This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at http://www.theguardian.com/world/2015/oct/06/us-digital-data-storage-systems-enable-state-interference-eu-court-rules

The article has changed 6 times. There is an RSS feed of changes available.

Version 3 Version 4
Facebook row: US data storage leaves users open to surveillance, court rules Facebook row: US data storage leaves users open to surveillance, court rules
(34 minutes later)
US data storage systems operated by Facebook and other digital operators do not provide customers with protection from state surveillance, the European court of justice has ruled. The personal data of Europeans held in America by online tech giants is not safe from US government snooping, the European Court of Justice has ruled, in a landmark verdict that hits Facebook, Google, Amazon and many others.
The declaration by the EU court in Luxembourg that privacy is being compromised will have far-reaching consequences for the online industry and could force many companies to relocate their operations. The Luxembourg-based court declared the EU-US “safe harbour” rules regulating firms’ retention of Europeans’ data in the US to be invalid, throwing a spoke into trade relations that will also impact on current negotiations on a far-reaching transatlantic trade pact between Washington and Brussels.
Declaring the American safe harbour scheme invalid, the ECJ whose findings are binding on all EU members states ruled that “the United States … scheme thus enables interference, by United States public authorities, with the fundamental rights of persons.” The ECJ, whose findings are binding on all EU members states, ruled on Tuesday that: “The United States … scheme enables interference, by United States public authorities, with the fundamental rights of persons…”
Safe harbour is an agreement between the European commission and the US that provides guidance for US firms on how protect for the personal data of EU citizens as required by the European Union’s directive on data protection. There are negotiations going on to upgrade the framework and provide better privacy for online users. The verdict came as a direct result of Edward Snowden’s revelations, published in the Guardian, of how the US National Security Agency was obtaining mass access to data held by the big internet servers and telecoms companies in the US. As a result, an Austrian lawyer, Maximilian Schrems, took Facebook to court in Ireland, arguing the social media site was violating his privacy by retaining his data in the US, including material he had himself deleted.
The ruling, confirming an opinion by the court’s advocate-general last month, is a victory for the Austrian campaigner Maximilian Schrems, who initially brought a claim against Facebook in Ireland in the wake of Edward Snowden’s revelations about the activities of the US National Security Agency (NSA). The ruling will force the companies involved to rethink their operations and to relocate some of their operations, and also creates great legal uncertainty among the 4,400 European companies that use the safe harbour rules to transfer customers’ data to the US.
Snowden himself welcomed the judgment, sending out a stream of approving comments on his Twitter feed. “Europe’s high court just struck down a major law routinely abused for surveillance. We are all safer as a result,” he declared.Snowden himself welcomed the judgment, sending out a stream of approving comments on his Twitter feed. “Europe’s high court just struck down a major law routinely abused for surveillance. We are all safer as a result,” he declared.
“Congratulations, @MaxSchrems. You’ve changed the world for the better.... Bottom line: the #SafeHarbor ruling indicates the indiscriminate interception of communications is a violation of rights.” “Congratulations, @MaxSchrems. You’ve changed the world for the better Bottom line: the #SafeHarbor ruling indicates the indiscriminate interception of communications is a violation of rights.
The ECJ ruling said: “The safe harbour decision denies the national supervisory authorities their powers where a person calls into question whether the decision is compatible with the protection of the privacy and of the fundamental rights and freedoms of individuals. “This judgment is a bombshell,” said Monika Kuschewsky, a data privacy lawyer with the firm Covington. “The EU’s highest court has pulled the rug under the feet of thousands of companies that have been relying on safe harbour. All these companies are now forced to find an alternative mechanism for their data transfers to the US. And, this, basically overnight.”
“This judgment has the consequence that the Irish supervisory authority is required to examine Mr Schrems’ complaint with all due diligence and, at the conclusion of its investigation, is to decide whether, pursuant to the directive, transfer of the data of Facebook’s European subscribers to the United States should be suspended on the ground that that country does not afford an adequate level of protection of personal data.” AmCham EU, the US chamber of commerce in Europe, said the ruling could cost the EU 1.3% of gross domestic product and 6.7% in services exports losses.
The Liberal Democrat MEP Catherine Bearder said: “This is a historic victory against indiscriminate snooping by intelligence agencies, both at home and abroad. In a globalised world, only a strong and binding international framework will ensure our citizens’ personal data is secure.” “The judgment could have far-reaching repercussions for consumers, employers and employees,” said Susan Danger, its managing director.
