EU court ruling strikes hammer blow to transatlantic data flows

Europe’s top court handed down a searing verdict on U.S. surveillance powers on Thursday, ruling for the second time that EU data would not be safe from snooping under a transatlantic data protection deal.

The ruling, which cancels the Privacy Shield agreement, throws billions of dollars in digital trade into legal limbo and reignites a spat over surveillance that dates back more than five years to U.S. whistleblower Edward Snowden’s revelations about American spying.

The Court of Justice of the European Union ruled that Privacy Shield — which replaced an earlier data transfer agreement called Safe Harbor — did not offer adequate protection for EU data when it was shipped overseas because U.S. surveillance law were too intrusive.

In the same ruling, the Luxembourg-based court upheld the legality of instruments used to export data out of Europe, called Standard Contractual Clauses (SCCs). But it required EU privacy watchdogs to suspend data transfers to any country where EU standards cannot be met, opening the way for challenges based on the surveillance systems of other countries.

At a time of growing tension between Brussels and Washington, the ruling is set to inflame relations even more. Donald Trump’s administration has already lashed out at Europe’s privacy system, the General Data Protection Regulation, saying it provides cover for cybercriminals.

So far, both sides have struck conciliatory notes.

Now the two sides will be hard-pressed to come up with an arrangement to keep data flowing across the Atlantic— for the third time.

So far, both sides have struck conciliatory notes. A senior U.S. official told POLITICO this week that Washington was ready to revisit privacy protection for EU data if Privacy Shield was struck down.

 »