This isn’t final, but “usually followed” and has big implications for cross-border data storage that will affect large companies and could create a big barrier to mass surveillance.
The opinion by Bot contains far-reaching recommendations that
threaten to upend many current commercial practices and assumptions in
the digital industry.
If any EU country considers that transferring data to servers abroad
undermines the protection of citizens, the advocate general’s finding
said, it has the power to suspend that transfer “irrespective of the
general assessment made by the [EU] commission in its decision”.
“The access of the United States intelligence services to the data
transferred covers, in a comprehensive manner, all persons using
electronic communications services, without any requirement that the
persons concerned represent a threat to national security,” Bot’s
opinion noted in one of its most damning sections.
“Such mass, indiscriminate surveillance is inherently
disproportionate and constitutes an unwarranted interference with the
rights guaranteed by Articles 7 and 8 of the charter [of fundamental
rights of the EU].”
The Luxembourg court found the Safe Harbor agreement
between the US and Europe, which gives spies access to huge banks of
data, does not stop watchdogs from investigating complaints or bar them
from suspending the transfers.
The arrangement allows the NSA
to use the Prism surveillance system exposed by Snowden to wade through
billions of bits of personal data, communication and information held
by nine internet companies.
The opinion states that the commission’s past decision on Safe Harbor within the US is invalid. It said internet users in Europe have no effective judicial protection while the large-scale data transfers are happening.