Share

Top European Union court backs student in Facebook privacy case

As Facebook has its European headquarters in Ireland, he filed his complaint to the Irish Data Protection Commissioner. He alleged that Facebook’s Irish unit illegally handed over data to USA spies.

Advertisement

The case eventually wound its way up to the Luxembourg-based ECJ, which was asked to rule on whether national data privacy watchdogs could unilaterally suspend the Safe Harbor framework if they had concerns about USA privacy safeguards.

The court declared invalid a 2000 deal that allowed Facebook and other tech firms to transfer users’ data in huge quantities to their servers in the USA, because it was considered safe.

“This judgment draws a clear line”. Reasonable legal redress must be possible.

Schrems called the decision “a major blow for USA global surveillance that heavily relies on private partners”. “The judgement makes it clear that USA businesses can not simply aid US espionage efforts in violation of European fundamental rights”.

“Likewise, the court observes that legislation not providing for any possibility for an individual to pursue legal remedies in order to have access to personal data relating to him, or to obtain the rectification or erasure of such data, compromises the essence of the fundamental right to effective judicial protection, the existence of such a possibility being inherent in the existence of the rule of law”.

Without Safe Harbour, such transfers would be forbidden, or only allowed via costlier and more time-consuming means, under European Union laws that prohibit data-sharing with countries deemed to have lower privacy standards, of which the U.S. is one. Despite a few alarmist comments I don’t think that we will see mayor disruptions in practice.

Yves Bot, an advocate general at the court, had said the agreement should be ditched because “mass, indiscriminate surveillance” by the USA suggests that, when Europeans’ data flows there, it isn’t sufficiently protected.

“It does not involve “mass” and “unrestricted” collection of data”, Litt wrote in the Financial Times, referring to the programme whose existence was leaked in 2013 by former National Security Agency contractor Edward Snowden.

Advertisement

Writing in an article in the FT only yesterday, Litt argued that the NSA’s Prism data harvesting program “does not give the USA “unrestricted access” to data”, claiming: “Rather, the United States may obtain communications only relating to specific identifiers, such as an email address or telephone number; only if the U.S. believes those identifiers are being used to communicate foreign intelligence information; and only with the legally compelled assistance of communications service providers under the supervision of an independent court”.

EU-US Safe Harbor program and the Court of Justice of the EU's decision