EU data protection watchdog EDPS has asked Europe's top court to scrap amended rules allowing Europol to retroactively legalise its processing of personal data of people with no links to criminal activity, saying the rules undermine its authority.
EDPS (European Data Protection Supervisor), which ensures that EU institutions and bodies comply with the bloc's privacy rules, took its grievance to the Luxembourg-based Court of Justice of the European Union (CJEU) on Sept. 16.
At issue are two amendments to rules governing Europol agreed by EU countries and EU lawmakers which came into force on June 28.
Prior to the changes, Europol was required to check within six months whether personal data it collected was linked to criminal activity and to erase it by Jan. 4, 2023 if there was no such connection.
The amendments mean it can continue to hold data that has not yet been erased.
EDPS' request to the CJEU is "to make sure that the EU legislator cannot unduly 'move the goalposts' in the area of privacy and data protection," EDPS head Wojciech Wiewiorowski said in a statement.
EU lawmaker Patrick Breyer applauded the EDPS move.
"It's true that police cooperation in Europe is of vital importance, but it needs to respect the rule of law," he said.
"Due to these vast data pools, millions of innocent citizens risk being wrongfully suspected of a crime just because they were in the wrong place at the wrong time."
(Reporting by Foo Yun Chee; Editing by Richard Chang)