Crucial data deal between US, EU scrapped by court
BRUSSELS: An online data arrangement between Europe and the US was invalidated on Thursday, as a top EU court’s decision over Facebook threw transatlantic tech companies into legal limbo.
The decision stemmed from a legal complaint by Austrian activist Max Schrems, who in 2015 scuppered a previous EU-US deal on which tech giants depend to do business. “It seems we scored a 100% win,” Schrems said. “For our privacy, the US will have to engage in serious surveillance reform to get back to a privileged status for US companies.”
The setback comes a day after another European court invalidated a landmark tax bill from the EU against Apple, raising questions over the bloc’s long-running leadership on regulating big tech.
Schrems’ legal assault began after the revelations by Edward Snowden of mass digital spying by US agencies, which the EU court at the time said were incompatible with European norms on privacy.
The previous decision struck down a deal called “Safe Harbour” that allowed for data transfers between Europe and US servers, throwing transatlantic business into chaos.
EU and US officials swiftly drew up its replacement, “Privacy Shield”, which is currently used by over 5,000 US companies, but has now been invalidated as well. The judges said that even though the deal requires that the US must comply with EU privacy law, the deal’s provisions “do not grant Europeans actionable rights before the courts against the US authorities”.
The court said, however, that another arrangement known as standard contractual clauses, could stand, giving companies an alternative framework.
The case decided on Thursday originally focused on these complex clauses, an EU invention in which companies outside Europe commit to meeting EU laws on data and privacy. The court said these were backed up by GDPR, the EU’S strict rules on data privacy that can bring massive fines to companies.