Safe Harbor and NSA Data Collection Come Under Fire from European Court

Seat of the European Court of Justice, Luxembourg. // Source

Since 1998, the secure transfer of data between Europe and the United States has been ensured by a set of guidelines known as the Safe Harbor framework, which allows tech companies like Facebook and Google to legally transfer private data from the European Union to servers in the United States. The Safe Harbor agreement helps US companies comply with the EU’s comparatively-strict Data Protection Directive, but, according to a recent statement by Yves Bot, the Advocate General for the Court of Justice of the European Union, it may not be doing nearly enough to protect European users.

Yves Bot’s statement comes in response to a case brought forward by Max Schrems, an Austrian citizen and activist who has been fighting a long, crowd-funded battle with Facebook over data access and privacy. Bot particularly criticizes the "mass, indiscriminate surveillance" practices of the NSA, whose ability to collect private user data within the U.S. essentially invalidates a company like Facebook’s guarantee of data security under the Safe Harbor framework. While we will have to wait for the CJEU’s final ruling, this could potentially mean the suspension of all data transfers between the EU the the United States—a catastrophic outcome for the US tech industry.

This post adapted from a blurb I wrote for the Global Voices Advocacy Netizen Report