Europol Ordered to Delete Vast Trove of Personal Information
Europol has been told to delete a vast data trove of information on individuals with no link to criminality after previously failing to comply with regulations governing the policing body.
The European Data Protection Supervisor (EDPS) notified Europol of the order on January 3, following an inquiry in 2019. It now has 12 months to filter and extract relevant personal data permitted for analysis under the so-called Europol Regulation.
Any data older than six months on individuals not linked to criminality (known as data subject categorization) must be deleted, the EDPS said.
Europol’s apparent foot-dragging and failure to comply with the principles of data minimization and storage limitation enshrined in the Europol Regulation led to a rare admonishment by the EDPS in September 2020.
“Europol has dealt with several of the data protection risks identified in the EDPS’s initial inquiry. However, there has been no significant progress to address the core concern that Europol continually stores personal data about individuals when it has not established that the processing complies with the limits laid down in the Europol Regulation,” explained EDPS Wojciech Wiewiórowski.
“Such collection and processing of data may amount to a huge