Facebook’s right to transfer personal data from the EU to the US has been dealt a blow after the pact it was being done through was declared invalid by the European Court of Justice.
The Safe Harbour agreement (Safe Harbor stateside) was a voluntary pact set up 15 years ago to get around the fact that US data protection laws are significantly less rigorous than their EU counterparts.
Under the scheme, US companies self-certified that they were talking adequate data security precautions in order to be able to access and use European data.
More than 5,000 US companies take advantage of it, as well as global tech giants such as Facebook, which registers users outside of the US and Canada under its Ireland subsidiary Facebook Ireland Ltd. It is estimated to be reponsible for 83.1% of all worldwide Facebook users, but moves data from Dublin to the US to be processed.
But after whistleblower Edward Snowden revealed the mass surveillance activities of America’s National Security Agency, which were alleged to include European data, in 2013, Austrian privacy campaigner Max Schrems asked the Irish Data Protection Commission to do an audit of what material Facebook was passing on.
They declined, citing Safe Harbour, so he appealed to the European Court of Justice, which has today ruled in his favour.
Following the judgement, Mr Schrems said: “I very much welcome the judgement of the Court, which will hopefully be a milestone when it comes to online privacy.
“This judgement draws a clear line. It clarifies that mass surveillance violates our fundamental rights. Reasonable legal redress must be possible. The decision also highlights that governments and businesses cannot simply ignore our fundamental right to privacy, but must abide by the law and enforce it.
Facebook had yet to comment at the time of publication, but it may well be forced to stop EU-US data transfers at least in the short term, at least until new certified contracts are in place.
Two things are immediately obvious – this will have a wider impact not just for data processing operations like Facebook, but any company that transfers any data overseas for any reason.
And secondly that you can only have true control of your data when you hold it under your own resources, although of course you may need to trade it for access to services from external companies.
If data security and privacy concerns you – and it should – digi.me is committed to giving you back control of your data, for you to use as you wish. Download a free trial here.