Future EU-US data sharing risks complications if the EU Court follows the opinion of Yves Bot, its attorney general, issued on Wednesday (23 September).

He said the Safe Harbour treaty, a 15-year old accord on data transfers between EU firms and US companies, such as Google or Facebook, is “invalid”.

Student or retired? Then this plan is for you.

He also said the European Commission has no power to prevent individual EU states from blocking data transfers to the US in order to protect their nationals’ privacy rights.

The attorney general said Safe Harbour is defunct due to the mass snooping revelations of Edward Snowden, a US intelligence contractor.

He said “the access enjoyed by the United States intelligence services to the transferred data constitutes an interference with the right to respect for private life” under parts of the EU treaty.

He said EU nationals need judicial remedy in US courts if they believe their rights have been abused.

He also said US security services hoover up EU nationals’ data “in a generalised manner, [concerning] all persons and all means of electronic communication, and all the data transferred (including the content of the communications), [is used] without any differentiation, limitation, or exception”.

The EU Court case revolves around Max Schrems.

The 27-year old Austrian law student and privacy campaigner brought a case against Facebook in the Irish courts, which have jurisdiction on its EU activities.

The Irish court then asked EU law chiefs to step in.

The Yves Bot opinion is not binding, but the EU Court normally follows its attorney general’s advice, and the Irish courts are also likely to follow suit.

“Yay! ... Safe Harbour is invalid”, Schrems Tweeted on Wednesday. He added that Ireland must now probe if Facebook gave his data to US intelligence.

Facebook said in a statement: “We have repeatedly said that we do not provide ‘backdoor’ access to Facebook servers and data to intelligence agencies or governments”.

For its part, the European Commission is due to file a proposal on an updated version of Safe Harbour in the coming weeks.

But Safe Harbour is just part of broader EU-US data regime talks.

EU institutions are finalising a Data Protection Umbrella Agreement, part of which is to give EU nationals judicial redress in the US.

They are in talks on an EU-US free trade pact, which has a digital market dimension.

They are also finalising a treaty on sharing air passenger data for security reasons - the so called PNR agreement.

Security aside, Bot’s opinion has caused alarm in the private sector.

The Brussels-based digitial sector lobby, DigitalEurope, said in a statement that some 4,500 European companies need Safe Harbour “to transfer a wide range of commercial data such as payroll and customer data”.

Wim Nauwelaerts, a partner at the Brussels-based law firm Hunton & Williams, told the Reuters news agency that Bot’s opinion casts a shadow on the other EU-US pacts.

"If you question overall the validity of US law then what about these other legal mechanisms?,” he said.