LONDON — Europe’s top court has delivered a bombshell ruling that will force thousands of U.S. companies to change the way they treat personal data of users, customers and staff.
Here is all you need to know:
What did Europe do?
The European Court of Justice declared invalid a 2000 “Safe Harbor” agreement between European Union and the U.S. that allowed Facebook and other firms to transfer data in huge quantities to their servers in the U.S.
The court threw this deal in the bin because it was worried about “mass indiscriminate surveillance and interception” of personal data by the U.S. authorities.
Experts say the ruling was a direct consequence of revelations made by whistleblower and former National Security Agency contractor Edward Snowden.
Why was the Safe Harbor agreement so important?
Europe has strict rules to protect data, and doesn’t allow it to be transferred to any country that does not adhere to them. The Safe Harbor deal was negotiated because the U.S. doesn’t have a general data protection law.
The agreement streamlined the tedious process U.S. companies had to go through in order to comply with European regulations.
Around 4,400 companies were using the agreement, according to the European Commission. Google, Amazon, Twitter and other tech giants are among them.
“There are companies with individual customers and users around the world, but there are also companies with global workforces processing human resources information in the U.S., or U.S. vendors providing data services to European businesses,” said Felix Wu, professor at Cardozo Law School.
What will companies do now?
They’ll have to rethink the way they handle personal data related to users, employees and customers.
“Thousands of companies will need to find other legal means to do this,” said Aaron Simpson, a partner at Hunton & Williams.
Businesses could ask for consent to allow data to be transferred, make their servers in the U.S. more secure or move them to Europe, or draft new legal contracts.
They’ll still be able to transfer data to the U.S. if it’s in the public interest or in the interest of an individual — such as in case of medical emergencies.
Why is Facebook involved?
The case was brought by Austrian law student Max Schrems, who complained about the way Facebook transfers his personal data to the U.S., where it can be accessed by authorities with little respect for his privacy.
He used documents exposed by Snowden, and his allegations of mass spying by the U.S. intelligence services, to illustrate the problem.
What happens next?
The EU has criticized the way the U.S. handles data, and has been trying to renegotiate the Safe Harbor agreement for some time.
“We have been working hard with the American authorities on how to revise the agreement,” said Vera Jourova, Europe’s senior justice official. “It is important that transatlantic transfers of data can continue, as they are the backbone of our economy,” she added.
But the negotiations have been difficult.
“The underlying issue is U.S. law enforcement’s access to data, which is a political issue… so the negotiations will require a political solution,” Simpson said.
How did the U.S. react?
The U.S. slammed the court for dismissing the Safe Harbor agreement.
“We are deeply disappointed in today’s decision from the European Court of Justice, which creates significant uncertainty for both U.S. and EU companies and consumers,” said Penny Pritzker, U.S. Secretary of Commerce.
She added the ruling “puts at risks the thriving transatlantic digital economy.”
U.S. has earlier accused the court of making “inaccurate assertions” about America’s intelligence services.
Will I see any change?
Experts say it’s unlikely that the ruling will have any major impact on users of Facebook and similar services.
By Ivana Kottasova