Menu
Skype, Microsoft cleared in Luxembourg NSA investigation

Skype, Microsoft cleared in Luxembourg NSA investigation

The Safe Harbor agreement was not breached, the Luxembourg DPA said

Luxembourg's data protection authority cleared Microsoft and its subsidiary Skype of data protection violations related to the U.S. National Security Agency's Prism spying program, the agency said Monday.

The data protection authority, CNPD, was investigating Skype and Microsoft's alleged cooperation with the NSA. Both companies have their European headquarters in Luxembourg.

Two complaints filed by privacy campaign group Europe-v-Facebook were based on a Guardian newspaper report, which in turn was based on files provided by former NSA contractor Edward Snowden. According to the report, Microsoft and Skype collaborated closely with U.S. intelligence services to allow them to intercept communications.

The group wanted to stop the export of European users' personal data to the U.S.

Transferring data to the U.S. and enabling mass access by a foreign intelligence agency violates E.U. law, because export of data is only allowed if an adequate level or protection in a non-E.U. nation, according to the group.

The CNPD, however, found no data-protection violations. "The fact finding operations conducted since July 2013 and the subsequent detailed analysis did not bring to light any element that the two Luxembourg-based companies have granted the U.S. National Security Agency mass access to customer data," the CNPD said in an emailed news release.

"Furthermore, the transfer of certain personal data to affiliate companies in the U.S., as laid down in the privacy statements of both companies, appear to take place lawfully under the rules" of the Safe Harbor agreement, the CNPD said, adding that it therefore did not find any violation of Luxembourg data protection legislation.

The Safe Harbor framework is an agreement between the U.S. Department of Commerce and the European Commission to allow E.U. companies to exchange personal information with U.S. organizations. Such a regulation is needed because the E.U's data protection directive prohibits the transfer of personal to countries that do not meet E.U. standards for data protection.

"Our complaint is another example that shows perfectly that nothing happens, even if European companies are handing over Europeans' data to the NSA," said Europe-v-Facebook in a news release. The group called on the European Commission to amend the Safe Harbor agreement in a way that formally calcifies that transfer of data is illegal if there is probable cause that U.S. companies are forwarding Europeans' data to the NSA.

The Luxembourg decision is in line with a July decision of the Irish Office of the Data Protection Commissioner (ODPC) that found that the exchange of personal data of the Irish subsidiaries of Facebook and Apple with the U.S. is in line with safe harbor principles and that an investigation was not needed. The decision was made after Europe-v-Facebook filed similar complaints against these companies.

On request of the group, the decision to not investigate will be reviewed by the Irish High Court.

A similar complaint was also filed against Yahoo in Germany. The German Federal Commissioner for Data Protection expects to finish its inquiry into the complaint in December. The outcome of that investigation could be different. The German Conference of Data Protection Commissioners has asked the European Commission in July to suspend the Safe Harbor agreements and review whether U.S. companies can still comply with them.

The Commission is currently working on an assessment of the Safe Harbor Agreement that will be presented before the end of the year.

Loek is Amsterdam Correspondent and covers online privacy, intellectual property, open-source and online payment issues for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags skypeMicrosoftsecuritylegalprivacy

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments