Increasing pressure on Europol for data protection • The register

An EU watchdog says rules allowing Europol police officers to store personal data of people with no connection to criminal activity violate Europe’s own privacy, not to mention undermine the regulator’s powers and role.

Therefore, the European Data Protection Supervisor (EDPS) has asked Europe’s top court to overturn two amendments to the Europol regulation that came into force on June 28, which allow for this data hoarding by police.

In court documents filed this month, the EDPS claimed that the new rules retrospectively legalize Europol’s practice of storing personal data of individuals not linked to criminal activity – a practice for which the watchdog has charged the law enforcement agency in sanctioned in the past and ordered Europol to delete such information in January.

In summary, the EDPS told police earlier in the year not to hoard these records, and then months later to European lawmakers authorized the practice by updating the rules, resulting in the manager challenging the changes.

that of the controller order Delete personal data stemming from an investigation that took place between April 2019 and September 2020 and concluded that Europol had been collecting and storing too much information on too many people for far too long.

To remedy this, the order required European police officers to investigate whether an individual has been linked to criminal activity within six months of collecting their personal data. Unless these people had nefarious connections, law enforcement should delete the private information.

“A six-month period for pre-analysis and filtering of large datasets should enable Europol to meet the operational needs of EU Member States that rely on Europol’s technical and analytical support, while reducing risks to individuals’ rights and freedoms to be minimised”, the Head of the EDPS Wojciech Wiewiorowski said in a expression earlier this year.

The pan-European police for their part quoted [PDF] the nature of lengthy criminal investigations as a reason for the need for longer retention periods.

And this is where the legal maneuvering of the EDPS comes into play. The data surveillance authority asked the Court of Justice of the European Union to overturn the amended rules for two reasons, Wiewiorowski said.

“First, to maintain legal certainty for individuals in the highly sensitive area of ​​law enforcement, where the processing of personal data poses risks for data subjects,” Wiewiorowski said in a expression on Thursday.

“Second, to ensure that EU privacy and data protection lawmakers cannot unduly ‘move the goalposts’ where the independent nature of a regulator’s exercise of enforcement powers requires legal certainty of the rules to be enforced,” he added.

The changes also establish a “worrying percentage” that data protection and the authority charged with enforcing it are subject to “political will”, the EDPS argued.

Of course, that never happens (cough) in modern politics. ®