EU-US 'safe harbour' data transfers declared invalid

News Broadband Europe 6 OCT 2015
EU-US 'safe harbour' data transfers declared invalid

The European Court of Justice (ECJ) has ruled that the ‘safe harbour’ agreement on data transfers between the EU and US is invalid, casting doubt on the extent to which US tech giants such as Facebook, Google and Apple can continue to collect data from their users in the EU. The ECJ’s ruling upholds the opinion of its advocate-general Yves Bot, who last month said the ‘safe harbour’ deal should be invalidated “because the surveillance carried out by the US is mass, indiscriminate surveillance,” leaving the data of European citizens unprotected in the US. The agreement has been in force since 2000 but has come under severe criticism following revelations of widespread US spying from former National Security Agency contractor Edward Snowden.

The ECJ was asked to rule on the safe harbour framework after an Austrian citizen, Maximillian Scherms, questioned whether it remained valid in the light of the snooping revelations. In particular, Scherms questioned the transfer of his data by Facebook from its servers based in Ireland to its operations in the US. The ECJ’s ruling means the Irish supervisory authority is now required to investigate the claims brought by Schrems. “At the conclusion of its investigation [the Irish supervisory authority] is to decide whether, pursuant to the directive, transfer of the data of Facebook's European subscribers to the United States should be suspended on the ground that the country does not afford an adequate level of protection of personal data," said the ECJ.

Although the ECJ’s decision doesn’t mean personal data transfers to the US are necessarily illegal, it gives national regulators the right to investigate transfers to all non-EU countries (including the US) and suspend them if they fail to guarantee sufficient protection. As a result of the decision, which is binding on all EU members states and can’t be appealed, some 4,000 US and European companies companies will have to implement new methods of transferring personal data legally. The ruling also gives European data protection regulators substantially enhanced powers to pursue companies for data transfer violations.

Categories:

Internet

Companies:

AppleEuropean CommissionFacebookGoogle

Regions:

Europe

Tags:

Data services, Security, Hosting - cloud - data centres, Regulations, Wholesale, Legislation - Lawsuits

Related Articles

EUROPE 16 JUL 2020

EU court overturns Privacy Shield, blocking personal data transfers to US

Max Schrems has won a new victory against Facebook and how the social network handles personal data. After having the US's 'safe harbour' status for data transfers overturned in 2015, the privacy activist has won a new case at the EU Court of Justice overturning the Privacy Shield agreement which replaced it in 2016. This means it is not legal for EU-based companies to transfer personal data to the US, as the country does not offer sufficient protection as required under the EU's privacy law.

EUROPE 25 MAY 2020

Irish regulator progresses in GDPR cases against Twitter, WhatsApp, Facebook

The Irish Data Protection Commission (DPC) announced it's making progress on investigations into major social media companies thought to have violated the EU's General Data Protection Regulation. This includes procedures against Twitter, WhatsApp and Facebook.

EUROPE 19 DEC 2019

EU court advocate upholds use of standard contract clauses on int'l data transfers

The EU Court of Justice's advocate-general has upheld the use of standard contract clauses to ensure international transfers of personal data adhere to EU privacy standards. However, in the latest development in the case of Max Schrems versus Facebook, the court said that companies using the clauses should abandon the practice if the destination country for their data was found to provide inadequate protection of personal data. 

EUROPE 8 JUL 2016

EU members approve Privacy Shield with US

Members of the EU have approved the proposed 'Privacy Shield' agreement with the US on the transfer of personal data between the EU and US. First proposed in February, the agreement is designed to replace the former 'safe harbour' status for the US as a safe destination for personal data of EU citizens. This status was struck down last year by the European Court of Justice, which found that the US did not provide enough safeguards for personal data or the opportunity for legal redress by EU citizens whose d

EUROPE 26 MAY 2016

Facebook 'model contracts' to face EU privacy lawsuit

The Irish privacy watchdog said it would refer Facebook to the EU Court of Justice for possible violations of EU data protection law with the social network's transfer of data on EU users to the US, Reuters reports. The Irish Data Protection Commissioner earlier started an investigation into Facebook's transfers to ensure that personal privacy is properly protected from US government surveillance. The IDPC said it would ask the Court of Justice of the European Union (CJEU) to determine the validity of Faceb

EUROPE 13 APR 2016

EU privacy regulators skeptical about Privacy Shield

The EU's privacy regulators have expressed concerns about the proposed Privacy Shield agreement on data transfers to the US, saying its doesn't do enough to prevent mass, indiscriminate surveillance of EU residents. The so-called Article 29 Working Group issued its opinion on the proposal and whether it lives up to EU data protection standards. 

