New ruling halts US data transfer

EU court ruling 'opens can of worms'The European Court of Justice has delivered a second hammer blow to US companies which transfer data from the EU to the States by backing a recommendation that the safe harbour agreement is not worth the paper it is written on.
The ruling upholds advice issued a fortnight ago by Advocate General Yves Bot following a case brought against Facebook by Austrian lawyer Max Schrems. He argued the Edward Snowden disclosures show there is no effective data protection regime in the US.
It follows last week’s decision that companies must adhere to the local data protection laws of every country in which they operate, and is likely to trigger a tsunami of claims against the likes of Facebook and Google.
More than 4,000 US companies have so far enjoyed using the safe harbour rules agreed between the Commission and the US Department of Commerce, which permit the easy transfer of personal data between the two.
Ashley Winton, UK head of data protection and privacy at international law firm Paul Hastings, believes the ruling has serious repercussions for multi-national companies with operations in Europe.
“Many European data protection regulators, particularly those in Germany, have long believed that the conditions of the safe harbour scheme are not substantial enough and the effect of today’s ruling will empower them to investigate and check the acceptability of any data transfer themselves.”
Winton reckons that the ruling will also apply to other European Commission-approved methods of transferring personal data internationally.
He added: “Crucially, this case cannot be considered alone. Following the landmark case of Weltimmo last week, multinational companies that have elected to create an establishment in a more business-friendly jurisdiction are now likely to have their data protection practices scrutinised by local regulators all across the EU.
“There are currently no rules limiting individuals bringing complaints regarding data protection across multiple jurisdictions simultaneously, so we may now see these complaints springing up from every direction, where data is being shared around the world.”

Related stories
US firms hit by data transfer ruling
ECJ wrecks US tech giants data plans
Facebook hit by illegal data use claim
Facebook chief bigs up data privacy
Facebook defends record on data