- NOYB alleges that the European Parliament failed to protect employee personal data adequately, violating GDPR.
- The organisation calls for enforcement from the European Data Protection Supervisor following repeated cybersecurity issues within EU institutions.
OUR TAKE
This incident is a major breach in data protection measures at key EU institutions. The potential exposure of sensitive employee information raises concerns about the effectiveness of current cybersecurity protocols. It is clear that the European Parliament must quickly address these gaps to restore trust and comply with the GDPR.
–Lily,Yang, BTW reporter
What happened
Austrian advocacy group NOYB has filed two complaints against the European Parliament with the EU privacy body. The group, led by privacy activist Max Schrems, claims that Parliament failed to adequately protect employees’ personal data after a breach on its recruitment platform exposed sensitive information of more than 8,000 staff members.
It is worrying that the breach was reported to staff in May, but the cause was apparently still unknown months later. NOYB data protection lawyer Lorea Mendiguren said EU institutions have repeatedly experienced cybersecurity incidents in the past year. Given that parliamentary employees are likely to be targeted by criminals, Parliament has an obligation to ensure that appropriate security measures are in place.
NOYB stressed that Parliament must comply with the GDPR and urged European data protection supervisors to take enforcement action, including possible fines, in response to repeated cybersecurity failures.
Also read: EU approves law to boost domestic green tech production
Also read: Google and Australia team up for cybersecurity boost
Why it’s important
This news highlights the ongoing challenges of data protection within EU institutions, and also affects the trust of employees and the public in EU institutions. The exposure of large-scale data breaches like this involving highly sensitive personal information always raises concerns and fears about the adequacy of existing security measures of institutions and even countries.
Such reports have a developmental role in increasing accountability and transparency in personal privacy data protection. By exposing this news, people can realise the importance of strict compliance with GDPR regulations.
This news may lead to the European Parliament to strengthen its scrutiny and reform of data security practices. The EDPS, the regulator responsible for overseeing privacy compliance of EU institutions, may face rectification.
