Businesses await EU ruling on US data privacy pact

By on
Businesses await EU ruling on US data privacy pact

Legality of Safe Harbour deal to be ruled on by court.

A ruling due next week from the EU's top court on a long-running transatlantic pact on private data could affect all legal ways of moving such data from Europe to the United States, lawyers say, potentially disrupting the everyday online transactions of thousands of companies.

Under current European privacy laws, companies are forbidden from transferring European citizens' personal data to countries deemed to have lower privacy standards - such as the United States.

However, given the sheer volume of transatlantic data traffic, the Safe Harbour framework agreement was established 15 years ago to enable companies to easily transfer personal data to the United States without having to seek prior approval, a potentially lengthy and costly process.

But the European Court of Justice (ECJ) will next week rule on the continued legality of the Safe Harbour agreement, which is now used by companies such as Facebook and MasterCard.

Last week the court's adviser, the Advocate General, said the agreement should be scrapped following the 2013 leaks from fugitive Edward Snowden about mass electronic surveillance programs conducted by the US National Security Agency.

While it was a non-binding opinion, in most cases judges tend to follow the Advocate General's advice.

The case before the ECJ specifically concerns whether the Safe Harbour pact is binding on the national data protection authorities in the light of Snowden's allegations.

However, lawyers say that the repercussions of a negative ruling could prove far wider.

"The same issue would also still exist whatever other mechanism you use to transfer personal data," said Monika Kuschewsky, a lawyer at Covington & Burling.

"None of these other mechanisms excludes US intelligence services from accessing that data."

EU officials also said that none of the other mechanisms, like standard contractual clauses establishing privacy standards between companies, provide any stronger protection against US mass surveillance than the Safe Harbour pact does.

The time frame, too, could be tight unless companies already moved to establish an alternative legal framework.

"A lot of people are worried," Kuschewsky said.

US irritation

Meanwhile, US officials say that a ruling in line with the Advocate General's opinion would have a negative effect on transatlantic relations, just when the fallout over Snowden was starting to dissipate.

The EU and the United States recently agreed a separate data-sharing agreement for security purposes, which hinges on the US Congress passing a law giving Europeans the right to sue the US authorities when their data is misused.

Now, some in Congress may ask why Washington should bother.

Despite the uncertainty as to the line the court will take, lawyers have been advising companies to put in place contingency mechanisms to ensure the everyday transfer of personal data - including employee data - can continue uninterrupted after the ruling is made.

"Now is the time to take action if you are currently relying on Safe Harbour to justify transfers," said Ross McKean, partner at law firm Olswang.

Lawyers say the court could leave some breathing space for businesses if it were to annul Safe Harbour by declaring it invalid from a future date.

It could also give the EU Commission - which is negotiating a revised Safe Harbour framework with the United States - time to address its concerns and present a strengthened system.

Got a news tip for our journalists? Share it with us anonymously here.

Most Read Articles

Log In

Username / Email:
  |  Forgot your password?