A lawyer for the European Commission told top EU judges that their data isn't sufficiently protected from U.S. spy agencies, advising them to close their Facebook accounts for privacy.
The commission argues that Safe Harbor – an EU-U.S. pact for transatlantic data transfers – doesn't do enough to protect European citizens. The Safe Harbor agreement, which is signed off by the European Commission, is vital for the operation of U.S. multinational tech companies like Google, Apple and Facebook in Europe.
The agreement has been highly criticized since 2013, when Edward Snowden's leaks revealed that U.S. and U.K. agencies were accessing personal data from the tech giants and siphoning off data transfer flows by tapping directly into undersea cable networks.
"You might consider closing your Facebook account, if you have one," European Commission attorney Bernhard Schima told attorney-general Yves Bot at the European Court of Justice in Luxembourg on March 25.
The case in front of the European Union Court of Justice (CJEU) is the result of complaints lodged against Apple, Facebook, Microsoft, Skype and Yahoo. The case is headed by regulatory authorities in Germany, Ireland and Luxembourg, as well as the crowdfunded Austrian privacy activist, Max Schrems.
Schrems initially complained about Facebook to the data protection commissioner in Ireland, where Facebook's European HQ is located. When the commissioner rebuffed Schrems, citing a lack of evidence, he appealed to the Irish High Court. The High Court found that the U.S. had "mass and undifferentiated" access to Facebook's EU data and referred the case to the CJEU to help clarify the data transfer rules.
Schrems told the court that the commission has admitted it cannot secure EU data, that U.S. law seems to trump EU law with Safe Harbor, and that it is a core duty of the European Union to protect the data of its citizens. The court said it will rule on whether Safe Harbour adequately protects EU citizens' data by June 24.
On the other side, the Irish data commissioner argues that Safe Harbor is still under negotiation and it should be left to the European Commission to work out safer rules. The commission already outlined a 13-point plan for reforming the pact in 2013. The ensuing negotiations have however been ongoing for 18 months, with little sign of reaching a conclusion.
If the court finds in favor of Schrems, there could be widespread political and commercial ramifications. A new EU Data Protection Directive is currently being drawn up. If Safe Harbor is ruled inadequate, it could ultimately lead to U.S. companies being forced to store EU customer data in specialized centers located in Europe.
Photo: Chris Jackson | Getty Images