European watchdog orders Europol to delete 4 petabytes of illegally collected personal data
The European Data Protection Supervisor (EDPS) has ordered Europol to delete huge quantities of personal data about hundreds of thousands of people. The European Union's police agency has been found to have illegally collected billions of pieces of data about criminals, suspected terrorists and innocent citizens.
The colossal stash of information has been dubbed a "big data ark" by privacy experts, and it includes data gathered by hacking encrypted services and NSA-style grabs. The data store was collected over a period of six years, and the EDPS ruling means that Europol must delete data that has been stored for over six months. The agency also has a year to determine what of the remaining data it may legally continue to hold.
See also:
- Microsoft acknowledges that the KB5008212 update breaks Outlook search in Windows 10
- Microsoft Edge for Windows 11 is getting Dynamic Refresh Rate to boost performance and reduce power consumption
- Meta launches new Privacy Center, leaving Facebook users the unenviable task of learning about privacy and security
Europol has been accused of engaging in mass surveillance, and has been likened to the NSA with its undiscerning dragnet approach to data collection. As well as collecting and storing data from crime reports, much of the information is also the fruit of hacking, and a portion of it relates to asylum seekers innocent of any crimes.
Europol has suggested that the EDPS has incorrectly interpreted and applied EU laws: "Europol regulation was not intended by the legislator as a requirement which is impossible to be met by the data controller [ie Europol] in practice".
The Guardian has seen internal documents relating to Europol and says:
Among the quadrillions of bytes held are sensitive data on at least a quarter of a million current or former terror and serious crime suspects and a multitude of other people with whom they came into contact. It has been accumulated from national police authorities over the last six years, in a series of data dumps from an unknown number of criminal investigations.
But while the ruling has been welcomed by privacy advocates, just as was the case with the tactics employed by the NSA, Europol's data collection has its defendants, including Ylva Johansson. The EU home affairs commissioner says:
Law enforcement authorities need the tools, resources and the time to analyse data that is lawfully transmitted to them. In Europe, Europol is the platform that supports national police authorities with this herculean task.
With Europol having unleashed machine learning and AI-driven data collection tools, it seems difficult to imagine how this particular genie can be forced back into the bottle. And as demonstrated by the secretive nature of NSA activities, it is unlikely to be until much further down the line -- and at such a time when action is ineffective -- that further abuses of power are revealed.
Image credit: MaykovNikita / depositphotos