European Court Strikes Down EU-US Privacy Agreement

  • The Court held that data privacy "must be afforded a level of protection essentially equivalent to that guaranteed within the EU by the GDPR."
  • One of the most important legal problems in this field is the cross-border nature of the Internet.
  • Sharmes also filed a lawsuit against the previous US-EU privacy agreement, known as Safe Harbor, invalidating it.

On Thursday, the European Court of Justice in Luxembourg struck down the EU-US “Privacy Shield” agreement. The ECJ ruled Thursday that Standard Contractual Clauses, used by companies operating in Europe, were a valid way to transfer data, but invalidated the use of the Privacy Shield framework.

The Court of Justice, informally known as the European Court of Justice or “ECJ,” is the supreme court of the European Union in matters of European Union law, and is considered by many ‘the most powerful and influential international court that is realistically possible.’
Internet companies and European governments can now inform governments or organizations seeking the personal information of European citizens under the EU’s internal “standard contract.” The court said Thursday:

“Regarding the level of protection required in respect of such a transfer, the Court holds that the requirements laid down for such purposes by the GDPR [General Data Protection Regulation] concerning appropriate safeguards, enforceable rights and effective legal remedies must be interpreted as meaning that data subjects whose personal data are transferred to a third country pursuant to standard data protection clauses must be afforded a level of protection essentially equivalent to that guaranteed within the EU by the GDPR.”

Applicants for personal information must adhere to a set of rules and ensure that this information will not be used for purposes other than the intended purpose. Following the revelations of Edward Snowden, a former US National Security Agency employee, about the agency’s misuse of Internet data around the world, strict regulations were imposed on US government officials and public confidence in US security officials was eroded.

The court added:

“In those circumstances, the Court specifies that the assessment of that level of protection must take into consideration both the contractual clauses agreed between the data exporter established in the EU and the recipient of the transfer established in the third country concerned and, as regards any access by the public authorities of that third country to the data transferred, the relevant aspects of the legal system of that third country.”

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas.

Lawyer as a Private Plaintiff

One of the most important legal problems in this field is the cross-border nature of the Internet. For example, an Internet company based in the United States can set up its own servers abroad. That is why the private plaintiff in the “Privacy Shield” case, an Austrian lawyer named Max Schrems, first filed a lawsuit in an Irish court.

He suggested that Facebook Ireland collected his personal information and sent it to the parent company in the United States. The company is required to provide personal data of its users to the US security services.

The Irish High Court has left it to the European Court of Human Rights to consider whether the “privacy shield” complies with European law.  In 2015, Sharmes also filed a lawsuit against the previous US-EU privacy agreement, known as Safe Harbor, invalidating it.

“What we are seeing here looks suspiciously like a privacy trade war, where Europe is saying their data standards can be trusted, but those in the U.S. cannot. We predict that the outcome could be more Europe data localization, with more customer data staying in Europe as a result,” said Jonathan Kewley, co-head of technology at law firm Clifford Chance.

[bsa_pro_ad_space id=4]

Doris Mkwaya

I am a journalist, with more than 12 years of experience as a reporter, author, editor, and journalism lecturer." I've worked as a reporter, editor and journalism lecturer, and am very enthusiastic about bringing what I've learned to this site.  

Leave a Reply