PogoWasRight.org

Menu
  • About
  • Privacy
Menu

A data ‘black hole’: Europol ordered to delete vast store of personal data

Posted on January 11, 2022June 24, 2025 by Dissent

Apostolis Fotiadis, Ludek Stavinoha, Giacomo Zandonini, and Daniel Howden report:

The EU’s police agency, Europol, will be forced to delete much of a vast store of personal data that it has been found to have amassed unlawfully by the bloc’s data protection watchdog. The unprecedented finding from the European Data Protection Supervisor (EDPS) targets what privacy experts are calling a “big data ark” containing billions of points of information. Sensitive data in the ark has been drawn from crime reports, hacked from encrypted phone services and sampled from asylum seekers never involved in any crime.

[…]

The watchdog ordered Europol to erase data held for more than six months and gave it a year to sort out what could be lawfully kept.

Read more at The Guardian.  The decision can be found here.

Today, Europol issued a statement in response. Here is their full statement:

Committed to the highest standards of data protection, Europol first reached out proactively to the European Data Protection Supervisor (EDPS) on 1 of April 2019 to seek guidance on the processing of large and complex datasets which are collected in lawful, judicial investigations. Europol is increasingly receiving from its Member States datasets to help with their processing and analysis.

Since then, Europol has followed the guidance given by the EDPS and has kept its Management Board updated on the progress achieved.

Yesterday, the EDPS published his Decision on the retention of datasets without Data Subject Categorisation (DSC) by Europol. The DSC is the act of identifying in these datasets suspects, potential future criminals, contacts and associates, victims, witnesses and informants linked to criminal activities.

According to the EDPS, Europol should complete the DSC for large and complex datasets within a fixed retention timeline. In this context, the EDPS has highlighted that the current Europol Regulation does not contain an explicit provision regarding a maximum time period to determine the DSC.

In his decision the EDPS sets that this period must be of six months, at the expiry of which he requests Europol to erase the data.

The EDPS Decision will impact Europol’s ability to analyse complex and large datasets at the request of EU law enforcement. This concerns data owned by EU Member States and operational partners and provided to Europol in connection with investigations supported within its mandate. It includes terrorism, cybercrime, international drugs trafficking and child abuse, amongst others.

Europol’s work frequently entails a period longer than six months, as do the police investigations it supports. This is illustrated by some of Europol’s most prominent cases in recent years.

Europol will seek the guidance of its Management Board and will assess the EDPS Decision and its potential consequences for the Agency’s remit, for ongoing investigations as well as the possible negative impact on the security for EU citizens.

No related posts.

Category: BreachesFeatured NewsNon-U.S.Surveillance

Post navigation

← December 2021 EU Privacy, Data and Consumer Updates
New Italian Guidelines on the Use of Cookies and Other Tracking Technologies Now in Force →

1 thought on “A data ‘black hole’: Europol ordered to delete vast store of personal data”

  1. joe says:
    January 11, 2022 at 10:36 am

    Infuriating Europol response!

    Being ordered to delete innocent citizen’s data has absolutely NOTHING to do with “future criminals, terrorists, child abusers and drug traffickers.”

    Europol has taken a page out of the U.S. War on Terror/Homeland Security playbook, where everyone is a suspected or future criminal.

Comments are closed.

Now more than ever

Search

Contact Me

Email: info@pogowasright.org

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

Categories

Recent Posts

  • Flightradar24 receives reprimand for violating aircraft data privacy rights
  • Nebraska Attorney General Sues GM and OnStar Over Alleged Privacy Violations
  • Federal Court Allows Privacy Related Claims to Proceed in a Proposed Class Action Lawsuit Against Motorola
  • Italian Garante Adopts Statement on Health Data and AI
  • Trump administration is launching a new private health tracking system with Big Tech’s help
  • Attorney General James Takes Action to Protect Sensitive Personal Information of Tens of Millions of People
  • Searches of Your Private Data in the Cloud Amount to Illicit State Action

RSS Recent Posts on DataBreaches.net

  • Highlands Oncology Group notifies 113,575 people after ransomware attack by Medusa
  • Oklahoma Substantially Amends Its Data Breach Notification Statute
  • Hackers leak purported Aeroflot data as Russia denies breach
  • Palo Alto Networks investigating ransomware threat related to SharePoint exploitation
  • Six months after discovering an attack, Northwest Radiologists notifies almost 350,000 Washington State residents
©2025 PogoWasRight.org. All rights reserved.
Menu
  • About
  • Privacy