We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Europe vs Facebook

This man's privacy case against Facebook could be a 'near-disaster' for tech companies

It follows allegations about Facebook’s collaboration in US government spying.

Europe Students vs Facebook Privacy activist Max Schrems AP Photo / Ronald Zak AP Photo / Ronald Zak / Ronald Zak

A CASE INVOLVING social media giant Facebook and Ireland’s privacy watchdog could dramatically change European digital-privacy laws for decades to come.

But a ruling from the European Court of Justice (ECJ) forcing a change in a 15-year-old agreement on data sharing between the EU and the US could also be a ”near-disaster” for major technology companies with significant operations in Ireland.

The court is today hearing a case Austrian digital privacy activist Max Schrems brought against Ireland’s Data Protection Commissioner over rules for Facebook’s local arm.

The High Court referred the proceedings to the ECJ after Schrems, who had been a Facebook user since 2008 and is part of the group Europe vs Facebook, complained to the commissioner that the social media giant had breached EU data-protection laws.

European Facebook users agree terms with the company’s Irish entity when they sign up for the social network.

But Schrems, who has been tweeting the court proceedings today, claimed users were given no meaningful protection from government spying under these agreements.

US spying allegations

The move followed revelations from whistleblower Edward Snowden that the site, and others, were passing on users’ information to the US government’s National Security Agency (NSA).

The Irish privacy watchdog rejected Schrems’ call that it investigate Facebook over the company’s alleged involvement with the NSA’s PRISM surveillance operation on the grounds of EU “safe harbour” rules.

Under regulations first introduced in 2000, US companies are allowed to process European users’ data in their home country as long as they agree to comply with EU data-protection standards.

This potentially leaves those users’ private information exposed to surveillance from the US government and its agencies.

The case has wide implications for how tech companies do business in Europe, with the potential to force many with firms with significant operations in Ireland, including Apple, Google, Twitter and Yahoo, to completely overhaul their data-processing networks.

If the ECJ rules in Schrems’ favour, these firms could be obliged to carry out more of those operations in Europe under much stricter standards.

Snowden Speaks Edward Snowden appears at an event earlier this year via video feed AP Photo / Marco Garcia AP Photo / Marco Garcia / Marco Garcia

A ‘landmark decision’

Digital Rights Ireland chairman TJ McIntyre told the case would likely be a “landmark decision” which, along with several other recent proceedings, would “shape the fundamentals of privacy law in Europe for decades to come”.

Last year the ECJ ruled EU citizens had the “right to be forgotten” after a Spanish man brought a case against Google over his name appearing in certain search results.

It also threw out the EU’s data retention directive after a challenge over its breadth from Digital Rights Ireland and others. That ruling opened the door for the groups to appeal to the High Court for Irish data-retention rules to be rewritten.

Government Committee On Social Media. Fergal Cregan (left) and TJ McIntyre from Digital Rights Ireland Sam Boal / Photocall Ireland Sam Boal / Photocall Ireland / Photocall Ireland

In a blog post last year, US academic Henry Farrell said tech companies had so far chosen to set up in Ireland for tax reasons and “because they see Irish privacy officials as more flexible than their mainland European counterparts”.

He said if the ECJ ruled safe harbour invalid it would be a “potential near-disaster” for US firms like Facebook, Google and Microsoft – all of which relied on Europeans’ personal data.

The death of safe harbor would mean that they were not able to legally export personal data, potentially crippling their business model,” he said.

A new deal

The US and Europe would need to thrash out a new privacy deal to replace the old framework, but that would have to take place in the context of a binding ECJ ruling. No decision is expected until late this year.

However in a recent filing, Twitter warned about the problems it faced if the safe harbour scheme was revoked.

(This) could require us to create duplicative, and potentially expensive, information technology infrastructure and business operations in Europe or limit our ability to collect and use personal information collected in Europe,” it said.

In the High Court’s decision last year which referred the case to the ECJ, Justice Gerard Hogan said the Irish privacy watchdog had made the right decision, based on the safe harbour regime.

However he noted these rules were made before the September 11 terrorist attacks and they may be the relic of a “more innocent age”.

READ: Facebook’s new idea could replace your standard phone app >

READ: Twitter has banned revenge porn and doxxing >

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Your Voice
Readers Comments
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.