Irish data regulator probes Yahoo on reported email surveillance
The office of the Irish Data Protection Commissioner (DPC) has confirmed that it is in contact with Yahoo over reports that it helped US authorities spy on email accounts.
Yesterday, Reuters reported that Yahoo secretly built a custom software program to search all of its customers' incoming emails for specific information provided by US intelligence officials. The report claimed that hundreds of millions of Yahoo Mail accounts were scanned at the behest of the American National Security Agency or FBI.
Under EU privacy law, such surveillance could land Yahoo in serious trouble, even resulting in a legal block on Yahoo mail between the US and Europe.
“Any form of mass surveillance infringing on the fundamental privacy rights of EU citizens would be viewed as a matter of considerable concern by this Office,” said a spokeswoman for the Irish DPC, which confirmed contact with Yahoo on the issue.
The Irish office, led by Helen Dixon, is the lead agency for regulating Yahoo personal data in Europe.
Yahoo has described the Reuters report as “misleading”, although it has not denied giving up customer data to US authorities.
“We narrowly interpret every government request for user data to minimise disclosure,” said a company spokesman. “The mail scanning described in the article does not exist on our systems. Yahoo is a law-abiding company and complies with the laws of the United States.”
The Irish DPC has already been dealing with Yahoo over its recent data breach, exposing the personal information of at least 500m email accounts.
“The ODPC is progressing its enquiries with Yahoo in relation to the breach first reported to its office on 22 September and is in iterative contact on the matters we have raised,” said the Irish DPC spokeswoman.
Those enquiries contain “a number of issues with Yahoo for which we are seeking further information and clarification”.
The Irish office was also making contact with the US Federal Trade Commission (FTC), facilitating cooperation between the two offices on the data breach issue, the spokeswoman said.
Other high profile internet companies such as Google and Facebook have denied facilitating US authorities in email surveillance.