Safe Harbor - there are many puns going around the European Court of Justice declaring it void, but let’s resist the temptation to add another one and focus on the practical ramifications.
The biggest consequence is that it is no longer legal to collect, process, and use personal data of E.U. citizens in the U.S. under the Safe Harbor program.
To gain a better understanding of the wider impact this has, a quick look at the basics of Data Protection Law is helpful.
What is Safe Harbor?
Safe Harbor stems from a decision of the European Commission in 2000. It states that American companies wanting to process personal data from the E.U. can register with the U.S. Department of Commerce and opt into a program where the companies voluntarily commit themselves to adhere to the seven principles of data protection (security, data integrity, etc.) and a set of 15 frequently asked questions.
Why is personal data protected?
This is due to the right of informational self-determination, which in turn derives from the universal right of personality.
That said, data protection essentially boils down to the following: No collection, processing and use of personal data is allowed unless 1), the data subject gives its consent, or 2), it is legally permitted. Both forms of permission are subject to data reduction and data economy.