Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

EU Court Deals Blow to ‘Invalid’ US Data Sharing Deal

A major data-sharing deal between the EU and US is ‘invalid’ given the spying revelations in the Edward Snowden scandal, the top EU court’s main legal advisor said Wednesday in a case brought against Facebook.

The case stems from a complaint against Facebook lodged at Ireland’s data protection authority by Austrian right-to-privacy activist and law student Max Schrems.

A major data-sharing deal between the EU and US is ‘invalid’ given the spying revelations in the Edward Snowden scandal, the top EU court’s main legal advisor said Wednesday in a case brought against Facebook.

The case stems from a complaint against Facebook lodged at Ireland’s data protection authority by Austrian right-to-privacy activist and law student Max Schrems.

The complaint focused on a landmark deal reached by the European Commission with Washington 15 years ago that allows thousands of businesses operating in the EU to send the private data of Europeans to servers in the US.

That 2000 data sharing deal, known as Safe Harbour, “is invalid”, said the advocate general’s recommendation.

The Irish Data Protection Commission, which oversees compliance of privacy law in Ireland, had argued that Safe Harbour sufficiently protected Europeans.

But in a strong-worded opinion, the court’s advisor Yves Bot singled out the US government for the “large scale” hoarding of European citizens private data.

Accordingly, Bot said EU member states such as Ireland have the power to probe and even suspend the transfer of information with the United States when the privacy of European citizens is undermined.

The case centred on Ireland where major US web giants including Facebook and Apple have set up headquarters to take advantage of tax laws.

‘Yay!’

The case now goes to the court for a final ruling in about six months, but judges rarely contradict the findings of their legal advisor.

Schrems, who says he remains a fan of Facebook, welcomed the opinion in a tweet.

“Yay! … Safe Harbour is invalid,” he said, adding that Ireland’s data protection authority now “has a duty to investigate” US data privacy practices.

Schrems argues Safe Harbour, which largely depends on the goodwill of US authorities, is too weak to guarantee the privacy of European residents and the advocate general overwhelmingly backed the accusations.

“Where systemic deficiencies are found in the third country to which the personal data is transferred, the Member States must be able to take the measures necessary to safeguard their fundamental rights,” the EU court statement said.

The evidence leaked by Snowden showed that “the law and practice of the United States allow the large-scale collection of the personal data of citizens of the EU which is transferred, without those citizens benefiting from effective judicial protection,” it said.

Schrems is fighting the social network on several fronts in what his supporters see as a fight of a European David against a Silicon Valley Goliath.

In July, an Austrian court rejected a class action case brought by Schrems and 25,000 other Facebook users, citing a lack of sufficient legal grounds.

A lobby for digital companies operating in Europe warned that the court could severely disrupt the growth of the digital economy on the continent.

Safe Harbour “is used by about 4,500 companies to transfer a wide range of commercial data such as payroll and customer data,” DIGITALEUROPE said in a statement.

Similar deals “that underpin data transfers to many third countries may also be impacted if the Court follows the Opinion of its Advocate General,” it said.

Snowden’s revelations showed that the US National Security Agency used Silicon Valley giants Apple, Google and Facebook to gather user data.

In the wake of the scandal, the EU and Washington began talks to revamp “Safe Harbour” and Wednesday’s opinion will certainly complicate those talks.

The commission, the EU’s executive arm, refused to comment on the case saying the talks to reform Safe Harbour were still on track.

“The Commission has been working tirelessly with the US on the final details of a deal in the last weeks and we are confident that we can reach a positive conclusion soon,” commission spokesman Christian Wigand said in an email to AFP.

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Application Security

Less than a week after patching critical security defects affecting multiple enterprise-facing products, VMware is warning that one of the flaws is being exploited...

Application Security

Vulnerability researchers at Google Project Zero are calling attention to the ongoing “patch-gap” problem in the Android ecosystem, warning that downstream vendors continue to...

Cyberwarfare

U.S. fighter jets successfully shot down the high altitude spy balloon launched by and belonging to China.