Austrian advocacy group NOYB has filed two complaints with the EU privacy watchdog against the European Parliament, accusing it of inadequately protecting employees' personal data, the group said on Thursday.
The group, led by privacy activist Max Schrems, said it was filing the complaints on behalf of four employees in response to a data breach in the parliament's recruiting platform that affected data including passports, criminal records and marriage certificates of more than 8,000 staff.
NOYB, which stands for None Of Your Business, said it was worrying that the Parliament, which informed staff of the breach in May, had found out about it months later and still apparently does not know the cause.
"This breach comes after repeated cybersecurity incidents in EU institutions over the past year," said NOYB data protection lawyer Lorea Mendiguren.
"The Parliament has an obligation to ensure proper security measures, given that its employees are likely targets for bad actors."
The European Parliament was initially unavailable for comment.
NOYB argues that the parliament is not complying with the European General Data Protection Regulation (GDPR) and that the watchdog, the European Data Protection Board (EDPB), should enforce compliance, possibly including a fine.