The European Data Protection Supervisor said Monday that Europol was notified of the order on Jan. 3 following an inquiry that started in 2019.
As part of the investigation, the EDPS said it reprimanded Europol two years ago “for the continued storage of large volumes” of such data, “which poses a risk to individuals’ fundamental rights.”
It said Europol has since introduced some measures but has not complied with requests to set an appropriate data retention period.
“This means that Europol was keeping this data for longer than necessary,” the EDPS said.
The watchdog said it imposed a six-month period for the assessment of new datasets and determine whether information can be kept. It gave the crime agency a 12-month delay to comply with the decision for data it received before Jan. 4.
“A 6-month period for pre-analysis and filtering of large datasets should enable Europol to meet the operational demands of EU Member States relying on Europol for technical and analytical support, while minimizing the risks to individuals’ rights and freedoms,” said Wojciech Wiewiórowski, the EDPS supervisor.
The EDPS did not reveal how big the data stored by Europol is. According to The Guardian newspaper, which said it had access to internal documents, its equates to the equivalent of “a fifth of the entire contents of the U.S. Library of Congress.”
Europol did not immediately respond to the announcement.