NewsletterNewslettersEventsEventsPodcasts
Loader
Latest
Trending
Latest stories
Europe
Categories
Programmes
Featured
World
Categories
Programmes
Featured
EU Policy
Business
Categories
Programmes
Featured
Euroviews
Next
Categories
Programmes
Featured
Green
Categories
Programmes
Featured
Health
Categories
Programmes
Culture
Categories
Programmes
Travel
Categories
Programmes
Videos
More
Special coverage
Partner content
Services
NewsletterNewslettersEventsEventsPodcasts
Loader
Find Us
ADVERTISEMENT

European Parliament under scrutiny after data breach complaints

Event Illuminations : EP building and a computer.
Event Illuminations : EP building and a computer. Copyright © European Union 2024 - Source : EP & howtostartablogonline.net. Modified by Euronews
Copyright © European Union 2024 - Source : EP & howtostartablogonline.net. Modified by Euronews
By Romane Armangau
Published on
Share this articleComments
Share this articleClose Button

Austrian privacy group filed complaints following a data breach in the European Parliament.

ADVERTISEMENT

Privacy advocacy group NOYB has lodged two complaints with the European Data Protection Supervisor (EDPS) alleging violations of the General Data Protection Regulation (GDPR) by the European Parliament after sensitive data related to Parliamentary job applicants was compromised in early 2024, the group announced today (22 August). 

The NGO highlights in its complaints the mishandling of information that ultimately led to the breach, as well as the Parliament's refusal to delete data after a formal request was made by a complainant. 

The breach, which was revealed in May involved around 8,000 candidates for temporary positions - including parliamentary assistants and contractual agents - that used 'PEOPLE', an external application under the control of the institution’s human resources service. 

NOYB claims that the compromised sensitive data includes “ID cards and passports, criminal record extracts, residence documents, and even sensitive information such as marriage certificates that reveal a person’s sexual orientation.” They further allege that “every single document” processed by PEOPLE was affected. 

It is still unclear when exactly the breach occurred, but an internal investigation by the Parliament which concluded in April suggested that data has been compromised for a few months. Victims of the breach were notified in May.  

As of today, the origin of the breach remains unidentified. 

Lorea Mendiguren, a data protection lawyer at NOYB, noted that the breach comes after a series of cybersecurity incidents in EU institutions over the past year. "The Parliament has an obligation to ensure proper security measures, given that its employees are likely targets for bad actors," she added. 

Now that the case has been handed to the EDPS – a regulator overseeing the privacy compliance of EU institutions - an investigation will be conducted to determine whether the Parliament's handling of data is an infringement of the GDPR. If necessary, corrective measures could be imposed, such as a ban on processing operations or suspension of data flows. 

In the case of a significant violation, the case could be referred to the Court of Justice of the European Union. 

Share this articleComments

You might also like

European Parliament Data protection Privacy EU Policy