Campaign group Europe v Facebook has criticised the decision by Luxembourg’s data protection authorities to clear Microsoft and its Skype division of privacy violations.
In October, Luxembourg’s National Commission for Data Protection (CNPD) ordered an investigation of the firms’ involvement in the US National Security Agency’s Prism internet surveillance programme.
The investigation led to speculation that the Luxembourg-headquartered internet-calling service could face criminal and administrative sanctions for passing on users’ communications to the NSA.
The probe was launched after the CNPD received a complaint from a private individual concerned that their fundamental right to the protection of personal data had been violated.
The complaint came after reports based on documents leaked by whistleblower Edward Snowden claimed that Skype had supplied the NSA with content from calls as well as other details.
But, according to a statement released by the CNPD, the probe found that the companies did not provide widespread data access to the NSA.
The investigation also found that the transfer of some data to affiliate companies in the US “appears to take place lawfully” under the safe harbor agreement.
Max Schrems of Europe v Facebook said in a document on the campaign’s website that “Safe Harbor” decision allows for data use for purposes of law enforcement and national security, but the NSA does much more than that.
“In addition the European Commission has recently said that Prism would not be covered by the ‘Safe Harbor’, so it seems like the authorities in Brussels and Luxemburg are not in line,” he said.
“If Prism would be allowed under the ‘Safe Harbor’ decision there is no doubt that the decision would be illegal. So overall we can’t really understand the response,” said Schrems.
Europe v Facebook said the CNPD investigation once again demonstrates that there are no real consequences from the NSA scandal.
“We are making fools of ourselves internationally if we are not taking any action. Our politicians are sending a couple of angry letters, but when it comes to factual consequences we see no action,” said Schrems.
The European Commission recently announced that it is conducting a review of the controversial “Safe Harbor” decision to examine whether it still meets European standards after the Prism revelations.
“There is an urgent need that the European Commission amends the “Safe Harbor” decision accordingly or at least formally calcifies that transfer of data is illegal if there is probable cause that US companies are forwarding Europeans’ data to the NSA,” said Schrems.
More on Prism
After Prism revelation there is nowhere to hide
Security Think Tank: Prism unlikely to change much
Security Think Tank: Prism fallout could be worse than security risks
Security Think Tank: Prism is dangerous for everyone
Security Think Tank: Prism – Sitting duck or elaborate honeypot?
NSA surveillance whistleblower reveals identity
US repeatedly hacked China, claims NSA whistleblower
FBI spies on internet users
UK links to US internet surveillance remain unclear
Technology companies call for more transparency over data requests
Compliance: The Edward Snowden, NSA program controversy continues
Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners.
If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Related content from ComputerWeekly.com