Data Protection orders Europol to erase 4 petabytes of personal information: train crash between security and fundamental rights in the EU

Train crash within the European Union on account of the protection of personal information. The European Data Protection Supervisor, in charge of ensuring compliance with the Data Protection Directive in community institutions, has ordered Europol -European Union Agency for Police Cooperation- erase a huge amount of personal information that has been stored in recent years from individuals with no established link to criminal activity, as reported by the European body in a note.

Apparently, Europol would have been storing uncategorized personal information from crime reports, wiretapping and asylum applications of individuals who were not involved in any crime during the last six years. The amount of data stored, according to the Guardian, it would exceed 4 petabytes.

At this time, Europol should have Filtering the information and extracting the personal data that the regulations allow you to keep to ensure the security of the EU without violating the protection of personal data. The European Supervisor explains that storing a large amount of uncategorized personal information poses a significant risk to people’s fundamental rights, especially taking into account that in the cases mentioned it has not been proven that individuals have committed any crime.

Europol is subject to strict regulation on the type of data it can store and for how long. All information must be categorized and processed within a specified period, a maximum of three years from its collection., and only the one that has a special relevance for the security of the European Union can be kept, for example, in cases of counterterrorism.

Therefore, the error of the European police agency has been not screen this data and store it uncategorized for a period longer than that established. “Europol kept this data for longer than necessary, contrary to the principles of data minimization and storage limitation,” explains the European Supervisor.

Thus, the community data protection body has given Europol a period of 12 months to filter and extract the data that it can legally retain and delete the rest. If this is not done in time, the European law enforcement agency will be obliged to delete all uncategorized personal information that is more than six months old.

The European police agency, however, considers that it has acted appropriately and considers that the control body on community personal privacy you are interpreting the rules in an impractical way that may make it difficult to perform your duties, according to The Guardian. Therefore, the case is not closed and it is likely that there will be more news about it in the coming months.

The data that Europol can save

The regulation governing the operation of Europol establishes that “in light of the fundamental rights of the protection of personal data, Europol must not retain personal data for longer than is necessary for the performance of its tasks. No later than three years after the beginning of the initial processing of this personal data, the need to prolong its storage must be verified ”.

Likewise, the aforementioned rule establishes that the police agency can only collect and process personal data of persons who, in accordance with the national law of the Member State in question, are suspected of having committed or of having participated in a crime that falls within the competence of Europol, or who have been convicted of that crime.

You can also store information of individuals of which there are concrete or reasonable indications, according to the criteria of national regulations, to think that they will commit crimes that are the competence of Europol.

This information can only contain, in addition to references to crimes, the following categories of data: surname, first name, alias or false name used; date and place of birth; nationality; sex; place of residence, profession and whereabouts; official identification document numbers; and, as necessary, other characteristics useful for identification such as specific, objective and permanent physical features, such as fingerprints or DNA profile.