Privacy complaint targets European Parliament's virus test site

by Reuters
Friday, 22 January 2021 13:40 GMT

A scientist inputs data for automatic product diafiltration during the research and development of a vaccine against the coronavirus disease (COVID-19) at a laboratory of BIOCAD biotechnology company in Saint Petersburg, Russia June 11, 2020. REUTERS/Anton Vaganov

Image Caption and Rights Information

An EU privacy watchdog is investigating the European Parliament's COVID-19 testing website for a potential illegal data transfer

By Foo Yun Chee

BRUSSELS, Jan 22 (Reuters) - An EU privacy watchdog is investigating the European Parliament's COVID-19 testing website for its staff after a privacy activist filed a complaint on concerns that the site could be transferring data illegally to the United States.

The Austrian privacy advocacy group Noyb, led by Max Schrems, took its case to the European Data Protection Supervisor (EDPS) on behalf of six European Union lawmakers.

Schrems, an Austrian and prominent figure in Europe's digital rights movement against intrusive data-gathering by Silicon Valley tech giants, pursued two cases against Facebook , winning landmark judgments that forced the social network to change how it handles user data in Europe.

EDPS said it had already begun an investigation following a complaint by some EU lawmakers in October last year

"We received today additional information of direct relevance to this complaint that will be examined thoroughly," said a spokesman for the EU body, which has oversight of privacy issues related to EU institutions.

The complaint said that EU lawmakers, on accessing the virus test site, discovered that it had sent over 150 third-party requests, including requests to U.S.-based companies Google and Stripe, in breach of an EU court judgment in July last year.

A number of these third-party requests were for user data in targeted advertising and to enable software to function smoothly.

"The main issues raised are the deceptive cookies banners of an internal corona testing website, the vague and unclear data protection notice, and the illegal transfer of data to the U.S.," Noyb said in a statement.

Cookies are used by companies to track online browsing behaviour, key to online advertising.

Schrems said the EU parliament should have known better.

"Public authorities, and in particular the EU institutions, have to lead by example to comply with the law. This is also true when it comes to transfers of data outside of the EU. By using U.S. providers, the European Parliament enabled U.S. authorities to access data of its staff and its members."

The European Parliament did not immediately respond to a request for comment. (Reporting by Foo Yun Chee Editing by Mark Heinrich)