On 10 January 2022, the EDPS ordered Europol to delete all personal data that had been kept longer than the legal six months for no reason.

The European police agency Europol regularly receives data from the 27 EU Member States, including data on persons suspected of criminal activity. Under EU law, the agency must delete this data after six months if no link to illegal activity can be established. But Europol retains a lot of data beyond this period.

On 10 January 2022, the European Data Protection Supervisor (EDPS) indicated in a press release that it had asked Europol to delete all such data that did not comply with European legislation.

Europol argued that its investigations into « terrorism, cybercrime, international drug trafficking, paedophile crime » « frequently cover periods of more than six months », and that complying with the EDPS request would impact on the agency’s ability « to analyse large and complex datasets at the request of law enforcement authorities. »

The EDPS gave Europol twelve months—from 3 January 2022—to delete problematic data. Beyond that, the European Commission has asked the European Parliament and the European Council to « provide an appropriate solution and legal clarity on the processing of big data by Europol. »

Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.