EUROPE 29 FEB 2016

EC releases text of data protection deal with US

The European Commission has released the text of the proposed 'Privacy Shield' agreed with the US, which is expected to replace the previous safe harbour designation on data transfers from the EU to the US.  The publication includes a draft "adequacy decision" from the Commission as well as the Privacy Shield Principles companies have to abide by and written commitments by the US government on the enforcement of the arrangement, including assurance on the safeguards and limitations concerning access to data

UNITED STATES 11 FEB 2016

Senate passes bill giving Europeans right to sue in US

The US Senate has passed the Judicial Redress Act, which gives EU citizens the right to challenge the misuse of their personal data in US courts. The bill is also a prerequisite of a law that enforces a law enforcement data-sharing agreement reached in autumn 2015. Internet Association president and CEO Michael Beckerman welcomed the final passage of the Judicial Redress Act by both chambers of Congress. He writes, "The Judicial Redress Act is an important step towards restoring trust between the EU and US,

EUROPE 3 FEB 2016

EU regulators to hold off enforcing data transfers ruling

EU data protection regulators said they will hold off enforcing the court ruling ending the US's 'safe harbour' status, while they evaluate the new agreement between the EU and US on trans-Atlantic data transfers. Businesses transferring personal data from the EU to the US can continue to resort to standard contractual clauses and binding corporate rules in order to ensure compliance with EU data protection rules. The Article 29 group called on the European Commission to ensure it has all the necessary docu

EUROPE 2 FEB 2016

EU, US agree new 'privacy shield' for data transfers

The European Union and the US have agreed on a new framework for protecting the privacy of personal data passed by companies between the two territories, the European Commission announced. To be known as the EU-US Privacy Shield, the agreement comes on the deadline of 02 February set by EU privacy regulators to reach an agreement. The new arrangement will provide stronger obligations on companies in the US to protect the personal data of Europeans and stronger monitoring and enforcement by the US Department

EUROPE 2 FEB 2016

EU, US near deadline for new safe harbour agreement

EU Justice Commissioner Vera Jourova has outlined to a European Parliament committee the progress in talks with the US on reaching a new agreement allowing the transfer of personal data of EU citizens by businesses to the US. The EU and US had hoped to reach an agreement by 02 February, when the EU data protection authorities said they would start looking at enforcing the court ruling last year that struck down the previous 'safe harbour' designation for the US as a destination for personal data. Talking to

GLOBAL 1 FEB 2016

US, EU close to reaching safe harbour agreement

The US and EU are facing a deadline of 2 February to reach agreement on new 'safe harbour' data-privacy protection rules, the Wall Street Journal reports. Both parties said they hoped to get a deal in time, but some issues were still unresolved, such as the EU seeking more clarity on the transparency of oversight of data transfers.

EUROPE 19 JAN 2016

Only 18% of Europeans trust operators on personal data

Less than a third (32 percent) of Europeans believe there are advantages to big data, according to a study conducted by TNS Infratest on behalf of the Vodafone Institute. The survey of 8,000 respondents in eight European countries revealed that even fewer digital users – 26 percent – thought companies respected the privacy of their personal data, with only 29 percent feeling they had control over what information is collected about them. In terms of the types of companies that Europeans trust to correctly h

EUROPE 18 JAN 2016

US, EU business groups call for urgent deal on safe harbour

Four major business associations have warned the US and EU that they must reach a new deal allowing the exchange of personal data by businesses across the two territories. "This issue must be resolved immediately or the consequences could be enormous for the thousands of businesses and millions of users impacted," the letter from the US Chamber of Commerce, BusinessEurope, DigitalEurope and the Information Technology Industry Council said. It was sent to US President Barack Obama, European Commission Presid

EUROPE 15 JAN 2016

EU-US meeting on data transfers planned for 02 Feb

European Union data protection regulators will meet in Brussels on 02 February in a bid to find common ground on a new data transfer deal between the EU and the US, reports Reuters, citing a spokeswoman for the French data protection authority, which will chair the meeting. The previous data-transfer agreement was struck down in a European Court of Justice ruling in October, leading the European Commission to scrap its previous designation of the US as a 'safe harbour' for data on EU residents.

Just In

19 DEC 16:42

SLT-Mobitel launches 5G network in Sri Lanka

19 DEC 16:19

Dialog Axiata launches 5G network, connects 1.5 million subscribers

19 DEC 15:56

UK govt to ban AI-enabled nudification apps to protect women, girls

19 DEC 15:42

3 UK launches last-minute Christmas sale

Commentary

13:56

Video market set for slower growth ahead

11:38

Netflix buys Warner Bros to deepen content catalogue

11:11

KPN's mixed performance in Q3 raises questions for strategy day

15:26

Stock markets breaking records but what happened to Odido's IPO plans?

Background

01:04

The week in telecom: Wi-Fi bolt-ons take off to boost broadband growth, video market works on consolidation

01:39

The week in telecom: Netflix wins bidding for Warner Bros, Apple poaches new execs, Samsung debuts trifold

13:51

Proximus vs. Telenet: Proximus performs better in Q3 while Telenet uses up cash

14:16

Proximus Domestic still struggling with low margins

Complete profile

Before downloading the whitepaper, we would like to ask you to complete your profile with company and position. After confirming you will receive the white paper.