European Union's Highest Court To Consider PRISM's Impact On EU Data Protection Laws

from the is-the-'safe-harbor'-safe? dept

Back in 2011, we wrote about an Austrian citizen, Max Schrems, who asked Facebook to send all of the personal data that it held on him -- and received a CD-ROM with some 800 pages of it. Schrems and his organization, Europe v Facebook (EvF), are now trying to find out whether the so-called "Safe Harbor" framework, which allows US companies to transfer personal data out of Europe if they promise to provide certain levels of data protection, is now void in the light of Edward Snowden's revelations of the complicity of US computer companies in NSA spying through the PRISM system.

Initially, Schrems and EvF asked the Irish data protection commissioner to investigate whether Facebook had transferred the personal data of Europeans to the NSA -- the legal action was launched in Ireland because Facebook has its European headquarters there. The commissioner refused, calling the action "frivolous and vexatious". So EvF appealed, and as Gigaom reports, the Irish High Court's Judge Hogan has just handed down his verdict: Hogan disagreed that Schrems was a vexatious complainer, saying that in the wake of Edward Snowden's NSA revelations his concern was justified. He also said that, although Schrems clearly had no definitive evidence that the principles of the Safe Harbor agreement were being violated, he was "nonetheless certainly entitled to object to a state of affairs where his data are transferred to a jurisdiction which, to all intents and purposes, appears to provide only a limited protection against any interference with that private data by the U.S. security authorities." Because the questions raised by Schrems and EvF are so far-reaching for the whole of the European Union, Hogan referred the case to Europe's highest court, the EU Court of Justice (EUCJ), posing the following questions: Is the [Irish data protection] watchdog "absolutely bound" by the European Commission's view 14 years ago that the U.S. adequately protects personal data, or "alternatively, may the office holder conduct his or her own investigation on the matter in the light of factual developments in the meantime since that Commission Decision was first published?" Although the EUCJ is not being asked directly to consider Snowden's revelations about the NSA surveillance of Europeans through PRISM and other programs, and whether that spying undermines the entire Safe Harbor agreement, it seems inevitable that the court will need to address those issues in coming to its decision. As we've reported before, there are already calls from the European Parliament to suspend the Safe Harbor scheme -- something that would be pretty disastrous for US computer companies operating in Europe. At the very least, this latest development will add to the pressure there to revise the framework to address its manifest weaknesses.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: data sharing, eu court of justice, eu safe harbor, max schrems, prism, privacy

Companies: facebook