Major U.S. tech companies, Apple and Facebook among them, have denied granting the National Security Agency direct access to their servers, but one prominent advocacy group in Europe is not taking their word for it.
Student-led campaign Europe v. Facebook filed complaints against several tech giants under European Union data protection laws. Targeting the companies' European subsidiaries, the legal complaints allege that the companies have cooperated with the NSA in the agency's broad surveillance program, code-named PRISM.
The complaints challenge whether the subsidiaries violated data protection laws by exporting data to their U.S.-based parent companies, which may have been monitored by the NSA. As a statement posted on the group's website explains:
If a European subsidiary sends user data to the American parent company, this is considered an “export” of personal data. Under EU law, an export of data is only allowed if the European subsidiary can ensure an “adequate level or protection” in the foreign country. After the recent disclosures on the “PRISM” program such trust in an “adequate level of protection” by the involved companies can hardly be upheld.
EvF also seeks to shed light on whether European companies are legally allowed to hand over personal user data to foreign intelligence agencies. If this "mass transfer" is indeed permitted under EU protection laws, then EvF founder and spokesman Max Schrems suggests that a change in the law is needed, according to the statement.
With the assistance of fellow law students in Austria, Schrems created Europe-v-Facebook.org in 2011. At the time, Schrems used the site to post complaints the group filed against Facebook over how the social network stores user data -- a process Schrems took issue with after he realized Facebook stored all data, including the posts he had deleted.
Schrems successfully challenged Facebook in Ireland, which led to the company announcing last autumn that it would delete its European facial recognition data. In December, EvF said that it would take Facebook's privacy policies to court.
"We have been pursing this for more than a year with Facebook, but the company has done only about 10 percent of what we had asked them to do,” Schrems told The New York Times.
In EvF's latest efforts targeting NSA collaborators, the advocacy group had also planned to confront Google and YouTube, but was unable to lodge complaints against the two under EU data protection laws since the companies do not directly use subsidiaries for operations in Europe. However, EvF says it will seek alternative methods to challenge Google and YouTube in the next round of filings.
Facebook declined to comment for this story. Representatives for Apple, Microsoft and Yahoo were not immediately available.