Data watchdog and privacy activist take on Facebook in landmark case
A landmark European privacy law case involving the Irish Data Protection Commission (DPC) chief and Facebook is set to affect hundreds of thousands of European and US companies.
Facebook will face Austrian privacy activist Max Schrems tomorrow at Europe's top court in a landmark case that could decide how firms transfer personal data worldwide.
Please log in or register with Independent.ie for free access to this article.
It will also potentially have a major impact on Europeans' privacy rights.
The case arose from a High Court referral on the issue of legal "standard contractual clauses" used by Facebook and other companies to transfer personal data to the United States and other parts of the world, and whether these violate Europeans' fundamental right to privacy.
Cross-border data transfers worth billions of euro are a fact of life for businesses ranging from banks to carmakers and industrial giants.
But an Irish High Court case taken by Mr Schrems, an Austrian law student who says Facebook's data practices go against European law, could change how business is conducted. Mr Schrems successfully fought against the EU's previous privacy rules, called Safe Harbour, in 2015.
He is now challenging Facebook's use of such standard clauses on the grounds that they do not offer sufficient data protection safeguards.
Facebook's lead regulator in the EU is the Irish DPC, which is led by Commissioner Helen Dixon.
Ms Dixon took the case to the High Court in Ireland, which subsequently sought guidance from the Luxembourg-based Court of Justice of the European Union (ECJ).
An appeal from Facebook was rejected by the Irish Supreme Court.
The court ruling will have a global impact, said Tanguy Van Overstraeten, global head of data protection at law firm Linklaters.
"The whole data transfer system would be impacted and could impact the global economy," he said.
"There are alternatives to the standard clauses, including the derogations set out in the GDPR, such as consent, contractual necessity and others, but they are strictly interpreted and difficult to apply in practice."
Mr Van Overstraeten said that hundreds of thousands of companies would be hit if the ECJ rules against the clauses, compared with some 4,500 companies affected when Safe Harbour was struck down.
Safe Harbour was replaced in 2016 by the EU-US Privacy Shield, which was designed to protect Europeans' personal data being transferred across the Atlantic for commercial use.
Data privacy has become a major concern since revelations in 2013 by former US intelligence contractor Edward Snowden of mass US surveillance, which triggered outrage among politicians in Europe.
The EU adopted stricter GDPR data laws last year. (Additional reporting Reuters)