In late 2012, Max Schrems, a privacy advocate and member of the Europe v Facebook group requested that the Irish Data Protection Commissioner investigate the alleged sharing of European Facebook users’ information with the United States National Security Agency (NSA), in the light of the Snowden revelations.
These revelations suggest that Facebook and the US government had violated the Safe Harbour arrangement, which aimed at guaranteeing the privacy of EU citizens and regulates the transfer of personal data from the European Union to the United States. When the Irish Data Protection Commissioner refused to investigate the case, Schrems appealed to the Irish High Court. The Court’s decision centred around whether the European Commission’s decision on Safe Harbour in 2000 was binding and therefore not subject to investigation by the Irish Data Protection Commissioner.
The Schrems case, to which EDRi-member Digital Rights Ireland is attached as an amicus curiae, will have a hearing at the Court of Justice of the European Union (CJEU) on 24 March.
Eu Observer reports that MEP German Cornelia Ernst along with Dutch liberal Sophie In't Veld voted to suspend the so-called in-camera session on Safe Harbour. In-camera sessions are not open to the public. It also means MEPs are under threat of sanctions should they discuss the issue outside the room.
Safe Harbour is enforced by the US Federal Trade Commission and is supposed to ensure US firms follow EU data protection laws when processing the personal data of EU citizens. Last November, the former EU justice commissioner Viviane Reding published 13 recommendations that the Americans needed to implement in order to keep the agreement viable. The commission official, invited to update the MEPs on the negotiations, revealed that Washington has an issue with three of the 13 recommendations.
The European Commission is working with the United States on the final details of the Safe Harbour agreement which was put up for renegotiation after the exposed U.S. mass surveillance practices. Under the new deal, U.S. registered companies will face stricter rules when transferring data to third parties.
Brussels has demanded guarantees from the United States that the collection of EU citizens' data for national security purposes would be limited to what is necessary and proportionate. The new deal would allow both sides to monitor the functioning of Safe Harbour, including how the limitations on U.S. authorities' access to the data are being applied.
U.S. President Barack Obama in June signed a bill reforming a government surveillance program. He also plans to extend certain protections enjoyed by U.S. citizens to foreigners.
The case stems from a complaint filed by 27-year-old Austrian law student Max Schrems against Facebook with the Irish data protection commissioner, who monitors compliance with privacy laws. Schrems argued the company helped the NSA harvest email and other private data from European citizens by forwarding data to servers in the United States and asked the Irish watchdog to investigate whether the United States was providing adequate data protection. The Irish regulator rejected the request on the grounds that it was bound by the EU Safe Harbour agreement of 2000 which allows companies to transfer EU citizens' data to the United States because it is held to have sufficient privacy safeguards in place.
The European Court of Justice Advocate General Yves Bot will deliver his opinion in Luxembourg on Wednesday at around 9:30 CET. While the court's judges are not bound by the opinion, they follow it in most cases.
Negotiators in the European Union and the United States have agreed on a stop-gap measure to allow companies to transfer private data overseas. But the “EU-US Privacy Shield” is not likely to withstand legal challenge. To protect privacy, we need reform, not rebranding.
The Article 29 Working Party, the body made up of representatives of individual European Member States’ data protection authorities (DPAs), has said today that it will not be taking enforcement action against companies that are using alternative transfer mechanisms in the wake of last year’s Safe Harbor strikedown.