fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Europol Ordered to Erase Data on those Not Linked to Crime

Europol Ordered to Erase Data on those Not Linked to Crime

The European Data Protection Supervisor (EDPS), an EU privacy and data protection independent supervisory authority, has ordered Europol to erase personal data on individuals that haven’t been linked to criminal activity.

According to the EDPS, the watchdog considers personal data any identification number, location data, or online identifier associated with an individual’s physical, physiological, genetic, mental, economic, cultural, or social identity.

Europol was notified of this order one week ago, on January 3, 2022. The decision follows an own-initiative inquiry started on April 30, 2019, regarding the EU police body’s use of Big Data Analytics for personal data processing activities.

Also Read: The 12 Important Details for Employment Contract Template

The EU data watchdog issued this order after admonishing Europol in September 2020 for storing large amounts of data on individuals that haven’t been linked to criminal activity, putting their fundamental rights at risk.

“The EDPS’ Decision is about protecting individuals whose personal data is included in datasets transferred to Europol by EU Member States’ law enforcement authorities,” said the EDPS today [PDF].

“According to the Europol Regulation, Europol is only allowed to process data about individuals who have a clear, established link to criminal activity (e.g. suspect,witness, etc).

“Limiting Europol’s processing of data avoids exposing other individuals who do not all into these categories, therefore minimising the risks associated with having their data processed in Europol’s databases.”

EDPS imposes six months data retention period

Europol failed to comply with obligations under the Europol Regulation to filter and extract crime-related information from its databases.

Thus, the EDPS has now also imposed a 6-month retention period on the personal information collected by the police body, which means that Europol must erase all data not filtered within six months its databases to prevent its processing longer than needed.

“Such collection and processing of data may amount to a huge volume of information, the precise content of which is often unknown to Europol until the moment it is analysed and extracted – a process often lasting years,” European Data Protection Supervisor Wojciech Wiewiórowski added in a press release published today.

“A 6-month period for pre-analysis and filtering of large datasets should enable Europol to meet the operational demands of EU Member States relying on Europol for technical and analytical support, while minimising the risks to individuals’ rights and freedoms.”

Also Read: Is it Illegal to Email Someone Without Their Permission?

More information on EDPS’ order is available on the EU data watchdog’s website and in the decision published on January 3.


Update January 10, 13:50 EST: Europol told BleepingComputer that EDPS’ decision to impose a six months data retention period will impact its ability to analyze large datasets provided in connection with ongoing investigations.

You can read the full statement sent by Europol’s Head of Media Relations below.

Committed to the highest standards of data protection, Europol first reached out proactively to the EDPS on the 1st of April 2019 to seek guidance on the processing of large and complex datasets which are collected in lawful, judicial investigations.
Europol is increasingly receiving from its Member States datasets collected in lawful, judicial investigations to help with their processing and analysis.

Since then, Europol has followed the guidance given by the EDPS and has updated its Management Board about the progress achieved.

Today, the European Data Protection Supervisor (EDPS) published his Decision on the retention of datasets without Data Subject Categorisation (DSC) by Europol. The DSC is the act of identifying in these datasets suspects, potential future criminals, contacts and associates, victims, witnesses and informants linked to criminal activities contained.

According to the EDPS, Europol should complete the DSC for large and complex datasets within a fixed retention timeline. In this context, the EDPS has highlighted that the current Europol Regulation does not contain an explicit provision regarding a maximum time period to determine the DSC.

In his decision the EDPS sets that this period must be of six months at the expiry of which, he requests Europol to erase the data.

The EDPS Decision will impact on Europol’s ability to analyse complex and large datasets at the request of EU law enforcement. This concerns data owned by Member States and operational partners and provided to Europol in connection with investigations supported within its mandate. It includes: terrorism, cybercrime, international drugs trafficking, and child abuse among others.

Europol’s support frequently entails a period longer than six months as illustrated by some of its most prominent cases.

Europol will seek the guidance of its Management Board and will assess the EDPS Decision and its potential consequences for the Agency’s remit and for ongoing investigations and the possible negative impact on the security for the citizens in the EU.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us