Issue link: https://maltatoday.uberflip.com/i/1468112
11 NEWS 19.5.2022 These articles are part of a content series called Ewropej. This is a multi-newsroom initiative part-funded by the European Parliament to bring the work of the EP closer to the citizens of Malta and keep them informed about matters that affect their daily lives. These articles reflect only the authors' view. The European Parliament is not responsible for any use that may be made of the information it contains. Europol is concerned," she said. Europol's move into big data raises compliance concerns Europol began offering European member states services to forensically analyse data in 2002. Demand for these services has grown drastically over the years as police agencies across Europe sought to exploit the power of "big data". By 2019, the European Data Protection Su- pervisor reported that Europol was process- ing increasing amounts of untargeted data for intelligence and investigation purposes – including datasets containing information on innocent people. In April that year, Europol's executive di- rector, Catherine De Bolle, reported major compliance concerns to the EDPS, sparking a formal enquiry. e following April, Europol began re- ceiving huge quantities of data from a novel hacking operation conducted by the French police into encrypted phone network Encro- Chat. e agency received data from 120 mil- lion EncroChat messages, analysed the data to identify the country of origin, and deliv- ered it to police forces in Germany, France, Sweden, the UK and other countries which have made thousands of arrests of organised criminal gangs. In September 2020, the EDPS admonished Europol – without naming specific investi- gations – for putting data subjects' privacy rights at risk by continuing to store large volumes of personal data, in some cases for years, without assessing whether the indi- viduals had any link to criminality. "e processing of data about individuals in an EU law enforcement database can have severe consequences on those involved," the supervisor, Wojciech Wiewiórowski, wrote at the time. "Without putting in place the safeguards provided in the Europol regulation, individ- uals run the risk of being wrongly linked to criminal activity across the EU, with all the potential damage to their private and profes- sional lives that that entails," he added. Normalising widespread data collection e EDPS and Europol failed to reach an agreement during subsequent negotiations and, in January this year, the EDPS ordered Europol to delete all data it held on individ- uals with "no established link to criminality". e order required Europol to erase data- sets older than six months, in cases where Europol had failed to categorise the data subjects and could not be certain that they did not contain information about people with no established links to crime. It was possible, the EDPS found, that data on innocent individuals may also have been extracted and shared with third parties. e regulator ordered Europol to noti- fy third parties to delete any data wrongly handed over. EDRi's Berthélémy told Computer Weekly that a major goal of the latest reform was to legalise Europol's processing of datasets that contain personal data on individuals who are not suspected of any crime. Under Europol's 2016 mandate, the police agency is limited to processing data, defined in a list known as Annex 2, that relates to people with connections to terrorism, drug trafficking and other cross-border organised crime. e latest proposals allow Europol to der- ogate from the restrictions in Annex 2, with no requirement to inform the European Data Protection Supervisor until after a criminal investigation has been completed – which could take years. One effect of the change, said Berthélémy, would be to ensure that Europol's mass col- lection of data during the operation against EncroChat, which gathered messages, pho- tos, videos and other data, not all of which may not have been linked to criminal activi- ty, is legalised. "It is really about normalising this massive data collection," she said. Patrick Breyer, MEP for the Pirate Party and a member of the Joint Parliamentary Scrutiny Group, which monitors Europol, said that despite concerns from civil socie- ty groups and a rebuke from the European Data Protection Supervisor, Europol was to be allowed to collect and analyse "massive amounts" of data on individuals who are not suspected of crime. "In consequence, innocent citizens run the risk of being wrongfully suspected of a crime just because they were in the wrong place at the wrong time," he said. According to Breyer, Europol's plans to train "error-prone" algorithms with data from real citizens in the future threatened "false positives" and discrimination. He said Europol should be regulated more effectively to ensure it did not breach the law further. "e supervisory mechanisms, which have been superficial so far, have not been given the necessary teeth to detect and stop illegal practices by the authority," he said. Schengen reforms A separate proposal amending the Schen- gen Information System (SIS) regulation to enable Europol to make third country in- formation available to frontline officers has also been agreed, but in a modified form. Europol will not be able to submit its own SIS alerts, as originally intended, but, in a compromise agreement to meet the sensi- tivities of member states, it will be allowed to request member states to add alerts on its behalf. In a statement after the European Parlia- mentary vote, rapporteur Javier Zarzalejos said: "is regulation, and the new man- date for Europol, mark a substantial leap forward in the capabilities of the agency, in its ability to support member states, in its governance framework and, last but cer- tainly not least, in the enhanced system of safeguards we have put in place." e legal text will now head to the Coun- cil of Europe for formal adoption before it comes into force. e Schengen proposal is due to be dis- cussed in the European Parliament plenary between 6 and 9 June. data on European citizens power