We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Max Schrems (file photo) PA
Max Schrems

Highest European court expected to rule on data privacy case today

The ruling on this case could have significant implications for how data is transferred between the EU and the US.

THE HIGHEST COURT in Europe is expected to rule today on whether or not European personal data is safe when transferred to the US. 

The ruling may have a significant impact on how companies handle personal data in the future. It was taken by Austrian privacy lawyer Max Schrems, who has taken a number of other cases related to data privacy.

The case was first brought to the Irish High Court after Schrems complained to the Irish Data Protection Commissioner about Facebook’s use of standard contractual clauses (SCC) to transfer personal data to the US. 

In 2017, Ireland’s Data Protection Commissioner (DPC) asked the High Court to refer the mechanisms used to transfer data between the EU and the US to the European Court of Justice, saying that such issues cannot be decided at national level.

The High Court referred questions to the Court of Justice of the European Union (CJEU), where the judgement is expected later today.

In 2018, the High Court set out a number of questions which the CJEU will have to answer regarding the validity of data channels between the US and the EU.

This was appealed by Facebook to the Supreme Court, but the appeal was rejected in 2019. Today, the CJEU is expected to respond to the 11 questions which were submitted by the High Court. 

The questions are regarding the validity of data channels between the US and the EU, including the Privacy Shield, which is a US-EU data sharing deal.

The Privacy Shield was designed by the US Department of Commerce and the European Commission to provide companies on both sides of the Atlantic with a “mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce”, according to the US government.

According to Schrems’ organisation None Of Your Business (NYOB), the main concern in the case is about the unnecessary outsourcing of data processing to the US. 

The landmark case by Schrems will have serious repercussions for personal privacy policies and trans-Atlantic business. 

In a previous statement about the case, a spokesperson for Facebook said the company is awaiting the ruling of the CJEU and defended the use of SCCs.

We are grateful for the consideration of the Irish Court and look ahead to the Court of Justice of the European Union to now decide on these complex questions. Standard Contract Clauses provide important safeguards to ensure that Europeans’ data are protected once transferred overseas.

“SCCs have been designed and endorsed by the European Commission and are used by thousands of companies across Europe to do business.”

Schrems brought a previous case in 2015 which dealt with the EU-US data-sharing agreement “safe harbour”. That case reached the CJEU and “safe harbour” was found to be invalid.

- Additional reporting © – AFP, 2018 

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.