Privacy complaint targets European parliament’s COVID-19 test-booking site – TechCrunch

by Emma

The European Parliament is being investigated by the EU’s lead data regulator over a complaint that a website is set up for MEPs to book coronavirus tests may have violated data protection laws.

The complaint, filed by six MEPs and supported by the privacy campaign group noyb, alleges third-party trackers were dropped without proper consent and those cookie banners presented to visitors were confusing and deceptively designed.

Privacy complaint targets European parliament’s COVID-19 test-booking site – TechCrunch

It also alleges personal data was transferred to the US without a valid legal basis, referring to a landmark legal ruling by Europe’s top court last summer (aka Schrems II). The European Data Protection Supervisor (EDPS), which oversees EU institutions’ compliance with data rules, confirmed receipt of the complaint and said it has begun investigating. It also said the “litigious cookies” had been disabled following the protests, adding that the parliament told it no user data had in fact been transferred outside the EU.

“A complaint was indeed filed by some MEPs about the European Parliament’s coronavirus testing website; the EDPS has started investigating it by Article 57(1)(e) EUDPR (GDPR for EU institutions),” an EDPS spokesman told TechCrunch. “Following this complaint, the Data Protection Officer of the European Parliament informed the EDPS that the litigious cookies were now disabled on the website and confirmed that no user data was sent to outside the European Union.”

“The EDPS is currently assessing this website to ensure compliance with EUDPR requirements. EDPS findings will be communicated to the controller and complainants in due course,” it added.

MEP, Alexandra Geese of Germany’s Greens, filed an initial complaint with the EDPS on behalf of other parliamentarians.

Two of the MEPs that have joined the complaint and are making their names public are Patrick Breyer and Mikuláš Peksa — both members of the Pirate Party, in Germany and the Czech Republic respectively.

We’ve reached out to the European Parliament and its company to supply the testing website for comment.

The complaint is noteworthy for a couple of reasons. Firstly, the allegations of a failure to uphold regional data protection rules look pretty embarrassing for an EU institution. Data protection may also feel especially important for “politically exposed persons like Members and staff of the European Parliament”, as noyb puts it.

Related Posts

Leave a Comment