Some of the tech firms embroiled in the PRISM scandal have been targeted by European data protection activists, in new complaints that suggest the likes of Facebook, Apple, Skype, Yahoo and Microsoft have broken data protection laws while cooperating with the NSA.
The campaigners are part of Europe v Facebook and their main claim is that while all of these companies are headquartered in the US and thereby need to comply to US data laws (and hand over information to the US authorities when required) they operate in Europe and therefore also need to comply with data privacy laws in the EU.
As the EvF puts it: “If a European subsidiary sends user data to the American parent company, this is considered an “export” of personal data. Under EU law, an export of data is only allowed if the European subsidiary can ensure an “adequate level or protection” in the foreign country. After the recent disclosures on the “PRISM” program such trust in an “adequate level of protection” by the involved companies can hardly be upheld.”
Now the group is demanding that EU authorities issue a statement on whether Facebook and other companies can legally handle EU data through US servers, knowing that the NSA is able to look in on it when it feels like it.
Of course all of the tech firms that were initially highlighted as part of the PRISM scheme, have all denied giving the NSA direct access to their servers, but Google has admitted to handing over data to the NSA by hand or secure FTP, so it seems likely that the other organisations do so too, at least to some extent.
The EvF is now suggesting that it's down to these involved companies to disprove the level of data viewing by the NSA and other government agencies, in order to prove that it is offering adequate protection to EU data. If not, those companies could find themselves in legal hot water.
KitGuru Says: The EvF joins Liberty as one of the few EU based lobby groups that are trying to fight against the PRISM and Tempora. They're worth your support.