Because German authorities have deemed the Safe Harbor principles violated, they have also urged companies in the country to stop the exchange of personal data with the U.S., Sommer said. If the companies are unable to prove that the data of German citizens sent to the U.S. is safe, the authorities can order them to stop sending data to the U.S., she said.
"All European data protection authorities can start doing this," Sommer added.
However, not all data protection authorities agree with the German authorities.
The Irish Office of the Data Protection Commissioner (ODPC) said on Tuesday that the exchange of personal data of Irish subsidiaries of Facebook and Apple with the U.S. is in line with Safe Harbor principles, according to documents published by the Austrian student group Europe-v-Facebook on Thursday.
In late June, student group Europe-v-Facebook filed a barrage of complaints against European subsidiaries of major technology companies, claiming their data collection runs afoul of European privacy laws. The complaints were filed in Ireland against Facebook and Apple, in Luxembourg against Skype and Microsoft, and in Germany against Yahoo.
The group said that companies such as Facebook Ireland should not be allowed to export Europeans' data to the U.S. if the data is then forwarded to the NSA for massive surveillance of personal information without probable cause, the group said in a news release.
The complaints were filed after former NSA contractor Edward Snowden leaked documents revealing NSA surveillance programs.
In a formal response to Europe-v-Facebook, however, Irish data protection authorities said that they see no breach of safe harbor protections.
"We consider that an Irish-based data controller has met their data protection obligations in relation to the transfer of personal data to the U.S. if the U.S. based entity is 'Safe Harbor' registered," wrote Ciara O'Sullivan, senior compliance officer of the Irish ODPC.