THE HIGHEST COURT in Europe is expected to rule today on whether or not European personal data is safe when transferred to the US.
The ruling may have a significant impact on how companies handle personal data in the future. It was taken by Austrian privacy lawyer Max Schrems, who has taken a number of other cases related to data privacy.
The case was first brought to the Irish High Court after Schrems complained to the Irish Data Protection Commissioner about Facebook’s use of standard contractual clauses (SCC) to transfer personal data to the US.
In 2017, Ireland’s Data Protection Commissioner (DPC) asked the High Court to refer the mechanisms used to transfer data between the EU and the US to the European Court of Justice, saying that such issues cannot be decided at national level.
The High Court referred questions to the Court of Justice of the European Union (CJEU), where the judgement is expected later today.
In 2018, the High Court set out a number of questions which the CJEU will have to answer regarding the validity of data channels between the US and the EU.
This was appealed by Facebook to the Supreme Court, but the appeal was rejected in 2019. Today, the CJEU is expected to respond to the 11 questions which were submitted by the High Court.
The questions are regarding the validity of data channels between the US and the EU, including the Privacy Shield, which is a US-EU data sharing deal.
The Privacy Shield was designed by the US Department of Commerce and the European Commission to provide companies on both sides of the Atlantic with a “mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce”, according to the US government.
According to Schrems’ organisation None Of Your Business (NYOB), the main concern in the case is about the unnecessary outsourcing of data processing to the US.
The landmark case by Schrems will have serious repercussions for personal privacy policies and trans-Atlantic business.
In a previous statement about the case, a spokesperson for Facebook said the company is awaiting the ruling of the CJEU and defended the use of SCCs.
We are grateful for the consideration of the Irish Court and look ahead to the Court of Justice of the European Union to now decide on these complex questions. Standard Contract Clauses provide important safeguards to ensure that Europeans’ data are protected once transferred overseas.
“SCCs have been designed and endorsed by the European Commission and are used by thousands of companies across Europe to do business.”
Schrems brought a previous case in 2015 which dealt with the EU-US data-sharing agreement “safe harbour”. That case reached the CJEU and “safe harbour” was found to be invalid.
- Additional reporting © – AFP, 2018
To embed this post, copy the code below on your site
have your say