Tech

Huawei data flows under fire in German court case

A little-noticed case at the German court in Düsseldorf could spell trouble for Huaweis global operations.

The Chinese telecoms giant has been under fire from Western security officials for more than a year over concerns that it poses a cybersecurity threat to Europe and the United States.

But a court case filed by one of Huaweis former managers at its European headquarters in Düsseldorf takes aim at another pitfall for the company: Its respect of European privacy rules.

Specifically, it opens up questions about whether Huawei is putting data at risk of slipping into the hands of Chinese state surveillance and intelligence operations. It also raises questions about whether Europe will sharpen its tone with China on sensitive data privacy matters — after years of focusing its ire on Silicon Valleys giants and U.S. state surveillance.

A judge ruled March 5 that Huawei was in breach of European privacy law when it failed to comply with the former managers request to view the data the company had kept on him.

“I simply asked them to tell me what data they had, what they had deleted, when they had deleted it and what data they still had on file,” — a former Huawei manager

The labor court ruled that Huawei has to provide the categories of data it had kept on him in the past and the purposes for which it had kept the data. The firm also failed to respect mandatory deadlines to respond to the request, the judge found, slapping it with a minor fee of €5,000.

“I simply asked them to tell me what data they had, what they had deleted, when they had deleted it and what data they still had on file,” the former manager told POLITICO.

But Huawei in the proceedings said they could not give him the requested information because they had deleted it.

“Its a joke,” the former manager said.

The plaintiff spoke to POLITICO on condition that he would not be named, citing concerns for the safety of his family and himself. But he agreed to be identified as a man in his sixties who worked for Huawei in a managerial position from the early 2010s until 2018.

The former manager left the company in 2018 against his will. “This is also why I went to court,” he said, adding he also filed an earlier legal challenge claiming harassment by his former employer and saying the company pushed him out of his job in a case of age discrimination.

Huawei declined several requests to comment on the court case and on how it manages its data, citing the case is ongoing.

When the EUs General Data Protection Regulation kicked in May 2018, the former manager immediately triggered a data subject request, a new right under the law that allows employees to ask a company to disclose and delete the data it holds on them.

“Since this was a Chinese company, Id better know what they had done with my data,” he said.

When Huawei did not respond to the request, he filed a lawsuit in November 2018 to pressure it to release the information.

In court, the Chinese firm argued it had deleted most of the data it kept on the former manager.

The former manager has since lodged an appeal to that decision because he is seeking financial compensation and wants more detail on how Huawei handled his data.

“I want to get the information about what happened with my data,” he said.

Both parties are now preparing for the courts upcoming appeals procedure.

China enters EUs privacy fray

The court case, first reported in Wirtschaftwoche, opens up uncomfortable questions for Huawei as well as for European data protection officials.

The company beefed up privacy protections in the run-up to Europes General Data Protection Regulation, a key law that increased requirements for companies to protect data. On its website, the company said it “complies with applicable privacy laws globally including GDPR” and that it has a number of mechanisms in place to safeguard user and employee privacy.

Its detailed privacy policy and its end-user license agreement for consumer goods are comparable to other major technology companies in that it allows Huawei to collect personal data from using its services and devices, procure data from other companies and use the data for commercial purposes or to comply with legal requirements.

The company said on its website it may transfer personal data outside Europe under legal mechanisms provided by the GDPR.

The German court ruling showed Huawei had transferred the former managers data to its headquarters in China using “standard contractual clauses” — legal snippets that impose liability on a company when it transfers data to China, Malaysia and most other countries across the world.

And yet, the companys legal protections are hardly comforting to those who fear the Chinese states surveillance.

Concerns over China and privacy have peaked since 2018, when European governments started discussing the security of 5G networks and several officials in Europe called out Chinese vendors for having “legal backdoors” — meaning they were subject to legal requirements to grant Chinese state authorities access.

Of specific concern is a 2017 intelligence law that obliges companies to “support, assist and cooperate with state intelligence services in accordance with the law, and maintain secret all knowledge on the national intelligence services.” Another is Chinas cybersecurity law, which contains similar requirements.

Huawei has repeatedly said it wouldnt comply with such requirements.

Chinas surveillance laws were passed just as Chinese tech giants started gaining market share worldwide. Cloud and e-commerce giant Alibaba, video-sharing platform TikToks parent firm ByteDance, software-maker Tencent and others are taking the global market by storm.

Like Huawei, these firms often use standard contractual clauses to transRead More – Source

[contf]
[contfnew]

politico

[contfnewc]
[contfnewc]