The European Court of Justice has today declared invalid the Safe Harbor data-transfer agreement that has governed EU data flows across the Atlantic for some fifteen years.
“The Court of Justice declares that the Commission’s U. Safe Harbour Decision is invalid,” the ECJ said in a statement today, reported by Reuters. The Safe Harbor executive decision allows companies to self certify to provide “adequate protection” for the data of European users to comply with the European data protection directive, and with fundamental European rights such as the right to privacy (under Article 8 of the European Convention for the Protection of Human Rights).
This decision is a major blow for US global surveillance that heavily relies on private partners.
The judgement makes it clear that US businesses cannot simply aid US espionage efforts in violation of European fundamental rights.
At the same time this case law will be a milestone for constitutional challenges against similar surveillance conducted by EU member states.
Today’s ECJ’s judgement is the culmination of a 2013 legal challenge by European privacy campaigner Max Schrems who filed complaints against several U. Internet giants — including Facebook — in the Irish courts for alleged collaboration with the NSA’s Prism program.
The Irish courts dismissed the complaint, on the grounds that the European Safe Harbor agreement governed such data flows — referring the case to the ECJ.
The latter has now ruled that European data protection authorities cannot rely on the umbrella of Safe Harbor to govern their decisions.
I very much welcome the judgement of the Court, which will hopefully be a milestone when it comes to online privacy. It clarifies that mass surveillance violates our fundamental rights. The decision also highlights that governments and businesses cannot simply ignore our fundamental right to privacy, but must abide by the law and enforce it.
The Commission issued 13 recommendations for improving Safe Harbor in November 2013 but negotiations to rework the framework are ongoing.
“We have been working with the American authorities to make data transfers safer for European citizens.