What Happened:

Noyb (European Center for Digital Rights) has filed two complaints with the European Data Protection Supervisor (EDPS) against the European Parliament. The complaints focus on a massive data breach in the Parliament’s recruitment platform, “PEOPLE,” and its failure to comply with GDPR standards.

The complaints highlight the Parliament’s mishandling of sensitive personal data, including ID cards, passports, and marriage certificates, which were exposed during the breach. They also criticize the Parliament for retaining this data longer than necessary, contrary to GDPR’s data minimization and retention requirements.

The breach, which was only discovered in May 2024, compromised the personal information of over 8,000 staff members. Despite discovering the breach months after it occurred, the Parliament still does not know the exact cause, raising further concerns about its cybersecurity measures.

Why it matters:

Even the highest EU institutions are not immune to data breaches, raising concerns about the security of data in critical public sectors.

This case serves as a critical reminder that even institutions responsible for enacting data protection laws must rigorously adhere to those standards to safeguard trust and privacy.

See the first complaint here.
See the second complaint here.

Related Resources:

What Happened: Noyb (European Center for Digital Rights) has filed two complaints with the European Data Protection Supervisor (EDPS) against the European Parliament. The complaints focus on a massive data breach in the Parliament’s recruitment platform, “PEOPLE,” and its failure to comply with GDPR standards. The complaints highlight the Parliament’s mishandling of sensitive personal data, […]

Tags: news