Európai Bíróság: az Egyesült Államok „biztonságos kikötő” adatvédelmi rendszere nem biztosítja az uniós polgárok alapjogainak tiszteletben tartását

Following the revelations made in 2013 by Edward Snowden concerning the activities of the US intelligence services, Maximilian Schrems, an Austrian citizen and a Facebook user, asked the Irish Data Protection Commissioner (Facebook’s European centre is based in Ireland) to prohibit Facebook from continuing transferring his personal data to servers located in the US. He took the view that, in light of these revelations, the law and practice of the US did not offer sufficient protection against surveillance by the public authorities of the data transferred from the EU to that country.

The Court was asked by the High Court of Ireland to rule on whether the Commission’s decision on the adequacy of data protection in the US (the ‘Safe Harbour’ Decision) prevents national data protection authorities from investigating into the actual level of protection in the US of personal data of European citizens.

The Court set out that the Commission failed to demonstrate in the ‘Safe Harbour’ Decision that the US ensures an adequate level of protection of these data. It found that, in the ‘Safe Harbour’ scheme, national security, public interest and law enforcement requirements prevail over the protection of personal data, which can result in indiscriminate and unlimited public interference with the fundamental rights of persons. The Court therefore declared the ‘Safe Harbour’ Decision invalid.