The event at issue here is Edward Snowden’s 2013 revelation that USA intelligence services, particularly the National Security Agency (NSA) were able to access foreigners’ personal information in the databases of companies such as Facebook.
Advertisement
Irish authorities initially rejected his complaint, pointing to a 2000 decision by the EU’s executive Commission that, under the so-called “safe harbor” deal, the USA ensures adequate data protection.
He initially brought a lawsuit in Ireland after failing to secure an investigation into Facebook by the country’s Data Protection Commission, which has the authority to audit the social media giant.
Schrems challenged Facebook’s transfers of European users’ data to its US servers because of the risk of USA snooping. Evan Greer, campaign director for internet activist group Fight for the Future, said, “The ECJ has confirmed what the vast majority of internet users already know: large U.S.-based tech companies have been deeply complicit in mass government surveillance, and have traded their users’ most basic rights for a cozy relationship with the us government”, the Guardian reported.
“They will need to consider their strategies around data transfers; if they have been relying on Safe Harbour to justify them then they will need to think of privacy-friendly methods to do so, which are compliant with the data protection directive”, agreed Robert Lands, head of intellectual property at law firm Howard Kennedy.
The second point is the Safe Harbor agreement is now invalid.
Microsoft has announced its stance on the ruling via its blog post stating, “For Microsoft’s enterprise cloud customers, we believe the clear answer is that yes they can continue to transfer data by relying on additional steps and legal safeguards we have put in place”.
Without Safe Harbor, individual European countries may start setting up their own data regulations, meaning that US tech companies would have to abide by dozens of different regulations, which could become a bit of a nightmare for global marketers. Schrems asked the high court for a judicial review of the DPC’s decision, prompting the court to refer the question about Safe Harbor to the CJEU.
The ruling means the case will be returned to the High Court in Dublin which will instruct the Irish DPC to fully investigate Mr Schrems’ original complaint and whether its data transfers of European Union member data should be suspended.
A few European officials and numerous big technology companies, including Facebook and Microsoft, tried to play down the impact of the ruling.
Advertisement
U.S. Secretary of Commerce Penny Pritzker said she would work with the European Commission to reform the Safe Harbor agreement.
