The verdict is in for Facebook, but what are the implications for you?

Facebook verdict privacy law US

Lees in het Nederlands - Lisez en français

Last week, a judge of the Court of Justice of the EU took an audacious decision – with a single pen stroke, the current process for transferring personal data between the US and Europe has been called into question. But how will this affect you?

The background

The EU Directive 95/46/EC was designed to protect the privacy of European citizens. Developed between 1998 and 2000, this directive specifies, for instance, that companies operating in the EU are not allowed to send personal data to companies outside the EU, unless they guarantee adequate levels of protection of privacy.

In order to make it possible for American companies to collect personal data of their customers in Europe, a process was developed between the US and the EU: Safe Harbor. Thanks to this agreement, companies that were willing to comply with certain rules were allowed to export the data of EU citizens to the US (i.e. store and/or process them on servers in the US).

These rules require that users must be informed about the fact that their data are being collected, that they must have the option to opt out of the collection of these data, that they must be able to access the information (and correct it if necessary), etc. Quite a suitable principle after all, which at first sight seems totally fair, for both companies and citizens.

The facts

Privacy law US Safe harborSo, nothing wrong… until 2013, when Edward Snowden revealed that the American intelligence services intercept and store all conversations in de US, whether by crooks or ordinary citizens.

Maximilian Schrems, a young Austrian law student who had long been concerned about the methods used by companies such as Facebook to collect user data, sued the social network giant. And, this week, the judge of the Court of Justice of the EU delivered a verdict that startled the entire Internet industry.

The Court has indeed invalidated the Safe Harbor process. American companies are governed by US laws, which means that American intelligence agencies may access the data, which makes it impossible to guarantee the citizen’s privacy.

The possible consequences

This important decision has major implications, and various scenarios are now possible:

  • American companies will no longer be able to rely on the Safe Harbor regime in order to store data of European customers on American servers.
  • If they want to do this anyway, they will have to request permission to store data from every country’s authorities.
  • New negotiations between the US and the EU might begin in order to develop a new process that will be valid for the whole of the EU.
  • American companies may start migrating to servers in Europe, in order to store the data of their European customers.
  • Due to the negative economic effects of this decision, politicians might limit the power of intelligence services, so that they will have to focus on real suspects, and be able to provide a court order… Are we being a little too idealistic here?

How will this affect you?

As you might guess, this decision of the Court of Justice of the EU will have major implications. Many legal departments are most probably reading the verdict very carefully in order to understand every last detail of the consequences. And over the next weeks and months, you will certainly find out how authorities in the US, the EU and the different states interpret and apply this verdict.

For you, as a consumer, this is obviously a good thing. In the future, this will contribute to better privacy protection.

For your company, this verdict will give you food for thought. Are you using servers in the US? Do you even know where the servers of your service providers are located? If you want to play it safe, you should go for hosting services provided by Combell, whose servers are located in state-of-the-art data centres in Belgium.

Discover hosting at Combell

 

, , , , ,

Related posts

Make your website GDPR proof

How to make your website GDPR proof

  • 19 June 2023
  • Reading time: 8 min

Something tells us you don't want to be fined for violating privacy laws. Sleep on your two ears and take these steps to make your website or webshop GDPR compliant.
What are internet cookies

What are internet cookies and what do they do?

  • 30 May 2023
  • Reading time: 10 min

Cookies on the internet. What are they, how do they work and ... are they dangerous? We can already tell you this: they are not for eating.
What is GDPR

Explained for you: what is GDPR?

  • 4 April 2023
  • Reading time: 12 min

Did you notice? Meta, the mother company responsible for Facebook and Instagram, among others, has been fined billions for years of violating GDPR rules. Just the proof that you need...