A major data-sharing deal between the EU and US is ‘invalid’ given the spying revelations in the Edward Snowden scandal, the top EU court’s main legal advisor said Wednesday in a case brought against Facebook.
The case stems from a complaint against Facebook lodged at Ireland’s data protection authority by Austrian right-to-privacy activist and law student Max Schrems.
The complaint focused on a landmark deal reached by the European Commission with Washington 15 years ago that allows thousands of businesses operating in the EU to send the private data of Europeans to servers in the US.
That 2000 data sharing deal, known as Safe Harbour, “is invalid”, said the advocate general’s recommendation.
The Irish Data Protection Commission, which oversees compliance of privacy law in Ireland, had argued that Safe Harbour sufficiently protected Europeans.
But in a strong-worded opinion, the court’s advisor Yves Bot singled out the US government for the “large scale” hoarding of European citizens private data.
Accordingly, Bot said EU member states such as Ireland have the power to probe and even suspend the transfer of information with the United States when the privacy of European citizens is undermined.
The case centred on Ireland where major US web giants including Facebook and Apple have set up headquarters to take advantage of tax laws.
‘Yay!’
The case now goes to the court for a final ruling in about six months, but judges rarely contradict the findings of their legal advisor.
Schrems, who says he remains a fan of Facebook, welcomed the opinion in a tweet.
“Yay! … Safe Harbour is invalid,” he said, adding that Ireland’s data protection authority now “has a duty to investigate” US data privacy practices.
Schrems argues Safe Harbour, which largely depends on the goodwill of US authorities, is too weak to guarantee the privacy of European residents and the advocate general overwhelmingly backed the accusations.
“Where systemic deficiencies are found in the third country to which the personal data is transferred, the Member States must be able to take the measures necessary to safeguard their fundamental rights,” the EU court statement said.
The evidence leaked by Snowden showed that “the law and practice of the United States allow the large-scale collection of the personal data of citizens of the EU which is transferred, without those citizens benefiting from effective judicial protection,” it said.
Schrems is fighting the social network on several fronts in what his supporters see as a fight of a European David against a Silicon Valley Goliath.
In July, an Austrian court rejected a class action case brought by Schrems and 25,000 other Facebook users, citing a lack of sufficient legal grounds.
A lobby for digital companies operating in Europe warned that the court could severely disrupt the growth of the digital economy on the continent.
Safe Harbour “is used by about 4,500 companies to transfer a wide range of commercial data such as payroll and customer data,” DIGITALEUROPE said in a statement.
Similar deals “that underpin data transfers to many third countries may also be impacted if the Court follows the Opinion of its Advocate General,” it said.
Snowden’s revelations showed that the US National Security Agency used Silicon Valley giants Apple, Google and Facebook to gather user data.
In the wake of the scandal, the EU and Washington began talks to revamp “Safe Harbour” and Wednesday’s opinion will certainly complicate those talks.
The commission, the EU’s executive arm, refused to comment on the case saying the talks to reform Safe Harbour were still on track.
“The Commission has been working tirelessly with the US on the final details of a deal in the last weeks and we are confident that we can reach a positive conclusion soon,” commission spokesman Christian Wigand said in an email to AFP.

More from AFP
- Cyberattacks Target Websites of German Airports, Admin
- Meta Slapped With 5.5 Million Euro Fine for EU Data Breach
- International Arrests Over ‘Criminal’ Crypto Exchange
- France Regulator Raps Apple Over App Store Ads
- More Political Storms for TikTok After US Government Ban
- Meta Hit With 390 Million Euro Fine Over EU Data Breaches
- Facebook Agrees to Pay $725 Million to Settle Privacy Suit
- China’s ByteDance Admits Using TikTok Data to Track Journalists
Latest News
- Cyberattacks Target Websites of German Airports, Admin
- US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’
- Tenable Launches $25 Million Early-Stage Venture Fund
- 820k Impacted by Data Breach at Zacks Investment Research
- Mapping Threat Intelligence to the NIST Compliance Framework Part 2
- Hive Ransomware Operation Shut Down by Law Enforcement
- US Government Agencies Warn of Malicious Use of Remote Management Software
- UK Gov Warns of Phishing Attacks Launched by Iranian, Russian Cyberspies
