The European police agency Europol regularly receives data from the 27 EU Member States, including data on persons suspected of criminal activity. Under EU law, the agency must delete this data after six months if no link to illegal activity can be established. But Europol retains a lot of data beyond this period.
On 10 January 2022, the European Data Protection Supervisor (EDPS) indicated in a press release that it had asked Europol to delete all such data that did not comply with European legislation.
Europol argued that its investigations into “terrorism, cybercrime, international drug trafficking, paedophile crime” “frequently cover periods of more than six months”, and that complying with the EDPS request would impact on the agency’s ability “to analyse large and complex datasets at the request of law enforcement authorities.”
The EDPS gave Europol twelve months—from 3 January 2022—to delete problematic data. Beyond that, the European Commission has asked the European Parliament and the European Council to “provide an appropriate solution and legal clarity on the processing of big data by Europol.”