Facebook data transfer interfered with privacy daily, court told

Law student claims data watchdog wrongly refused to investigate complaint

While Facebook denied it co-operated with the US authorities over data sharing, it was not offering users the option of informed consent, Austrian law student Max Schrems claims. Photograph: Andrew Harrer/Bloomberg

While Facebook denied it co-operated with the US authorities over data sharing, it was not offering users the option of informed consent, Austrian law student Max Schrems claims. Photograph: Andrew Harrer/Bloomberg

Wed, Apr 30, 2014, 20:16

A student has told the High Court his privacy rights are being interfered with on a daily basis as a result of the mass transfer, via the Irish arm of social network giant Facebook, of personal data to US intelligence services.

The matter is “very serious” because it involves the content of communications, the export of which must be illegal under Article 8 of the European Convention on Human Rights, counsel for Max Schrems said.

If the court believed Mr Schrems’s case depended on the interpretation of European law, it should refer issues for determination to the European Court of Justice, Paul O’Shea BL added.

He was making closing arguments in the action by Mr Schrems alleging Data Protection Commissioner Billy Hawkes wrongly refused to investigate his complaint that Facebook Ireland could not lawfully permit mass transfer of personal data to US intelligence services.

The judicial review challenge by Mr Schrems, an Austrian law student behind a data privacy campaign group called Europe v Facebook, concluded yesterday before Mr Justice Gerard Hogan, who said he hoped to rule on the matter on June 18th.

The complaint arose out of an article in the Guardian newspaper concerning revelations by whistleblower Edward Snowden that the US National Security Agency is involved in mass surveillance of European citizens though the “Prism” programme. Under Prism, Facebook in Ireland and other EU countries transfers large amounts of data to Facebook Inc in the US, where the authorities can access it.

Mr Schrems claims transfers are subject to the 2000 Safe Harbour data sharing arrangement between the US and the EU. He contends this arrangement is subject to certain exceptions, including an adequate level of protection of privacy of third parties. While Facebook denied it co-operated with the US authorities, it was not offering users the option of informed consent, he claims.

He alleges Mr Hawkes wrongly interpreted and applied the law governing the mass transfer of personal data of Facebook users to the NSA when he refused to investigate Mr Schrems’s complaint. Mr Schrems wants orders quashing that refusal and directing Mr Hawkes to reconsider the complaint.  

The commissioner, who found Facebook acted within the terms of the Safe Harbour arrangement, had found Facebook had no case to answer and was complying with the relevant regulations.

Paul Anthony McDermott BL, for the commissioner, submitted the real complaint was about the validity of the Safe Harbour arrangement, which was not a matter for the commissioner but an issue to be addressed at a political level. The Data Protection Commissioner in Luxembourg had also said he could not “go around” Safe Harbour, counsel said.