Europol's Shadow IT System Exposed for Data Privacy Violations

Severity: High (Score: 67.0)

Sources: Computerweekly, wearesolomon.com, correctiv.org

Summary

An investigation reveals that Europol operated a 'shadow IT' system containing vast amounts of sensitive personal data without adequate security measures. This system, described by insiders as the 'Pressure Cooker,' allowed access to data including phone records and identity documents of individuals not suspected of crimes. The operation of this system violated EU data protection laws, leaving innocent citizens vulnerable to wrongful criminal associations. The findings have prompted calls from MEPs to pause Europol's expansion plans until proper oversight is established. Europol has denied allegations of hiding information from regulators, claiming transparency in its operations. The situation is critical as the European Commission prepares to propose new legislation that could expand Europol's mandate and budget significantly. Key Points: • Europol operated a shadow IT system with sensitive data for years without proper safeguards. • The 'Pressure Cooker' tool allowed unauthorized data access, affecting innocent individuals. • MEPs are calling for a pause on Europol's expansion until oversight and transparency are ensured.

Key Entities

• Big Data Challenge (campaign)
• Task Force Fraternité (campaign)
• Europol (company)
• X (company)
• CWE-200 - Exposure of Sensitive Information (cwe)
• CWE-269 - Improper Privilege Management (cwe)
• CWE-862 - Missing Authorization (cwe)
• Pressure Cooker (platform)