The European Union’s data protection control entity ordered its criminal agency, Europol, to eliminate all information related to individuals not linked to a proven crime.
The European Data Protection Supervisory Body, SEPD, commented on Monday that Europol already received a notification of this order at the beginning of the year, on January 3, as a result of an investigation started in 2019.
Europol will have to remove from its files all information not linked to any crime
The British newspaper The Guardian claimed to have access to internal documents, based on those who indicated that the personal data file handled by Interpol is equivalent in volume to “One fifth of all content in the United States Library of Congress”, without being these necessarily linked to criminal causes.
Against this background, the EDPS said that, as part of his investigation, he reproached Europol two years ago “For the continuous storage of large volumes” of those data, “Which represents a risk to the fundamental rights of people”, as pointed out from Associated Press.
The watchdog indicated that it imposed a six-month period for evaluating new data sets and deciding, based on known antecedents, whether to keep the information stored. The SEPD gave the criminal agency a 12-month margin to comply with the decision on the data it received before January 4.
However, the data protection entity commented that Europol has introduced some measures since that first notification, but has not fully complied with the requests entrusted to establish an adequate time range to store certain information. “This means that Europol kept these data for longer than necessary”said the EDPS.
‘A 6-month period for pre-analysis and filtering of large data sets should allow Europol to meet the operational demands of EU Member States that depend on Europol for technical and analytical support, while minimizing risks for the rights and freedoms of people », precisó Wojciech Wiewiórowski, supervisor del SEPD.
Europol did not immediately respond to the announcement, limiting itself to denying the existence of irregularities and the EDPS did not disclose the volume of data stored by Europol, but did state that they are seeking to establish a middle ground between the safety of their citizens and the safeguard from the same EU.