Austrian privacy advocacy group Noybaid, led by Max Schrems it
had taken its case to the European Data Protection Supervisor (EDPS)
on behalf of six European Union lawmakers.
Schrems, an Austrian and prominent figure in Europe's digital
rights movement against intrusive data-gathering by Silicon
Valley tech giants, pursued two cases against Facebook, winning
landmark judgments that forced the social network to change how
it handles user data in Europe.
The complaint said that EU lawmakers, on accessing the virus
test site, discovered that it had sent over 150 third-party
requests, including requests to U.S.-based companies Google and
Stripe, in breach of an EU court judgment in July last year.
A number of these third-party requests were for user data in
targeted advertising and to enable software to function
"The main issues raised are the deceptive cookies banners of an
internal corona testing website, the vague and unclear data
protection notice, and the illegal transfer of data to the
U.S.," Noybaid said in a statement.
Cookies are used by companies to track online browsing behaviour,
key to online advertising.
Schrems said the EU parliament should have known better.
"Public authorities, and in particular the EU institutions, have
to lead by example to comply with the law. This is also true
when it comes to transfers of data outside of the EU. By using
U.S. providers, the European Parliament enabled U.S. authorities
to access data of its staff and its members."
EDPS confirmed receipt of the complaint. The European Parliament
did not immediately respond to a request for comment.
(Reporting by Foo Yun Chee; Editing by Mark Heinrich)
[© 2021 Thomson Reuters. All rights
Copyright 2021 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content.