Campaign group Europe v Facebook has criticised the decision by Luxembourg’s data protection authorities to clear Microsoft and its Skype division of privacy violations.
In October, Luxembourg's National Commission for Data Protection (CNPD) ordered an investigation of the firms’ involvement in the US National Security Agency’s Prism internet surveillance programme.
The investigation led to speculation that the Luxembourg-headquartered internet-calling service could face criminal and administrative sanctions for passing on users’ communications to the NSA.
The probe was launched after the CNPD received a complaint from a private individual concerned that their fundamental right to the protection of personal data had been violated.
The complaint came after reports based on documents leaked by whistleblower Edward Snowden claimed that Skype had supplied the NSA with content from calls as well as other details.
But, according to a statement released by the CNPD, the probe found that the companies did not provide widespread data access to the NSA.
The investigation also found that the transfer of some data to affiliate companies in the US “appears to take place lawfully” under the safe harbor agreement.
Max Schrems of Europe v Facebook said in a document on the campaign’s website that "Safe Harbor" decision allows for data use for purposes of law enforcement and national security, but the NSA does much more than that.
“In addition the European Commission has recently said that Prism would not be covered by the 'Safe Harbor’, so it seems like the authorities in Brussels and Luxemburg are not in line,” he said.
“If Prism would be allowed under the 'Safe Harbor' decision there is no doubt that the decision would be illegal. So overall we can’t really understand the response,” said Schrems.
Europe v Facebook said the CNPD investigation once again demonstrates that there are no real consequences from the NSA scandal.
"We are making fools of ourselves internationally if we are not taking any action. Our politicians are sending a couple of angry letters, but when it comes to factual consequences we see no action,” said Schrems.
The European Commission recently announced that it is conducting a review of the controversial "Safe Harbor" decision to examine whether it still meets European standards after the Prism revelations.
"There is an urgent need that the European Commission amends the "Safe Harbor" decision accordingly or at least formally calcifies that transfer of data is illegal if there is probable cause that US companies are forwarding Europeans’ data to the NSA,” said Schrems.
More on Prism
Compliance: The Edward Snowden, NSA program controversy continues