Advocate General Yves Bot today delivered an opinion recommending that the European Court of Justice (ECJ) find the U.S.-EU Safe Harbor Program invalid. His opinion, while non-binding, relates to a request for a preliminary ruling referred to the ECJ by the High Court of Ireland, Irish Court in Schrems v. Data Protection Commissioner, (ECJ, No. C362/14, 23 Sept 2015).
In light Edward Snowden’s disclosures of systematic monitoring of communications by the U.S government, Maximillian Schrems, an Austrian citizen, complained to the Irish Data Protection Commissioner. When the Irish Data Protection Authority did not investigate, Schrems brought an action in the Irish courts challenging that decision.
The Advocate General’s Opinion sets out two significant recommendations.
- EU Member States’ national data protection (DPA) authorities must be able to investigate complaints that call into question the level of protection ensured by a third country, such as the United States, and be able to suspend transfers of personal data if the DPA considers the transfer to undermine individuals’ protections.
- Commission Decision 2000/520/EC, which found transfers of personal data to the U.S. under the Safe Harbor Program provided an adequate level of protection for transfers of personal data under Article 26 of the EU Data Protective Directive 95/46/EC, should be declared invalid as Safe Harbour cannot ensure an adequate level of protection.
Continue Reading Safe Harbor Invalid! Will the ECJ follow the Advocate General recommendation?