An Austrian student could force companies such as Facebook to overhaul their European businesses after challenging the way US technology groups handle private data in the EU’s highest court.
Max Schrems, a 27-year old law student, contested the so-called “safe harbour” agreement that allows American groups such as Facebook to store data from EU citizens in the US during a hearing at the European Court of Justice on Tuesday.
Silicon Valley companies warn that changes to the agreement would create a “Balkanised” internet, fragmented along national and regional lines. They argue that if safe harbour were removed or heavily altered, then more than 4,000 groups ranging from Google to Amazon would face having to introduce expensive parallel systems for storing data within the EU.
Lawyers for the European Commission, which oversees the “safe harbour” arrangement, told the Luxembourg-based court that the agreement did not mean that the US “in general ensures an adequate level of protection” for European citizens. The court will issue its verdict later this year.
Mr Schrems initially complained to the Irish data protection authority that Facebook, which has its European operations based in Ireland, had flouted privacy rules. The authority rejected his complaint, triggering a high court battle that resulted in the judge referring the case to the ECJ in Luxembourg last year.
He argues that data from European citizens are not adequately protected in the US and that “safe harbour” gives US companies a competitive advantage over their European peers.
“Safe harbour has been criticised for 15 years [because] it actually doesn’t provide the same protection that is already in Europe and not even something that is close to it,” said Mr Schrems.
The case is the latest example of the growing transatlantic split over how US technology companies are regulated in the EU. European regulators have accused companies such as Google of everything from abusing their market dominance to mishandling customer data. In response, President Barack Obama accused the EU of protectionism earlier this year.
It also comes after NSA whistleblower Edward Snowden revealed widespread intrusion by US intelligence agencies, who claimed that they could readily access personal data stored by companies such as Facebook and Google. Both Facebook and Google deny that this was the case.
The European Commission is in the process of renegotiating the “safe harbour” agreement with the US. The EU’s executive arm has come under pressure from the European Parliament to strengthen protections for European citizens, while also facing calls to ensure that any new agreement does not stifle cross border ecommerce.
Eduardo Ustaran, a data protection expert at law firm Hogan Lovells, said: “One thing this case is exposing is the limitations of a legal system that prohibits international data transfers.”
“In other words the law has created an artificial barrier for data flows so it’s difficult for the commission or regulators to put that right”
The case has attracted a wide following online enabling Mr Schrems to pay for his legal team via donations. “Usually, data protection lawyers tell us, ‘I love your case, I love what you’re doing, but I make money on the other side of the game, because that’s the only place you can make money’,” said Mr Schrems.
Both Facebook and the Irish Data Protection Commissioner declined to comment.
Source: Financial Times