Is the Safe Harbor Agreement Still Adequate? | DMA

Filter By

Show All

Connect to


Is the Safe Harbor Agreement Still Adequate?


The Safe Harbor Agreement has, once again, been thrust into the limelight with its adequacy in question. “Does it really protect EU citizen data?” is the question that Max Schrems has taken all the way to the European Court of Justice (ECJ). And he wants answers!

Who is Max Schrems?

Schrems is an Austrian law student who has brought a class action against Facebook Ireland for the inadequate protection of EU citizen data. He founded the Europe-v-Facebook group so that he can challenge the adequacy of the Safe Harbor Agreement and try to make a change. His website now also provides news, legal information and tools to help others understand and enforce their rights.

Europe-v-Facebook: the facts

The class action was brought against Facebook Ireland, who are responsible for all Facebook accounts outside of the US and Canada, for alleged privacy breaches against EU citizens. The main point to come out of the case so far is the effects of the US National Security Agencies PRISM Scheme. Under US law US government agencies have the power to access the personal data of non-US citizens and impose secret “gag orders” on US companies which forces them to hand over this personal data and not disclose the fact to anyone. With these laws in place, can any US company truly protect the data of EU citizens?

What does this mean?

An international organisation wishing to transfer data out of the EU into the US can do so if they are certified under the Safe Harbor Agreement as having adequate data protection policies in place. What Max Schrems is arguing is that this is surely impossible. Through no fault of their own US companies who are certified under the Safe Harbor Agreement cannot guarantee the level of protection necessary to comply with EU law. All US companies are subject to US law, meaning the NSA can hand them a court order forcing them to hand over data.

What has Europe said?

Under the current Data Protection Directive “the transfer of personal data to a third country which does not ensure adequate protection must be prohibited” and in a recent hearing of Schrems case the European Commission admitted that they could not confirm whether the Safe Harbor afforded adequate protection. According to the current Directive if the Commission cannot guarantee adequacy then they must stop the transfer of data out of the EEA. Surprisingly they have not prohibited anything in response to the Europe-v-Facebook case, they chose to ‘advise’ EU citizens that “If you don’t want your data to go to the US, close your Facebook”. The Commission have failed to see, or chose to ignore, the fact that it’s not just Facebook who are subject to “gag orders”, it is all US-based companies. This severely damages the integrity of the Safe Harbor Agreement.


What the Europe-v-Facebook case has done is highlight the issues surrounding the Safe Harbor Agreement bringing it to the public attention yet again (remember Edward Snowden?), with some calling for it to be binned. However, a suspension of the agreement would have a detrimental effect on both American and European companies so it is in everyone’s best interest that it remains in place, but with improvements made.

So, is the Safe Harbor adequate? Personal opinions aside, we are still waiting to find out if it is adequate or not. There are two things you need to be aware of!

1. Vera Jourova, the EU’s Commissioner for Justice, is currently in negotiations with her US counterparts to make changes to the Safe Harbor Agreement so it can be improved rather than suspended. Jourova intends on finishing negotiations by the end of May 2015, hopefully giving us some clarity. All we can do now is wait for the new and, hopefully, improved version of the Safe Harbor Agreement.

2. The ECJ will announce their decision in the Europe-v-Facebook case on the 24th June 2015 so we will have the adequacy question, hopefully, answered!

Hear more from the DMA

Please login to comment.


Related Articles

Economic pressures have plagued households for several years, with brands facing the challenge of engaging consumers who are more budget-conscious than ever before. As a result, brand loyalty has sharply declined, with 61% of consumers being less likely to stick with brands in 2023 compared to 41% in 2022.

Cost of Living Exit Strategy Report 20244

When thinking about sustainable marketing, often we think about the channels we use, or materials we use in a physical sense. We overlook things like the audience targeting, data cleanse & optimisation, which have a big impact on minimising wastage.


The telecom industry boasts an array of touchpoints, presenting both opportunities and challenges for marketers. Ensuring that campaigns not only resonate but also yield results is critical.


The telecommunications sector grapples with a pressing issue: customer data silos.

iStock-1180187740 600x400.jpg