Menu
Skype, Microsoft cleared in Luxembourg NSA investigation

Skype, Microsoft cleared in Luxembourg NSA investigation

The Safe Harbor agreement was not breached, the Luxembourg DPA said

Luxembourg's data protection authority cleared Microsoft and its subsidiary Skype of data protection violations related to the U.S. National Security Agency's Prism spying program, the agency said Monday.

The data protection authority, CNPD, was investigating Skype and Microsoft's alleged cooperation with the NSA. Both companies have their European headquarters in Luxembourg.

Two complaints filed by privacy campaign group Europe-v-Facebook were based on a Guardian newspaper report, which in turn was based on files provided by former NSA contractor Edward Snowden. According to the report, Microsoft and Skype collaborated closely with U.S. intelligence services to allow them to intercept communications.

The group wanted to stop the export of European users' personal data to the U.S.

Transferring data to the U.S. and enabling mass access by a foreign intelligence agency violates E.U. law, because export of data is only allowed if an adequate level or protection in a non-E.U. nation, according to the group.

The CNPD, however, found no data-protection violations. "The fact finding operations conducted since July 2013 and the subsequent detailed analysis did not bring to light any element that the two Luxembourg-based companies have granted the U.S. National Security Agency mass access to customer data," the CNPD said in an emailed news release.

"Furthermore, the transfer of certain personal data to affiliate companies in the U.S., as laid down in the privacy statements of both companies, appear to take place lawfully under the rules" of the Safe Harbor agreement, the CNPD said, adding that it therefore did not find any violation of Luxembourg data protection legislation.

The Safe Harbor framework is an agreement between the U.S. Department of Commerce and the European Commission to allow E.U. companies to exchange personal information with U.S. organizations. Such a regulation is needed because the E.U's data protection directive prohibits the transfer of personal to countries that do not meet E.U. standards for data protection.

"Our complaint is another example that shows perfectly that nothing happens, even if European companies are handing over Europeans' data to the NSA," said Europe-v-Facebook in a news release. The group called on the European Commission to amend the Safe Harbor agreement in a way that formally calcifies that transfer of data is illegal if there is probable cause that U.S. companies are forwarding Europeans' data to the NSA.

The Luxembourg decision is in line with a July decision of the Irish Office of the Data Protection Commissioner (ODPC) that found that the exchange of personal data of the Irish subsidiaries of Facebook and Apple with the U.S. is in line with safe harbor principles and that an investigation was not needed. The decision was made after Europe-v-Facebook filed similar complaints against these companies.

On request of the group, the decision to not investigate will be reviewed by the Irish High Court.

A similar complaint was also filed against Yahoo in Germany. The German Federal Commissioner for Data Protection expects to finish its inquiry into the complaint in December. The outcome of that investigation could be different. The German Conference of Data Protection Commissioners has asked the European Commission in July to suspend the Safe Harbor agreements and review whether U.S. companies can still comply with them.

The Commission is currently working on an assessment of the Safe Harbor Agreement that will be presented before the end of the year.

Loek is Amsterdam Correspondent and covers online privacy, intellectual property, open-source and online payment issues for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags skypeMicrosoftsecuritylegalprivacy

Featured

Slideshows

Sizing up the NZ security spectrum - Where's the channel sweet spot?

Sizing up the NZ security spectrum - Where's the channel sweet spot?

From new extortion schemes, outside threats and rising cyber attacks, the art of securing the enterprise has seldom been so complex or challenging. With distance no longer a viable defence, Kiwi businesses are fighting to stay ahead of the security curve. In total, 28 per cent of local businesses faced a cyber attack last year, with the number in New Zealand set to rise in 2017. Yet amidst the sensationalism, media headlines and ongoing high profile breaches, confusion floods the channel, as partners seek strategic methods to combat rising sophistication from attackers. In sizing up the security spectrum, this Reseller News roundtable - in association with F5 Networks, Kaspersky Lab, Tech Data, Sophos and SonicWall - assessed where the channel sweet spot is within the New Zealand channel. Photos by Maria Stefina.

Sizing up the NZ security spectrum - Where's the channel sweet spot?
Kiwi channel comes together for another round of After Hours

Kiwi channel comes together for another round of After Hours

The channel came together for another round of After Hours, with a bumper crowd of distributors, vendors and partners descending on The Jefferson in Auckland. Photos by Maria Stefina.​

Kiwi channel comes together for another round of After Hours
Consegna comes to town with AWS cloud offerings launch in Auckland

Consegna comes to town with AWS cloud offerings launch in Auckland

Emerging start-up Consegna has officially launched its cloud offerings in the New Zealand market, through a kick-off event held at Seafarers Building in Auckland.​ Founded in June 2016, the Auckland-based business is backed by AWS and supported by a global team of cloud specialists, leveraging global managed services partnerships with Rackspace locally.

Consegna comes to town with AWS cloud offerings launch in Auckland
Show Comments