Europeans whose data has been mishandled by US authorities will soon have the right to take legal action in the US courts.
EU citizens' right to seek legal redress in the US comes as part of a new EU-US data protection agreement covering instances where EU citizens' personal data is involved in US criminal and terrorism investigations. The deal brings rights of EU citizens in line with those of US citizens, who can sue in European courts for similar privacy breaches.
"Once in force, this agreement will guarantee a high level of protection of all personal data when transferred between law enforcement authorities across the Atlantic," EU commissioner Věra Jourová said on Tuesday.
"It will in particular guarantee that all EU citizens have the right to enforce their data protection rights in US courts - as called for in the political guidelines of [EC] president Juncker last year," she added.
The umbrella agreement giving Europeans equal legal footing with US citizens will move forward if US Congress passes the Judicial Redress Bill, which was introduced in March.
"The finalisation of the umbrella agreement negotiations is therefore an important step to strengthen the fundamental right to privacy effectively and to rebuild trust in EU-US data flows," Jourová said.
Once passed, Europeans will be able to file a complaint in US courts in the event that US authorities have denied access to their personal data, have failed to rectify an instance of mistaken identity, or have unlawfully disclosed their personal data.
The agreement will also place limitations on data use; require the consent of authorities in the sending nation for the onward transfer of data; and calls for publicly available data retention periods. US authorities will also need to report data security breaches involving personal data to a competent authority in the EU.
The ECJ opinion could have implications for the EU-US Safe Habour agreement of 2000, which US companies like Facebook rely on to transfer EU citizens' personal data to the US.
Schrems has accused Facebook of violating Europeans' privacy rights by handing over personal data to the National Security Agency (NSA). Following Edward Snowden's revelations about NSA spy programs like PRISM, Schrems took his complaint to the Irish data protection commissioner; however, the authority refused to investigate because Facebook had transferred data under the Safe Harbour agreement.