US-EU data share deal invalid, says ECJ adviser2 min read . Updated: 23 Sep 2015, 05:16 PM IST
Yves Bot says the Safe Harbour agreement did not do enough to protect EU citizen's private information when it reached the United States
Brussels: A deal easing the transfer of data between the United States and the EU is invalid, an adviser to the European Union’s top court said on Wednesday, dealing a blow to a system used by Facebook, Google and thousands of other companies.
The Safe Harbour agreement did not do enough to protect EU citizen’s private information when it reached the United States, Yves Bot, advocate general at the European Court of Justice (ECJ), said.
While his opinions are not binding, they tend to be followed by the court’s judges, who are currently considering a complaint about the system in the wake of revelations from ex-National Security Agency contractor Edward Snowden of mass US government surveillance.
Many companies had hailed the 2000 deal, saying it helped them get round cumbersome checks to transfer vital data, including payroll, and human resources information, between offices on both sides of the Atlantic.
“We are concerned about the potential disruption to international data flows if the Court follows today’s opinion," said John Higgins, director general of DIGITALEUROPE, whose members include Apple, Cisco, Ericsson and Google.
The case stems from a complaint filed by 27-year-old Austrian law student Max Schrems against Facebook, alleging the company was helping the US National Security Agency (NSA) harvest email and other private data by forwarding European customer’s data to servers in the United States.
The Irish Data Protection Commissioner, who watches over major tech companies’ compliance with privacy laws since they are headquartered in Ireland, rejected the complaint, saying such transfers were allowed under the Safe Harbour framework.
But the case was referred to the European Court of Justice after Schrems appealed against the Irish ruling.
“It is apparent from the findings of the High Court of Ireland and of the (European) Commission itself that the law and practice of the United States allow the large-scale collection of the personal data of citizens of the EU which is transferred, without those citizens benefiting from effective judicial protection," Bot said.
“The Commission decision is invalid," he added, referring to the Safe Harbour regime.
The Safe Harbour framework, which is currently being renegotiated after Snowden’s leak, did not contain any appropriate guarantees for preventing mass and generalised access to the transferred data, Bot said.
The Commission ought to have completely suspended the functioning of Safe Harbour following the revelations of mass US spying, he added.
The adviser also said individual data protection authorities could suspend the transfer of data to third countries if they considered that the country did not provide adequate safeguards. Reuters