European Commission sued for violating data protection laws it created

By Vilius Petkauskas, Cyber News

A German citizen is suing the European Commission for transferring citizens’ data from one of the Commission’s websites to the United States.

In a twist of irony, the executive branch of the European Union (EU), the European Commission (EC), is being sued for violating the personal data protection laws it created.

According to Europäische Gesellschaft für Datenschutz (EuGD), a Germany-based organization supporting consumers in the enforcement of legal claims over breaches of the General Data Protection Regulation (GDPR), a German consumer believes his right to the protection of personal data was violated.

While the GDPR does not apply to European institutions directly, they have to follow a similar law that closely resembles the restrictive nature of the GDPR. Both sets of legislation were created with the help of the Commission.

“When calling up the website […] and registering for an event offered there, the US cloud service in its function as web host automatically transferred personal information such as the IP address to a so-called unsafe third country without an adequate level of data protection, where it was also processed at least in part,” reads the EuGD’s press release.

EuGD claims that the website for the Conference of the Future of Europe is hosted by Amazon Web Services (AWS), which means that anyone registering for the event transfers their IP address to the United States.

However, data transfers from the EU to the US were deemed illegal by the Court of Justice of the EU (CJEU) in the Schrems II ruling. The court decided that US data protection laws are inadequate, allowing the American authorities to access EU citizen data with little judicial supervision.

The lawsuit also states the Commission-owned website integrates the Facebook login service. Ireland’s data privacy regulator is investigating whether Meta-owned Facebook and Instagram transfer EU citizen data to the States according to European regulations.

According to Thomas Bindl, the founder of EuGD, the lawsuit against the Commission is a signal for data protection in Europe, showing that everyone must adhere to the rules.

“Even if a ruling by the General court would not provide any direct guidelines for the jurisprudence in Germany, Spain or other countries, we see great significance in it. It would be a clear sign that everyone must adhere to the data protection requirements,“ Bindl said.


Comments

Post a Comment

Popular posts from this blog

Why remote desktop tools are facing an onslaught of cyber threats

Image
By Solomon Klappholz, IT Pro Hackers are increasingly targeting remote desktop tools in their attacks, new research reveals, prompting warnings for enterprises globally In the era of hybrid work, remote desktop tools have become vital business enablers, but due to their pervasiveness on corporate networks they have become a popular entry point for cyber criminals. If successfully exploited, remote access tools can provide hackers with a direct pathway into a system or network, and once access is gained attackers can move laterally within the network, escalating privileges and maintaining persistence. In an investigation into which remote desktop tools are targeted the most, Jonathan Tanner, senior security researcher at Barracuda Networks, explained that remote desktop software poses a particular challenge to IT teams to secure. “Among the security challenges facing IT teams implementing remote desktop software is that there are many different tools available, each using different and ...
Read more

Ransomware gang starts leaking alleged stolen Change Healthcare data

Image
By Lawrence Abrams,  Bleeping Computer The RansomHub extortion gang has begun leaking what they claim is corporate and patient data stolen from United Health subsidiary Change Healthcare in what has been a long and convoluted extortion process for the company. In February, Change Healthcare suffered a cyberattack that caused massive disruption to the US healthcare system , preventing pharmacies and doctors from billing or sending claims to insurance companies. The attack was ultimately linked to the BlackCat / ALPHV ransomware operation, who later said they stole 6 TB of data during the attack . After facing increased pressure from law enforcement, the BlackCat gang shut down their operation . This occurred amid claims they were pulling an exit scam by stealing a $22 million Change Healthcare ransom payment from the affiliate who conducted the attack. While Change Healthcare has declined to comment on whether it has paid a ransom, the affiliate known as "Notchy" said they ...
Read more

Notepad++ wants your help in "parasite website" shutdown

Image
By Ax Sharma,  Bleeping Computer The Notepad++ project is seeking the public's help in taking down a copycat website that closely impersonates Notepad++ but is not affiliated with the project. Although, at the time of writing, the lookalike website takes visitors to the official Notepad++ downloads page, there is some concern that it could pose security threats—for example, if it starts pushing malicious releases or spam someday either deliberately or as a result of a hijack. The lookalike website appears prominently in search results
Read more