Student group Europe Versus Facebook has tangled with the social network before, in case you couldn’t tell by its name, filing numerous complaints related to Facebook’s privacy policies starting in 2011. Now, EVF is taking on Facebook again over its alleged role in the U.S. National Security Agency’s Prism initiative, and the group is also taking on Apple, Microsoft, Skype, and Yahoo.
EVF filed complaints against the five tech giants over Prism, doing so in Ireland against Facebook and Apple (Facebook’s European headquarters is in Dublin), in Luxembourg against Skype and Microsoft, and in Germany against Yahoo.
Although Prism was a U.S. initiative, EVF justified its complaints in Europe by mentioning the companies’ European subsidiaries, saying that they fall under European privacy laws, and adding that if one of the companies’ European units sends data to its parent company in the U.S., that action is considered an export of personal data.
EVF also hinted that Google and YouTube may be next on its radar, saying that while there are no European subsidiaries, Google has data centers in Ireland, Belgium, and Finland.
In order to avoid taxes, U.S. companies have spun a network of subsidiaries. At the same time, these tax-avoidance strategies lead to a situation where the companies have to abide by U.S. and European Union laws. This can get tricky when they have to adhere to EU privacy laws and U.S. surveillance laws. Many journalists have asked us in recent weeks if Prism is legal from an EU perspective. We have looked at that a little closer. The result was — after consulting with legal experts — that it is very likely illegal under EU data protection laws, because of the corporate structure of the companies.
There can in no way be an adequate level of protection if they cooperate with the NSA on the other end of the line. Right now, an export of data to the U.S. must be seen as illegal if the involved companies cannot disprove the reports on the Prism program. In the end, the key question is whether a European company can simply forward data to a foreign spy agency.
We want a clear statement by the authorities on if a European company may simply give foreign intelligence agencies access to its customer data. If this turns out to be legal, then we might have to change the laws.
Readers: Do you think EVF’s complaints are valid?