This article is from the source 'bbc' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.bbc.co.uk/news/technology-53418898

The article has changed 4 times. There is an RSS feed of changes available.

Version 1 Version 2
EU-US Privacy Shield for data struck down by court EU-US Privacy Shield for data struck down by court
(32 minutes later)
The European Court of Justice has declared invalid one of the two legal methods companies use to transfer EU citizens' data to the United States. A major agreement governing the transfer of EU citizens' data to the United States has been struck down by the European Court of Justice (ECJ).
They had been able to transfer data by signing up to higher privacy standards under the EU-US Privacy Shield. The EU-US Privacy Shield let companies sign up to higher privacy standards, before transferring data to the US.
But they will now have to sign standard contractual clauses, non-negotiable legal contracts drawn up by Europe, which the court chose not to abolish. But a privacy advocate challenged the agreement, arguing that US national security laws did not protect EU citizens from government snooping.
The ECJ was concerned about companies handing data to intelligence agencies. Max Schrems, the Austrian behind the case, called it a win for privacy.
"It is clear that the US will have to seriously change their surveillance laws, if US companies want to continue to play a role in the EU market," he said.
The EU-US Privacy Shield system "underpins transatlantic digital trade" for more than 5,000 companies. About 65% of them are small-medium enterprises (SMEs) or start-ups, according to UCL's European Institute.
Affected companies will now have to sign standard contractual clauses, non-negotiable legal contracts drawn up by Europe, which are used in other countries besides the US.
Mr Schrems had also challenged these, but the ECJ chose not to abolish them.
But it also warned that those contracts should be suspended by data protection watchdogs, if the guarantees in them are not upheld.
US Secretary of Commerce Wilbur Ross said his department was "deeply disappointed" by the decision.
He said he hoped to "limit the negative consequences" to transatlantic trade worth $7.1 trillion (£5.6tn).
Surveillance lawsSurveillance laws
Max Schrems, the Austrian privacy advocate who brought the case, said: "It seems we scored a 100% win for our privacy. European data protection law says data can only be transferred out of the EU - to the United States or elsewhere - if appropriate safeguards are in place.
"It is clear that the US will have to seriously change their surveillance laws, if US companies want to continue to play a role on the EU market."
European data protection law says data can be transferred out of the EU - to the United States or elsewhere - only if appropriate safeguards are in place.
But the ECJ said US "surveillance programmes... are not limited to what is strictly necessary".But the ECJ said US "surveillance programmes... are not limited to what is strictly necessary".
"The requirements of US national security, public interest and law enforcement have primacy, thus condoning interference with the fundamental rights of persons whose data are transferred," it said."The requirements of US national security, public interest and law enforcement have primacy, thus condoning interference with the fundamental rights of persons whose data are transferred," it said.
"The limitations on the protection of personal data arising from the domestic law of the United States... are not circumscribed in a way that satisfies requirements.""The limitations on the protection of personal data arising from the domestic law of the United States... are not circumscribed in a way that satisfies requirements."
'Bold move''Bold move'
The EU-US Privacy Shield system "underpins transatlantic digital trade" for more than 5,000 companies, about 65% of which are small-medium enterprises (SMEs) or start-ups, according to UCL's European Institute. "This is a bold move by Europe," Jonathan Kewley, co-head of technology at law firm Clifford Chance, said.
"This is a bold move by Europe," Jonathan Kewley, co-head of technology, at law firm Clifford Chance, said.
"The courts are saying that the surveillance regime in the US does not respect the rights of EU citizens and puts US state interests over the interests of individuals.
"What we are seeing here looks suspiciously like a privacy trade war, where Europe is saying their data standards can be trusted but those in the US cannot.""What we are seeing here looks suspiciously like a privacy trade war, where Europe is saying their data standards can be trusted but those in the US cannot."
And it could mean "more Europe data localisation, with more customer data staying in Europe as a result". He also warned that standard contractual clauses (SCCs) will be much more closely scrutinised from now on.
Data protection expert Tim Turner agreed, saying the ECJ's warning over the standard clauses could spell further trouble for US companies.
"If the law in the relevant country - let's say the USA - could override what the contract says, they don't work," he said.
"I don't know how much appetite they have to do this, but it's hard to imagine that any European regulator would say that SCCs work for the US, and the pressure will pile on for them to make the assessment.
"I don't think SCCs escaped the court's judgement - for some key countries, it's probably just a stay of execution."
Mr Schrems lodged a complaint against Facebook transferring data to the US in 2013, after leaks by ex-CIA contractor Edward Snowden revealed the extent of US surveillance.Mr Schrems lodged a complaint against Facebook transferring data to the US in 2013, after leaks by ex-CIA contractor Edward Snowden revealed the extent of US surveillance.
His first case ended with the ECJ overturning the long-standing Safe Harbour arrangement, in 2015. His first case ended in 2015, with the ECJ overturning the long-standing Safe Harbour arrangement.
Privacy Shield and SCCs were created as alternatives.Privacy Shield and SCCs were created as alternatives.