US embassy calls on EU top court to not kill Safe Harbour

The US embassy for the EU has urged Europe’s top court to reject its advisor’s recommendation for it to rule illegal the key EU-US data sharing agreement known as Safe Harbour.

The US embassy on Monday said, Yves Bot, an advocate general to the European Court of Justice (ECJ), was wrong to recommend judges invalidate the 15 year old EU-US Safe Harbour.

In calling for an end to the data sharing agreement -- which Google, Facebook and others rely on to legally transfer data to US servers -- Bot accused US surveillance services of conducting “mass, indiscriminate surveillance” that undermined Europeans’ fundamental rights.

The question now is whether ECJ judges will follow Bot’s opinion, which is not binding but is considered influential.

In a statement on Monday from Brussels, the US embassy said Bot’s opinion rests on “numerous inaccurate assertions about intelligence practices of the United States” and risks undermining the European Commission’s ability to strike trade agreements in the future.

Bot’s opinion concerns an Irish High Court dispute before the ECJ between Austrian law student Max Schrems and Ireland’s Data Protection Commission (DPC).

The DPC denied Schrems’ request in 2013 to investigate and suspend Facebook’s transfer of his data to its US data centres, citing a European Commission (EC) ruling in 2000 that US data protection was adequate.

Schrems appealed for the DPC investigation after ex-CIA hand Edward Snowden released documents revealing the US surveillance program PRISM, participated in by Google, Microsoft, Yahoo and Facebook. Schrems contended PRISM showed that data protection in the US was not adequate.

EU-US Safe Harbour has offered thousands of US companies a streamlined way to comply with Europe’s data protection directive and legally transfer customer and human resource data to the US. EU law prohibits the transfer of citizens’ data to non-EU locations that do not provide adequate protection.

If the ECJ rules the scheme invalid US tech firms may need to invest in more EU data centres, Schrems pointed out.

The US embassy disagreed with the view in Europe that Schrems’ claims about US surveillance practices are not in dispute.

“The United States does not and has not engaged in indiscriminate surveillance of anyone, including ordinary European citizens. The PRISM program that the Advocate General's opinion discusses is in fact targeted against particular valid foreign intelligence targets, is duly authorised by law, and strictly complies with a number of publicly disclosed controls and limitations,” it said.

It also pointed out that President Obama had, since Snowden’s first leaks, taken “unprecedented steps” to enhance public accountability and transparency of its spying activities.

Read more: New Sydney office anchors iSIGHT's Australian threat-intelligence expansion

The EC and US negotiators recently agreed on a new Umbrella Agreement for the transfer of EU citizens’ data to the US for law enforcement purposes. However they’ve yet to finalise a new version of Safe Harbour, which was supposed to be ready by May. The EC requested a new deal following Snowden’s leaks. Both sides in June insisted solid progress was being made, though that could be undone by the ECJ’s decision.

But just because the EC and US were hashing out a new safe harbour deal didn’t mean it was inadequate, said the US embassy.

“On both sides, there has been a strong desire to make sure that we improve the Framework, and these efforts should be encouraged,” it said.

It added that if the ECJ followed Bot’s opinion, it could undermine confidence in the EC.

“The Advocate General's reasoning would undercut the ability of other countries, businesses and citizens to rely upon negotiated arrangements with the European Commission,” it said.

The ECJ in May controversially ruled that European residents had a right to request that Google and other search engines remove results when searches were made for their name if the information returned was outdated, irrelevant or excessive. Google recently lost an appeal against a decision by France’s data protection watchdog that Google apply delistings to all its domains and not just European domains like

Blast from the past?

Try our new Space Invaders inspired video game NOW.

What score can you get ?

Join the CSO newsletter!

Error: Please check your email address.

Tags EU top courtUS embassySafe HarbourSchremsEU data centreshigh courtEuropean Court of Justice (ECJ)CSO Australia

More about EUEuropean CommissionFacebookGoogleMicrosoftYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts