EU-IRELAND/PRIVACY Europe-U.S. data transfer deal used by thousands of firms is ruled invalid
Record ID:
136184
EU-IRELAND/PRIVACY Europe-U.S. data transfer deal used by thousands of firms is ruled invalid
- Title: EU-IRELAND/PRIVACY Europe-U.S. data transfer deal used by thousands of firms is ruled invalid
- Date: 6th October 2015
- Summary: PARIS, FRANCE (OCTOBER 6, 2015) (REUTERS) MAN BROWSING FACEBOOK AND GOOGLE ON COMPUTER SCREEN
- Embargoed: 21st October 2015 13:00
- Keywords:
- Location: France
- Country: France
- Topics: General
- Reuters ID: LVAD1P6L7NBOAP5ZV3MIYEIOK9LP
- Aspect Ratio: 16:9
- Story Text: A deal that allows thousands of companies to transfer data from Europe to the United States is invalid, the highest EU court said on Tuesday (October 6) in a landmark ruling that follows revelations of mass U.S. government snooping.
Many companies, particularly tech firms, have said the Safe Harbour agreement helps them get round cumbersome checks to transfer data between offices on both sides of the Atlantic, including payroll and human resources information and also lucrative data used for online advertising.
But the decision by the Court of Justice of the European Union (ECJ) could sound the death knell for the system, set up by the European Commission 15 year ago and used by over 4,000 firms including IBM, Google and Ericsson.
The court said Safe Harbour did not sufficiently protect EU citizens' personal data as American companies were "bound to disregard, without limitation" the privacy safeguards where they come into conflict with the national security, public interest and law enforcement requirements of the United States.
The ruling follows revelations from former National Security Agency contractor Edward Snowden about the Prism programme that allowed U.S. authorities to harvest private information directly from big tech companies such as Apple, Facebook and Google.
The Commission were to give a news conference later in the day in response to the ruling, but it was unclear if the decision would prompt national data protection authorities to suspend personal data transfers to the United States.
Without Safe Harbour, multinationals could be forced to draw up contracts establishing privacy protections between groups or seek approval from data protection authorities for information transfers to countries the EU deems to have lower privacy standards, including the United States.
The court case stemmed from a complaint by Austrian law student Max Schrems, who challenged Facebook's transfers of European users' data to its American servers because of the risk of U.S. snooping.
The Commission separately demanded a review of Safe Harbour to ensure that U.S. authorities' access to Europeans' data would be proportionate and limited to what is absolutely necessary.
Washington and Brussels have been in talks for two years to try to come up with a revamped data transfer system that could allay Europe's privacy concerns, and Tuesday's judgement heaps pressure on the Commission to come up with a solution.
Schrems filed his complaint to the Irish Data Protection Commissioner, as Facebook has its European headquarters in Ireland. The case eventually wound its way up to the Luxembourg-based ECJ, which was asked to rule on whether national data privacy watchdogs could unilaterally suspend the Safe Harbour framework if they had concerns about U.S. privacy safeguards.
The Irish commissioner said her office would immediately engage with colleagues in other national authorities across Europe to determine how the judgement could be implemented. - Copyright Holder: REUTERS
- Copyright Notice: (c) Copyright Thomson Reuters 2015. Open For Restrictions - http://about.reuters.com/fulllegal.asp
- Usage Terms/Restrictions: None