Ireland: prisoner of Big Tech?
A data-protection case in the High Court this week brought into focus the relationship between the State and the big tech companies located here. Some say we are regulating Facebook, Google and others too lightly
Safeguarding privacy: Austrian law student Max Schrems (right) gives a press conference after his meeting with European Facebook representatives in Vienna. Photograph: Dieter Nagl/AFP/Getty Images
The financial regulator wasn’t the only one under legal scrutiny this week in Dublin. As the Anglo Irish Bank trial ended, with considerable criticism from the judge for the former financial regulator, another court case began scrutinising another regulator: the Data Protection Commissioner.
This was not a trial but a judicial review. The question before the High Court: was the commissioner right not to probe allegations by the whistleblower Edward Snowden that Facebook’s Dublin subsidiary may have passed on data of its European users to the US intelligence services?
Under the Prism programme, launched by the US National Security Agency (NSA) in 2007 and exposed by the Guardian newspaper last summer, US companies are obliged to turn over data that meets court-approved search terms. The NSA says the programme had prevented terrorism and operated under full judicial oversight. Whether European data was involved is unclear.
When asked to investigate further by an Austrian privacy campaigner, Max Schrems, the Data Protection Commissioner, Billy Hawkes, ruled that Facebook’s Prism transfers were covered by existing EU-US data agreements, so were beyond his remit and required no further attention.
This week’s court date to challenge his ruling was not the first encounter between Hawkes and Schrems, but it was by far the most public. For years the Austrian has demanded that the commissioner’s office investigate a company he views as a disingenuous data magpie that collects more information than it lets on and that he believes runs rings around the Irish regulator.
After two audits of Facebook International, the commissioner says the social networking company is compliant with European data laws.
This latest battle between Schrems and Hawkes ensures the final ruling on June 18th of Mr Justice Gerard Hogan, who specialises in constitutional and EU law, will find a broad audience around Europe.
Watching closely are data protection regulators around the continent, many unhappy that they must defer to Hawkes’s office on complaints their citizens make against Facebook, Google and other tech companies based in the State.
Such cross-border disputes expose the divergent views, legal traditions and cultural expectations around Europe about privacy. Tempers flare and misunderstandings abound.
Britain’s information commissioner believes Hawkes does a good job in very difficult legal circumstances. Until a new European data protection regulation* that is– currently being negotiated comes into force, all national data-protection bodies process complaints based on national interpretations of 20-year-old rules written before the emergence of Google and Facebook.
“Under the current legal regime,” says David Smith, Britain’s deputy information commissioner, “we cannot be expected to apply other countries’ legal standards across the board to cases that affect their citizens but also ours”.
Germany’s federal and state data protection commissioners are perhaps the most vocal – and negative – in Europe about the Irish commissioner. They all express respect for their Irish colleague but doubt the Data Protection Commissioner would ever take on a deep-pocketed multinational like Facebook in the courts.