Facebook, Skype challenged in EU over spy affair
18.07.13 @ 09:18
Berlin - A group of Austrians, led by law student Max Schrems, has challenged the EU-based subsidiaries of Apple, Facebook, Microsoft, Skype and Yahoo on data privacy following revelations that they allowed US intelligence services to search to Europeans' data.
Schrems is no novice when it comes to tackling Internet giants.
"The most interesting thing is that here in Europe we have laws on data protection, but we don't enforce them," Schrems told this website on Wednesday (17 July).
Schrems has filed complaints with the data protection offices in Ireland for Facebook and Apple, in Luxembourg for Skype and Microsoft, and in Germany for Yahoo.
The five companies were mentioned by fugitive whistleblower Edward Snowden, a former CIA contractor who revealed that a massive surveillance programme (Prism) allows US intelligence services to sift through emails, read chats and listen to Skype conversations of anyone in the world.
"All these companies have set up subsidiaries in Europe to avoid taxes. They are on EU soil, so they have to abide by EU law, which says it is illegal to forward data if you cannot guarantee it is going to safe hands.
He also noted that in Europe the US authorities cannot apply a so-called gag order, which in US prohibits these companies on giving any information about Prism.
"Here they have to say what they do with the data and demonstrate it is safe," Schrems said.
All three national data protection offices have already sent questions to the companies based on Schrems' complaint.
"The European subsidiaries are legally responsible for the servers in the US, even though they don't process any data. They are trying to exploit the legal system in Europe to pay as little tax as possible, that's why they use this construction. So now we use this construction as well, to make them stick to EU law," the Austrian student said.
His hopes lie with the German data protection office, because the Irish one, he says, has so far proven to be a mere "rubberstamping office" for big companies.
"We don't know about Luxembourg yet, but if the Germans look into it, the Irish will also have to do something," Schrems said.
He explained that his first case filed in Ireland against Facebook with the data protection commission is still ongoing.
The whole exercise is not so much about "fighting the companies", but rather checking whether European data protection really works.
"I studied in Silicon Valley and there were companies coming to the classroom not knowing there is a European among them.
"They were saying it very bluntly: yes, Europe has strong data protection rules, but if you just pretend to respect them, you're fine. No way can they find out what we are doing on our servers and even if they do, it will take them at least 10 years to enforce anything."
The EU is currently revamping its data protection rules - a process that until now only Brussels aficionados have been following.
But with the Prism scandal in the news all over Europe, the EU data protection law is likely to get more media attention, Schrems predicts.
German Chancellor Angela Merkel on Sunday said she wants the law to move ahead and to uphold the stricter German standards on data protection.
"This is a good thing. Lobbying is so intense and uneven on this law - Facebook alone has hired five lobbyists for this in Brussels, while on the other side, NGOs have maybe one person who also has to cover other topics too. And MEPs rarely go the extra mile of asking some independent experts or academics about it," Schrems said.
The European Commission earlier this week also said it wants to see the bill move faster through the European Parliament - where it is currently stuck - and come into force by May 2014.