Duncan Robinson and Murad Ahmed
An Austrian student could force companies such as Facebook
to overhaul their European businesses after challenging the way US
technology groups handle private data in the EU's highest court.Max Schrems, a 27-year old law student, contested the so-called "safe harbour" agreement that allows American groups such as Facebook to store data from EU citizens in the US during a hearing at the European Court of Justice on Tuesday.
Silicon Valley companies warn that changes to the
agreement would create a "Balkanised" internet, fragmented along
national and regional lines. They argue that if safe harbour were
removed or heavily altered, then more than 4,000 groups ranging from Google to Amazon would face having to introduce expensive parallel systems for storing data within the EU.
Lawyers for the European Commission, which oversees the "safe harbour" arrangement, told the Luxembourg-based court that the agreement did not mean that the US "in general ensures an adequate level of protection" for European citizens. The court will issue its verdict later this year.
Mr Schrems initially complained to the Irish data protection
authority that Facebook, which has its European operations based in Ireland, had flouted privacy rules. The authority rejected his complaint, triggering a high court battle that resulted in the judge referring the case to the ECJ in Luxembourg last year.
Read MoreGoogle shakes up European units in face of tougher rules
He argues that data from European citizens are not adequately protected in the US and that "safe harbour" gives US companies a competitive advantage over their European peers.
"Safe harbour has been criticised for 15 years [because] it actually doesn't provide the same protection that is already in Europe and not even something that is close to it," said Mr Schrems.
Lawyers for the European Commission, which oversees the "safe harbour" arrangement, told the Luxembourg-based court that the agreement did not mean that the US "in general ensures an adequate level of protection" for European citizens. The court will issue its verdict later this year.
Mr Schrems initially complained to the Irish data protection
authority that Facebook, which has its European operations based in Ireland, had flouted privacy rules. The authority rejected his complaint, triggering a high court battle that resulted in the judge referring the case to the ECJ in Luxembourg last year.
Read MoreGoogle shakes up European units in face of tougher rules
He argues that data from European citizens are not adequately protected in the US and that "safe harbour" gives US companies a competitive advantage over their European peers.
"Safe harbour has been criticised for 15 years [because] it actually doesn't provide the same protection that is already in Europe and not even something that is close to it," said Mr Schrems.
The case is the latest example of the growing
transatlantic split over how US technology companies are regulated in
the EU. European regulators have accused companies such as Google of
everything from abusing their market dominance to mishandling customer
data. In response, President Barack Obama accused the EU of
protectionism earlier this year.
More from the FT:
Facebook enters money transfer market
Facebook revises rules on banned content
Facebook bear hug in store for news sites
It also comes after NSA whistleblower Edward Snowden revealed widespread intrusion by US intelligence agencies, who claimed that they could readily access personal data stored by companies such as Facebook and Google. Both Facebook and Google deny that this was the case.
The European Commission is in the process of renegotiating the "safe harbour" agreement with the US. The EU's executive arm has come under pressure from the European Parliament to strengthen protections for European citizens, while also facing calls to ensure that any new agreement does not stifle cross border ecommerce.
Eduardo Ustaran, a data protection expert at law firm Hogan Lovells, said: "One thing this case is exposing is the limitations of a legal system that prohibits international data transfers."
"In other words the law has created an artificial barrier for data flows so it's difficult for the commission or regulators to put that right"
The case has attracted a wide following online enabling Mr Schrems to pay for his legal team via donations. "Usually, data protection lawyers tell us, 'I love your case, I love what you're doing, but I make money on the other side of the game, because that's the only place you can make money'," said Mr Schrems.
Both Facebook and the Irish Data Protection Commissioner declined to comment.
More from the FT:
Facebook enters money transfer market
Facebook revises rules on banned content
Facebook bear hug in store for news sites
It also comes after NSA whistleblower Edward Snowden revealed widespread intrusion by US intelligence agencies, who claimed that they could readily access personal data stored by companies such as Facebook and Google. Both Facebook and Google deny that this was the case.
The European Commission is in the process of renegotiating the "safe harbour" agreement with the US. The EU's executive arm has come under pressure from the European Parliament to strengthen protections for European citizens, while also facing calls to ensure that any new agreement does not stifle cross border ecommerce.
Eduardo Ustaran, a data protection expert at law firm Hogan Lovells, said: "One thing this case is exposing is the limitations of a legal system that prohibits international data transfers."
"In other words the law has created an artificial barrier for data flows so it's difficult for the commission or regulators to put that right"
The case has attracted a wide following online enabling Mr Schrems to pay for his legal team via donations. "Usually, data protection lawyers tell us, 'I love your case, I love what you're doing, but I make money on the other side of the game, because that's the only place you can make money'," said Mr Schrems.
Both Facebook and the Irish Data Protection Commissioner declined to comment.
No comments:
Post a Comment