TR Member Perks!

The Safe Harbor data sharing agreement between the US and the European Union(EU) is no more. A ruling by the European Court of Justice finds that the deal is inadequate to protect the privacy of European citizens. In the EU, privacy law forbids companies from moving data out of the EU into jurisdictions with weaker privacy protections. The safe harbor deal was an exception to the rule which allowed signatory companies to move data between the EU and the US as long as they followed a set privacy guidelines.

The case which brought an end to the Safe Harbor deal was filed by Austrian law student Max Schrems, who claimed Facebook was forwarding private information to the US in order to aid NSA spying. He originally brought the complaint to the Irish Data Protection Commissioner who rejected the complaint on the ground that the Safe Harbor framework allowed such data transfers to take place. Eventually the case was appealed to the European Court of Justice.

A major point in the court’s ruling is that there is no way for European citizens to obtain a legal remedy through the courts if their data is wrongfully seized by the NSA. The US can give all the assurances it wants that the NSA is not indiscriminately spy on Europeans and only spies on a few specific targets with probable cause, but it did not meet the burden of proof. Even if the US was given the benefit of the doubt on that point, the court’s point still stands. It’s always a possibility that law enforcement will seize data unlawfully, either through a mistake or deliberate misuse of power. In such cases, the only thing the target can do is seek a legal remedy through courts after the fact. Since the Safe Harbor framework provides no way for EU citizens to obtain a legal remedy the court finds that it “compromises the essence of the fundamental right to effective judicial protection.”

Even before Safe Harbor was overturned, many tech companies were raising the alarm about what its end could mean. Several companies like Facebook and Google claim to depend on it for even routine transfers of payroll and human resources data. However Schrems believes it will not be a major issue, stating, “There are still a number of alternative options to transfer data from the EU to the US. The judgement makes it clear that now national data protection authorities can review data transfers to the US in each individual case – while the ‘safe harbor’ allowed for a blanket allowance. Despite some alarmist comments I don’t think that we will see mayor disruptions in practice”


Max Michael

Senior Writer

I’m a technology reporter located near the Innovation District of Kitchener-Waterloo, Ontario.

  • Cytos Lpagtr


  • CRnuts

    Anything that makes it more difficult to transmit user information without a user’s explicit permission is a good thing as far as I’m concerned.

  • LeafTank

    Hey, Max. I think you might have misspelled the last word of the last paragraph within the quotation. Is it suppose to be mayor or major? Just curious. Otherwise, this was an interesting reading, comparing it to the TTP and government backdooring.

  • Max

    Well major does make more sense in context than mayor, but I grabbed the quote exactly as written. I guess its typical to use [sic] in cases like this to indicate that the mistake was in the original quote, but I’m going to check over the site’s style guide first make absolutely sure of how to deal with this. Still it was a bit of a mistake on my part to not address that mistake.