Illustration: Sarah Grillo/Axios

An adviser to Europe's highest court told its judges Thursday to uphold the contractual terms that Facebook and other companies rely on to transfer billions of dollars worth of data on Europeans to other countries.

Why it matters: The case's outcome will not only determine whether companies need to rethink how they protect users' privacy and data, but could also shape a deeper transatlantic divide for the internet.

Driving the news: The European Commission-backed model agreements that companies use to protect users' privacy in data transfers are "valid," wrote European Court of Justice advocate general Henrik Saugmandsgaard Øe in an advisory opinion, a non-binding recommendation that the court follows the vast majority of the time.

Yes, but: The opinion said regulators should still force companies to halt transfers under certain circumstances and raised questions about a key U.S.-EU agreement on data flows.

Where it stands: A final ruling in line with the opinion that the contracts are valid could reassure U.S. companies.

  • But Saugmandsgaard Øe leaves the door open to European regulators blocking data transfers because they think U.S. surveillance practices conflict with EU privacy standards.
  • And if the court picks up questions he raised around the EU-U.S. Privacy Shield and finds it invalid, there would be major repercussions for the thousands of companies who rely on that agreement to freely transfer data, ranging from payroll information to European customer records.
  • "We are talking about billions and billions of dollars worth of commerce that relies on that transatlantic data flow," Aaron Cooper, vice president at BSA | The Software Alliance, said ahead of the opinion's release. "It is about every industry sector."

The big picture: Europe has sought to set the global standards on online privacy, with strict data safeguards that contrast with the United States' historically laissez-faire approach. The pending court ruling represents a judgment before the world of how people's data gets handled in the U.S.

Details: The European Court of Justice, the EU's supreme court, is weighing whether model agreements with U.S. companies meant to protect Europeans' privacy abroad are up to snuff.

  • The case stems from a complaint against clauses in Facebook's data contracts, brought by European privacy advocate Max Schrems.
  • The European Commission has endorsed the so-called standard contractual clauses, but Schrems argued the Facebook clauses do not adequately protect Europeans from government surveillance in the U.S.
  • He said he is "generally happy" with the advisory opinion, noting that he did not want to disturb the thousands of contractual agreements in place globally. "Everyone will still be able to have all necessary data flows with the US, like sending emails or booking a hotel in the US," Schrems said in a statement. "Some EU businesses may not be able to use certain US providers for outsourcing anymore, because US surveillance laws requires these companies to disclose data to the NSA."
  • Facebook associate general counsel Jack Gilbert said the company is grateful for the opinion. "Standard contractual clauses provide important safeguards to ensure that Europeans’ data are protected once transferred overseas," Gilbert said in a statement.

Flashback: You might remember Schrems from launching the case that upended the previous agreement that governed data flows between the U.S. and Europe, the Safe Harbor.

  • Responding to U.S. government data collection practices exposed by NSA contractor Edward Snowden, Schrems filed complaints against several U.S. companies that led to the European high court declaring the Safe Harbor invalid in 2015.
  • U.S. companies scrambled to set up alternative arrangements while the U.S. and Europe hammered out a new agreement, 2016's Privacy Shield.

Now, the Privacy Shield faces a major test, and court watchers have been worried it will not pass.

  • The main question before the European court is whether the standard contractual clauses adequately protect privacy, but a lot of the questions posed by the court relate to Privacy Shield, so the final ruling could affect both.
  • The advisory opinion says the court shouldn't weigh in on Privacy Shield, but also raises concerns about the adequacy of the agreement for protecting Europeans privacy.
  • In particular, Saugmandsgaard Øe questioned Privacy Shield's reliance on a U.S.-appointed ombudsperson to resolve Europeans' complaints about how their data gets handled, including by American intelligence agencies. He's not sure a single ombudsperson is sufficient—or sufficiently independent from U.S. government interests—to give proper redress.

Reality check: The advisory opinion is just that — advisory. The high court often goes along with it, but that's not always the case.

What's next: The final ruling is expected sometime in the first half of 2020.

  • The Electronic Privacy Information Center has sided with Schrems in the case, warning that the U.S. has not done enough to correct the problems revealed by Snowden.
  • EPIC President Marc Rotenberg said earlier this week the U.S. needs to pass comprehensive privacy legislation and create a data protection authority to address the issues "The U.S. actually has to do more to improve privacy standards within the US, which is ultimately what will satisfy Europe and benefit consumers," Rotenberg said.

Editor's note: This story has been updated with a different quote from EPIC's Marc Rotenberg.

Go deeper

Appeals court upholds six-day extension for counting Wisconsin ballots

Photo: Derek R. Henkle/AFP via Getty Images

A federal appeals court on Tuesday upheld a lower court ruling that extended the deadline for counting mail-in ballots in Wisconsin until Nov. 9 as long as they are postmarked by the Nov. 3 election, AP reports.

Why it matters: It's a big win for Democrats that also means that the winner of Wisconsin, a key presidential swing state, may not be known for six days after the election. Republicans are likely to appeal the ruling to the Supreme Court, as the Pennsylvania GOP did after a similar ruling on Monday.

Go deeper: How the Supreme Court could decide the election

Updated 34 mins ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 7 p.m. ET: 33,489,205 — Total deaths: 1,004,278 — Total recoveries: 23,243,613Map.
  2. U.S.: Total confirmed cases as of 7 p.m ET: 7,183,367 — Total deaths: 205,883 — Total recoveries: 2,794,608 — Total tests: 102,342,416Map.
  3. Health: Americans won't take Trump's word on the vaccine, Axios-Ipsos poll finds.
  4. States: NYC's coronavirus positivity rate spikes to highest since June.
  5. Sports: Tennessee Titans close facility amid NFL's first coronavirus outbreak.
  6. World: U.K. beats previous record for new coronavirus cases.
  7. Work: United States of burnout — Asian American unemployment spikes amid pandemic

What to watch in tonight's debate

Joe Biden (left) and President Trump (right) are facing off in Cleveland for the first presidential debate. Photos: Alex Wong (of Biden) and David Hume Kennerly (of Trump)/Getty Images

President Trump will try to break Joe Biden's composure by going after his son Hunter and other family members in tonight's first presidential debate — a campaign source tells Axios "nothing will be off the table" — while Biden plans to stick to the economy, coronavirus and new revelations about how Trump avoided paying taxes.

Driving the news: Biden and Trump are set to debate at 9pm ET at Case Western Reserve University in Cleveland, and it will be moderated by Fox News' Chris Wallace.

Get Axios AM in your inbox

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Subscription failed
Thank you for subscribing!