Data protection agreement between the EU and US European Court of Justice rules that Safe Harbor is invalid

On October 6, 2015 the European Court of Justice declared the data-transfer pact “Safe Harbor” between the EU and US to be invalid. This judgement overrules a decision of the European Commission from 2000, which considered personal data from the EU to be adequately protected in the US. The court’s ruling includes the following aspects:

  • US-regulations on data protection violate EU-law, since they compromise the fundamental rights for the respect of private life and for effective judicial protection.
  • The Safe Habor-decision of the European Commission can neither eliminate nor reduce the competence of national data protection authorities to control whether data transfers into third countries meet the necessary requirements.
  • In the future EU-authorities are to examine independently whether US-companies, such as Facebook, comply with the EU legislative framework when dealing with personal data of European users.

 The ruling enforces the fundamental rights protection within the EU and illustrates the discrepancies of data protection regulations between Europe and the USA. Heiko Maas, German Federal Minister for justice and consumer protection, commented upon the court’s decision as follows: “The verdict implies a strong signal for the protection of fundamental rights in Europe: Privacy and data protection are crucial in a globally networked world. (…) Anyone who offers goods and services in the EU has to respect the European data protection law – no matter where the server is located.”

Further information: European Court of Justice release and BMJV statement

Source: ECJ and BMJV