No More Data for You, Europe Tells US
Europe’s highest court struck down an agreement that allowed for the transfer of personal data between the European Union and the United States. The ruling affects US companies such as Google and Facebook that gather user data and process it on US-based servers.
Via The New York Times:
The ruling, by the European Court of Justice, said the so-called safe harbor agreement was flawed because it allowed American government authorities to gain routine access to Europeans’ online information. The court said leaks from Edward J. Snowden, the former contractor for the National Security Agency, made it clear that American intelligence agencies had almost unfettered access to the data, infringing on Europeans’ rights to privacy.
The court said data protection regulators in each of the European Union’s 28 countries should have oversight over how companies collect and use online information of their countries’ citizens. European countries have widely varying stances toward privacy.
How US tech firms respond to the decision could be pricey. Last June, the Information Technology & Innovation Foundation estimated that US surveillance would cost US tech companies more than $35 billion. This was largely based on a global lack of confidence in their ability to protect data. Now add the potential re-engineering that may have to go into complying with EU privacy laws.
As Henry Farrell, associate professor of political science and international affairs at George Washington University, explains in the Washington Post:
The ruling has very serious implications for companies, such as Facebook and Google. Their business models in Europe depend on access to Europeans’ personal data. Unless they want to close down their European operations, with potential vast losses in earnings and global market share, they are going to have to take some difficult steps. First, they could reengineer that data on European citizens stays in Europe, and hence complies with the ruling. This is likely to be very difficult and very expensive; while they have data centers in Europe, they will have to re-engineer their organization and data practices to keep European and U.S. data entirely distinct from each other. This will not only involve corporate re-engineering, but will also prevent them from taking advantage of a host of economic efficiencies.
Farrell also writes that the ruling doesn’t just affect the United States, but spy agencies throughout Europe as well:
[T]his ruling will lead to new pressures to limit the kinds of indiscriminate surveillance against citizens that many countries — not just the United States — have engaged in over the last 15 years. There will be a push for a transatlantic deal limiting surveillance and bringing it into a clearer international order. This is undoubtedly a product of former NSA contractor Edward Snowden’s revelations (Snowden is cited in the ruling, as well as the rulings that led up to it). It would be impossible to imagine this having happened had Snowden not forced states and courts to pay attention to surveillance and privacy issues.
Or, as Peter Houppermans, a privacy advisor based in Switzerland, tells The Register, “Before Snowden, the EU had no choice but to risk being blackmailed in trade talks. Now Europe has leverage, as well as local political pressure, and can hold up Snowden’s evidence of US non-compliance.”