Relations between the EU and the US just got a little icier. The European Court of Justice has found that the US’ data protection laws are not good enough to protect the personal information of EU citizens.
The EU has always been a little suspicious of the US’ approach to its citizens’ rights to privacy, however the Safe Harbour pact had until recently satisfied the EU regulators. Under the Safe Harbour Privacy Principles, organisations could transfer personal information from the EU to the US if they had (self) certified that they would comply with EU data protection standards.
But that was put to an end last month when Austrian citizen Max Schrems complained about Facebook sending his personal information off to the US, particularly in light of Edward Snowden’s claims of just how often the US intelligence services have a sneaky look at it. The Court shared Max’s (and Edward’s) concerns, and found that the risk of US government interference was too great, and therefore the Safe Harbour Privacy Principles are invalid.
While very awkward for businesses like Facebook, Apple and Google (and an estimated 5,000 others), we’re in Australia, so why should we care?
Well, under the Australian Privacy Principles, an Australian entity can only transfer personal information anywhere overseas if the entity:
- Takes reasonable steps to ensure the overseas recipient will comply with Australian privacy law; or
- Obtains the informed consent of the individual to whom the information relates; or
- Reasonably believes that the country to where the information is going has privacy laws substantially similar to Australia’s.
Point 3 is where the EU decision comes in. If the EU has decided that US privacy laws are not up to scratch, we’re confident the Australian Privacy Commissioner would take that into consideration if asked to determine whether the US laws are as good as ours. Therefore if you’ve been merrily transferring your customers' personal information to the States believing that their laws are strong enough to satisfy your obligations, we suggest it’s time to think again.