A 15-year-old pact allowing data to be transferred between the European Union and the United States may be illegal, according to an opinion from the top legal counsel of the European Court of Justice. The decision could, in effect, have far-reaching consequences for Google, Facebook, Twitter, and thousands of other companies in the US.
“Countries should be able prevent their citizens’ data from being transferred to the United States if that data will be utilized in ways that violate citizens’ rights,” said Advocate General Yves Bot on Wednesday in his recommendation to the ECJ. Bot explains that the “Safe Harbour” agreement, which enforces companies to comply with EU privacy laws when data is sent to US servers, fails to safeguard the personal data of EU citizens from mass and indiscriminate surveillance by US Intel agencies.
Under the Data Protection Directive, a set of EU laws that protect personal data, it is possible the agreement is illegal.
Bot’s decision may force choose companies to either choose to operate in Europe or comply with requests from US law enforcement agencies, such as the NSA, to hand over user data. While the decision is not binding, it will inform the European Court’s final ruling, which is expected later in the year.
The decision will inevitably be a hassle for US companies, nearly 4,000 of which currently reap benefits from Safe Harbour. It may also be interpreted as yet another indication that Europe is a regulatory roadblock for US businesses. Bot’s decision is derived from a case involving Facebook, the world’s biggest social network, whose European headquarters are located in Dublin, Ireland.
Following revelations from Edward Snowden, the ex-NSA contractor, about US and UK government spying, Austrian law student Max Schrems filed a case in Ireland that challenged Facebook’s data collection in Europe. Despite Facebook’s protests, Schrems is steadfast in his belief that the company cooperates with NSA’s PRISM, a mass data collection program.
“We have repeatedly said that we do not provide ‘backdoor’ access to Facebook servers and data to intelligence agencies or governments,” a Facebook spokesman said. As (CEO Mark Zuckerberg) said in June 2013, “We had never heard of PRISM before it was reported by the press and we have never participated in any such scheme.”