A PYMNTS Company

EU: Highest court just rejected the ‘safe harbor’ agreement

 |  October 6, 2015

The European Court of Justice has just ruled that the transatlantic Safe Harbour agreement, which lets American companies use a single standard for consumer privacy and data storage in both the US and Europe, is invalid.

The ruling came after Edward Snowden’s NSA leaks showed that European data stored by US companies was not safe from surveillance that would be illegal in Europe.

Companies such as Facebook and Twitter may now face scrutiny from individual European countries’ data regulators — and could be forced to host European user data in Europe, rather than hosting it in the US and transferring it over.

That could be a bureaucratic nightmare: In theory, American companies with European customers could now end up trying to follow 20 or more different sets of national data-privacy regulations. Up to 4,500 US companies — not just tech firms — have relied on Safe Harbour.

The ruling says “the existence of a Commission decision finding that a third country ensures an adequate level of protection of the personal data transferred cannot eliminate or even reduce the powers available to the national supervisory authorities.”

In short, the European Commission’s Safe Harbour cannot usurp the powers of national authorities, the ruling says.

Full content: USA Today

Want more news? Subscribe to CPI’s free daily newsletter for more headlines and updates on antitrust developments around the world.