The “Safe Harbor” agreement declared invalid

The European Court of Justice ruled, on October 6th, that the "Safe Harbor" agreement used by American companies for consumer privacy and data storage in both the US and Europe, is invalid. The ruling is final and cannot be appealed.

The European Court of Justice ruled, on October 6th, that the "Safe Harbor" agreement used by American companies for consumer privacy and data storage in both the US and Europe, is invalid. The ruling is final and cannot be appealed.

The ruling implies that tech companies, e.g. Facebook and Twitter, may have to adhere to the strict rules and regulations imposed by individual European countries’ data regulators. This could force them to host European user data in Europe, rather than in the US and transferring it over, something that would be considered a potential bureaucratic nightmare. In theory, American companies with European customers could now end up trying to follow 20 or more different sets of national data privacy regulations.

The ruling follows the lawsuit by student and “privacy advocate” Max Schrems against Facebook, claiming his privacy had been violated by the NSA’s mass surveillance programs. Since Facebook is headquartered in Ireland, the Irish Data Protection Commissioner treated the case. It was rejected namely due to the “Safe Harbor” agreement, however Schrems appealed. The result of this process can now be seen in the current European Court of Justice case.

The Norwegian Data Protection Authority has not commented on the matter, as of October 6th, but Haavind will follow the matter closely and comment in a follow-up article.

Read more