The European Court of Justice has just ruled the Safe Harbour Agreement between the European and the United States invalid after Austrian law student, Max Schrems, brought it to their attention.
Schrems alerted the authorities following Edward Snowden’s revelations about the NSA’s mass surveillance operations. This decision will mean that changes are made in the way that personal data is transferred between companies, but what does it mean for individuals in Europe and the companies with which they regularly interact?
The Safe Harbour Agreement was established to patch up the differences between US and EU data protection laws. EU data protection laws state that the personal information of any EU citizen can only be transferred outside member states if the recipient country’s data protection laws match those of the union. US laws are less clear-cut than this, with different sectors having stricter restrictions than others. This meant that, until 2000, EU personal data couldn’t be shared with the US. The Safe Harbour Agreement sought to change this, allowing licensed companies in each state to share information – Google, Facebook, Apple and Twitter are just a few of the companies that were licensed under the Safe Harbour Agreement.
This recent ruling is significant because it means that the European Union and the United States will have to renegotiate a data sharing agreement or they will not be able to continue sharing information. This may mean that the EU will be forced to become more flexible, or that the United States will develop tighter laws when it comes to data protection. Anna Fielder, Privacy International’s chair of the board, suggests that the US shouldn’t be an exception to other EU data laws.
She states, ‘there’s a lot of data transfers, not just between the EU and the US but between the EU and lots of other countries. And those countries don’t have special arrangements like Safe Harbour. They have to operate under EU legislation.
This wasn’t the only ruling about data protection legislation that the European Courts of Justice have made recently – they also ruled that businesses must comply with both the EU’s laws and the laws of its member countries when processing data. This, as well as anticipated EU Data Protection reforms, could mean that companies are going to have to rethink their data policies. Luke Scanlon, technology lawyer at Pinsent Masons, has said that this could make data storage a ‘major issue’ for companies in the coming months.
When all is considered, these rulings shouldn’t have an impact on those who use products from Safe-Harbour licensed companies. Unfortunately, it is inevitable that the costs of finding new methods of processing and storing data will be transferred onto the customers.