Issued on:
The European Unions top court ruled Thursday that an agreement that allows big tech companies to transfer data to the United States is invalid, and that national regulators need to take tougher action to protect the privacy of users data.
Advertising
Read more
The ruling to invalidate Privacy Shield will complicate the transfer of a lot of data outside the EU, and it could require regulators to vet any new transfers due to concerns that the U.S. government can snoop on people's data for national security reasons.
It will no longer simply be assumed that tech companies like Facebook will adequately protect the privacy of its European users' data when it sends it to the U.S. Rather, the EU and U.S. will likely have to find a new agreement that guarantees that Europeans' data is afforded the same privacy protection in the U.S. as it is in the EU, which has some of the toughest standards in the world.
The case began after former U.S. National Security Agency contractor Edward Snowden revealed in 2013 that the American government was snooping on peoples online data and communications. The revelations included detail on how Facebook gave U.S. security agencies access to the personal data of Europeans.
Austrian activist and law student Max Schrems that year filed a complaint against Facebook, which has its EU base in Ireland, arguing that personal data should not be sent to the U.S., as many companies do, because the data protection is not as strong as in Europe.
Far-reaching implications for tech firms
Though the legal case was triggered by concerns over Facebook in particular, it could have far-reaching implications for all tech companies that move large amounts of data over the internet if regulators find that U.S. privacy protections are insufficient and block the transfers. Things like email, flight and hotel reservations would not be affected.
Schrems said the ruling amounted to a victory for privacy. “The U.S. will have to engage in serious surveillance reform to get back to a privileged status for US companies,” he wrote on Twitter.
Companies use legal mechanisms called standard contractual clauses that force businesses to abide by strict EU privacy standards when transferring messages, photos and other information. Companies like Facebook routinely move such data among its servers around the world, and the clauses — stock terms and conditions — are used to ensure the ERead More – Source