Henry Farrell and Abraham Newman:
The European Court of Justice, Europe’s highest court, has just ruled that the Safe Harbor, an arrangement between the European Union and the United States allowing for the transfer of personal data, is legally invalid. Few non-specialists have heard of the Safe Harbor. Even so, this ruling is going to send shock waves through both Europe and the United States. Here’s how it happened (we talk about the implications in a separate post).
The Safe Harbor is the cornerstone of transatlantic e-commerce
Over the last 15 years, major U.S. e-commerce firms, such as Facebook, Google, Microsoft and Amazon, have developed big markets in Europe. They all rely on an arrangement called “Safe Harbor” to export personal data from Europe to the United States. The Safe Harbor was negotiated between Europe and the United States after a previous transatlantic dispute in which Europe threatened to stop transatlantic data flows. Europe has comprehensive legislation guaranteeing the privacy of E.U. citizens and preventing businesses from using their personal information in various potentially harmful ways. The United States does not have comprehensive privacy legislation (although it does protect the data of U.S. citizens against government intrusions, and provides some protections, e.g. for health data).