While the United States attempts to make peace with the European Union on the sensitive topic of protecting personal data, on Wednesday, Sept. 23, the European court dealt a blow to the agreements with the United States. Advocate General of the European Court of Justice Yves Bot concluded that an EU member state may suspend the transfer of personal data from the social network Facebook to servers in the United States on the grounds that the surveillance exercised by intelligence services across the Atlantic is “en masse” and “indiscriminate.”
Even though the recommendations of the advocate general do not constitute a definitive decision, the court generally follows them. If it follows Wednesday’s recommendation, it could harm the establishment of a single digital market on the Old Continent, one of the European Commission’s priorities, concluded the Digital Europe association, which brings together companies within the technology sector.
Mr. Bot was driven to speak out about the case of an Austrian, Maximilian Schrems, who in just a few years has become somewhat of a nemesis for Facebook, the social network with 1.4 billion users. Outraged by Edward Snowden’s revelations of mass surveillance carried out in the United States, the young man filed a complaint with the Irish Data Protection Commissioner — Facebook has a sizable subsidiary in the country — because the social network transfers some or all of European user data to servers in the USA, where they are stored. At the time, the Irish Data Protection Commissioner rejected the complaint.
An “Intrusion on the Right to Respect for Private Life”
The advocate general of the EU’s Court of Justice reviewed this complaint on Wednesday, concluding that it should not have been rejected. In his conclusion, he noted that even if a third country has an “adequate” level of protection of personal data, national authorities can interrupt and suspend the transfer of data if this is deemed necessary.
The advocate general went further, considering that “the access enjoyed by the United States intelligence services to the transferred data constitutes an interference with the right to respect for private life.” In his opinion, this intrusion conflicts with the principle of proportionality.
In particular, Yves Bot concludes that the agreement for the protection of personal data known as “safe harbor” that has been recognized between the European Commission and the U.S. since 2000 is “invalid.” According to him, the U.S. collects the personal data of Europeans on a “large scale” and “without [European] citizens benefiting from effective judicial protection.” The surveillance carried out by U.S. intelligence services is “mass, indiscriminate surveillance,” which amounts to a violation of fundamental rights in Europe, stated the advocate general of the Court of Justice.
“Safe harbor is invalid,” rejoiced Maximilian Schrems on his Twitter account, thanking Edward Snowden and the American journalist Glenn Greenwald for their revelations on the surveillance program for communications and electronic data, known as PRISM and carried out by American Internet giants such as Yahoo!, Google and Facebook. The European Parliament also welcomed the advocate general’s findings.
Long conscious of the need to re-establish trust between Europe and the United States, the European executive has fought to allow Europeans to take American justice to court should their personal data be used abusively across the Atlantic. An agreement on this point was reached at the beginning of September, but awaits approval of the U.S. Congress before coming into force.
About this publication