Landmark European court ruling tears hole in Safe Harbor data sharing agreement with U.S.
Europe’s highest court struck down the underpinning of a long standing agreement allowing corporations in Europe to freely transfer their customers and clients’ personal data to servers based in the United States. The ruling was in response to concerns about unfettered surveillance by U.S. agencies on servers holding data on everything from search histories to personal communications to financial information. That leaves tech giants like Facebook and Google operating in a sort of legal limbo and puts Washington on the spot for more concrete safeguards for personal data privacy. FSRN’s Jacob Resneck reports.
The landmark ruling is the outcome of a case brought to court by a 28-year-old Austrian law student named Max Schrems. He challenged Facebook – whose European offices are in Ireland and beholden to Irish and European laws.
Schrems successfully argued that a 15-year-old data sharing agreement called Safe Harbor meant that his Facebook data wasn’t adequately protected under the standards of European data privacy laws. As evidence, Schrems pointed to PRISM, a program revealed by former NSA contractor Edward Snowden that gave the NSA special access to data in the systems of several U.S.-based internet companies, including Facebook.
The Court of Justice of the European Union ruled in his favor Tuesday, effectively tearing holes in the Safe Harbor agreement. Safe Harbor had allowed European tech companies to seamlessly transfer users’ personal data to and from the United States during routine business. This could be anything from online banking to social media.
The ruling was hailed in many European capitals where outrage over the NSA’s surveillance of European citizens from ordinary people to country leaders remains strong. German Justice Minister Heiko Maas says the European Commission will now have to negotiate a new set of rules with the U.S. on how companies can share personal data in line with the law.
“That will only be possible if the data of European users, which is saved in the U.S., is better protected in future than before,” Maas said Tuesday. “Especially better protected from unrestricted access by U.S. intelligence agencies.”
Following the ruling Snowden himself congratulated Schrems via Twitter, writing that the Austrian graduate student had “changed the world for the better.”
But for tech giants like Google and Facebook it’s still business as usual. At least for now. The companies have said they will rely on other agreements to transfer data but it’s clear that pressure is building for more transparency and safeguards for how they handle the personal data of Europeans.
In Washington, White House spokesman Josh Earnest wouldn’t address questions about privacy concerns from U.S. intelligence agencies but defended the government’s practices in general.
“We have a variety of concerns about this ruling, one of them is that we believe that this decision was based on incorrect assumptions about data privacy protection in the United States,” he said. “And the ruling fails to properly credit the benefits to privacy and growth that have been afforded to this framework over the past fifteen years.”
Max Schrems, the law student that brought the challenge, says he predicts the eventual outcome will be a complete overhaul of the Safe Harbor agreement between Europe and the U.S.
Otherwise full compliance with EU fundamental rights and the court’s judgment, he wrote, would be very hard to achieve.