The European Commission must immediately suspend the 'Safe Harbour' framework with the US and initiate a new, secure data protection framework that will guarantee the rights and privacy of European citizens, says the Chair of the European Parliament Civil Liberties Committee, Claude Moraes, following today's ruling of the European Court of Justice in the case regarding Facebook's transfer of EU citizens data to the US.
Civil Liberties Committee Chair Claude Moraes (S&D, UK) statement on the European Court of Justice ruling declaring the Commission's US Safe Harbour decision invalid:
"I welcome the European Court of Justice decision today as it finally backs up the repeated calls from the European Parliament for the suspension of the US Safe Harbour framework on the grounds that it does not ensure the adequate level of protection required by EU data protection law.
Compared to the strong, enforceable data protection legislation that exists in the EU, Safe Harbour offers completely inadequate protection for EU citizens using services from US companies. The Snowden disclosures threw into the spotlight these inadequacies in particular as it does not provide any protection from mass surveillance activities as it contains a national security exemption which has never been clarified. However, there were also concerns prior to the Snowden revelations given that it is a non-binding agreement which lacks compliance by companies and gives no possibility for citizens to enforce their rights.
The decision by the European Court of Justice today, declaring the invalidity of the Safe Harbour agreement, forces the European Commission to act in order to ensure that transatlantic transfers of personal data of EU citizens to companies in the US offer the continuity of protection required by EU law and come up with immediate alternative to Safe Harbour. The Commission has been in negotiations with the US for over a year on improving the framework but we have still received no update on these discussions.
The Commission must immediately put forward a new complete and strong framework for transfers of personal data to the US which complies with requirements of EU law as enshrined in the Charter of Fundamental Rights and EU data protection rules and provide our citizens with solid, enforceable data protection rights and effective independent supervision."
Note to editors
The 2000 Safe Harbour agreement allows companies to transfer European citizens' private data to the US if they vouch for adequate privacy protection as set out in the agreement. More than 3000 companies currently use Safe Harbour for the transfer of data, including firms like Facebook, Google and Microsoft.
Following a complaint by Austrian citizen Max Schrems, the European Court of Justice on Tuesday 6 October declared that the Commission's Safe Harbour Decision is invalid. The verdict follows the opinion of the advocate general issued on 23 September 2015.
In his complaint, Mr Schrems argues that the Snowden revelations of the NSA data collection programme PRISM which sees EU citizens' data held by US companies passed on to US intelligence agencies brings into question the adequacy of the data protection rendered by Safe Harbour.
Following Snowden's revelations, the European Commission in November 2013 issued 13 recommendations to restore trust in Safe Harbour and make it safer.
The European Parliament has repeatedly called for the suspension of Safe Harbour, most recently in its 2014 resolution on the surveillance carried out by the NSA.