Not so
often that the Court of the Union follows Advocate General Opinion but this a
surprise and perhaps a nightmare for many companies both in the US and the EU
to regulate themselves accordingly to the Court’s prescription. There two
different stories will be followed: from the EU side and the US.
From the EU
perspectives, in general, they are applauding the judgment as this a strong
position the EU has not shown to the US for song long and somehow allowed the
American to inappropriately and freely do surveillance which, to some extent,
means intervening in the EU domestic affairs and not respecting the EU member
states’ sovereignty. From political point of views, it is clear that the EU is
getting further and further away from the US domination and surviving on her
own as there has long been criticism by some suprationalists that the EU is too
much weak in saying against the US.
From legal
point of views, this case has brought a great success of Court, particularly
during its expansionist role in human rights affairs. The Court not just overlooks
the relationship between EU institutions, states and people but also to
scrutinize the EU’s agreements (especially the commission) when it comes to external
affairs. Perhaps, fundamental rights and justice are the two terms have been referred
most often when talking about this Safe Harbor case. The Court, for sure, is
mandated to guarantee unity of EU law among EU’s institutions, Member states
and citizens of the Union. In this case, the Court specially found itself on
the edge of protecting fundamental rights of the Union citizens which means
where there is violation of fundamental rights, the Court has an absolute
rights to intervene no matter it is politicized case or else.
From
economic and business point of view, however, the story is on the fence: cheering
and nightmare to most tech firms both in the EU and the US. It is good in the
sense that business is more regulated nationally and not authenticating every
power to the US companies. It is good
that individual European countries can now set their own regulation
for US companies’ handling of citizens’ data and countries can choose to
suspend the transfer of data to the US — forcing companies to host user data
exclusively within the country. Also, company like Facebook will be examined by
the Irish data regulator whether Facebook offered European users adequate data
protections, and may order the suspension or fire a company’s transfer of data
from Europe to the US if found badly abused. The good things that expect to
happen is now the EU and the US including their firms is playing business on a
more fairly basis.
However, to some observers this invalidation could be a major
obstacle of smooth economic growth and business transactions between the two
richest continents. Statistically, there are roughly up to 4,500 US firms that
are running through a Safe Harbor and that giant companies like Google and
Facebook that rely
on Safe Harbor for the transfer of data — from tech giants like Google and
Facebook to tiny startups — would be opened up to significantly more scrutiny
from regulators within Europe. This is a nightmare for them since it is returning
to the idea of bureaucratization. This ruling will increase the paperwork
involving in authorizing data transfer to the US and lots of contracts will be
made between the EU and US and may be resulting in legal implication. For sure,
there will numerous of case suing to Courts regarding less about fundamental
rights but more will be about freedoms of movement of services and expressions.
At this time citizens like Mr. Schrem will be satisfied with the court’s ruling
but firms who are affecting by this judgment will find ways to sue the Courts
or any EU institutions to guarantee the smooth flow of internal market policy,
for example. All of this will drive up
costs and potentially cause delays.
Furthermore,
the ruling is not just targeted the companies whose core activities is data
processing, such as Facebooks or Twitter, it’s the companies who don’t have
data processing capabilities of their own and transfer personal data abroad to
get it done. Sources at one firm suggest
it believes it already has all the necessary contracts drawn up and processes
in place to avoid any disruption. However, if a company sends payroll data for
administrative purposes across to the US, that becomes an issue. Likewise, it
affects companies if they are a kind of firm trying to send over data about
their customers for a marketing campaign. The big-name firms are being guarded
about what they say.
So far, we
can see that there are both positive and negative reactions to the Court’s
ruling as well as its implications. The next move for both the EU and the US will
be highly likely sensitive. It might be a bit tough situation for both sides.
Also, there might be lots of fines made by the Courts in the coming months
against the US tech companies regarding misusing their data. But it is less
likely that the EU will shut down such long historical translantic commerce
over privacy. I am convinced that it will be in the interest of both the EU and
US to figure out how to enable data to flow for commercial purposes across the
Atlantic in either direction. Ultimately they will figure out how to do that
probably by accelerating new privacy law. But be aware of the reverse case. It
could happen to the US by Mr. Schrem and it may also happen in Europe when a
student starting a lawsuit against a European government, alleging that it is
violating her rights through its surveillance using the same rationale laid out
in the ECJ decision. As currently a case in Russia, a local government
demanding that all data held about its citizens be stored within the country,
rather than in the US, yet it is their own government who is going do mass
surveillance against their own people.
