Data transfers have been a thorny topic between the two continents since the Snowden revelations, but American and European officials did finalize a long-awaited data-protection deal earlier this month that would offer more protections on how personal information is protected when shared across the Atlantic by law enforcement. The case was then referred by Ireland to the European Court of Justice.
Advertisement
If the ECJ confirms the findings, it will be a huge blow for companies like Google, Apple and Facebook, who all have millions of customers and users in Europe, and having to create separate European-only databases would significantly impact their businesses. The Safe Harbor review aims to bring more transparency regarding the use of this data transfer agreement and is a first step in the right direction, but it does not go far enough. The commission, the EU’s executive arm, refused to comment on the case saying the talks to reform Safe Harbour were still on track.
Those factors and “the secret nature” of the USA agencies’ access to such data via the servers of companies based in the U.S. “make the interference extremely serious”. Mr Bot described this level of surveillance as “mass, indiscriminate”, and “inherently disproportionate”.
Dara Murphy, Ireland’s minister for European affairs and data protection, urged the EU and USA to strike a revised deal on data sharing.
The case was brought by activist Max Schrems, who has repeatedly challenged Facebook’s data collection practices in Europe. Mr. Bot acknowledged the possibility of data transfers to the U.S. being suspended by data privacy watchdogs. The laser focus on privacy and even Mr. Schrems’s claims came following Edward Snowden’s revelation of the NSA’s Prism scheme, which allowed authorities to spy on users. Their ruling, when it comes, will be binding on the the Irish High Court.
But he says that the Commission’s decision is now invalid in the face of the NSA spying activities. But that lack of power does not mean the authorities should automatically deny complaints lodged by citizens without mounting an investigation and examining the complaints on their merits, he said. The DPC decided that because Facebook had signed up to Safe Harbour and, because the European Directive from 2000 deemed the agreement to adequately cover data protection, there was no need to investigate.
However, Schrems appealed this decision with the Irish high court, which in turn asked the EC Court of Justice for its opinion. This led to yesterday’s opinion by its advocate general. The European Union court follows such advice in a majority of cases.
It also said that United States intelligence services were carrying out “mass, indiscriminate surveillance”.
If followed by the court, it would mean that Facebook’s European branch in Ireland “would be barred from processing its data in the USA, but would have to process its data in a place where those data are not subject to NSA mass-surveillance”, Herwig Hofmann, a lawyer representing Schrems, told reporters at the EU court yesterday.
And what about the United States multinationals like Facebook and Google?
They’re not going to be too happy.
Some European companies, however, such as Germany’s Deutsche Telekom, have said they would route all email traffic through domestic servers to avoid US snooping.
Advertisement
The Data Commissioner rejected the complaint, on the grounds that the European Commission considered the United States, under the Safe Harbour scheme, to have appropriate protection procedures. It said individual countries should have the right to ban US companies from transferring data in the future. It might therefore be time for the commission to reassess its finding as to the United States, he said.
