Parliament violated the rules that it helped to develop.
(Photo: dpa)
Brussels Data of European citizens cannot simply be stored in the USA. This is stated in a ruling by the European Court of Justice (ECJ) from the summer of 2020. However, many companies violate this requirement on a daily basis, as does the European Parliament.
Parliament had installed cookies from Google Analytics and the payment service provider Stripe on its website. Both store user data in the USA. Google Analytics helps website operators worldwide to count and evaluate visits.
At the request of parliamentarians, European Data Protection Supervisor Wojciech Wiewiorowski examined the cookies and came to the conclusion that they should not have been used. He issued an injunction.
For companies, the decision contains a clear indication that they too will soon have to stop using Google Analytics. Corresponding complaints have been lodged with the EU data protection officer against 101 companies. It is still unclear what penalties the companies will face.
Top jobs of the day
Find the best jobs now and
be notified by email.
The data protection officer made it clear that “American providers are no longer allowed to simply place cookies on European websites in order to suck up data unhindered,” said the Green MP Alexandra Geese.
Both the complaints against the companies and the complaint against parliament were submitted by the Noyb organization run by data protection activist Max Schrems. He expected the decisions on the companies in the next few months, said Schrems.
The EU Parliament has formally violated a data protection law that only applies to EU institutions. However, the decision can be transferred to the General Data Protection Regulation (GDPR), which applies to companies.
EU Commission wants data to be transferred to the USA
The regulations are intended to prevent American secret services from intruding into the privacy of European citizens. “There was no adequate protection against US surveillance, although European politicians are known to be the target of surveillance,” Schrems said.
The EU Commission is working on a regulation on the basis of which it will be possible to transfer data to the USA again. It remains to be seen whether she will find a solution for this. The ECJ has already nullified two corresponding agreements with the USA because they were unable to ensure data protection.
The European Parliament had made other mistakes on its website, according to Noyb. The cookie banners with which users consent to the processing of their data were unclear and misleading.
Not all cookies were listed and different statements were made in different languages. During the investigation, the European Parliament removed all cookies from the relevant website.
More: EU Justice Commissioner promises more legal security for data transfers to the USA