(European Union) European Court of Justice Rules Data Transfer Between US and EU is Invalid #general


Jan Meisels Allen
 

Privacy advocates vs. First Amendment rights won in the European Court of
Justice (EUCJ) when the Court ruled on October 6 that the international
agreement permitting digital data transfer between the United States and the
European Union 28-member countries is invalid.

The decision found the data transfer agreement violates the privacy rights
of Europeans by exposing them to allegedly indiscriminate surveillance by
the U.S. government.

This is a major problem for companies such as Google, Facebook, Amazon and
Apple who collect and mine data >from European users but send it to their
home bases in the United States. It also affects any organization with
international operations that needs to transfer employee information such
as benefits or payroll online, and American companies that provide cloud
storage services for EU based companies.

More than 4,500 European and American companies will be required to treat
their information moved outside the EU with the same privacy protections
the data has within the EU. The cost for this disruption of business is
in the billions of dollars. The EUCJ ruling declared the data-transfer
agreement, known as "safe harbor" is immediately invalid. The ruling
permits data-privacy regulators in each of the 28 member countries to
evaluate how they move data >from the their countries to the United States.

As genealogists researching Europe rely on data found on search engines,
this decision affects the genealogist in their research opportunities. The
decision may be read at:
http://curia.europa.eu/jcms/upload/docs/application/pdf/2015-10/cp150117en.pdf
[or http://tinyurl.com/qcz4er4 - MODERATOR]

The "safe harbor" issue is one that has continued to be debated between the
EU members and was an issue in finalizing the Data Protection Regulations
which espouse "the right to be forgotten" and "the right to be erased". The
UK and Ireland are the EU countries that many US companies have based their
EU operations as they were presumed to be more "liberal" in their data
privacy determinations than countries such as Germany and France. The
Court's decision adversely affects the EU's proposal of a single market
known as "one stop shopping". Companies such as Facebook and Google may
decide to store their EU citizens data in the EU.

The EUCJ is the highest court in the EU and the decision may not be
appealed. Their ruling noted that the 500 million EU citizens did not
have the right to bring litigation in the US courts if they believed
their privacy had been infringed by the US government or American
companies. However, some are speculating there may be a torrent of
litigation before the individual EU countries data protection agencies.

The case before the EUCJ started with Max Schrems, an Austrian citizen, who
litigated against Facebook when he accused Facebook of compiling its users'
personal data in violation of Austrian and EU legislation. Mr. Schrems'
Facebook data is transferred >from Facebook's Irish subsidiary (whose EU
headquarters are in Ireland) to servers in the United States where the
information is processed. He first brought suit in Ireland against the
Irish Data Protection Commissioner stating that Facebook transfers the data
to the US. When he lost there, the High Court of Ireland then referred the
case to the EUCJ.

The EUCJ decision was foreshadowed when one of the advocate generals
announced his non-binding opinion two weeks ago, stating he found the law
and practices of the US offer no real protection about the data that is
transferred to the USA, and do not offer EU citizens adequate protection or
legal recourse if the online data is misused. Mr. Schrems is suing
Facebook in an Austrian court in a separate civil class-action suit.

This decision continues with the debate between the US adherence of First
Amendment rights of free speech vs. the EU priority of individual privacy
prevailing, and the trend by EU courts stating their "right to be forgotten"
requirements are global to search engines - not just within the EU.

To read more about the EUCJ "safe harbor" decision see:
http://tinyurl.com/nzsq8yy
Original url:
http://www.nytimes.com/2015/10/07/technology/european-union-us-data-collection.html?_r=0

and: http://tinyurl.com/pfk3jj4
Original url:
http://www.ft.com/cms/s/0/5d75e65a-6bf8-11e5-aca9-d87542bf8673.html#axzz3nnxSu56w

The issues of the Schrems' case, proposed Data Protection Regulation, "safe
harbor" and "right to be forgotten" have all been discussed in previous
postings on the IAJGS Public Records Access Alert. They can be found in the
archives at http://lists.iajgs.org/mailman/private/records-accelerts/ .
You must be a registered subscriber to access the archives. To register go to:
http://lists.iajgs.org/mailman/listinfo/records-access-alerts and follow
the instructions to enter your email address, full name and which
JGS/JHS/SIG/JewishGen is your affiliation You will receive an email
response that you have to reply to or the subscription will not be
finalized.

Jan Meisels Allen
Chairperson, IAJGS Public Records Access Monitoring Committee

Join main@groups.jewishgen.org to automatically receive all group messages.