The Dublin-based body, in concert with the international rights organisation Eko, claims that the Israeli army’s use of Microsoft servers to target Palestinians violates GDPR
ICCL said the access to data ‘enabled real-world violence’ in Gaza
The Irish Council for Civil Liberties (ICCL) has filed a complaint with the Data Protection Commissioner, alleging that Microsoft unlawfully processed data in Ireland on behalf of the Israel Defence Forces in Gaza.
The organisation, in concert with the international human rights body Eko, claims that the data-processing “facilitates war crimes” and “genocide”.
The complaint comes after an initial investigation in August by the Guardian newspaper found that a large number of Palestinians’ phone call data was being stored by the Israeli army using Microsoft’s Azure cloud platform.
The revelations were acknowledged by Microsoft president Brad Smith in September with the company cancelling access to some of its services for some parts of the Israeli military.
Now the Irish civil rights body wants to pursue the issue of data processing legitimacy with the Irish regulator, as Microsoft’s headquarters for Europe, the Middle East and Africa is in Dublin.
The ICCL says that it is representing EU citizens and residents who have “frequent communications” with individuals in Gaza, as well as Palestinian residents of Gaza and the West Bank.
The complaint, according to the ICCL and Eko, includes materials from within Microsoft provided by whistleblowers.
“When EU infrastructure is used to enable surveillance and targeting, the Irish Data Protection Commission must step in and it must use its full powers to hold Microsoft to account,” said Joe O’Brien, executive director of the ICCL.
“Microsoft’s technology has put millions of Palestinians in danger. These are not abstract data-protection failures, they are violations that have enabled real-world violence. It is essential that the DPC move quickly and decisively, particularly in view of the threat to life posed by the issues at the heart of this complaint.”
A spokesperson for the regulator told the Irish Independent that it was considering the issue.
“I can confirm that the DPC has received a complaint of this nature, and it’s currently under assessment,” he said.
The Irish Independent has approached Microsoft for comment on the question.
The complaint alleges that Microsoft facilitated “the removal of the intercepted phone calls from EU servers to Israel, obscuring evidence of illegal processing before investigations could commence”.
It also says that by “aiding and abetting genocide and apartheid”, Microsoft’s processing of the data was unlawful under the EU’s GDPR law.
source