High Court refers Facebook privacy case to Europe

Privacy campaigner took case following claims social network passed information to NSA

Thu, Jun 19, 2014, 01:04

The High Court has referred questions raised by a case taken by an Austrian privacy activist over the alleged mass transfer of personal data to US intelligence services to the European Court of Justice.

Privacy campaigner Max Schrems had argued that the Data Protection Commissioner, Billy Hawkes, wrongly refused to investigate whistleblower Edward Snowden’s claims that Dublin-based Facebook International had passed on its EU users’ data to the US National Security Agency as part of its Prism surveillance programme.

While the judge did not find in Mr Schrems’s favour today, he adjourned the case pending a reference to the European court.

Lawyers for Mr Schrems had told the court the Data Protection Commissioner was not entitled to “turn a blind eye” to the allegations by the former NSA contractor.

Mr Schrems, who is behind a data privacy campaign ‘Europe v Facebook’, claimed Mr Hawkes wrongly interpreted and applied the law governing the transfer of personal data from Europe to the US when he rejected Mr Schrems’ complaint.

However counsel for Mr Hawkes, Paul Anthony McDermott BL, said the controversy was a result of Snowden allegations and was therefore a matter for the political level.

The transfer of data from firms in the EU to the US is subject to the transatlantic Safe Harbour arrangement dating back to 2000. The European Commission has previously expressed concern that Prism exposed a loophole in the Safe Harbour agreement. Mr Hawkes must await the outcome of “political negotiations” in Europe on the Safe Harbour law, Mr McDermott said.

Mr Schrems said he was not challenging the validity of Safe Harbour, rather the operation of it, and that the transfer of data to the NSA was not in accordance with any exceptions under the agreement. Safe Harbour rules are subject to rights contained in EU directives, under the European Convention on Human Rights and under national law, he said.

In court this morning, Mr Justice Gerard Hogan said the evidence suggested that personal data was “routinely accessed on a mass and undifferentiated basis by the US security authorities”.

The judge said that Irish law had effectively been “pre-empted” by EU law, specifically the provisions of a 1995 directive and the 2000 decision establishing the Safe Harbour regime.

With the July 2000 decision the European Commission found that US data protection law and practice was sufficient to safeguard the rights of European data subjects and it was clear from Article 25(6) of the 1995 directive that national data protection authorities must comply with findings of this nature.

He said it followed that if the data protection commissioner cannot look beyond the Safe Harbour decision, “then it is clear that the present application for judicial review must fail.”