Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
EU

EU Orders Europol To Delete Data on Citizens Who Have Not Committed Crimes (therecord.media) 21

Europol, the law enforcement agency of the European Union (EU), has been ordered to delete its massive database of information on EU citizens that it collected in recent years if the agency did not link subjects to any ongoing criminal activity. From a report: The decision was announced today by the European Data Protection Supervisor, an EU-independent supervisory authority whose primary objective is to monitor and ensure that European institutions and bodies respect the right to privacy and data protection. The EDPS said that Europol has one year to comply with its decision, during which time the law enforcement agency must filter its database and delete any information on EU citizens that are not part of criminal investigations. Europol will be allowed to process personal information as part of investigations, but the data on those not linked to crimes must be erased after six months. "This means that Europol will no longer be permitted to retain data about people who have not been linked to a crime or a criminal activity for long periods with no set deadline," the EDPS said in a press release on Monday.
This discussion has been archived. No new comments can be posted.

EU Orders Europol To Delete Data on Citizens Who Have Not Committed Crimes

Comments Filter:
  • by jm007 ( 746228 ) on Tuesday January 11, 2022 @11:27AM (#62164131)

    the article is a bit light on details, so how would this be audited and/or enforced? independent 3rd party oversight?

    and is there any teeth in it... ie, will any heads roll should this ruling(?) go unheeded?

    and is there some provision to the "... we're too low on resources to do it..." excuse heard so often; for me, if there's only enough resources to collect it but not deal with all that follows (secure storage, limited access, auditability, etc.) then don't collect it to begin with

    I applaud the effort and intent, but how will it work in the real world?

    • it should take effort to retain it - autodelete if not confirmed to be part of an ongoing investigation
    • by test321 ( 8891681 ) on Tuesday January 11, 2022 @11:57AM (#62164209)

      I might be naive, but I don't see how it would NOT be enforced. We are talking about the official database used by the regular police (not the secret database from the secret services that nobody knows about). The IT service of the police has to design a database that is according to official specifications. They new specification says there must be an "expiry" field of 6 months from date of entry of the documents, after which the file gets deleted. So will they do and surely will they write about their implementation in their yearly report. They surely have internal audits to check they comply with their own rules; or the European Commission's Internal Audit Service will audit them from time to time, and can refer to the EU Court of Auditors if any serious misbehaviour is found.

      Accesses to police/justice database are logged, if one rogue officer copies loads of data, it will be noticed (sometimes in the news you see that some police officer got fired because they were checking licence plates for a friend; they get caught because it's logged).

      • Most likely due to a poorly written purge job that either doesn't run or doesn't run correctly... Which is a surprisingly common occurrence even with the best intentions!

        • You are right but the database is used by so many thousand of police officers (checking citizen criminal background) that sooner or later the presence of outdated information gets known internally (subject of coffee break jokes or leaks to the press). The sysadmin will have to do something when it gets reported, and hopefully they later have audits where a typical question is how to make sure any notable incident can't happen again next year.

          The secret services of the Netherlands (where Europol is located)

      • And how will this effect backups of the database? Does any of it get backed up on tape? Incremental or total backups?

    • Chances are if they don't comply, and they use that data in evidence for a trial, then they are shown to not be in compliance, and chances are the whole case will be tossed.

      Maintaining a large conspiracy is a lot of hard work, where it is often just easier to comply than try to try to hide your non-compliance.

      Being a that politicians and people in power, have a hard enough time, to keep Love Affairs private to the public, where only a small handful of people know about it, and how often they get exposed. R

    • Every law and directive can be ignored if the conspiracy be of a sufficient size, but all it takes is but one man to talk.
      All election could also be manipulated provided enough people that know keep silent.

      It is enforced by assuming that at least one honest man among the thousands that would view the illegal data exist, and would report it to the appropriate officials.
    • by AmiMoJo ( 196126 )

      They would be expected to have an external audit, in all likelihood.

  • The tourist who filmed the public building behind the world-famous fountain, is not a terrorist doing hostile reconnaissance?

    I'm shocked!

  • by smooth wombat ( 796938 ) on Tuesday January 11, 2022 @12:40PM (#62164337) Journal

    Where thanks to George Bush and Dick Cheney, everyone is treated like a criminal when they try to fly, cross the border, or drive a vehicle.

    For those who are curious, TSA, TSA, and TSA.

    • Lol, if you think that is bad, then try getting randomly selected for additional screening just before you leave the airport. I had a cop do just that, as I was about to exit SF Airport. Went through all of my stuff, phones, laptops, etc.

      Since then I avoid the US as much as possible and ensure not to take my personal devices
  • ... they just haven't been caught yet.

    But seriously: Many investigations, particularly intelligence work, involve collecting information on intermediaries. And some of these people may have no idea that they are involved in criminal or espionage activity and no intent to do so. But in order to catch the guilty parties at either end of the chain, their names will be included in some reports.

    What Europol (and even more critically, the FBI) need to do is to keep records of ongoing investigations from leakin

  • Where is the punishment (Civil, at the very least; but I'd argue that criminal charges are appropriate too.) for the police and their agencies who decided to wrongfully spy on, harass, or even possibly arrest innocent people who'd not committed the crimes; which is what led to their data being gathered in the first place?

    This is the annoying and frustrating thing about the EU's purported concerns for citizens' privacy and civil rights. If Google or Facebook... who, lets be real here, would do no more with

    • Sure - fine the police billions of euros, the police will pay it from government coffers and it will go back into government coffers. Definitely worth the administrative overhead and banking fees!

      • Yeah... I didn't think that one through far enough. Though, if it were mandated that the money paid out in fines from individual police departments were paid into a central EU-wide fund that is itself mandated only to be used to compensate their victims; it could work.

        But even setting department-level fines aside; they could (and should) fine the individual officers and go after their assets as well. And, as I said, IMO this sort of abusive malfeasance ought to be a criminal charge against the officers to

Truly simple systems... require infinite testing. -- Norman Augustine

Working...