The European Data Protection Supervisor (EDPS) has ordered European Union law enforcement agency Europol to delete any personal data in its possession that is older than six months, provided it is not linked to criminal activity.
From April 2019 to September 2020, EDPS said it conducted a survey of a large dataset collected by Europol for strategic and operational analysis. The investigation concluded that law enforcement agencies need to up their game when it comes to data minimization and retention, and encouraged Europol to make the necessary changes and then let the EDPS know its plan of action.
According to the regulations, “Personal data shall be sufficient, relevant and limited to those necessary for the purpose for which the data is processed”, and “Personal data processed by Europol shall be kept in a form that allows identification of the subject matter for a period of time not exceeding the processing of the personal data. the time necessary for the purpose of
To be fair, this is a vague directive that allows for multiple interpretations.
In fact, the EDPS found Europol’s interpretation and subsequent corrective data management measures insufficient, despite the technical measures implemented by the pan-European police agency to separate and secure data sets to minimise the potential for data misuse.
One disadvantage of EDPS is that Europol does not specify a time limit for its extraction process or a maximum retention period for datasets that do not include categories of data subjects.Europol quote [PDF] The nature of long-term criminal investigations is the reason for the need for longer retention periods.
EDS appointee Wojciech Wiewiórowski Say In the canned declaration:
On January 3, after some tossing between the two sides, the watchdog zoom out Europol interprets the space of regulations through directives.
Supervisor said:
Europol must also provide implementation reports every three months for a year. Ah, paperwork, right?
The database is a collection of multiple public and private sources of information, including a wealth of information from biometrics to data related to an individual’s work and travel.
In a statement, the EDPS said: “If the safeguards provided in the Europol Regulations are not implemented, individuals run the risk of being falsely linked to criminal activity across the EU, which can affect their personal and professional lives. cause potential damage.” Documentation. ®
