On October 6, 2015 the Court of Justice of the European Union (CJEU) ruled, in a landmark verdict, that the Safe Harbor Framework regulating companies’ retention of Europeans’ data in the United States is invalid.
The Safe Harbor Framework provided a legal scheme for the transfer of personal data from the European Union (EU) to the United States (US) if that data meets the EU “adequacy” standard for privacy protection. The CJEU’s decision largely followed the recommendations of the Advocate General who indicated that because the spying carried out by the US intelligence services is "mass, indiscriminate surveillance”, an adequate level of protection isn't available to EU citizens' data sent by US companies to the US from their European subsidiaries.” The Advocate General also noted that the access enjoyed by the United States intelligence services to the transferred data constitutes an interference with the right to respect for private life and the right to protection of personal data, which are guaranteed by the Charter of Fundamental Rights of the EU.
In reaching its decision, the CJEU indicated that “adequate level of protection” must be understood as requiring the third country in fact to ensure, by reason of its domestic law or its international commitments, a level of protection of fundamental rights and freedoms that is essentially equivalent to that guaranteed within the European Union.
The case was sent to the CJEU by the High Court of Ireland after the Irish data protection authority rejected a complaint from Maximillian Schrems, an Austrian law student. Schrems argued that in light of Edward Snowden’s revelations about the NSA, the data he provided to Facebook that was transferred from the company's Irish subsidiary to the United States under the Safe Harbor Framework was not adequately protected.
A press release by the CJEU is provided at. http://tinyurl.com/qcz4er4.
Additional commentary on the Advocate General’s opinion is provided at http://tinyurl.com/o5p7d5q.
Disclaimer: This Newsletter is intended to provide readers with general information on legal developments in the areas of e-commerce, information technology and intellectual property. It is not intended to be a complete statement of the law, nor is it intended to provide legal advice. No person should act or rely upon the information contained in this newsletter without seeking legal advice.
E-TIPS is a registered trade-mark of Deeth Williams Wall LLP.