Europol Is Told To Delete Its 'Big Data Ark'

Uploaded on 2022-01-19 in GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Law

The European Union's data protection watchdog has ordered Europol to delete a massive cache of information on individuals who have no links to criminal activity after previously failing to comply with regulations. 

The unprecedented finding from the European Data Protection Supervisor (EDPS) targets what privacy experts are calling a “big data ark” containing billions of pieces of information. 

Europol was ordered to delete the data on January 3 after an inquiry was opened in 2019. The EDPS has given Europol a year to review its databases and then remove any data that cannot be linked to a criminal investigation.

The sensitive data in the ark has been extracted from crime reports, hacked from encrypted phones and sampled from asylum seekers never involved in any crime. Any data older than six months on individuals who are not linked to criminality must be deleted. Europol’s alleged inability to comply with the principles of data storage led to the inquiry.

According to the EDPS, Europol has not made progress on the issue of data storage. The organisation also stated that collecting and processing data can amount to a huge amount of information. Therefore, the content of the data troves are often not fully known until they undergo detailed analysis. The data trove is reported to be as much as four petabytes.

The data was extracted over the past six years from crime reports, hacked phones, and screening of asylum seekers.

The ruling also exposes deep political divisions among Europe’s decision-makers on the balance between security and privacy and the eventual outcome of their confrontation has implications for the future of privacy in Europe and beyond.

Europol has responded, claiming its binding regulation does not specify a maximum time period for determining Data Subject Categorisation. The police agency stated that it was not the EDPS that initiated the inquiry and said it would “assess” the data privacy chief’s decision.

In particular, Europol denies any wrongdoing and says that  watchdog may be interpreting the current rules in an impractical way.  “The Europol regulation was not intended by the legislator as a requirement which is impossible to be met by the data controller practice.... Europol will seek the guidance of its Management Board and will assess the EDPS Decision and its potential consequences for the Agency's remit, for ongoing investigations as well as the possible negative impact on the security for EU citizens.,”says the Europol statement.

Europol:     Hacker News:    The Verge:    Oodaloop:     Infosecurity Magazine:   Guardian:   

You Might Also Read: 

Google’s DeepMind  Faces Legal Action Over Data Misuse:

 

« Facebook Hosted A Surge Of Fake News Prior To Capitol Riot
Chinese APT Hackers Used Log4Shell Exploit To Target Academic Institution »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Acunetix

Acunetix

Acunetix is a leading web vulnerability scanner, widely acclaimed to include the most advanced SQL injection and XSS black box scanning technology.

RCMP Cybercrime Strategy

RCMP Cybercrime Strategy

The RCMP Cybercrime Strategy sets out in an Operational Framework and Action Plan to combat cybercrime.

Xcitium

Xcitium

Xcitium (formerly Comodo) is and industry leading provider of state-of-the-art endpoint protection solutions. Our Zero threat platform isolates and removes all ransomware & malware infectictions.

Cyber Command

Cyber Command

Our Managed IT service allows clients to offload the management of day-to-day computer, server, and networking support to our team of professionals.

SafeBreach

SafeBreach

SafeBreach's platform simulates hacker breach methods across the entire kill chain to identify breach scenarios in your environment before an attacker does.

IAmI Authentications

IAmI Authentications

IAmI is a first in Tokenization Cloud-based IAM Security Services, delivering the most advanced form of Two-Factor Authentication.

Panorays

Panorays

Panorays automates third-party security lifecycle management. It is a SaaS-based platform, with no installation needed.

36 Group

36 Group

36 Group's criminal law team, has the experience and specialist knowledge to conduct effectively trials heavily concerned with the growing phenomenon of Cybercrime.

GoSecure

GoSecure

GoSecure Managed Detection and Response helps all organizations reduce dwell time by preventing breaches before they happen.

Northcross Group (NCG)

Northcross Group (NCG)

NCG provides services to help organizations meet the challenges of regulatory compliance. Our services include support, consultation, tools and accelerators for all parts of an organization.

BlackScore

BlackScore

BlackScore is a technology company seeking to disrupt risk assessment using AI-driven technology.

Armexa

Armexa

Armexa is a leading provider of advanced industrial cybersecurity solutions that protect your critical OT and ICS infrastructure against ever-changing threats.

ClosingLock

ClosingLock

ClosingLock is the leading provider of wire fraud prevention software for the real estate industry.

Veza Technologies

Veza Technologies

Veza is the authorization platform for data. Built for hybrid, multi-cloud environments, Veza enables organizations to manage and control who can and should take what action on what data.

Orchestrate Technologies

Orchestrate Technologies

Orchestrate Technologies provides computer network and IT managed services for small and mid-market clients as well as small enterprise businesses.

Palindrome Technologies

Palindrome Technologies

Palindrome Technologies help clients defend against cyberattacks across all attack surfaces, including hardware, software, network-to-cloud, people, and emerging technologies.