Europol Is Told To Delete Its 'Big Data Ark'

The European Union's data protection watchdog has ordered Europol to delete a massive cache of information on individuals who have no links to criminal activity after previously failing to comply with regulations. 

The unprecedented finding from the European Data Protection Supervisor (EDPS) targets what privacy experts are calling a “big data ark” containing billions of pieces of information. 

Europol was ordered to delete the data on January 3 after an inquiry was opened in 2019. The EDPS has given Europol a year to review its databases and then remove any data that cannot be linked to a criminal investigation.

The sensitive data in the ark has been extracted from crime reports, hacked from encrypted phones and sampled from asylum seekers never involved in any crime. Any data older than six months on individuals who are not linked to criminality must be deleted. Europol’s alleged inability to comply with the principles of data storage led to the inquiry.

According to the EDPS, Europol has not made progress on the issue of data storage. The organisation also stated that collecting and processing data can amount to a huge amount of information. Therefore, the content of the data troves are often not fully known until they undergo detailed analysis. The data trove is reported to be as much as four petabytes.

The data was extracted over the past six years from crime reports, hacked phones, and screening of asylum seekers.

The ruling also exposes deep political divisions among Europe’s decision-makers on the balance between security and privacy and the eventual outcome of their confrontation has implications for the future of privacy in Europe and beyond.

Europol has responded, claiming its binding regulation does not specify a maximum time period for determining Data Subject Categorisation. The police agency stated that it was not the EDPS that initiated the inquiry and said it would “assess” the data privacy chief’s decision.

In particular, Europol denies any wrongdoing and says that  watchdog may be interpreting the current rules in an impractical way.  “The Europol regulation was not intended by the legislator as a requirement which is impossible to be met by the data controller practice.... Europol will seek the guidance of its Management Board and will assess the EDPS Decision and its potential consequences for the Agency's remit, for ongoing investigations as well as the possible negative impact on the security for EU citizens.,”says the Europol statement.

Europol:     Hacker News:    The Verge:    Oodaloop:     Infosecurity Magazine:   Guardian:   

You Might Also Read: 

Google’s DeepMind  Faces Legal Action Over Data Misuse:

 

« Facebook Hosted A Surge Of Fake News Prior To Capitol Riot
Chinese APT Hackers Used Log4Shell Exploit To Target Academic Institution »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LogmeOnce

LogmeOnce

LogmeOnce provides users with solution to multiple Password problems, Single Sign-On (SSO), and Identity Management.

SI-CERT

SI-CERT

SI-CERT (Slovenian Computer Emergency Response Team) is the national cyber scurity incident response center for Slovenia.

Minerva Labs

Minerva Labs

Minerva’s patent pending solution keeps malware in a constant sleep state before it can infiltrate your network and cause any damage.

RangeForce

RangeForce

RangeForce delivers the only integrated cybersecurity simulation and skills analysis platform that combines a virtual cyber range with hand-on training.

Indeed

Indeed

Indeed is a worldwide employment-related search engine for job listings covering job types in all industries, including cybersecurity.

Augusta HiTech

Augusta HiTech

Augusta Hitech is a focused product development, software services and technology consulting company. Our Vision is to become the most socially impactful and innovative technology company in the world

Fend

Fend

Fend secures smart infrastructure. We provide a robust, highly secure way to have situational awareness of IoT enabled assets.

Securd

Securd

Securd takes opportunities away from your cyber adversaries. Cloud-delivered zero-trust DNS firewall and web filtering protection keep your business network and remote employees safe.

TransUnion

TransUnion

TransUnion is a global information and insights company that makes it possible for businesses and consumers to transact with confidence.

QA Consultants

QA Consultants

QA Consultants is North America’s largest software quality engineering services firm, an award-winning onshore provider of software testing and quality assurance solutions.

Intelligent Technical Solutions (ITS)

Intelligent Technical Solutions (ITS)

We help businesses manage their technology. Intelligent Technical Solutions provide you with the right technical solution, so you can get back to running your business.

Seedcamp

Seedcamp

Seedcamp identify and invest early in world-class founders attacking large and global markets through disruptive technology in areas including AI, cybersecurity, and Fintech.

Solcon Capital

Solcon Capital

Solcon Capital is a forward-looking, technology-focused investment firm that is committed to identifying and investing in the most promising areas of innovation and development in the tech industry.

Blattner Technologies

Blattner Technologies

Blattner Technologies mission is to be the leading provider of predictive transformation services and tools in the Data Analytics, Artificial Intelligence and Machine Learning industry.

Assetnote

Assetnote

The Assetnote platform enables organizations to effectively map and continuously monitor their external attack surface.

Aztek

Aztek

Aztek is one of the UK’s leading Managed Service Providers, providing customer-focused IT, Communication and Cyber Security solutions to help transform and grow your business.