Data Commissioner decision challenged by Facebook user
Max Schrems’ complaint to Irish authorities ‘extremely important’ after Snowden, court told
A complaint to the Irish Data Protection Commissioner regarding the transfer of Facebook user data from Europe to the US National Security Agency (NSA) was “extremely important” in light of the Edward Snowden allegations, the High Court was told today.
The court heard arguments that Commissioner Billy Hawkes wrongly refused to investigate a complaint that an Irish arm of social network giant Facebook could not permit the mass transfer of personal data to US intelligence services operating the Prism surveillance programme.
The Data Protection Commissioner was not entitled to “turn a blind eye” to the allegations by the former NSA contractor Snowden , the court was told by Paul O’Shea BL, counsel for Austrian law student Max Schrems.
Mr Schrems, who is behind a data privacy campaign ‘Europe v Facebook’, was in court today for the legal challenge claiming Mr Hawkes wrongly interpreted and applied the law governing the transfer of personal data from Europe to the US when he rejected Mr Schrems’ complaint.
However counsel for Mr Hawkes, Paul Anthony McDermott BL, said the controversy was a result of Snowden allegations and was therefor a matter for a political level.
The transfer of data from firms in the EU to the US is subject to the transatlantic Safe Harbor arrangement dating back to 2000. The European Commission has previously expressed concern that Prism exposed a loophole in the Safe Harbor agreement . Mr Hawkes must await the outcome of “political negotiations” in Europe on the Safe Harbor law, Mr McDermott said.
Mr Schrems was not challenging the validity of Safe Harbor, rather the operation of it and that the transfer of data to the NSA was not in accordance with any exceptions under the agreement. Safe Harbor rules are subject to rights contained in EU directives, under the European Convention on Human Rights and under national law, he said.
When disclosing information to a third party, companies like Facebook must be required to give users affected by that transfer of data a “notice of choice”option of saying whether they agreed to the transfer. While Facebook denied it co-operated with the US authorities, it was not offering users the option of informed consent, he said.
Mr Hawkes dismissed the six-page complaint by Mr Schrems as “frivolous or vexatious”. Mr O’Shea said there was “no lawful basis” for the finding . “Members of the public may think this is insulting,” Mr McDermott said. “But in a legal sense it means there is not any realistic prospect of succeeding,” he said.
The reason the Commissioner found the complaint was vexatious was because it was not possible for him to make an order stopping the flow of information between Ireland and the US, counsel added.
Mr Schrems is asking Mr Justice Gerard Hogan to quash that decision and direct Mr Hawkes to reconsider the complaint. He also wants a preliminary reference to the European Court of Justice of issues arising from the case.
The Commissioner, who found Facebook acted within the terms of the agreemet Safe Harbor, is opposing his action. Mr Hawkes found Facebook had no case to answer and was in compliance with the relevant regulations.
Mr Schrems contended that the Data Protection Commissioner doesn’t want to deal with the issue of Facebook because it is a “hot potato” which he does “not have the courage to take this on”, Mr McDermott said. However Mr McDermott rejected this and said Mr Hawkes was not afraid to take on big companies and noted that he was investigating 22 other similar complaints by Mr Schrems. Mr McDermott argued that Mr Schrems should seek remedy with the US authorities under Safe Harbor s and if they would not deal with him he could then come back to the Data Commissioner .
The hearing continues.