Cantillon: Reality as Safe Harbour ebbs away

Lack of response from Data Protection Commissioner’s office when asked about ruling

The news that Safe Harbour has been found to be unsuitable for the purpose it was intended will come as no surprise to anyone who has been following data protection issues for the past few years.

The Snowden revelations, and Max Schrems's unwillingness to let his complaint about Facebook and its use of his data drop, were the final nail in its coffin.

European and US authorities now have the tough task of coming up with something to replace it that satisfies both sides and the requirements of data protection law.

In Europe, we've always taken pride in the belief our data protection laws are somewhat stronger than our US counterparts. The European Court of Justice ruling blew away that false belief, and put the data protection authorities around the EU on notice: this is how they are expected to deal with complaints from here on out.

READ MORE

So far, so predictable. But what may have been surprising though was the reaction from the office of the Data Protection Commissioner. A statement from the press office on behalf of commissioner Helen Dixon was as far as The Irish Times could get. A number of detailed questions about its handling of the original complaint went unanswered.

From the statement, you would get the impression the office was the one pushing for the case in the High Court. In fact, it was the DPC that refused to investigate the original complaint by the Austrian campaigner, claiming it was "frivolous and vexatious". Despite the veneer of positivity and the talk of how it reflects well on the Irish courts system, it gives Irish data protection activity an embarrassing grade of "must do better". While only the European Court of Justice could overturn Safe Harbour, questions have been raised over whether the route to get there should have been driven by the commissioner in Ireland.

There are far-ranging implications for the European court ruling. Does this mean other cases refused by the DPC will be investigated? Privacy campaigners must be hopeful. Data protection authorities are supposed to be there to protect the rights of citizens. With this ruling, privacy campaigners have some ammunition in their fight to ensure this is indeed the case.