You are currently viewing German lawsuit accuses Amazon of breaking EU privacy law
German lawsuit accuses Amazon of breaking EU privacy law

German lawsuit accuses Amazon of breaking EU privacy law

The lawsuit takes issue with Amazon’s transatlantic data transfers

Amazon faces a lawsuit in Germany over claims it has continued to transfer data to the United States using an invalidated transfer mechanism known as Privacy Shield.

The move comes after the EU’s top court struck down Privacy Shield in July over fears of U.S. snooping, throwing billions of euros in transatlantic digital trade into a legal limbo.

According to the lawsuit, which is due to be filed in a Munich court on Friday, Amazon continues to use Privacy Shield as a legal basis to send data to the U.S. in violation of the July ruling.

“The [Court of Justice of the European Union] has made it clear that data transfers to the U.S. on the basis of the Privacy Shield are no longer permitted. If the world’s leading cloud company and largest e-commerce provider remains inactive for more than two months and ignores consumer rights, that is unacceptable,” said Johann Hermann, head of Europäische Gesellschaft für Datenschutz (EuGD), the group behind the legal complaint.

Other U.S. tech giants, including Google and Facebook, have dropped the use of the Privacy Shield since the ruling, switching instead to standard contractual clauses (SCCs) — another data transfer instrument.

But use of SCCs is also contentious, with Facebook currently in a court battle with the Irish data protection regulator over its use of the instrument.

EuGD’s lawsuit — which is on behalf of a German consumer — also takes issue with Amazon’s failure to tell the individual what data it holds on them and what it does with the information, in violation of EU rules.

The German group’s founder, Thomas Bindl, said that they had decided to take the legal route rather than file a complaint with a data protection regulator to speed up the process.

“Max Schrems’ experience showed us that it just takes too long with the regulator,” said Bindl, referring to Austrian campaigner Schrems’ battle with the Irish data protection commission over the slow pace of various complaints into Big Tech.

Bindl is not alone. With regulators faltering, privacy activists and consumer groups are increasingly turning to Europe’s court system for results. 

Original article: POLITICO