The EDPS, which supervises the data privacy of European institutions, has asked Europe’s highest court to overturn regulation changes that allow Europol to retroactively legalize personal data storage on individuals with no ties to criminal activity. The EDPS argues that the changes weaken its authority.
The European Data Protection Supervisor (EDPS) filed a complaint with the Court of Justice of the European Union (CJEU) on September 16. The complaint criticizes two revisions to Europol guidelines that went into effect on June 28 and were agreed upon by EU governments and legislators.
Before the revisions, Europol was supposed to verify if the personal data it acquired was related to criminal activity within six months. If not, the data was to be removed by January 4, 2023. The revisions allow Europol to retain data that has not yet been purged.
According to Wojciech Wiewiórowski, who holds the seat of European Data Protection Supervisor, the EDPS has requested the European Union’s Court of Justice to overturn the revised laws. One of the reasons he gave is that it will ensure the privacy of individuals in the very sensitive sphere of law enforcement, in which the handling of personal information carries risks for subjects.
Accused of a crime
Wiewiórowski emphasized that police cooperation in Europe is critical, but must nevertheless adhere to the rule of law. Massive police databases could put millions of innocent people at risk of being wrongly accused of a crime simply because they happened to be in the wrong place at the wrong time.
Wiewiórowski added that an overturn would ensure that the EU legislature won’t unnecessarily ‘move the goalposts’ in the privacy and data protection domain, where the independent nature of a supervisory authority’s enforcement powers needs legal clarity of the laws being applied. Patrick Breyer, a member of the European Parliament, praised the EDPS’s decision.