Last week, the European Court of Justice issued its landmark Schrems decision showcasing the powerful reverberations the Snowden disclosures continue to have around the world. It held that due to the NSA’s mass surveillance programs, a European person’s data may not be stored in the United States. The court invalidated the ironically named “Safe Harbor” agreement, which allowed U.S. technology companies to transfer data freely between Europe and the United States – as long as they could self-certify that the data was subject to privacy protections.
Snowden’s whistleblowing disclosure showed that NSA surveillance of personal information on the Internet is indiscriminate, overbroad, and provides no ability for individual redress. Based on those facts, the Court found volitions of the European right to privacy, right to the protection of personal data, and the right to a fair trial.
The U.S. government’s reaction to the decision has been muted. The Department of Commerce’s press release on the issue focused solely on the commercial aspects of the ruling, deploring the “significant uncertainty for both U.S. and EU companies and consumers” and the risk to digital economy. U.S. technology companies have been an integral part of the national security surveillance regime in the United States. Whistleblowing disclosures going back to 2006 have exposed the NSA’s partnership with companies like AT&T enabling the mass surveillance of Internet traffic. By invalidating the Safe Harbor agreement, the EU court is making U.S. technology companies pay for their collaboration with the NSA on surveillance. Though many of these companies supported the USA Freedom Act and have fought for transparency on government requests for their users’ data, this decision represents an opportunity for them to call for strong privacy and an overhaul of the surveillance state.
The decision should prompt global examination of privacy protections. The Europeans have much to do on this front. Britain, France, Germany, and other European countries are also running vast national security surveillance regimes of their own with even less transparency than the U.S. system. For example: France’s new surveillance law survived a constitutional challenge earlier this year despite massive outcry from civil liberties groups.
We hope this decision will galvanize industry to shout louder for reform in the United States and help create a data privacy system that respects the Constitution, the European Convention on Human Rights, and the principle that privacy is essential to free expression.
As a first step, the decision marks a move in the right direction. There is much more to be done in the United States, Europe, and around the world before any future “Safe Harbor” is truly safe for all citizens.
Gaurav Laroia is Acting Director of GAP’s National Security & Human Rights Program.