In a ruling that will reverberate across the tech sector and other industries in both the United States and Europe, the Court of Justice of the European Union (CJEU) ruled that the EU-US Safe Harbour agreement is invalid. The ruling, which is mostly a response to revelations about the US Government’s surveillance practices, complicates the legal framework for companies that transfer their users’ data under the agreement and should generate a new round of surveillance reform efforts in both the US and Europe.
“Today’s ruling shows the need to step up reforms of government surveillance practices. There is a clear need for the US and Europe to set clear, lawful, and proportionate standards and safeguards for conducting surveillance for national security purposes. The invalidation of the Safe Harbour agreement should spur governments on both sides of the Atlantic to ratchet up long-overdue reform efforts,” said Jens Henrik-Jeppesen, CDT Director of European Affairs.
As detailed in a previous post, the Safe Harbour agreement deals specifically with commercial data governance and was designed to ensure compliance with EU standards when companies transferred data from the EU to the US. The agreement was not intended to control or regulate government intelligence agencies conducting surveillance for national security purposes.
“Invalidation of the Safe Harbour agreement is undoubtedly a major jolt for companies and will likely adversely impact their operations. The US Congress should act quickly to provide greater privacy protections to everyone caught up in the US mass surveillance dragnet, and help restore confidence in US tech companies. Reforming Section 702 of the Foreign Intelligence Surveillance Act is where they should start,” Jeppesen added.