Skip to main content

Sign up for our newsletter.

Quality journalism. Progressive values. Direct to your inbox.

The Safe Harbor pact allowed U.S. companies to "self-certify" that they were abiding by strict privacy safeguards while pulling data from European servers. (Photo: Intel Free Press/flickr/cc)

With Trust Destroyed by Mass Spying, Top EU Court Asserts Need for Privacy Reform

European Court of Justice finds Safe Harbor agreement violates "essential" privacy rights

Nadia Prupis

Europe's top court on Tuesday delivered a historic blow to mass surveillance with a ruling that found the right to personal privacy trumps government spying.

The European Court of Justice (ECJ) found in its decision (pdf) that the so-called "Safe Harbor" agreement, which allowed U.S. companies to "self-certify" that they met strict privacy safeguards while pulling data from European servers, "must be regarded as compromising the essence of the fundamental right to respect for private life" as guaranteed by the European Convention on Human Rights.

The case was brought by Austrian privacy activist Max Schrems, who argued that American surveillance operations such as PRISM—exposed by National Security Agency (NSA) whistleblower Edward Snowden in 2013—rendered useless the privacy safeguards in the Safe Harbor agreement, which for years has allowed technology companies to transfer user data across continental boundaries.

Tuesday's ruling was celebrated widely by privacy advocates, including Snowden himself, who toasted Schrems on Twitter, writing, "Congratulations, . You've changed the world for the better."

The bottom line, Snowden said, is that "the ruling indicates the indiscriminate interception of communications is a violation of rights."

The ECJ's ruling means companies in the U.S. and EU have to come up with alternative ways of transferring user data—and could impact as many as 4,000 firms, including tech giants like Facebook and Google.

Jens Henrik-Jeppesen, director of European Affairs at the Center for Democracy and Technology (CDT), said the ECJ's decision "shows the need to step up reforms of government surveillance practices."

"The invalidation of the Safe [Harbor] agreement should spur governments on both sides of the Atlantic to ratchet up long-overdue reform efforts," Jeppesen said, adding that it was "undoubtedly a major jolt for companies and will likely adversely impact their operations."

Schrems specifically named Facebook in his complaint (pdf) to the ECJ, charging that the company forwards information from its Ireland office, where data on more than 83 percent of its users is stored, directly to the NSA and other U.S. intelligence agencies.

Moreover, the court said, the U.S. did not provide adequate recourse for European citizens seeking legal redress over violations of their privacy rights, which "compromises the essence of the fundamental right to effective judicial protection."

"This judgement draws a clear line," Schrems said on Tuesday. "It clarifies that mass surveillance violates our fundamental rights. Reasonable legal redress must be possible."

As for what real-world solutions may be on the horizon, Schrems said the U.S. government would have to implement "severe changes" in American law and "more than just an update to the current 'safe harbor' system. Otherwise full compliance with EU fundamental rights and the judgment will be very hard to achieve."

But, he said, "There are still a number of alternative options to transfer data from the EU to the U.S. The judgement makes it clear that now national data protection authorities can review data transfers to the U.S. in each individual case—while the 'safe harbor' allowed for a blanket allowance."

Despite some "alarmist comments" about how the ruling may impact the way tech companies do business, Schrems said he sees no reason why better data protection and reviews of data transfers would cause "major disruptions" for consumers or providers.

Nonetheless, notes Electronic Frontier Foundation international director Danny O'Brien, the "fundamental incompatibility of U.S. mass surveillance with European data protection principles" could "certainly force the companies to re-think and re-engineer how they manage the vast amount of data they collect."

However, O'Brien added, it will take more than better "reviews" of data transfers to protect Europeans from mass surveillance.

The "geographic siloing of data" by itself, he argues, "is of little practical help against mass surveillance if each and every country feels that ordinary customer data is a legitimate target for signals intelligence. If governments continue to permit intelligence agencies to indiscriminately scoop up data, then they will find a way to do that, wherever that data may be kept. Keep your data in Ireland, and GCHQ may well target it, and pass it onto the Americans. Keep your data in your own country, and you'll find the NSA—or other European states, or even your own government— breaking into those systems to extract it."

Other observers had even stronger words for the decision. The World Wide Web Foundation called it a "landmark judgment." The internet advocacy group's global campaign manager Renata Avila said, "Today's Judgment puts people's fundamental right to privacy before profit."

"Without effective safeguards for privacy, the Web as we know it could wither and die," Avila said. "Following today's ruling, new safeguards must now urgently be put in place that protect the Web as it should be, a secure and private space where people can start businesses, research confidential topics or just chat with friends without the fear of being subjected to unwarranted government snooping."

Our work is licensed under Creative Commons (CC BY-NC-ND 3.0). Feel free to republish and share widely.

We've had enough. The 1% own and operate the corporate media. They are doing everything they can to defend the status quo, squash dissent and protect the wealthy and the powerful. The Common Dreams media model is different. We cover the news that matters to the 99%. Our mission? To inform. To inspire. To ignite change for the common good. How? Nonprofit. Independent. Reader-supported. Free to read. Free to republish. Free to share. With no advertising. No paywalls. No selling of your data. Thousands of small donations fund our newsroom and allow us to continue publishing. Can you chip in? We can't do it without you. Thank you.

'What the Hell is Wrong With Them': GOP Senators Kill $35 Cap on Insulin

'Republicans told millions of Americans who use insulin to go to hell.'

Common Dreams staff ·

World Faces 'Loaded Gun' on Hiroshima's 77th Anniversary

“We must ask: What have we learned from the mushroom cloud that swelled above this city?”

Common Dreams staff ·

'Extremely Concerned': Shelling of Europe's Biggest Nuclear Power Plant More Worrying Than Chernobyl

Ukraine said parts of the facility were "seriously damaged" by Russian military strikes.

Common Dreams staff ·

'Backsliding on Democracy': Indiana Governor Signs Extreme Abortion Ban Bill

'The extremist lawmakers who forced this bill through a special session clearly could not care less about what their constituents want or need.'

Common Dreams staff ·

After Kansas Win, Abortion Rights Advocates Call Ballot Measures the 'Next Frontier'

"Ballot initiatives are a phenomenally powerful tool when there's a disconnect between the popularity of an issue and what's being enacted by politicians," said Kelly Hall of the Fairness Project.

Jessica Corbett ·

Common Dreams Logo