Monday

2nd Oct 2023

US firms ignoring EU court ruling on data, Schrems warns

Big US firms are ignoring the recent landmark EU court ruling on data-sharing because of weak EU enforcement, warned privacy campaigner Max Schrems.

The Austrian activist has for the past decade fought for data protection rights of EU citizens, forcing the European Union to scrap two data transfer deals with Washington - broadly due to US-led snooping.

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

  • The European Court of Justice invalidated the Privacy Shield data-transfer pact - just as it had done its predecessor, the Safe Habour pact with the US (Photo: Court of Justice of the European Union)

On Thursday (3 September), Schrems told the European Parliament big US electronic service providers will continue to harvest the data of EU citizens, despite the July ruling by the European Court of Justice.

"What is especially concerning in this context is these statements from the US industry," he told MEPs in the civil liberties committee via video-link.

"I was in on a couple of calls in the last couple of weeks, all of them were confidential, but basically the feedback is that we [US industry] are simply going to ignore what the Court of Justice has said," said Schrems.

"We got a letter from Facebook itself that says it will continue to transfer the data despite the second judgement saying they can't do that, so I think that is concerning."

He added the US firms do not believe European data authorities will do anything about it - highlighting issues with Ireland's data protection commission in its dealings with Facebook.

EU authorities have yet to impose any real fines since the launch of the EU's data protection regulation (GDPR) in 2018, despite numerous violations.

The lack of enforcement riled Dutch liberal MEP Sophie in't Veld, who said Schrems had done more to defend citizen rights "than all the supervisors put together."

US surveillance or EU rights

The court had over the summer scrapped Privacy Shield, the EU-US data-transfer pact. The self-certifying agreement was meant to ensure that European protection standards continue once citizens' data is transferred to the United States.

But a US surveillance law, known as FISA 702, up-ended those protections, which are a fundamental right in the European Union.

The European Commission had been warned about US surveillance for years, relying on written assurances from the US that the bulk collection of people's data would not be carried out.

The court had also declared that other legal data transfer methods, like standard contractual clauses (SCCs), remained valid.

Such clauses also fall outside the scope of FISA, are generally used by small companies, and pale in the amount of data transferred when compared to Privacy Shield.

The European Commission is now scrambling to get a new deal sorted, but is faced with a history of promises on data protection that have failed to deliver.

In 2015, the EU court invalidated their previous data transfer pact with the US, named Safe Harbour.

The commission then negotiated Privacy Shield as its replacement but that then met the same fate this summer.

Didier Reynders, the EU commissioner in charge of putting a new deal together, conceded that the US may have to change its own laws on surveillance for a new deal to work.

"It may be a necessity to have legislative changes," he said, noting that any such proposals would delay any future new framework.

Reynders had - during his presentation at the same parliament event on Thursday - insisted on reforming standard contractual clauses.

"We intend to launch the adoption process of the clause in the coming months and I hope finalise it by the end of this year," he said.

Meanwhile, the European Data Protection Board has promised to issue more recommendations to help companies figure out what to do in the wake of the court's July ruling.

The board is tasked to ensure the consistent application of data protection law across the EU, but has since received over 100 complaints over the lack of European enforcement.

The complaints were filed from Schrems and his team at the non-profit Noyb.

"Yesterday [2 September], the European Data Protection Board created a task force to look into the complaints," announced the board's chair, Andrea Jelinek.

EU top court bins 'Privacy Shield' in Schrems privacy case

The EU's top court ruled that the EU-US data-transfer pact fails to protect EU citizens' rights to privacy - following a legal challenge from Austrian privacy activist Max Schrems against Facebook. Washington said it was "deeply disappointed" with the ruling.

Opinion

Google, Fitbit, and a big decision for EU Commission

In the coming days the European Commission seems poised to green-light the acquisition of Fitbit by Google. The deal is a major threat to human rights and must be stopped in its tracks.

Column

Will Poles vote for the end of democracy?

International media must make clear that these are not fair, democratic elections. The flawed race should be the story at least as much as the race itself.

Opinion

Orbán's 'revenge law' is an Orwellian crackdown on education

On Tuesday, the Hungarian parliament passed a troubling piece of legislation known by its critics as the 'revenge law', which aims to punish and intimidate teachers who dare to defy Viktor Orbán's regime. This law is a brutally oppressive tool.

Latest News

  1. European Political Community and key media vote This WEEK
  2. Is the ECB sabotaging Europe's Green Deal?
  3. The realists vs idealists Brussels battle on Ukraine's EU accession
  4. EU women promised new dawn under anti-violence pact
  5. Three steps EU can take to halt Azerbaijan's mafia-style bullying
  6. Punish Belarus too for aiding Putin's Ukraine war
  7. Added-value for Russia diamond ban, as G7 and EU prepare sanctions
  8. EU states to agree on asylum crisis bill, say EU officials

Stakeholders' Highlights

  1. Nordic Council of MinistersThe Nordic Region is stepping up its efforts to reduce food waste
  2. International Medical Devices Regulators Forum (IMDRF)Join regulators, industry & healthcare experts at the 24th IMDRF session, September 25-26, Berlin. Register by 20 Sept to join in person or online.
  3. UNOPSUNOPS begins works under EU-funded project to repair schools in Ukraine
  4. Georgia Ministry of Foreign AffairsGeorgia effectively prevents sanctions evasion against Russia – confirm EU, UK, USA
  5. International Medical Devices Regulators Forum (IMDRF)Join regulators & industry experts at the 24th IMDRF session- Berlin September 25-26. Register early for discounted hotel rates
  6. Nordic Council of MinistersGlobal interest in the new Nordic Nutrition Recommendations – here are the speakers for the launch

Stakeholders' Highlights

  1. Nordic Council of Ministers20 June: Launch of the new Nordic Nutrition Recommendations
  2. International Sustainable Finance CentreJoin CEE Sustainable Finance Summit, 15 – 19 May 2023, high-level event for finance & business
  3. ICLEISeven actionable measures to make food procurement in Europe more sustainable
  4. World BankWorld Bank Report Highlights Role of Human Development for a Successful Green Transition in Europe
  5. Nordic Council of MinistersNordic summit to step up the fight against food loss and waste
  6. Nordic Council of MinistersThink-tank: Strengthen co-operation around tech giants’ influence in the Nordics

Join EUobserver

Support quality EU news

Join us