Published in News

EU kills transatlantic data transfer deal

by on17 July 2020


The US spies on EU data

Europe’s highest court ruled that a transatlantic data transfer deal is invalid because the US spies on it.

The move could disrupt thousands of companies that rely on the agreement as part of their cloud arrangements. It also means that US companies no longer have privileged access to personal data from Europe.

The Privacy Shield was set up in 2016 by Washington and Brussels to protect personal data when it is sent to the United States for commercial use after a previous agreement known as Safe Harbour was ruled invalid in 2015.

More than 5,000 companies have signed up to it but the Privacy Shield was challenged in a long-running dispute between Facebook and Austrian privacy activist Max Schrems who has campaigned about the risk of U.S. intelligence agencies accessing data on Europeans.

“In respect of certain surveillance programmes, those provisions do not indicate any limitations on the power they confer to implement those programmes, or the existence of guarantees for potentially targeted non-U.S. persons”, the Court of Justice of the European Union (CJEU) in Luxembourg said in its ruling, which cannot be appealed.

The ruling means that there would need to be a fundamental reform in US surveillance laws if US companies still want to have any kind of decent access to the European market.

It will put the fear of God in to social notworking sites like Facebook and also Google which depend on customers giving them all their data.   

Facebook’s lead EU regulator, Ireland’s Data Protection Commissioner Helen Dixon, said assessment would need to be made on a case-by-case basis.

Supervisory authorities across the EU will play a central role in allowing data transfers and will develop a common position to give practical effect to the judgement, she said.

The move will mean that US companies will have to store more data in Europe and not be allowed to ship it over the pond.

The US Department of Commerce said it was “deeply disappointed” and would remain in close contact with the European Commission to try to limit the negative consequences of the ruling.

The court stressed privacy watchdogs must suspend or prohibit transfers outside the EU if data protection in other countries cannot be assured.

This means companies that fall under US surveillance laws, such as Facebook, could not use the clauses to shift data to the United States.

However, transactions by Europeans such as booking a hotel or hire car in the United States or emailing someone there would not be affected. It is more about how personal data is stored.

Microsoft said Thursday’s rulings did not affect its customers ability to transfer data between the EU and the United States using the Microsoft cloud.

Last modified on 17 July 2020
Rate this item
(3 votes)

Read more about: