In a key case before the European Union’s highest court, the Court of Justice of the European Union (CJEU), the European Commission admitted yesterday that the US-EU Safe Harbor framework for transatlantic data transfers does not adequately protect EU citizens’ data from US spying. The European Commission’s attorney Bernhard Schima told the CJEU’s attorney general: “You might consider closing your Facebook account if you have one,” euobserver reports.
The case before the CJEU is the result of complaints lodged against five US companies—Apple, Facebook, Microsoft, Skype, and Yahoo—with the relevant data protection authorities in Germany, Ireland, and Luxembourg by the Austrian privacy activist Max Schrems, supported by crowdfunding. Because of the important points of European law raised, the Irish High Court referred the Safe Harbor case to the CJEU.
The referral was prompted by Edward Snowden’s revelations about the Prism data-collection program, which show that the US intelligence community has ready access to user data held by nine US Internet companies, including the five named in Schrems’ complaints. The EU’s Data Protection Directive prohibits the transfer of personal data to non-European Union countries that do not meet the EU’s “adequacy” standard for privacy protection. To aid US companies operating in the EU, the Safe Harbor Framework was introduced, which allows US organizations to self-certify their compliance with the adequacy provision when they transfer EU personal data back to the US.
Read 5 remaining paragraphs | Comments

Leave a Reply