[rurban]

Have you forgot about the GHCQ and their "illegal" data exchange to overcome legal hurdles? And I wouldn't vouch for other friends of the USA who exchanges data >10% (the self-imposed german limit) en bulk. Denmark, Sweden and the Neitherlands would come to my mind. In almost every european country are huge US listening posts.

So even inside the EU there's not a safe harbor as you don't know the percentage and the filters in place, the secret interpretation of laws, and cooperation, infiltration and hacking into the main exchanges and cables.

[csirac2]

I think focusing on the intelligence aspects is a bit of a distraction. The court in question was asked whether there was a case to be heard at all ("does this safe harbor thing really do what it says on the tin?") and the outcome as we know was "no", but not (only) due to vague undocumented (by court standards) foreign intelligence activities, but because rather simply the plain fact that unlike an EU operator, EU citizens have no legal recourse against companies in the US in the event of disputes such as the one in question.

It's this lack of legal process which means that the safe harbor agreement did not provide equivalent protections required by the charter, without even considering the spying angle.