Luxemburg data protection commissioner has found that Microsoft and Skype have not broken any European privacy laws when they sent customer data back to the United States. The decision of the National Commission for Data Protection claimed that the data transfer was indeed a legal move. Their findings is that Microsoft and Skype transferred the data under the Safe Harbor agreement.
In an official statement the, unnamed commissioner said:
“The fact finding operations conducted since July 2013 and the subsequent detailed analysis did not bring to light any element that the two Luxembourg-based companies have granted the U.S. national Security Agency mass access to customer data.”
Needless to say, the activist group Europe v Facebook is not happy and wants to understand the commissioner’s reasoning despite reassurances that the NSA did not receive access. At this point all Europe v Facebook has is rumor and suspicions that Microsoft and Skype have been actively cooperating with the NSA. However, it isn’t stopping them from appealing a similar decision in Ireland.
According to activist Max Schrems,
“It was always clear that the NSA does not get data directly from Luxembourg. But it is not clear whether the CNPD believes that PRISM does not exist in the U.S., or if it feels that press releases by Microsoft are more credible than the revelations by Snowden.
Safe Harbor decision allows for data use for purposes of law enforcement and national security, but the NSA does much more than that. In addition the European Commission has recently said that PRISM would not be covered by Safe Harbor, so it seems like the authorities in Brussels and Luxembourg are not in line. If PRISM would be allowed under the Safe Harbor decision there is no doubt that the decision would be illegal. So overall we can’t really understand the response.”
I’m not sure what these activists expected, without any proof. Folks, leaked documents in newspapers is not legally strong proof that can be used in court. It is unfortunate, but true.