London, July 20: Europe’s top court has struck down a trans-Atlantic agreement that allows scores of companies to move data between the European Union and the United States, causing uncertainty for businesses that rely on moving digital information seamlessly around the world.
The European Court of Justice in Luxembourg last week ruled that the agreement, known as Privacy Shield, did not comply with European privacy rights, The New York Times reported. Privacy Shield, created in 2016, allows businesses in the European Union and the United States to move data more easily between the two regions. More than 5,000 companies use the system.
The decision is the latest twist in a long-running campaign by privacy-rights activists in Europe who want to prevent companies from moving their personal information to countries with looser data protection rules. The efforts stem from revelations in 2013 by the American former intelligence contractor Edward Snowden about how U.S. government surveillance programs collected electronic communications from private businesses.
The overall effect of the court’s decision was not immediately clear beyond creating a dizzying amount of new work for corporate legal departments. Few expect a sudden disruption for moving data between Europe and the United States. Before the decision was announced, European officials played down the potential fallout, saying plans were in place to ensure commerce would not be interrupted. American and European officials will now try to negotiate a new deal for transferring digital information.
The court said some alternative data-transfer contracts struck between organisations were acceptable, though it cautioned that companies must be sure that a government outside Europe — in the United States or elsewhere — meets European privacy standards. Some companies may respond by storing more data inside the European Union.
The ruling affects big tech companies like Facebook and Google, as well as thousands of other multinational businesses. Lawyers said the data subject to transfer rules could include communications like emails and social media posts, financial records, business files, human resources materials about employees, marketing databases and customer records.
Business groups have called for a grace period that would allow companies to find new legal mechanisms to continue moving data.