Max Schrems, the lawyer and privacy activist that four years ago blocked a billion-dollars deal between Europe and the United States, is doing it again.
The European Court of Justice in Luxemburg will hear his arguments on Tuesday, in another case over claims that the U.S. government does not sufficiently respect the Europeans’ data privacy once it is shipped outside of Europe.
“There is fundamentally a clash between surveillance laws in the U.S. and privacy rules in Europe,” said Schrems. “We're in a debate about who governs the internet. Europe governs privacy, but the U.S. governs surveillance.”
Schrems is addressing the legality of the standard contractual clauses that allow thousands of companies to move data from Europe to the U.S., Asia, and the rest of the world. Tuesday’s hearing is the latest battle between European data protectionists and the United States surveillance system.
The contractual clauses are used by companies such as Google to be able to transfer digital information across their worldwide hubs. They cover the handling by corporations of social media post, firms’ payroll information, and several other sensitive data.
According to Schrems and his lawyers, this data-transfer process is clashing with European privacy regulations as it allows extensive access to digital information to U.S. security agencies. The European Commission, among others, says that these agreements provide sufficient protection.
The final decision by the EU highest court, following Tuesday’s hearing, is expected to arrive sometimes in 2020.
Judges in Luxembourg could rule against the validity of the clause agreements in general. The decision could potentially cut data transfers from Europe to the U.S. and the rest of the world, choking billions of euros of trade possible thanks to the companies' ability to quickly move data around trading blocs.
“The case is tremendously important,” said Omer Tene, vice-president of the International Association of Privacy Professionals. “If the carpet is pulled out from companies' feet, it may cause massive disruption.”
The Commission declined to comment on the scheduled hearing, but according to officials, the existing privacy regulations provide sufficient protection against bad actors. Also according to Facebook, the current data transfer mechanism grants sufficient protection to EU data when transferred outside the bloc.