Menu
Europe's top court to review personal data exchange between EU and US

Europe's top court to review personal data exchange between EU and US

The review was prompted by Europe-v-Facebook's legal challenge of the Irish DPC's refusal to investigate Facebook's export of data to the US

The Irish High Court has referred to a 14-year-old agreement governing the exchange of personal data between the European Union and the U.S. to the EU's top court.

The referral, on Wednesday, came in a case over whether the Irish Data Protection Commissioner was right to refuse to investigate Facebook's alleged involvement with the U.S. government surveillance program Prism.

Europe-v-Facebook, an Austrian group representing some Facebook users, filed a complaint with the Irish DPC over Facebook's data exportation regime in June last year. It argued that when Facebook collects user data and exports it to the U.S. it is giving the U.S. National Security Agency (NSA) the opportunity to use the data for massive surveillance of personal information without probable cause -- and by doing so, Facebook is violating European laws.

The Irish DPC became involved because Facebook's European subsidiary, responsible for the data of the company's users outside the U.S. and Canada, is registered in Ireland and falls under its jurisdiction. However, it refused to investigate Europe-v-Facebook's complaint, arguing that there were no grounds for an investigation since Facebook's data exportation is covered by the EU-U.S. "safe harbor" agreement.

European laws prohibit the transfer of personal data to non-EU countries that do not meet the EU's standards for data protection. The EU and the U.S. together developed the "safe harbor" framework under which U.S. firms can undertake to provide protection for data on EU citizens as strong as that required by EU legislation. For example, companies must show that they prevent penetration of their networks.

Not satisfied with the DPC's response, Europe-v-Facebook asked the Irish High Court to review and reverse the DPC's refusal.

The Irish High Court however referred the case to the Court of Justice of the European Union (CJEU), Europe-v-Facebook said Tuesday, calling the decision a "very unexpected, but great turn," adding that this means that Europe's top court is going to review the safe harbor agreements.

It asked the CJEU whether a data protection authority such as the DPC is absolutely bound by a European Commission decision from 2000. In that decision the Commission said that personal data transferred to a third country such as the U.S. is considered adequately protected if the companies that process the data adhere to safe harbor principles.

The High Court said in its ruling that Europe-v-Facebook's objection is really to the terms of the Safe Harbor regime rather than to the manner in which the DPC applied the regime.

"There is, perhaps, much to be said for the argument that the Safe Harbor Regime has been overtaken by events. The Snowden revelations may be thought to have exposed gaping holes in the contemporary U.S. data protection practice," the High Court said, adding that the safe harbor agreements as such have not been challenged.

However, if the Irish DPC is not allowed to disregard the Commission's 2000 decision, Europe-v-Facebook's complaint must fail, the High Court said.

Given the novelty and the practical importance of these issues which have  considerable practical implications for all 28 EU member states, this question should be determined by the CJEU, the High Court said.

The referral is "the best thing that could have possibly happened," said Europe-v-Facebook's front man Max Schrems on Twitter.

Loek is Amsterdam Correspondent and covers online privacy, intellectual property, open-source and online payment issues for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags securitylegalFacebookprivacy

Featured

Slideshows

Educating from the epicentre - Why distributors are the pulse checkers of the channel

Educating from the epicentre - Why distributors are the pulse checkers of the channel

​As the channel changes and industry voices deepen, the need for clarity and insight heightens. Market misconceptions talk of an “under pressure” distribution space, with competitors in that fateful “race for relevance” across New Zealand. Amidst the cliched assumptions however, distribution is once again showing its strength, as a force to be listened to, rather than questioned. Traditionally, the role was born out of a need for vendors and resellers to find one another, acting as a bridge between the testing lab and the marketplace. Yet despite new technologies and business approaches shaking the channel to its very core, distributors remain tied to the epicentre - providing the voice of reason amidst a seismic industry shift. In looking across both sides of the vendor and partner fences, the middle concept of the three-tier chain remains centrally placed to understand the metrics of two differing worlds, as the continual pulse checkers of the local channel. This exclusive Reseller News Roundtable, in association with Dicker Data and rhipe, examined the pivotal role of distribution in understanding the health of the channel, educating from the epicentre as the market transforms at a rapid rate.

Educating from the epicentre - Why distributors are the pulse checkers of the channel
Kiwi channel reunites as After Hours kicks off 2017

Kiwi channel reunites as After Hours kicks off 2017

After Hours made a welcome return to the channel social calendar last night, with a bumper crowd of distributors, vendors and resellers descending on The Jefferson in Auckland to kickstart 2017. Photos by Maria Stefina.

Kiwi channel reunites as After Hours kicks off 2017
Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Show Comments