The only possible deal that is immediately available is where the European Commission agrees a politically expeditious but legally untenable deal, creating a time bomb rather than a durable deal, to the benefit of no one. In absence of reforms before an agreement, individuals’ fundamental rights would remain under threat.

The Safe Harbor agreement does not do enough to protect EU citizen's private information when it reached the United States, Yves Bot, Advocate General at the European Court of Justice (ECJ), said. While his opinions are not binding, they tend to be followed by the court's judges, who are currently considering a complaint about the system in the wake of revelations from ex-National Security Agency contractor Edward Snowden of mass U.S. government surveillance.

A lawyer for the European Commission told an EU judge on Tuesday (24 March) he should close his Facebook page if he wants to stop the US snooping on him, in what amounts to an admission that Safe Harbour, an EU-US data protection pact, doesn’t work.

The US wields secretive and indiscriminate powers to collect data, he said, and had never offered Brussels any commitments to guarantee EU privacy standards for its citizens’ data. On the contrary, said [Max Schrems' counsel] Mr Hoffmann, “Safe Harbour” provisions could be overruled by US domestic law at any time.
Thus he asked the court for a full judicial review of the “illegal” Safe Harbour principles which, he said, violated the essence of privacy and left EU citizens “effectively stripped of any protection”.
[Irish] DPC counsel Paul Anthony McDermott SC suggested that Mr Schrems had not been harmed in any way by the status quo. “This is not surprising, given that the NSA isn’t currently interested in the essays of law students in Austria,” he said.
Mr Travers for Mr Schrems disagreed, saying “the breach of the right to privacy is itself the harm”.

The Court has found that data retention “entails a wide-ranging and particularly serious interference with the fundamental rights to respect for private life and to the protection of personal data” and that it “entails an interference with the fundamental rights of practically the entire European population”. TJ McIntyre, Chairman of Digital Rights Ireland, said that “This is the first assessment of mass surveillance by a supreme court since the Snowden revelations. The ECJ’s judgement finds that untargeted monitoring of the entire population is unacceptable in a democratic society.”

[...] Though the Directive has now been struck down, the issue will remain live in all the countries who have passed domestic law to implement the data retention mass surveillance regime. Digital Rights Ireland’s challenge to the Irish data retention system will return to the High Court in Dublin for the next phase of litigation.

If the full European Court of Justice (ECJ) accepts the opinion of its advocate general in a final ruling due early next year – and it almost always does – it will prove a huge vindication of Ireland’s small privacy advocacy group, Digital Rights Ireland (DRI).
Its case against Irish retention laws, which began in 2006, forms the basis of this broader David v Goliath challenge and initial opinion.
The advocate general’s advice largely upholds the key concerns put forward by DRI against Ireland’s laws. Withholding so much data about every citizen, including children, in case someone commits a future crime, is too intrusive into private life, and could allow authorities to create a “faithful and exhaustive map of a large portion of a person’s [private] conduct”.
Retained data is so comprehensive that they could easily reveal private identities, which are supposed to remain anonymous. And the data, entrusted to third parties, is at too much risk of fraudulent or malicious use.
Cruz Villalón argues that there must be far greater oversight to the retention process, and controls on access to data, and that citizens should have the right to be notified after the fact if their data has been scrutinised. The Irish Government had repeatedly waved off such concerns from Digital Rights Ireland in the past.