Major privacy case to open before High Court in Dublin

Facebook and privacy campaigner party to action by Data Protection Commissioner

Helen Dixon: Ireland’s Data Protection Commissioner wants the High Court to refer issues concerning the validity of data transfer channels  to Europe for determination. Photograph: Brenda Fitzsimons

Helen Dixon: Ireland’s Data Protection Commissioner wants the High Court to refer issues concerning the validity of data transfer channels to Europe for determination. Photograph: Brenda Fitzsimons

 

A court case with potentially enormous implications for EU-US trade as well as the privacy rights of hundreds of millions of EU citizens, will open before the commercial division of the High Court on Tuesday.

Facebook is a party to the case, in which the Data Protection Commissioner has asked the court to refer to the EU’s top court the question of whether certain contracts protect the privacy rights of EU citizens when their personal data is transferred outside Europe.

Austrian privacy campaigner Max Schrems was also joined to the proceedings by the commissioner and is in Dublin for the case, which is expected to last three weeks.

The US government and a number of business and privacy groups have been permitted to join the case as amicii curiae, or “friends of the court”. There is likely to be considerable interest in any submission on behalf of the US government, particularly in light of the change in administration in January.

The Data Protection Commissioner, Helen Dixon, wants the High Court to refer issues concerning the validity of data transfer channels, known as standard contractual clauses and approved by various European Commission decisions, to the Court of Justice of the European Union (CJEU) for determination.

Data transfer

The clauses were designed to allow businesses to transfer the personal data of EU citizens to countries outside the European Economic Area while ensuring the citizens enjoyed equivalent privacy rights to those they have in the EU.

Ms Dixon’s office brought proceedings after making a draft finding in May last year that Mr Schrems had raised well-founded objections to whether the channels breached the data privacy rights of EU citizens.

An earlier complaint to the commissioner by Mr Schrems in relation to Facebook’s handling of his personal data in the US, made in the wake of the Edward Snowden revelations on US surveillance in 2013, ultimately ended up before the CJEU.

In that case in October 2015, the court struck down the Safe Harbour framework used by about 4,500 companies to transfer personal data to the United States, saying that US national security, public interest and law enforcement requirements prevailed over the scheme.

In an update published on the commissioner’s website, the office said it was seeking a referral to Europe because Ms Dixon had concerns about the validity of the standard contractual clauses when considered in the light of a number of factors, including articles 7, 8 and 47 of the Charter of Fundamental Rights of the European Union, and the CJEU’s judgment in the first Schrems case.

Mr Schrems did not proceed last November with an application to protect his exposure to costs, after both Facebook and the commissioner agreed not to pursue him for costs.

Argue against referral

It is expected that both Mr Schrems and Facebook will argue against referral to the CJEU, albeit for different reasons. Facebook is satisfied that the standard contractual clauses provide adequate safeguards for privacy.

The commissioner will make opening submissions on Tuesday. Short opening statements from Mr Schrems and Facebook will follow.

In July last year, Mr Justice Brian McGovern ruled that the US government, the Business Software Alliance, Digital Europe and the Electronic Privacy Information Centre (Epic) be joined to the proceedings as “friends of the court”. This allows them to offer expert assistance on the issues.

The commissioner’s office says it will publish updates on its website as the hearing progresses.