From yesterday online businesses that hold personal data will need to deal with individual data protection authorities instead of relying on safe harbour.
The legal regime which allows US businesses such as Facebook to hold personal data about Europeans was today overturned by a court decision that sent shockwaves through the internet industry. In Maximilian Schrems v Data Protection Commissioner, the Court of Justice of the EU ruled invalid a so-called ‘safe harbour’ framework agreed in 2000 by the EU and US. Safe harbour allowed multinationals to hold data in the US despite laxer rules covering the protection of personal data. The measure was challenged by an Austrian privacy activist Maximilian Schrems, a Facebook user, following the Snowden revelations about communications interception by US intelligence agencies. Schrems complained that the law and practice of the US did not offer sufficient protection against surveillance by public authorities of data transferred there.