Digital Privacy

Trans-Atlantic Data Transfers at Risk

EU flag man iPad businessman Source E Getty Images 49495664
Europe's top court may decide to halt data transfers to the United States.
  • Why it matters

    Why it matters

    If Europe’s highest court decides that Americans do not protect European citizens’ privacy, several companies including Google and Facebook must change their entire business model.

  • Facts


    • A legal expert at the European Court of Justice said E.U. citizens’ data transfered to the United States is not secure in America due to surveillance practices.
    • The European Court of Justice usually follows opinions given by its legal experts, meaning it could halt trans-Atlantic data transfers.
    • The ruling is expected in a few months and could force a change in the law on how data is passed from Europe to America.
  • Audio


  • Pdf

A legal expert has warned that the Safe Harbor agreement, that allows companies to transfer data from Europe to the United States, may have to end.

The agreement allows tech companies such as Facebook and Google to send data across the Atlantic, with the understanding that the privacy of E.U citizens will be as protected in the United States as it is in Europe.

The principle was challenged in court by Austrian citizen Max Schrems, who complained about privacy issues related to his Facebook posts. The case is now with the European Court of Justice. Advocate general Yves Bot, who is advising the court on the case said Wednesday that the current agreement, Safe Harbor, does not protect E.U. citizens’ privacy.

Mr. Bot’s opinion, which also pleaded to empower national authorities in Europe to block trans-Atlantic data transfers, is not binding but Europe’s top court usually follows advice given by the expert, officially known as the Advocate General. The court itself is expected to rule on the matter in a few months.

Mr. Bot directly referred to Edward Snowden’s revelations on spying practices by the U.S. National Security Agency when arguing against the current practice of data transfers from the European Union to the United States.

“It follows from these factors that the law and practice of the United States allow the large-scale collection of the personal data of citizens of the Union which is transferred under the Safe Harbor scheme, without those citizens benefiting from effective judicial protection,” Mr. Bot said in his advice.

The ruling could affect all data transfers by companies from the European Union, in particular Ireland, where most U.S. companies such as Microsoft, Google and Facebook  base their European operations. Ireland has offered tax breaks for large companies and has privacy laws that are less strict than many others in Europe.

“If we take it that the advocate general’s opinion was followed by the court, it would mean that the Safe Harbor agreement is immediately declared invalid,” said Simon McGarr, an Irish laywer who works for Digital Rights Ireland, an organization which defends citizens’ online rights.

“The consequence would be that the transfer of E.U. citizens’ data to the United States would have to stop immediately under the Safe Harbor agreement,” Mr. McGarr told Handelsblatt Global Edition.


Max Schrems in Vienna. Source: Handelsblatt.
Max Schrems in Vienna. Source: Handelsblatt.


Austrian law graduate Max Schrems, 27, filed a complaint at Ireland’s privacy authority in 2013, saying his Facebook data was not adequately protected once transferred to the United States due to U.S. surveillance practices.

Mr. Schrems told Handelsblatt Global Edition he was pleased with the legal opinion. “It stated in principle what we have argued for all along.”

The opinion, if accepted, has the potential not only to hamper how thousands of companies transfer data overseas but could also restrict the NSA’s ability to scoop up massive amounts of Internet data on European citizens.

“This finding, if confirmed by the court, would be a major step in limiting the legal options for U.S. authorities to conduct mass surveillance on data held by E.U. companies, including E.U. subsidiaries of U.S. companies,” Mr. Schrems said in a statement following the opinion’s release.

Mr. McGarr, the Irish digital rights lawyer, said European and U.S. authorities could agree on new data transfer rules to better protect E.U. citizens’ data in the United States. The two regions have already been in talks for several years to update the Safe Harbor agreement.

U.S. companies, meanwhile, might already have begun setting up an alternative infrastructure in Europe in case data transfer was blocked, Mr. McGarr said.

Digital Rights Ireland, represented by Mr. McGarr, was heard in Mr. Schrems’ case at the Irish High Court as a so-called “amicus party,” sharing its legal views on Mr. Schrems’ complaint. As a representative of the Irish group, Mr. McGarr also filed submissions to the European Court of Justice in Mr. Schrems’ case, but he never acted for the Austrian, Mr. McGarr said.


Video: Conversation with Max Schrems, recipient of an OII Internet and Society Award by the University of Oxford.


Gilbert Kreijger is an editor at Handelsblatt Global Edition in Berlin, focusing on companies and markets. Dustin Volz, a tech policy correspondent for the Washington-based National Journal and an Arthur F. Burns fellow of the International Journalists’ Programme at Handelsblatt Global Edition, contributed to this article. To contact the author:

We hope you enjoyed this article

Make sure to sign up for our free newsletters too!