The verdict is in for Facebook, but what are the implications for you?
Lees in het Nederlands - Lisez en français
Last week, a judge of the Court of Justice of the EU took an audacious decision – with a single pen stroke, the current process for transferring personal data between the US and Europe has been called into question. But how will this affect you?
The background
The EU Directive 95/46/EC was designed to protect the privacy of European citizens. Developed between 1998 and 2000, this directive specifies, for instance, that companies operating in the EU are not allowed to send personal data to companies outside the EU, unless they guarantee adequate levels of protection of privacy.
In order to make it possible for American companies to collect personal data of their customers in Europe, a process was developed between the US and the EU: Safe Harbor. Thanks to this agreement, companies that were willing to comply with certain rules were allowed to export the data of EU citizens to the US (i.e. store and/or process them on servers in the US).
These rules require that users must be informed about the fact that their data are being collected, that they must have the option to opt out of the collection of these data, that they must be able to access the information (and correct it if necessary), etc. Quite a suitable principle after all, which at first sight seems totally fair, for both companies and citizens.
The facts
So, nothing wrong… until 2013, when Edward Snowden revealed that the American intelligence services intercept and store all conversations in de US, whether by crooks or ordinary citizens.
Maximilian Schrems, a young Austrian law student who had long been concerned about the methods used by companies such as Facebook to collect user data, sued the social network giant. And, this week, the judge of the Court of Justice of the EU delivered a verdict that startled the entire Internet industry.
The Court has indeed invalidated the Safe Harbor process. American companies are governed by US laws, which means that American intelligence agencies may access the data, which makes it impossible to guarantee the citizen’s privacy.
The possible consequences
This important decision has major implications, and various scenarios are now possible:
- American companies will no longer be able to rely on the Safe Harbor regime in order to store data of European customers on American servers.
- If they want to do this anyway, they will have to request permission to store data from every country’s authorities.
- New negotiations between the US and the EU might begin in order to develop a new process that will be valid for the whole of the EU.
- American companies may start migrating to servers in Europe, in order to store the data of their European customers.
- Due to the negative economic effects of this decision, politicians might limit the power of intelligence services, so that they will have to focus on real suspects, and be able to provide a court order… Are we being a little too idealistic here?
How will this affect you?
As you might guess, this decision of the Court of Justice of the EU will have major implications. Many legal departments are most probably reading the verdict very carefully in order to understand every last detail of the consequences. And over the next weeks and months, you will certainly find out how authorities in the US, the EU and the different states interpret and apply this verdict.
For you, as a consumer, this is obviously a good thing. In the future, this will contribute to better privacy protection.
For your company, this verdict will give you food for thought. Are you using servers in the US? Do you even know where the servers of your service providers are located? If you want to play it safe, you should go for hosting services provided by Combell, whose servers are located in state-of-the-art data centres in Belgium.