European Court: Data protection treaty not strong enough

The highest court in Europe has ruled in favor of an Austrian student who complained that a trans-Atlantic data protection agreement does not do enough to shield the privacy of users of the U.S.-based social media network Facebook.

The European Court of Justice announced Tuesday that the so-called “Safe Harbor” agreement does not eliminate the need for local watchdogs to make sure U.S. firms are adequately protecting the data of their European users.

The court said privacy regulators in Ireland, where Facebook’s European operation is based, must now decide whether the network’s transfers of information from Europe to the United States should be suspended.

The Safe Harbor agreement has been in effect for 15 years, developed as a way to allow U.S. firms to exchange data with Europe without violating European privacy laws. More than 4,000 U.S. firms use the provisions in dealing with their trans-Atlantic business.

Technological privacy has been in the spotlight in both Europe and the United States since information surfaced two years ago through U.S. whistleblower Edward Snowden that the United States had been spying illegally on Europeans and other non-U.S. citizens.

Austrian student Max Schrems brought the current case to the ECJ, arguing that the Irish data regulator failed to protect his private information from U.S. intelligence services.

Washington and Brussels are working on a new privacy deal that will more satisfactorily reach European requirements.