Death of Europe’s ‘Safe Harbor’ Rule Could Mean Chaos for U.S.-Based Global Marketers

Court cuts off protections over NSA eavesdropping

Headshot of Lauren Johnson

Tech giants based in the U.S. like Facebook, Google and Twitter are about to face data-based headaches in Europe.

Today, the Europe Court of Justice ruled that the "Safe Harbor" agreement—which thousands of U.S. tech companies rely on to collect data from users in other countries—is invalid.

Safe Harbor is a 15-year-old pact between the U.S. and Europe that lets technology companies treat data collected in Europe the same as it is treated in the U.S. The international court's new ruling stems from Edward Snowden's NSA leaks in 2013, which revealed that U.S. data is not always safe from surveillance.

At the same time, Austrian citizen Maximillian Schrems filed a legal complaint in Ireland, claiming that Facebook violated his privacy. The Irish court initially rejected his contention, but the European Court of Justice ruled otherwise, stating that U.S. authorities interfered with Schrems' rights and will be reexamined.

The Court said in its ruling that the Irish courts were "required to find that the United States in fact ensures, by reason of its domestic law or its international commitments, a level of protection of fundamental rights essentially equivalent to that guaranteed within the EU under the directive read in the light of the Charter. The Court observes that the Commission did not make such a finding, but merely examined the safe harbor scheme." 

Without Safe Harbor, individual European countries may start setting up their own data regulations, meaning that U.S. tech companies would have to abide by dozens of different regulations, which could become a bit of a nightmare for global marketers.

In a statement, Mike Zaneis, evp of public policy and general counsel at the Interactive Advertising Bureau, said, "Today's decision by the European Court of Justice jeopardizes thousands of businesses across the Atlantic," referring to the $84 million that flows between the U.S. and European ad markets.

Zaneis continued: "For nearly 15 years, the Safe Harbor agreement has provided IAB member companies with an efficient means to comply with EU privacy law. The weakening of the Safe Harbor agreement limits European consumers; access to valuable digital services and impedes trade and innovation. We urge the U.S. and EU to agree on new rules for the transatlantic transfer of data, taking into account the CJEU's judgment."

@laurenjohnson Lauren Johnson is a senior technology editor for Adweek, where she specializes in covering mobile, social platforms and emerging tech.