CFR’s Net Politics:
The European Court of Justice (ECJ) invalidated the Safe Harbor framework between the United States and the European Union that, for the past fifteen years, has enabled the movement of Europeans’ data across the Atlantic. As the business community seeks clarification about what rules will apply going forward, both the White House and the European Commission promised that they will continue work on a new agreement.
The case began in 2013 when Austrian law student Max Schrems complained to the Irish data protection commissioner that his Facebook data was inadequately protected when it moved to U.S. servers, citing Edward Snowden’s leaks about widespread NSA surveillance. The Irish commissioner rejected Schrems’s complaint on the grounds that the European Commission had determined in 2000 that the Safe Harbor framework adequately protected EU citizens’ data. On appeal, the Irish High Court referred to the ECJ the question of whether a national data protection authority is bound by the Commission’s finding.
Meanwhile, privacy advocates are citing the decision to prod Congress to engage in much broader reform U.S. surveillance programs. Jens Henrik-Jeppesen, director of European affairs for the Center for Democracy and Technology, for example, said “There is a clear need for the U.S. and Europe to set clear, lawful and proportionate standards and safeguards for conducting surveillance for national security purposes.”