European data sharing pact with US ruled invalid

LUXEMBOURG (AP) — Facebook and thousands of other companies could find it vastly more complicated to do business in Europe after a court ruled that personal data sent to U.S. servers is potentially unsafe from government spying.

Some 4,500 companies have long been able to store users’ personal data — everything from status updates and photos to personal information like bank details and home addresses — where they see fit, often in the U.S.

That could change after Europe’s top court on Tuesday declared invalid a 15-year-old pact allowing the unfettered transfer of personal data outside the European Union’s 28 countries.

The case was brought by an Austrian law student in the wake of revelations by former U.S. National Security Agency contractor Edward Snowden of the extent of the NSA’s surveillance programs.

Max Schrems complained that U.S. law doesn’t offer sufficient protection against surveillance of data transferred by Facebook to servers in the United States.

The verdict could have far-reaching implications for companies operating in Europe.

It does not mean companies have to immediately stop transferring data to the U.S. Rather, it opens up the possibility that European regulators will be inundated by complaints by consumers who do not want their data stored in the U.S. That would make it hugely difficult for companies to do business.

“The message is clear — that mass surveillance is not possible and against fundamental rights in Europe,” said Schrems after the ruling.

Companies, he added, “cannot just aid foreign spies and get away with it because they fall under European jurisdiction.”

The so-called “safe harbor” agreement has allowed companies to send data on users from the EU to U.S. since 2000. That includes information on how users behave online, such as what pages they visit and where they spend money. But also email addresses, passwords, bank details and payroll figures. It does not include the content of emails, however.

Since its creation, the agreement has helped Internet businesses such as social media. Facebook and Google, for example, earn money from advertising that relies on data on how users behave on the Internet.

But the revelations of NSA spying have provoked a backlash from European consumers and governments.

In a separate case, for example, Google is being forced to consider Europeans’ requests to delete from its search results links to content that they find offensive or inappropriate.

The European Commission, the EU’s executive branch, has tried to revise the “safe harbor” agreement over the past two years and expects Tuesday’s ruling will support that effort.

“Today’s judgment is an important step toward upholding Europeans’ fundamental rights to data protection,” said European Commission Vice President Frans Timmermans. “In the light of the ruling we will continue this work toward a renewed and safe framework for the transfer of personal data across the Atlantic.”

In Washington, White House spokesman Josh Earnest said there are concerns about the economic consequences of the ruling, which is being reviewed.

“We are disappointed that the court has struck down an agreement that since 2000 has proved to be critical in protecting both privacy and fostering economic growth in the United States and the European Union,” Earnest said.

He said the administration believes the decision was based “on incorrect assumptions about data privacy protections in the United States.”

He said the U.S. will work with the EU to provide certainty to companies by releasing an updated framework. The U.S. and the EU will continue working to reach an updated data sharing agreement.

Schrems, the Austrian student, complained to the data protection authorities in Ireland, where Facebook has its European headquarters, that his information was not safe on U.S. servers.

Irish authorities initially rejected his complaint, pointing to the “safe harbor” agreement. Now, the Irish data commissioner will now be required to “decide whether … transfer of the data of Facebook’s European subscribers to the United States should be suspended on the ground that that country does not afford an adequate level of protection of personal data,” the court said.

In a statement, Facebook said it’s now “imperative that EU and U.S. governments ensure that they continue to provide reliable methods for lawful data transfers and resolve any issues relating to national security.”

AmCham EU, which represents U.S. companies across all sectors in the EU, said the ruling could have serious implications for economic activity.

Reaching a new agreement on data sharing will be difficult, says professor Felix Wu of Cardozo Law School in New York.

“Safe harbor was never designed to address U.S. government surveillance,” he said. Because the 4th Amendment protecting U.S. citizens’ privacy does not apply to people outside the U.S., the data agreement cannot adequately protect Europeans’ data stored in the U.S.

If European authorities are inundated with complaints about data being stored in the U.S., companies may opt to set up more of their business in Europe. That’s what SWIFT, the international financial payments processor, did.

Meanwhile, Schrems was lauded by Snowden, the former NSA contractor who flew to Moscow two years ago after revealing information about the agency’s eavesdropping.

“You’ve changed the world for the better,” Snowden said in a tweet.

____

Geir Moulson in Berlin and Raf Casert in Brussels contributed to the story.

More in News

(Juneau Empire file photo)
Aurora forecast for the week of Feb. 26

These forecasts are courtesy of the University of Alaska Fairbanks’ Geophysical Institute… Continue reading

Liana Wallace offers a water blessing during a ribbon-cutting ceremony for the Augustus G. Brown Swimming Pool on Friday following nearly a year of renovations. The pool is scheduled to reopen for public use on Tuesday. (Mark Sabbatini / Juneau Empire)
Ribbon-cutting for Augustus G. Brown Swimming Pool a blessing for longtime users after 11-month renovation

Infrastructure upgrades, new locker rooms and student tile art in lobby greet visitors at ceremony.

The Alaska State Capitol in Juneau is seen on Friday, Feb. 23. (James Brooks/Alaska Beacon)
Alaska Legislature plans March 12 vote on Gov. Dunleavy’s executive orders

Order giving governor full control of Alaska Marine Highway Operations board among six scheduled.

Brenda Josephson, a Haines resident, testifies in favor of a bill setting statewide standards for municipal property assessors during a state Senate Community and Regional Affairs Committee hearing Thursday. (Mark Sabbatini / Juneau Empire)
Statewide standards for municipal property assessments sought in bill by Juneau lawmaker

Some residents say legislation doesn’t go far enough, want limits on annual valuation increases.

The front page of the Juneau Empire on Feb. 26, 2004. (Mark Sabbatini / Juneau Empire)
Empire Archives: Juneau’s history for the week of March 2

Three decades of capital city coverage.

Rep. Ben Carpenter, R-Nikiski, speaks Thursday, April 27, 2023, at a news conference in Juneau. (James Brooks/Alaska Beacon)
Alaska House considers constitutional guarantee for Permanent Fund dividend

The Alaska House of Representatives will vote as soon as Friday morning… Continue reading

(Michael Penn / Juneau Empire file photo)
Police calls for Wednesday, Feb. 28, 2024

This report contains public information from law enforcement and public safety agencies.

(Michael Penn / Juneau Empire file photo)
Police calls for Tuesday, Feb. 27, 2024

This report contains public information from law enforcement and public safety agencies.

Alexei Painter, director of Alaska’s Legislative Finance Division, presents an update of the state’s budget situation for the coming year to the Senate Finance Committee on Thursday. (Mark Sabbatini / Juneau Empire)
Analysis: Balanced state budget next year can include a $1,535 PFD and $680 BSA increase

However, a “statutory” $3,688 PFD would result in a deficit of more than $1.2 billion, report says.

Most Read