Menu
EU-US Safe Harbor agreement is invalid, court rules

EU-US Safe Harbor agreement is invalid, court rules

The EU-US Safe Harbor agreement on the transfer of personal data is invalid, the Court of Justice of the European Union ruled Tuesday

The Safe Harbor agreement on which many businesses rely for the transatlantic transfer of personal data is invalid, the Court of Justice of the European Union has ruled.

EU law requires that companies exporting citizens' personal data do so only to countries providing a similar level of legal protection for that data. In the case of the U.S., the exchange of personal data is covered by the Safe Harbor Privacy Principles, which the European Commission ruled in July 2000 provide adequate protection. Businesses relying on the Safe Harbor agreement to transfer personal data from the EU to the U.S. could now be operating illegally.

While the decision will affect companies like Facebook and Google, it is bad news for small and medium-size companies transferring data from the EU to the U.S., said Mike Weston, CEO of data science consultancy Profusion.

"American companies are going to have to restructure how they manage, store and use data in Europe and this will take a lot of time and money," he said.

The CJEU  provided a summary of the ruling, the full text of which will be published later.

The court was asked to rule on a matter of law in a case relating to Facebook's transfer of EU citizens' personal data to the U.S.

The question it was asked was: Is a national data protection authority bound by the European Commission's decision of July 26, 2000, that the Safe Harbor agreement provides adequate privacy protection to personal data exported to the U.S., or may it investigate complaints about the level of protection provided in the light of events since that decision?

In a non-binding preliminary opinion last month the court's Advocate General, Yves Bot, went far beyond that question, saying that not only should the data protection authority investigate complaints, but also that the Safe Harbor agreement is invalid because it provides inadequate protection.

The court's Grand Chamber appears to have followed Bot's opinion.

The High Court of Ireland referred the question to the CJEU in June 2014, in a convoluted case filed by Austrian citizen Maximillian Schrems in October 2013.

In June of that year, Schrems filed a complaint with the Irish Data Protection Commissioner (DPC) disputing the level of privacy protection given to personal data about him held in the U.S. by Facebook. He made the complaint in Ireland because Facebook's European headquarters is there, putting its interactions with citizens of any EU country under Irish data protection law.

The DPC summarily rejected the complaint the following month, pointing to the Commission's 2000 decision that the Safe Harbor principles followed by Facebook were adequate. Schrems asked the high court for a judicial review of the DPC's decision, prompting the court to refer the question about Safe Harbor to the CJEU.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Educating from the epicentre - Why distributors are the pulse checkers of the channel

Educating from the epicentre - Why distributors are the pulse checkers of the channel

​As the channel changes and industry voices deepen, the need for clarity and insight heightens. Market misconceptions talk of an “under pressure” distribution space, with competitors in that fateful “race for relevance” across New Zealand. Amidst the cliched assumptions however, distribution is once again showing its strength, as a force to be listened to, rather than questioned. Traditionally, the role was born out of a need for vendors and resellers to find one another, acting as a bridge between the testing lab and the marketplace. Yet despite new technologies and business approaches shaking the channel to its very core, distributors remain tied to the epicentre - providing the voice of reason amidst a seismic industry shift. In looking across both sides of the vendor and partner fences, the middle concept of the three-tier chain remains centrally placed to understand the metrics of two differing worlds, as the continual pulse checkers of the local channel. This exclusive Reseller News Roundtable, in association with Dicker Data and rhipe, examined the pivotal role of distribution in understanding the health of the channel, educating from the epicentre as the market transforms at a rapid rate.

Educating from the epicentre - Why distributors are the pulse checkers of the channel
Kiwi channel reunites as After Hours kicks off 2017

Kiwi channel reunites as After Hours kicks off 2017

After Hours made a welcome return to the channel social calendar last night, with a bumper crowd of distributors, vendors and resellers descending on The Jefferson in Auckland to kickstart 2017. Photos by Maria Stefina.

Kiwi channel reunites as After Hours kicks off 2017
Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Show Comments