by
N. Peter Kramer
Under current European privacy laws companies are forbidden from transferring European citizens’ personal data to countries having lower privacy standards. One of these low standard countries is the United States of America.
However 15 years ago, given the sheer volume of transatlantic data traffic, an agreement, the so called Safe Harbour framework agreement, was established; enabling companies in the EU to easily transfer personal data to the US without having to seek prior approval, a potentially lengthy and costly process.
Safe Harbour, which simplifies the everyday business of some 4.000 companies, came under fire in 2013. Fugitive ex-NSA contractor Edward Snowden leaked details of a US mass electronic surveillance programme known as Prism, under which EU citizens’ data held by US companies was passed on to US intelligence companies . The leaks showed the US National Security Agency used major web companies as Apple, Google, Facebook and Microsoft, to gather user data.
The Austrian citizen Max Schrems brought the case to the EJC. According to him, Snowden’s revelations of the US NSA Prism data collection programme calls into question the adequacy of the data protection afforded by the Safe Harbour agreement. Schrems filed a complaint against Facebook. He argued this company helped the NSA harvest email and other private data from European citizens by forwarding data to servers in the US.
The recent EJC’s ruling says that the Safe Harbour agreement on data transfers to the US does not afford the adequate protection required by EU law and is in fact unsafe. Max Schrems let know he is still using Facebook …
