Safe Harbour ruling: Agreement that gave US spy chiefs access to the online data of millions of citizens is invalid, says Europe's highest court
The European Court of Justice has said an agreement that gave US spy chiefs access to the online data of millions of citizens is invalid.
Austrian privacy campaigner Max Schrems had challenged the Safe Harbour treaty in his fight to expose what information Facebook gave to American intelligence agencies.
The court found that legislation allowing the authorities access to the content of electronic communications compromised the fundamental right to respect for private life.
"The Court of Justice declares that the Commission's US Safe Harbour Decision is invalid," it said in a statement on Tuesday.
The verdict, given by the European Court's of Justice's Advocate General, could cause havoc for Irish-based multinational firms such as Facebook, Google and Microsoft.
It could also undermine the Irish data protection commissioner's position as 'lead regulator' of such companies, a position that other EU privacy regulators have been disputing.
Data Commissioner Helen Dixon said: "The judgment will now be considered by the Irish High Court, the High Court having referred a number of questions to the CJEU in relation to the “safe harbour” scheme in July 2014. I have now instructed the DPC legal team this morning to take whatever actions are necessary to bring the case back as soon as practicable before the Irish High Court.
"In declaring the old “safe harbour” rules invalid, however, the significance of the judgment extends far beyond the case presently pending in Ireland. In that regard, my Office will immediately engage with our colleagues in other national supervisory authorities across Europe to determine how the judgment can be implemented in practice, quickly an effectively, particularly insofar as it impacts on EU/US data transfers," she added.
Austrian privacy campaigner Max Schrems brought the case through High Court in Ireland.
Companies such as Facebook had already warned that a ruling by the European Court Of Justice, if it follows the Advocate General's non-binding opinion, could result in European users getting less online services in future.
But privacy advocates will be jubilant. Organisations such as Digital Rights Ireland have been warning for years that the data protection standards apply in the US are too lax for stricter European standards and jeopardise EU citizens' privacy
US spies have almost unfettered access to information about European users of Facebook and other social media, according to the Advocate General.
And it's thanks to an illegal transatlantic pact on data-transfers.
That accord, called the Safe Harbour agreement, is supposed to assign EU standards to data privacy for EU citizens' information when transferred to the US. But revelations around the mass-harvesting of private data by US authorities clearly demonstrate that the Safe Harbour agreement is not in effect, the court officer said.
EU citizens "who are Facebook users are not informed that their personal data will be generally accessible to the United States security agencies," said Yves Bot, the Advocate General. National data privacy watchdogs should therefore have the power, "where appropriate," to suspend the transfer of such data to servers located in the US, including in the case concerning the data of European Facebook users, he said.
The EU-US Safe Harbour data-sharing accord gives U. intelligence services "wide-ranging" access to EU citizens' data that "must be considered to be particularly serious, given the large number of users concerned and the quantities of data transferred," said Bot.
Those factors and "the secret nature" of the US agencies' access to such data via the servers of companies based in the US "make the interference extremely serious."