EU Safe Harbor Ruling: Implications for Businesses

By Jonathan R. Tung, Esq. on October 14, 2015 | Last updated on March 21, 2019

When the Austrian student Max Schrems brought his grievances to the Irish authorities, it's doubtful he could have foreseen this ruling by the European Court of Justice.

The ECJ recently concluded that the Safe Harbor Agreement was invalid because it subordinated individuals' privacy concerns beneath "national security, public interest or law enforcement."

Safe Harbor Principles

In its ruling, the ECJ concluded that, at the very least, the European Commission too hastily approved the intercontinental agreement; it should have first made a diligent determination as to whether or not it provided adequate protection to EU citizen data. However, the EU would like to fix this. The ECJ will have the final say as to whether or not a pact is "adequate" or not.

Implications and In-House Clamoring

The current word is that Congress has decided to go bipartisan (for once) and is looking to legislation that would essentially extend U.S. Privacy Act protections to EU Citizens. Hard to say if this was already in the works before the Snowden debacle or because of it.

Businesses that rely heavily on trans-Atlantic Communications are also in a state of legal purgatory. Google, Facebook, and handful of other companies potentially face legal problems because individuals' personal information is updated constantly and makes numerous trips across the ocean every single day. All of those communications? They're technically invalid under the ECJ's new ruling.

Big companies like Google and Facebook probably have the least to fear of all the companies that are affected by the ruling. Less secure in their shoes are the smaller companies who can't afford to leave their online services running, or who don't have a dedicated legal department to weed through the complexities.

These smaller companies could be more vulnerable to privacy violation suits. Brian Hengesbaugh, a privacy attorney with Baker McKenzie in Chicago described the ruling as so "sweepingly broad that any mechanism to transfer data from Europe [to America] could be under threat." Thus, In-House counsel for smaller companies at the moment are unable to give their clients anything more than "Be afraid. Be very afraid."

In other words, the ruling has the potential not only to adversely affect the business efficiency of large tech companies, but smaller non-tech companies as well. Since billions of dollars are riding on electronic communications between the continents that have just been deemed essentially illegal, developments on this story will continue to unfold.

Related Resources:

Copied to clipboard