Complaint filed against Irish subsidiaries of Apple, Facebook

An Austrian-based student group has filed a complaint that Facebook and Apple's Irish subsidiaries broke EU law by allegedly sharing data with US intelligence services.

The Europe-v-Facebook group suggests the two companies located in Ireland to reduce their tax bills, a decision with potentially far-reaching consequences in wake of revelations about the Prism intelligence programe.

The group’s plan is to use what it views as the companies’ tax optimisation corporate structures against them.

The complaint was filed by Viennese law graduate Max Schrems, who spearheaded a series of complaints to Ireland's data protection commissioner that Facebook retained user data in breach of EU law.

The student group has filed additional complaints against Microsoft and Skype in Luxembourg as well as Yahoo in Germany, where the companies have located their respective European operations.

“In order to avoid taxes US companies have spun a network of subsidiaries,” said Mr Schrems. “At the same time these ‘tax avoidance strategies’ lead to a situation where the companies have to abide by US and EU laws. This can get tricky when they have to adhere to EU privacy laws and US surveillance laws.”

After revelations about the Prism programme, operated by the National Security Agency (NSA), Mr Schrems said he had consulted with many experts, all of whom expressed doubts about the legality under EU law of European-based US companies sharing data with US intelligence services.

The US tech companies face a dilemma, according to Mr Schrems: either comply with the US "gag order" precluding them from discussing Prism and risk a prison sentence in Europe, or answer all questions of EU authorities and risk NSA action in the US.

Europe-v-Facebook says it expects EU inquires to provide greater detail about the extent of data transfer between U.S. companies’ European and US arms, allowing it to be forwarded to the NSA.

The group’s complaint draws on the precedent set in 2006, which found that a mass transfer of data to the US authorities was illegal under EU law.

The 2006 case arose following complaints that the payment processor ‘SWIFT’ had forwarded transaction details to US authorities via a US-based data centre.

Mr Schrems says that, judging by media reports, the Swift and Prism data transfer operate under similar “black box” schemes.

The Swift case was closed when the company moved its data centre from Belgium to Switzerland.