Advertisment

The Snowden impact, court prohibits transfer of personal data from Europe to the US

Courtesy Snowden and resultant action suit, EU declared invalid Safe Harbour Framework that streamlined the transfer of personal data from Europe to the US

author-image
Sonal Desai
New Update
ID

MUMBAI, INDIA: American companies including Microsoft, Facebook and Google who set up massive data centers in Europe, have hit a panic button.

Advertisment

The reason being a landmark judgement from the European Court of Justice has declared the Safe Harbor Framework that has streamlined the transfer of personal data from Europe to the US since 2000, is invalid.

The ECJ declared the same protections for personal data are not offered in the US. It also said the Irish authority would have to examine Austrian privacy campaigner Max Schrems’ complaint with all due diligence and decide whether the transfer of data of Facebook’s European users to the US should be suspended.

The ruling declared the national security, public interest and law enforcement requirements of the United States prevail over the Safe Harbour scheme, so that United States undertakings are bound to disregard, without limitation, the protective rules laid down by that scheme where they conflict with such requirements.

Advertisment

According to media reports, the rules were supposed to ensure the same amount of data privacy in the EU as the data stored in the US. But in 2014, Austrian privacy campaigner Max Schrems challenged the notion. In particular, he was concerned Facebook was supporting NSA spying by passing on its users’ data.

What influenced Schrems? The impact of US surveillance as revealed by Edward Snowden.

A report published by Verge said that when Schrems brought the case to the Irish Data Protection Commissioner, where Facebook’s European headquarters are based, the authority said it would not pursue the case due to previous decisions declaring Safe Harbour legitimate.

Advertisment

Schrems, founder of Europe v Facebook then appealed that decision to the High Court in Dublin, which referred the case to the European Court of Justice.

Schrems originated a large class action against Facebook about online privacy. He has been the catalyst for the apparent death of the Safe Harbour agreement that streamlined personal data transfers between the EU and the US.

According to a report in the Forbes, “The Court adds that legislation permitting the public authorities to have access on a generalized basis to the content of electronic communications must be regarded as compromising the essence of the fundamental right to respect for private life.”

Advertisment

The decision came after advocate-general Yves Bot advised the ECJ the US had carried out “indiscriminate surveillance” incompatible with EU fundamental rights.

Stewart Room, partner at PricewaterhouseCoopers Legal, said the decision proved citizens had the power to cause radical and fundamental change in the European data protection legal framework, Forbes reported.

A Facebook spokesperson said the case was not about Facebook but just one of the mechanisms that European law provides to enable essential transatlantic data flows. “Facebook, like many thousands of European companies, relies on a number of the methods prescribed by EU law to legally transfer data to the US from Europe, aside from Safe Harbor,” the spokesperson added.

“It is imperative that EU and US governments ensure that they continue to provide reliable methods for lawful data transfers and resolve any issues relating to national security.”

Google, another one of many who may now have to re-organise how it stores and analyses personal data, had also been contacted but had not responded at the time of publication, Forbes reported.

must-read