EU privacy watchdog is investigating the European Parliament’s COVID-19 testing website for its staff after a privacy activist filed a complaint on concerns that the site could be transferring data illegally to the United States.
The Austrian privacy advocacy group Noyb, led by Max Schrems, took its case to the European Data Protection Supervisor (EDPS) on behalf of six European Union lawmakers.
Read the latest updates in updates in our dedicated coronavirus section.
Schrems, an Austrian and prominent figure in Europe’s digital rights movement against intrusive data-gathering by Silicon Valley tech giants, pursued two cases against Facebook , winning landmark judgments that forced the social network to change how it handles user data in Europe.
EDPS said it had already begun an investigation following a complaint by some EU lawmakers in October last year
“We received today additional information of direct relevance to this complaint that will be examined thoroughly,” said a spokesman for the EU body, which has oversight of privacy issues related to EU institutions.
The complaint said that EU lawmakers, on accessing the virus test site, discovered that it had sent over 150 third-party requests, including requests to US-based companies Google and Stripe, in breach of an EU court judgment in July last year.
A number of these third-party requests were for user data in targeted advertising and to enable software to function smoothly.
“The main issues raised are the deceptive cookies banners of an internal corona testing website, the vague and unclear data protection notice, and the illegal transfer of data to the US,” Noyb said in a statement.
Cookies are used by companies to track online browsing behavior, key to online advertising.
Schrems said the EU parliament should have known better.
For all the latest headlines, follow our Google News channel online or via the app.
“Public authorities, and in particular the EU institutions, have to lead by example to comply with the law. This is also true when it comes to transfers of data outside of the EU. By using US providers, the European Parliament enabled US authorities to access data of its staff and its members.”
The European Parliament did not immediately respond to a request for comment.