Skype, Microsoft cleared in Luxembourg NSA investigation

The Safe Harbor agreement was not breached, the Luxembourg DPA said
  • (IDG News Service)
  • — 18 November, 2013 15:41

Luxembourg's data protection authority cleared Microsoft and its subsidiary Skype of data protection violations related to the U.S. National Security Agency's Prism spying program, the agency said Monday.

The data protection authority, CNPD, was investigating Skype and Microsoft's alleged cooperation with the NSA. Both companies have their European headquarters in Luxembourg.

Two complaints filed by privacy campaign group Europe-v-Facebook were based on a Guardian newspaper report, which in turn was based on files provided by former NSA contractor Edward Snowden. According to the report, Microsoft and Skype collaborated closely with U.S. intelligence services to allow them to intercept communications.

The group wanted to stop the export of European users' personal data to the U.S.

Transferring data to the U.S. and enabling mass access by a foreign intelligence agency violates E.U. law, because export of data is only allowed if an adequate level or protection in a non-E.U. nation, according to the group.

The CNPD, however, found no data-protection violations. "The fact finding operations conducted since July 2013 and the subsequent detailed analysis did not bring to light any element that the two Luxembourg-based companies have granted the U.S. National Security Agency mass access to customer data," the CNPD said in an emailed news release.

"Furthermore, the transfer of certain personal data to affiliate companies in the U.S., as laid down in the privacy statements of both companies, appear to take place lawfully under the rules" of the Safe Harbor agreement, the CNPD said, adding that it therefore did not find any violation of Luxembourg data protection legislation.

The Safe Harbor framework is an agreement between the U.S. Department of Commerce and the European Commission to allow E.U. companies to exchange personal information with U.S. organizations. Such a regulation is needed because the E.U's data protection directive prohibits the transfer of personal to countries that do not meet E.U. standards for data protection.

"Our complaint is another example that shows perfectly that nothing happens, even if European companies are handing over Europeans' data to the NSA," said Europe-v-Facebook in a news release. The group called on the European Commission to amend the Safe Harbor agreement in a way that formally calcifies that transfer of data is illegal if there is probable cause that U.S. companies are forwarding Europeans' data to the NSA.

The Luxembourg decision is in line with a July decision of the Irish Office of the Data Protection Commissioner (ODPC) that found that the exchange of personal data of the Irish subsidiaries of Facebook and Apple with the U.S. is in line with safe harbor principles and that an investigation was not needed. The decision was made after Europe-v-Facebook filed similar complaints against these companies.

On request of the group, the decision to not investigate will be reviewed by the Irish High Court.

A similar complaint was also filed against Yahoo in Germany. The German Federal Commissioner for Data Protection expects to finish its inquiry into the complaint in December. The outcome of that investigation could be different. The German Conference of Data Protection Commissioners has asked the European Commission in July to suspend the Safe Harbor agreements and review whether U.S. companies can still comply with them.

The Commission is currently working on an assessment of the Safe Harbor Agreement that will be presented before the end of the year.

Loek is Amsterdam Correspondent and covers online privacy, intellectual property, open-source and online payment issues for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Loek Essers

IDG News Service
Topics: skype, security, Microsoft, legal, privacy
Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Compare & Save

Deals powered by WhistleOut
WhistleOut

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?