European student group files complaints with the EU against US tech giants over NSA spying
By End the Lie
A European student group known as Europe-v-Facebook (EVF) has filed formal complaints against major US technology firms for allegedly working with the National Security Agency (NSA) to secretly collect data on Europeans.
The group specifically named the NSA’s PRISM program in their announcement and stated that their complaints are aimed at the European subsidiaries of US internet giants which worked with the government according to multiple reports.
Complaints against Google and YouTube are forthcoming but could not be filed immediately because they do not use European intermediaries. Instead, the group will have to follow a different path since Google has data partners in Belgium, Finland and Ireland.
Since the subsidiaries are based in the EU, the group maintains that they are subject to EU data privacy laws.
“If a European subsidiary sends user data to the American parent company, this is considered an ‘export’ of personal data,” the group explained in an announcement. “Under EU law, an export of data is only allowed if the European subsidiary can ensure an ‘adequate level or protection’ in the foreign country.”
The group stated that after the exposure of the PRISM program, it is impossible to trust that the companies maintained an “adequate level of protection.”
“There can in no way be an adequate level of protection if they cooperate with the NSA on the other end of the line,” Max Schrems, EVF speaker, said in a statement according to CNET.
“Right now an export of data to the U.S. must be seen as illegal if the involved companies cannot disprove the reports on the PRISM program,” Schrems added.
The complaints filed by EVF are backed up by the 2006 “SWIFT” case in which EU data protection authorities ruled that mass transfer of data to the US breaches EU law.
The case involved the SWIFT payment processor transferring transaction details to American authorities through a data center in the United States.
It was especially important because the finding stated “that even in the fight against terrorism and crime fundamental rights must remain guaranteed.” One would hope that this would extend to cover programs like PRISM as well.
EVF seeks to have data protection authorities in Germany, Ireland and Luxembourg decide if it is legal for European subsidiaries of American companies to “mass transfer” personal data to a foreign intelligence agency, namely, the NSA.
“We want a clear statement by the authorities if a European company may simply give foreign intelligence agencies access to its customer data,” the group said.
They added that if the authorities decide that it is, in fact, legal to do so, a change in law might be required.
The group also seeks to gain more insight into how the companies handle user data since European procedure forces companies to “say precisely what they do with the users’ data.”
“If the companies remain silent and do not submit credible evidence, then they run the risk of not being allowed to transfer data to their US parent companies,” the group stated. “This means they would have to rearrange their whole infrastructure. We will of course ask for access to the files. We are already excited to see what companies have to say.”
’d love to hear your opinion, take a look at your story tips and even your original writing if you would like to get it published. Please email me at [email protected]