European privacy advocates lose legal battle to censure Microsoft, Skype


Luxemburg data protection commissioner has found that Microsoft and Skype have not broken any European privacy laws when they sent customer data back to the United States. The decision of the National Commission for Data Protection claimed that the data transfer was indeed a legal move. Their findings is that Microsoft and Skype transferred the data under the Safe Harbor agreement.

In an official statement the, unnamed commissioner said:

“The fact finding operations conducted since July 2013 and the subsequent detailed analysis did not bring to light any element that the two Luxembourg-based companies have granted the U.S. national Security Agency mass access to customer data.”

Needless to say, the activist group Europe v Facebook is not happy and wants to understand the commissioner’s reasoning despite reassurances that the NSA did not receive access. At this point all Europe v Facebook has is rumor and suspicions that Microsoft and Skype have been actively cooperating with the NSA. However, it isn’t stopping them from appealing a similar decision in Ireland.

According to activist Max Schrems,

“It was always clear that the NSA does not get data directly from Luxembourg. But it is not clear whether the CNPD believes that PRISM does not exist in the U.S., or if it feels that press releases by Microsoft are more credible than the revelations by Snowden.

Safe Harbor decision allows for data use for purposes of law enforcement and national security, but the NSA does much more than that. In addition the European Commission has recently said that PRISM would not be covered by Safe Harbor, so it seems like the authorities in Brussels and Luxembourg are not in line. If PRISM would be allowed under the Safe Harbor decision there is no doubt that the decision would be illegal. So overall we can’t really understand the response.”

I’m not sure what these activists expected, without any proof. Folks, leaked documents in newspapers is not legally strong proof that can be used in court. It is unfortunate, but true.

[via GigaOm]

Related Posts

  • Patrikck

    European Union legislation on data protection and privacy is perhaps less known in the US (and, to be honest, not that well known by European citizens in general either) as well as US legislation is equally unknown by Europeans.
    One general principle however holds throughout the whole European Union: national law is subordinate to Union legislation. A country that does not implement European directives within an agreed timeframe risks substantial fines.
    This is not the place to start comparing the US to the EU legislative systems, but the differences are extremely important.
    Therefore it may be interesting to browse the following two links: 1) homepage European Commission on dataprotection, 2) scope of document “This Regulation shall apply to the notification of personal data breaches by providers of publicly available electronic communications services (‘the provider’).”
    It remains an extremely complex subject, on both sides of the Atlantic let alone on a global scale.
    Have a nice day,