Ruadhán Mac Cormaic reports:
The High Court has referred questions raised by a case taken by an Austrian privacy activist over the alleged mass transfer of personal data to US intelligence services to the European Court of Justice.
Privacy campaigner Max Schrems had argued that the Data Protection Commissioner, Billy Hawkes, wrongly refused to investigate whistleblower Edward Snowden’s claims that Dublin-based Facebook International had passed on its EU users’ data to the US National Security Agency as part of its Prism surveillance programme.
While the judge did not find in Mr Schrems’s favour today, he adjourned the case pending a reference to the European court.
Read more on Irish Times.
Loek Essers has additional helpful coverage on Computerworld on the Safe Harbor aspects;
European laws prohibit the transfer of personal data to non-EU countries that do not meet the EU’s standards for data protection. The EU and the U.S. together developed the “safe harbor” framework under which U.S. firms can undertake to provide protection for data on EU citizens as strong as that required by EU legislation. For example, companies must show that they prevent penetration of their networks.
Not satisfied with the DPC’s response, Europe-v-Facebook asked the Irish High Court to review and reverse the DPC’s refusal.
The Irish High Court however referred the case to the Court of Justice of the European Union (CJEU), Europe-v-Facebook said Tuesday, calling the decision a “very unexpected, but great turn,” adding that this means that Europe’s top court is going to review the safe harbor agreements.
It asked the CJEU whether a data protection authority such as the DPC is absolutely bound by a European Commission decision from 2000. In that decision the Commission said that personal data transferred to a third country such as the U.S. is considered adequately protected if the companies that process the data adhere to safe harbor principles.
Read more on Computerworld.