An Israeli-owned company in Cyprus known for its role in the country’s spy van case agreed to pay nearly one million in fines despite no evidence of spying on citizens, after an independent commissioner found there was no doubt that actions by WiSpear had at the very least breached principles relating to personal data.
According to Irene Loizidou-Nikolaidou, the country’s Commissioner for personal data protection, WS WiSpear Systems on Friday paid a €925,000 fine for privacy breaches in connection with the high-profile spy van case.
“The fact that they came in paid the fine means they acknowledge the violation,” she told Knews on Monday.
WiSpear owned a high-tech surveillance vehicle that made global headlines after allegations pointed to accusations of spying on local citizens and politicians using Wi-Fi installations near airport terminals in the Republic of Cyprus.
The company vehemently denies ever spying on citizens and has further criticized law enforcement authorities for carrying out an investigation without properly understanding the technology.
'There is some debate in the field regarding uses of personal information but it was crystal clear to me that the company had taken actions that violated privacy principles' she told Knews
Back in September, after two years of investigation, a police probe also concluded there was no proof of spying, targeting, or illegal phone tapping in the case, with local reports saying prosecutors might go after a number of suspects on lesser charges.
But Loizidou-Nikolaidou says her office jumped on the case from the get go and proceeded with the fine after she had been told by the prosecutor that experts found no evidence whatsoever of any spying device or interception of any private communication.
“There is some debate in the field regarding uses of personal information but it was crystal clear to me that the company had taken actions that violated privacy principles,” the commissioner told Knews.
Loizidou-Nikolaidou went on to explain that the company clearly violated EU regulations according to which “personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject.”
She pointed to Mac addresses, which as are unique identifiers for physical devices including smart phones, as well as International Mobile Subscriber Identity numbers that are used to identify users on a cellular network, “could have been used to identify users in combination with additional information such as geographical location.”
“If you go somewhere several times at different times, this information could be used to identify you,” she explained.
WiSpear maintains that any gathering of data was for demonstration purposes only and no information was ever used to identify any individual.
Company never deleted the data
But the commissioner says the company failed to delete the data, telling Knews she was referring to information obtained during the investigation and shared with her office.
“They were collecting those identifiers while doing some tests but never threw the data away, so the collection of information was taking place without the knowledge of users, and this was a clear violation of those principles,” the commissioner explained.
The commissioner clarified in a statement that the fine she imposed on the Israeli company had “nothing to do with any possible criminal liabilities, should those emerge in the future.”