- U.S. business investment plans fall for seventh straight monthPosted 6 years ago
- Documents show flash crash trader’s frenetic business dealingsPosted 6 years ago
- Business group sees thousands of U.S. jobs from Pacific trade dealPosted 6 years ago
- General Dynamics says still focused on government cybersecurity businessPosted 6 years ago
- Global business groups urge China to suspend bank IT rulesPosted 6 years ago
- Nokia explores sale of map business, source saysPosted 6 years ago
- Exclusive: Canada’s Bombardier looks to raise cash from rail business – sourcesPosted 6 years ago
- SurveyMonkey expands business into paid analytic servicesPosted 6 years ago
- No truth to talk Japan’s Sharp will exit solar business: executivePosted 6 years ago
- Lexmark to buy Kofax for about $1 billion to boost software businessPosted 6 years ago
EU-US Privacy Shield for data struck down by court

Image copyright
EPA
Austrian Max Schrems has been in a years-long battle over the transfer of his data to the US
The European Court of Justice has declared invalid one of the two legal methods companies use to transfer EU citizens’ data to the United States.
They had been able to transfer data by signing up to higher privacy standards under the EU-US Privacy Shield.
But they will now have to sign standard contractual clauses, non-negotiable legal contracts drawn up by Europe, which the court chose not to abolish.
The ECJ was concerned about companies handing data to intelligence agencies.
Surveillance laws
Max Schrems, the Austrian privacy advocate who brought the case, said: “It seems we scored a 100% win for our privacy.
“It is clear that the US will have to seriously change their surveillance laws, if US companies want to continue to play a role on the EU market.”
European data protection law says data can be transferred out of the EU – to the United States or elsewhere – only if appropriate safeguards are in place.
But the ECJ said US “surveillance programmes… are not limited to what is strictly necessary”.
“The requirements of US national security, public interest and law enforcement have primacy, thus condoning interference with the fundamental rights of persons whose data are transferred,” it said.
“The limitations on the protection of personal data arising from the domestic law of the United States… are not circumscribed in a way that satisfies requirements.”
‘Bold move’
The EU-US Privacy Shield system “underpins transatlantic digital trade” for more than 5,000 companies, about 65% of which are small-medium enterprises (SMEs) or start-ups, according to UCL’s European Institute.
“This is a bold move by Europe,” Jonathan Kewley, co-head of technology, at law firm Clifford Chance, said.
“The courts are saying that the surveillance regime in the US does not respect the rights of EU citizens and puts US state interests over the interests of individuals.
“What we are seeing here looks suspiciously like a privacy trade war, where Europe is saying their data standards can be trusted but those in the US cannot.”
And it could mean “more Europe data localisation, with more customer data staying in Europe as a result”.
Mr Schrems lodged a complaint against Facebook transferring data to the US in 2013, after leaks by ex-CIA contractor Edward Snowden revealed the extent of US surveillance.
His first case ended with the ECJ overturning the long-standing Safe Harbour arrangement, in 2015.
Privacy Shield and SCCs were created as alternatives.
You must be logged in to post a comment Login