Following a court ruling that the transatlantic agreement in its current form is insufficient to protect the data of European citizens from United States surveillance, new modes of transferring of data from Europe to the United States now may have to be found out by thousands of companies.
The Privacy Shield agreement between the European Union and the United States was struck down by Europe’s highest court. According to report, about 5,000 companies depend on this agreement to transfer information across the EU borders to the US.
Other agreement that the EU has with the rest of the world about data transferring was kept in place by the court. Those agreements are known as standard contractual clauses and which allow transfer of data from the EU to other countries only if the data receiving countries have protections in place that are of the same level and strength as required under EU laws. That is something that the US does not possess at the moment.
According to Caitlin Fennessy, research director at the International Association of Privacy Professionals, the court ruling therefore leaves thousands of companies in the lurch.
“I think this is the worst-case scenario for US companies,” Hennessy said. “It’s difficult to understand what legal option companies have. But it will demand immediate action by EU and US policy makers …for guidance and reassurance.”
The court ruling is the culmination of a seven year old tussle which was initially brought in by the privacy advocate Max Schrems against Facebook and the Irish Data Protection Commission. According to the argument presented in the case by Schrems, there is not adequate protection of EU citizens’ data from US surveillance practices under the Privacy Shield.
The court ruling was welcomed by Schrems.
“This is a total blow to the Irish DPC and Facebook. It is clear that the US will have to seriously change their surveillance laws, if US companies want to continue to play a role on the EU market,” he said.
The prior data protection agreement between the EU and the US was known as Safe Harbor which was annulled as a result of Schrems’ complaint and was replaced by the Privacy Shield agreement.
The court ruling to keep the standard contractual clauses in place for certain countries was welcomed by Facebook, said the social media company’s associate general counsel Eva Nagle in a statement.
“We are carefully considering the findings and implications of the decision of the Court of Justice in relation to the use of Privacy Shield and we look forward to regulatory guidance in this regard. We will ensure that our advertisers, customers and partners can continue to enjoy Facebook services while keeping their data safe and secure,” Nagle said.
Officials from the EU and the US have already been closely working on alternatives, including possibly updating the Privacy Shield agreement, said European Commission Vice President Věra Jourová after the ruling.
Analysis of the court ruling and its implications will take some time, Jourová added.
“We will continue our work to ensure the continuity of safe data flows,” she said, “We strongly believe that in the globalized world of today it is essential to have a broad tool box for international transfers while ensuring a high level of protection for personal data. We are not starting from scratch.”
(Adapted from CNN.com)