Facebook loses ECJ referral appeal

Europe-v-Facebook founder Max Schrems. Image: Europe-v-Facebook
Max Schrems. Image: Europe-v-Facebook

Court passes privacy case to Europe for July hearing



Read More:

31 May 2019 | 0

Facebook will be going to the European Court of Justice in July to argue its case over its data processing practices following a ruling by the Supreme Court in Dublin today.

The decision, based on a case brought by Austrian privacy activist Max Schrems, could have wideranging effects on the agreement in place between the EU and US on how data is stored and processed.

The existing arrangement, Privacy Shield, states that EU citizens can expect their data to be treated with the same sensitivity in the US as in the EU under the current general data protection regulation.




Privacy Shield is the successor to Safe Harbour, an agreement made between the EU and US in 2000, however concerns about its validity were raised following the discovery of a programme of surveillance by American law enforcement body, the National Security Agency.

Schrems argued that the presence of such a programme meant he had no idea if his data was being processed for use by a foreign government when he had an expectation of protection from such scrutiny under Privacy Shield. While he coulid not argue that his data specifically had been compromise, his case rested on the legal validity of Privacy Shield if it fails to provide what the court caled an “adequate level of protection”.

At issue today was the ability of the High Court to refer Schrems’ case to the ECJ in a case brought by the Data Protection Commissioner, Helen Dixon.

If the ECJ rules against Facebook it could have far reaching consequences for companies processing EU citizens’ data outside the US. This could range from how people have advertising targeted at them through Internet search or social network posts right down to how companies’ HR departments handle employee records or payroll.

Should this happen then the US may be forced into adopting measures akin to GDPR to preserve transatlantic business ties.

A number of US states have already implemented measures surrounding the notification of data breaches, the definition of personal data, and requirements for data processing between states.

For more on how companies are handling and processing personal data listen to Max Schrems on this episode of TechRadio.

TechCentral Reporters

Read More:

Comments are closed.

Back to Top ↑