This site uses cookies to improve your experience and to provide services and advertising. By continuing to browse, you agree to the use of cookies described in our Cookies Policy. You may change your settings at any time but this may impact on the functionality of the site. To learn more see our Cookies Policy.
OK
Dublin: 9 °C Sunday 20 October, 2019
Advertisement

This man's privacy case against Facebook could be a 'near-disaster' for tech companies

It follows allegations about Facebook’s collaboration in US government spying.

Europe Students vs Facebook Privacy activist Max Schrems Source: AP Photo/Ronald Zak

A CASE INVOLVING social media giant Facebook and Ireland’s privacy watchdog could dramatically change European digital-privacy laws for decades to come.

But a ruling from the European Court of Justice (ECJ) forcing a change in a 15-year-old agreement on data sharing between the EU and the US could also be a ”near-disaster” for major technology companies with significant operations in Ireland.

The court is today hearing a case Austrian digital privacy activist Max Schrems brought against Ireland’s Data Protection Commissioner over rules for Facebook’s local arm.

The High Court referred the proceedings to the ECJ after Schrems, who had been a Facebook user since 2008 and is part of the group Europe vs Facebook, complained to the commissioner that the social media giant had breached EU data-protection laws.

European Facebook users agree terms with the company’s Irish entity when they sign up for the social network.

But Schrems, who has been tweeting the court proceedings today, claimed users were given no meaningful protection from government spying under these agreements.

US spying allegations

The move followed revelations from whistleblower Edward Snowden that the site, and others, were passing on users’ information to the US government’s National Security Agency (NSA).

The Irish privacy watchdog rejected Schrems’ call that it investigate Facebook over the company’s alleged involvement with the NSA’s PRISM surveillance operation on the grounds of EU “safe harbour” rules.

Under regulations first introduced in 2000, US companies are allowed to process European users’ data in their home country as long as they agree to comply with EU data-protection standards.

This potentially leaves those users’ private information exposed to surveillance from the US government and its agencies.

The case has wide implications for how tech companies do business in Europe, with the potential to force many with firms with significant operations in Ireland, including Apple, Google, Twitter and Yahoo, to completely overhaul their data-processing networks.

If the ECJ rules in Schrems’ favour, these firms could be obliged to carry out more of those operations in Europe under much stricter standards.

Snowden Speaks Edward Snowden appears at an event earlier this year via video feed Source: AP Photo/Marco Garcia

A ‘landmark decision’

Digital Rights Ireland chairman TJ McIntyre told TheJournal.ie the case would likely be a “landmark decision” which, along with several other recent proceedings, would “shape the fundamentals of privacy law in Europe for decades to come”.

Last year the ECJ ruled EU citizens had the “right to be forgotten” after a Spanish man brought a case against Google over his name appearing in certain search results.

It also threw out the EU’s data retention directive after a challenge over its breadth from Digital Rights Ireland and others. That ruling opened the door for the groups to appeal to the High Court for Irish data-retention rules to be rewritten.

Government Committee On Social Media. Fergal Cregan (left) and TJ McIntyre from Digital Rights Ireland Source: Sam Boal/Photocall Ireland

In a blog post last year, US academic Henry Farrell said tech companies had so far chosen to set up in Ireland for tax reasons and “because they see Irish privacy officials as more flexible than their mainland European counterparts”.

He said if the ECJ ruled safe harbour invalid it would be a “potential near-disaster” for US firms like Facebook, Google and Microsoft – all of which relied on Europeans’ personal data.

The death of safe harbor would mean that they were not able to legally export personal data, potentially crippling their business model,” he said.

A new deal

The US and Europe would need to thrash out a new privacy deal to replace the old framework, but that would have to take place in the context of a binding ECJ ruling. No decision is expected until late this year.

However in a recent filing, Twitter warned about the problems it faced if the safe harbour scheme was revoked.

(This) could require us to create duplicative, and potentially expensive, information technology infrastructure and business operations in Europe or limit our ability to collect and use personal information collected in Europe,” it said.

In the High Court’s decision last year which referred the case to the ECJ, Justice Gerard Hogan said the Irish privacy watchdog had made the right decision, based on the safe harbour regime.

However he noted these rules were made before the September 11 terrorist attacks and they may be the relic of a “more innocent age”.

READ: Facebook’s new idea could replace your standard phone app >

READ: Twitter has banned revenge porn and doxxing >

  • Share on Facebook
  • Email this article
  •  

About the author:

Peter Bodkin  / Editor, Fora

Read next:

COMMENTS (34)