Tuesday, January 11, 2022
"EU data supervisor orders Europol to erase data on individuals with no established links to criminal activity"
European Data Protection Supervisor (EDPS) Wojciech Wiewiórowski notified an order Monday directing the European Union Agency for Law Enforcement Cooperation (Europol) to erase datasets uncategorized within six months, since they could potentially contain data on individuals with no link to criminal activity.
Annex II.B and Articles 18(3) and 28(1) of the Europol Regulation allow Europol to extract and process personal data only on subjects in certain categories, like suspects, victims, witnesses and informants of a crime, as well as “potential future criminals” and their contacts.
In an inquiry conducted in 2019, the EDPS found that large datasets collected and used by Europol for big data analytics could not undergo data subject categorization due to their size, leading to data being extracted from it beyond these permitted categories. Hence, he issued an admonition to Europol in 2020 stating its use of big data analytics did not comply with the principles of data minimization and storage limitation under the regulation. He urged Europol to implement measures to mitigate the high risk of privacy breaches and of wrongfully linking people to criminal activity.