European Privacy Laws vs. US Tech Giants

‘Europe v Facebook’, was brought by Austrian citizen and privacy activist, Max Schrems, who argued that his privacy was being violated when Facebook was found to be cooperating with the NSA’s Prism program.

The Information Sector of the United States economy, which includes anything from data processing to the entertainment biz,  has in the past five years experienced an average of 4.2% gross output growth rate, marking it as a clearly expanding market only rivaled by mining, management, and administrative services. One need not look at the economic data though to see that companies like Facebook, Google, and Apple, increasingly dominate much of the United States and the world’s new economy. But in a world where legislation is tough to keep pace with technology governed by Moore’s Law, questions on the extent of these companies access to information and users privacy create new legal challenges and concerns. Most recently in the debate surrounding internet privacy and cybersecurity is a battle between European legislators and the aforementioned tech giants. On October 6th, 2015, a landmark ruling in this case was announced, the court ruled that the prior agreement between the US and the European Union, known as the Safe Harbor Pact, was in fact invalid.

This pact, ratified in July 2000, allowed US Internet companies that complied with the Safe Harbor’s principles to transfer European Union and Swiss citizens data to the United States. This data which could include anything from status updates to browsing history, need only to comply with the Safe Harbor’s seven privacy principles in order to be passed along to advertising firms or other organizations alike in the United States and even some third party countries. Needless to say the pact was controversial from its inception, with claims that these principles were nothing but bureaucratic fine print and that its enforcement protocol, letting the private sector deal with disputes, lacked a reliable way for EU and Swiss citizens to protect themselves.

Since 2002, at the demand of several European companies including Microsoft UK who in 2011 pointed out that the US’s Patriot Act allowed for the transfer of cloud data, the EU has been conducting evaluations on the Safe Harbor’s efficiency and transparency. It wasn’t until late 2015 though that these companies and privacy groups were allowed a victory. The case, ‘Europe v Facebook’, was first brought on by Austrian citizen and privacy activist, Max Schrems, who argued that his privacy was being violated when Facebook was found to be cooperating with the NSA’s Prism program, a revelation only recently brought on by the Edward Snowden investigation.

The decision struck down four months ago by the European Court of Justice(ECJ), not only declared the original Safe Harbor Pact to be in violation of EU’s laws but maintained that the US must renegotiate a new agreement by the new year in order for businesses to avoid action from Europe’s Privacy regulators. A new agreement, or a “Safe Harbor 2.0”, is favorable on both sides as both American and European businesses would be heavily affected by the suspension of data transfer. It is estimated by AmCham EU that the court’s decision could account for a 1.3% drop in the EU’s GDP and a 6.7% loss of exports not to mention the fact that “aggregate US investment in Europe totalled €1.9 trillion in 2012 and directly supports more than 4.2 million jobs in Europe.”

Although economically the decision poses much risk, I would like to think that the ruling serves as both a reminder of the weakness of the legal system in the face of cybersecurity and a symbolic victory for privacy groups around the world. Under the broad shadow of the recent years terrorist attacks and the constant fear mongering of certain politicians(cough, Donald Trump) it’s easy to declare national security as a hallway pass for legislation that feeds more into private industry’s profits than a country’s defense system. Granted, this shouldn’t give us the license to throw tech companies into the slaughterhouse of government regulations. Instead a revamping of the legal system, that strikes a balance between the need for citizen’s privacy and the growth of the internet’s relevance to doing business, is the only way we can comfortably move into an era where the internet is seemingly as necessary as water.

This article was written by Ana Cicenia. Please send an email to to get in touch.
Photo Credit: g4ll4is via Flickr

Leave a Reply

Your email address will not be published. Required fields are marked *