Big U.S. tech firms fail to comply with curb on Europe data transfers: Schrems

Send a link to a friend  Share

[September 28, 2020] BERLIN (Reuters) - Technology firms' compliance with European restrictions on transatlantic data transfers is shockingly poor, Austrian privacy campaigner Max Schrems said on Monday, publishing a survey https://newsletter.noyb.eu/v/
100912/5/f6vVcqeA9J/59532544 of companies including Facebook and Netflix.

A 3D-printed Facebook logo is seen in front of the logo of the European Union in this picture illustration made in Zenica, Bosnia and Herzegovina on May 15, 2015. REUTERS/Dado Ruvic

The Court of Justice of the European Union (CJEU) ruled in July that the data arrangement set up in 2016, called Privacy Shield, was invalid under Europe's privacy framework because of concerns about U.S. surveillance.

The ruling effectively ends the privileged access that U.S. companies such as Facebook had to personal data from Europe. It puts the country on a similar footing to other nations outside the EU, meaning data transfers are likely to face closer scrutiny.

The survey, conducted by Schrems' digital rights group NOYB - short for None of Your Business - covered 33 companies. Most were American, but some were based in the EU and Britain.

Exercising the right of customers to ask companies how their data is handled under the EU's General Data Protection Regulation (GDPR), the survey drew a mixed bag of responses - some firms did not respond and others gave misleading answers.

"The responses ranged from detailed explanations, to admissions that these companies have no clue what is happening, to shockingly aggressive denials of the law,” said Schrems.

NOYB said that rental platform AirBnB, streaming service Netflix and Facebook chat app WhatsApp didn't reply, while other companies referred to privacy policies that did not address the questions asked.

Business collaboration platform Slack said it would not "voluntarily" pass on user data to the U.S. authorities, failing to address concerns that Washington has the legal power to conduct targeted surveillance of non-U.S. citizens overseas.

“Overall, we were astonished by how many companies were unable to provide little more than a boilerplate answer," said Schrems.

"The companies that did provide answers largely are simply not complying with the CJEU judgment. It seems that most of the industry still does not have a plan as to how to move forward.”

(Reporting by Douglas Busvine; Editing by Susan Fenton)

[© 2020 Thomson Reuters. All rights reserved.]

Copyright 2020 Reuters. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.  Thompson Reuters is solely responsible for this content.

 

 

Back to top