Safe Harbour No More. Facebook Data Transfer Deal Is Ruled Invalid
The legal challenge follows revelations by Edward Snowden about a US surveillance system monitoring data from global tech firms.
The EU Court of Justice has said the transfer of European Facebook users' data to the US could be suspended. The court said the Safe Harbor agreement that thousands of companies have relied on to move personal data across the Atlantic was invalid. In the light of revelations about US National Security Agency snooping, the agreement used since 2000 isn't enough to ensure Europeans' privacy is protected if their data is stored in the US, the court said.
The law in this area may remain murky for months or years, but enterprises should already be looking at alternatives to Safe Harbor, the lawyers said on a conference call organized by the International Association of Privacy Professionals.
The court ruled a key agreement that allows US tech companies like Facebook to transfer users' data from the EU to the US is invalid as: “Country does not afford an adequate level of protection."
EU data protection laws are among the toughest in the world and forbid EU citizens’ data being exported to countries outside the EU without adequate levels of protection. Under the 'Safe Harbour' agreement, US companies could fast track this process, so long as they met seven EU principles.
However, law student Max Schrems argued that since Facebook data was subject to mass surveillance by US intelligence agencies, it did not offer an adequate level of protection.
The case was brought against Facebook but could apply to other US companies that process personal data of EU citizens.
“American companies are going to have to restructure how they manage, store and use data in Europe and this take a lot of time and money,” Mike Weston, CEO of data science consultancy Profusion, said.
Pinsent Mason Law: Sky: PCWorld: