UCD have been accused of breaching EU data protection laws. As reported by the Times on Thursday, UCD, alongside other huge organizations such as RTE, AIB and Airbnb are sending data to the US in a way that “contravenes an EU court order”. The allegation has been filed by prominent digital privacy activist Max Schrems.
The allegation by Schrems states that these companies and many others still use Google Analytics and Facebook Connect which are tools that collect data on people who visit websites. This data is then sent from the EU to the US for processing via the Privacy Shield method of transfer. According to Schrems, RTE and AIB still use Facebook Connect while UCD is using Google Analytics.
Earlier this summer, the European Court outlawed the so called “Privacy Shield” method which was found facilitating the transfer of data from EU nations to the US, and permits the US intelligence services to access such data for national security reasons. This ruling came after a long running legal case raised by Schrems against Facebook.
The major problem here is the difference in data protection between the United States and the European Union. In the US, companies can provide some data to the state for surveillance if needed while the latter in compliance with GDPR laws forbids companies from sharing citizens’ data without permission.
Data Protection in the European Union has seen a lot of attention from citizens and the government since the General Data Protection Regulation (GDPR) was introduced in 2018. GDPR was created to monitor companies and how they handle information. According to the EU, GDPR was designed to “harmonise” data privacy laws across all of its member countries as well as providing greater protection and rights to individuals. In just two years, 275,000 complaints over data protection breaches were lodged by individuals to national data protection authorities.
Failure to comply with EU data protection laws can lead to serious consequences. According to GDPR, violators may face fines up to €20 million or 4 percent of their global annual turnover. UCD have an annual turnover is €520 million, 4% of which is €21 million. The repercussions of this case could therefore be financially severe for the University. Additionally, there is the possibility of owing further compensation to the damaged parties – this happened recently in Italy where 5 companies were fined over €11 million for violating GDPR laws.
We reached out to UCD and Max Schrems for a comment on the issue, but they have not responded by the time of publishing.
Ahmed Jouda – Reporter