ECJ finds Commission Safe Harbour Decision invalid

6 Oct 2015

In what is seen by many as a victory for user privacy, the Court of Justice of the European Union (CJEU) overturned the Safe Harbour agreement between the USA and the EU. The anticipated judgment in the Max Schrems case declared the Commission’s Safe Harbour Decision (2000) invalid: (a) even when a Commission decision exists, national supervisory authorities still have the power to examine with complete independence whether a transfer of personal data to a third country complies with the Data Protection Directive; (b) the Commission’s decision did not examine whether the US afforded an adequate level of protection equivalent to that guaranteed in the EU, but simply examined the safe harbour scheme. In the US, the scheme is applicable only to undertakings that adhere to it, whereas public authorities are not subject to it, and national security, public interest and law enforcement requirements prevail over scheme, whereas there are no such limitations exist under EU law. For these reasons, the CJEU declared the decision invalid. Critics are now saying that the decision will lead to the Balkanisation of the Internet, fearing a future with 'each country with its own Internet, gated off legally and governed by its own privacy laws'. More details: full judgment; court's press release; reactions by Max Schrems and others.

Explore the issues

Privacy and data protection are two interrelated Internet governance issues. Data protection is a legal mechanism that ensures privacy. Privacy is usually defined as the right of any citizen to control their own personal information and to decide about it (to disclose information or not). Privacy is a fundamental human right. It is recognised in the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights, and in many other international and regional human rights conventions. The July 2015 appointment of the first UN Special Rapporteur on the Right to Privacy in the Digital Age reflects the rising importance of privacy in global digital policy, and the recognition of the need to address privacy rights issues the the global, as well as national levels.

Cloud computing could be described as the shift from storing data on hard disks on our computers to servers in the clouds (i.e., huge server farms). Cloud computing offers ubiquitous access to all our data and services from any device anywhere around the world (where there is Internet connection).

Jurisdiction is the authority of the court and state organs to decide on legal cases. The relationship between jurisdiction and the Internet has been ambiguous, since jurisdiction rests predominantly on the geographical division of the globe into national territories. Each state has the sovereign right to exercise jurisdiction over its territory.

Intermediaries play a vital role in ensuring Internet functionality. In several Internet governance areas, such as copyright infringement and spam, Internet Service Providers (ISPs) are considered key online intermediaries. In other areas, such as defamation and the so-called right to be forgotten, the responsibility extends to hosts of online content and search engines.

Consumer trust is one of the main preconditions for the success of e-commerce. E-commerce is still relatively new and consumers are not as confident with it as with real-world shopping. Consumer protection is an important legal method for developing trust in e-commerce.

One of the main sociocultural issues is content policy, often addressed from the standpoints of human rights (freedom of expression and the right to communicate), government (content control), and technology (tools for content control). Discussions usually focus on three groups of content:

 

 

The GIP Digital Watch observatory is provided by

in partnership with

and members of the GIP Steering Committee



 

GIP Digital Watch is operated by

Scroll to Top