European Union's Highest Court To Consider PRISM's Impact On EU Data Protection Laws

from the is-the-'safe-harbor'-safe? dept

Back in 2011, we wrote about an Austrian citizen, Max Schrems, who asked Facebook to send all of the personal data that it held on him -- and received a CD-ROM with some 800 pages of it. Schrems and his organization, Europe v Facebook (EvF), are now trying to find out whether the so-called "Safe Harbor" framework, which allows US companies to transfer personal data out of Europe if they promise to provide certain levels of data protection, is now void in the light of Edward Snowden's revelations of the complicity of US computer companies in NSA spying through the PRISM system.

Initially, Schrems and EvF asked the Irish data protection commissioner to investigate whether Facebook had transferred the personal data of Europeans to the NSA -- the legal action was launched in Ireland because Facebook has its European headquarters there. The commissioner refused, calling the action "frivolous and vexatious". So EvF appealed, and as Gigaom reports, the Irish High Court's Judge Hogan has just handed down his verdict:

Hogan disagreed that Schrems was a vexatious complainer, saying that in the wake of Edward Snowden's NSA revelations his concern was justified. He also said that, although Schrems clearly had no definitive evidence that the principles of the Safe Harbor agreement were being violated, he was "nonetheless certainly entitled to object to a state of affairs where his data are transferred to a jurisdiction which, to all intents and purposes, appears to provide only a limited protection against any interference with that private data by the U.S. security authorities."
Because the questions raised by Schrems and EvF are so far-reaching for the whole of the European Union, Hogan referred the case to Europe's highest court, the EU Court of Justice (EUCJ), posing the following questions:
Is the [Irish data protection] watchdog "absolutely bound" by the European Commission's view 14 years ago that the U.S. adequately protects personal data, or "alternatively, may the office holder conduct his or her own investigation on the matter in the light of factual developments in the meantime since that Commission Decision was first published?"
Although the EUCJ is not being asked directly to consider Snowden's revelations about the NSA surveillance of Europeans through PRISM and other programs, and whether that spying undermines the entire Safe Harbor agreement, it seems inevitable that the court will need to address those issues in coming to its decision. As we've reported before, there are already calls from the European Parliament to suspend the Safe Harbor scheme -- something that would be pretty disastrous for US computer companies operating in Europe. At the very least, this latest development will add to the pressure there to revise the framework to address its manifest weaknesses.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

Reader Comments (rss)

(Flattened / Threaded)

  1. identicon
    Whatever, Jun 19th, 2014 @ 2:20am

    something that would be pretty disastrous for US computer companies operating in Europe.

    It would be disasterous for everyone. It would create a point where the internet would lose much of it's universal appeal, as companies outside of the EU might be hesitant to accept users from within the EU if they are forced to have completely different data treatment processes - to the point of perhaps being forced to have servers in the EU to deal with the issues.

    Moreover, for social media companies, it's a legal landmine. Imagine the simple Facebook re-share or thumbs up on a post. If someone in the EU posts something and somoene shares that post with Americans without explicit permission, have they violated privacy rules? Remember, the post would include the original poster's name and whatever other information is available in their public profile.

    It would seem that paranoia about PRISM and Snowden's "revelations" may render the internet nearly useless over time.

    reply to this | link to this | view in thread ]

  2. identicon
    Anonymous Coward, Jun 19th, 2014 @ 2:38am


    Actually, the paranoia may turn the Internet back towards what is was intended to be, a distributed peer to peer system, with federated services to spread data. The results would be a more robust, harder to spy on, and more censor resistant Internet. While big companies may suffer, they are also part of the problem becoming centralized controllers over parts of the Internet and therefore attractive targets for laws and government influence.

    reply to this | link to this | view in thread ]

  3. icon
    orbitalinsertion (profile), Jun 19th, 2014 @ 3:25am


    It would seem that paranoia about PRISM and Snowden's "revelations" may render the internet nearly useless over time.

    But of course. It couldn't possibly be about the behavior of US governments and corporations. No. Not at all. Has nothing to do with the fact that they would allow such a result to occur for the internet rather than change. What a horrible thing for the EU to do.

    reply to this | link to this | view in thread ]

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Insider Shop - Show Your Support!

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.