Friday, March 29, 2024

EU rules that US companies can’t freely pull data out of Europe

Share

European Flag

A legal framework used to justify the movement of user data across the Atlantic has just been ruled invalid by the European Court of Justice (ECJ). The Safe Harbor agreement, as it’s known, let companies like Facebook and Twitter freely move your information between its centers in Europe and the US. However, following today’s judgement, they may now need to store those details locally or prove that European privacy standards designed to protect your rights are being upheld.

The case began when Austrian privacy activist Max Schrems called out Facebook’s desire to move data stored in its Irish data center over to the US following Edward Snowden’s NSA surveillance leaks. The Irish courts dismissed the action citing the Safe Habor agreement, leaving him to lodge an appeal with the European Court of Justice. While he waited for a decision, Schrems received backing from Yves Bot, Advocate General of the ECJ, who agreed that Safe Harbor was dangerous and not binding.

With all past data-sharing agreements now deemed invalid, individual regulators now have the power to decide what happens with data stored in their countries. Ireland, for example, must now “examine, with complete independence, whether the transfer of a person’s data to a third country complies with the requirements laid down by the directive.”

“Legislation permitting the public authorities to have access on a generalised basis to the content of electronic communications must be regarded as compromising the essence of the fundamental right to respect for private life,” the court adds.

What must companies like Google, Facebook and Twitter do now? It’s not yet known how this will affect the flow of data between countries, but we do know that authorities can question the need for such a process and possibly request that all user data is stored locally, rather than in the US. More than 4,000 European and American companies are affected, so it’s not a small judgement. However, the European Union and the US are in negotiations over a new agreement, one that could give Europe far more control over what companies, but also security agencies, have access to.

[Image credit: mpd01605, Flickr]

Source: Maximillian Schrems v Data Protection Commissioner (PDF)

Read more

More News