sommai - Fotolia
The European Court of Justice (ECJ) should consider the impact on privacy and transatlantic trading should it rule against the validity of the Safe Harbour Agreement on 6 October 2015, US diplomats have warned.
The future of the agreement, which is used to govern the transfer of European citizens’ data to the US, has been called into question by the ECJ’s Advocate General, Yves Bots, who opined on 23 September that it fails to provide “adequate protection” for users’ information.
His opinion on the matter was prompted by a complaint made by Austrian Facebook user Max Schrems to the Irish Data Protection Authority (IDPA) about the protections afforded to his personal data once it reaches the social networking giant’s US-based servers.
In the wake of the 2013 NSA Prism surveillance scandal, Schrems argued that it cannot be assumed any data that passes from Europe across the pond will not be subjected to the alleged surveillance activities of the US government.
The IDPA rejected Schrems’s claims, and in response he took his fight to the Irish High Court, which referred it on to the ECJ, which has now confirmed that it will give its final judgement on the case on 6 October 2015.
What’s in store for the future of Safe Harbour?
The uncertainty surrounding the future of Safe Harbour has led to speculation about how the 4,410 companies that use it to move EU users’ data would continue to operate.
To side-step the issue, Schrems previously speculated that the removal of Safe Harbour could lead to many of the tech firms that have signed up to the agreement to build European datacentres, so their users’ data doesn’t have to pass to the US.
As such, the US Mission to the European Union has aired concerns in the wake of Bots’s comments – which are legally non-binding – about the economic and privacy impact if the agreement was to end.
It also accuses Bots of misinterpreting the ongoing work between the US and Europe to “strengthen” the Safe Harbour agreement as a sign it is not fit for purpose.
“On the contrary, the framework was conceived as a living document, and this is not the first time the two sides have engaged to improve its operation. On both sides, there has been a strong desire to make sure that we improve the framework, and these efforts should be encouraged,” the US Mission said in a statement.
Furthermore, it has also taken issue with Bots’s decision to base his opinion on the facts as presented to the Irish High Court regarding the US government’s alleged surveillance activities.
Read more about European data protection legislation news
- US tech giants could soon come under increased pressure to build European datacentres now the validity of the US Safe Harbour Agreement has been called into question by EU law makers.
- For nearly 20 years, UK data protection laws have remained fairly static, even in the face of considerable technological advances, the rise of social media and the big data boom.
“The United States does not and has not engaged in indiscriminate surveillance of anyone, including ordinary European citizens.
“The Prism program that the Advocate General’s opinion discusses is in fact targeted against particular valid foreign intelligence targets, is duly authorised by law, and strictly complies with a number of publicly disclosed controls and limitations,” the statement continued.
“Moreover, the Advocate General’s opinion fails to take into account that – particularly in the last two years – President Obama has taken unprecedented steps to enhance transparency and public accountability regarding US intelligence practices.”
As a result, it is calling on the ECJ not to base its judgement solely on the opinions put forward by Bots, and added: “We hope that the final judgement of the European Court of Justice takes note of these efforts, inaccuracies in and far-reaching consequences of the Advocate General’s opinion, as well as the significant harm to the protection of individual rights and the free flow of information that would occur if it were to follow the Advocate General’s opinion.”
Read more on Datacentre capacity planning
EU and US start discussions on ‘enhanced’ Privacy Shield data-sharing agreement
Schrems v Facebook: European court strikes down EU-US Privacy Shield agreement
European court to decide legality of EU-US data sharing in dispute between Schrems and Facebook
EU court opinion finds EU-US data transfers lawful but raises questions over Privacy Shield