According to a ruling from Luxembourg, companies like Microsoft Corp. (NASDAQ:MSFT) and its Skype service are not in violation of privacy laws by sending data from Europe to intelligence agencies in the United States, GigaOM reports.
Controversy has recently erupted over the intelligence-gathering operations of the American government, particularly regarding the National Security Agency and the top-secret PRISM project, by which massive amounts of information were covertly collected about American and international citizens.
After being brought to light by former NSA contractor Edward Snowden, many have compared the security agency’s surveillance programs to the secret police programs of dictatorships, calling for the dismantlement of such efforts and questioning how they were ever considered legal in the first place. The problem is that the programs often fall into the legal grey area that makes it difficult to pinpoint them as being strictly against U.S. law.
The situation is even more complicated when international laws are considered. Though PRISM would, technically speaking, be difficult to justify under the laws of many European nations in its current form, there is a difference between running the project and cooperating with the project, GigaOM reports.
For a company operating over the Internet, it may have little choice but to hand over information to the NSA; some groups may not have even known that the NSA was using their services to aid in surveillance schemes.
These are exactly the points that a Luxembourg official made to hold that businesses like Microsoft cannot be held responsible and sued under European Union law. In a decision that mirrored the result of a case in Ireland last month, Luxembourg held that the transfer of data to the U.S. by companies, despite being collected in Europe or about Europeans, could not be declared illegal.
The chief instigators of the case belong to a privacy group known as Europe v Facebook, according to GigaOM. The group, which has won the right to appeal the Irish ruling, has expressed dismay at the latest results in Luxembourg. A group official claimed that the ruling makes no sense, saying that “it seems like the authorities in Brussels and Luxembourg are not in line.”
The privacy group has built its case on the so-called Safe Harbor law, which provides limits on intelligence gathering that can occur with regards to the European people. Though the law has led to a protection of privacy rights across the continent, it is clear that it has not been completely effective on the international stage.