European data sharing pact with US ruled invalid

Indeed, the ruling was a result of a case brought against Facebook in Ireland by privacy advocate Max Schrems, who charged that his privacy had been violated by the National Security Agency’s mass surveillance programs. “Facebook, like many thousands of European companies, relies on a number of the methods prescribed by EU law to legally transfer data to the US from Europe, aside from Safe Harbor”. Google, Amazon, Twitter and other tech giants are among them.

He originally lodged his complaint in Ireland, where Facebook has its European headquarters.

The ECJ ruled that in the failing to pursue Schrem’s case, the Irish DPC had failed to fulfil their duty to protect European Union citizens’ personal data from the NSA and consequentially invalidated the Safe Harbour agreement.

“It should be seen as part of a general trend – the European Court of Justice has been pro-privacy in a big way, making bold and strong decisions”, said Paul Bernal, a data protection expert at the University of East Anglia. Among the leaked documents were proof that USA companies have been storing user data that are vulnerable to surveillance.

Sophie In’t Veld, a leading Liberal lawmaker in the European Parliament, welcomed the ruling and called the “safe harbor” decision “a travesty of legality”.

Following the court’s decision, first Vice-President of the European Commission Timmermans said the continuation of transatlantic data flows is important for EU’s economy, calling on the companies to continue using other mechanisms for worldwide transfers of personal data available under EU data protection law. “If at the conclusion of that investigation it decides that the transfer of data from Facebook Ireland to Facebook U.S. does not offer the necessary level of data protection then it should suspend the Safe Harbour agreement”.

The Safe Harbour Agreement was reached in 2000 by the European Commission and United States (US) authorities.

In its ruling, EU’s apex court directed the Irish data commissioner to look into Schrems’ complaint “with all due diligence”.

“We can’t assume that anything is now safe”, Brian Hengesbaugh, a privacy lawyer with Baker & McKenzie in Chicago who helped to negotiate the original safe harbor agreement.

The decision by the Court does not mean companies have to immediately stop transferring data to the U.S. Rather, national authorities in Europe will be allowed to review individual transfers of data.

The ruling came years after NSA whistleblower and former employee, Edward Snowden, revealed the massive spying programmes of the intelligence agency.

The judgment followed a legal challenge by an Austrian privacy activist concerned that the social network Facebook might be sharing Europeans’ personal data with United States cyberspies. “With the court’s ruling, the requirements for any agreement to transfer data from the European Union become clearer”, said Gagan Sabharwal, director, Global Trade Development at industry lobby Nasscom.