New data law doubts threaten Facebook and Google firms in Ireland
Irish-based multinational tech firms such as Facebook and Google face new legal trouble as the Irish Data Protection Commissioner says she thinks that key rules they rely on may not be in compliance with European law.
Helen Dixon said today that her office now has doubts over the legality of so-called “model contract clauses”, data transfer instruments relied upon by many businesses in their transactions with US firms.
Ms Dixon, who is the primary European data regulator of the world’s biggest social media and online firms, said that she will now refer the question to the High Court and the European Court of Justice.
If the ECJ strikes model contract clauses down, as many observers expect it will, it leaves thousands of European companies in a new limbo over their data transfers to the US. Earlier this year, US multinational companies in Ireland warned that a failure to solve the issue would threaten jobs in Ireland.
Last year, the ECJ struck down the ‘Safe Harbour’ treaty between the EU and US, on the grounds that it was insufficient to protect the data privacy of EU citizens. The court said that revelations by the US whistleblower Edward Snowden demonstrated that US authorities are indiscriminately snooping on European citizens’ personal communications.
The case came about on foot of a complaint made by Austrian student Max Schrems, who argued that Facebook’s transfer of data from the EU to the US fell foul of European privacy law.
“We continue to thoroughly and diligently investigate Mr Schrems’ complaint to ensure the adequate protection of personal data,” Ms Dixon said in a statement. “We yesterday informed Mr Schrems and Facebook of our intention to seek declaratory relief in the Irish High Court and a referral to the CJEU to determine the legal status of data transfers under Standard Contractual Clauses. We will update all relevant parties as our investigation continues.”
Earlier this year, EU authorities announced a proposed successor to the ‘Safe Harbour’ agreement. The European Commision said that the new ‘Privacy Shield’, provided for more transparency and oversight for Europeans and would give “certainty” to businesses here that transatlantic data flows would not fall foul of EU law.
Under the new deal, an “independent” ombudsman would be set up to deal with cases of suspected abuse by US authorities.
“This protects the fundamental human rights of Europeans and… lives up to the [principles set by the] European Court of Justice,” said Vera Jourova, the European Union’s Commissioner for Justice, Consumers and Gender Equality, in February.
“It will provide a strong and safe framework for the future of transatlantic data flows.”