European Union vows to continue transatlantic data flows without “Safe Harbour”

The DPC had argued that as Facebook had signed up for the Safe Harbour agreement, there was no need for an investigation.

It added the U.S. was bound to disregard protective rules laid down by Safe Harbour where they conflict with such requirements. Basically, it has been allowing USA intelligence agencies to track Europeans, and it won’t only be Facebook that fall foul of this – a lot of tech companies enjoy the fruits of this particular agreement.

Max Schrems, a 28-year-old Facebook user finishing his Ph.D in law at Vienna University, took an interest in the subject of privacy while studying for a semester overseas at Santa Clara University in California.

Regulators are likely to require robust evidence that data is being protected and will very likely demand additional protective measures be put in place for data transfers to the United States – such as Binding Corporate Rules (for intra-group transfers) or European Commission approved model clauses – at least until a new safe harbor framework is agreed.

In the ruling, the European Court said that the Irish authority had the right to further investigate.

“Losing Safe Harbor would be hugely disruptive to all sorts of business”, said a representative of a U.S.-based cloud services company.

That was the measured reaction of the Washington think tank the Information Technology and Innovation Foundation to the news that the Court of Justice of the European Union had torn up the Safe Harbor privacy protection agreement on the transfer of personal data from the EU to the U.S.

The decision resulted from a case brought by Austrian graduate student Max Schrems, who alleged that Facebook misused Europeans’ data while cooperating with the NSA’s Prism surveillance program-a charge Facebook has denied.

Facebook said it couldn’t immediately comment on the court ruling. “In the meantime, transatlantic data flows between companies can continue using other mechanisms for worldwide transfers of personal data available under European Union data protection law”.

The EU’s top court has been weighing the validity of the data-sharing accord following revelations by former National Security Agency contractor Edward Snowden about U.S. government surveillance activities and mass data collection.

A trans-Atlantic pact that potentially allows U.S. spies to get their hands on European citizens’ private data was declared illegal by the EU’s highest court, in a ruling that threatens to plunge internet companies into a legal limbo.

Ireland’s data protection authority at the time rejected his case because Facebook was in Safe Harbour. “This judgement draws a clear line”.

In a response to the court decision, Schrems said the case was a victory for privacy rights and a blow to surveillance efforts. Nasscom president R Chandrashekhar had past year termed the EU’s stringent data protection laws a challenge.