The E.U. court ruling that could blow up digital trade — and U.S. surveillance
07/14/20 11:59 AM EDT
Is Europe about to set off an international crisis over privacy — again?
In a ruling this week, the bloc's top court is set to decide on the legality of instruments used to ferry data from the EU around the world — and possibly a data protection deal with Washington known as Privacy Shield too.
If the Luxembourg-based court rules that the instruments, known as Standard Contractual Clauses, are illegal, or that Privacy Shield is beyond repair, the effects will be immediate and far-reaching. Hundreds of billions of euros in digital trade will fall into legal limbo, and the long-running legal dispute — grounded in fears about U.S. surveillance — could balloon into a geopolitical crisis.
In December, a nonbinding opinion from an advocate general at the court upheld the legality of the SCCs. But the opinion, which will not necessarily be followed by the court, was much more critical about Privacy Shield, which came into force in 2016 and gave Europeans a greater say over how their digital information was used by American authorities once it had been moved to the U.S.
Europeans have long complained that U.S. surveillance means their data is not safe from snooping when it's transferred across the Atlantic. A blow against Privacy Shield would ratchet up tensions between Brussels and Washington at a time when Donald Trump's administration is already lashing out against the EU's privacy law, the General Data Protection Regulation, and threatening to hit EU countries with billions of dollars in tariffs over digital taxes.
But it's not just relations with the U.S. that could take a hit on Thursday. EU privacy hawks are increasingly turning their attention to the perceived risk of snooping from Beijing, with several privacy probes targeting ByteDance-owned social media app TikTok, and a court battle in Germany shining an unflattering light on 5G-vendor Huawei's data protection practices.
Underscoring Europe's increasing preoccupation with the world's most populous country, top EU privacy watchdog Wojciech Wiewiórowski told POLITICO last week that he feared more for data that was destined for China than the U.S. — which he said was "much closer" to the EU in terms of values.
“Even with all the years of cooperation with the U.S., [data transfers] can be a problem in the courts … How to comment about countries that don’t observe the same values?” he said, in a nod to the case that will be decided upon on Thursday.
The case being decided this week in Luxembourg stems back to a complaint by Austrian privacy activist Max Schrems filed in 2013 against Facebook. He argued that revelations of widespread American snooping by whistleblower Edward Snowden showed that EU data hoovered up by the social media company was not safe in the U.S.
The complaint led to the EU's top court in 2015 nixing a data transfer agreement between the U.S. and the EU known as Safe Harbor, later replaced by the Privacy Shield.
However, Schrems complained that fundamental issues with America's surveillance regime remained even under Privacy Shield, urging regulators to veto Facebook's use of SCCs to transfer data across the Atlantic.
The case ended up in the Luxembourg court again after Ireland's Data Protection Commission — the privacy regulator in charge of overseeing Facebook in Europe — refused to nix the social media company's data transfers.
Instead, the Irish regulator called for judges to invalidate SCCs in general, broadening out the case far beyond Facebook. Both Schrems and Facebook maintain that SCCs are valid.
“Privacy Shield is an updated version of the illegal Safe Harbor. Nothing in U.S. surveillance law was changed or fixed," he said last December.
The European Commission and U.S. officials maintain the Privacy Shield improves privacy protections.