The EU’s highest court has struck down a data deal agreed with the United States.
Judges said the agreement did stop local authorities from checking that US companies were taking proper data protection measures.
The case was brought by an Austrian student, Max Schrems
“For years, the (European) Commission has just been watching. There were two or three years when ‘Safe Harbour’ could have been fixed. but it was always ‘Next month, next month, just not today’.”
The so-called Safe Harbour agreement helped major US firms transfer data from the EU by allowing them to self-regulate their own data protection procedures.
Companies such as Facebook deny any wrongdoing.
“We will come forward with clear guidance for national data-protection authorities on how to deal with data transfer requests to the US in the light of the ruling, as citizens need robust safe guards and businesses need legal certainty,” said Frans Timmermans, the vice-president of the European Commission.
The ruling means data can no longer be transferred to the US simply on the basis that the process has been Safe Harbour certified.
All parties will have to detail and agree the privacy obligations in advance, meaning potential delays and higher costs for businesses.
But some MEPs worry the judgement could let to a less open Internet.
“The risk is of course that companies are going to store their data only in Europe and we are going to kind of put a fence around the internet and around the cloud in Europe,” said Sophie Int’Veld, a Dutch Liberal parliamentarian.
“We don’t want that. We want innovation, we want the World Wide Web, but that can only take place if we know that our data are safe.”
The judgement by the European Court of Justice is final and cannot be appealed.