Ireland asks Europe’s top court to rule on EU-U.S. data transfers

This post was originally published on this site

DUBLIN (Reuters) – Ireland’s High Court on Tuesday said it would ask the EU’s top court to decide whether to ban the way in which Internet firms such as Facebook (FB.O) transfer users’ data to the United States in a case with major implications for companies.

This case is the latest to question whether methods used by large tech firms such as Google (GOOGL.O) and Apple (AAPL.O) to transfer data outside the 28-nation European Union give EU consumers sufficient protection from U.S. surveillance.

Data privacy is under the spotlight after revelations in 2013 by former U.S. intelligence contractor Edward Snowden of mass U.S. surveillance caused political outrage in Europe.

Irish High Court Judge Caroline Costello said she had decided to ask the European Court of Justice for a preliminary ruling in the case.

“European Union law guarantees a high level of protection to EU citizens … they are entitled to an equivalent high level of protection when their data is transferred outside of the European Economic Area,” she said.

The Irish Data Protection Commissioner’s office initially became involved after Austrian law student and privacy activist Max Schrems made a complaint in Dublin about Facebook’s handling of his data in the United States.

The judge said the Irish Data Protection Commissioner “has raised well-founded concerns that there is an absence of an effective remedy in U.S. law compatible with the requirements of Article 47 of the Charter (of Fundamental Rights).”

She said that a newly created U.S. ombudsperson dealing with Europeans’ complaints about U.S. surveillance did not eliminate those concerns.

Costello also said she was not delivering any value judgement on the data protection laws in the EU or United States.

A Facebook spokeswoman said it was essential the EU court “considers the extensive evidence demonstrating the robust protections in place under Standard Contractual Clauses and U.S. law, before it makes any decision that may endanger the transfer of data across the Atlantic and around the globe.”

The company has previously said the case could lead to a breakdown in transatlantic data transfers that could knock EU economic output by up to 1.3 percent.

A ruling by the European Court of Justice (ECJ) against the common legal arrangements used by thousands of firms to transfer personal data outside the EU could cause major headaches for companies that make such transfers daily. These transfers include credit card transactions, hotel bookings or moving employee data between countries.

Schrems, speaking to reporters outside the court, said he hoped the ECJ would force the EU and the United States to finally deal with the gap between the privacy rights of Facebook users in Europe and those that apply to its servers in California.

“I hope we will get a decision that ends this ping-pong and stops kicking the can down the road,” he said.

Schrems also said he did not expect the legal arrangements – known as standard contractual clauses – to be banned by the EU court.