Europe throws out US data-shar­ing deal

Pri­vacy rul­ing by the ECJ is ‘worst pos­si­ble out­come’ for Face­book, dig­i­tal trade and the UK post-Brexit

The Daily Telegraph - Business - - Front Page - By Hannah Boland and James Crisp in Brus­sels

THOU­SANDS of com­pa­nies in­clud­ing Face­book are ex­am­in­ing the im­pli­ca­tions of a sur­prise de­ci­sion by Europe’s top court to throw out a US data-shar­ing deal that has un­der­pinned transat­lantic dig­i­tal trade. The rul­ing by the Euro­pean Court of Jus­tice left the EUUS “pri­vacy shield” in­val­i­dated due to con­cerns over the pri­vacy of Euro­peans, with the court sug­gest­ing US sur­veil­lance laws were too far-reach­ing.

Brid­get Treacy, data pri­vacy part­ner at Hun­ton An­drews Kurth, said: “For busi­nesses that trans­fer per­sonal data from the EU to the US, this rep­re­sents the worst of all pos­si­ble out­comes.”

Face­book said it was study­ing the rul­ing and awaited reg­u­la­tory guid­ance. “We will en­sure that our ad­ver­tis­ers, cus­tomers and part­ners can con­tinue to en­joy ser­vices while keep- ing their data safe and se­cure,” said its as­so­ciate gen­eral coun­sel Eva Na­gle.

The land­mark de­ci­sion ef­fec­tively ends the priv­i­leged ac­cess US com­pa­nies had to per­sonal data from Europe. It also could com­pli­cate the trans­fer of per­sonal data out­side the EU.

“It is likely to have im­pli­ca­tions for the UK’s hopes for a post-Brexit data pro­tec­tion ad­e­quacy rul­ing from the Euro­pean Com­mis­sion,” Ms Treacy added. “The UK can ex­pect its sur­veil­lance laws to be sub­ject to sim­i­lar scru­tiny to those of the US.” The case be­gan af­ter ex-CIA con­trac­tor Ed­ward Snow­den re­vealed in 2013 that the US gov­ern­ment was snoop­ing on peo­ple’s on­line data. The rev­e­la­tions in­cluded de­tail on how Face­book gave US se­cu­rity agen­cies ac­cess to the per­sonal data of Euro­peans. Aus­trian ac­tivist Max Schrems filed a com­plaint against Face­book ar­gu­ing that per­sonal data should not be sent to the US be­cause the data pro­tec­tion is not as strong as in Europe.

In its rul­ing, the court said that “in re­spect of cer­tain sur­veil­lance pro­grammes”, EU cit­i­zens are not given “ac­tion­able rights be­fore the courts against US au­thor­i­ties”. US cit­i­zens, on the other hand, are given pro­tec­tions.

The rul­ing does not mean all data trans­fers out­side the EU will stop, as the court de­cided so-called “stan­dard con­trac­tual clauses” will still be valid, which is an­other le­gal mech­a­nism that can be used by com­pa­nies.

The ECJ de­ci­sion does, how­ever, mean the US and EU will need to rene­go­ti­ate their data pri­vacy deal and it is also likely to com­pli­cate UK-EU ne­go­ti­a­tions over a treaty that would al­low con­tin­ued data trans­fers be­tween the UK and EU af­ter the end of the Brexit tran­si­tion pe­riod on Dec 31.

Boris Johnson in Fe­bru­ary said the UK was plan­ning to set up sov­er­eign con­trols over its data and could di­verge from EU rules.

Mark Zucker­berg’s Face­book said it was study­ing yes­ter­day’s rul­ing by Europe’s top court on data shar­ing with the US

Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.