EU Court Ruling Threatens Transatlantic Data

Connected-Globe-Internet.jpgThe European Court of Justice has ruled that the transatlantic Safe Harbour agreement between the US and Europe is invalid, putting data transfers between the EU and United States at risk and meaning services including Facebook and Twitter could face suspension.

The Safe Harbour agreement, which has existed for 15 years, lets American companies use a single standard for consumer privacy and data storage in both the US and Europe, enabling them to store data in the US for European consumers.

The ruling places such up to 5,000 US companies under scrutiny from individual European nations data regulators, and could force them to host data for European users in the EU, rather than in the US.

It could also lead to a bureaucratic tangle for such companies, as they end up trying to follow over 20 different sets of national data privacy regulations, of differing strictness and specifications, all while maintaining the free flow of information around the Internet.

The ruling states that “the existence of a Commission decision finding that a third country ensures an adequate level of protection of the personal data transferred cannot eliminate or even reduce the powers available to the national supervisory authorities.”

This means that the original Safe Harbour agreement cannot supersede the power of national authorities to regulate how data is protected in their jurisdiction, and therefore countries can suspend services that dont meet their standards.

The ruling was made due to a case brought to the European Court of Justice by privacy advocate Max Schrems, who claimed that his privacy had been violated by the NSAs mass surveillance programs, revealed by whistleblower Edward Snowden. His case against Facebook in Ireland (where the social networks European headquarters are based) means that Irish regulators now need to decide whether or not to suspend EU-to-US data transfers by the company.

Facebook has denied any wrongdoing on its part, with a spokesperson saying, “This case is not about Facebook. What is at issue is one of the mechanisms that European law provides to enable essential transatlantic data flows.

“We will of course respond fully to any enquiries by our regulator the Irish Data Protection Commission as they look at how personal data is being protected in the US.”

The ruling comes as Edward Snowden has made claims in an interview with the BBC that UK intelligence agency GCHQ has developed tools to grant “total control” of consumers smartphones, including switching on the microphone to eavesdrop on conversations, and track users through geo-location tools.