Europol Is Told To Delete Its 'Big Data Ark'

The European Union's data protection watchdog has ordered Europol to delete a massive cache of information on individuals who have no links to criminal activity after previously failing to comply with regulations. 

The unprecedented finding from the European Data Protection Supervisor (EDPS) targets what privacy experts are calling a “big data ark” containing billions of pieces of information. 

Europol was ordered to delete the data on January 3 after an inquiry was opened in 2019. The EDPS has given Europol a year to review its databases and then remove any data that cannot be linked to a criminal investigation.

The sensitive data in the ark has been extracted from crime reports, hacked from encrypted phones and sampled from asylum seekers never involved in any crime. Any data older than six months on individuals who are not linked to criminality must be deleted. Europol’s alleged inability to comply with the principles of data storage led to the inquiry.

According to the EDPS, Europol has not made progress on the issue of data storage. The organisation also stated that collecting and processing data can amount to a huge amount of information. Therefore, the content of the data troves are often not fully known until they undergo detailed analysis. The data trove is reported to be as much as four petabytes.

The data was extracted over the past six years from crime reports, hacked phones, and screening of asylum seekers.

The ruling also exposes deep political divisions among Europe’s decision-makers on the balance between security and privacy and the eventual outcome of their confrontation has implications for the future of privacy in Europe and beyond.

Europol has responded, claiming its binding regulation does not specify a maximum time period for determining Data Subject Categorisation. The police agency stated that it was not the EDPS that initiated the inquiry and said it would “assess” the data privacy chief’s decision.

In particular, Europol denies any wrongdoing and says that  watchdog may be interpreting the current rules in an impractical way.  “The Europol regulation was not intended by the legislator as a requirement which is impossible to be met by the data controller practice.... Europol will seek the guidance of its Management Board and will assess the EDPS Decision and its potential consequences for the Agency's remit, for ongoing investigations as well as the possible negative impact on the security for EU citizens.,”says the Europol statement.

Europol:     Hacker News:    The Verge:    Oodaloop:     Infosecurity Magazine:   Guardian:   

You Might Also Read: 

Google’s DeepMind  Faces Legal Action Over Data Misuse:

 

« Facebook Hosted A Surge Of Fake News Prior To Capitol Riot
Chinese APT Hackers Used Log4Shell Exploit To Target Academic Institution »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

ON-DEMAND WEBINAR: Future-proof your security with Secure Access Service Edge (SASE)

ON-DEMAND WEBINAR: Future-proof your security with Secure Access Service Edge (SASE)

Watch this webinar to explore the Security orchestration, automation, and response (SOAR) paradigm, its relationship with organization IT practices, and its role in your security strategy.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Vaddy

Vaddy

Vaddy provide an automatic web vulnerability scanner for DevOps that performs robust security checks to ensure that web app code is secure.

Acalvio Technologies

Acalvio Technologies

Acalvio provides Advanced Threat Defense (ATD) solutions to detect, engage and respond to malicious activity inside the perimeter.

Bechtel

Bechtel

Bechtel’s Industrial Control Systems Cyber Security Laboratory focuses on protecting large-scale industrial and infrastructure systems that support critical infrastructure.

FraudHunt

FraudHunt

FraudHunt protects your website from account fraud, ad fraud, fraud clicks, and malicious bots.

Cyberhaven

Cyberhaven

Cyberhaven provides rapid enablement for GDPR and CCPA compliance, streamlined data security and modern risk management.

Cyber Police of Ukraine

Cyber Police of Ukraine

Cyber Police of Ukraine is a law enforcement agency within the the Ministry of Internal Affairs of Ukraine dedicated to combating cyber crime.

Eaton

Eaton

Eaton provides comprehensive cybersecurity services for operational technology (OT) to help keep your operations and personnel safe.

NetApp Excellerator

NetApp Excellerator

NetApp Excellerator is NetApp’s global start-up program that aims to fuel innovation by partnering with deep-tech start-ups.

CentricalCyber

CentricalCyber

CentricalCyber is a cyber risk consultancy and NIST CSF specialist set up to help business leaders better understand and manage cyber risk.

Quside

Quside

Quside, a spin-off from The Institute of Photonic Sciences in Barcelona, designs and manufactures innovative quantum technologies for a wide range of applications including cyber security.

gener8tor

gener8tor

The gener8tor Cybersecurity Accelerator offers a cutting-edge program in San Antonio, home to the second-largest concentration of cybersecurity experts in the United States.

WhiteJar

WhiteJar

WhiteJar offers an innovative approach to modern cybersecurity needs, empowering Ethical Hackers within its unique crowd platform.

Quzara

Quzara

Quzara provides trusted advisory services and highly adaptive cybersecurity services to federal, commercial and Defense Industrial Base customers to meet their security compliance and cyber needs.

Web3fied

Web3fied

Web3fied is a seed stage company building the future of decentralized digital identity and credentials management.

Commvault

Commvault

Commvault's data protection and information management solutions help companies protect, access and use all of their data, anywhere and anytime.

6WIND

6WIND

6WIND deliver virtualized, cloud-native, distributed high performance & secure networking software solutions to support new applications such as 5G, IoT, SD-WAN.