The Trouble With Schrems
Last October, a case against Facebook brought by an Austrian law student blew up an EU-US agreement regulating American tech companies' handling of Europeans' personal data. A new deal has now been agreed, which – pending further legal challenge – will have important implications for how intelligence services share information.
PARIS – In October 2015, a court case launched by Max Schrems, a 28-year-old Austrian privacy activist and graduate student at the University of Vienna, led to the annulment of the so-called Safe Harbor agreement that governs how United States firms comply with the European Union’s privacy laws. The decision, by the European Court of Justice (ECJ), threw into legal uncertainty the collection, handling, transfer, and storage of user data by about 4,500 US companies.
The ruling led many in Europe to draw comparisons between Schrems and Edward Snowden, the intelligence contractor who leaked classified information detailing America’s global surveillance programs. And, in fact, Schrems’s lawsuit was heavily informed by Snowden’s disclosures, which included details of a US National Security Agency program whereby US companies allegedly handed over to the NSA personal information stored on their computer systems. According to the ECJ’s ruling, the cooperation between US companies and the country’s intelligence agencies violates the right to privacy and data protection guaranteed by the EU Charter of Fundamental Rights.
The court’s message was clear: Unless the US government modified the way it gathers intelligence, by restricting access to personal data and adopting a case-by-case approach to its investigations, it would be impossible for consumer information to be transferred from the EU to the US through the Safe Harbor framework.