IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

EU watchdog fights against rules permitting Europol's ‘unlawful’ data practices

The pushback follows allegations that Europol was allowed to write its own rules when it came to handling sensitive data

The EU’s data protection watchdog has called for rules effectively legalising the 'irresponsible' handing of data by Europol to be scrapped.

scrapping of new rules that effectively legalise the ‘irresponsible’ handling of data by law enforcement agency Europol. 

The fresh complaints come months after the European Data Protection Supervisor (EDPS) ordered the law enforcement agency to delete a huge cache of personal information. It deemed this practice to be a violation of GDPR and human rights law.

Following the EDPS’ public allegations of data mishandling, made in January, the Court of Justice of the European Union (CJEU) introduced two new provisions to the 2016 Europol Regulation that aimed to, according to the EDPS, “legalise retroactively” Europol’s data practices.

Articles 74a and 74b of the amended Europol Regulation - the provisions most recently added and the ones contested by the EDPS - “undermine” the watchdog's powers, it said.

“The EDPS had to apply for an annulment of articles 74a and 74b of the amended Europol Regulation for two reasons,” the EDPS said. “Firstly, to protect legal certainty for individuals in the highly sensitive field of law enforcement where the processing of personal data implies severe risks for data subjects.

“Secondly, to make sure that the EU legislator cannot unduly ‘move the goalposts’ in the area of privacy and data protection, where the independent character of the exercise of a supervisory authority’s enforcement powers requires legal certainty of the rules being enforced.”

Related Resource

The data strategy report

What CDOs need to know

Whitepaper cover with title and overhead image looking down at colleagues sat at a curvy desk, talking with papers and laptopsFree Download

Added to the Europol Regulation in June 2022, the provisions specifically relate to Europol’s retention of data on individuals with no proven link to criminal activity. 

Europol is alleged to be holding on to data belonging to individuals far longer than the current regulations allow it to. 

The EDPS’ January complaint revealed that Europol was sitting on 4TB of data on at least 250,000 individuals said to be linked with crime. This was collected over a period of six years from a variety of European national law enforcement authorities.

The EU’s data watchdog aimed to impose rules on Europol that the data it collected on people should be assessed within six months and if no criminal link was found, then it should be erased in a timely manner.

Specifically, the supervising authority sought to enforce Data Subject Categorisation for each individual whose data was collected - a stipulation of the Europol Regulation.

Such categorisation seeks to clearly define why a given individual is having their data retained, be it because they are suspected of committing a crime, convicted of a crime, or suspected witnesses of a crime, among other categories.

Privacy experts speaking to IT Pro in January expressed sympathy for Europol given the large amount of data it is required to triage, but also said the amount of data held would be tantamount to “mass surveillance” in the eyes of some.

The EDPS said the provisions “establish a worrying precedent” that threatens the independence of the supervising authority and undermines the legal certainty for people’s personal data. 

The situation raises debate around individuals’ right to privacy against the need for national security - one that emerges in so many areas of technology such as consumers’ access to end-to-encrypted messaging services.

It’s difficult to arrive at an absolute conclusion on such matters given the strength of the cases for both sides. Some argue, such as heads of state, that national security must take precedence over an individual’s privacy. 

Others disagree and popular arguments often highlight that such an allowance could theoretically spiral towards a green-lit mass surveillance programme, for example. A large proportion of the IT industry also agrees that ending end-to-end encryption would adversely affect society at large

Featured Resources

Three ways manual coding is killing your business productivity

...and how you can fix it

Free Download

Goodbye broadcasts, hello conversations

Drive conversations across the funnel with the WhatsApp Business Platform

Free Download

Winning with multi-cloud

How to drive a competitive advantage and overcome data integration challenges

Free Download

Talking to a business should feel like messaging a friend

Managing customer conversations at scale with the WhatsApp Business Platform

Free Download

Recommended

EU to introduce strict IoT security regulation
Policy & legislation

EU to introduce strict IoT security regulation

9 Sep 2022
Europe proposes €43 billion Chips Act to tackle semiconductor shortage
Policy & legislation

Europe proposes €43 billion Chips Act to tackle semiconductor shortage

8 Feb 2022
Intel’s €1.06 billion antitrust fine overturned by EU court
Policy & legislation

Intel’s €1.06 billion antitrust fine overturned by EU court

27 Jan 2022
EU agrees on data sharing legislation to accelerate industry-wide innovation
data governance

EU agrees on data sharing legislation to accelerate industry-wide innovation

1 Dec 2021

Most Popular

What your hybrid workforce needs from their laptops
Advertisement Feature

What your hybrid workforce needs from their laptops

21 Sep 2022
How to secure your hybrid workforce
Advertisement Feature

How to secure your hybrid workforce

23 Sep 2022
BT's new platform promises to slash AI development time from months to days
artificial intelligence (AI)

BT's new platform promises to slash AI development time from months to days

3 Oct 2022