European Union's Highest Court To Consider PRISM's Impact On EU Data Protection Laws

from the is-the-'safe-harbor'-safe? dept

Back in 2011, we wrote about an Austrian citizen, Max Schrems, who asked Facebook to send all of the personal data that it held on him -- and received a CD-ROM with some 800 pages of it. Schrems and his organization, Europe v Facebook (EvF), are now trying to find out whether the so-called "Safe Harbor" framework, which allows US companies to transfer personal data out of Europe if they promise to provide certain levels of data protection, is now void in the light of Edward Snowden's revelations of the complicity of US computer companies in NSA spying through the PRISM system.

Initially, Schrems and EvF asked the Irish data protection commissioner to investigate whether Facebook had transferred the personal data of Europeans to the NSA -- the legal action was launched in Ireland because Facebook has its European headquarters there. The commissioner refused, calling the action "frivolous and vexatious". So EvF appealed, and as Gigaom reports, the Irish High Court's Judge Hogan has just handed down his verdict:

Hogan disagreed that Schrems was a vexatious complainer, saying that in the wake of Edward Snowden's NSA revelations his concern was justified. He also said that, although Schrems clearly had no definitive evidence that the principles of the Safe Harbor agreement were being violated, he was "nonetheless certainly entitled to object to a state of affairs where his data are transferred to a jurisdiction which, to all intents and purposes, appears to provide only a limited protection against any interference with that private data by the U.S. security authorities."
Because the questions raised by Schrems and EvF are so far-reaching for the whole of the European Union, Hogan referred the case to Europe's highest court, the EU Court of Justice (EUCJ), posing the following questions:
Is the [Irish data protection] watchdog "absolutely bound" by the European Commission's view 14 years ago that the U.S. adequately protects personal data, or "alternatively, may the office holder conduct his or her own investigation on the matter in the light of factual developments in the meantime since that Commission Decision was first published?"
Although the EUCJ is not being asked directly to consider Snowden's revelations about the NSA surveillance of Europeans through PRISM and other programs, and whether that spying undermines the entire Safe Harbor agreement, it seems inevitable that the court will need to address those issues in coming to its decision. As we've reported before, there are already calls from the European Parliament to suspend the Safe Harbor scheme -- something that would be pretty disastrous for US computer companies operating in Europe. At the very least, this latest development will add to the pressure there to revise the framework to address its manifest weaknesses.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: data sharing, eu court of justice, eu safe harbor, max schrems, prism, privacy
Companies: facebook

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Anonymous Coward, 19 Jun 2014 @ 2:38am


    Actually, the paranoia may turn the Internet back towards what is was intended to be, a distributed peer to peer system, with federated services to spread data. The results would be a more robust, harder to spy on, and more censor resistant Internet. While big companies may suffer, they are also part of the problem becoming centralized controllers over parts of the Internet and therefore attractive targets for laws and government influence.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Essential Reading
Techdirt Insider Chat
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it

Email This

This feature is only available to registered users. Register or sign in to use it.