Europe v Facebook: higher court to decide on giving data to spies
THE European Court of Justice will be asked to examine the law governing data protection, following a student's legal challenge over the mass transfer of data by Facebook to the US intelligence services.
Max Schrems, an Austrian postgraduate law student behind the "Europe v Facebook", campaign brought a High Court challenge claiming Ireland's Data Protection Commissioner Billy Hawkes wrongly interpreted and applied the law.
Mr Hawkes found Mr Schrems' complaint did not meet the threshold required to merit investigation, but Mr Schrems asked High Court judge Mr Justice Gerard Hogan to quash that decision and refer it back to Mr Hawkes.
He said the decision was irrational and also asked that a preliminary reference on the matter to be made to the ECJ.
Mr Hawkes, who found Facebook had acted within the terms of an EU-US data-sharing agreement in July 2000 called Safe Harbour, opposed the action. He found Facebook had no case to answer.
The court heard Mr Hawkes rejected suggestions that he was not prepared to take on big firms, arguing that he was investigating 22 other complaints from Mr Schrems, but this particular one did not warrant an investigation.
Yesterday, Mr Justice Hogan said he was referring the matter to the ECJ for re-evaluation given that "much has happened" since the Safe Harbour agreement. This included the enhanced threat to national and international security from rogue states, terrorist groups, organised crime and the advent of social media.
The main development, from a legal perspective, was the introduction of Article 8 of the Charter of Fundamental Rights of the European Union governing personal data, he said.
While Mr Schrems maintained Mr Hawkes had not adhered to the requirements of EU law by rejecting the complaint, the opposite was true, the judge said. Mr Hawkes had shown "scrupulous steadfastness" to a 1995 EU directive which gave rise to the Safe Harbour agreement, he said.
But Mr Schrems's objection was, in reality, to the terms of the Safe Harbour regime itself rather that to the manner in which Mr Hawkes had actually applied that regime, he said.
The judge mentioned that revelations by former NSA computer systems administrator Edward Snowden may be thought to have exposed "gaping holes" in contemporary US data protection practice.
According to newspaper reports, the judge also noted, the NSA and the FBI in America were using a programme named PRISM to tap directly into the central servers of nine leading US internet companies to track foreign targets.
The judge said Mr Schrems contended the Snowden revelations about PRISM showed there was no meaningful protection in US law or in practice regarding data transfer as far as surveillance is concerned.
Given the general novelty and importance of the issues raised it was appropriate that this question should be determined by the ECJ, he said.
Mr Schrems' case was adjourned until next month for papers of the referral to the ECJ to be prepared.