European Union court adviser: US-EU data-share deal Safe Harbour invalid

Irish data protection commissioner Helen Dixon said she would not comment on the case ahead of the final ruling “which I understand is to be delivered in the coming months”.

U.S. firms have been sending data back to the United States under the Safe Guard Agreement.

Jan Philipp Albrecht, who is the European Parliament’s man in charge of the reform of EU data protection rules, said: “The advocate general has today made clear that the transfer of EU citizens’ private data to the U.S. by Facebook is at odds with EU law”.

“Such mass, indiscriminate surveillance is inherently disproportionate and constitutes an unwarranted interference with the rights guaranteed by Articles 7 and 8 of the charter [of fundamental rights of the EU]”.

Schrems argues Safe Harbour, which largely depends on the goodwill of United States authorities, is too weak to guarantee the privacy of European residents and the advocate general overwhelmingly backed the accusations.

The Commission decision that finds the Safe Harbor to be an adequate mechanism for data transfer is invalid. As a result, the conditions laid down by the EU’s Data Protection Directive for legal transfers could not be met.

This morning the ECJ advocate general issued an opinion on the case.

But even though the EC came up with 13 recommended revisions to the scheme nearly two years ago now, nothing has changed and the flow of data has continued. The status is granted after a vetting by the European Commission of the foreign country’s legal protections for personal data and privacy.

Yet ever since Edward Snowden revealed that this “adequate protection” is nothing but an empty space where empty words once lived on an empty plain, many felt safe harbour was therefore obsolete.

Of particular concern was the NSAs so-called PRISM scheme under which it obtained unrestricted access to mass data stored on USA servers owned or controlled by technology giants like Facebook. “Like the thousands of other companies who operate data transfers across the Atlantic we await the full judgment”, spokeswoman Sally Aldous told Bloomberg.

Schrems initially focused his privacy complaints against Facebook in Ireland, where the company has its non-American headquarters.

But he says that the Commission’s decision is now invalid in the face of the NSA spying activities.

The DPC said it didn’t need to investigate his complaint. The agreement allows the likes of Facebook Inc (NASDAQ:FB) and Google Inc (NASDAQ:GOOGL) to collect data on their European customers. This led to yesterday’s opinion by its advocate general.

Yves Bot of the EU Court of Justice said in a non-binding opinion Wednesday. But normally judges follow such opinions “in most cases”.

So Mr Schrems is happy? But revelations around the mass-harvesting of private data by United States authorities clearly demonstrate that the Safe Harbour agreement is not in effect, the court officer said.

Schrems triggered the case in 2013, when he became concerned by the revelations of NSA contractor Edward Snowden that intelligence services in the USA were spying on data held there by companies such as Facebook. The case is complicated by the United States’ surveillance of global internet traffic.

They’re not going to be too happy.

That would cause a headache for U.S. companies operating in the European Union, lawyers said.

In Brussels, the European Commission said 13 revisions to Safe Harbor have been adopted in a bid to restore trust and it was also confident a deal could be done soon on new data transfer arrangements. Under previous DPC Billy Hawkes, rates were between 2% and 4%, and all other complaints were “informally resolved”.