US government seeks to intervene in Irish data protection case

Max Schrems
Max Schrems, Europe-v-Facebook, outside the office of the Data Protection Commissioner in Portarlington, Co Laois. Image: Europe-v-Facebook



Read More:

14 June 2016 | 0

The US government wants to intervene in an Irish court case that has already disrupted the transatlantic flow of European Union citizens’ personal information on which many businesses rely.

And one of the parties to that case, Austrian Facebook user Max Schrems (pictured), is looking forward to the opportunity to have US authorities questioned under oath on a matter that could determine the future of European privacy law.

The US government, the American Chamber of Commerce and an international software alliance told the High Court on Monday that they want to be added to the case as ‘amicus curiae’ (friends of the court).

“The court adjourned the matter for two weeks to allow them each file a motion in this regard,” a court spokesman said.

Schrems took the Irish data protection commissioner (DPC) to court because he was unsatisfied with its handling of a complaint he made about Facebook Ireland transferring his personal information to the US for processing, something he felt was in breach of EU data protection law.

That law says that such processing may only be performed in countries providing a level of privacy protection equivalent to that required within the EU, but Schrems said that, in the light of Edward Snowden’s revelations about US intelligence operations, the US did not meet EU privacy standards.

However, the European Commission ruled in July 2000 that the Safe Harbour Agreement between the EU and the US did meet those standards.

To find out whether the DPC could challenge the Commission’s decision, the High Court referred a question the Court of Justice of the European Union – which in October 2015 ruled not only that the DPC should investigate Schrems’ complaint, but also that the Safe Harbour Agreement was inadequate.

That decision prompted thousands of businesses to look for alternative legal mechanisms such as model contract clauses or binding corporate rules to legitimise their transatlantic data transfers while EU and US officials worked out a replacement for Safe Harbour.

The details of the replacement, Privacy Shield, are still being negotiated, making the alternative mechanisms essential to many companies’ activities

Last month, though, the High Court was asked by the DPC to refer another question to the CJEU, this time regarding the legality of model contract clauses.

If they too are ruled inadequate, then many US businesses would suffer, perhaps explaining the US government’s interest in giving the court its views.

Schrems said he welcomed the US government’s request to intervene, because unlike in the negotiations over Privacy Shield, a US representative to the Irish court will not be protected by US laws on confidentiality.

“This is a huge chance to finally get solid answers in a public procedure,” he said in a post on the Europe-v-Facebook website. “I am very much looking forward to raising all the uncomfortable questions on US surveillance programs in this procedure. It will be very interesting how the US government will react to the clear evidence already before the court.”

IDG News Service

For more on data protection in Ireland listen to this week’s TechRadio podcast.

Read More:

Leave a Reply

Back to Top ↑