Last week the EU’s highest court annulled a deal, otherwise known as the Safe Harbour system, which allows companies to transfer personal data from Europe to the United States. The Safe Harbour system allowed companies to avoid checks when transferring data between offices at different ends of the Atlantic. Most of this data includes human resources information and data used for online advertising for the big tech companies. Without the Safe Harbour system, any data transfer from Europe to any other country requires the drawing up of contracts to establish privacy protections between groups or otherwise approval from the relevant data protection authorities.
The case was instigated by a complaint from Austrian law student Max Schrems who criticised Facebook’s transfer of European users’ data to its American servers – believing it to pose a risk of unwarranted US surveillance and ‘snooping.’ Upon review of the Safe Harbour system, the Court of Justice of the European Union said Safe Harbour did not adequately protect EU citizens’ personal data because the requirements of US national security undermined the privacy safeguards within the Safe Harbour system.
The decision is expected to have a serious impact for over 4000 firms who employed the system in their day-to-day running of their business including IBM, Google and Facebook. According to Christopher Padilla, the vice president of government and regulatory affairs at IBM, ‘the free movement of data across borders is the foundation of the global economy, facilitating everything from financial services and manufacturing to shipping and retail.’ All these companies will now have to find alternative, and arguably more strenuous, mechanisms for data transfers between themselves and the EU.
It is still too early to predict the immediate effects of the decision, however companies caught by the annulment are hoping to be given a grace period by authorities to implement alternative mechanisms for their data transfers.