EU data watchdog to Europol: You've helped yourself to too much data

2022-01-11 11:47

The European Data Protection Supervisor has ordered European Union law enforcement agency Europol to delete any data it has on individuals that's over six months old, provided there's no link to criminal activity.

The investigation concluded the law enforcement agency needed to up its game when it came to data minimisation and retention and encouraged Europol to make necessary changes and then let the EDPS know of its action plan.

According to regulations, "Personal data should be adequate, relevant, and limited to what is necessary in relation to the purposes for which this data is processed," and "Personal data processed by Europol shall be kept in a form which permits identification of data subjects for no longer than necessary for the purposes for which the personal data are processed."

Indeed the EDPS found Europol's interpretation and subsequent actions to correct the data management inadequate, despite the pan-Europe police body implementing technical measures to separate and secure datasets to minimize chances of data misuse.

One beef the EDPS had was that Europol didn't specify a time limit for its extraction process or a maximum retention period on datasets that didn't include data subject categories.

The database is an aggregate of several sources of information, both public and private, and includes a swath of information ranging from biometrics to data relating to an individual's work and travel.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/01/11/eu_data_watchdog_to_europol/

#EU #europol