Some geeky privacy-related legal issues you really do need to know about

In October the European Court of Justice handed down a ruling invalidating the EC’s Safe Harbor Decision, because some governments have access to electronic data that was supposed to be private. Although this seems both esoteric and remote, it will actually affect everyone on the internet.

In 1995 the European Union passed a law protecting data privacy for Europeans’ data. The principles enshrined in the law (the ‘Data Protection Directive’) include these:

    • Notice – Individuals must be informed that their data is being collected and about how it will be used.
    • Choice – Individuals must have the option to opt out of the collection and forward transfer of the data to third parties.

(For the rest of the items in the list go here).

In 2000 the European Commission (EC) announced that US companies that declared that they were following the above principles, and registering that declaration were permitted to receive European data covered by the law (the so-called ‘Safe Harbor scheme’).

In 2015 an Austrian citizen lodged a complaint against Facebook, based on the Snowden revelations that the US government was accessing data supposedly protected by the Safe Harbor scheme, in particular because the US Patriot Act forbid American firms from disclosing whether they had supplied data to US intelligence agencies.

In October the European Court of Justice ruled 1

in the light of the revelations made in 2013 by Edward Snowden concerning the activities of the United States intelligence services (in particular the National Security Agency (‘the NSA’)), the law and practice of the United States do not offer sufficient protection against surveillance by the public authorities.

Needless to say, the US government was not pleased. The ultimate significance of this decision remains to be seen, but suffice it to say that it has sent a chill across the collective bodies of major American firms with significant presence in Europe, including Microsoft, Google, and Facebook. It does not actually make transferring data across the Atlantic illegal per se, but almost certainly will entail companies like the preceding posting a warning to their European users that data is no longer safe from snooping by the US Government, a warning that is likely to cast a pall on European operations of American companies. Stay tuned…


1Warning–this is the text of a full legal ruling, and is not for the faint of heart.