For those of you (all 3 of you) who follow European privacy law, you can skip this post. The rest may find it interesting.
Max Schrems, who was an Austrian law student and now a lawyer has been battling Facebook in particular and claiming that they are violating E.U. law by their various privacy policies. He has gone to a variety of courts and none of the courts have been willing to touch the case – I suspect due to politics.
Back in 2000, the U.S. and E.U. came up with this agreement called safe harbor agreement. Supposedly, U.S. companies could transfer data from the E.U. to the U.S. to use if they agreed to abide by this agreement which was designed to protect European’s privacy rights. The E.U. decided this was necessary because U.S.. privacy laws, in their view, are much weaker than E.U. laws.
Well, after trying to get someone to rule on the case, Schrems went to the European Court of Justice.
Based in large part on documents disclosed by Edward Snowden, Schrems claimed that because the U.S Intelligence community (like every other intelligence community in the world) vacuums up billions of items a day, U.S. companies had no way to comply with the safe harbor agreement. Fundamentally, this is likely true.
The way the process works at the ECJ, they have an advisor, in the case a guy named Yves Bot review the case and make a recommendation. Yves agreed with Schrems. The court usually sides with the advisor.
Needless to say, this has the U.S. Mission to the E.U. scared to death. If the safe harbor agreement gets shredded, then any U.S. company that wants to export data about E.U. residents to the U.S. will need to go through a somewhat convoluted process to convince the E.U. that they are protecting that data in a manner similar to the way E.U. companies do for their citizens.
This could also open many U.S. companies to lawsuits – likely in the E.U., because currently E.U. citizens cannot sue in U.S. court for things like privacy violations. In fact, the U.S. and E.U. have a draft agreement to replace the 2000 agreement, but the E.U. is refusing to sign that new agreement until the U.S. passes a law allowing E.U. citizens to sue in U.S. court – something that has to make it through Congress, which is no small task these days.
Of course, none of this changes the issues surrounding NSA snooping. Curiously, the Intercept wrote a very detailed article that I will write about tomorrow talking about GCHQ (Britain’s equivalent of the NSA) doing the same kind of snooping the NSA does. In fact, that is what all government intelligence agencies do. The Internet is the go to place for terrorists, so you can’t exactly expect them to ignore it.
In any case, the ECJ has announced that they will rule on October 6th. The U.S. Mission has asked them to ignore Mr. Bot and rule against Schrems and, basically, for the United States. It is not at all clear which way this will go, but it is guaranteed that some people will be unhappy no matter what happens – there is no Solomon solution here.
Stay tuned for the details next week.