Europol data practices target of EU privacy watchdog lawsuit

General view of the Europol building in The Hague, Netherlands December 12, 2019. REUTERS/Eva Plevier

BRUSSELS, Sept 22 (Reuters) - EU data protection watchdog EDPS has asked Europe's top court to scrap amended rules allowing Europol to retroactively legalise its processing of personal data of people with no links to criminal activity, saying the rules undermine its authority.

EDPS (European Data Protection Supervisor), which ensures that EU institutions and bodies comply with the bloc's privacy rules, took its grievance to the Luxembourg-based Court of Justice of the European Union (CJEU) on Sept. 16.

At issue are two amendments to rules governing Europol agreed by EU countries and EU lawmakers which came into force on June 28.

Register now for FREE unlimited access to Reuters.com

Prior to the changes, Europol was required to check within six months whether personal data it collected was linked to criminal activity and to erase it by Jan. 4, 2023 if there was no such connection.

The amendments mean it can continue to hold data that has not yet been erased.

EDPS' request to the CJEU is "to make sure that the EU legislator cannot unduly 'move the goalposts' in the area of privacy and data protection," EDPS head Wojciech Wiewiorowski said in a statement.

EU lawmaker Patrick Breyer applauded the EDPS move.

"It's true that police cooperation in Europe is of vital importance, but it needs to respect the rule of law," he said.

"Due to these vast data pools, millions of innocent citizens risk being wrongfully suspected of a crime just because they were in the wrong place at the wrong time."

Register now for FREE unlimited access to Reuters.com
Reporting by Foo Yun Chee; Editing by Richard Chang

Our Standards: The Thomson Reuters Trust Principles.