Microsoft has published a blog post by Brad Smith, the company’s president and chief legal officer, on the implications of the collapse of the Safe Harbour arrangement between the EU and US. In the post, Smith calls for the US government to agree that “it will only demand access to personal information that is stored in the United States and belongs to an EU national in a manner that conforms with EU law, and vice versa.”
Smith declares that “privacy really is a fundamental human right,” and points out that privacy rights are not meaningful if they change every time that data moves from one jurisdiction to another. “Individuals should not lose their fundamental rights simply because their personal information crosses a border. While never stated quite this directly, this principle underlies every aspect of the European Court’s decision, and it makes sense.”
As a consequence, Smith believes that “we need to ensure across the Atlantic that people’s legal rights move with their data.” If that were to happen, and the US were to apply EU law to EU data held in the US, it would satisfy the stipulation of the Court of Justice of the European Union (CJEU) in its Safe Harbour ruling that the legal protection for the personal data of EU citizens held in the US must be “essentially equivalent” to that available to them in Europe for it to be acceptable under EU legislation.