Europol Is Told To Delete Its 'Big Data Ark'

The European Union's data protection watchdog has ordered Europol to delete a massive cache of information on individuals who have no links to criminal activity after previously failing to comply with regulations. 

The unprecedented finding from the European Data Protection Supervisor (EDPS) targets what privacy experts are calling a “big data ark” containing billions of pieces of information. 

Europol was ordered to delete the data on January 3 after an inquiry was opened in 2019. The EDPS has given Europol a year to review its databases and then remove any data that cannot be linked to a criminal investigation.

The sensitive data in the ark has been extracted from crime reports, hacked from encrypted phones and sampled from asylum seekers never involved in any crime. Any data older than six months on individuals who are not linked to criminality must be deleted. Europol’s alleged inability to comply with the principles of data storage led to the inquiry.

According to the EDPS, Europol has not made progress on the issue of data storage. The organisation also stated that collecting and processing data can amount to a huge amount of information. Therefore, the content of the data troves are often not fully known until they undergo detailed analysis. The data trove is reported to be as much as four petabytes.

The data was extracted over the past six years from crime reports, hacked phones, and screening of asylum seekers.

The ruling also exposes deep political divisions among Europe’s decision-makers on the balance between security and privacy and the eventual outcome of their confrontation has implications for the future of privacy in Europe and beyond.

Europol has responded, claiming its binding regulation does not specify a maximum time period for determining Data Subject Categorisation. The police agency stated that it was not the EDPS that initiated the inquiry and said it would “assess” the data privacy chief’s decision.

In particular, Europol denies any wrongdoing and says that  watchdog may be interpreting the current rules in an impractical way.  “The Europol regulation was not intended by the legislator as a requirement which is impossible to be met by the data controller practice.... Europol will seek the guidance of its Management Board and will assess the EDPS Decision and its potential consequences for the Agency's remit, for ongoing investigations as well as the possible negative impact on the security for EU citizens.,”says the Europol statement.

Europol:     Hacker News:    The Verge:    Oodaloop:     Infosecurity Magazine:   Guardian:   

You Might Also Read: 

Google’s DeepMind  Faces Legal Action Over Data Misuse:

 

« Facebook Hosted A Surge Of Fake News Prior To Capitol Riot
Chinese APT Hackers Used Log4Shell Exploit To Target Academic Institution »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Avatu

Avatu

Avatu specialise in providing clients the advice, technology and tools they need to fight cyber and insider threats.

CERT-PA

CERT-PA

CERT-PA is the national Computer Emergency Response Team for Italian government institutions.

SAI360

SAI360

SAI360 (formerly SAI Global) provide products and services for enterprise risk management including Governance, Risk & Compliance and Digital Risk solutions.

File Centre

File Centre

File Centre is a leading specialist when it comes to data backup, we offer our clients a premium backup retrieval and delivery solution.

Security University

Security University

Security University is a leading provider of Qualified Hands-On Cybersecurity Education, Information Assurance Training and Certifications for IT and Security Professionals.

CipherMail

CipherMail

CipherMail provides email security products which allow organizations world wide to automatically protect their email against unauthorized access both in transit and at rest.

Anglo African

Anglo African

Anglo African is an information technology firm providing end-to-end solutions to different industries, from IT Infrastructure to DataCom as well as Cloud & InfoSec services.

Excelsecu Data Technology

Excelsecu Data Technology

Excelsecu is a global solution provider of online identity authentication, widely applied in banks, government bodies and enterprises.

Cyan Securiy Group

Cyan Securiy Group

Cyan provide best-in-class cyber security solutions for mobile Internet and mobile devices that are extremely effective and highly intuitive in their use.

Calyptix Security

Calyptix Security

Calyptix Security helps small and medium offices secure their networks so they can raise profits, protect investments, and control technology.

Ostra Cybersecurity

Ostra Cybersecurity

As a next-generation MSSP, Ostra Cybersecurity combines best-in-class tools, proprietary technology and exceptional talent to deliver Fortune 100-level protection for businesses of all sizes.

CyberQP

CyberQP

CyberQP (formerly Quickpass Cybersecurity) provide Privileged Access Management built for MSPs. Our system is designed to reduce ransomware and social engineering attack risks.

Guardsman Cyber Intelligence (GCI)

Guardsman Cyber Intelligence (GCI)

GCI provides proven cyber intelligence solutions to protect your business against ever present physical and digital threats shadowing your online business.

North Green Security

North Green Security

North Green Security is a UK-based cyber security training and consultancy company.

UltraViolet Cyber

UltraViolet Cyber

UltraViolet is an industry leading tech-enabled managed security services company.

Cyber Security Unity (CSU)

Cyber Security Unity (CSU)

Cyber Security Unity (formerly the UK Cyber Security Association) is a new global community which has been set up to help unite the industry and combat the growing cyber threat.