The European Union’s top court on Thursday invalidated a vital international agreement that allows businesses to transfer data to America because, the judges said, the U.S. government can spy on it.
The decision to invalidate the Privacy Shield agreement could damage thousands of American businesses, including Facebook, that cannot guarantee privacy protections demanded by the EU.
It also could require regulators to vet any new data transfers to make sure Europeans’ personal information remains protected according to the EU’s stringent standards.
Privacy activists hailed the court ruling as a major victory, while business groups worried about the potential to disrupt commerce, depending on how the ruling is implemented.
The Trump administration was disappointed with the ruling, said Commerce Secretary Wilbur Ross, adding that he hoped the two sides would be able to limit the impact on the $7.1 trillion trans-Atlantic economic relationship.
“Data flows are essential not just to tech companies — but to businesses of all sizes in every sector,” said Mr. Ross. “As our economies continue their post-COVID-19 recovery, it is critical that companies — including the 5,300-plus current Privacy Shield participants — be able to transfer data without interruption, consistent with the strong protections offered by Privacy Shield.”
The ruling by the EU Court of Justice did not strike down all data transfers but it pokes a massive hole in Privacy Shield. By maintaining “necessary” data transfers, the court allowed continued internet activity for such things as hotel bookings and email. Other services, however, such as messages exchanged on Facebook may not be permitted to leave Europe.
“It is clear that the U.S. will have to seriously change their surveillance laws if U.S. companies want to continue to play a major role on the EU market,” said Max Schrems, an Austrian activist whose complaints about the handling of his Facebook data triggered the ruling after years of legal procedures.
He first filed a complaint in 2013, after former U.S. National Security Agency contractor Edward Snowden revealed the American government’s widespread snooping on people’s online data and communications. The revelations included detail on how Facebook gave U.S. security agencies access to the personal data of Europeans.
Though the legal case was triggered by concerns over Facebook in particular, the ruling could have far-reaching implications not only for tech companies but also for businesses in sectors such as finance and the auto industry.
For Facebook, messages between Europeans would have to stay in Europe, which can be complicated and require the platform to be split up, said Mr. Schrems.
In the U.S., critics of the federal government’s surveillance apparatus lauded the ruling.
“This ruling makes clear that no international agreement can adequately protect people’s privacy from the United States’ current mass surveillance programs and practices,” said Ashley Gorski, ACLU senior staff attorney. “U.S. surveillance violates fundamental privacy rights and continues to be a massive financial liability for U.S. companies trying to compete in a global market.”
The ACLU called on Congress to overhaul U.S. surveillance programs or brace for American businesses to suffer the consequences.
⦁ This article is based in part on wire service reports.
• Ryan Lovelace can be reached at rlovelace@washingtontimes.com.
Please read our comment policy before commenting.