Vernetzen Sie sich mit uns

Europäische Datenschutzbeauftragte (EDSB)

EDSB sanktioniert das Europäische Parlament wegen illegaler Datenübermittlung in die USA

SHARE:

Veröffentlicht

on

Following a complaint by six MEPs, including Patrick Breyer of the Pirate Party, the European Data Protection Supervisor (EDPS) has confirmed that the European Parliament‘s COVID test website violated data protection rules.[1] The EDPS highlights that the use of Google Analytics and the payment provider Stripe (both US companies) violated the European Court of Justice’s (CJEU) “Schrems II” ruling on data transfers between the EU and the US.

The ruling is one of the first decisions to implement “Schrems II” in practice and could be groundbreaking for many other cases currently being considered by regulators. On behalf of six MEPs, the data protection organisation noyb filed a data protection complaint against the European Parliament in January 2021.[2]

The main issues raised are the deceptive cookies banners of an internal corona testing website, the vague and unclear data protection notice, and the illegal transfer of data to the US. The EDPS investigated the matter and issued a reprimand on the Parliament for violation of the “GDPR for EU institutions” (Regulation (EU) 2018/1725 applicable only to EU institutions).

Illegal data transfers to the US In the so-called “Schrems II” case, the CJEU stressed that the transfer of personal data from the EU to the US is subject to very strict conditions. Websites must refrain from transferring personal data to the US where an adequate level of protection for the personal data cannot be ensured.

The EDPS confirmed that the website actually transferred data to the US without ensuring an adequate level of protection for the data and highlighted: “The Parliament provided no documentation, evidence or other information regarding the contractual, technical or organizational measures in place to ensure an essentially equivalent level of protection to the personal data transferred to the US in the context of the use of cookies on the website.”

Co-complainant and MEP Patrick Breyer (Pirate Party) comments: “The Schrems II ruling was a great victory for the protection of our privacy and the confidentiality of our communications and internet use. Unfortunately, this case shows that our data is still being illegally transferred to the US in large numbers. With his decision, the EDPS makes it clear that this must end. There must be no more unnecessary disclosing of our personal data to the US without our consent, not even on the basis of the so-called standard contractual clauses, which do not protect us against the NSA mass surveillance schemes.”

Keine Geldbuße, aber ein Verweis und eine Anordnung zur Einhaltung der Vorschriften Der EDSB hat das Parlament wegen verschiedener Verstöße gegen die für EU-Organe geltenden Datenschutzbestimmungen gerügt. Im Gegensatz zu nationalen Datenschutzbehörden nach der DSGVO kann der EDSB nur unter bestimmten Umständen eine Geldbuße verhängen, die in diesem Fall nicht erfüllt wurden. Darüber hinaus gab der EDSB dem Parlament einen Monat Zeit, um seinen Datenschutzhinweis zu aktualisieren und die verbleibenden Transparenzprobleme zu lösen.

Werbung

[1]
[2]
[3]

Teile diesen Artikel:

EU Reporter veröffentlicht Artikel aus einer Vielzahl externer Quellen, die ein breites Spektrum an Standpunkten zum Ausdruck bringen. Die in diesen Artikeln vertretenen Positionen sind nicht unbedingt die von EU Reporter.

Trending