Europol will have to delete a mountain of stored personal data. That’s decided by the European Data Protection Supervisor (EDPS) as Europol took too little action to unnecessarily delete tracked data.
The EDPS requires Europol to delete a large amount of data. According to the body, Europol has kept sensitive material for too long, making them out of compliance with regulations.
Digging through data
The decision includes personal data collected by the police forces of EU countries over the past six years. This data came to Europol because the investigative organization is a collaboration of all European Union police forces.
From the decision, Europol has one year to delete unnecessarily retained files, until the beginning of 2023. By unnecessary files, the EDPS means any data that has not been linked to criminal activity within six months of receipt. Going through all the data and cleaning it up will be a tough job as Europol would have about 4 petabytes of data, according to The Guardian. That is equivalent to hundreds of billions of printed pages full of data.
Official course of business
At Europol, the cleanup work was already underway in 2019. In that year, Europol was already visited once by the EDPS, the EDPS discloses in the recently issued decision. The EU watchdog decided back then that Europol was keeping personal data on terror suspects without always having a good reason for doing so.
According to Wojciech Wiewiórowski, EDPS, it was time to intervene: ”Europol has addressed several of the data protection concerns following the EDPS’ initial investigation. However, no significant progress has been made on the main concern, that Europol continually stores personal data for which it has not been established that the processing complies with the restrictions laid down in the Europol Regulation.”