Monika Kushewsky, a data privacy lawyer team with the firm Covington, said: “This judgment is a bombshell. The EU’s highest court has pulled the rug under the feet of thousands of companies that have been relying on safe harbour. All these companies are now forced to find an alternative mechanism for their data transfers to the US. And this basically overnight, as the court has declared the commission decision on safe harbour invalid without providing for any transitional period.” The European Commission, which is responsible for the safe harbour regime, put a brave face on the damning verdict. “The commission is at ease with the court ruling,” said Frans Timmermans, its vice-president.
Mike Weston, CEO of the data science consultancy Profusion, said: “American companies are going to have to restructure how they manage, store and use data in Europe and this will take a lot of time and money. The biggest casualties will not be companies like Google and Facebook because they already have significant data centre infrastructure in countries like the Republic of Ireland, it will be medium-sized, data-heavy tech companies that don’t have the resources to react to this decision.” He made clear there would be no prompt halt to the transfer of data to the US, noting there were several other “mechanisms” that could be invoked to keep the electronic traffic flowing.
“Data flows can continue in the meantime under other arrangements.”
Safe harbour is an agreement between the European Union and the US that provides guidance for US firms on how protect the personal data of EU citizens as required by the EU’s directive on data protection.
The commission has been attempting to renegotiate the rules with the Americans since late 2013 following the Edward Snowden revelations on the complicity between US hi-tech companies and government surveillance.
Jan Philipp Albrecht, a German Greens MEP specialising in data privacy, said: “Safe harbour enabled masses of Europeans’ personal data to be transferred by companies like Facebook to the United States over the past 15 years. With today’s verdict it is clear that these transfers were in breach of the fundamental right to data protection … The United States has to deliver adequate, legally binding protection in the private sector as well as to introduce juridical redress for EU citizens with regards to their privacy rights in all sectors including national security.”
The court found that Facebook and other digital operators do not provide customers with protection from state surveillance.. The ECJ ruling said: “The safe harbour decision denies the national supervisory authorities their powers where a person calls into question whether the decision is compatible with the protection of the privacy and of the fundamental rights and freedoms of individuals.”
It suggested that the US “does not afford an adequate level of protection of personal data”.
“This is a historic victory against indiscriminate snooping by intelligence agencies, both at home and abroad. In a globalised world, only a strong and binding international framework will ensure our citizens’ personal data is secure” said the Liberal Democrat MEP Catherine Bearder.
Mike Weston, CEO of the data science consultancy, Profusion, said: “American companies are going to have to restructure how they manage, store and use data in Europe and this takes a lot of time and money. The biggest casualties will not be companies like Google and Facebook because they already have significant data centre infrastructure in countries like Ireland. It will be medium-sized, data-heavy tech companies that don’t have the resources to react to this decision.”
Mark Thompson, privacy practice leader at KPMG, said: “Europe [is] taking a strong stance in ensuring that European citizens are provided the same level of protection no matter where the processing of their personal information takes place.Mark Thompson, privacy practice leader at KPMG, said: “Europe [is] taking a strong stance in ensuring that European citizens are provided the same level of protection no matter where the processing of their personal information takes place.
“At the foundation of this is the need for global organisations to take privacy seriously, creating an environment which respects the rights of the individuals whose personal information they process regardless of the mechanism used to legitimise the transfer.”“At the foundation of this is the need for global organisations to take privacy seriously, creating an environment which respects the rights of the individuals whose personal information they process regardless of the mechanism used to legitimise the transfer.”
The home affairs spokesman for the Greens in the European parliament, Jan Philipp Albrecht, said: “Safe harbour enabled masses of Europeans’ personal data to be transferred by companies like Facebook to the United States over the past 15 years. With today’s verdict it is clear that these transfers were in breach of the fundamental right to data protection. It is now up to the commission and the Irish data protection commissioner to immediately move to prevent any further data transfers to the US in the framework of safe harbour.
“It is now high time to pass a strong and enforceable framework for the protection of personal data in the course of the EU data protection reform and make clear to the United States that it has to deliver adequate legally binding protection in the private sector as well as to introduce juridical redress for EU citizens with regards to their privacy rights in all sectors including national security.”