US embassy calls on EU top court to not kill Safe Harbour

The US embassy for the EU has urged Europe’s top court to reject its advisor’s recommendation for it to rule illegal the key EU-US data sharing agreement known as Safe Harbour.

The US embassy on Monday said, Yves Bot, an advocate general to the European Court of Justice (ECJ), was wrong to recommend judges invalidate the 15 year old EU-US Safe Harbour.

In calling for an end to the data sharing agreement -- which Google, Facebook and others rely on to legally transfer data to US servers -- Bot accused US surveillance services of conducting “mass, indiscriminate surveillance” that undermined Europeans’ fundamental rights.

The question now is whether ECJ judges will follow Bot’s opinion, which is not binding but is considered influential.

In a statement on Monday from Brussels, the US embassy said Bot’s opinion rests on “numerous inaccurate assertions about intelligence practices of the United States” and risks undermining the European Commission’s ability to strike trade agreements in the future.

Bot’s opinion concerns an Irish High Court dispute before the ECJ between Austrian law student Max Schrems and Ireland’s Data Protection Commission (DPC).

The DPC denied Schrems’ request in 2013 to investigate and suspend Facebook’s transfer of his data to its US data centres, citing a European Commission (EC) ruling in 2000 that US data protection was adequate.

Schrems appealed for the DPC investigation after ex-CIA hand Edward Snowden released documents revealing the US surveillance program PRISM, participated in by Google, Microsoft, Yahoo and Facebook. Schrems contended PRISM showed that data protection in the US was not adequate.

EU-US Safe Harbour has offered thousands of US companies a streamlined way to comply with Europe’s data protection directive and legally transfer customer and human resource data to the US. EU law prohibits the transfer of citizens’ data to non-EU locations that do not provide adequate protection.

If the ECJ rules the scheme invalid US tech firms may need to invest in more EU data centres, Schrems pointed out.

The US embassy disagreed with the view in Europe that Schrems’ claims about US surveillance practices are not in dispute.

“The United States does not and has not engaged in indiscriminate surveillance of anyone, including ordinary European citizens. The PRISM program that the Advocate General's opinion discusses is in fact targeted against particular valid foreign intelligence targets, is duly authorised by law, and strictly complies with a number of publicly disclosed controls and limitations,” it said.

It also pointed out that President Obama had, since Snowden’s first leaks, taken “unprecedented steps” to enhance public accountability and transparency of its spying activities.

Read more: New Sydney office anchors iSIGHT's Australian threat-intelligence expansion

The EC and US negotiators recently agreed on a new Umbrella Agreement for the transfer of EU citizens’ data to the US for law enforcement purposes. However they’ve yet to finalise a new version of Safe Harbour, which was supposed to be ready by May. The EC requested a new deal following Snowden’s leaks. Both sides in June insisted solid progress was being made, though that could be undone by the ECJ’s decision.

But just because the EC and US were hashing out a new safe harbour deal didn’t mean it was inadequate, said the US embassy.

“On both sides, there has been a strong desire to make sure that we improve the Framework, and these efforts should be encouraged,” it said.

It added that if the ECJ followed Bot’s opinion, it could undermine confidence in the EC.

“The Advocate General's reasoning would undercut the ability of other countries, businesses and citizens to rely upon negotiated arrangements with the European Commission,” it said.

The ECJ in May controversially ruled that European residents had a right to request that Google and other search engines remove results when searches were made for their name if the information returned was outdated, irrelevant or excessive. Google recently lost an appeal against a decision by France’s data protection watchdog that Google apply delistings to all its domains and not just European domains like google.fr.


Blast from the past?

Try our new Space Invaders inspired video game NOW.

What score can you get ?


Join the CSO newsletter!

Error: Please check your email address.

Tags EU top courtUS embassySafe HarbourSchremsEU data centreshigh courtEuropean Court of Justice (ECJ)CSO Australia

More about EUEuropean CommissionFacebookGoogleMicrosoftYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

More videos

Blog Posts