'Safe Harbour' agreement reached by US and European Commission in 2000
Luxembourg - Arab Today
Facebook and other Internet giants could be barred from sending European citizens' personal information to the US after the EU's top court on Tuesday struck down a key transatlantic data deal in the wake of the Edward Snowden scandal.
The landmark verdict stemmed from a case lodged by Austrian law student Max Schrems, who challenged the 2000 "Safe Harbour" agreement between Washington and Brussels on the grounds it did not properly protect European data.
After declaring Safe Harbour "invalid," the European Court of Justice said authorities in Ireland, where Facebook has its European HQ and where Schrems lodged the case, now had to decide whether transfers of data to Facebook in the United States should be suspended outright.
"The message is clear -- mass surveillance is not possible in Europe (and is) against fundamental rights," Schrems, who turns 28 this month, told reporters at the court building in Luxembourg.
Snowden -- the former National Security Agency whistleblower who in 2013 revealed a worldwide US surveillance programme harvesting the data -- said Schrems had "changed the world for the better."
"Europe's high court just struck down a major law routinely abused for surveillance," Snowden wrote on Twitter.
But Washington said it was "deeply disappointed" in the decision.
- Digital economy in peril -
The ruling "creates significant uncertainty for both US and EU companies and consumers, and puts at risk the thriving transatlantic digital economy," said Secretary of Commerce Penny Pritzker.
Thousands of companies ranging from Google and Amazon to smaller businesses rely on Safe Harbour to legally transfer to data storage servers elsewhere huge amounts of information collected from users: personal data, their searches, preferences and purchases.
"Aside from taking an axe to the undersea fiber optic cables connecting Europe to the United States, it is hard to imagine a more disruptive action to transatlantic digital commerce," the Information Technology and Innovation Foundation in Washington, DC, said in an online post.
"Safe Harbor agreement has been the cornerstone of the transatlantic digital economy since before global companies like Facebook were founded."
The European court of Justice ruling could force companies to keep European users' digital information in Europe. That would require companies to have enough datacenter capacity there.
Internet firms should be able to rent server capacity from cloud providers in Europe, and deep-pocketed players will likely invest in building more datacenters there, according to analysts.
Major tech firms might be able to absorb that expense, but it is not likely small or medium sized companies have such room in their budgets.
- Facebook urges action -
Facebook called for Washington and Brussels to sort out the situation urgently, insisting the case was "not about Facebook" and that it had done nothing wrong.
"It is imperative that EU and US governments ensure that they continue to provide reliable methods for lawful data transfers and resolve any issues relating to national security," a Facebook spokeswoman said in an emailed statement to AFP.
The EU said it had started negotiating a new Safe Harbour arrangement with the US before the verdict, and said that firms could keep sending personal information across the Atlantic in the meantime.
"In the light of the ruling, we will continue this work towards a renewed and safe framework," European Commission Vice President Frans Timmermans said.
Referring to the work already well underway to update the agreement, Pritzker said: "We are prepared to work with the European Commission to address uncertainty created by the court decision."
Schrems was jubilant after the decision.
The Austrian had argued that the 15-year-old Safe Harbour deal was too weak to guarantee the privacy of European residents following Snowden's revelations.
He filed the case in Ireland where Facebook's European headquarters are based, but it was originally rejected and then passed to the ECJ.
- 'Strong signal' for rights -
The Irish authorities now have to decide whether transfers of Facebook subscriber data to the United States should be suspended "on the ground that that country does not afford an adequate level of protection of personal data," the court said after ruling on the case.
The ruling has set up another clash over privacy rights between the United States and Europe, two years after the Snowden revelations of mass spying first caused alarm in Brussels.
"Today's court ruling simply recognized that Safe Harbor was a sham that failed to protect Europeans' data," said Consumer Watchdog privacy project director John Simpson.
Germany's justice minister, Heiko Maas, said the ruling was a "strong signal for fundamental rights protection in Europe."
But Berin Szoka, president of the US-based nonprofit think-tank TechFreedom, warned that Internet firms and users risked paying the price for intrusive government practices.
"The decision allows European regulators to start building a Great Privacy Wall around Europe to stop data from flowing to the US," he said, "not because Facebook or any US company did anything wrong, but because US national security and law enforcement agencies can too easily access private data."