NOYB Files Complaints Over European Parliament Data Breach
The Austrian privacy advocacy group, NOYB, has lodged two complaints with the European Data Protection Board (EDPB) against the European Parliament. These complaints, announced on Thursday, focus on the Parliament’s inadequate protection of personal data following a significant data breach.
Details of the Data Breach
The breach occurred on the Parliament’s recruitment platform, compromising the personal data of over 8,000 staff members. The exposed information includes sensitive documents such as passports, criminal records, and marriage certificates. NOYB, led by privacy activist Max Schrems, has taken legal action on behalf of four employees affected by the breach.
Although the Parliament notified its staff about the breach in May, NOYB raised concerns that the breach was discovered months after it had occurred. The Parliament still does not know the cause of the breach, which is concerning given the series of cybersecurity issues that have plagued EU institutions over the past year.
NOYB’s Concerns and Legal Action
Lorea Mendiguren, a data protection lawyer with the Austrian privacy advocacy group, emphasised the Parliament’s duty to maintain robust security measures, particularly as its employees may be targeted by malicious actors. NOYB argues that the Parliament’s response fails to meet the standards set by the European General Data Protection Regulation (GDPR). As a result, NOYB is urging the EDPB to enforce compliance and consider levying a fine.
The European Parliament has yet to respond to the complaints.