Advertisement

EU court rejects data-sharing deal due to privacy concerns

By Don Jacobson
EU court rejects data-sharing deal due to privacy concerns
The EU's highest court ruled Facebook's transference of European users' data to the United States violates the bloc's privacy regulations. File Photo by John Angelillo/UPI | License Photo

July 16 (UPI) -- The European Union's top court on Thursday invalidated an arrangement under which social media companies like Facebook can transfer personal data of EU residents to the United States.

The European Court of Justice ruled in favor of Austrian privacy activist Max Schrems, who argued the surveillance powers of the U.S. government, first revealed seven years ago in the Edward Snowden case, puts data privacy of European Facebook users at an unacceptable risk.

Advertisement

Schrems had first complained to the Irish Data Protection Commissioner about the transfer of his data by Facebook for processing in the United States in 2013.

The complaint came after Snowden, a former National Security Agency contractor, leaked information about the U.S. government's Prism program, under which private user information was collected directly from big tech companies such as Facebook.

RELATED EU court adviser: Facebook protects user data in U.S. transfers

Schrems asserted that the "Privacy Shield" framework -- an international agreement used by U.S.-based social media companies to enable the transfer of Europeans' data across the Atlantic -- is invalid under the terms of the EU's General Data Protection Regulation.

The Luxembourg-based court agreed, meaning social media companies seeking to transfer European residents' data abroad must now guarantee the same level of privacy protections as that provided in the European bloc.

Advertisement

The court held that "requirements laid down for such purposes by the GDPR concerning appropriate safeguards, enforceable rights and effective legal remedies must be interpreted as meaning that data subjects whose personal data are transferred to a third country pursuant to standard data protection clauses must be afforded a level of protection essentially equivalent to that guaranteed within the EU."

RELATED Top EU court hears landmark data privacy case against U.S. gov't, tech sector

The ruling is considered a blow to Facebook and other U.S.-based companies seeking to access personal data in the EU.

"I am very happy about the judgment," Schrems said in a statement. "It seems the court has followed us in all aspects. This is a total blow to the Irish DPC and Facebook. It is clear that the U.S. will have to seriously change their surveillance laws, if U.S. companies want to continue to play a major role on the EU market."

RELATED France fines Google nearly $57M for privacy rules violations

Latest Headlines

Advertisement
Advertisement

Follow Us

Advertisement