The European Union crime agency has been ordered by the 27-nation bloc’s data protection watchdog to erase information related to individuals with no proven link to crime.
The European Data Protection Supervisor said Monday that Europol was notified of the order on Jan. 3 following an inquiry that started in 2019.
As part of the investigation, the EDPS said it reprimanded Europol two years ago “for the continued storage of large volumes” of such data, “which poses a risk to individuals’ fundamental rights.”
It said Europol has since introduced some measures but has not complied with requests to set an appropriate data retention period.
“This means that Europol was keeping this data for longer than necessary,” the EDPS said.
The watchdog said it imposed a six-month period for the assessment of new datasets and determine whether information can be kept. It gave the crime agency a 12-month delay to comply with the decision for data it received before Jan. 4.
“A 6-month period for pre-analysis and filtering of large datasets should enable Europol to meet the operational demands of EU Member States relying on Europol for technical and analytical support, while minimizing the risks to individuals’ rights and freedoms,” said Wojciech Wiewiórowski, the EDPS supervisor.
The Associated Press contributed to this article.