Transparency and data access-related issues led to the investigation into the European Parliament’s COVID-19 testing website.
The European Data Protection Supervisor (EDPS) has sanctioned the European Parliament for a series of breaches of the bloc’s data protection rules. At the centre of the investigation is Ecolog, a third-party provider used in the EU Parliament’s COVID-10 test booking websites.
The third-party provider invited complaints regarding confusing cookie banners, third-party trackers and other compliance issues, eventually leading to an EDPS investigation. The investigation revealed that the site was dropping cookies associated with Google Analytics and Stripe. The site’s cookie consent notice also did not provide accurate information to visitors or offer clear choices to reject third-party tracking.
The investigation revealed that the Parliament had not applied extra measures to safeguard EU-US data transfers. While the Parliament has avoided a financial penalty, the sanction comes as a warning to others in the region against carelessness regarding personal data flows.
[9 minute read]