As Americans still reel from the news of an NSA data-mining operation and large companies ask the government for permission to be transparent and reveal what information has been requested, one group of European students claims the entire practice violates their right to privacy.
The group, called Europe-v-Facebook, (EVF) has filed formal complaints against large American companies which have taken part in PRISM. Though these companies are based in America, they conduct business in Europe. EVF claims this means they must also adhere to European privacy laws.
If the US government is using PRISM to collect data from European users, they claim they should be told about it in accordance with their local privacy laws. Based in Austria, EVF has been lobbying against Facebook for over two years. The group wants Facebook to hand over copies of user information they may have stored.
Large tech companies, such as Facebook and Apple, have headquarters located in the EU largely as a way to dodge taxes, a practice which has brought these companies under some recent scrutiny. Because they conduct business in these areas, EVF claims they must abide by the privacy laws of the land, and they have legal precedent to back up these claims.
The group cites a 2006 case involving the mass transit of data between a payment processing company in Europe called Swift and a data center in the US. It was decided in this case that the mass transit of data from European companies to the US is illegal under European Union law. Therefore if the US were using PRISM to gather information from internationals, the practice would be illegal.
Furthermore, the US has placed a gag order on American companies, at first preventing them from acknowledging that the PRISM program existed. Though the government relented a bit in recent weeks, the American tech companies are still unable to give specific details about these requests. Companies are now allowed to give a broad estimation of the number of requests they’ve received in the last six months, but they must also include requests for data which are not a part of PRISM or the Foreign Intelligence Surveillance Act (FISA).
“For European subsidiaries of the involved companies American “gag order” does not apply – in contrast to that the companies are even under an obligation to tell the truth under European proceedings,” writes the EVF in their statement.
Now that they’ve sent in complaints against Apple, Facebook, Microsoft, Skype and Yahoo!, the group will wait for authorities in Ireland and Germany to determine if the mass transit of data in this manner (if it’s occurring at all) is legal.
“If this turns out to be legal, then we might have to change the laws. In addition to the legal clarification europe-v-facebook.org expects a deeper insight into the handling of data by the companies involved. During European procedure, companies must say precisely what they do with the users’ data. If the companies remain silent and do not submit credible evidence, then they run the risk of not being allowed to transfer data to their US parent companies,” says the EVF.
Google and YouTube were not included in the first round of complaints; the EVF says these companies operate in Europe differently than the other companies. However, since they also have data centers in Ireland, they plan to approach these complaints in a different way. Watch the space//tech news