Go back to the Europarl portal

Choisissez la langue de votre document :

  • bg - български
  • es - español
  • cs - čeština
  • da - dansk
  • de - Deutsch
  • et - eesti keel
  • el - ελληνικά
  • en - English (Selected)
  • fr - français
  • ga - Gaeilge
  • hr - hrvatski
  • it - italiano
  • lv - latviešu valoda
  • lt - lietuvių kalba
  • hu - magyar
  • mt - Malti
  • nl - Nederlands
  • pl - polski
  • pt - português
  • ro - română
  • sk - slovenčina
  • sl - slovenščina
  • fi - suomi
  • sv - svenska
Parliamentary questions
PDF 41kWORD 19k
19 July 2019
Question for written answer P-002323-19
to the Commission
Rule 138
Alexis Georgoulis (GUE/NGL)

 Subject:  Implementation of legislation to protect personal data from FaceApp
 Answer in writing 

FaceApp has became popular in a very short time, especially among the younger generation. It is currently estimated that more than 150 million people have downloaded FaceApp and it is now one of the top-ranked apps in 121 countries.

It asks users in particular to grant access to a huge volume of personal data. The use of this app has already generated a great deal of concern among experts in personal data protection law. It raises questions regarding the security and protection of users, especially if the EU legal framework is not being adequately implemented.

Since the application uses face recognition technology and collects biometrical data, and the headquarters of the company that developed and manages it is located outside the EU, will the Commission say:
How can users be protected when they grant FaceApp a perpetual, irrevocable… nonexclusive… license (sic) to use (their User Content and any associated information) ‘for commercial’ purposes, without first being informed transparently about the terms(1)?
Are safeguards in place to ensure the extra-territorial application of and compliance with the general data protection Regulation(2) in the event of the transfer and processing of user data to another location outside the EU where the company or associated companies are operating?

(2)Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, OJ L 119/1 of 4.5.2016.

Original language of question: EL 
Last updated: 26 July 2019Legal notice - Privacy policy