Privacy advocates win as EDPS orders European law enforcement to comply with data protection legislation
On January 3, 2022, Europol was ordered to delete its massive stores of personal data collected from police agencies across the EU over the last six years. The order was delivered by the European Data Protection Supervisor (EDPS), a watchdog body that oversees EU institutions include the law enforcement agency of the European Union.
This concludes the 2019 inquiry following notification from Privacy XT at the end of last year about concerns over unrestricted access for law enforcement agencies across Europe to information on people not suspected nor accused of anything illegal.
Europol’s failure to comply
Europol has not complied with European Data Protection Standards since they were introduced. The lack of accountability and oversight means there is no method to prevent or trace malicious data access.
This sensitive personal data of EU citizens was stored for longer than necessary without additional security measures to protect it from violations mentioned in the Europol Regulation, which may lead to breaches & compromises.
In light of the above, the European Data Protection Server has decided to use its corrective powers and impose a 6-month retention period for datasets that haven’t been analyzed. Moreover, Europol has been given a year to evaluate its databases and remove any data unrelated to a criminal investigation.
What it involves
Datasets older than six months must be destroyed. Furthermore, Europol will no longer retain digital data about people who have not been linked to a crime or criminal activity without providing an expiration date.
Europol has been granted a 12-month period to comply with the European Data Protection Board’s Decision. The law enforcement agency is reportedly confident that this order will allow the agency to comply with the Europol Regulation while still operating at its best.