European Safe Harbour Decision invalid
The European Court of Justice (''ECJ'') has rendered an important judgment in a case about the transfer and storage of European personal data in the United States. The court ruled that the European Safe Harbour Decision does not provide an adequate level of protection of personal data. Based on this agreement organisations such as Google, Facebook, Microsoft, Apple, Amazon and Twitter got permission to store data from Europeans in the U.S. In total there are over 5000 organisations transferring personal data based on these decision.
Background: Schrems vs. Facebook
The ruling is the final judgment in a case between the Austrian student Maximillian Schrems and Facebook. All Facebook subscribers residing in Europe must sign an agreement with Facebook Ireland, an Irish subsidiary of the American Facebook Inc. The data provided by subscribers to Facebook is transferred, in whole or in part, to servers in the U.S., where it is processed. Schrems lodged a complaint with the Irish supervisory authority (the Data Protection Commissioner). According to Schrems the law and practice of the U.S. do not offer sufficient protecion against surveillance by the public authorities of the data transferred to the country. He aims at the revelations by Edward Snowden in 2013 concerning the activities of the U.S. intelligence services and in particular the National Security Agency (''NSA'').
The Irish authority rejected the complaint on the ground that in a decision of the European Commission (''EC'') in 2000 considered that, under the 'safe harbour' scheme, the U.S. ensures an adequate level of protection of the personal data transferred. Scherms brought the case before the High Court of Ireland, that referred the case to the ECJ.