European Union's Highest Court To Consider PRISM's Impact On EU Data Protection Laws

from the is-the-'safe-harbor'-safe? dept

Back in 2011, we wrote about an Austrian citizen, Max Schrems, who asked Facebook to send all of the personal data that it held on him — and received a CD-ROM with some 800 pages of it. Schrems and his organization, Europe v Facebook (EvF), are now trying to find out whether the so-called “Safe Harbor” framework, which allows US companies to transfer personal data out of Europe if they promise to provide certain levels of data protection, is now void in the light of Edward Snowden’s revelations of the complicity of US computer companies in NSA spying through the PRISM system.

Initially, Schrems and EvF asked the Irish data protection commissioner to investigate whether Facebook had transferred the personal data of Europeans to the NSA — the legal action was launched in Ireland because Facebook has its European headquarters there. The commissioner refused, calling the action “frivolous and vexatious”. So EvF appealed, and as Gigaom reports, the Irish High Court’s Judge Hogan has just handed down his verdict:

Hogan disagreed that Schrems was a vexatious complainer, saying that in the wake of Edward Snowden’s NSA revelations his concern was justified. He also said that, although Schrems clearly had no definitive evidence that the principles of the Safe Harbor agreement were being violated, he was “nonetheless certainly entitled to object to a state of affairs where his data are transferred to a jurisdiction which, to all intents and purposes, appears to provide only a limited protection against any interference with that private data by the U.S. security authorities.”

Because the questions raised by Schrems and EvF are so far-reaching for the whole of the European Union, Hogan referred the case to Europe’s highest court, the EU Court of Justice (EUCJ), posing the following questions:

Is the [Irish data protection] watchdog “absolutely bound” by the European Commission’s view 14 years ago that the U.S. adequately protects personal data, or “alternatively, may the office holder conduct his or her own investigation on the matter in the light of factual developments in the meantime since that Commission Decision was first published?”

Although the EUCJ is not being asked directly to consider Snowden’s revelations about the NSA surveillance of Europeans through PRISM and other programs, and whether that spying undermines the entire Safe Harbor agreement, it seems inevitable that the court will need to address those issues in coming to its decision. As we’ve reported before, there are already calls from the European Parliament to suspend the Safe Harbor scheme — something that would be pretty disastrous for US computer companies operating in Europe. At the very least, this latest development will add to the pressure there to revise the framework to address its manifest weaknesses.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

Filed Under: , , , , ,
Companies: facebook

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “European Union's Highest Court To Consider PRISM's Impact On EU Data Protection Laws”

Subscribe: RSS Leave a comment
Whatever says:

something that would be pretty disastrous for US computer companies operating in Europe.

It would be disasterous for everyone. It would create a point where the internet would lose much of it’s universal appeal, as companies outside of the EU might be hesitant to accept users from within the EU if they are forced to have completely different data treatment processes – to the point of perhaps being forced to have servers in the EU to deal with the issues.

Moreover, for social media companies, it’s a legal landmine. Imagine the simple Facebook re-share or thumbs up on a post. If someone in the EU posts something and somoene shares that post with Americans without explicit permission, have they violated privacy rules? Remember, the post would include the original poster’s name and whatever other information is available in their public profile.

It would seem that paranoia about PRISM and Snowden’s “revelations” may render the internet nearly useless over time.

Anonymous Coward says:

Re: Re:

Actually, the paranoia may turn the Internet back towards what is was intended to be, a distributed peer to peer system, with federated services to spread data. The results would be a more robust, harder to spy on, and more censor resistant Internet. While big companies may suffer, they are also part of the problem becoming centralized controllers over parts of the Internet and therefore attractive targets for laws and government influence.

orbitalinsertion (profile) says:

Re: Re:

It would seem that paranoia about PRISM and Snowden’s “revelations” may render the internet nearly useless over time.

But of course. It couldn’t possibly be about the behavior of US governments and corporations. No. Not at all. Has nothing to do with the fact that they would allow such a result to occur for the internet rather than change. What a horrible thing for the EU to do.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...