EU court strikes down agreement for digital transfers of personal data to US
The European Court of Justice in Luxembourg City, Luxembourg. EQRoy / Shutterstock.com
The European Court of Justice ruled declared invalid an international agreement for moving its citizens’ digital data to U.S. servers, saying their privacy might be violated—especially by U.S. government surveillance, the New York Times reports.
The ruling by the EU’s highest court, which cannot be appealed, is a serious blow to businesses large and small, including Amazon, Apple, Google and Facebook, which mine data to tailor advertisements directed at individuals.
Striking down the so-called Safe Harbor agreement, which takes effect immediately, could force those companies to change basic elements of their business plans. Others, large and small, also must adapt, though many bigger companies already had worked out side agreements with the EU.
“This is extremely bad news for EU-U.S. trade,” said Richard Cumbley, a tech lawyer at Linklaters in London. “Thousands of U.S. businesses rely on the Safe Harbor as a means of moving information. Without Safe Harbor, they will be scrambling to put replacement measures in place.”
The court’s ruling made it clear the greatest concern is the U.S. government having easy access to online data about the EU’s 500 million citizens. It noted that those citizens do not have a right to bring legal actions in the U.S. if they believe their privacy rights were violated.
“The United States safe harbor scheme thus enables interference, by United States public authorities, with the fundamental rights of persons,” the EU court said in a statement.
The case was brought by a 27-year-old Austrian law student who said the online data was misused when Facebook admitted it had cooperated with the U.S. National Security Agency’s Prism program. Prism also reportedly had similar access to information held by Google as well as other U.S. tech companies. The issue became more pointed after revelations by Edward Snowden, a former NSA contractor.
The ruling leaves it to regulators in each of the EU’s 28 member states to determine restrictions on transfers of digital data. Thus, solutions may be complex and piecemeal for companies seeking to continue business as usual.
Attitudes and approaches vary among the EU’s members. France and Germany, for example, have aggressively sought to protect their citizens’ privacy rights with digital data. Britain and Ireland, on the other hand, have supported Safe Harbor, and a number of U.S. high tech companies have set up overseas headquarters in Ireland.
