The international fallout over Edward Snowden’s leaks about U.S. surveillance operations continued Tuesday, as the top European court ruled that the National Security Agency is violating the privacy rights of millions of Europeans.
Although the decision by the European Court of Justice is likely to do little to actually curb NSA spying, it could become a major headache for thousands of companies on both sides of the Atlantic.
The court scrapped a “safe harbor” agreement between the United States and the European Union that allowed companies like Google, Facebook, and Amazon to freely store Europeans’ data on U.S. servers. The court held that, because of the NSA’s “mass and undifferentiated” surveillance, the United States lacks the adequate privacy protection required by EU law.
“Permitting the public authorities to have access on a generalised basis to the content of electronic communications must be regarded as compromising the essence of the fundamental right to respect for private life,” the judges wrote. The Court of Justice is Europe’s highest court, and its opinion cannot be appealed.
The ruling could empower each EU nation’s individual privacy regulator to investigate company data practices. Although tech companies have been watching the ruling especially closely, it could also affect any businesses that send customer records or human-resources information to the United States. “It’s a sad day for European privacy and a sad day for businesses on both sides of the Atlantic,” said Brian Hengesbaugh, a partner with the law firm Baker & McKenzie, who represents businesses in a variety of industries. “There will be a tremendous amount of upheaval.”