The Irish Times view on data protection: privacy as a personal right

The European Court of Justice has again taken a stand against global businesses built on surveillance capitalism

For the second time, a Facebook-related complaint that privacy campaigner Max Schrems initially took to the Irish Data Protection Commissioner has been adjudicated with sweeping effect in Europe’s highest court. Photograph: Christian Bruna/AFP via Getty Images

For the second time, a Facebook-related complaint that privacy campaigner Max Schrems initially took to the Irish Data Protection Commissioner has been adjudicated with sweeping effect in Europe’s highest court. Photograph: Christian Bruna/AFP via Getty Images

 

Once again, Austrian data protection and privacy campaigner Max Schrems has shaken the international business and political worlds. For the second time, a Facebook-related complaint that Schrems initially took to the Irish Data Protection Commissioner has been adjudicated with sweeping effect in Europe’s highest court, the European Court of Justice (CJEU). In both a previous 2015 case (Schrems 1), and in the CJEU ruling yesterday (Schrems 2.0), he had questioned whether his personal data could be protected to EU standard once sent to the US by Facebook.

Yesterday, the judges gave a mixed answer. Momentously, they ruled invalid the Privacy Shield, a data transfer agreement between the United States and European Union, primarily due to concerns about opaque US state surveillance powers first disclosed by whistleblower Edward Snowden in 2013. The decision will affect thousands of organisations that transfer data as an everyday part of doing business.

In the political realm, the demolition of the Privacy Shield is a frustrating and embarrassing blow to the US and the European Commission.

The State must fund and maintain a strong, transparent regulator

Critically, the court did not entirely shut down transatlantic data flows. Instead, the CJEU offered companies the lifeline of using a type of legal agreement called Standard Contractual Clauses (SCCs). Many multinationals and large Irish companies already use SCCs drawn up by their internal legal teams, some having moved to them as one way of hedging bets in advance of this week’s decision. Smaller Irish companies with fewer resources will likely find SCCs a more costly and complex route. A huge caveat is that companies (and national data protection authorities) must determine if the countries they send data to via SCCs offer adequate EU-level protection. This would seem to rule out both the US, and the Brexiting UK, which has similar, data-driven surveillance programmes.

Ireland, the EU base for so many multinational technology companies and internet platforms, faces a particular regulatory burden, as most cases involving such companies will be referred here. This means the State must fund and maintain a strong, transparent regulator, with the legal expertise to take on the multinationals.

As a legal marker, this case demonstrates the CJEU’s intent to continue to build strongly on earlier ground-breaking decisions of global impact in the area of business, data protection and human rights. In particular, global businesses built on surveillance capitalism – a data-fueled, advertising-driven formula in which personal data is seen as a lucrative corporate asset – must contend with the CJEU’s defiant legal counter that it is instead, our own personal asset, protected by the CJEU’s affirmation of data privacy and protection as a fundamental human right.

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
SUBSCRIBE
GO BACK
Error Image
The account details entered are not currently associated with an Irish Times subscription. Please subscribe to sign in to comment.
Comment Sign In

Forgot password?
The Irish Times Logo
Thank you
You should receive instructions for resetting your password. When you have reset your password, you can Sign In.
The Irish Times Logo
Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.
Screen Name Selection

Hello

Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
SUBSCRIBE
Forgot Password
Please enter your email address so we can send you a link to reset your password.

Sign In

Your Comments
We reserve the right to remove any content at any time from this Community, including without limitation if it violates the Community Standards. We ask that you report content that you in good faith believe violates the above rules by clicking the Flag link next to the offending comment or by filling out this form. New comments are only accepted for 3 days from the date of publication.