The Safe Harbor agreement was a quasi-judicial understanding that the US undertook to agree that it would ensure that EU citizens' data on US servers would be held and protected under the same restrictions as it would be under EU law and directives. The data covers a huge array of information — from Internet and communications usage, to sales transactions, import and exports, in fact any data on EU citizens that is held on US servers.
Wer könnte zu #Datenschutz, #privacyshield und #safeharbor- Urteil der #EU besser referieren als @maxschrems? #mtm16 pic.twitter.com/XPhaAyYAHJ
— BLM (@BLM_Bayern) October 27, 2016
[Tweet: Who better to report on #data protection, #privacyshield and #safeharbor [and] judgement of the #EU than @maxschrems?]
Snowden Leaks
The overturning of Safe Harbor came about when Maximillian Schrems, a Facebook user, lodged a complaint with the Irish Data Protection Commissioner, arguing that — in the light of the revelations by ex-CIA contractor Edward Snowden of mass surveillance by the US National Security Agency (NSA) — the transfer of data from Facebook's Irish subsidiary onto the company's servers in the US do not provide sufficient protection of his personal data.
Safe Harbour, now Privacy Shield — Reality and illusion in EU data transfer regulation https://t.co/Fx89IE8pnz
— DigitalRightsIreland (@DRIalerts) September 29, 2016
"The Safe Harbor decision denies the national supervisory authorities their powers where a person calls into question whether the decision is compatible with the protection of the privacy and of the fundamental rights and freedoms of individuals," the court ruled.
According to the Privacy Shield agreement:
"The US has given the EU assurance that the access of public authorities for law enforcement and national security is subject to clear limitations, safeguards and oversight mechanisms.
"Everyone in the EU will, also for the first time, benefit from redress mechanisms in this area. The US has ruled out indiscriminate mass surveillance on personal data transferred to the US under the EU-US Privacy Shield arrangement."
However, Digital Rights Ireland has launched a legal challenge, arguing that — despite the US assurances on mass surveillance — EU citizens' data is still not secure on US servers, under the terms of EU safeguards, including the European Convention on Human Rights.