Data protection authorities in Germany have announced that they will review the legality of internet giants’ data transfers from the EU to the US, after the European Court of Justice ruled that Europeans’ data isn’t safe from intelligence services on US-based servers.
The Hamburg Commissioner for Data Protection and Freedom of Information, Johannes Caspar announced that his office will investigate the Germany-based subsidiaries of companies like Google and Facebook for potentially illegal data transfers.
“Anyone who wants to remain untouched by the legal and political implications of the judgment, should in the future consider storing personal data only on servers within the European Union,” Casper told Der Spiegel.
The move by the Germans follows the European Court of Justice (ECJ) ruling earlier this month that practically scrapped a 15-year old Safe Harbor agreement that enabled internet businesses to move and store Europeans’ data on servers located in the US.
The ECJ ruled that Europeans’ data was insufficiently protected when stored on American-based servers, as it could fall prey to US national intelligence services. Until a new agreement is reached between EU and US, over 4,000 companies are now trying to ascertain the legality of their data transfers.
The ECJ decision came after privacy activist Max Schrems from Austria filed a case against Facebook in Ireland stipulating that his privacy was violated by the NSA’s mass surveillance programs. The recent decision by the court effectively transferred the authority to examine whether data transfers under the Safe Harbour framework breached EU laws to local data protection authorities.
On Monday the EU announced that it had agreed in principle with the Americans on a new trans-Atlantic data-transfer agreement.
“There is agreement on these matters in principle, but we are still discussing how to ensure that these commitments are binding enough to fully meet the requirements of the court,” said EU's Justice Commissioner Vera Jourova.
The working teams are now discussing the final technical points as EU commission wants to ensure that the new arrangement complies “a hundred percent” with the ECJ’s ruling, namely the safety of information from US intelligence community.
The new pact also envisions a reviewed mechanism to keep private data safe and the transfer process more transparent.
“This will transform the system from a purely self-regulating one to an oversight system that is more responsive as well as proactive and backed up by significant enforcement, including sanctions,” Jourova said.