European Court of Justice, Schrems v. Data Protection Commissioner, C-362/14

Document type
Court Decision
(1) Maximillian Schrems, an Austrian citizen and Facebook user, lodged a complaint with the Irish Data Protection Commissioner saying that in light of Edward Snowden's revelations concerning the activities of the United States intelligence services, the law and practice of the United States did not offer adequate protection against surveillance by public authorities of the data transferred to that country. In this case, data provided to Facebook’s Irish subsidiary is transferred to servers located in the United States.
(2) The Court found that European data was not sufficiently protected in the United States and invalidated the Commission Decision 2000/520/EC that created the transatlantic U.S.-EU Safe Harbor agreement. The EU-US Safe Harbor agreement had been in place for 15 years and enabled U.S. companies to transfer data from Europe to the United States merely by self-certifying that they would comply with EU data protection standards. The Court held that even if the U.S. companies involved were taking adequate protection measures, U.S. public authorities are not subject to the Safe Harbor guidelines and therefore European citizens’ data and privacy was at risk to U.S. government surveillance. see also Global FoE
Year
2015
Topic, claim, or defense
Privacy or Data Protection
Document type
Court Decision
Issuing entity
Transnational Court
Type of service provider
Host (Including Social Networks)
OSP obligation considered
Other
Type of law
Civil