‘A Victory for Us All’: In Rebuke to US Mass Surveillance, EU Court Blocks Data Transfers by Web Corporations

A major ruling from the European Union’s top court on Thursday curtailed U.S. authorities’ power to surveil the personal data of Europeans and is being called a victory for privacy rights and a call for U.S. lawmakers to roll out sweeping surveillance reforms.

The E.U. Court of Justice invalidated a transatlantic data protection deal with the U.S., ruling that European data is not safe when shared with U.S. tech companies via the 2016 Privacy Shield agreement. 

The court ruled that U.S. surveillance laws, including FISA and government watchlists, are too intrusive and don’t meet E.U. standards for privacy rights. 

Privacy advocates at European Digital Rights (EDRi) called the ruling “a victory for us all.”

“Today’s European Court of Justice ruling is a victory for privacy against mass surveillance,” says Diego Naranjo, head of policy at EDRi. “This is a win both for Europeans, whose personal data will be better protected, and a call for U.S. authorities to reform the way intelligence service operate.”

The decision upheld the use of Standard Contractual Clauses (SCCs), which are instruments used to export data from the E.U., but the court ordered the suspension of all data transfers to countries with privacy standards considered unacceptable in the bloc.

More than 5,000 companies have relied on Privacy Shield for the transatlantic transfer of data, and privacy advocates applauded a ruling which they say will apply pressure to U.S. lawmakers to urgently reform surveillance laws in the United States.

“This ruling makes clear that no international agreement can adequately protect people’s privacy from the United States’ current mass surveillance programs and practices,” said Ashley Gorski, senior staff attorney with the ACLU’s National Security Project. “U.S. surveillance violates fundamental privacy rights and continues to be a massive financial liability for U.S. companies trying to compete in a global market. Unless Congress swiftly acts to enact comprehensive surveillance reforms, U.S. businesses will continue to pay the consequences.” 

The E.U. previously invalidated the Safe Harbor agreement in 2015 after Edward Snowden’s disclosures about NSA surveillance programs raised international alarm over U.S. privacy laws. The Privacy Shield pact was put in place in 2016 to replace Safe Harbor.

Under the ruling, major companies which operate overseas, such as Facebook, will have to find alternate ways to access users’ data that comply with E.U. standards. 

“In the short term, hundreds of billions of dollars in digital trade” are now in “legal limbo,” consumer advocacy group Public Citizen said. 

Public Citizen expressed hope that the ruling will “force big tech companies to accept that privacy is a basic business requirement for transatlantic trade.”

Max Schrems, whose case against Facebook Ireland sparked the ruling by the E.U. Court of Justice, said he was “happy about the judgment.”

“It seems the Court has followed us in all aspects,” said Schrems. “This is a total blow to the Irish DPC [Data Protection Commission] and Facebook. It is clear that the U.S. will have to seriously change their surveillance laws, if U.S. companies want to continue to play a major role on the EU market.” 

Read ‘A Victory for Us All’: In Rebuke to US Mass Surveillance, EU Court Blocks Data Transfers by Web Corporations on Common Dreams

Leave a Comment

Your email address will not be published. Required fields are marked *