wordpress blog stats
Connect with us

Hi, what are you looking for?

Europol ordered to delete data that have no clear link to criminal activity

With privacy regulators in the EU being empowered to pass such orders, how does India’s proposed DPA compare?

The European Union Agency for Law Enforcement Cooperation (Europol) has been ordered to erase data concerning individuals with no established link to criminal activity, the European Data Protection Supervisor (EDPS) said on January 10 in a press release.

EDPS is the EU’s independent data protection authority responsible for supervising the processing of personal data by European institutions, bodies, and agencies.

The order sheds light on the powers EU privacy laws and privacy regulators have irrespective of who is collecting the data, which is in stark contrast to the overbroad exemptions that India’s Data Protection Bill, 2021, affords government and law enforcement agencies.

What led to this order?

  1. EDPS launches investigation: In April 2019, EDPS launched an investigation into Europol’s personal data processing activities after noting that there were several concerns linked to Europol’s compliance with the applicable data protection framework laid out in the Europol Regulation, specifically with regards to the principles of purpose limitation, data minimisation, data accuracy, and storage limitation. The Europol receives huge troves of data from law enforcement agencies of EU Member States, but according to the Europol Regulation, it is only allowed to process data about individuals who have a clear, established link to criminal activity.
  2. EDPS finds significant risk to individuals’ fundamental rights: In September 2020, EDPS concluded its investigation and found that Europol is storing large volumes of data likely involving individuals with no established link to criminal activity, posing a significant risk to individuals’ fundamental rights. The process of establishing a link is known as Data Subject Categorisation and is specified by the Europol Regulation.
  3. EDPS gives Europol an opportunity to address concerns: EDPS then issued an admonishment to Europol and gave it an opportunity to address concerns, following which, Europol presented an Action Plan and introduced technical measures to secure data.
  4. EDPS is not satisfied with Europol response: However, EDPS noted that the measures proposed by Europol did remove the risk posed to individuals’ fundamental rights and do not ensure compliance with the Europol Regulation. “While some measures have been put in place by Europol since then, Europol has not complied with the EDPS’ requests to define an appropriate data retention period to filter and to extract the personal data permitted for analysis under the Europol Regulation. This means that Europol was keeping this data for longer than necessary, contrary to the principles of data minimisation and storage limitation, enshrined in the Europol Regulation,” EDPS said.
  5. EDPS passes order: The EDPS on January 3 notified the Europol that going forward it must erase datasets older than 6 months that are lacking Data Subject Categorisation, which means the filtering and extraction of personal data must be done within 6 months from when the agency receives data from the Member States. For existing data sets, EDPS has given Europol 12 months to perform Data Subject Categorisation.

“A 6-month period for pre-analysis and filtering of large datasets should enable Europol to meet the operational demands of EU Member States relying on Europol for technical and analytical support, while minimising the risks to individuals’ rights and freedoms.” – Wojciech Wiewiórowski, EDPS

How does India’s Data Protection Bill deal with data collected by law enforcement agencies?

After nearly two years of deliberations, the Joint Parliamentary Committee (JPC) on the Personal Data Protection (PDP) Bill presented its report on December 16 2021 bringing us one step closer to India’s first data protection law, but the latest Bill gives the central government the ability to exempt any government body from the provisions of the bill by merely citing “just, fair, reasonable and proportionate procedure” and absolute power over the Data Protection Authority (DPA).

“In terms of application of the Bill, it means that an agency like the Delhi Police can be exempted from all provisions of the Bill, citing security of the State or public order,” a speaker said at a MediaNama event.

Advertisement. Scroll to continue reading.

The insufficient safeguards against government access to data might also make it harder for India to achieve adequacy with the EU, European Commission Deputy Head of International Data Flows & Protection Ralf Sauer indicated at PrivacyNama 2021.

EDPS Press Release | FAQs | EDPS Decision

 

 

Also Read

Have something to add? Subscribe to MediaNama here and post your comment. 

Advertisement. Scroll to continue reading.
Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

The Delhi High Court should quash the government's order to block Tanul Thakur's website in light of the Shreya Singhal verdict by the Supreme...

News

Releasing the policy is akin to putting the proverbial 'cart before the horse'.

News

The industry's growth is being weighed down by taxation and legal uncertainty.

News

Due to the scale of regulatory and technical challenges, transparency reporting under the IT Rules has gotten off to a rocky start.

News

Here are possible reasons why Indians are not generating significant IAP revenues despite our download share crossing 30%.

You May Also Like

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