Sunday

28th Feb 2021

EU court to probe new Facebook data challenge

  • The EU's top court is set to revisit data transfers by Facebook to the United States (Photo: Eduardo Woo)

The High Court in Ireland wants the European Court of Justice to decide on a case that could have huge implications on Facebook data transfers from Europe to the United States.

On Tuesday (3 October), the court issued a 152-page judgment on Facebook's EU-US data transfers following revelations of US-led mass surveillance in 2013.

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

Max Schrems, an Austrian privacy campaigner who had initially challenged Facebook in light of the US surveillance, said in a statement that the internet giant "seems to have lost in every argument they were making."

The five-week hearing had scoured through some 45,000 pages of documents in a move that appears to suggest that the United States may be violating the fundamental rights of Europeans.

Mass indiscriminate processing of data

The Irish court in its judgment said that "it is clear that there is mass indiscriminate processing of data by the United States government agencies, whether this is described as mass or targeted surveillance."

It noted that the "case raises issues of very major, indeed fundamental, concern to millions of people within the European Union and beyond".

EU law requires that the personal data of Europeans is "adequately protected" whenever it is transferred outside the European Union.

But the US spy hub, the National Security Agency (NSA), has been sweeping up and processing the same data regardless of EU laws, according to disclosures by US intelligence contractor Edward Snowden. The revelations sparked outrage throughout Europe.

Facebook's international seat is in Dublin. The Irish-based headquarter deals with over 85 percent of global Facebook users, which is then sent to its parent company in the United States for processing.

Facebook and similar US tech giants have been forced into a legal dilemma - to either comply with NSA demands or follow EU laws. The data transfers are worth billions to the companies.

Safe Harbour vs Privacy Shield

The European Court of Justice in 2015 had already knocked down a EU-US data sharing pact known as Safe Harbour, due in part, to mass surveillance.

The scheme has since been replaced by Privacy Shield, which itself has come under intense scrutiny given the lack of US efforts to fully implement the self-certifying agreement.

Tuesday's judgment refers to so-called standard contractual clauses that also allow the data transfers to take place.

Facebook Ireland started using the clauses with its parent US-based Facebook Inc after Safe Harbour became invalid.

The clauses have a built-in emergency feature that allows local European data protection authorities to stop the data flows, should the personal data of Europeans be violated while in the United States and elsewhere.

Schrems had argued that the Irish Data protection authority at the time was duty bound to trigger the emergency clause, given the NSA revelations.

But Tuesday's judgment now questions the validity of the standard contractual clauses in general, which had been approved by the European Commission.

Ireland's data protection commissioner, Helen Dixon, had probed Schrems complaint in 2016 and found his arguments against his data being transferred to the US compelling.

But she then questioned the validity of standard contractual clauses themselves, going beyond Schrem's initial complaint.

Schrems said such clauses are valid as they allow data protection authorities to suspend individual problematic data flows.

"It is still unclear to me why the DPC [data protection commissioner] is taking the extreme position that the SCCs [standard contractual clauses,] should be invalidated Facebook across the board, when a targeted solution is available," he said.

The Luxembourg-based court is set to receive the exact questions from the Irish High Court to be probed at a later date.

US tests EU patience over Privacy Shield

The data sharing pact with the US is yet to be fully implemented, as the Americans have failed to appoint people in key positions to ensure EU citizens' personal data is protected.

Austrian privacy case against Facebook hits legal snag

Austrian privacy campaigner Max Schrems may sue Facebook Ireland in an Austrian court but won't be able to pursue a class action suit in Austria, according to a non-binding opinion by a top EU court advisor.

Column / Brussels Bytes

ECJ should rule against Austrian online censorship lawsuit

EU judges have an opportunity to make clear that no member state can decide what the rest of the world reads online, now that Austria's Supreme Court has referred the Glawischnig case to the European Court of Justice.

EU defends US data pact, as Facebook court case opens

An Austrian privacy campaigner vs Facebook over the future of data transfers to the US case opened at the European Court of Justice in Luxembourg on Tuesday. The European Commission, meanwhile, says the Privacy Shield pact is working fine.

News in Brief

  1. EU leaders restate defence 'autonomy' plan
  2. Rights group exposes Ethiopia massacre
  3. US carried out airstrikes against Iran-backed militia in Syria
  4. Malta closes investigation into journalist murder
  5. Dutch parliament calls China treatment of Uighurs genocide
  6. Spain fined €15m by ECJ over data failures
  7. Belarus: Anti-government protester jailed for 10 years
  8. German charged with spying for Russia in Bundestag

Feature

Covid-hit homeless find Xmas relief at Brussels food centre

The Kamiano food distribution centre in Brussels is expecting 20 people every half hour on Christmas Day. For many, Kamiano is also more than that - a support system for those made homeless or impoverished.

Top court finds Hungary and Poland broke EU rules

EU tribunal said Hungary's legislation made it "virtually impossible" to make an asylum application. Restricting access to international protection procedure is a violation of EU rules.

Stakeholders' Highlights

  1. Nordic Council of MinistersNordic Council to host EU webinars on energy, digitalisation and antibiotic resistance
  2. UNESDAEU Code of Conduct can showcase PPPs delivering healthier more sustainable society
  3. CESIKlaus Heeger and Romain Wolff re-elected Secretary General and President of independent trade unions in Europe (CESI)
  4. Nordic Council of MinistersWomen benefit in the digitalised labour market
  5. Nordic Council of MinistersReport: The prevalence of men who use internet forums characterised by misogyny
  6. Nordic Council of MinistersJoin the Nordic climate debate on 17 November!

Latest News

  1. Armenia 'coup' shows waning of EU star in South Caucasus
  2. 'Difficult weeks' ahead, as variants spread across EU
  3. EU top court advised to strike down Hungary's asylum policy
  4. Frontex chief: 'about time' MEPs probe his agency
  5. Is EU poised to solve child labour in 'green' batteries?
  6. The trap of spreading ideas while attacking them
  7. Who are the EU's new Russian deplorables?
  8. Afghan asylum family beaten in Greece, set adrift at sea

Join EUobserver

Support quality EU news

Join us