in recent years. The order was made today by the European Data Protection Supervisor (EDPS).

Europol has been given a year time to compile the order. They need to analyze and remove the data of those citizens who weren’t involved in any criminal activities recently. Europol has these privileges to gather and process personal information for legal purposes but the data has to be removed after use and should not be kept in the database for more than six months.

The tug of war between the EDPS and Europol

After a prolonged discussion on the data retention, EDPS and the Europol weren’t able decide the retention period, hence EDPS has enforced the six month retention period.

“In view of the high risks for data subjects and potentially severe impact on their fundamental’s rights and freedoms, the EDPS urged Europol to implement all necessary and appropriate measures to mitigate the risks created by such personal data processing activities to data subjects. He invited Europol to provide an action plan to address the admonishment within two months and to report on the measures taken within six months. ” – Wojciech Wiewiórowski, EDPS.

EDPS has been analyzing Europol’s data collection and retention cycle for more than three years now. It all began in April 2019, with a report being published in 2020. EDPS came on top stating that Europol shouldn’t exploit the individuals’ fundamental rights. Despite the data collected and stored is kept safe with all the essential security measures.

“A 6-month period for pre-analysis and filtering of large datasets should enable Europol to meet the operational demands of EU Member States relying on Europol for technical and analytical support, while minimizing the risks to individuals’ rights and freedoms,” said Wojciech Wiewiórowski, the European Data Protection Supervisor.

The data collected by Europol includes personal details including biometrics, work and travel information. The data is a cumulative collection from the EU, private firms and national law enforcement agencies.

Europol’s reaction to the EU’s announcement

In-spite of the EU urging Europol to cut short their retention period to six months, Europol had mentioned that it wouldn’t be sufficient for a detailed analysis of complex datasets. Also, Europol has requested for a longer retention period as there is so much to do with the long-running criminals and their investigations.

They mentioned that information on a case could be obtained over a period and this information when included into the originals dataset which was existing for more than six months can give us a proper findings and interpretation of the case. They also mentioned about the 2021 SOCTA highlighting criminal network analysis require more than 10 years for right findings and reporting.

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, Instagram, Twitter and Reddit.

You can reach out to us via Twitter or Facebook, for any advertising requests.