Wednesday

29th Nov 2023

US firms face possible sanctions over Safe Harbour

  • Washington: the EU Court's decision on Safe Harbour is retroactive (Photo: prameya)

US firms that relied solely on a now defunct data-sharing pact with the EU could end up facing sanctions from national data protection authorities.

Known as Safe Harbour, the 15-year-old pact was declared invalid on Tuesday (6 October) by the European Court of Justice in Luxembourg.

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

An EU official on Wednesday (7 October) said the decision is retroactive.

This means that all transfers of data from the EU to the US under the regime were illegal since 2000.

“When the Court declares an act of the union institution such as the Safe Harbour invalid and doesn’t say anything else, it means indeed the decision is gone as if it had never existed. Which means also of course that transfers, which don’t have any other legal basis, should not have been made”, the official told reporters.

A second EU official said a company will have to prove, at the moment of the transfer, that it had a number of other guarantees “that showed compliance with the European data protection rules”.

A third EU official said if the company did not show other forms of compliance and if harm had come to the individual as a result, it could face penalties.

The legal complexity is vast, due in part, to a clause in the scheme that had also allowed US laws to overrule Safe Harbour.

“This is a big problem for European rights if you can just overrule the agreement”, said Franziska Boehm, an assistant professor at the German-based Institute for Information, telecommunication and media law.

Boehm, who drafted a European Parliament report on Safe Harbour and had a submitted a review of it to the European Court, said the pact had allowed US intelligence access to the data despite EU protection rules.

Around 4,400 US firms had signed up to the self-certification scheme, which was seldom enforced by the US federal trade commission. According to one independent study, hundreds had even lied about belonging to it.

Big US companies like Facebook use Safe Harbour.

Facebook told AFP in an email that "it is imperative that EU and US governments ensure that they continue to provide reliable methods for lawful data transfers and resolve any issues relating to national security".

The case heard in Luxembourg is rooted in a complaint against Facebook Ireland by Austrian privacy campaigner Max Schrems.

He argued in 2013 that Facebook Ireland could not guarantee his data was protected under Safe Harbour following US mass surveillance revelations from whistleblower Edward Snowden.

Ireland’s data protection authority at the time rejected his case because Facebook was in Safe Harbour. Schrems appealed and the case went to the Luxembourg-based Court.

Ireland’s court will now have to decide whether to suspend Facebook’s transfer of data to the US.

The Irish data protection commissioner Helen Dixon has since said that the ECJ “judgement extends far beyond the case presently pending in Ireland.”

EU imposes deadline for new US data pact

The European Commission is using the European Court of Justice ruling on Safe Harbour as a leverage to get a new deal with American authorities.

EU gives thumbs up to US data pact

Commission gives 'thumbs-up' to controversial Privacy Shield deal with US on data sharing after a year's operation - but notes room for improvement.

Platform workers could face 'robo-firing' under EU's AI rules

The platform workers directive, currently under negotiation, could create "ambiguity" on the processing of personal data by the platform and would also violate the GDPR by including the use of so-called robo-firing, research shows.

No mass scanning in EU online child-abuse bill, MEPs agree

MEPs agreed on new rules for online service and hosting providers to improve the protection of children online, but also to ensure the privacy of internet users — a balance that was missing from the EU Commission's proposal.

Latest News

  1. EU belittles Russia's Lavrov on way to Skopje talks
  2. Member states stall on EU ban on forced-labour products
  3. EU calls for increased fuel supplies into Gaza
  4. People-smuggling profits at historic high, EU concedes
  5. EU bets big on fossil hydrogen and carbon storage
  6. How centre-right conservatives capitulate to the far-right
  7. My experience trying to negotiate with Uber
  8. Key battlegrounds in EU's new media legislation

Stakeholders' Highlights

  1. Friedrich Naumann FoundationPoems of Liberty – Call for Submission “Human Rights in Inhume War”: 250€ honorary fee for selected poems
  2. World BankWorld Bank report: How to create a future where the rewards of technology benefit all levels of society?
  3. Georgia Ministry of Foreign AffairsThis autumn Europalia arts festival is all about GEORGIA!
  4. UNOPSFostering health system resilience in fragile and conflict-affected countries
  5. European Citizen's InitiativeThe European Commission launches the ‘ImagineEU’ competition for secondary school students in the EU.
  6. Nordic Council of MinistersThe Nordic Region is stepping up its efforts to reduce food waste

Stakeholders' Highlights

  1. UNOPSUNOPS begins works under EU-funded project to repair schools in Ukraine
  2. Georgia Ministry of Foreign AffairsGeorgia effectively prevents sanctions evasion against Russia – confirm EU, UK, USA
  3. Nordic Council of MinistersGlobal interest in the new Nordic Nutrition Recommendations – here are the speakers for the launch
  4. Nordic Council of Ministers20 June: Launch of the new Nordic Nutrition Recommendations
  5. International Sustainable Finance CentreJoin CEE Sustainable Finance Summit, 15 – 19 May 2023, high-level event for finance & business
  6. ICLEISeven actionable measures to make food procurement in Europe more sustainable

Join EUobserver

Support quality EU news

Join us