Companies that allow U.S. spy agencies to gain access to data on European Union citizens may violate European law, EU data-protection regulators said today.
Enforcement action “should not be excluded” where companies have “willingly and knowingly cooperated with intelligence services to give them access to their data,” said the privacy authorities from 28 EU countries in a legal opinion posted on an EU website today. Firms that fail to protect information may also break the law, the watchdogs said.
“Companies need to be aware that they may be acting in breach of European law if intelligence services of third countries gain access to the data of European citizens stored on their servers or comply with an order to hand over personal data on a large scale,” the authorities said.
Documents leaked by former National Security Agency contractor Edward Snowden showed that U.S. spies hacked into fiber optic cables to steal information from Google Inc. and Yahoo! Inc. Snowden’s revelations that the U.S. also snooped on conversations of EU leaders caused a clamor for agreements to halt eavesdropping and increase data-protection measures.
Surveillance programs run by member states won’t be subject to EU law since they are exempted on national-security grounds.