LUXEMBOURG: A major data-sharing deal between the EU and US is ‘invalid’ given the spying revelations in the Edward Snowden scandal, the top EU court’s main legal advisor said Wednesday in a case brought against Facebook.
The case stems from a complaint against Internet giant Facebook lodged at Ireland’s data protection authority by Austrian law student and right-to-privacy activist, Max Schrems.
The complaint focused on a landmark deal reached by the European Commission with Washington 15 years ago that allows thousands of businesses operating in the EU to send the private data of Europeans to servers in the US.
That 2000 data sharing deal, known as Safe Harbour, “is invalid”, said the advocate general’s recommendation.
The Irish Data Protection Commission, which oversees privacy law compliance by web companies based in Ireland, had argued that Safe Harbour protected such transfers.
But the advisor, lawyer Yves Bot, said EU member states have the power to probe and even suspend the transfer of information with the United States if the privacy of European citizens is undermined.
His recommendation singled out the US government for the “large scale” hoarding of European citizens private data.
It now goes to the court for a final ruling, but judges often follow the findings of their legal advisor.
Schrems, who says he remains a fan of Facebook, welcomed the opinion in a tweet.
“Yay! … Safe Harbour is invalid,” he said, adding that Ireland’s data protection authority now “has a duty to investigate” US data privacy practices.
Schrems argues Safe Harbour is too weak to guarantee the privacy of European residents and the advocate general overwhelmingly backed the accusations.
“Where systemic deficiencies are found in the third country to which the personal data is transferred, the Member States must be able to take the measures necessary to safeguard their fundamental rights,” the EU court statement said.
Schrems is fighting the social network on several fronts in what his legions of supporters call a David-and-Goliath battle.
But in July, an Austrian court rejected a class action case brought by Schrems and 25,000 other users, citing a lack of sufficient legal grounds.
A lobby for digital companies operating in Europe warned that the court could severely disrupt the growth of the digital economy on the continent.
Safe Harbour “is used by about 4,500 companies to transfer a wide range of commercial data such as payroll and customer data,” DIGITALEUROPE said in a statement.
Other similar deals “that underpin data transfers to many third countries may also be impacted if the Court follows the Opinion of its Advocate General,” it said.
Snowden’s revelations showed that the US National Security Agency used Silicon Valley giants Apple, Google and Facebook to gather user data.
In the wake of the Snowden scandal, the EU and Washington began talks to revamp “Safe Harbour” and Wednesday’s opinion will certainly complicate those talks.
The evidence leaked by Snowden showed that “the law and practice of the United States allow the large-scale collection of the personal data of citizens of the EU which is transferred, without those citizens benefiting from effective judicial protection,” the statement said.