Top EU court ruling throws transatlantic digital commerce into disarray over privacy concerns

The European Union's top court threw a large portion of transatlantic digital commerce into disarray, ruling that data of EU residents is not sufficiently protected from government surveillance when it is transferred to the United States. The European Court of Justice ruled that a commonly-used data protection agreement known as Privacy Shield did not adequately uphold EU privacy law. US security authorities have far-reaching access to personal data stored on US territory that “are not circumscribed” in a way that is equivalent to EU rules, the court ruled. The court said that it was unacceptable for EU citizens not to have “actionable rights” to question US surveillance practices. The decision means that many companies will have to reconsider how they store and collect the data of European customers, including making a choice between setting up costly Europe-based data hubs or curtailing business in Europe altogether. US and EU negotiators, meanwhile, will likely have to start new negotiations about whether there are legal arrangements that could guarantee that data could be stored on US soil but in compliance with EU law.