It has been a long-established EU data protection law that personal data can only be sent outside of the EU if one of various tests is passed. For transfers to the United States, the key decision of the EU Commission was that where US companies signed up to the “Safe Harbor” scheme – which essentially self-certifies that they meet certain minimum standards of data security – European entities could safely transfer personal data to them.
Mr Schrems, a Facebook user, understood that data that he put onto his Facebook page, which was operated via Facebook’s Irish subsidiary, would be transferred to servers in the United States for processing. Based on his understanding of the disclosures of American Privacy Activist and whistle-blower, Edward Snowden, he was concerned that the US’s National Security Agency (NSA) engaged in various practices which made the holding of data, even by companies signed up to Safe Harbor, unsafe, and he complained to the Irish data protection commissioner.
Read the full article on Business Shapers.