Comment by A1kmm

I think regulating the retention and processing of information is entirely feasible even in circumstances where the information is initially available for a different purpose. This is in fact the legal status quo in Europe as well as many non-EU countries.

Now there is no absolute guarantee that, if someone has the information, and they are legally required to delete it or not use it, that they don't break the law. But it works in the case of balancing the need to avoid people being disappeared against preventing dragnet misuse of arrest data by employers and landlords. Maybe organised crime employers would systematically break the law if maintaining a database illegal, but they also probably don't mind people with arrest records.