On October 6, 2015, the Court of Justice of the European Union issued a judgment invalidating the EU-US Safe Harbor Agreement, the legal basis upon which thousands of US companies had relied in order to transfer European users’ data to the United States for processing and/or storage. The CJEU took this action after concluding that the agreement failed to ensure that Europeans’ personal data would not be subject to excessive or otherwise abusive US surveillance practices, particularly those of the kind that occur under Section 702 of the Foreign Intelligence Surveillance Amendments Act of 2008.
Section 702 surveillance activities include PRISM, through which the NSA compels US companies to turn over users’ communications without a warrant, and ‘upstream’ acquisition, through which the NSA seizes virtually all Internet-based communications flowing into or out of the United States and searches the content of those that are text-based (such as e-mails and instant messages).
Elements of the US government have long sought to portray Section 702 surveillance as limited and protective of privacy. This explainer by CDT and other civil society groups on the myths and realities of warrantless Section 702 surveillance sets the record straight about Section 702.