On the 6th of October 2015, the Supreme Court of Justice in Europe took a remarkable judgement (C-362/14).
Concerned people have without a doubt heard about the Patriot Act in United States. It enables the US government to snoop all data and request data from any company which has its seat in the United States, which effectively makes any large corporation you use services from, subject to transfer your data for investigation if deemed necessary by the US intelligence service.
However, Europe and Switzerland had an agreement and the Safe Harbour Privacy Principles. These principles, ruled in the year 2000, are:
- Notice – Individuals must be informed that their data is being collected and about how it will be used.
- Choice – Individuals must have the option to opt out of the collection and forward transfer of the data to third parties.
- Onward Transfer – Transfers of data to third parties may only occur to other organizations that follow adequate data protection principles.
- Security – Reasonable efforts must be made to prevent loss of collected information.
- Data Integrity – Data must be relevant and reliable for the purpose it w
as collected for.
- Access – Individuals must be able to access information held about them, and correct or delete it if it is inaccurate.
- Enforcement – There must be effective means of enforcing these rules.
However due to a lack of any real authority monitoring and safeguarding these requests, it remains unsure to what exactly happens with your data from Facebook, Google, Microsoft, MSN and tons of other services and companies.
The Supreme Court of Justice declared this clause as invalid. According to the EU the transfer of personal data to countries outside of the EU are no longer permitted, unless that country can guarantee the safeguarding of that personal data and information.
It all started when Maximilian Schrems, an Austrian privacy activist, filed a complaint at the Irish privacy watchdog concerning his personal data. When European citizens chose to use Facebook, they agree with an agreement betw
een the user and Facebook Ireland. Schrems points out that his data posted on Facebook (Facebook Ireland) transfers to servers in the United States automatically. According to the Safe Harbour Principles, this is not allowed as the country (in this case Ireland) must guarantee the protection of Schrems’s personal data.
The Irish Watchdog claimed the complaint was invalid, referring to the Safe Harbour Privacy Principles and that Facebook respected and followed these principles.
Schrems however appealed to the Irish High Court, who in turn redirected the issue to the Supreme Court of Justice of Europe, questioning how these privacy watchdogs can even monitor the flow of personal data to systems they don’t have access to.
This is a good cause for our fundamental rights as European citizens, and a major blow to the constant reduction of our human right for privacy. I really hope that we won’t see any comprise to our privacy soon, as a ‘principle’.