EU-US Privacy Safe Harbor May Be In Jeopardy
Max Schrems, whom I have written about before (see post) is continuing his fight against Facebook. He first took his battle to the Irish Data Protection Commissioner (DPC) since Facebook Europe is based in Ireland, but the DPC declined to take the case, because, it said, it had no legal requirement to do so (meaning this is a hot potato and I don’t want to be associated with it).
Schrems next took the case to the European Court Of Justice in Luxemburg where a decision is expected on June 24th.
The basic argument is that since the NSA, according to Snowden documents, can look at EU resident’s data, the Safe Harbor agreement written 15 years ago is a sham and does not protect EU citizens data that is stored in the U.S. In general, U.S. companies don’t argue that they have not been able to stop the NSA from looking at their stuff and it appears, some companies may even have cooperated with the NSA, but the U.S. companies business model sort of require that they consolidate the data somewhere and moving U.S. data to Europe doesn’t work for them either.
IF, and it is a big if, the ECJ rules that the safe harbor agreement between the EU and US violates EU law, that will mean that companies like Facebook, Microsoft and Google (and probably hundreds or thousands of other companies) who routinely take EU data and move it to the US will no longer have a safe harbor to move the data to the U.S. and would be subject to EU privacy lawsuits. Since EU law is much stricter than U.S. law, U.S. companies do not want this to happen. I assume they are planning for the worst in case.
The EU and US have negotiating a new agreement for years, but it doesn’t seem like it is making much progress. IF the court rules the safe harbor provision violates EU law, everyone will get real motivated to come up with a new agreement very quickly, I suspect.
Next chapter comes out on June 24.