Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

EU Court Deals Blow to ‘Invalid’ US Data Sharing Deal

A major data-sharing deal between the EU and US is ‘invalid’ given the spying revelations in the Edward Snowden scandal, the top EU court’s main legal advisor said Wednesday in a case brought against Facebook.

The case stems from a complaint against Facebook lodged at Ireland’s data protection authority by Austrian right-to-privacy activist and law student Max Schrems.

A major data-sharing deal between the EU and US is ‘invalid’ given the spying revelations in the Edward Snowden scandal, the top EU court’s main legal advisor said Wednesday in a case brought against Facebook.

The case stems from a complaint against Facebook lodged at Ireland’s data protection authority by Austrian right-to-privacy activist and law student Max Schrems.

The complaint focused on a landmark deal reached by the European Commission with Washington 15 years ago that allows thousands of businesses operating in the EU to send the private data of Europeans to servers in the US.

That 2000 data sharing deal, known as Safe Harbour, “is invalid”, said the advocate general’s recommendation.

The Irish Data Protection Commission, which oversees compliance of privacy law in Ireland, had argued that Safe Harbour sufficiently protected Europeans.

But in a strong-worded opinion, the court’s advisor Yves Bot singled out the US government for the “large scale” hoarding of European citizens private data.

Accordingly, Bot said EU member states such as Ireland have the power to probe and even suspend the transfer of information with the United States when the privacy of European citizens is undermined.

The case centred on Ireland where major US web giants including Facebook and Apple have set up headquarters to take advantage of tax laws.

‘Yay!’

The case now goes to the court for a final ruling in about six months, but judges rarely contradict the findings of their legal advisor.

Schrems, who says he remains a fan of Facebook, welcomed the opinion in a tweet.

“Yay! … Safe Harbour is invalid,” he said, adding that Ireland’s data protection authority now “has a duty to investigate” US data privacy practices.

Schrems argues Safe Harbour, which largely depends on the goodwill of US authorities, is too weak to guarantee the privacy of European residents and the advocate general overwhelmingly backed the accusations.

“Where systemic deficiencies are found in the third country to which the personal data is transferred, the Member States must be able to take the measures necessary to safeguard their fundamental rights,” the EU court statement said.

The evidence leaked by Snowden showed that “the law and practice of the United States allow the large-scale collection of the personal data of citizens of the EU which is transferred, without those citizens benefiting from effective judicial protection,” it said.

Schrems is fighting the social network on several fronts in what his supporters see as a fight of a European David against a Silicon Valley Goliath.

In July, an Austrian court rejected a class action case brought by Schrems and 25,000 other Facebook users, citing a lack of sufficient legal grounds.

A lobby for digital companies operating in Europe warned that the court could severely disrupt the growth of the digital economy on the continent.

Safe Harbour “is used by about 4,500 companies to transfer a wide range of commercial data such as payroll and customer data,” DIGITALEUROPE said in a statement.

Similar deals “that underpin data transfers to many third countries may also be impacted if the Court follows the Opinion of its Advocate General,” it said.

Snowden’s revelations showed that the US National Security Agency used Silicon Valley giants Apple, Google and Facebook to gather user data.

In the wake of the scandal, the EU and Washington began talks to revamp “Safe Harbour” and Wednesday’s opinion will certainly complicate those talks.

The commission, the EU’s executive arm, refused to comment on the case saying the talks to reform Safe Harbour were still on track.

“The Commission has been working tirelessly with the US on the final details of a deal in the last weeks and we are confident that we can reach a positive conclusion soon,” commission spokesman Christian Wigand said in an email to AFP.

Written By

AFP 2023

Click to comment

Expert Insights

Related Content

Privacy

The EU's digital policy chief warned TikTok’s boss that the social media app must fall in line with tough new rules for online platforms...

Privacy

Meta was fined an additional $5.9 million for violating EU data protection regulations with WhatsApp messaging app.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Microsoft’s security patching machine hummed into overdrive Tuesday with the release of fixes for at least 97 documented software vulnerabilities, including a zero-day that’s...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...