On Tuesday, the European Court of Justice ruled the 'safe harbor' data transfer agreement between the United States and the European Union invalid. According to BBC News, the United States and the EU adopted the 'safe harbor' framework back in 2000 in order to provide a "streamlined and cost-effective" means of transferring data from Europe to U.S.-based firms. Under European data protection laws, it is forbidden to transmit and process data in areas of the world that do not have proper privacy standards in place. 'Safe harbor' circumvented this stipulation by necessitating that the more than 5,000 participating American firms agree to uphold certain standards themselves when accepting data from Europe without the need for third-party certification. To learn more about the differences in how the United States and Europe protect users' data, please click here.
Max Schrems (Source: The Times) In 2014, Austrian privacy advocate Max Schrems challenged 'safe harbor' by arguing to the data protection commissioner in Ireland that the framework did not adequately protect data transfers exchanged between the United States and Facebook, which has its European headquarters in Dublin. When the Irish commissioner refused to hear the case based upon previous rulings that validated 'safe harbor', Schrems appealed the decision to the European Court of Justice (ECJ). This court of law has ruled in Europe v Facebook that the 'safe harbor' agreement enables interference by American authorities, including the National Security Agency, and that it discusses neither any rules to limit such interference nor any legal measures to protect against it.
“Legislation permitting the public authorities to have access on a generalized basis to the content of electronic communications must be regarded as compromising the essence of the fundamental right to respect for private life,” the European Court of Justice said in a statement on Tuesday.
The Irish regulator that oversees Facebook will now have to decide whether to suspend the transfers from the European Union to the United States.
In the meantime, Schrems is pleased with the outcome of the case he founded last year.
"This decision is a major blow for U.S. global surveillance that heavily relies on private partners," Schrems said in a statement. "The judgement makes it clear that U.S. businesses cannot simply aid U.S. espionage efforts in violation of European fundamental rights."
As of this writing, Facebook has yet to comment on the ruling of the ECJ.