According to the latest news, the European Parliament is being investigated by the European Data Protection Supervisor after allegations that its COVID testing website did not meet EU privacy standards.
As per reports, six members of the European Parliament have worked with Noyb data watchdog group to bring the complaint. They allege that the site illegally sent data to the US. The report further claims the website cookie banners were deceptive.
Note that, the website was set up to help members of the European Parliaments schedule COVID tests. Technically, it did not handle any health information itself but still, sending data to the US for processing is totally unacceptable and illegal.
As per the complaint, the website made over 150 requests to third parties including the likes of Google and Stripe. Under European Union law, data can only be transferred to the US if “an adequate level of protection for the personal data [can] be ensured.”
Noyb argues that the companies “clearly fall under relevant US surveillance laws that allow [targeting of] EU citizens.” The complaint further alleges that the cookie banners on the site did not disclose all of the cookies that would be stored on the user’s computer. The banners prodded users toward the “Accept All” button.
Back in October, Reuters reported that the European Data Protection Supervisor has started investigating the site following complaints from members of the European Parliaments. A spokesperson said that the information from Noyb was “of direct relevance to this complaint [and would] be examined thoroughly.”
Frankly, EU’s privacy laws are sometimes hard for web developers to grasp. Thankfully, most web developers do not come under the direction of the lawmakers themselves as site creation was contracted out to a third party company.
Noyb’s chairman, Max Schrems said to Reuters that EU institutions like the parliament “have to lead by example”.