NSA/PRISM: Legal Actions against European Subsidiaries of Facebook, Apple, Microsoft, Skype and Yaho [View all]

Today several members of the student group "europe-v-facebook.org" have filed complaints under EU data protection law against Facebook, Apple, Microsoft, Skype and Yahoo because of the alleged cooperation with the US Secret Service NSA under the PRISM Program.

The complaints were filed in Ireland against Facebook (PDF) and Apple (PDF), in Luxembourg against Skype (PDF) and Microsoft (PDF) and in Germany against Yahoo(PDF). All complains are directed at the European subsidiaries of the US-based internet companies.

EU data protection law.While the PRISM scandal is taking place in the US, most of the involved companies conduct their business through subsidiaries in the EU in order to avoid US taxes. These companies therefore fall fully under the European privacy laws, even if the users’ data is processed by the US parent company. In order to avoid taxes US companies have spun a network of subsidiaries. At the same time these ‘tax avoidance strategies’ lead to a situation where the companies have to abide by US and EU laws. This can get tricky when they have to adhere to EU privacy laws and US surveillance laws.

Key Issue: Data Export. If a European subsidiary sends user data to the American parent company, this is considered an “export” of personal data. Under EU law, an export of data is only allowed if the European subsidiary can ensure an “adequate level or protection” in the foreign country. After the recent disclosures on the “PRISM” program such trust in an “adequate level of protection” by the involved companies can hardly be upheld.

Read more: http://europe-v-facebook.org/EN/en.html