Top court rules European-US Safe Harbor data sharing agreement invalid
The European Court of Justice has ruled that the Safe Harbor agreement that is in place between technology companies is invalid. The agreement covers the sharing of data between the EU and the US but the court said there are insufficient privacy and data protection checks in place.
European law dictates that data should only be shared with and transferred to countries that offer a comparable level of data protection to the EU. The Safe Harbor agreement has been in operation for around 15 years, but after concerns that European data could be shared with the likes of the NSA it means that companies such as Facebook, Google, and Apple could be sharing data illegally.
Edward Snowden's revelations raised concerns that US companies could not be trusted to ensure that adequate privacy and data protection measures were in place. The case stemmed from a request from a privacy campaigner to the Irish Data Protection Commission to find out what data Facebook was sharing about European users. The aim was to discover what sort of user data might be exposed to levels of surveillance that would be illegal in Europe.
The repercussions of the ruling are likely to be far-reaching. Matthew Fell, CBI Director for Competitive Markets, said:
The ability to transfer data easily and securely between Europe and the US is critical for businesses in our modern. Businesses will want to see clarity on the immediate implications of the ECJ's decision, together with fast action from the Commission to agree a new framework. Getting this right will be important to the future of Europe's digital agenda, as well as doing business with our largest trading partner.
At the moment, there has been no reaction from companies likes Facebook. Moving forward, it is likely that new data sharing contracts will have to be drawn up, and this is going to take time and money. But it is not just the big players that will be affected by the ruling. Many smaller companies outsource data storage to other services that may operate in the US -- as soon as data is transferred from Europe to the US, data protection becomes an issue.
With thousands of companies currently relying on Safe Harbor, getting everything sorted out is likely to be a long and messy process. Max Schrems -- who instigated the initial case against Facebook in Ireland -- said:
I very much welcome the judgment of the Court, which will hopefully be a milestone when it comes to online privacy. This judgment draws a clear line. It clarifies that mass surveillance violates our fundamental rights. Reasonable legal redress must be possible. This decision is a major blow for US global surveillance that heavily relies on private partners. The judgment makes it clear that US businesses cannot simply aid US espionage efforts in violation of European fundamental rights.
Photo credit: Ton Snoei / Shutterstock