On 26 June 2013 members of the group europe-v-facebook.org lodged complaints with data protection commissioners around the EU. The group is alleging that European subsidiaries of Facebook, Apple, Microsoft, Skype and Yahoo illegally transferred data to the NSA under PRSIM.

PRISM: europe-v-facebook lodges data protection complaints © ferkelraggae-Fotolia
PRISM: europe-v-facebook lodges data protection complaints © ferkelraggae-Fotolia

Data protection

Europe-v-facebook.org was originally set up by a group of Viennese students to express objection to Facebook’s privacy policy. Now the group has expanded its remit to encompass the general protection of data in the EU.

The group has accused the EU subsidiaries of having illegally exported large amounts of personal data to the NSA and is seeking an explanation. Also the students are calling for a legally binding decision from data protection commissioners in Ireland, Luxembourg and Germany.

Data export

European subsidiaries are only permitted to export personal data to organisations outside the EU if an adequate level of protection is provided.

The members of europe-v-facebook.org believe that the transmission of personal data to the NSA is a clear breach of the fundamental right to data protection and is therefore illegal.

Gag order

The group asserts that the European subsidiaries are not subject to the American laws on confidentiality – the so-called gag order. As a result they required to issue their opinion on the accusations and under EU law the subsidiaries carry the burden of proving that their activities were legal.

Amendments to EU data protection legislation

Spokesman of europe-v-facebook.org, Max Schrems has called for European data protection legislation to be amended, if the passing of data to the NSA is found to be legal.

However, a similar case from 2006 would indicate that the subsidiaries’ activities were indeed illegal. The case concerned the transfer of personal data by the payment service SWIFT to the US Ministry of Finance.

The EU data protection commission came to the conclusion that the mass transfer of data to US authorities was not legal under EU data protection legislation.

Related articles: