BRUSSELS – The European Union’s crime agency has been ordered by data protection regulators in 27 countries to delete information about individuals for whom there is no evidence of a criminal link.
Europol was notified of the order on Jan. 3 following an investigation that began in 2019, Europe’s data protection chief said on Monday.
It said Europol had since taken steps but failed to comply with the requirement to set appropriate data retention periods.
“This means that Europol is keeping this data longer than necessary,” EDPS said.
The regulator said it set a six-month period to evaluate the new dataset and determine whether the information could be retained. It gave the crime agency a 12-month delay to comply with the decision on data it received by January 4.
“A 6-month pre-analysis and filtering of large datasets will enable Europol to meet the operational needs of EU Member States that rely on Europol for technical and analytical support, while reducing risks to individual rights and freedoms. minimum,” said Wojciech Wiewiórowski, EDPS director.
EDPS did not disclose how much data Europol is storing. According to the Guardian, it has access to internal documents, equivalent to “one-fifth of the entire contents of the US Library of Congress”.
Europol did not immediately respond to the news.