EU Advocate General considers (un)Safe Harbor invalid, makes way for comprehensive review

Brussels, Belgium – Today Yves Bot, Advocate General of the Court of Justice of the European Union (CJEU), released his opinion in the EU-US Safe Harbor case, which addresses a controversial transatlantic data sharing agreement. Advocate General Bot recommends that the Court rule to recognise the duty of national data protection authorities to conduct independent assessment of the Safe Harbor in light of evidence of abuses brought by the Snowden’s revelations. Based on a large number of hearings, AG Bot considers European Commission’s earlier decision, holding that the protection of personal data in the United States is adequate, to be invalid.

“Access welcomes today’s opinion which brings the Safe Harbor mechanism under increased scrutiny; the present system fails to protect the rights of users and must be urgently reformed,” said Estelle Massé, Policy Analyst at Access. “This case would not have been possible without Edward Snowden. Disclosures about the PRISM surveillance programme are central to this case as they shed light on user privacy breaches.”

The Safe Harbor landmark legal action was initiated by Austrian privacy activist, Max Schrems. Mr. Schrems filed a civil lawsuit against Facebook for allegedly violating EU privacy laws that require companies to protect personal data when transferred to the US. The case is complicated by the United States’ surveillance of international internet traffic. Mr. Schrems’ case highlights the practices of many US-based companies regarding the protection of users’ personal data when transferring data originating in the EU to the US.

According to the Advocate General, the mass surveillance programmes conducted by the United States intelligence services interfere with EU citizen’s right to privacy and to an effective remedy, and is contrary to the principle of proportionality.

“This case reinforces the urgent need for surveillance reform globally. The US law that authorises the PRISM programme inadequately protects the rights of users, particularly users outside the United States, and it is imperative that the US honour its human rights obligations and discontinue this type of surveillance,” added Massé.

Today’s decision paves the way toward a comprehensive review of this broken data sharing mechanism.The Advocate General’s opinion precedes the ruling of the CJEU, which is expected in the next few months, the same time that the European Commission is conducting a review of the Safe Harbor mechanism. The Safe Harbor review aims to bring more transparency regarding the use of this data transfer agreement and is a first step in the right direction, but it does not go far enough. A more in-depth review is needed to ensure data security and protect user privacy.

Access will release a detailed analysis of today’s opinion later this week.