Dutch DPA Slams Police for Failure on Data-Retention Rules
Dutch law enforcement agencies aren't following the law concerning data retention, the Dutch Data Protection Authority told the country's House of Representatives in a letter June 19.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
Dutch police now exceed the legal data storage periods for data relating to millions of innocent people, causing them risk, the authority said. If the legislature wants a longer data-retention period, it should enact one, it insisted.
Several lawmakers have urged the government not to destroy the data, said the Dutch agency, but the government, and especially the police, must comply with the law.
For much of the stored data, it's not possible to show that long-term retention provides added value, it noted. For example, the data is "emphatically" not part of cold cases or information about DNA.
Under the law, the data must be deleted from police systems used daily after five years and completely destroyed after 10, the Dutch agency noted. Among other risks, data unlawfully held could fall into the wrong hands during a data breach, it added.