Major U.S. Tech Firms Look to Be Ignoring Europe’s Data Privacy Rules

September 28, 2020

Technology firms’ compliance with European restrictions on transatlantic data transfers is shockingly poor, Austrian privacy campaigner Max Schrems said on Monday, publishing a survey of companies including Facebook and Netflix.

The Court of Justice of the European Union (CJEU) ruled in July that the data arrangement set up in 2016, called Privacy Shield, was invalid under Europe’s privacy framework because of concerns about U.S. surveillance.

The ruling effectively ends the privileged access that U.S. companies such as Facebook had to personal data from Europe. It puts the country on a similar footing to other nations outside the EU, meaning data transfers are likely to face closer scrutiny.

Firms Need Immediate Rethink on U.S. Data Transfers, Says EU Privacy Watchdog

European Union Court Invalidates Special Data Privacy Shield Granted U.S. Firms

First Charges Filed Under New York’s Cyber Reg Involve First American Data Leak

More Questions Raised Following EU Ruling on U.S. Data Transfer Privacy Shield

The survey, conducted by Schrems’ digital rights group NOYB – short for None of Your Business – covered 33 companies. Most were American, but some were based in the EU and Britain.

Exercising the right of customers to ask companies how their data is handled under the EU’s General Data Protection Regulation (GDPR), the survey drew a mixed bag of responses – some firms did not respond and others gave misleading answers.

“The responses ranged from detailed explanations, to admissions that these companies have no clue what is happening, to shockingly aggressive denials of the law,” said Schrems.

NOYB said that rental platform AirBnB, streaming service Netflix and Facebook chat app WhatsApp didn’t reply, while other companies referred to privacy policies that did not address the questions asked.

Business collaboration platform Slack said it would not “voluntarily” pass on user data to the U.S. authorities, failing to address concerns that Washington has the legal power to conduct targeted surveillance of non-U.S. citizens overseas.

“Overall, we were astonished by how many companies were unable to provide little more than a boilerplate answer,” said Schrems.

“The companies that did provide answers largely are simply not complying with the CJEU judgment. It seems that most of the industry still does not have a plan as to how to move forward.”

(Reporting by Douglas Busvine; Editing by Susan Fenton)

Was this article valuable?

Here are more articles you may enjoy.