Austrian privacy campaigner Max Schrems has brought a complaint against 101 European companies for breach of EU rules on data protection and consumer information.
Included in the list are four Belgian websites: Bpost, publishers Roularta and IPM, and travel agents Wamos Benelux, owners of Neckermann.
Schrems made his name with a victory in the European Court of Justice in Luxembourg in July, when the court overturned an agreement between the EU and the United States under which the EU would consider any transfer of the personal data of internet users to be legitimate and in line with the laws on both sides of the Atlantic.
According to the Court, the so-called privacy shield agreement did not offer European users the legal protection they would expect in Europe. It did not, for example, prevent personal data being open to police and intelligence services.
As a result of winning his case, Schrems then sat down and examined the websites of hundreds of European companies, and found 101 which still contain code allowing data to be sent to the US, to companies like Google and Facebook, in breach of the July ruling.
He is now in the process of filing complaints with the data protection authorities of the countries concerned. The Luxembourg case concerned Google, which has servers in Ireland, and Schrems brought his case originally in the Irish courts after the country’s data protection authority failed to act.
That threat now hangs over the heads of data protection authorities, including Belgium’s, unless they take action to implement the Luxembourg court’s judgement where required.
Schrems’ organisation, noyb, has published a full list of the 101 companies on its website. They include Decathlon in France, the French Huffington Post, Airbnb, the university of Luxembourg and Allied Irish Banks.