Europol Is Told To Delete Its 'Big Data Ark'

The European Union's data protection watchdog has ordered Europol to delete a massive cache of information on individuals who have no links to criminal activity after previously failing to comply with regulations. 

The unprecedented finding from the European Data Protection Supervisor (EDPS) targets what privacy experts are calling a “big data ark” containing billions of pieces of information. 

Europol was ordered to delete the data on January 3 after an inquiry was opened in 2019. The EDPS has given Europol a year to review its databases and then remove any data that cannot be linked to a criminal investigation.

The sensitive data in the ark has been extracted from crime reports, hacked from encrypted phones and sampled from asylum seekers never involved in any crime. Any data older than six months on individuals who are not linked to criminality must be deleted. Europol’s alleged inability to comply with the principles of data storage led to the inquiry.

According to the EDPS, Europol has not made progress on the issue of data storage. The organisation also stated that collecting and processing data can amount to a huge amount of information. Therefore, the content of the data troves are often not fully known until they undergo detailed analysis. The data trove is reported to be as much as four petabytes.

The data was extracted over the past six years from crime reports, hacked phones, and screening of asylum seekers.

The ruling also exposes deep political divisions among Europe’s decision-makers on the balance between security and privacy and the eventual outcome of their confrontation has implications for the future of privacy in Europe and beyond.

Europol has responded, claiming its binding regulation does not specify a maximum time period for determining Data Subject Categorisation. The police agency stated that it was not the EDPS that initiated the inquiry and said it would “assess” the data privacy chief’s decision.

In particular, Europol denies any wrongdoing and says that  watchdog may be interpreting the current rules in an impractical way.  “The Europol regulation was not intended by the legislator as a requirement which is impossible to be met by the data controller practice.... Europol will seek the guidance of its Management Board and will assess the EDPS Decision and its potential consequences for the Agency's remit, for ongoing investigations as well as the possible negative impact on the security for EU citizens.,”says the Europol statement.

Europol:     Hacker News:    The Verge:    Oodaloop:     Infosecurity Magazine:   Guardian:   

You Might Also Read: 

Google’s DeepMind  Faces Legal Action Over Data Misuse:

 

« Facebook Hosted A Surge Of Fake News Prior To Capitol Riot
Chinese APT Hackers Used Log4Shell Exploit To Target Academic Institution »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CyberArk Software

CyberArk Software

CyberArk is an established leader in privileged access management and offers the most complete set of Identity Security capabilities.

Zscaler

Zscaler

Zscaler enables the world’s leading organizations to securely transform their networks and applications for a mobile and cloud first world.

Patchstack

Patchstack

Patchstack (formerly WebARX) is a web application security platform, which allows digital agencies and developers to monitor, protect and maintain their websites.

CloudCheckr

CloudCheckr

CloudCheckr is a next-gen cloud management platform that unifies Security & Compliance, Inventory & Utilization and Cost Management.

Spanish National Cybersecurity Institute (INCIBE)

Spanish National Cybersecurity Institute (INCIBE)

INCIBE undertakes research, service delivery and coordination for building cybersecurity at the national and international levels.

Baffle

Baffle

Baffle is pioneering a solution that makes data breaches irrelevant by keeping data encrypted from production through processing.

SecureKey Technologies

SecureKey Technologies

SecureKey is a leading identity and authentication provider that simplifies consumer access to online services and applications.

Fortanix

Fortanix

Fortanix Runtime Encryption keeps keys, data, and applications completely protected from external and internal threats.

Exponential-e

Exponential-e

Exponential-e provide Cloud and Unified Communications services and world-class Managed IT Services including Cybersecurity.

Envelop Risk

Envelop Risk

Envelop Risk is a global specialty cyber insurance firm, combining decades of insurance industry expertise with sophisticated cyber and artificial intelligence-based analytics.

Axis Security

Axis Security

Axis Security technologies transform open networks and vulnerable applications into fully protected resources that the business can trust.

Terralogic

Terralogic

Terralogic is a software and IT services company, an expert in IoT, Cloud, DevOps, App development and Cybersecurity.

Toka Group

Toka Group

Toka empowers government agencies with critical and previously out-of-reach digital forensics, force protection and Intelligence capabilities, tackling the fields' most pressing challenges.

NACVIEW

NACVIEW

NACVIEW is a Network Access Control solution. It allows to control endpoints and identities that try to access the network - wired and wireless, including VPN connections.

WheelHouse IT

WheelHouse IT

WheelHouse IT secures, manages, and advances businesses with innovative, cost-effective IT solutions.

Oleria Security

Oleria Security

Oleria is the only adaptive and autonomous security solution that helps organizations accelerate at the pace of change, trusting that data is protected.