Illustration: Sarah Grillo/Axios

An adviser to Europe's highest court told its judges Thursday to uphold the contractual terms that Facebook and other companies rely on to transfer billions of dollars worth of data on Europeans to other countries.

Why it matters: The case's outcome will not only determine whether companies need to rethink how they protect users' privacy and data, but could also shape a deeper transatlantic divide for the internet.

Driving the news: The European Commission-backed model agreements that companies use to protect users' privacy in data transfers are "valid," wrote European Court of Justice advocate general Henrik Saugmandsgaard Øe in an advisory opinion, a non-binding recommendation that the court follows the vast majority of the time.

Yes, but: The opinion said regulators should still force companies to halt transfers under certain circumstances and raised questions about a key U.S.-EU agreement on data flows.

Where it stands: A final ruling in line with the opinion that the contracts are valid could reassure U.S. companies.

  • But Saugmandsgaard Øe leaves the door open to European regulators blocking data transfers because they think U.S. surveillance practices conflict with EU privacy standards.
  • And if the court picks up questions he raised around the EU-U.S. Privacy Shield and finds it invalid, there would be major repercussions for the thousands of companies who rely on that agreement to freely transfer data, ranging from payroll information to European customer records.
  • "We are talking about billions and billions of dollars worth of commerce that relies on that transatlantic data flow," Aaron Cooper, vice president at BSA | The Software Alliance, said ahead of the opinion's release. "It is about every industry sector."

The big picture: Europe has sought to set the global standards on online privacy, with strict data safeguards that contrast with the United States' historically laissez-faire approach. The pending court ruling represents a judgment before the world of how people's data gets handled in the U.S.

Details: The European Court of Justice, the EU's supreme court, is weighing whether model agreements with U.S. companies meant to protect Europeans' privacy abroad are up to snuff.

  • The case stems from a complaint against clauses in Facebook's data contracts, brought by European privacy advocate Max Schrems.
  • The European Commission has endorsed the so-called standard contractual clauses, but Schrems argued the Facebook clauses do not adequately protect Europeans from government surveillance in the U.S.
  • He said he is "generally happy" with the advisory opinion, noting that he did not want to disturb the thousands of contractual agreements in place globally. "Everyone will still be able to have all necessary data flows with the US, like sending emails or booking a hotel in the US," Schrems said in a statement. "Some EU businesses may not be able to use certain US providers for outsourcing anymore, because US surveillance laws requires these companies to disclose data to the NSA."
  • Facebook associate general counsel Jack Gilbert said the company is grateful for the opinion. "Standard contractual clauses provide important safeguards to ensure that Europeans’ data are protected once transferred overseas," Gilbert said in a statement.

Flashback: You might remember Schrems from launching the case that upended the previous agreement that governed data flows between the U.S. and Europe, the Safe Harbor.

  • Responding to U.S. government data collection practices exposed by NSA contractor Edward Snowden, Schrems filed complaints against several U.S. companies that led to the European high court declaring the Safe Harbor invalid in 2015.
  • U.S. companies scrambled to set up alternative arrangements while the U.S. and Europe hammered out a new agreement, 2016's Privacy Shield.

Now, the Privacy Shield faces a major test, and court watchers have been worried it will not pass.

  • The main question before the European court is whether the standard contractual clauses adequately protect privacy, but a lot of the questions posed by the court relate to Privacy Shield, so the final ruling could affect both.
  • The advisory opinion says the court shouldn't weigh in on Privacy Shield, but also raises concerns about the adequacy of the agreement for protecting Europeans privacy.
  • In particular, Saugmandsgaard Øe questioned Privacy Shield's reliance on a U.S.-appointed ombudsperson to resolve Europeans' complaints about how their data gets handled, including by American intelligence agencies. He's not sure a single ombudsperson is sufficient—or sufficiently independent from U.S. government interests—to give proper redress.

Reality check: The advisory opinion is just that — advisory. The high court often goes along with it, but that's not always the case.

What's next: The final ruling is expected sometime in the first half of 2020.

  • The Electronic Privacy Information Center has sided with Schrems in the case, warning that the U.S. has not done enough to correct the problems revealed by Snowden.
  • EPIC President Marc Rotenberg said earlier this week the U.S. needs to pass comprehensive privacy legislation and create a data protection authority to address the issues "The U.S. actually has to do more to improve privacy standards within the US, which is ultimately what will satisfy Europe and benefit consumers," Rotenberg said.

Editor's note: This story has been updated with a different quote from EPIC's Marc Rotenberg.

Go deeper

13 hours ago - Health

15 states broke single-day coronavirus records this week

Data: Compiled from state health departments by Axios; Map: Danielle Alberti/Axios

At least 15 states broke their single-day novel coronavirus infection records this week, according to state health department data reviewed by Axios.

The big picture: The number of coronavirus cases increased in the vast majority of states over the last week, and decreased in only two states plus the District of Columbia, Axios' Andrew Withershoop and Caitlin Owens report.

Updated 13 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Aïda Amer/Axios

  1. Global: Total confirmed cases as of 3 p.m. ET: 11,143,945 — Total deaths: 527,681 — Total recoveries — 6,004,593Map.
  2. U.S.: Total confirmed cases as of 3 p.m. ET: 2,818,588 — Total deaths: 129,584 — Total recoveries: 883,561 — Total tested: 34,213,497Map.
  3. States: Photos of America's pandemic July 4 ICU beds in Arizona's hot spot reach near capacity.
  4. Public health: U.S. coronavirus infections hit record highs for 3 straight days.
  5. Politics: Trump extends PPP application deadlineKimberly Guilfoyle tests positive.
  6. World: Mexican leaders call for tighter border control as infections rise in U.S.
  7. Sports: 31 MLB players test positive as workouts resume.
  8. 1 📽 thing: Drive-in movie theaters are making a comeback.
13 hours ago - Health

In photos: America celebrates July 4 during global pandemic

Photo: Francine Orr/Los Angeles Times/Getty Images

The U.S. has already celebrated Easter, graduations and so much more during the coronavirus pandemic, and now it can add July 4 to the list.

The state of play: Axios' Stef Kight writes public parades and fireworks displays around much of the country are being canceled to prevent mass gatherings where the virus could spread. Hot-dog contests and concerts will play to empty stands and virtual audiences — all while American pride treads an all-time low.